Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have cat6513, sup720 (ver 12.2(18)SXF3) and wlsm (ver 2.1(1)). I have L2 and L3 vlan 11 interface (ip in same subnet as wlsm admin vlan) configured on sup720 and "wlan module 2 allowed vlan 11"I can ping the wlsm from the sup720 (and vice versa) bu...
I am using vpn client v4.0.1 to establish an ipsec over UDP tunnel to a pix525. The tunnel establishes and authenticates against radius. I get ip address from the pool and all looks ok. The only problem is I cannot pass traffic over the tunnel. Any i...
I have a network based on 4 nodes in a ring topology (BK - DL - DH - WH). Two (physically adjacent) nodes (BK and DL) are running BGP (iBGP with each other and eBGP with two nodes from the same ISP). The ISP is advertising a default route only to bot...
We have a 3640 accepting analogue and isdn calls and authenticating users using radius via a IAS service running on win2k server. All is working well apart from isdn which looks like it's passed authentication ("Pass" on debug radius) but the user ge...
I have a pix firewall which I was planning to place between our msfc and our isp link. Since the connection to the isp is 100Mbps I didn't see the need to use another (border) router for media conversion.We plan to run ebgp through the pix and have t...
For seamless fast secure roaming at layer 3 (i.e. maintain client ip address even as you roam amongst APs on different subnets), you need a WLSM as your WDS device in a cat6000 chassis with sup720 to do gre in hardware. This is the only way you can m...
You can configure the number of failed interfaces before a failover occurs. Cisco call this defining the criteria for failover and you can select the number of failed interfaces that triggers failover or express this as a percentage of failed interfa...
The only way I have found to apply our web access policies (url, acl etc) is to get vpn users to use a proxy server on the inside. Non vpn traffic will not go back out of the vpn (prob. outside) interface.Split tunnelling is just used to tell the vpn...
You could get the remote wks to use a proxy at the main site to force traffic through the main pix and then get NATed by the proxy. I remember reading something about remote access vpn traffic destined for the internet (with no split tunnelling) will...
You can use a logged acl to permit/deny access to vty. Whenever a telnet attepmt is made to the switch, the acl is processed and a syslog message is generated.access-list 199 permit tcp host x any eq telnet logaccess-list 199 deny ip any any log-in...
