Hi,
it is only available in version 12.4(15)T, you have to do a downgrade to
have this command available.
Cheers,
Daniel
From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Kingsley
Charles
Sent: Montag, 15. März 2010
Hi Kings,
How to Easily Memorize RFC3330
http://packetu.com/content/view/52/
Regards,
Mohamed Gazzaz
Date: Mon, 15 Mar 2010 11:12:32 +0530
From: kingsley.char...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL |
I did some more research. Using radius, the issue doesnt happen.
I tested cisco av pairs
auth-proxy:priv-lvl=15
auth-proxy:proxyacl#1=permit ip any any
as well as
shell:priv-lvl=15
shell:proxyacl#1=permit ip any any
and http and telnet both works fine.
With Tacacs though, I am still having
Kingsley,
As far as I know only RFC 1918 can be easily found there :
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ports.html#wp1007356
With regard to the rest I would try to memorize 0.0.0.0/8, 127.0.0.0/8,
128.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24 and 224.0.0.0/3
Kings
In that code version i beleive only 3825 has ip source track for the lab.
If your using Proctorlabs and I recall correctly, R2 for instance will
support it, but not the 2800's.
Stu
On Mon, Mar 15, 2010 at 6:03 AM, Kingsley Charles
kingsley.char...@gmail.com wrote:
Hi all
I don't find
Well
HTTP proxy sends the following
*Mar 1 00:13:45.399: FastEthernet0/1 AAA/AUTHOR/HTTP(3860994093): send AV
service=auth-proxy
*Mar 1 00:13:45.403: FastEthernet0/1 AAA/AUTHOR/HTTP(3860994093): *send AV
cmd**
*Mar 1 00:13:45.415: AAA/AUTHOR/TAC+: (3860994093): send AV
service=auth-proxy
*Mar
Did you try confguring one service with just auth-proxy and another one with
both auth-proxy and ip protocol.
With regards
Kin
On Mon, Mar 15, 2010 at 6:43 PM, Badar Farooq badarfar...@gmail.com wrote:
Well
HTTP proxy sends the following
*Mar 1 00:13:45.399: FastEthernet0/1
Badar,
What are the ACS logs saying about this?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 2:19 PM, Kingsley Charles
kingsley.char...@gmail.com wrote:
Did you try confguring one
Hi all
I am trying to configure dhcp snooping. The show ip dhcp snooping is
not showing other interfaces except the trust interfaces and I am not able
to find any bindings.
Configuration
==
ip dhcp snooping vlan 3
ip dhcp snooping
interface FastEthernet1/0/1
switchport access vlan
Kingsley,
All the routers should have 12.4(24) and 12.4(15) in the flash for
proctorlabs for reasons as what you are asking below.
Regards,
Tyson Scott - CCIE #13513 RS, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: mailto:tsc...@ipexpert.com tsc...@ipexpert.com
Kings,
If you are using an IOS device as a DHCP Server issue no ip dhcp snooping
information option and let us know how it goes.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 2:41 PM,
Badar,
I have seen this issue as well. Most likely they are not going to ask you
something that doesn't work. As you have already tested RADIUS is an
option.
Luckily you are already aware of the issue so it is always a good way to
show the proctor you know what you are talking about.
hmmm
Piotr
The relevant ACS log when http authentication fails ( when i use auth-proxy
with protocol IP, which works for telnet but not http) as as follows
Message-Type Author-Failure-Code Author-Data Author failed Service
denied service=auth-proxy
cmd*
And Tyson
Does it mean its a known issue
Hi,
please have a look onto the output below.
R6#sh ver | inc Version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version
12.4(15)T12, RELEASE SOFTWARE (fc3)
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
R6#conf t
Enter configuration commands, one
Kings,
Can you see any bindings right now? Remember that you can always enable DHCP
Snooping debugs on the switch and see what is going on.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at
Brad,
Yes, this is exactly what I ran into as well. Not sure if I could get
working both - HTTP and Telnet but it seems that Tyson is right. You are now
aware of it, would not expect to see it in the lab.
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
Kings,
Debug looks good (looks option 82 is turned off). Are you using show ip dhcp
*snooping* bindings to check it?
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Mar 15, 2010 at 3:47 PM, Kingsley
Hi Piotr
Yes, I used show ip dhcp *snooping* bindings. In the debugs, did you
notice the following:
It seems the entry has not been added.
1w4d: DHCP_SNOOPING: dump binding entry: Mac=00:13:7F:74:CD:31 Ip=10.20.30.3
Lea
se=86400 ld Type=dhcp-snooping Vlan=3 If=FastEthernet1/0/2
1w4d:
Kings,
You're not going to find it in the documentation. In the AoD and VoD we cover
ways to remember the networks. It's actually a little easier than you might
think.
In fact, you probably already have the following memorized:
-Private Nets,
-First and Last of each class,
-Loopback,
Kings,
As a side note, if you were to be tested on a feature that is not available in
the code you are running, or a feature that could cause problems in the lab for
whatever reason we may ask you to add a description to an interface or a line
in a banner with the command that you would use
Brandon,
In the solution guide (somewhere in lab 2a) it says that the 14, 24, 39,
and first and last of class b and c don't need to be included in rfc
3330 filtering. Can you comment on this.
Terry Little
(425) 894-4109 (m)
(425) 468-1057 (o)
-Original Message-
From:
Sure thing,
There is an new RFC, 5735 (http://tools.ietf.org/html/rfc5735) which obsoletes
RFC3330 and some address blocks have been removed. You can see in the output
below that the 14, 24, and 39 are gone along with a few others. So, it's the
thought of some that you can leave those out.
22 matches
Mail list logo