Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
In a NAC OOB environment, using Catalyst 3750s (IOS 12.2.25) with MAC notification, an end user can attach a switch or hub to their Cisco IP phone, be authenticated by NAC and then additional PCs can attach to the hub and gain access to the network....
We have a 6509 running 12.2.18SXF with an IDSM-2 (5.0(6)). We are using VACLs to capture traffic from several VLANs onto the IDSM. Today, we added another VLAN to the IDSM by creating a VACL for that VLAN with the "action forward capture" statement. ...
Jimmy,You mentioned that you have VMs inside that zone, those are tricky as the traffic never leaves the VM host. There are a few options out there for IPS VM appliances that might work. For the physical servers you may want to consider segmenting th...
Jimmy,If you have an AIP-SSM-20 in your ASA it only inspects traffic that transits the ASA. So, if you have a DMZ segment attached to the ASA the IPS has no visibility into that layer 2 segment (host-to-host traffic). Traffic must transit the ASA for...
Actually, that is the only way to run NAC in an IP telephony environment. Did you have the MAC filters in place before upgrading your CAM/CAS? I would have expected you to have the endless re-authentication issues prior to the upgrade without those f...
An approach I have used is to segment IP Phones and printers into dedicated VLANs with ACLs allowing only voice or printing traffic. I then configure the filter to place the device in a user role which assigns that device to the right VLAN (in OOB mo...
The "capture" command is a lot more useful, see http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9bb.html#wp1985613for details.
