Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,
As I am new to Cisco UC and I have a scenario whereby there is a requirement to have cisco ip phone in a branch. The IP phones would be connected back to HQ call manager.  I would like to check on the advantage and disadvantage on the edge router whereby on using dual WAN connectivity links for high availability against a single WAN connectivity link and SRST.

For SRST, It seems that there is a regular SRST and using CME as SRST. May I check if there may be any reference documents on how it works/requirements and consideration.

Thanks.

Appreciate for any suggestion!
0
Can someone provide the specs for Cisco RJ-45 SFP for GigE Interface ASR 1002? We need to order this piece.
0
Generally speaking what is different about  4 ports to the right side of Cisco switches (I/o 45-49)?
0
I am trying to create a wireless bridge so that I can plug in a hard wired NIC from a device to a Cisco Aironet so that it can participate as a wireless device on my network.  The device is not able to use a wireless adapter natively, which is why I am trying to use the WAP as a bridge.   I have a Cisco Aironet 1700 series WAP.  I have downloaded the autonomous IOS software and have successfully applied it to the device using TFTP and the CLI.  I assigned it an IP address from the CLI and I can get the web interface to show up.  I am missing instructions on making this WAP a bridge to an existing SSID.  Any guidance would be appreciated.

Just to clarify, a device with a NIC will plug into the WAP acting as a bridge (autonomous) to the existing wireless network that has a SSID managed by a Cisco Wireless Controller with several attached lightweight WAPS.  I just need to know how to go about configuring this bridge to get the desired result.
0
Dear Experts, I'm testing the SPAN feature in Switch Cisco 3750. This is the diagram:

SPAN.png
This is configuration on Core SW:

monitor session 1 source vlan 55 both
monitor session 1 destination interface g1/0/13

Open in new window


It seems like working but the whole vlan 18 was hang, so I could NOT access the PC which was installed wireshark. How can I fix it? Can we just mirror traffic from some IP addresses, not all VLAN?

Many thanks as always!
0
At one of my work sites I want to add an additional managed switch.  There is currently a Cisco 2960G and I want to add a 2nd one because we ran out of ports.  Basically I just want to add ports for a particular Vlan.  
Is there a way to configure these as a stack?  What is the easiest/best way to configure the 2nd switch?
0
I'm trying to set up a web page that collects information from a user prior to allowing them to connect to a WiFi network. A similar, desired, scenario would be something like when you use free wireless at a hotel or Starbucks, etc. I've already got things set up so when a new device connects, the user is redirected to my page. That page is set up to do what I need it to do, but now I'm at a point where I need to connect the user to the wireless connection. What do I need to do? I'm working on a Cisco network and coding in C# (ASP.NET).
0
Hello,

I would like to know if it is possible to effectively use voip with private vlan edges, and how.

I have private vlan edges configured, essentially with the switchport protected, switchport block unicast and switchport block multicast, on all my user's workstation ports on the distribution switches. This is to prevent lateral movement in case of compromise. I would like to configure the ports for VoIP in the usual chained jack-to-phone-to-computer format. These catalyst switches are connected to the core catalyst switch via fiber.

I understand that all traffic on a switchport protected interface will be sent to the uplink and that this includes all voice and data traffic from that particular interface. But, I would prefer not to have to disable protected ports to allow phone to phone voice traffic.

Please help.
0
I have a client with a 2801 Cisco router and he has a Linux server managed by another vendor. The vendor wants to be able to SSH right into the linux box.

I have read that this is not possible on the 2801. I am able to port forward other services like RDP without issue.

For SSH I have only been able to set it up to SSH to the router first, then from the router CLI to the Linux box.

Can anyone confirm is this is possible? The vendor is giving me and the client a hard time about doing it any other way.

I've added this to the config in an effort to allow inbound SSH traffic to be forwarded to the internal server:
ip nat inside source static tcp 192.168.1.25 22 <public address> 22

There is an ACL allowing this as well:
10 permit ip 192.168.1.0 0.0.0.255 any


Here is the full running config, however bear in mind it is no longer configured for the direct SSH port forward, this is configured to SSH to the router first, and from the router SSH to the Linux server:

R1#sh run
Building configuration...

Current configuration : 1232 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$2vYM$tH6m.7GbUlsLDgCoXZAZr0
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
!
!
ip domain name alltech.local
ip ssh logging …
0
Dear Experts,

Cisco Unified Communications Express
Cisco Unity Express - Administration
       
Version 8.6.1

Not able to connect SMTP port 25 anymore with MS EXchange on remote site that is replying to pings.

Test Result: Could not connect to SMTP host: HVRFTH-EXMB01.cccccc.com, port: 25

Test Result: Could not connect to SMTP host: 172.16.2.51, port: 25

I tried changing to smtp.office365.com and nothing that worked in the past is helping.

I am not sure how to test from this device address is connectivity to outside. But I know the network it resides is pinging everything that needs to be ping.

Thank you for any helpful ideas.
0
We are installing a number ATA's either Cisco SPA's or Grandstream ATA's at a number of different locations. Each location is on a private network, however we do have static WAN IP's for the Firewalls. Each ATA has ethernet Available, but not Copper 2 pair.  Our goal is to pay a VOIP provider for about 5 VOIP Lines, that would be shared by 25 ATA's. Most of the traffic will be outbound dialing, and we would want the ATA's to rollover to the first available outbound line. We do ideally, want to be able to inbound dial to the ATA's using extensions.

Where would we get started in finding a VOIP provider that can help us with this, or would this be best done with on some sort of On Premise Gateway, which we would host at our NOC?

All comments and suggestions are appreciated.
0
Hello Experts
i need help setting up my Hyper V networking side.
I got 3 Dell servers running windows server 2016,
i got 2 Cisco c3750x switches on advanced ip services
and 1 watchguard firewall.

I want physical connectivity as in attached picture so that i can have failover and load balancing.

on servers I am doing NIC teaming with LACP and dynamic mode.
on watchguard firewall i got 2 ports in link aggrigation dynamic mode .
I need help with cisco switches. what exactly i need to do in config to enable failover and load balancing for traffic to/from server VMs (VMs running on hyper v will be using different VLANs) so on switches i need multiple VLANs.  

I am not cisco expert so tried etherchannel/lacp etc but without any luck to get it working.
so yea if someone can share some config please that will be helpful.

thanks
Harry
IMG_3001.JPG
0
My main office ASA 5520 runs an EZVPN site to site with an ASA 5506. Up until storms the other night the VPN was up, after storms the VPN won't reconnect. I've tried rebooting the remote ASA, ran clear crypto ips sa peer <ASA IP> from both sides, and even pulled out the ezvpn config from the remote side and put it back in. No luck

sh crypto isa sa from the 5520 shows:
Company-Firewall# sh crypto isa sa

4   IKE Peer: <Remote FW IP>
    Type    : user            Role    : responder
    Rekey   : no              State   : AM_WAIT_MSG3

Company-Firewall# sh crypto isa sa

Open in new window

Then
4   IKE Peer: <Remote FW IP>
    Type    : user            Role    : responder
    Rekey   : no              State   : AM_TM_INIT_XAUTH_V6H

Open in new window


sh crypto isa sa on the 5506 shows the same thing only AM_WAIT_MSG2 instead of MSG3.

Debugging the connection from the 5520:
debug crypto isa 5
---===---
Jun 11 16:22:21 [IKEv1 DEBUG]Group = <EZVPN Group>, IP = <Remote FW IP>, IKE SA Proposal # 1, Transform # 1 acceptable  Matches global IKE entry # 1
Jun 11 16:22:21 [IKEv1]Group = <EZVPN Group>, IP = <Remote FW IP>, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end is NOT behind a NAT device
Jun 11 16:22:21 [IKEv1]Group = <EZVPN Group>, IP = <Remote FW IP>, Floating NAT-T from <Remote FW IP> port 500 to <Remote FW IP> port 4500
Jun 11 16:22:22 [IKEv1]Group = <EZVPN Group>, Username = <EZVPN User>, IP = <Remote FW 

Open in new window

0
After installing Cisco Anyconnect VPN client we can no-longer ping servers/ PC's over DNS ONLY IP address when connected with a standard windows VPN.

To give more background, we have this issue on 2 computers, both on a domain. PC's without the cisco anyconnect client work fine on any VPN, the ones with it does not work on any VPN.

We have removed the Cisco VPN client, same issues - PC's outside of the domain are also fine without the client installed.
0
I have a Mikrotik CCR 1009-8G 1S-1S+ and 5 Cisco Switches WS-C2960-24TC-L that were provided by the customer for our use in this network. I have a question on how to setup the VLANS so no Tenant in the building can access any other Tenants network. There is a mix of Static IP tenants and DHCP Tenants. I have the Mikrotik Setup with all the needed VLANS for each DHCP Tenant. I have also assigned each port for VLAN access to only one Tenant. My issue is how to secure the VLANS.

I know this is a vague description of what I have to work with so I have attached a PDF of the network. If any other information is needed please message me and I will attempt to comply.

Thanks in advance for any and all help.

Seven-Floor-Multi-Tenant-Building-De.pdf
0
I need to configure a Cisco 891.  Our provider is giving us a P2P /30 plus a /29 for our use.  In the past I have used 2 routers for this.  The outside router has the /30 on the outside and the /29 on the inside.  Then the inside router would have a default route to the inside interface of the outside router.  I would like to be able to do this with one router if possible.  I found a configuration example on Comcasts web site which I am attaching.  They are using the /29 for NAT.  This all seems good but what I don't get is since there are no IP addresses assigned from the /29 on any interfaces what do I use for a default route for clients using IP addresses in the /29 range.
Comcast-Example-Configuration.txt
0
Hi Team,

I am facing issue for temperature monitoring in Nagios Core 4.1.1 for cisco device(ERROR: Problem retrieving OID 1.3.6.1.4.1.9.9.13.1.3.1.2 table: The requested table is empty or does not exist.).

it is working for some cisco device like 12.4 version but getting error for 15.+ version(ERROR: Problem retrieving OID 1.3.6.1.4.1.9.9.13.1.3.1.2 table: The requested table is empty or does not exist.)

[root@phi-nagios ~]# /usr/local/nagios/libexec/check_snmp_temperature.pl -f  -H 172.29.223.177 --type cisco1 -o F -C 247monitor  -a'.' -o C -w 70 -c 80
OK - . Temperature is 32C | .=32;70;80
[root@phi-nagios ~]# /usr/local/nagios/libexec/check_snmp_temperature.pl -f  -H 172.29.222.162 --type cisco1 -o F -C 247monitor  -a'.' -o C -w 70 -c 80
ERROR: Problem retrieving OID 1.3.6.1.4.1.9.9.13.1.3.1.2 table: The requested table is empty or does not exist.
[root@phi-nagios ~]#


Working for below cisco version
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, 3800 Software (C3825-ADVSECURITYK9-M), Version 12.4(11)XJ3, RELEASE SOFTWARE (fc1)
Synched to technology version 12.4(11)T
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled

not working for below version

SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S6b, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, …
0
Hello Experts

I have an issue and i count on you to help me . II working for a client to configure Exchange Hybrid and Lync Hybrid
The client has a Cisco ASA where some services are Nat like OWA etc..
But before he was using only Onpremisses Services

I want to know what i should configure in Cisco ASA to communicate effectively with O365

I was not concern about this ASA issue until i experienced some problems with certain services like Free Busy or a Lync Online User migrated not able to speak to On premisses User

ANd the configuration seems to be OK

Rgds
0
Hi
Cisco ASA 5506 X, I mistakenly deleted the boot file - I meant to delete the ASDM version :-). So I can only boot into rommon. I have seen many articles about using tftp in rommon to copy an image but the problem I have is that the ASA interfaces are down. No link light. My Ethernet cable shows as not connected, so my TFTP server is not listening. I have tried using a normal patch cable directly between my PC and ASA, also plugging both interfaces into a switch.

Does anyone know how to fix this?

Thanks very much.

Alasdair
0
Cisco ASA 5520 with AnyConnect VPN authenticated via LDAP. I'm trying to tighten my security down by limiting which users are allowed. I've taken a test user out of the two groups defined by my dynamic access policy and the user is still allowed to connect in. Why?

I have four pictures attached explaining my situation as I understand it:
1) My LDAP Attribute map shows "Users" or the "<Location> Users" OUs/Containers are mapped attributes.
2) My Dynamic Access Policy shows users that are a member of the "Administrators" OR "<Company Name> Company" group are allowed to continue.
3) A test admin user that's been removed from the "Administrators" group  & has never been a part "<Company Name> Company" group.
4) A normal level test user that's been removed from the "<Company Name> Company" group & has never been a part of the "Administrators" group.

Both of these users can VPN in fine. Why? Any help is appreciated.
AnyConnect_LDAP-Attribute.JPG
AnyConnect_Dynamic-Access-Policy.JPG
Anyconnect_Admin-Groups.JPG
Anyconnect_Test-Groups.JPG
1
Hello,

  My question is angled from a purchasing perspective.
  Cisco Brand SFP & SFP+ modules are priced more than a hundred times than 3rd party SFP/SFP+ modules.
  I'm also aware that even Cisco brand SFP/SFP+ modules don't work in just any Cisco Brand Switch.
  My question is:  How picky are Cisco Switches such as the IE4000, IE5000 Series with 3rd party SFP/SFP+ (such as FS, Axiom, SmartOptics).  
These 3rd party vendors like to use the same model number as the Cisco Brands, so they are assumedly close in operation to the Cisco Brand SFPs.  They've been 'tested' and work interchangeably in some models of switches.  How safe it is it to assume that they will work
  At the relative price points, it's worth a buy and try approach, but I'm looking for some insight or experience from others as a benchmark.
Thank you,
0
Hi
We are having issues with pushing out applications (using PDQ by admin arsenal) to remote vpn clients (win10).  

Overview:
Currently we have three sites, two using on premise Cisco ASA firewalls that provided VPN access via the old Cisco VPN client and another site that is an MPLS core (which the other two sites will link to in the coming months).  The MPLS core is a Cisco 5512 and thats using Cisco anyconnect VPN.

All three sites are on 10.255.255.0, 10.255.254.0 and 10.255.253.0 ranges.  
On prem DNS has revers lookup zones added for the three 10. ranges.

I think the issue has arisen since migrating one of the sites from on premise configuration to MPLS, but this could just be coincidence.

The remote VPN clients can browse the PDQ servers bu UNC but the server cannot connect the other way.

We can nslookup, tracert and ping fine from the server.

If the remote machines connect to either of the corporate LANs (some are connected over site to site VPN) PDQ can deploy fine (we can UNC to the client also).

We suspect this if firewall related but the management company cannot find a fix.

Ideas?
0
Hi,

I need  add Cisco 2960 and 3560 switch in GNS3 for practice, kindly suggest how it can be possible
0
My office have many cisco switch and  routers. What is best centralized tool/ software to monitor\ control the cisco router and switch?
0
Hello, I have a ws-C2960s-48fps-L that it’s not turning on at all someone told me that it cost around 5,000$ how truth is this? And how?
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).