Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Just installed an 1142 a couple weeks ago and since day one, the output drops incriment constantly. There is only one user connected to this AP, and it is a stand alone. I saw somewhere that it might be dropping multicast packets, but the command "...
I have one more issue with reporting. I notice under GLBA reports there is a 'attacks prevented by cisco IPS - all events" report. We actually run IDS and are using a router to actively shun packets, and that is not included within the scope. I tr...
We are trying to run a report that shows all commands on firewalls within a given day for our PCI audits. With the MARS, any command other than show, obviously gives the above output in the email sent to managers and you must log in to see the actua...
We are installing NAC 4.6(1). Just dealing right now with one profile, Dealing with device filter list. We have a MAC address in the list that when it is seen puts the switchport in VLAN 117 (access VLAN) then when the device gets unplugged, we wan...
We get this message with MARS but the two devices, both Cisco IDS 4.0, are both up and functioning. We are able to discover the device via MARS, but no logs will come in. We know the IDS's are logging because we can see them on the box themselves a...
I found a way to get the information needed. Instead of searching shunRequested: true, we just searched for keyword 'shunRequested'. If a shun is not requested, obviously that action is not attempted, therefore is not in the raw packet. Thanks,
I found this in the config guide for NAC CAM 4.6. Section under port profile configuration.Step 14 Remove out-of-band online user when SNMP linkdown trap is received, and then [do nothing | change to Auth VLAN | change to Restricted VLAN] Click this...
Hey, I think I did that. please check the attached file that I uploaded in the post before this one. I want it to fail closed, but it doesn't seem to be doing that. All help is appreciated.
Well, if that is the case, why do they ask you what you want the CAM to do when it receives a link-down. It asks if you want to leave it in the access VLAN, move to the Auth VLAN, etc. I have that I would like it to move back to the auth VLAN (115)...
