Have a look at Cisco AV-Pairs
I've used/use them before on Cisco IOS and ASA devices with RADIUS
I think they also work with TACACS
Look for "inacl= "
For eg
ip:inacl#1=permit tcp any 10.0.0.10 255.255.255.0 eq 22
google found this which may be of use
http://www.cisco.com/en/US/docs/ios-xm
Guys,
Do you know if there is any reference for dual planar core network design out
there?
I came to know about this from cisco live session BRKRST-3365 "the evolution of
the next generation network"
Thanks.
Regards,
Alexander Lim
___
cisco-nsp mai
--- On Wed, 9/5/12, Jason Lixfeld wrote:
> From: Jason Lixfeld
> Subject: [c-nsp] per-user access-lists with IOS SSL VPN
> To: "cisco-nsp@puck.nether.net"
> Date: Wednesday, September 5, 2012, 4:05 PM
> I've got a third party that need
> access to my network over my VPN. Instead of giving
> th
--- On Wed, 9/5/12, Jason Lixfeld wrote:
> From: Jason Lixfeld
> Subject: [c-nsp] per-user access-lists with IOS SSL VPN
> To: "cisco-nsp@puck.nether.net"
> Date: Wednesday, September 5, 2012, 4:05 PM
> I've got a third party that need
> access to my network over my VPN. Instead of giving
>
I've got a third party that need access to my network over my VPN. Instead of
giving them carte blanche, I'd like to wrap an ACL around their session so they
only have access to what's permitted by the ACL. I can configure these users
in tac_plus as users, or as members of a group, or locally
Hi Tony,
> My assumption that the inner tag is not being manipulated properly is
> based on sniffing traffic on the 3550 (sorry, it's a 3550, not 3750) by
> spanning the port (gig0/1) that is connected to gig7/7 on 7609. It has a
> number of other VLAN's on this trunk port that all appears to beha
Right Paul PIM DR :)
Regarding the NAT yes it's a bit ugly
Though I've just tried that on 7200 acting as NAT-box and RP at the same
time and it works
-the m-cast routing table show states with un-NAT-ed source IPs
So it appears the m-cast states are created before NAT is applied and NAT
I think you mean the PIM Designated router, rather than the Designated
Forwarder there. The DR sends registers. IGMP, or the DF (which forwards
the data stream onto a particular subnet) are not really relevant to this.
NATing the source address of each packet in the multicast flow sounds a
littl
Hi Tony,
See below
>> The 3750 would be the device "removing" the vlan tag
>> If you want the 6500 to remove the tag the port needs to be an access port,
>> not a trunk port.
>My assumption that the inner tag is not being manipulated properly is based on
>sniffing traffic on the 3550 (sorry,
On 9/5/12 10:44 AM, Adam Vitkovsky wrote:
It appears that the IGMP DF will not begin the PIM RP register process if
the source of the m-cast is not on a directly connected subnet.
I guess you need to trick the router into believing that the source is on a
local subnet -like NAT the source IP to
It appears that the IGMP DF will not begin the PIM RP register process if
the source of the m-cast is not on a directly connected subnet.
I guess you need to trick the router into believing that the source is on a
local subnet -like NAT the source IP to 192.168.1.2 on the linux box -you
can than t
Hi,
On 9/4/12 11:18 AM, Phil Mayers wrote:
On 09/03/2012 07:12 PM, Mihai Tanasescu wrote:
b) if I put:
10.10.10.1/29 or /32 configured on S on a Loopback interface
and on C4900:
ip route 10.10.10.0 255.255.255.240 192.168.1.2
So, to be clear, you're doing this i.e. trying to source the multi
Hello and sorry for the delay in answering.
Tons of messages and all very helpful; now the issue makes sense.
On 9/4/12 10:12 AM, Adam Vitkovsky wrote:
As Paul said IGMP register messages are supposed to be handled by the router
elected as designated querier for the local subnet
Though AFAIK IGM
13 matches
Mail list logo