About hwon

hwon · 08-04-2005

We've upgraded to CatOS 8.4 to get ssh few month ago. I haven't noticed until now that there is a 'set port description' command. It still has 'set port name' command to name the ports, but not sure what 'set port description' command does. Looked fo...

hwon · 03-24-2005

We have a test 802.1x setup for wired network using IAS and Cat3550. We are using PEAP and assign different VLAN for machine account and user account via radius server and we are having issues with VLAN switching between the two accounts. The correct...

hwon · 02-22-2005

Hi, I was wondering if someone got CSS1150X with SSL accelerator working with wildcard SSL certificate. We have 10+ sites we would like to enable SSL and figured wildcard certificates are way to go based on the cost. Specially, since most of the wild...

hwon · 01-27-2005

We use ACS and RSA to control access for RAS, VPN, and network devices. However, for ACS management login http://acsserver:2002, we use login defined in ACS administration panel. Is there anyway to login to ACS management web using external authentic...

hwon · 02-04-2004

Two quick question:1. Can C6500 Sup2 without MSFC run in native mode?2. In IOS image what is the difference between Enterprise and IP image in C6500 context?Thanks in advance.

hwon · 08-04-2005

I believe DMZ3 could be a place for the Remote Access VPN, as long as DMZ3 is dedicated solely for Remote Access. With your IPS setup based on the new diagram should let you monitor traffic for both PIX units. But again, with no redundancy. We had a ...

hwon · 08-04-2005

By the way, you can make remote desktop working using 3rd party 802.1x supplicant, such as Meetinghouse Aegis client.

hwon · 08-02-2005

That design would introduce single point of failure because of the inline IPS serving both PIX. You can still pass traffic when analysis engine dies by setting the bypass mode to auto, however, if the physical unit itself has problems you won't be ab...

hwon · 07-28-2005

We had same issue with FTP auto update. Tried SCP and worked like a charm. If you can't find a SCP server to host updates, try using non-anonymous FTP account instead.

hwon · 07-28-2005

You can restart the service via following command logged on as service:Turn the services off[root@ips50 sbin]# cd /etc/init.d[root@ips50 init.d]# ./cids stopTurn the services back on[root@ips50 sbin]# cd /etc/init.d[root@ips50 init.d]# ./cids startYo...

Member Since	‎02-28-2003 04:01 PM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	22
Total Helpful Votes Received	5

User Statistics

User Activity

'set port description' command in CatOS 8.4

forced reauthentication following user change on 802.1x

Wildcard SSL certificates

ACS Web interface login

Requirements to run C6500 in native mode

Re: Would it be possible to use an IPS 4255 in this topology?

Re: Wired 802.1x re-authentication passes but no connectivity af

Re: Would it be possible to use an IPS 4255 in this topology?

Re: IDS sensor Automatic Update

Re: Error connecting through IPS Device Manager