We have the following devices:

9 Host Servers (Dell R620)

Host 1-5 Connected to the Dell S5148F-ON
Host 6-9 Connected to the Cisco 4500

2 SAN (Unity 400) (MD3600i)
2 Dell S5148F-ON Switches
1 Cisco 4500
1 Cisco 4900

We connected the 2 Dell Switches together using 2 100G link and there both connected to the Hosts 1-5 and to the SAN Unity 400. Also we have a 10G connection from one the Dell S5148F-ON to the Cisco 4500. The Cisco 4500 connects to the Cisco 4900 downstream which gets out to the internet.

Can someone please recommend if this is good practice? If not what your recommendations are :)

I have a client with a LAN, using a Cisco router, and then, in another area of the building I have a D-Link router set up as a wireless access point only (no wired connection to D-Link WAN port, DHCP off).

They want to add a guest network that is isolated from the private LAN.  If I enable the guest network on the D-Link it doesn't work, presumably because the Guest network is trying to go out through the WAN port directly, which isn't used because I've got it configured as an AP only.

If I add another router to handle Guest, in order to get the isolation I need from the company's private LAN, I've had to use 2 additional routers to get the isolation.  Is this the way to go, or is there something better that I can do?

Thanks.
Dave

Dear Experts，

I have a set of fortigate firewall policies which I need to duplicate on a cisco router.

I have done most of the point A to point B.

The issue I have now is the NAT and there is an IP Pool, is there a guide on how I can translate the rules from firewall to cisco router?

Any help is appreciated.

Cisco 5520 Wireless Lan Controller unable to connect access point using wired connection using POE injector using CDP I can see access point but unable to have it show up in access point list.  The access point is directly connected to WLC, with no switch or router but both AP and WLC are using ip in same subnet /24.

I have established two VPN connections in AWS from an environment to a third party Cisco VPN firewall.  Everything is set up as it should be, but we are unable to bring the tunnel up.

I a nutshell, we have established two independent VPN connections, with each on going to a different datacentre.  The configuration has been supplied to the 3rd party agency who are managing an external service that connects through the tunnel to another agency.  The two tunnels are set up as Active and DR tunnels, but will carry the same traffic. in the event of failure, and then our traffic is NAtted twice to reach the destination.

We have tried a number of things but still unable to get the tunnels up from either main or DR datacentre firewalls.

The problem seems to lie in the tunnel configuration; apparently there is an issue with using SLA monitors to keep the tunnel up from the Cisco side; obviously without this the VPN connection will drop.  The information I have seen seems to imply we need to setup a "route all" tunnel at the customer side and then employ static routes to get the right traffic down the tunnel to the firewall - which will cause major issues as our VPC supernet overlaps their networks; also we only want to allow 3 machines on two subnets through the tunnel.

Our other problem is how the VPN failover will work for the DR tunnel.  They are monitoring and will automatically fail over to the secondary VPN tunnel should an issue occur with the primary datacentre …

On my W7 I have a problem to connect through cisco Any Connect ver 4.4 vpn and my ie11 .

when I tried  first login to any Connect it  goes through then I go to My Remote Desktop connection to connect to site I am stack , ie is not showing long in screen  I am getting white screen and error not able to connect??

When I turn of Any Connect  my ie11 is working.
Any idea how to solve this.

Block/Deny all IPv6 traffic on all ports for a layer 2 device for Cisco 2960S

I've recently discovered there is a LOT of IPv6 traffic generated and passed along, within subnets, on our network.   But one subnet usually has 1700 clients, so a little from each client can get pretty overwhelming. I'd like to set a deny ACL on all the ports of these Layer 2 devices, so they won't pass the traffic, even within the subnet.  Most of it is mDNSv6 from Apple devices, and all of it appears to be multi-cast/broadcast.

I have the commands that they say to use, but they aren't working.  On the cisco they are:

Ipv6 access-list <name>
Deny ipv6 any any

Interface g <x/y/z>
Ipv6 traffic-filter <name> in

this works on a Catalyst 3850, which is Layer 3.  But the IPv6 command only has "mld" and "nd" as options.  Cisco's documentation says it should work on a Layer 2 port, inbound only, but was less clear on how to make it work, and all examples they give, across all documentaton is setting it up on a Layer 3 port.

I've also got this to work on Procurve 2530 switches, which are also Layer 2 only.  It definitely blocks all he IPv6 traffic on the Procurves and on the 3850.

Hi,

What Cisco ACI (SDN) API for integration with cloud management platform? Tks.

Is it possible to use Cisco AnyConnect VPN client to make VPN connections instead of old Cisco VPN client v5.0.07.0440?
Here is a screenshot of the old VPN client connection settings:
If yes, what the anyConnect's XML profile would be?

I am trying to setup a port channel between 2 cisco 2960s.  

I am using the following:
Switch2#(config) int port-channel 1
 Switch2#(config-if) switchport mode trunk
 Switch2#(config-if) switchport trunk encapsulation dot1q
 Switch2#(config-if)!
 Switch2#(config)int range gig 0/45-48
 Switch2#(config-if) channel-group 1 mode active
 Switch2#(config-if)!

The problem is  I get Invalid input detected at

 #switchport trunk  encapsulation dot1q
                                   ^
 % Invalid input detected at '^' marker


Could someone tell me what I am doing wrong?

i have a Cisco ASA 5520 and 500MB internet/bandwidth line, the problem is the throughput on the FW is low and it throttles the bandwidth. Execs don't want me to upgrade now so i was wondering is there some kind of add on i can use  


ASA 5520
1: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
2: Up to 2048MB RAM
3: Intel Celeron M Processor 450 2.0GHz
4: Cavium Nitrox Lite CN1010

I am facing below issue

please suggest why this is happening.

24-Dec-2015 16:14:00 %LINK-I-Up:  gi28
24-Dec-2015 16:14:01 %LINK-W-Down:  gi38
24-Dec-2015 16:14:03 %LINK-I-Up:  gi38
24-Dec-2015 16:14:05 %STP-W-PORTSTATUS: gi28: STP status Forwarding
24-Dec-2015 16:14:06 %LINK-W-Down:  gi48
24-Dec-2015 16:14:07 %STP-W-PORTSTATUS: gi38: STP status Forwarding
24-Dec-2015 16:14:08 %LINK-I-Up:  gi48
24-Dec-2015 16:14:10 %LINK-W-Down:  gi17
24-Dec-2015 16:14:12 %STP-W-PORTSTATUS: gi48: STP status Forwarding
24-Dec-2015 16:14:13 %LINK-I-Up:  gi17
24-Dec-2015 16:14:13 %LINK-W-Down:  gi22
24-Dec-2015 16:14:14 %LINK-W-Down:  gi11
24-Dec-2015 16:14:14 %LINK-W-Down:  gi36
24-Dec-2015 16:14:14 %LINK-I-Up:  gi22
24-Dec-2015 16:14:15 %LINK-I-Up:  gi11
24-Dec-2015 16:14:16 %LINK-I-Up:  gi36
24-Dec-2015 16:14:17 %LINK-W-Down:  gi40
24-Dec-2015 16:14:17 %STP-W-PORTSTATUS: gi17: STP status Forwarding
24-Dec-2015 16:14:19 %LINK-I-Up:  gi40
24-Dec-2015 16:14:19 %STP-W-PORTSTATUS: gi22: STP status Forwarding
24-Dec-2015 16:14:20 %STP-W-PORTSTATUS: gi11: STP status Forwarding
24-Dec-2015 16:14:20 %STP-W-PORTSTATUS: gi36: STP status Forwarding

I am going to trunk 2 cisco 2960s via cat 5.  I already copied the config from switch 1 to switch 2.  trunks and ports are setup.

My question is, the crypto key on switch 2 now looks a little different that switch 1 (since I copied I thought it should be the same?)  The first few lines are the same, but then it changes.  Is this ok?  Do I need to generate another crypto key for the second switch?  Or since the first switch already has a crypto key, do I even need another one?