About 6mraddie

6mraddie · 07-06-2006

I have cat6513, sup720 (ver 12.2(18)SXF3) and wlsm (ver 2.1(1)). I have L2 and L3 vlan 11 interface (ip in same subnet as wlsm admin vlan) configured on sup720 and "wlan module 2 allowed vlan 11"I can ping the wlsm from the sup720 (and vice versa) bu...

6mraddie · 07-15-2004

I am using vpn client v4.0.1 to establish an ipsec over UDP tunnel to a pix525. The tunnel establishes and authenticates against radius. I get ip address from the pool and all looks ok. The only problem is I cannot pass traffic over the tunnel. Any i...

6mraddie · 09-10-2003

I have a network based on 4 nodes in a ring topology (BK - DL - DH - WH). Two (physically adjacent) nodes (BK and DL) are running BGP (iBGP with each other and eBGP with two nodes from the same ISP). The ISP is advertising a default route only to bot...

6mraddie · 06-02-2003

We have a 3640 accepting analogue and isdn calls and authenticating users using radius via a IAS service running on win2k server. All is working well apart from isdn which looks like it's passed authentication ("Pass" on debug radius) but the user ge...

6mraddie · 05-29-2003

I have a pix firewall which I was planning to place between our msfc and our isp link. Since the connection to the isp is 100Mbps I didn't see the need to use another (border) router for media conversion.We plan to run ebgp through the pix and have t...

6mraddie · 07-22-2006

For seamless fast secure roaming at layer 3 (i.e. maintain client ip address even as you roam amongst APs on different subnets), you need a WLSM as your WDS device in a cat6000 chassis with sup720 to do gre in hardware. This is the only way you can m...

6mraddie · 08-09-2005

You can configure the number of failed interfaces before a failover occurs. Cisco call this defining the criteria for failover and you can select the number of failed interfaces that triggers failover or express this as a percentage of failed interfa...

6mraddie · 08-08-2005

The only way I have found to apply our web access policies (url, acl etc) is to get vpn users to use a proxy server on the inside. Non vpn traffic will not go back out of the vpn (prob. outside) interface.Split tunnelling is just used to tell the vpn...

6mraddie · 06-23-2005

You could get the remote wks to use a proxy at the main site to force traffic through the main pix and then get NATed by the proxy. I remember reading something about remote access vpn traffic destined for the internet (with no split tunnelling) will...

6mraddie · 10-12-2003

You can use a logged acl to permit/deny access to vty. Whenever a telnet attepmt is made to the switch, the acl is processed and a syslog message is generated.access-list 199 permit tcp host x any eq telnet logaccess-list 199 deny ip any any log-in...

Member Since	‎05-03-2001 07:40 AM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	13
Total Helpful Votes Received	3

User Statistics

User Activity

WLSM - cannot route traffic to it

cannot pass traffic over ipsec tunnel

BGP Problem

RADIUS authentication

PIX Firewall Placement

Re: Fast secure roaming in a high school possible?

Re: PIX 515 Failover scenario

Re: VPN-client for internet-access on same interface?

Re: Central Websense Server and remote sites

Re: Logging Console and VTY logins to Syslog