LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OOB VG problem
From:	Don Click <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Fri, 18 Aug 2006 14:31:21 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (102 lines)

Hmm this is getting me to thinking.. Im *STILL* not working in a oob,
vgw setup.  Ill try to describe my setup for you guys to pick over:

CAM:
10.223.4.246 (Vlan 4)


CAS: 10.223.250.100 (VLAN 250)
NETWORK TAB:
Out of Band Virtual Gateway
Trusted:
IP:  10.223.250.100
Sub: 255.255.255.0
Gate: 10.223.250.100
Set Management VLAN ID = <none aka UNCHECKED>
 
Untrusted:
IP:  10.223.250.100
Sub: 255.255.255.0
Gate: 10.223.250.100 
DHCP Passthrough
 
ADVANCED TAB:
MANGAGED SUBNETS:
10.223.250.100/255.255.255.0  Main Subnet  Vlan -1
10.223.5.249/255.255.255.0    DIS Subnet   Vlan 510

 
VLAN MAPPING:
510/5


6509 CONFIG:  (CAT OS)
CLEAN INTERFACE:
 description CAServer2-ETHO
 clear trunk 8/8  1-4,6-249,251-1025
 set trunk 8/8  on dot1q 5,250,1026-4094
 
DIRTY INTERFACE:
 description CAServer2-ETH1
clear trunk 8/10 1-509,511-4094
set trunk 8/10 on dot1q 510

Now - I *ALSO* have a MSFC in this 6509 that is the location of the
default gateway (10.223.5.252). 


My issue - ALL traffic passes - nothing is blocked if you are not logged
in or authenticated.. (Unathenticated users have full access.).

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Nagle, Benjamin D
Sent: Friday, August 18, 2006 2:13 PM
To: [log in to unmask]
Subject: Re: OOB VG problem

Changing the mananged subnets didn't work, but what it appears to have
been was that the spanning-tree priority on my dirty vlan was not set
properly.  After it was set to the correct priority everything started
working again.

Thanks for the reply though Alok!

Ben
 

> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Alok Agrawal 
> (alagrawa)
> Sent: Wednesday, August 16, 2006 10:30 AM
> To: [log in to unmask]
> Subject: Re: OOB VG problem
> 
> Hi Ben,
> >From your config below, it looks like vlans 71,83 are the clean vlans
> and vlans 171,183 is the untrusted/dirty vlans.
> 
> In your Managed subnet, we have the vlans configured as the clean 
> vlans.
> Managed subnet is for the vlans that exist on the dirty side, hence 
> delete the configured managed subnet and configure new managed subnets

> with the vlan as vlan171 and vlan183 instead and see if that helps.
> 
> Currently configured MANGAGED SUBNETS:
> > 172.16.246.127/255.255.254.0 - Main Subnet (-1) 
> > 10.1.8.10/255.255.255.0 TEST 1 (Vlan 71)
> 10.1.10.10/255.255.255.0 TEST
> > 2 (VLAN 83)
> 
> Change this to
> 172.16.246.127/255.255.254.0 - Main Subnet (-1) 
> 10.1.8.10/255.255.255.0 TEST 1 (Vlan 171) 10.1.10.10/255.255.255.0 
> TEST 2 (VLAN 183)
> 
> regards
> -Alok
> 
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU