We help IT Professionals succeed at work.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Dear Experts
We have installed Cisco FTD 1010 for routing and firewall and Cisco FMC for managing FTD . We have CISCO 1830 SERIES (WIRELESS ROUTER)  integrated with windows AD, windows radius server for wireless users of Windows AD to access network. Now would like to implement the best practice method for guest users
1. Please suggest should we have to create guest user in windows AD and provide these details to guests. Guest users  would only require the internet hence not sure is this best practice, think if go by this approach then guest users will connect to the same network

2. or should we have to create guest user at wifi device level and separate guest network from LAN private network ( hence this assigns IP to the guest users and they are not connected to our internal network. Please suggest the best practice.

Thanks in advance.
I need to clone/copy a Cisco 2960 layer 3 switch config to an identical Cisco 2960.  I need to also copy the layer 3 configuration (routes, vlans, etc).  Anything I have seen only lets you copy the layer 2 config.  Yes I tried to Google the problem first, but there is not much I can find on how to do it.
Any help would be appreciated, thank you.


We are trying to authenticate from a Cisco ASA firewall with our Domain Controller that is hosted in Azure over a site to site VPN connection.  We have this working fine from the ASA to our on premise DCs using IPSec VPN.

Azure support have said we should add a rule on the NSG to allow this traffic through (they have tweaked it too) but does not work.  It times out on the firewall console (this is externally managed).

LDAP connection over the site to site VPNs to the DC works fine using LDAP.exe and i can bind to it.  

hi guys,

At the place I work at, we have a primary internet line and a secondary internet line. The secondary isn't being used as it is a failover. However, the primary line  with a Cisco 1941 has got its CPU usage to almost 90% every single day. The secondary line is not being utilised at all. That also has a Cisco 1941.

We have a change freeze window coming up for almost 2 months! So we can't do anything from this Friday onwards.

The future plans will be to upgrade WAN bandwidth and change the Cisco routers. But for now, if I wanted the secondary line to become utilised, would you use a Meraki Mx68 to do the load balancing? So that it would sit in front of the two routers and it would load balance the traffic to one or the other to turn it into an SD-WAN capable system?

Are there any other ways that you can think of?

Thanks for helping
I support several Windows Server 2016 servers and not running into this issue
- At first, I thought we had a router issue. The router has been upgraded to a newer Cisco model (originally we were using a "Netgear Prosafe router")
- The server is not in a domain. There are approximately eight computers in a peer-to-peer network at this time. The computers cannot map a drive to the server until we physically change it from public to private. Then it connects. But on the server, I cannot change it to private.
- When the server is rebooted, all users lose connection to their map drives until we go back and change the PC from public to private (or work on older Windows 7 PCs)
Does changing dhcp settings (change DNS Pointers) on a Cisco WLC require reboot?

We're making a change on an existing SSID that has an internal DHCP server enabled and configured  via the WLC.   It's currently pointing to the comcast DNS servers, and we want to change that to the internal DNS Server instead.  

My assumption is that by making this change, we will not affect existing connectivity but wanted to get an expert opinion.

I'm trying to set up a certificate on a Cisco ASA-5506x for the first time and wanted confirmation that I'm on the right track.  The immediate reason for it is for PCI compliance, but it would generally be a good thing anyway.

We don't do any hosting where the ASA is located, but we are using VPN connections.

My understanding is that I can do it as follows:
1)  Set up a new A record on the DNS server for our domain (ourdomain.com) named asa.ourdomain.com and point it at the public static IP address of the ASA
2)  Obtain a certificate for asa.ourdomain.com from a certificate authority using DNS authentication (I do have access to the DNS server for the domain)
3)  Install the certificate on the ASA

Am I on the right track here?

Everything went ok apart from 1 question I have:

upgrade to same IOS - done
set priority to 1 to be member - done
write erase - done
delete vlan.dat done
backup run config of stack

stacked the 3rd switch correctly
powered on added switch
current joined stack not powered down
switch came up as stack - sh switch shows as member

now not sure if this is normal but none of the new switch interfaces had any VLAN assigned in their config.
I did a int range and assigned them all -so no big problem. However I was expecting them to be picked up and configured from the master. So is what I have experienced normal??
Will a Cisco 1000BASE-SX SFP work in an Palo Alto Networks PA-3020 SFP slot?
My googling is not being helpful on this one. Thank you.
Are the two Cisco SFP modules 1000BASE-SX = GLC-SX-MM functionally interchangable?

Thank you.
Hello.  Let me first explain our problem and a brief explanation of our setup, and then I will go into details.

We currently have a Cisco Firepower 2110 and are using this for a site-to-site VPN to our other building. There are no issues here. We are attempting to set up a RA VPN, and when testing - by allowing inside interface as access - we can connect internally. The problem is we can not connect externally.

I did have a Cisco ASA 5500 series before, and we did have a S2S and RA VPN functional on it.

Now, here are the details.

Cisco FP 2110, managed through FMC, IP:, FMC .46.

     int.grp.vlans:, ... 15, 20, 40, 60, 70, 80
     vpn.net.vpn: (VPN Pool is


Eth 1/1 - WAN / Outside / 96.x.x.17 /
Eth 1/2 - Inside / inside /

    Routing Table
NAT Translation
    NAT Translation
Access Policy
    Access Policy
I am desperate to get this to work, as it needs to be up by November 5th. I have zero idea why this is not working, and am sure it is something very simple I am missing. I have set this up before and had no issues. We did try using a different outside port (500). When we did, we received this in the connection log:

Outside Access Port 500
Thank you in advance, and please ask for any other required information!
Dear Experts,

I was trying to downgrade my client's Cisco 1111-4p router.

After doing so, when I do a show run, it shows as this:

boot system flash bootflash:c1100-universalk9_ias.16.08.01.SPA.bin

It is suppose to be:

Not showing the bin files.

How can I rectify this?
I am trying to configure an Cisco ISP Failover on our Cisco 4321 Router and cannot get it to work as it will not browse the internet at all on the laptop whether I have VOCUS or TELSTRA or both connected to Cisco Router.

I can ping both the VOCUS WAN IP and Telstra NBN LAN IP from the cisco CCLI

Outcome I am looking for:

2x Internet Connections connected to cisco router
Telstra NBN Connection needs to act as as failover when VOCUS drops out.
Can browse internet on both connections.

I have configured the router as per this article: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html

I am using the following configuration

1x Cisco 4321 Router - IOS Version 15.5
1x NIM-ES2-4 Module
1x VOCUS Fibre Internet on
WAN IP: 203.89.xx.xxx
Connected to Cisco Router interface: GigabitEthernet0/0/0

1x Telstra Smart Business Modem (NBN)
Connected to Cisco Router interface: GigabitEthernet0/0/1

1x Windows Laptop
LAN IP: dhcp
LAN SubnetL dhcp
Connected to Layer 2 NIM-ES2-4 Module

Cisco Configuration is as follows

version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no platform punt-keepalive disable-kernel-core
hostname ROUTER-01
boot system 

Open in new window

Hello Experts,

What is the SQL enterprise edition VM requirements. I am at a client and they have Cisco UCS environment but they are looking to have a SQL server that is an enterprise edition.  

I need to know the aspects that I can host on the UCS environment. I have server blades about 8 x UCSB-B200-M4

Number of Processors : 2
Cores Enabled : 24
Cores : 24
Threads : 48
Effective Memory (MB) : 524288
Total Memory (MB) : 524288
Operating Memory Speed : 2133
Operating Memory Voltage : Regular Voltage
Adapters : 1
NICs : 2
HBAs : 2

Thank you,
I'm dealing with performance issues with a VOIP phone system.
The VOIP service provider provides a dedicated internet connection for VOIP and the "PBX" is externally provided by the VSP.
Since the PBX is external, even internal extension-to-extension VOIP calls cause external traffic.
We provide a dedicated VOIP firewall in the form of an RV320 followed by cascaded SG300 switches - configured with a VOIP VLAN with QoS set up.
We provide a dedicated internet connection and firewall for site data - independent of VOIP traffic.
There are 3 sites, each one with separate internet connections, firewalls, etc.
The largest site has about 20 phones and 25 workstations.
The smallest site has about 6 phones and 10 workstations
The middle site has about 9 phones10 workstations.
Data traffic is modest.

I believe the VOIP system is working overall as intended so the "problems" are a matter of service quality I'd say.
Problems are intermittent and include:
- audio is heard at one end and not the other.
- a very loud "screeching noise" is heard at one end or the other and can be audible at one or both ends.  This is reported to be rather high-pitched and not like loud TV white noise.
- some incoming calls don't arrive on site and go directly to voice mail.
Overall, it's reasonable to say: "while the system seems to "work", service is unacceptable".

Since the 3 sites are each independent of the other re: VOIP, if all sites behave similarly (re: problems) then one might …
I am trying to understand how SD-WAN helps SaaS connectivity for an enterprise company.  What I know only that SD-WAN is used for WAN connectivity between Main and Remote Offices.
For example if I am located at branch office and wants to connect with Office 365 then how SD-WAN make a connectivity with Microsoft Cloud ?

Can someone please shed some light on this ?
How to configure VPN using Cisco RV016. I did it, but can´t connect using Quick VPN. Sometimes it works and sometimes doesn´t.
EEM v 4.0 on Cisco 2960.

I am trying to no out my EEM Events on my Cisco 2960 but I can't determine the name!!!

SW1(config)# do show event manager history

That does not show the complete file name! I need the entire file name to remove it from EEM.

Hi ladies and gents.  Has anyone worked with Datto's AP using Cisco Switches?  Currently we have about 10 AP's that are meshed within the organization all communicating with Cisco Switches.   However 1 AP is constantly spamming MAC addresses to the switch which is showing the following.

001247: Oct  9 10:07:12.401: %SW_MATM-4-MACFLAP_NOTIF: Host f439.0917.a34c in vlan 3 is flapping between port Gi1/0/24 and port Gi1/0/14
001248: Oct  9 10:08:33.671: %SW_MATM-4-MACFLAP_NOTIF: Host b00c.d14b.decf in vlan 3 is flapping between port Gi1/0/24 and port Gi1/0/8
001249: Oct  9 10:08:52.445: %SW_MATM-4-MACFLAP_NOTIF: Host 84a9.3e46.1588 in vlan 3 is flapping between port Gi1/0/24 and port Gi1/0/6
001250: Oct  9 10:09:52.236: %SW_MATM-4-MACFLAP_NOTIF: Host 10e7.c6b6.51a3 in vlan 3 is flapping between port Gi1/0/24 and port Gi1/0/12

We have spoken with Datto about this and they had suggested a few things such as disabling mesh and internet listening since they are all on the same domain which we have done.   We have also flashed every AP to 6.5.2 which is the latest firmware on the AP from 6.4.15.   MACFLAPPing continues.

Datto had advised us to change the settings on the switch from flooding to filtering which we did and caused havoc with our phones so we had to re-enable flooding.   All the other AP's are perfectly fine and do not spam any of ther other switches with MAC addresses.   I have factoried the AP reflashed the firmware and it is still happening.    The device is…
On my lap ASA, I can successfully copy files from my ASA to my SCP Folder using SolarWinds SCP Server. The problem I am having is copying files from my SCP Server to the ASA using CLI. IT fails to copy do disk0:/ on the ASA.

 I can see the file being copied from the SCP Server via the SCP Log:

      10/23/2019 12:19 PM      Unknown      Authenticated user cisco from IP
      10/23/2019 12:19 PM      Unknown      User cisco from IP downloading file at "TestFile.txt".

 See the information below:

ciscoasa# copy scp://cisco:cisco@ disk0:/TestFile.txt

Address or name of remote host []?

Source username [cisco]?

Source filename [TestFile.txt]?

Destination filename [TestFile.txt]?

Accessing scp://cisco:cisco@
%Error reading scp://cisco:cisco@ (Success)
Dear Experts

Our customer would like to connect to our network from external network, when they are in office they would like to connect our network and access the network and similarly when they are working from home/mobile they still want to access.
1. have suggest site to site vpn connection while they work from office
2. have suggested point to site vpn connectivity when they are travelling/from home. this is through vpn client software.
Please suggest is this best practice and secure .
Dear Experts

Please help me with steps on "HOW TO" generate CSR for installing SSL certificate on Cisco Firepower Management Center(FMC) for Firepower Threat Defense (FTD), either though ssh or through web interface log in please help me with steps. thanks in advance.
Hello All,

I've been tasked with getting clock equipment working on our campus network. I need to have these touch screen stations in the same broadcast domain as the master server ....but the server reside under server block.

Server block access switches are connected to a distribution switch and DSW are connected to Core Switch over L3 links
Clock devices are connected to access switch trunked to Core switch
What's the best way to span a layer 2 broadcast domain over a layer 3 routed uplink??
Cisco ASA 5508 Operating Temperature

The documentation shows: Max operating temperature 104°F (40°C)

Is this the room temperature?
Or the internal chassis temperature?

My server room is 65 degrees F
My “show env” chassis is 90 degrees F
Dear Experts

We recently installed  Cisco FTD 1010 and for managing FTD we  have installed and configured FMC , now that we have to allow users from external network to connect to our network through Cisco Any Connect software but for this we would like to install SSL certificate, can you please help on how to create CSR and where to create think it should be done in FMC and please let the steps should it be done via ssh or web interface please provide the steps. thanks in advance.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).