LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OOB VG problem
From:	Don Click <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Mon, 21 Aug 2006 06:47:25 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (159 lines)

While my nics share the same ip, they are using different native vlans.  I also find it as you discribe.. 

________________________________

From: Perfigo SecureSmart and CleanMachines Discussion List on behalf of Ken Nelson
Sent: Sat 8/19/2006 10:36 AM
To: [log in to unmask]
Subject: Re: OOB VG problem



When i talked to tac on my OOB vgw problem way back, one of the things
they had me do was change the trusted and untrusted interfaces on the
CAS to be on different unused vlans.  Either they have to be different
or tac just wanted to make sure.  I know the vgw setup shows them the
same, but i rarely find cisco docs to be 100% accurate.  They always
leave out some little detail or show a picture of one thing but the
explaination shows another.

Ken Nelson
Network Manager
Marietta College


Don Click wrote:
> Yes, in a VG, you can have the same IP on both network cards.
>
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Simon Bell
> Sent: Friday, August 18, 2006 3:46 PM
> To: [log in to unmask]
> Subject: Re: OOB VG problem
>
> I'm not sure if that's a typo or my unfamiliarity with VG, but is your
> trusted and untrusted supposed to have the same IP?
>
>  
> From:         Don Click <[log in to unmask]>
> To:   <[log in to unmask]>
> Date:         8/18/2006 3:56 PM
> Subject:      Re: OOB VG problem
>
> Hmm this is getting me to thinking.. Im *STILL* not working in a oob,
> vgw setup.  Ill try to describe my setup for you guys to pick over:
>
> CAM:
> 10.223.4.246 (Vlan 4)
>
>
> CAS: 10.223.250.100 (VLAN 250)
> NETWORK TAB:
> Out of Band Virtual Gateway
> Trusted:
> IP:  10.223.250.100
> Sub: 255.255.255.0
> Gate: 10.223.250.100
> Set Management VLAN ID = <none aka UNCHECKED>
> 
> Untrusted:
> IP:  10.223.250.100
> Sub: 255.255.255.0
> Gate: 10.223.250.100
> DHCP Passthrough
> 
> ADVANCED TAB:
> MANGAGED SUBNETS:
> 10.223.250.100/255.255.255.0  Main Subnet  Vlan -1
> 10.223.5.249/255.255.255.0    DIS Subnet   Vlan 510
>
> 
> VLAN MAPPING:
> 510/5
>
>
> 6509 CONFIG:  (CAT OS)
> CLEAN INTERFACE:
>  description CAServer2-ETHO
>  clear trunk 8/8  1-4,6-249,251-1025
>  set trunk 8/8  on dot1q 5,250,1026-4094
> 
> DIRTY INTERFACE:
>  description CAServer2-ETH1
> clear trunk 8/10 1-509,511-4094
> set trunk 8/10 on dot1q 510
>
> Now - I *ALSO* have a MSFC in this 6509 that is the location of the
> default gateway (10.223.5.252).
>
>
> My issue - ALL traffic passes - nothing is blocked if you are not logged
> in or authenticated.. (Unathenticated users have full access.).
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Nagle, Benjamin D
> Sent: Friday, August 18, 2006 2:13 PM
> To: [log in to unmask]
> Subject: Re: OOB VG problem
>
> Changing the mananged subnets didn't work, but what it appears to have
> been was that the spanning-tree priority on my dirty vlan was not set
> properly.  After it was set to the correct priority everything started
> working again.
>
> Thanks for the reply though Alok!
>
> Ben
> 
>
>  
>> -----Original Message-----
>> From: Perfigo SecureSmart and CleanMachines Discussion List
>> [mailto:[log in to unmask]] On Behalf Of Alok Agrawal
>> (alagrawa)
>> Sent: Wednesday, August 16, 2006 10:30 AM
>> To: [log in to unmask]
>> Subject: Re: OOB VG problem
>>
>> Hi Ben,
>> >From your config below, it looks like vlans 71,83 are the clean
>>    
> vlans
>  
>> and vlans 171,183 is the untrusted/dirty vlans.
>>
>> In your Managed subnet, we have the vlans configured as the clean
>> vlans.
>> Managed subnet is for the vlans that exist on the dirty side, hence
>> delete the configured managed subnet and configure new managed
>>    
> subnets
>
>  
>> with the vlan as vlan171 and vlan183 instead and see if that helps.
>>
>> Currently configured MANGAGED SUBNETS:
>>    
>>> 172.16.246.127/255.255.254.0 - Main Subnet (-1)
>>> 10.1.8.10/255.255.255.0 TEST 1 (Vlan 71)
>>>      
>> 10.1.10.10/255.255.255.0 TEST
>>    
>>> 2 (VLAN 83)
>>>      
>> Change this to
>> 172.16.246.127/255.255.254.0 - Main Subnet (-1)
>> 10.1.8.10/255.255.255.0 TEST 1 (Vlan 171) 10.1.10.10/255.255.255.0
>> TEST 2 (VLAN 183)
>>
>> regards
>> -Alok
>>
>>
>>    
>
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU