Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have a working Duo Authentication Proxy acting as a RADIUS server for Meraki VPN, which passes authentication to Active Directory. This works, we have MFA, and everything is good. Now we want to add the ability to set a static IP for specific AD...
I have a 4500-X acting as my core switch and a mix of SG300 and 2960X access switches and Meraki WAPs. There are 10 buildings each with separate VLANs for wired, wireless, and VoIP. There are wired printers and Apple TVs throughout the campus and I...
OK, so I get that the ASA 5505 Base License can only have a 3rd named VLAN interface if that interface has the "no forward interface XXX" command used. I have a customer with the following interfaces:outsideinsideDMZThe DMZ is currently configured to...
I have a need to capture traffic on an ASR 1001 subinterface, but what I have found is that the Embedded Packet Capture feature is not supported on this platform. Are there any simple alternatives to capture egress traffic on a subinterface or am I ...
I have a customer with a main office and 9 branch offices. Their phone system is an NEC NetLink, which I admittedly know little about as I was not involved in its implementation. The main office has an ASR 1001 with a trunk ethernet handoff to Time...
I did switch to [radius_client] and added pass_through_all=true. In my Microsoft NPS log I can see the IP is being sent back to Duo:
“REDACTED-DC”,“IAS”,11/11/2022,19:05:34,1,“dbrown”,“V1CORP\dbrown”,“CLIENTVPN”,“REDACTED-IP”,1,0,“10.27.1.3”,“Duo-pr...
I know this is over a year old, but you saved my butt tonight. I'm replacing an ASA cluster with an MX cluster in a colo and don't control the upstream device. I have a few dozen 1:1s and only a few were working. Thank you for your post!
Unfortunately that bug is when using multiple switches in a VSS (we only have one 4500X) and 16k+ ARP entries in the cache (I see <1000). The access-lists controlling what mDNS traffic to forward are probably my issue. The permit any statement was...
Branch to branch traffic still passes through the HQ, as this is not an MPLS cloud, but rather point to point links (logical star). We use MRTG to graph out bandwidth utilization, and the egress traffic for the ASR's subinterface connecting to Branc...
The phone system is comprised of several NEC SV8100's (one at each branch), with the 'main' one being at Branch8. As I said before, I was not involved in the implementation, or it would have been at the main branch. As it is now, all voice traffic ...
