Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a site-to-site VPN tunnel between two sites both running Cisco ASA on 9.8(4)10 code. The tunnel has about 5 prefixes on A side and 3 from Z side. I can see phase 1 and 2 are established with no error. However, it appears I can only pass tra...
I recently upgraded my ACS from 5.6 to 5.8 with the latest patch installed. Since then, it's been unable to retrieve user group attributes from Windows AD, which effective breaks all my authorization policies.
-The ACS-AD connector account belongs...
I have a WLAN configured with 802.1x PEAP pointing to an external RADIUS server. It works fine for the most part, but I'm having problem closing accounting sessions in RADIUS. I've found this is related to the client table in the WLC. The user ses...
Hello all,This problem only seems to affect one of our sites. Every once in a while, several APs would lose link to the 5508 and get stranded. The only way to fix the issue is either to power cycle, or better yet SSH into the APs and use the comman...
Hello,Is it possible to force a router to use its secondary IP on an outside-facing interface as a source IP for traffic that originates from within the router, such as ICMP, NTP, and DNS?i.e.interface vlan 200ip address 10.0.0.2 255.255.255.0ip addr...
Thanks for the response. For the subnet that is not working, I captured ESP traffic at both ends and cross check the SPIs in the result. The local side is definitely sending out the encrypted traffic but the SPI value is missing at the remote recei...
Thanks, Jatin. Please let me know if I did this correctly.
1. went into acs-config. ran "debug-adclient enable"
2. show logging application ACSADAgent.log = no debug output
3. show logging application ad_agent.log = a lot of debug output. However...
Has anyone been able to resolve this issue? I'm having the same problem here. Upgraded from 5.6 to 5.8 with latest patch and user group attributes went fubar.
You only have a policy applied to the ingress. You need to shape the egress (download speed) as well. I believe the 2960S won't let you apply a policy-map to the egress (correct me if I'm wrong), so you will have to use "srr-queue bandwidth limit [1...
