without knowing your fw setup, my suggestion is:
- you’ll have 2 “inside” fw interfaces
- connect each inside interface to each ssa
- run a /30 or a /29 on each physical link between the fw and the ssa’s
- run ospf between the ssa’s as well to accommodate a
I am toying around with RFC3580 to try and get it running on a test
switch, and I am wondering what values need to be returned by RADIUS to
set the VLAN of a port that authenticates properly.
Patrick Printz
Network Services
Quinsigamond Community College
670 West Boylston Street
Currently the FW has a default route statement to our F5 Link Controller
(handles two ISP's) as well as static routes to the internal networks.
We are considering running OSPF in the firewall since we are replacing
it now. When you say have the fw generate a default route to the
SSA's how is
Hi Walter,
There are no specific ospf commands in the ssa's to receive this information.
You will need to configure your firewall to redistribute static routes and the
ssa's will receive the default route published by the firewall.
Stephen
- Original Message -
From: Walter Witkowski
Which radius server?
Do you use Policy Manager to enable authentication on the switch ports?
Does show multiauth session show the vlan id which is configured in radius?
- Markus
Sent via iPhone.
On 01.06.2011, at 17:11, Patrick Printz ppri...@qcc.mass.edu wrote:
Yes. It is enabled on the
I got it. I forgot to switch the RADIUS response mode to include the
VLAN Tunnel Attribute.
Patrick Printz
Network Services
Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529
Opportunities multiply as they are seized.
- Sun Tzu
;-) That is what I wanted to suggest next. That was the reason why I asked for
Policy Manager, don't have the set command in my mind at the moment.
-Markus
Sent via iPhone.
On 01.06.2011, at 17:20, Patrick Printz ppri...@qcc.mass.edu wrote:
I got it. I forgot to switch the RADIUS response
a couple of ways to generate the default route from the fw using ospf.
you can make the new subnets (the /30 or /29) a stub or totally stub area and
the fw will automatically generate a default route to the ssa's. or if you use
a normal area, you can force the fw to generate a default route
Using PaloAlto and there is a gui check box under OSPF for Allow Redist
Default Route
waltw
D'Estienne, Michael Michael.D'estie...@dhs.gov 6/1/2011 11:44
AM
a couple of ways to generate the default route from the fw using ospf.
you can make the new subnets (the /30 or /29) a stub or totally
It's been a crazy couple weeks. I was finally able to look at this some more.
Thanks for the suggestion. I checked that and it didn't make any difference.
According to their documentation:
Attribute = Value
Not allowed as a check item for RADIUS protocol attributes. It is allowed
for
Stephen,
Go into Reports-Active Clients By VNS (or one of the active clients reports),
find the client that you're validating and check the Filter field for that
client. Now go into VNS Configuration-Policies select the matching Policy and
click on the Filter Rules tab and verify that the
Stephen,
I'd be interested in looking at the configuration on the Enterasys Wireless
Controller and the trace to help determine the root cause. I'm confident we can
get this working for you. Please feel free to contact me directly
dh...@enterasys.com
Regards,
Doug Hyde | Escalation Support
12 matches
Mail list logo