Hi I have been trying to search for any documentation that could guide in configuring an SCE to look for authentication information via ACS RADIUS. Any ideas ? Also, does the SCE have a feature to provide a logon page for users to enter their credentials which are then cross-checked against the entries in ACS ? Apologies if I have posted in the wrong forum. Regards Vivek ... View more

Hi community, Does OSPF work between a VSS L3 MEC & an ASA Redundant Interface ? Physical Connections - 6509(Active)    Port Gi 1/1/10 ------RJ-45------ Port Gi0/2 ASA 5520 v8.3.1 6509(Standby) Port Gi 2/1/10 ------RJ-45------ Port Gi0/3 ASA 5520 v8.3.1 Both 6509 are in VSS and a L3 MEC is formed to the ASA Both ASA ports are a part of a L3 Redundant Interface. Please note there is only a single ASA in this topology. Config - On VSS interface Port-channel 20 description **** MEC to ASA **** no switchport ip address 192.168.10.1 255.255.255.0 no ip redirects no ip unreachables ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco <Both ports Gi1/1/10 & Gi2/1/10 are a member of this MEC> router ospf 10 router-id 192.168.10.1 log-adjacency-changes redistribute connected subnets redistribute static subnets passive-interface default no passive-interface Port-channel 10 network 192.168.10.0 0.0.0.255 area 0 On ASA interface Redundant 2 description **** To VSS **** member-interface GigabitEthernet0/2 member-interface GigabitEthernet0/3 nameif routing security-level 100 ip address 192.168.10.2 255.255.255.0 ospf message-digest-key 1 md5 cisco ospf authentication message-digest router ospf 10 router-id 192.168.10.2 network 192.168.10.0 255.255.255.0 area 0 log-adj-changes redistribute connected subnets redistribute static subnets default-information originate always Problem - Now, the OSPF neighboring does occur and go into the FULL state on this device, however soon enough, the state enters INIT/DROTHER state. But as soon as I disconnect the physical connection 6509(Standby) Port Gi 2/1/10 ------DISCONNECTED------ Port Gi0/3 ASA The OSPF adjacency goes into FULL mode. Any suggestions on where am I going wrong ? (there are no duplex or speed or cable issues) Thanks Vivek ... View more

Hi Community, Scenario: HQ WAN Router already has a QoS Policy applied on its WAN port (30M link) [HQ has several branch sites and no issues with the rest of them except one branch. That one branch will be spoken about in this thread] Branch WAN Router is on a 4M link and has no QoS policy - voice traffic from HQ to Branch is getting affected. ISP QoS is not possible at this moment due to cost reasons Config: HQ WAN Router - Current interface GigabitEthernet0/1 service-policy output wan-qos class-map match-any mgmt match access-group name mgmt class-map match-any ldap match protocol ldap class-map match-any abcd match access-group 112 class-map match-any voip-signal match protocol skinny match protocol mgcp class-map match-any voip-media match protocol rtp class-map match-any rdp match access-group 111 !         policy-map wan-qos class iccs     bandwidth 1024 class voip-media     priority 164 class voip-signal     bandwidth 48 class rdp     bandwidth 64 class mgmt     bandwidth 16 class ldap     bandwidth 32 class class-default      random-detect ! New QoS policy for HQ to Branch voice traffic ***** Classify Voice traffic to Branch ***** access-list 102 permit ip <HQ IP>  <Branch IP> class-map voice-branch-traffic match access-group 102 ***** Giving voice traffic a guarantee of 200 kbps with a burst of ~ 20kbps ***** policy-map Priority-Voice-branch-Traffic class voice-branch-traffic    priority 200 20000 ***** Max traffic out to branch will be limited to 3.6Mbps (10% reserved) ***** policy-map  branch-Traffic class class-default   shape average 3600000   service-policy Priority-Voice-branch-Traffic Now to apply this new QoS policy within the already current (wan-qos) of the HQ router, would the following way be correct ? policy-map wan-qos class abcd     bandwidth 1024 class voip-media     priority 164 class voip-signal     bandwidth 48 class rdp     bandwidth 64 class mgmt     bandwidth 16 class ldap     bandwidth 32 class class-default      shape average 30000000 ----> HQ WAN Link is 30M (random-detect had to be removed to apply the policy)      service-policy branch-Traffic ---->  Shaping HQ to Branch Voice traffic to be less than 3.6M Is this the correct way to apply the new "branch-Traffic" QoS policy under the existing one "wan-qos" on the HQ router ? Regards Vivek ... View more