Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

We have replaced old 3750 switches with WS-C3850-24T (Qty:2 in stack mode). Whenever I insert any SFP into  4x1G Uplink Module  to connect our different depts, ALL ports turns amber for few seconds, during this phase all connectivity of other ports disconnects , and after few seconds all ports runs back to green and connectivity restores.

This never happened in old 3750 switches. What could be the possible cause?

Following is Inventory output:

XXX-NOC-3850-Cluster#sh inv

NAME: "c38xx Stack", DESCR: "c38xx Stack"
PID: WS-C3850-24T   , VID: V07 , SN: FOC2126L0T1

NAME: "Switch 1", DESCR: "WS-C3850-24T-S"
PID: WS-C3850-24T-S , VID: V07 , SN: FOC2126L0T1

NAME: "StackPort1/1", DESCR: "StackPort1/1"
PID: STACK-T1-50CM , VID: V01 , SN: MOC2102A2VN

NAME: "Switch 1 - Power Supply B", DESCR: "Switch 1 - Power Supply B"
PID: PWR-C1-350WAC , VID: V02 , SN: LIT20462TNP

NAME: "Switch 1 FRU Uplink Module 1", DESCR: "4x1G Uplink Module"
PID: C3850-NM-4-1G , VID: V01 , SN: FOC21083GDN

NAME: "GigabitEthernet1/1/1", DESCR: "1000BaseSX SFP"
PID:                 , VID:   , SN: FNS12060A5K

NAME: "GigabitEthernet1/1/4", DESCR: "1000BaseSX SFP"
PID:                 , VID:   , SN: FNS17041183

NAME: "Switch 2", DESCR: "WS-C3850-24T-S"
PID: WS-C3850-24T-S , VID: V07 , SN: FCW2113C1AK

NAME: "StackPort2/1", DESCR: "StackPort2/1"
PID: STACK-T1-50CM , VID: V01 , SN: MOC2102A2VN

NAME: "Switch 2 - Power Supply B", DESCR: "Switch 2 - Power Supply B"
PID:
0
IT Degree with Certifications Included
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Hello,

We need some assistance uploading a custom AnyConnect VPN client profile to a Cisco CSR v1000 router and configuring the profile as the default client profile via CLI. I've tried searching the documentation and the web for solutions with no luck. Does anyone have experience configuring AnyConnect VPN profiles on a Cisco Router (not ASA firewall)?

Thanks!
0
Today we are using ASA 5515-X  as an Internet facing firewall in our datacenter. It has reached the "End of Sales" stage. We are looking into the 5516-X and are considering this device as the natural migration step. Is it possible to simply transfer the configuration used in 5515-x to 5516-x?
0
Hi, there's an Edgemark router connected to a Cisco small business switch.  I'm curious what's the benefit of connecting the to the G1 interface over the standard 1 - 24 switch ports.  Also, is there any down (network degrade?) side to hanging additional network devices off the typical 3 or 4 LAN ports on the router when it's a flat network?

Cisco small business switch
0
i would like to enable snmp on few cisco switches and on a ASA firewall to monitor the devices. Hope someone will help me.
We do not have an in house network tech since we are a small org. i see an existing configuration on a firewall as below.
#snmp-server host inside 192.168.1.200 community *****  udp-port 161
#snmp-server location London
#no snmp-server contact
#snmp-server community ****
#snmp-server enable traps snmp authentication linkup linkdown coldstart
Does this mean that snmp enabled on this device and ready to monitor by any NMS?
snmp-server community ****
What this line below for?
#snmp-server host inside 192.168.1.200 community *****  udp-port 161
I would appreciate if someone give me an explanation for this lines?
0
trying to create a script using plink.exe and keep running into this issue:
when i use this syntax, it works:

C:\WINDOWS\system32>plink.exe -ssh me@12.12.12.12 -pw password123 -m "c:\temp\cisco.txt"
The first key-exchange algorithm supported by the server is
diffie-hellman-group1-sha1, which is below the configured warning threshold.
Continue with connection? (y/n) y
Type help or '?' for a list of available commands.
ciscoasa> en
ciscoasa#*************

but i want to get rid of the prompt (continue with connection?) (y/n)
so i use this:

C:\WINDOWS\system32>@echo y | plink.exe -ssh me@12.12.12.12 -pw Password123 -m "c:\temp\cisco.txt"
The first key-exchange algorithm supported by the server is
diffie-hellman-group1-sha1, which is below the configured warning threshold.
Continue with connection? (y/n) Type help or '?' for a list of available command
s.
ciscoasa> en
Password: ***************
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# FATAL ERROR: Server unexpectedly closed network connection

C:\WINDOWS\system32>

anyone knows why the fatal error?

thanks,
0
I'm having authentication problems using a Cisco WLC 5508 to use MAC authentication on a 2012r2 NPS server. The WLC is setup for psk+MAC.
I'm actually seeing failure log entries on the NPS server. The message says "unknown user name or bad password".

I've setup a shadow group for "users" which are mostly cell phones. The username is the MAC address. I've also set the password for the user account to the MAC ID.
The NPS Server sees the logon as the MAC ID (with colon and all, which I'd orginally tried without but the colon is always coming through). Since I can see the account name, I think it must be the password. But I'm at a loss as to what it is wanting or how to verify if the WLC is sending something.

I see lots of internet chatter troubleshooting PEAP, certificates, windows clients through radius, but not very much about MAC only.
0
I have 70 brand new Cisco switches that need configured. Is it possible to do a base configuration on multiple switches simultaneously? This way I can program say 10 at a time with a base config.

Thanks for any help if it's possible.
0
I know this sound silly, we have an appliance which has option to community string and sm
mp trap .
My understanding is better to send the device trap than letting the management station yo monitor the device. Am I correct in this ?
Dies trap send information about cpu memory usage or just send the distress message?
0
I ma looking to setup VLans for few reasons. Right now we have a stack of Cisco C3750X and all machines are in VLan10. VLan10 has an IP address of 10.10.10.235. Our current IP scheme is 10.10.10.x 255.255.254.0. All devices have a default gateway of 10.10.10.254 which is out firewall. If i bring up say Vlan 20 give it and IP of 10.10.20.1 with a SM of 255.255.255.0  i know i would have to issue ip route on the switch to route between the two Vlans, my questions is since the 10.10.10.x network is looking to 10.10.10.254 as the default gateway will those devices still be able to communicate with the 10.10.20.x network? and would all devices on 10.10.20.x be able to get out to the internet?
Drawing1.vsdx
0
Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

We currently have two Nexus 93180YC-EX and two Nexus N2K-C2248TP-E-1GE in our environment. From all the articles that I've read so far, the Nexus 9K will only support topology 1, but doesn't support topology 2 (see attachments), is that correct? Any input will be greatly appreciated.
Nexus-vPC-Topolog-1.jpg
Nexus-vPC-Topolog-2.jpg
0
I need to find the ip address of a Cisco asa. Im not familiar with any of the commands except that I need to connect via com port and putty.
0
0
Dear Experts

Please can someone assist me.

The public IP of my IronPort keeps getting blacklisted.

I have an Exchange 2010 environment with Cisco IronPorts used as my MTAs.

I have attached the error message.

They keep talking about "direct-to-mx".

My send org send connectorThe Error
0
Dear Experts, I'm testing this network diagram with EVE-NG

11.PNG
Without the NAT translation and access-list, all 3 VLAN PCs can ping to 8.8.8.8, SLA also work OK to switch from default route to backup route.

With the NAT and access-list, PCs from VLAN11 and 12 could not ping 8.8.8.8 although I allowed icmp on R1's interface. The PC on VLAN13 (not it NAT and access-list still could ping to 8.8.8.8). How can I fix it with NAT and access-list?

I attached the configuration files.
Desktop.zip
0
Hello All,

A little help and advice needed please -

I am setting up a Site-to-Site VPN connection between a Cisco ASA and a TP Link ER6120 (I know don't ask). Any way phase 1 IKE keeps failing when I initiate from the ASA side.

I get MM_Active when responding to the TP Link however when initiating from ASA side it changes to MM_Wait_msg2 and MM_Wait_msg6. I have confirmed multiple times that the timers and PSK are the same both sides and that the encryption matches. Even when MM_Active as responder the IPSEC tunnel does not form.

Running a debug on crypto isakmp on the ASA I get the following -

Removing peer from correlator table failed, no match!
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Session is being torn down. Reason: Lost Service
[IKEv1]: IP = x.x.x.x, Header invalid, missing SA payload! (next payload = 4)
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Information Exchange processing failed
[IKEv1]: Group =x.x.x.x, IP = x.x.x.x, Information Exchange processing failed
[IKEv1]: IP = x.x.x.x, Header invalid, missing SA payload! (next payload = 4)
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Information Exchange processing failed
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Information Exchange processing failed

Am I missing something obvious here? Any help would be appreciated?
0
device: cisco asa5515

objective:  setting up two internet connections on the two wan ports

current setting:
interface 0/0 is active with isp assigned ip

what needs to be done is:
interface 0/4 to be assigned an isp ip (different wan ip)

is this something doable?  any suggestions?

thank you,
0
According to one of our Sysadmins Dell is recommending that Flow Control be enabled on all connected switch ports on our Nexus switches
that host the Dell ESXi hosts (VMWare). i've never needed this before. Is it really needed? Can it cause any problems enabling it? Thanks. These are 10Gbps ports.
0
I need to find the 0 subslot. I am searching by the last four characters of a MAC address. I have found the MAC Address on six Cisco switches in the format something like this Gi1\1\1 dynamic. What I need is some foo in order to find the Gi1\0\1 version of the MAC Address. I need to find the 0 sub slot.
0
Identify and Prevent Potential Cyber-threats
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Would the following configuration elements be sufficient to export netflow information from  Nexus switch from a particular vlan?

feature netflow

flow exporter splunk
  destination 172.20.1.99
  transport udp 20066
  source loopback0
  version 9

flow record netflow-record
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match transport source-port
  match transport destination-port
  collect counter bytes
  collect counter packets

sampler netflow-sampler
  mode 1 out-of 4956

flow monitor flows01-monitor
  record netflow-record
  exporter splunk

interface vlan 100
 ip flow monitor flows01-monitor input sampler netflow-sampler

(cisco Nexus 6004 Chassis; Version System version: 7.1(3)N1(2))
0
Calling on all Cisco CUBE Experts;
CUBE setup for SIP trunking that that talks to the provider's SBC missing SIP port (5060) in the SIP URI, can anyone shine light on why it is happening? Is there a tweak or hack
someone can suggest ? The IP address is coming fine, BTW.

Thanks;
0
Hello

I connect to a remote computer with an IP Address of 10.x.x.x via Cisco Anyconnect Secure Mobility Client on a Windows 10 pro host with IP Address of 192.168.1.xx. I need a virtual machine with Windows 10 Pro (VM Workstation) currently IP Address of 192.168.1.x on the Windows 10 Pro Host to access that computer. I can ping the remote computer on the Host, but not on the vm workstation. I tried installing the Cisco Anyconnect Secure Mobility Client on the VM, and it connects, but I still can't ping the remote computer. I tried setting tweaking the VM Workstation's network adapter to Bridged, Bridged with replicate physical network state, NAT, Host Only, but no ping. I turned off Firewalls on Host and VM....

Thank you!
0
Hi,

We have a main Cisco 3750 Switch. From that switch fiber connections run from the trunk ports to different stacks, essentially all other stacks connect back to this switch. We want to add a backup to this switch in case of hardware failure. Question how do we add it.
1. Do we add it as a second switch in Slave role or is there another way adding it.
2. Also if the first switch does go down, how do we prepare the second switch so that the trunk port are ready to accept the fiber cables
0
Hey Guys,

 I am a complete newbie to Cisco so excuse my ignorance,

I have just setup the device and want the Outside interface  to receive traffic from my  home Netgear broadband router and then pass it through to inside interface.

How do i go about doing this? I have tried different ways but none seem to work.

All I want is the ASA to act as the firewall.

current setup is as follows



Netgear Router / Modem 10.0.1.1 (gets dynamic ip from ISP using PPPOA and does the NAT) Please note my router does NOT have bridge mode option
ASA 5506 Outside Interface ip 10.0.1.7 (Static)
ASA 5506 Inside Interface ip 192.168.1.1

The bit i can't work out it adding static routes and do I need to NAT on the ASA as the router already does that

Thanks
J
0
1. What are the GRC (SIEM) tools available?
2. Diff. between SIEM tools and CISCO Meraki?
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).