turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Alex Pfeil
Online
Alex Pfeil
Member since
01-08-2008
Enthusiast
02-15-2019
06:29 AM
Can somebody explain what the absolute timeout is for a user authentication? Does it mean after this specific time, you have to authenticate again?
... View more
Labels:
Created by
Alex Pfeil
in VPN and AnyConnect
in VPN and AnyConnect
02-15-2019
05:48 AM
02-15-2019
05:48 AM
I was still hoping somebody could comment on this issue.
... View more
Created by
Alex Pfeil
in VPN and AnyConnect
in VPN and AnyConnect
02-14-2019
08:04 AM
02-14-2019
08:04 AM
Customer having issues with AnyConnect and Umbrella. There were getting an endless loop of connected - reconnecting. There solution was to change the DNS on their home network. Can anybody comment on this? How is this the fix?
Having Umbrella disabled temporarily made the problem go away, but of course it was reenabled through whatever system does that sort of thing. However I think I have found a permanent resolution on my home network.
The primary DNS setting on my home network pointed to 8.8.8.8, if I revert that setting and use the router 192.168.1.1 (and I guess therefore my ISP) for DNS then the reconnect issue seems to go away.
The setting of 8.8.8.8 been the case on my network at home for more than a year and I have had no VPN issues, so something upstream somewhere in the system has changed to not like this setting (at least in my environment).
... View more
Labels:
02-11-2019
07:26 AM
They are asking if you can provide the hub and spoke EIGRP configuration. When the tunnels are up for a few hours, do the EIGRP neighbors form?
... View more
02-08-2019
06:55 AM
show mac address-table int gi3/0/17
Copy the MAC address.
On router, show ip arp | i MAC address
If you see the MAC on the switch and the IP address in the arp table, it is not the switch.
... View more
01-24-2019
05:26 AM
Have you tried switching the authentication order to mab dot1x? Here is a configuration that we are currently using on some different switches. I removed a few things to focus on the 802.1x configuration. My review is based on recommended best practices on Cisco Community forum.
authentication control-direction in authentication event fail action next-method authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication order mab dot1x authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer restart 3600 authentication timer inactivity 180 authentication violation restrict mab no snmp trap link-status dot1x pae authenticator dot1x timeout tx-period 10
... View more
Created by
Alex Pfeil
in Cisco Cafe Blogs
in Cisco Cafe Blogs
01-24-2019
05:17 AM
01-24-2019
05:17 AM
I know you spent a lot of time and effort to get this recognition. Thank you and congratulations!
... View more
01-21-2019
08:09 AM
Cisco IOS XE Software, Version 03.16.05.S - Extended Support Release Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S5, RELEASE SOFTWARE (fc2)
... View more
01-21-2019
08:07 AM
Cisco 4451. The are connected over a VLAN sub-interface which has a few switches in between.
... View more
01-21-2019
07:27 AM
I think that using a frequency of 10 seconds, and then a tracking a delay down of 30 seconds is a good solution. Does the 30 seconds account for three missed pings or would it actually only account for 2. For example, should the delay down be for 31 seconds?
Does anybody use a different amount of time for tracking, or is there a best practice?
... View more
01-18-2019
04:57 AM
We have two routers (A and B) doing BGP with an ISP. We had a scheduled outage to bring down side A. We did not have a static BGP router-id setup or a loopback interface configured on A or B. We bring down side A, go through the scheduled outage, and then bring up side A. Somehow, B changed it's router-id to the IP address on A and they both had the same BGP router-id. Can somebody please explain this phenomenon? Is this a bug?
... View more
Labels:
Created by
Alex Pfeil
in Cisco Cafe Blogs
in Cisco Cafe Blogs
01-15-2019
01:11 PM
01-15-2019
01:11 PM
Congratulations! I see all of the people listed that I would expect. Very knowledgeable and very helpful group. Thanks for all of your help!!!
... View more
01-15-2019
01:02 PM
Did this fix your issue?
I was also looking at:
access-list 1 deny 0.0.0.0
access-list 1 permit any
interface X
ip pim neighbor-filter 1
Does anybody have a comment on this?
Thanks,
Alex
... View more
Created by
Alex Pfeil
in Policy and Access
in Policy and Access
01-02-2019
08:11 AM
01-02-2019
08:11 AM
I would also post the relevant configuration so we can verify it is correct and the show version of the switch.
... View more
Created by
Alex Pfeil
in Policy and Access
in Policy and Access
01-02-2019
08:10 AM
01-02-2019
08:10 AM
Are you able to see the IP addresses of other devices on the switch? Is the phone working properly on the port? Can you see the IP address using CDP or LLDP?
... View more
yesterday
Can somebody explain what the absolute timeout is for a user
authentication? Does it mean after this...
Created by
Alex Pfeil
in VPN and AnyConnect
yesterday
yesterday
I was still hoping somebody could comment on this issue.
Thursday
Customer having issues with AnyConnect and Umbrella. There were getting
an endless loop of connected...
Monday
I learn something new every day. Thanks for the quick response. It looks
like that is definitely an ...
Monday
Would someone please comment on the issue below. To me this sounds like
an account is getting unlock...
Monday
They are asking if you can provide the hub and spoke EIGRP
configuration. When the tunnels are up fo...
Monday
I believe that having the correct license is the right thing to do. We
all knew they were going to b...
Monday
I was running ISE 2.4 patch 1. I could not delete a certificate out. It
was causing the URT to fail....
a week ago
show mac address-table int gi3/0/17 Copy the MAC address. On router,
show ip arp | i MAC address If ...
a week ago
I am having a similar issue to the above bug. I am running ISE 2.3 patch
1. When I try to run the UR...
Created by
Alex Pfeil
in Identity Services Engine (ISE)
a week ago
a week ago
I am having the same issue in 2.3 patch 1. I am upgrading to 2.4 patch
5. I am running the URT and i...
2 weeks ago
Do you think the upgrade readiness tool would have caught the above
issue? I.E.,the installation com...
2 weeks ago
I was going to start with the upgrade readiness tool. Do you know if
there is any risk to ISE produc...
Created by
Alex Pfeil
in Identity Services Engine (ISE)
2 weeks ago
2 weeks ago
I have the existing 2.3 TACACS administration license and I am upgrading
to 2.4. Thank you for confi...
Public Statistics
| Date Registered | 01-08-2008 12:55 PM |
| Date Last Visited | 02-15-2019 01:44 PM |
| Total Messages Posted | 485 |
| Total Helpful Votes Received | 341 |
Helpful Votes Given To
.jpg "VIP Rising star"){kind=icon}
Helpful Votes From
| User | Helpful Count |
|---|---|
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 25 |
