Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Cisco RV134 Wireless Router in my basement near the back wall of my house. It is 3 feet from the basement ceiling under the family room.

My main office desk is in the kitchen (beside the family room) and I often (as now) use the kitchen table for my Laptop (which is Wireless and only Wired if I bring out my adapter dongle - no RJ45 jack as the laptop is too thin for that).

Using inSSider V4 (MetaGeek) I see 5 GHz signal strength from -59 to about -68 dBm.  2.4 GHz is a bit higher but nothing to be concerned about. Overall wireless performance in my office location is excellent and very (very) good most anywhere on the main floor.

My desktop computer is wired Ethernet and is on the office desk along with my printer which is networked.

I trust you have the picture here.

I want to put a small office (desk and chair) in my second floor Den for those times when I must engage in a telephone meeting and using the Kitchen office is inconvenient.  I have ordered a desk and chair from Staples and should have it next week. The Den office is at the front of the house .

Wi-Fi performance in the Den Office location is -66 dBm to -73 or so dBm or lower strength by a bar or two in my W-Fi Icon.  Sometimes I notice some lag in page load but nothing terrible.

It happens I have an CAT 5e Ethernet connection in the Den attached to my Cisco RV325 VPN main router. The Rogers Hitron Modem, the Cisco RV325 router, and the Cisco RV134 AC router are all on the same …
how can i configure cisco switch MDS 9148s with san storage DellEmc compellent SC2020

it's a new integration for the storage sc2020

I connected the storage properly by following the manual with tow san switchs cisco MDS 9148s 16G FC

when i initialized the storage i noticed that virtual ports does not exist

after the initialization has been finished I noticed that the virtual ports are disabled:


when i do this command in cisco switch

show flogi database

i can see only the physical ports

so the virtual ports does not exist to configure zoning.
We have set up a router that uses ip adresses above x.x.x.128 to divide those in smaller bloks (/29), and an ASA to translate per VLAN on a specific ip addres below x.x.x.128.
But when we look at the syslog the ASA responds with deny's on ipadresses above the x.x.x.128. this causes problems as the switch in front of the two machines routes traffic ment for the router to the asa.

Any ideas why this is happening?
Scenario 8
This article is about building Dynamic Multipoint VPN tunnels in Cisco CSR1000V router with IOS XE. There are two spoke routers connected to single tier Phase 3 DMVPN Cloud hosted on CSR1000V router.
Cisco IP Phone 7941 still trying to upgrade.

Physically took phone to TFTP Server and uploaded current OS software to the phone.

Everthing in Call Manager looks good.

Cleared port security on the switch.

Phone daisy chained to PC.

PC has good Internet/Network connectivity.
Hi All,

Trying to copy a config from a Production switch to Backup switch that will act as a backup hot spare. I matched the ios correctly and was able to back up the config from Production, however when I restore the config to the backup switch it gives some errors because I am connecting via tftp on port 1 of the backup switch and assigned an address to connect.

Do I have to fix manually or is there a clean way of connecting via tftp and restoring. There is no usb or other connection ports in that back such as using a cross-over. Thanks in advance for you assistance
We currently have 13 Access Points controlled by a Cisco WLC 2504.  We have two WLans - one for Guest and one for employees.  Our employees use WLan 1 which accesses the DHCP server on my domain.  The Guest uses WLAN 2 which access the DHCP on my router.  On my DHCP server we have two separate subnets with plenty of IP's available.  Due to some routing issues, I needed to use most of the available IP's for phones.  Once that was cleared up, those IP's are now free again.  My problem is that we are now unable to get an IPV4 address from the employee access point.   We have two subnets, so there are plenty.  What do I need to do to fix this issue.  Interesting enough when I create a separate vlan pn my router, any device connected to the employee access points gives me the error message - no internet access

We are trying to push a configuration to a Cisco router using ansible.
when we run a playbook we a re getting the following output:
ansible-playbook site.yml -i inventory

PLAY [Generate Router Configuration Files] *****************************************************************************************************************************

TASK [router : Generate configuration files] ***************************************************************************************************************************
failed: [x.x.x.x]  "msg": "Failed to connect to the host via ssh: Permission denied (publickey,keyboard-interactive,password).\r\n", "unreachable": true}
fatal: [x.x.x.x]: UNREACHABLE! => {"changed": false, "msg": "All items completed", "results": [{"_ansible_ignore_errors": null, "_ansible_item_result": true, "item": {}

PLAY RECAP *************************************************************************************************************************************************************
x.x.x.x               : ok=0    changed=0    unreachable=1    failed=0

Also: if I specificity the username to execute the playbook I got the following:

ansible-playbook site.yml -i inventory -u myuser

PLAY [Generate Router Configuration Files] *****************************************************************************************************************************

TASK [router : Generate configuration files] …
Set up CCIE LAB on GNS 3

Setting up CCIE LAB  in GNS3 is possible for routers but not switches.
I would like to know if I can use Physical Switches and connect them to the Laptop where GNS3 is running and get the Lab Setup ?
if so , What are the components needed to get this Lab Setup ?

Thank you

We configured a SPAN port in a Cisco switch to be used for an upcoming network analysis solution but we need to make sure that it is functioning before implementation date.
What is best method to test a SPAN port ?

hello experts
i am configure wired 802.1x via Cisco 2950 switch which authenticate against Cisco ACS 5.7, but i can't get it works.
for 2950 switch, version is : (C2950-I6K2L2Q4-M), Version 12.1(22)EA13
configs on 2950:
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
dot1x guest-vlan supplicant
interface FastEthernet0/8
 switchport access vlan 15
 switchport mode access
 switchport nonegotiate
 dot1x port-control auto
 dot1x timeout tx-period 10
 dot1x guest-vlan 88
 dot1x reauthentication
 dot1x auth-fail vlan 88
 spanning-tree portfast
 ip dhcp snooping trust
radius-server host ACS_IP auth-port 1812 acct-port 1813 key 7 08221C5C591725
radius-server retransmit 3
radius-server key 7 110A4917471C2B
ip radius source-interface Vlan22

for ACS policy i configured to authenticate "domain users" group, for the testing client computer i can sure i should configure it correctly.

so i need your help to identify where the problem is.

thank you
Trying to setup a Remote Access or ConnectAnywhere VPN on a Cisco ASA but not having any success.  This is an existing device that we took over.  Ran through the Wizards for both with no success.  For the ConnectAnywhere, the website it created for the client/config download won't even show up.
I have several Cisco Wireless Lan Controllers with the AIR-LAP1131AG-A-K9 Access Points.  When we purchased the APs they came with a manufacturer certificate that has since expired.  We are running software version on the controller.  We are now having problems connecting to the Access points and as well as some are not joining.  I set the controller's date back five years and the AP's joined.  But there is a setting in my router that resets the controller back to the correct time.  

Would updating the firmware on the controller fix this problem?

I need to port forward on BT business router 6 and I need it traffic coming  from internet to talk to my webserver on port tcp 443 and udp 161.

also this webserver needs to access to outbound to all traffic.

Is there any idea ?


I tried to configure a static NAT on cisco router 897va so it can be access from internet on port 443 and udp 161.  Also I need an outbound rule to allow  all ports so print can talk to outbound traffic to any destination.

1st Question:

When I configured below static nat on router.
1.      ip nat inside source static
internet works ok
wireless access point works ok
printer works ok
I can ssh to access point and router.
When I connected one of pc and check what is my ip it gives me

When I configured below static nat on router.
ip nat inside source static udp 161 161
ip nat inside source static tcp 443 443
internet works ok
wireless access point works ok
printer doesn’t work.
I can ssh to access point and router
When I connected one of pc and check what is my ip it gives me
 It looks like both are same static nat except No.2 is ports lock down. My question do we need to allow / permit to so it keeps the same ip add for outbound traffic.

2nd Question:  router interface config verification.  Both interfaces are up.

Also , issue is I applied almost all inbound and outbound rule for restrict the traffic. Every when I applied on inbound then outbound stops working, outbound then inbound stops working.
I got funny feeling that router config is not correct.
BT assigned the subnet ( …
I have deployed a bunch of Merakis. (MR52)  Authentication is handled by WIndows NPS server (Radius).  Works great for Windows 10, Android, Iphone, Mac etc... Users log in with their username/password.

Windows 7 machines however are unable to authenticate.  I have followed various articles on the Meraki site, which include pre-defining the wireless network.  I spent a couple of hours with Meraki support, they said that everything is configured correctly and they say it is a client (Win 7) problem.  I installed a completely fresh copy of Windows 7 SP1 and it has the same issue.

The real kicker here is that our company has two domains.  In this domain, it does not work.  At our other sites Windows 7 machines can log in without issue.  The configuration of the NPS and Meraki admin interface is identical between sites.

This is a toughy...

I'm having issues factory resetting a Cisco Air Lap1042N-E-K9 Access point, I have tried all variations of resetting this from the mode button and write default-config have also tried deleting private-multiple-fs but I just comes back again after a reboot I can't seem to do a full reset no matter what I try.
Initially I could not access conf t but I managed to find a command line that allows this but even if I wri mem and issue a reload command this option is not saved, it appears to disregard anything I add after a reboot I'm completely lost :(
I'm not fully conversant in cli/console mode but I can just about get by if someone points me in the right direction as to what I'm doing wrong.
if you need me to upload the config then please let me know.

I am trying to implement the static nat  on cisco router for inbound traffic.

Can anyone explain what is the exact different below two nat rules.
1. ip nat inside source static 81.128.XXX.XXX    (When I applied this nat all works ok no inbound and outbound traffic are blocks).

ip nat inside source static udp 161 81.128.XXX. XXX 161

ip nat inside source static tcp 443 81.128.XXX.XXX 443

I reckon nat rule has allowed me 443 and 161 to be opened only ?

hello experts
i have two sites, which there is a IPSEC VPN tunnel via two Cisco ASA firewall, i have no problem to access from site A to site B or B to A, but i can't access the inside interface for the other site, for example from site A can't ping to ASA-B inside interface and the same from site B can't ping to ASA-A inside interface, so how can i configure a policy so that such access available.

thank you
I am having issues with a Cisco WLC wifi deployment using radius authentication setup on an NPS. User certificates are installed by Group Policy and users are able to connect and work just fine however if they move out of range for an extended period of time and return the wifi SSID says connecting but never connects until the user manually clicks disconnect and connect again which prompts them with the certificate and asks to connect. In extreme cases users have to restart there PCs to reconnect to the wifi. PS. - Enable Fast Reconnect is checked under the Microsoft Protected EAP (PEAP) settings.
Cisco ASA 5520 (ASA Version 8.3(1)   /   ASDM Version 6.3(1)

I need to open the following so that traffic get into my internal LAN

I have named the outside interface as ETH-WAN and the inside interface as ETH-LAN

I need to allow port 25 to for email traffic
I need to allow port 80 to for a web server
I need to allow port 6089 to for CCTV
I need to allow port 65535 to for CCTV
I need to allow port 53 to for DNS
I need to allow port 3240 to for Media Sharing
I need to allow port 443 to for Webmail
I need to allow port 3389 to for Terminal Server access.

I have tried to open the ports on my firewall but when testing what ports are open, the results show as port close

I have configured NAT for these ports and address yet.

Any help you can give me would be great.  I am trying to configure all of the above from the ADSM interface

Thanks Andy
Dell is saying that its Compellent SANs require flow control enabled for it to work properly. For this purpose would Cisco's Priority Flow Control work as well as regular 802.3x link-level flowcontrol (LLFC) ?  My model of switch doesn't support LLFC evidently.

The switch - a Cisco 3100 is seeing a lot of Rx Pauses from the SAN but I think it can't do anything about them.
Port         Send FlowControl  Receive FlowControl  RxPause   TxPause
            admin    oper     admin    oper
Eth1/1       off      off      off      off         622377865 0
Eth1/2       off      off      off      off         632037851 0
Eth1/3       off      off      off      off         374231740 0
Eth1/4       off      off      off      off         377617928 0
Eth1/5       off      off      off      off         888908    0

Can anyone tell me if there are any security vulnerability with the Cisco 3650? If so please explain and or direct me to a security advisor.
Can multiple Cisco access points be managed by one Cisco wireless lan controller that is remotely connected I.e New York, to California?

Why or why not?
I have 4 locations that are utilizing gateway to gateway connections. 3 locations have the Cisco RV325 Wan VPN Routers and one has an ASA. Under the VPN Summary tab the 3 VPN connections were all connected at one time and recently the status went to waiting for connection. Nothing has changed that could have caused this that im aware of. I tried switching them all to aggressive mode and back but it still goes back to "Waiting to connect".

There are 4 sites, Office 1, Office 2, Office 3, and Office 4.

All of the offices are connected to each other except office 2. Office 2 is waiting connection to all of them.

I've compared the settings side by side and they are all the same.






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).