Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Currently our guest traffic is separated from production traffic using a non routed VLAN at a 6509 core trunked directly to an ASA. Production rides a different VLAN. No routing is needed with guest as its all one broadcast domain.
The business is...
We have multiple sites that use 6504s with VSS. Those 6500s have the SVIs for all VLANs within that particular site (about 50+ VLANs per site).I'm trying to figure out the best way to apply an infrastructure ACL accross our environment. What I have...
One of the questions I have is how normally are management SVIs traffic marked for QoS? We have a management VLAN for our Layer2, but since I can't apply a policy-map to an SVI how does traffic generated by the switch (i.e. return traffic for manage...
I'm still a little new to QoS overall, but the NX-OS 9500s do things different than what I'm used to.Looking at implementing a pair of 9504s in a new datacenter. Will be using NX-OS 6.1(2)I3(2).These things are kinda new, so I've been going through ...
I'm working on creating AAA authorization sets for our environment and ran into a question!I'd like to be able to enable ALL show commands except 'show run'. I would also like to enable 'show run interface'. I've figured out how to enable all show ...
I have the same question! I have the same setup. A VRF for guest that I'm trying to get a DHCP server on another subnet that isn't part of a VRF to hand out addresses to the guest one.
I thought the same thing. If I used ip helper-address global $...
Thanks for the input! At least breaking it up like that would enable a different ACL for future needs... just add the items above the deny/log ACL for that PC/server example.. That's an interesting idea!The other devices are non-6500s.. I'm trying t...
I tried setting it up this way, same issue. If I set it up that way and test it, the interfaces still will not show (nor will anything else). SGAVEJ01#show runCommand authorization failed.SGAVEJ01#sh run interface gi0/1Command authorization failed.
Changing it to 'deny running-config' does the exact same thing. It looks like it's seeing the 'show running-config' then stoping on that before anything else. I've tried adding 'permit run interface' in ACS and same thing. Other AAA Authorization ...
Yeah.. I got it figured out.. it was a group policy setting in the ASA for that specific connection that was set to expire after 5 minutes!Thanks for the ideas!
