Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello everyone:I am trying to configure an extended access list on a C9300 (IOS XE 17.03.04) to allow traffic between two stations. This is the configuration of the network I'm having problems with:Both stations are in different VLANs and switch C930...
Hello everyone:Until now we have been using RADIUS PAP to authenticate users connecting to our switches. The RADIUS servers is a Windows Server machine using Microsoft RADIUS Server. Due to Blast RADIUS we would like to use EAP instead of PAP with th...
That flux of data is what I was missing. Books and articles I have read always apply ACL to interfaces, so I was missing what @David Ruess explained in his post, and that separation between intervlan, VLAN and interfaces in 3 layer switches.Thank you...
Thanks again MHM, but I think I'm missing something here.Station 192.168.201.14 is in VLAN 2Station 172.24.4.227 is in VLAN 3The permit command has de format permit protocol source destinationI want to allow traffic from 172.24.4.227 to 192.168.201.1...
Thanks for your answer, MHM. That is what I thought: I only need that line if I used an IN ACL in VLAN, but I am not using any IN ACL, so it should be enough with the first line in OUT direction:permit tcp host 172.24.4.227 host 192.168.201.14 eq 768...
Hello Arne:It's a very interesting point and what you propose is a totally different approach from what I had considered. In my scenario though, I consider TACACS+ to be more secure than certificates or SSH keys, and also simpler to manage.The reason...
Thank you BB. The configuration used in that link is the one I'm using now. The problem is the Windows Server RADIUS server only supports unsecure authentification (now Blast-RADIUS is here): PAP. SPAP, MS-CHAP... That's why I was looking for a way t...
