Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I have a requirement that I logically think can be met using ACS but I'm struggling to get it actually configured.I have an existing wired 802.1x setup using PEAP-MSCHAPv2 against our ACS (recently updated to 5.8) which works fine. A new requireme...
Hi,I am trying to use VACLs with MAC access-lists to restrict IP traffic. My test box is a 3750-E and after much frustration I found the following in the documentation:All non-IP protocols are access-controlled through MAC addresses and Ethertype usi...
Hi,Can someone answer this basic question? I cant seem to find that much documentation on the inline modules.Can you confirm whether or not devices can see each other on layer 2 across the two groups of an inline WAAS Ethernet module? i.e., if I have...
Thanks. What I'm trying to do is make a decision at the ACS layer.If the incoming request is mschapv2, authenticate internally.If the incoming request is eap-tls, send it to an ISE to authenticate.Cisco SE pointed me towards using ISE as a radius pro...
Hi,thanks for the response.If i define the ISE as an external Radius proxy service, i dont seem to have the usual options (or any options). I can choose what external proxy to point it at, and i can inject or strip Radius attributes. I dont have the ...
Thanks. I was given the link i needed for the 6500 and it seems its the same - cannot filter normal IP traffic using a MAC access-lists, only the other ethertypes or malformed IP packets:http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/1...
If you want to do it that way you could track a route on the MPLS router to that next hop - basically ping 10.x.x.12 and if it doesnt respond remove the route from the routing table and use the backup route to the ASA:so rtr 1 type echo protocol ipIc...
1. Yes, its possible, but if you mean can you make it so that the tunnel only activates when the MPLS fails then I wouldn't recommend that. You are better going with both MPLS and tunnels up at the same time, which leads to…2. Yes, they can both be...
