I can hardly believe my own test results. I’m making performance tests with ASA 5550 (the one with a factory-installed 4GE module) and there is an interface pair where throughput is smaller than on other pairs. Read the rest of this entry »
ASA throughput depends on port location
Posted by ltlnetworker on January 25, 2011
Posted in ASA | Tagged: asa, iperf, throughput | Leave a Comment »
Interesting MST Troubleshooting
Posted by ltlnetworker on January 23, 2011
I’ve experienced a strange problem on my desk with two switches. I disconnected the uplink to the company network then the two switches lost connectivity with each other. Even if it was December 31th I felt I must find out what was happening.
Read the rest of this entry »
Posted in switch | Tagged: mst, pvst+, spanning tree | Leave a Comment »
IOS EasyVPN Server with LDAP authentication
Posted by ltlnetworker on November 9, 2010
LDAP support for authentication and authorization was introduced in IOS 15.1(1)T. In this article we are testing Cisco VPN client connection authenticated against Novell NetWare eDirectory.
Structure of the LDAP directory:
Read the rest of this entry »
Posted in AAA, IPsec, LDAP, router IOS | Leave a Comment »
IPv6 host’s default router selection
Posted by ltlnetworker on May 14, 2010
An IPv6 host’s default router selection is affected both by manual static routes and received router advertisements.
I am very happy with my HE IPv6 tunnel. Szívesen lennék natív IPv6 felhasználó is, de az UPC nem ad információt, hogy milyen IPv6 tervei vannak. )-: I bookmarked Google’s IPv6 site but once it turned inaccessible. What could have happened?
Posted in IPv6, router IOS | Tagged: default router, host, ipv6, ra | 1 Comment »
IOS Easy VPN with RADIUS, Cisco Secure ACS 5.1 and AAA Cache
Posted by ltlnetworker on May 10, 2010
AAA Authorization and Authentication Cache was integrated in IOS 15.0(1)M. This feature enables the router to store AAA credentials in its cache after it received the RADIUS or TACACS+ reply to an AAA request. The cache can be used either for performance boost (avoiding sending requests to the AAA server) or for a fallback method in case the servers are unreachable. The mode depends on the order you place your authentication methods in the aaa commands (see below).
In this example we are caching TACACS admin users’ credentials (telnet, vty) and RADIUS VPN users’ credentials (IKE xauth). The VPN group is also defined on the RADIUS server.
Posted in router IOS | Tagged: aaa, aaa cache, easy vpn, radius, tacacs | 1 Comment »
Local user group-lock in IOS Easy VPN
Posted by ltlnetworker on May 7, 2010
Cisco router IOS Easy VPN Server
Group-Lock feature can also be used with local users, we can even create something like ‘local user groups’. Possible formats are:
name/group, name\group, name@group, or name%group
Read the rest of this entry »
Posted in router IOS | Tagged: easy vpn, group-lock | Leave a Comment »
