  1. Hi! Is it possible to configure a Cisco Catalyst edge switch so that it will pass-through the EAP frames??? It will not pass them thru by default. We plan a network where the core of the net will become Enterasys S-Series and they can do a Multiuser-dot1x. Now the cisco edges should pass the eap and the S-Series should do the dot1x! Possible??? Thanks in advance Dennis
  2. Well, how??? I use the NPS (W2008R2) as radius! If I take my home notebook and turn on 802.1x, take my domain login I will get access to the network! The switch sends the RADIUS-request to the RADIUS-server, this looks up in the AD, YES this user has this password, let it in! How should a RADIUS deny this? It cannot! There are no options saying that there has to be a machine authentication before a user authentication!
  3. Hi! Is there a way to authenticate a machine and a user on a switchport with 802.1x?? The one OR the other is no problem with PEAP+MSCHAPv2 + Radius (W2008R2)! But I want to be sure that it IS a known machine AND a known user!! Meaning the user should not be able to take its notebook from home and authenticate with its domain credentials and gets access to the network! Is there a way without a agent on the machine? NAC Appliance? Thank you in advanve! Regards Dennis
  4. OK! Well I asked them and they say : "You get Pearson Vue voucher from us. No problem for you!" HHHHHHHHHHHHMmmmmmmmmmmmmmm??????? That is no real answer, is it?
  5. Well you can buy exam vouchers from a lot of pages like this : (Currently they are sold out) BUT is this a problem regarding the following I found on the Cisco Page ??? : Exam Discounts, Vouchers and Promotional Codes Neither Cisco nor Pearson VUE, its primary test delivery partner, guarantees the authenticity of discount vouchers or promotional codes that are obtained from any individuals or entities other than Pearson VUE. Individuals or Cisco affiliated partners who use certifications discount vouchers or promotional codes that are fraudulent or otherwise obtained from an unauthorized source (including legitimate vouchers for attempted re-use) may risk up to and including a lifetime ban on all future exams, the nullification of all previous certifications or other program sanctions at the discretion of Cisco. Cisco will not compensate candidates for fraudulent vouchers or vouchers obtained from an unauthorized source.
  6. SW1 sends the frames to SW2 and vice versa UNTAGGED because these are access port on this link! TAGGED frames are only send on trunk ports!
  7. Look here : Exactly the same situation!
  8. Well, yes it works IF ... PC1(Vlan 1) - SW1 (VLAN 1) - (VLAN 2) SW2 - PC2 (Vlan2) Meaning : The Link between the switches is in Vlan 1 on SW1 and in Vlan 2 on SW2! In this case you 'bridge' the two Vlans! No good design! Why is that so? 1) Well PC1 tries to ping PC2 2) PC1 will ARP for MAC of PC2 (because it knows PC2 is in the same subnet) 3) SW1 receives the ARP in Vlan 1 and forwards it to SW2 (because the interswitch Link is in Vlan 1 on SW1) 4) SW2 receives the ARP in Vlan 2 (It has no idea that this was in Vlan 1 on SW1) and forwards it to PC2 5) and so on ..... The Link between the switches has to be a trunk! Period! Then the communication won't work!
  9. Yes , Yes , Yes! :) Passed the beta! Where to go now? CCSP? CCDP? CCIP? Hhhhmmmmmm???
  10. Shame on Cisco!! My tshoot-beta-exam was on the Fri, 26 Mar 2010 at 11:30 !! And this was the last day for this exam! I wait for more than 2 months, now! Others wait even more! Come on Cisco, the not-more-beta-tshoot-exam is now available for a month! Let the results rock!
  11. One professional level exam is enough to refresh your CCNA for 3 years!!!
  12. NO! GNS3 can only emulate routers! Switches can't be emulated because the ASICS cannot be emulated, so far I know! Read the docu : There you find how to connect your PC to the routers in GNS3!
  13. No! The packet tracer is not enough for BSCI! Take this here : It emulates routers and runs the real Cisco-IOS on them!
  14. I found this on a Cisco Learning Forum! Hope this is the truth! 11 days to go, at most!
  15. Yes, without that configs it is difficult to say, but ... Maybe this on the BACKBONE would help : ip route router eigrp X redistribute static metric 2000000 100 255 1 1500 ( Or other metric-components, as you wish ) And you're Internet router has to know the path to the internal nets , too!