About west-david

west-david · 04-23-2008

In a NAC OOB environment, using Catalyst 3750s (IOS 12.2.25) with MAC notification, an end user can attach a switch or hub to their Cisco IP phone, be authenticated by NAC and then additional PCs can attach to the hub and gain access to the network....

west-david · 04-06-2006

We have a 6509 running 12.2.18SXF with an IDSM-2 (5.0(6)). We are using VACLs to capture traffic from several VLANs onto the IDSM. Today, we added another VLAN to the IDSM by creating a VACL for that VLAN with the "action forward capture" statement. ...

west-david · 05-12-2011

Jimmy,You mentioned that you have VMs inside that zone, those are tricky as the traffic never leaves the VM host. There are a few options out there for IPS VM appliances that might work. For the physical servers you may want to consider segmenting th...

west-david · 05-11-2011

Jimmy,If you have an AIP-SSM-20 in your ASA it only inspects traffic that transits the ASA. So, if you have a DMZ segment attached to the ASA the IPS has no visibility into that layer 2 segment (host-to-host traffic). Traffic must transit the ASA for...

west-david · 10-22-2008

Actually, that is the only way to run NAC in an IP telephony environment. Did you have the MAC filters in place before upgrading your CAM/CAS? I would have expected you to have the endless re-authentication issues prior to the upgrade without those f...

west-david · 04-23-2008

An approach I have used is to segment IP Phones and printers into dedicated VLANs with ACLs allowing only voice or printing traffic. I then configure the filter to place the device in a user role which assigns that device to the right VLAN (in OOB mo...

west-david · 04-24-2006

The "capture" command is a lot more useful, see http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9bb.html#wp1985613for details.

Member Since	‎04-21-2005 04:00 AM
Date Last Visited	‎09-16-2019 12:38 PM
Posts	8

User Statistics

User Activity

NAC 4.1.3 OOB - multiple hosts on same port issue

Adding VLAN to VACL for IDSM2 Blackholes that VLAN

Re: Does the ASA , with AIP-SSM-20, handle IPS within a FW zone?

Re: Does the ASA , with AIP-SSM-20, handle IPS within a FW zone?

Re: Cisco NAC 4.1.6 vlan bounce

Re: Cisco NAC Device Filtering Question

Re: Debug packet command in Cisco IOS 6.3.1?