Subject: | |
From: | |
Reply To: | |
Date: | Fri, 18 Aug 2006 14:31:21 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hmm this is getting me to thinking.. Im *STILL* not working in a oob,
vgw setup. Ill try to describe my setup for you guys to pick over:
CAM:
10.223.4.246 (Vlan 4)
CAS: 10.223.250.100 (VLAN 250)
NETWORK TAB:
Out of Band Virtual Gateway
Trusted:
IP: 10.223.250.100
Sub: 255.255.255.0
Gate: 10.223.250.100
Set Management VLAN ID = <none aka UNCHECKED>
Untrusted:
IP: 10.223.250.100
Sub: 255.255.255.0
Gate: 10.223.250.100
DHCP Passthrough
ADVANCED TAB:
MANGAGED SUBNETS:
10.223.250.100/255.255.255.0 Main Subnet Vlan -1
10.223.5.249/255.255.255.0 DIS Subnet Vlan 510
VLAN MAPPING:
510/5
6509 CONFIG: (CAT OS)
CLEAN INTERFACE:
description CAServer2-ETHO
clear trunk 8/8 1-4,6-249,251-1025
set trunk 8/8 on dot1q 5,250,1026-4094
DIRTY INTERFACE:
description CAServer2-ETH1
clear trunk 8/10 1-509,511-4094
set trunk 8/10 on dot1q 510
Now - I *ALSO* have a MSFC in this 6509 that is the location of the
default gateway (10.223.5.252).
My issue - ALL traffic passes - nothing is blocked if you are not logged
in or authenticated.. (Unathenticated users have full access.).
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Nagle, Benjamin D
Sent: Friday, August 18, 2006 2:13 PM
To: [log in to unmask]
Subject: Re: OOB VG problem
Changing the mananged subnets didn't work, but what it appears to have
been was that the spanning-tree priority on my dirty vlan was not set
properly. After it was set to the correct priority everything started
working again.
Thanks for the reply though Alok!
Ben
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Alok Agrawal
> (alagrawa)
> Sent: Wednesday, August 16, 2006 10:30 AM
> To: [log in to unmask]
> Subject: Re: OOB VG problem
>
> Hi Ben,
> >From your config below, it looks like vlans 71,83 are the clean vlans
> and vlans 171,183 is the untrusted/dirty vlans.
>
> In your Managed subnet, we have the vlans configured as the clean
> vlans.
> Managed subnet is for the vlans that exist on the dirty side, hence
> delete the configured managed subnet and configure new managed subnets
> with the vlan as vlan171 and vlan183 instead and see if that helps.
>
> Currently configured MANGAGED SUBNETS:
> > 172.16.246.127/255.255.254.0 - Main Subnet (-1)
> > 10.1.8.10/255.255.255.0 TEST 1 (Vlan 71)
> 10.1.10.10/255.255.255.0 TEST
> > 2 (VLAN 83)
>
> Change this to
> 172.16.246.127/255.255.254.0 - Main Subnet (-1)
> 10.1.8.10/255.255.255.0 TEST 1 (Vlan 171) 10.1.10.10/255.255.255.0
> TEST 2 (VLAN 183)
>
> regards
> -Alok
>
>
|
|
|