Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a stack consisting on 4 WS-C3850-48 switches...
2 WS-C3850-48T CAT3K_CAA-UNIVERSALK9, Version 03.06.05E IPBase - INSTALL mode
2 WS-C3850-48P CAT3K_CAA-UNIVERSALK9, Version 03.06.05E IPBase - INSTALL mode

I want to add a 10 GB switch to the stack.  It is a...
WS-C3850-12XS-S CAT3K_CAA-UNIVERSALK9, Version 16.03.05 IPBase - INSTALL mode

I am wanting to use the basic Cisco documents about upgrading my current stack to 16.03.05 from 03.06.05E.  Are there any special considerations?  I am only a CCENT with limited experience.  I don't want to ruin my stack.

I am backing up my configs and VTP database.

I believe the switch can be added while the stack is on.  Is this true?  What order would I unplug the stack cables?
Since it is a stack, will each switch take turns upgrading and avoid any downtime?
0
I have a customer who is using their ISP to provide their on premise routers as part of their MPLS, which has a firewall service on their internet breakout.  The routers onsite are in a HSRP configuration.

I want to add layer 3 switch functionality, so to do this we have a pair of HP Procurve (now Aruba) 2920 stacked switches.

So the layer 3 switches will become the default gateway, with the ISP's routers remaining.  I have asked for the ISP routers to have their IP range changed as I want to retain the subnet for the customer and I don't want to change their servers IP addresses etc.

ISP router 1 - 172.16.10.13/28
ISP Router 2 - 172.16.10.14/28
HSRP address 171.16.10.1/28

The Core switch stack IP is 172.16.10.2/28
The core switch will carry on running the existing subnet 10.1.1.0/24, with the core switch stack now having the default gateway that used to belong to the ISP HSRP.
The default route 0.0.0.0 0.0.0.0 172.16.1.1 will be set on the core switch stack
I have requested that the ISP add the routes to forward all traffic to the 10.1.1.0 network to the core switch stack
The ISP router 1 will be in the top core switch and ISP router 2 will be in the second core switch

- Can I use the HSRP address as the default route in this instance?
- Any other foreseeable issues?
-
0
Good Morning,
I have a ShoreTel phone plugged into a Cisco 2960x and we use port security. Before I configure port-security for the end user I normally see 3 MAC addresses on the port, 1 for the PC & 2 for the phone. (1 associated to data VLAN, the other to Voice VLAN)
In this case I  do not see the phones MAC address associated to the voice VLAN.  When i configure port-security the phone shows a message of "No Service", once I remove port-security it works fine.

Has anyone seen this behavior? I am thinking it may be  a bad phone.
0
Hello,

Was just wondering, what logging you enable on your ASA? I ma not sure what to send to my logging server.


Thanks!
0
Experts,

I'm having issues completing the Cisco Call Manager setup because it doesn't recognize my Windows 2016 PDC's NTP service.

Both are VMs on different ESXi hosts.
I can ping the Call Manager VM.
The switch recognizes the PDC as a Stratum 2 source.
My Windows domain and CM are on separate VLANs on this switch.
There's no access to the Internet or any other external source.

I did research and apparently the fact that the PDC is a VM can cause issue, but surely there's a solution.

Thanks in advance!
0
Deares
 i have Cisco ASA5525 and ucm 3cx voice server i want to use external extension for makes call from anywhere  
i have one public  ip 212.122.45.66 in firewall ASA5525
and one ucm 3cx ip address local 192.168.10.10
i need to make NAT for sip port 5060 from public ip to local ip 192.168.10.10
and RTP ports 10000 to 20000 to local 192.168.10.10

anyone can help me what is the right command i have to do in cisco ASA
0
Hi expert team pls advice,we see the 1801 cisco router all leds glowing even none ie no cables attached on all ports
isp suggested it's router faulty,any action  I can take to restore it to previous state.As I can see the router being  powered up but not detecting any connections.
0
I have two ASAv I am trying to set up IKev1 tunnels but I am not getting very far everything looks correct. however, no tunnels are coming up.

I am not sure of the requirements. I have 3 gigs on both,  from what I am seeing that should be plenty.

ESXI Network settings

asav1(config)# show run 
: Saved

: Hardware:   ASAv, 5120 MB RAM, CPU Xeon 5600 series 3999 MHz
:
ASA Version 9.8(2) 
!
hostname asav1
enable password $sha512$5000$DveqmEjlfhBWNlALV7kp2w==$xKlIR1OCArTEAMmOhAeylw== pbkdf2
names

!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.0 
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!             
interface GigabitEthernet0/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/8
 nameif inside
 security-level 100
 ip address 10.10.0.1 255.255.255.0 
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 9.9.9.9 255.255.255.0 
!             
ftp mode passive
object network 

Open in new window

0
Hello Experts,

I have two remote sites and two of those sites connected back to HQ over L3 Fiber connection.
Remote sites have Distribution switch and inter vlan traffic is routed locally and default route is pointing to HQ office.
I have Aruba Controller at HQ and I want to remote site access points to this controller.

I will highly appreciate if someone what design and configuration is applicable to achieve the above requirement.
0
I have a program that makes a connection to a database on Azure, but it's working slow and gives sometimes a time out.

I have narrowed it down to my router being the cause, a cisco RV325. When I hook up the PC straight to my ISP's modem the program works fine.

The RV325 doesn't have any fancy config and there is only one internet connection hooked up to it.  We tried to run the program with another RV325 and used a different type of internet connection, but same result. We use the latest firmware.
0
Having a weird issue. I have a rule that allows access to the inside network on a port and it works fine. I then remove the rule and I can still access the port on the inside. Any ideas? It will only hit that one port it will not allow access to other ports. Only have about 20 access-lists right now so it is easy to see if I have a AL configured for the port.
0
I recently replaced an ASA firewall with Fortigate firewall and I found nobody has internet.
I have created exactly same static routes as in ASA and the static route was a private IP.
Then I added a dynamic pool in the policy with the public IP provided by ISP. Then clients started getting internet.
But when I ping from Fortigate still no internet. Due to that I still cant register the device.
0
I have a port on the 5k connected to the 2k. Is there a way to see the port number connected the 5k and the 2k without physically tracing the cable? Thx
0
Hi
Can anyone recommend some good cloud/hosted web filtering software?
We use CWS, now EoL and replaced by Cisco umbrella, which i believe is expensive.
All we need is web filtering, nothing else.
Preferably a client/agent installed communicating directly with the cloud, where rules, polices are managed.
Thanks
0
How do I get a pc to see 4 vlans?
0
Does my matching from left to the right is correct ?

mGRE      : A technology that suports dynamic tunnel endpoints
MSS          : a configurable value that prevents an interface from sending packets that are too large for the tunnel
keepalive : A technology that prevents one side of the tunnel from going down while the other stays up
1
I have inherited a wireless setup and could use some help.  I have access points that seem to be disappearing from my Cisco 2500 series wireless controller.  The access points are Cisco Aironet 2600 series.  I hear that I can reset the access points in a way that would allow the wireless controller to see them again, but I'm not sure how to do this.  I'd rather not lose any of the configs on these access points if it can be helped, but understand it may be necessary.  

Any help would be appreciated.
1
Folks

 

In our school we have a Cisco 5508 wireless controller with 45 AP's. In the closet we have a C2960X switch.

 

In one room, we need to have a single access point (VLAN 2) and a projector (VLAN 30) connected to the same switch port.

 

I can't change the VLAN on the projector....can I setup the switchport so BOTH can access their respective VLAN's??

 

THanks!
0
Hello,

I was imported FindIT Network Probe package to a VM.
Follow up Easey setup guide, I accessed to Device Credential to entered devices, after click Apply botton the popup said "All devices have valid credential ", but at the Topology/Inventory of Discovery nothing appear.
FindIT.jpgAnyone help me find the problem ?

Thank you !
0
need to build network for 43 CCTV, 200 data, 200 IP telephone and 84 WIFI for hotel
kindly provide me the suitable part number for the active component as below
24      access switch 24 x GigE, 4 x 1G SFP POE      
2      core switch main and redundant fiber optic interface      
1      WIFI controller server      
84      access point      
1      Firewall
0
Is cisco umbrella professional [openDNS] a replacement of anti malware, or is it still needed something like anti malwarebytes
0
I have the following config but however I cannot display any internet pages from a client machine and or ping from a client machine. All pings from the cisco router works and I get a reply however from the client it fails





 

ip access-list standard RFC1918-dns
 permit 10.23.72.0.255.255.255

 

ip dns name-list 1 permit .*
 

ip dns view default
 domain name-server 71.242.0.12
 domain name-server 71.242.0.13
 domain name SOMECOMPANY.LAN
 dns forwarding source-interface GigabitEthernet0/0


ip dns view-list LAN
 view default 1
  restrict source access-group RFC1918-dns
  restrict name-group 1
 

ip dns server view-group LAN
ip dns server


Pinging yahoo.com [98.138.252.38] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 98.138.252.38:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\ping foxnews.com

Pinging foxnews.com [104.92.16.8] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 104.92.16.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
0
To all networking gurus

We have 2 internet providers, one for data and one for voice. We have a firewall and a HP L3 switch (HPE 2920X). We are using RIPv2 to inter-VLAN as we have multiple VLANs setup in the environment.

We have 5 VLANs setup, and one of them will be voice which has its own internet gateway. Our firewall is connected to Port 1 of the HP 2920 switch, and the voice router is connected to Port 48 of the HP 2920 switch. On the phones and the PABX system we have given the voice default gateway, and the LAN/servers/printers etc are given the HP 2920 default gateway using DHCP.

All seem to be working,however the calls are dropping out and getting a message "No route to destination". Im just thinking it might has something to do with the routing or the  voice PABX/internet issues. Because they are inter-connected, we added ACL rules to block traffic from voice subnet to subnets.

Can anyone share some lights?

Many thanks in advanced.
0
Hi all, please am submitting a CRQ for a simple static route via vrf
i.e.
ip route vrf  (vrf name) <ip address/mask> next hop.
I know it will not be approve if I did not put a statement about testing.
Please can anyone suggest any simple testing statement for static routing?
0
I set up port forwarding on a Cisco RV320 router so I could rdp to a pc on the network. When I turn off the firewall it works. If I leave the firewall enabled it doesn’t.  I’ve tried setting an access rule with no success.  Any suggestions as to what I could be missing?
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).