I am trying to apply an ACL that functions as a 'blacklist' as oppsed to a 'whitelist'. The intenet is to block specific IPs from accessing an entire VLAN.This is a temporary solution until I can place a proper firewall between these segments. after ...
Hello,I have some questions on implementing ACLs.(I've only really used them for restricting access to VTY and this has never come up) So the scenario is I've been asked to restrict access to some managment interfaces to only a few managment workstat...
a few questions related to Radius authentication...
first, on NXOS
How do I specify the order for authentication
On my nexus3000 config I have:
aaa authentication login default group radius-servergroupaaa authentication login console local
in t...
Ok, So I've been using VIRL for over a year.
It looks like CML is simply a corporate version of VIRL.
Can anyone explain the roughly $8000 difference in price?
They look functionally very similar. I know one is a personal use license and one is for ...
I'm curious peoples opinions on when a single redundant fabric switch (Nexus 7004 for arguments sake) is appropriate.
(Nexus 7Ks are expensive)
Examples of when a operational situations where a single switch would cause an outage?
any recommenda...
Actually, this is working as intended. I just missed a major piece to the puzzle. Most of the hosts I was trying to Deny are load balanced servers.These Servers use the LB as their gateway and are NAT'd on the way out behind their virtual service's I...
ok well, answered Q2 myself.
https://rbgeek.wordpress.com/2013/01/14/authenticate-the-cisco-devices-using-active-directory/
'vendor specific' radius settings and the following steps show how to set the user role.
still curious on Q1. If I can have ...
Thank you for your reply.Basically, I've been using ACLs to restrict traffic between sites across a private WAN.And these ACLs have gotten long and unruly.We are looking into adding some dedicated internal firewalls to facilitate better rule manageme...
Thank you for the direction Paolo!I've reached out to my VAR and asked to speak with a Cisco product specialist.I have no immediate need for IPv6, but I do intend to do Full IPv4 BGP tables from 3 ISPs.So any Idea the additional resources that would ...
Wow! Thanks for the answers!I will try this this evening.Part of me is wondering how this is possible, given the Market share Cisco and Microsoft has.I guess one main reason I try and deploy everything in a redundant manor is so I don't have to sweat...
