About Matt Craig

Matt Craig · 02-17-2021

ISE 2.7 If a user connects their device to a Wireless dot1x SSID AND AnyConnect at the same time, ISE does not show separate sessions as Radius reports the same username and mac address for both. The most recent to connect simply re-uses the existing...

Matt Craig · 04-23-2018

In FMC Access Control rule, what is the difference between Selected Destination Ports "Protocol=All, Port=#" vs adding "Protocol=TCP, Port=#" and "Protocol=UDP, Port=#" separately. For example, if policy needs to allow TCP (6): 53 and UDP (17): 53,...

Matt Craig · 10-29-2012

Can I establish an endpoint of a point-to-point IPSEC VPN tunnel on an ASA 5540 Active/Standby failover pair and expect the tunnel to failover to the Standby unit in the event the Active one fails? Are there are caveats or notable behaviors in this ...

Matt Craig · 10-25-2012

Are there any gotchas in having multiple ASA or FWSM failover pairs all sharing the same respective Failover and State VLANs?

Matt Craig · 03-23-2012

I have two Nexus 5010s in a vPC pair with a bunch of FEXs vPC dual-homed between them. I am encountering a problem where, from the point of view of the vPC Primary switch, a MAC address would move from the switch port its connecting to (Eth119/1/25)...

Matt Craig · 04-25-2018

yogdhanu, are we confusing Recurring Rule Update Imports (SRU) with Firepower Recommended Rules? Your answer seems to talk about Recurring Rule Update Imports (SRU), and I want to be clear. I believe the OP was asking about automating Firepower Re...

Matt Craig · 03-26-2012

It jumps in and out of that condition for incosisten time periods and at incosistent intervals... ie. mac learned on po1 and stays for couple minutes, then its learned on e119/1/25 on both switches for several minutes, then goes back to po1 after sev...

Matt Craig · 02-28-2011

Do you know how to do this with Callhome?

Matt Craig · 12-17-2010

The version is 5.0(2)N1(1).However, I have this figured out. I got with TAC, and did more testing...The errdisable happened because of a bug:CSCth81348 - ports failed into Internal-Fail errDisable when configuring vpcPer the bug notes, I just re-boo...

Matt Craig · 12-06-2010

I just recently ran into this issue too, and I believe I know why. It would appear that the config sync sessions remains active always, and that only the owner of the session (the one who created the session) may access the session.For example:I log...

Member Since	‎12-06-2010 04:53 PM
Date Last Visited	‎05-08-2023 10:07 AM
Posts	13
Total Helpful Votes Received	15

User Statistics

User Activity

Radius session overlap between simultaneous Wireless dot1x and AnyConnect connections

Access Control Selected Destination Ports: Protocol=All vs TCP+UDP

Point-to-Point IPSEC VPN with ASA Active/Standby pair

ASAs / FWSMs Sharing Failover and State VLANs

Mac inconsistency on N5010 vPC pair

Re: Firepower Intrusion Policy Recommendations

Mac inconsistency on N5010 vPC pair

Re: Nexus 5000 and 2000 series: Monitoring FEXes

Re: port-channel on n2k fex interfaces

Re: Nexus 5000 Config-Sync and TACACS problem with the Switch Pr