[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

Background
Netgear ProSafe FVS336Gv3, Firmware 4.3.5-3
Cisco ASA 5505, ASA V 9.1(4)

Trying to set up a site to site VPN. have used the wizards on both devices but will not connect.

Anything I need to alter to make them work together?

Thanks
Gareth
0
Become a Leader in Data Analytics
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Hey Experts.  Looking to upgrade the Cisco software of several 2960x switches.  Current version is 15.0(2)ex4 and after downloading the newer version 15.2,4e6 but wasn't sure if I can go from where I am to the newer version without any steps in between.  Would appreciate advisement on this.  Thanks Experts.
0
In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
flow?
0
Hello Experts,

I have asa  5525 with Firepower module and I want to shut it down gracefully and bring it up after few hours. What are the files do I need to backup - running-config and what else should I backup.

Do you know what is the best practice to do this?

Thank you,
0
Wiping Cisco phones with the code: 3491672850*#.

How do I confirme that the phones are indeed wiped?
0
Hello guys, I have a Cx that has 3 switches on their data center. The main switch is a Cisco SG300-52 switch with L3 functionality. On its port #20 its connected another Cisco SG300-52 L2 switch, which we can name it "switch B", and on its port #44 its connected "switch C" which is another SG300-52 L2 switch.

The IP of the main switch is 10.0.3.1 - the Cx says it took the default gateway as its IP automatically when changed to L3, they used to have a regular router before. IP of switch B is 10.0.3.19, and IP of switch C is 10.0.3.187. They are all working good, but the problem the network admin is having is that he can only access the main switch's web console through any access point in the network. Whenever he tries to access switch B (10.0.3.19) or switch C (10.0.3.187) through his web browser, the pages appear to be blocked. But if he connects physically (wired) to one of the switch B or the switch C ports, they can access to the web console of the switch they are wired to. So, switch B and switch C are working good, and their respective web admin consoles are fine.

What can they do to have access to their 3 switches from any access point on the network?

Thanks in advance for any help, any suggestions are welcome.

Best Regards,

Manuel
0
Please see the below in asr1000 trying to establish bgp neighbor. Do we have to use address-family ipv4? Thank you

router bgp 22
 bgp log-neighbor-changes
 neighbor 55.66.77.8 remote-as 33
 !
 address-family ipv4
  neighbor 55.66.77.8 activate
  neighbor 55.66.77.8 soft-reconfiguration inbound
  neighbor 55.66.77.8 prefix-list ine in
  neighbor 55.66.77.8 prefix-list out out
0
Cisco SG200 Switch update

Im looking to update a SG200-18 switch to enable snmp

Its currently running Firmware 1.1.2.0

Have downloaded 1.4.9.04 but need to upgrade via 1.3.7.18 according to my research

To do this the boot code needs updating to version 13506

Problem is the files are no longer available

Can anyone help

I'm after the following files

sx200_boot-13506.rfb

sx200_fw_1.3.7.18.ros

Sx200_FW_Boot_1.4.1.03.zip

Thanks

Julian
0
Dear experts, if the Access switch is unconfigurable of DHCP snooping, can we do it on Core switch? (The Dhcp is on Core)

Otherwise, how can we mitigate the rogue DHCP? Thanks!
0
Something is going on with our network and I don't know where the issue is.  Many downloads (but not all) consistently halt with a [RST] but always the same ones, like PowerISO download.  Windows update fails with a Network Error on all PCs.  This is happening on both Windows and Linux.  Attached is a wireshark capture (it opens in Wireshark is you have it installed and double click it) and the jpeg screen shot.

We have COX as the internet provider but I don't know what is causing the problem.  

Can someone please take a look?  Thank you.

Wireshark Screen capture of [RST] download failed.RST_during_Windows_Update2.cap
0
Get Cisco Certified in IT Security
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

I have configured a Cisco 4321 router. A Windows PC can successfully access the internet when using dhcp, but when I configure the PC with Static IP, then it can only ping a website e.g. google.com, but cannot browse the internet. I do have a static route and NAT enabled but not sure why it will not resolve DNS request on the Cisco when not using dhcp. I'm new to this so I'll need clear guidance. Thank you.

Here is the config:
!
!
ip name-server 192.168.15.1 139.130.4.4 8.8.8.8
ip dhcp excluded-address 192.168.15.1 192.168.15.99
ip dhcp excluded-address 192.168.15.200 192.168.15.254
!
ip dhcp pool dhcp-pool-1
 import all
 network 192.168.15.0 255.255.255.0
 dns-server 192.168.15.1 139.130.4.4 8.8.8.8 
 default-router 192.168.15.1 
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
redundancy
 mode none
!
! 
! 
!
!
interface GigabitEthernet0/0/0
 description $ETH-WAN$
 ip address XXX.XXX.XXX.XXX 255.255.255.252 (X is the Static WAN IP assigned by the ISP)
 ip nat outside
 media-type rj45
 speed 1000
 no negotiation auto
!
interface GigabitEthernet0/0/1
 description MAIN LAN
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 ip nbar protocol-discovery
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 192.168.16.1 255.255.255.0
 negotiation auto
 no mop enabled
!
ip nat inside source list NAT-LIST-LAN interface GigabitEthernet0/0/0 

Open in new window

0
I'm looking to implement QOS as we have some VOIP quality issues. We have Catalyst 2960-X access switches, and Nexus 9k core switches. Looking through the 2960-x Auto-QOS configuration guide, it seems too easy to be true. There's literally a few commands to run within that guide. Can it be this simple? It can't, right?

On interfaces connecting to VOIP phones:
Switch# configure terminal
Switch(config)# interface gigabitethernet x/x/x
Switch(config-if)# auto qos trust dscp
Switch(config-if)# exit

On trunk / uplink interfaces connecting to other switches:
Switch(config)# interface gigabitethernet x/x/x
Switch(config-if)# auto qos trust
Switch(config-if)# end

*Note* I'm using dscp instead of cisco-phone since they're Avaya phones and not Cisco, assuming they will be using DSCP 46 for signaling and audio.
0
I have two Cisco Nexus 9K's at my core layer both with 96 copper and then some fiber modules.

I'm having a weird issue where random copper ports just stop working. Issuing a shut / no shut doesn't help. Because I can't always reboot the core I will just move it to another port. But whenever I do get a chance to reboot, the ports will work again.

These ports have a very simple config: switchport mode access; switchport access vlan X and a description. I am not running STP on these ports.

Anyone see this before? Any insight is much appreciated.

Thanks in advance.
0
Are there any tools other than Microsoft Call Quality Dashboard and Skype Analytics for measuring Skype call quality? Audio? Conerence calls? Video? We are mostly a Cisco network. There are shortcomings in the MCQ dashboard that have not been addressed since we adopted it.
0
Does anyone know of a specific way to get the RSSI and SNR from a CP-8821 Cisco mobile phone?  I checked what I could from the phone itself and tried a couple of other free utiliies without getting that info.  Any ideas please let me know.  Thanks!
0
Created an enclave (192.168.170.0/24) on our office network using a Cisco 2921 and overload NAT to the ISP Firewall (192.168.168.1).  The enclave NAT works OK but I can't get the management network (10.10.10.0/27) out to the switch in the enclave.  I can't ping 10.10.10.11 even from the CORE switch.

See the attached diagram.  MNGT 10.10.10.0/27  OFFICE 192.168.168.0/24  ENCLAVE 192.168.170.0/24

  Network_Diagram.jpg
0
What  will be  the  impact  if  we connect  a Cisco Device SFP port  to  another device  that  has SFP+ port ??

would  it  adapt  to  the  lower speed  which is  SFP 1 Gbps or  It won't   operate at all  ???
0
Can anyone point me to a sample configuration for accommodating Skype for Business Quality of Service on their Cisco IOS and/or Nexus OS network? This would prioritize Skype audio and skype video.
0
Hi there,

I am doing some ASA work as a backup resource and I have not touched ASA in a longtime but here is the scenario,
I have some servers that are moving to the cloud and they all have public IP.
I know from the ASA configuration anything from the inside network(trusted) can go out to outside(untrusted). Do I need to create an access rule for this to connect to these servers in the cloud?

Another requirement is that these servers may  access some resources internally, like our AD or DNS, what do I need to do on the ASA for this to work.

Thank you,
0
OWASP: Threats Fundamentals
LVL 12
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

I want to buy a 1M FlexStack Cable for my 2960s switches, but I can’t see the part number (CAB-STK-E-1M) for price estimation in CCW.
Any advice why

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-s-series-switches/data_sheet_c78-726680.html

Stacking Interfaces
Cisco Catalyst 2960-S FlexStack stacking cables:
●  CAB-STK-E-0.5M FlexStack stacking cable with a 0.5 m length
●  CAB-STK-E-1M FlexStack stacking cable with a 1.0 m length
●  CAB-STK-E-3M FlexStack stacking cable with a 3.0 m length
0
I am desperately trying to put my Cisco ASA 5505 up to accept ping requests from the Internet and my DMZ. On my LAN, I have some monitoring software running using ping to see if various machines are running (both physical and virtual machines). It is therefore very important that I can use ping anywhere on my LAN and DMZ as well as the Internet.
Right now, I only get a timeout message. What do I need in my setup?

This is my running config:
ASA Version 9.0(4)26
!
hostname myFW5505
domain-name mydomain.dk
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 3
!
interface Ethernet0/2
 switchport access vlan 3
!
interface Ethernet0/3
 switchport access vlan 3
!
interface Ethernet0/4
!            
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 109.xxx.yyy.131 255.255.255.0
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 ip address 172.16.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
 domain-name mydomain.dk
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network inside-subnet
 subnet 192.168.1.0 255.255.255.0
object network dmz-subnet
 subnet …
0
installing cisco packet tracer 7 on debian 9 stretch

running the executable yields:

david@debian9:/opt/pt/bin$ ./PacketTracer7
./PacketTracer7: ./libcrypto.so.1.0.0: no version information available (required by ./PacketTracer7)
Segmentation fault
david@debian9:/opt/pt/bin$



an ls and a ldd yields:

david@debian9:/opt/pt/bin$ ls
audio                       libQt5Core.so.5               libQt5ScriptTools.so.5    linguist
Cisco-PacketTracer.desktop  libQt5DBus.so.5               libQt5Sensors.so.5        Linux
Cisco-pka.xml               libQt5Gui.so.5                libQt5Sql.so.5            mediaservice
Cisco-pkt.xml               libQt5Multimedia.so.5         libQt5Svg.so.5            meta
Cisco-pkz.xml               libQt5MultimediaWidgets.so.5  libQt5WebKit.so.5         PacketTracer7
imageformats                libQt5Network.so.5            libQt5WebKitWidgets.so.5  platforms
libcrypto.so.1.0.0          libQt5Positioning.so.5        libQt5WebSockets.so.5     PT.conf
libicudata.so.52            libQt5PrintSupport.so.5       libQt5Widgets.so.5        sqldrivers
libicui18n.so.52            libQt5Qml.so.5                libQt5XcbQpa.so.5         ZIP_LICENSE
libicuuc.so.52              libQt5Script.so.5             libQt5Xml.so.5


david@debian9:/opt/pt/bin$ ldd PacketTracer7
./PacketTracer7: ./libcrypto.so.1.0.0: no version information available (required by ./PacketTracer7)
      linux-vdso.so.1 (0x00007ffdb1bd6000)
      libcrypto.so.1.0.0 => …
0
Dear Experts ,

We  are  beside upgrading  our Data Center infrastructure ,,

Presently   we  have  the  Network Topology  shown in  the PIC  below ..

ExpertsExchange1.jpg




We are planning to replace the Nexus 5000 k with   Cisco Nexus 93180YC-EX

https://www.cisco.com/c/en/us/support/switches/nexus-93180yc-ex-switch/model.html

and  we  want  to transfer and migrate  all  Firewalls and  routers   to The new pair of

the Nexus 93180  ,,  we  want to  dedicate The Nexus 7010  for only  Routing at the Highest possible  speed

the new Nexus 93180YC-EX  pair  will  be  connected  to  all   Cisco catalyst remote branches switches ..


we have two  questions :-

First :-  is it  possible  to  use the 93180YC-EX  in the aggregation Layer , Not in collapsed Aggregation  Access layer   ,,  we want to separate aggregation and access layer and we  want  to  implement cisco 3 layers design model –
Where a pair of Nexus 7010 reside in the core and  pair of  Nexus 93180yc-EX reside in aggregation then Cisco catalyst switched  reside on access layer .

 If   the  mentioned case is  applicable  then please provide us with  sample cases and designs

Second :-




Regarding the upgrade plan
Is it  possible  to  transfer all firewall  -  security  policies and inter-vlan routing  to  the pair of  93180YC-EX   instead of the N7K ?
0
Hello,

I have ASA 525 with DHCP enabled in inside interface. Is it possible to reserve IP for MAC address?

Thx
0
Hello Experts,

We got 4 Cisco SG500-28P 28-Port Gigabit PoE Stackable Managed Switches. A couple of hours ago 2 of the switches were removed from the stack. We are seeing this in the RAM Mem Log.
2147483305      2018-Oct-04 13:59:43      Informational      %Stack-I-STACK-LINK-CHNG: Stack cable removed : link 1 on unit-3      
2147483306      2018-Oct-04 13:59:43      Informational      %Stack-I-STACK-LINK-CHNG: Stack cable removed : link 0 on unit-1      
2147483307      2018-Oct-04 13:59:43      Informational      %Stack-I-STCK-UNIT-REM: Unit 3 was removed from the stack.      

The other day this happened and has happened a few other times recently. The fix was to pull power to the Switch at Stack ID 2, after it booted back up all 4 showed just fine. Tried that today and it's not recovering. Upon inspection of the switch that is typically Stack ID 2, we found that it now is making itself Master 1. We have been thinking that switch is going bad, and maybe it has finally done so. Would anyone have any ideas whey that switch is doing that? At this point I cannot get the other 2 switches to show up in the stack.

For reference, we have the switches in 3 different locations in our building. Master 1, and Stack ID 4 are in the same rack. Stack Id 3 is another rack in the warehouse and stack Id 2 is also in another rack in our warehouse. Stack ID 3 connects to Stack ID 2, stack ID 2 connects to Master as does Stack ID 4

Any guidance is much appreciated.
1

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).