Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have come across a situation where we need a clarification of AAA behavior. I found the following excerpt at URL - http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt1/scaaa.htmNote A FAIL response is significantly...
What is the rationale for the following guidelines from the SAFE architecture? (What are the security risks associated with them, and how does this configuration impede those risks?)no ip domain-lookupno cdp runno ip source-routeaaa authentication l...
permit 0.0.0.0 has no mask, so it permits just that: 0.0.0.0 (0.0.0.0 to 0.0.0.0 is the range)(permit 0.0.0.0 is equivalent to permit 0.0.0.0 0.0.0.0 - all bits must match to pass.)Note that you would only use 0.0.0.0 for filtering routes, not traff...
Hello, Chris.First, your access lists are not causing you a problem. You are blocking some ICMP types, but the ones you are working with, ping and traceroute, seem to be allowed. I am a little confused about your last message. It sounds like dynam...
Well my stab in the dark missed, and there is still a lot of darkness hanging over your problem. As I said before, it might certainly lighten up the issue if you provided the sterilized config.But, until then, let's see if these night-vision goggles...
Seeing your NAT configuration might be helpful. Since you presented this as a group of addresses, I am, at great risk, going to *assume* that you are using a pool of addresses with dynamic nat.If you have a ping packet coming in on the nat outside ...
Maybe it would be better to manage these issues one at a time with more specific questions. We all know that no ip domain-lookup saves us some misery when we fat-finger a command. But since it is a SAFE guideline, I would assume that having domain-...