Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts,

I have a network with some switches to my gateway, all vlan0.
Now I have to setup a new vlan 253. Some VMs has to work in this vlan.

How to route this vlan to my gateway to get internet access ?
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

I have cisco catalyst 4507R-E that has to be replaced with below:
1. New Cisco catalyst 9407R switch with 2 supervisor modules, 1 24 sfp+ port module and 1 48 1Gig UPOE ports.

What are the recommended steps or the best way to migrate from 4507R-E to 9407R.
I have a Cisco 2960x switch and a heap of Nec DT800 handsets and would like to put them on a Voice VLAN. The only way I have been able to get it working was to enable the Voice VLAN on Switchport and configure VLAN tagging on the handset as we may need to use the built in switch.

Considering they move handsets often is it a safe assumption to just apply the Voice VLAN on all the switchports just in case they move one to an unconfigured port?

What’s the best practice?


I am learning the Cisco ASA firewall and would like to get caught up on the best practices and procedures to protect the environment.

Any recommendations and best practices information that you think would be useful?

Dear All

I hope someone can help

What I’m trying to achieve
We currently have a Cisco WLC 2504 controller running our Wi-Fi network. We have been running 2 networks  (Guest & Corp) with PSK for all users to type in manually. What I would like to do now is change the Corp Wi-Fi to use the staff’s AD username and password instead of the pre-shared key to connect whatever device they use (Mobile, Tablet, Laptop). We don’t have a certificate infrastructure and we only want to use is their AD user name authentication

What I have done
I’ve installed a NAP server (Windows 2012 r2) and followed the “RADIUS server for 802.1X Wireless or Wired Connections” wizard as recommend and I’ve setup a new SSID on the WLC to use the RADIUS server. This all seems fine and when I run the “test aaa radius” command it comes back with success. All good so far!

Issue I require help with
When I try to connect a client to the Wi-Fi it fails. The logs on the controller says the authentication has failed and I don’t know why.

Below is the two entries that come up on the controller.

I get two failures when I try to connect from a laptop one for the host and one for the user account

AAA Authentication Failure for Client MAC: a8:08:cf:b4:a7:w5 UserName:DOMAIN\USER User Type: WLAN USER Reason: Authentication failed
AAA Authentication Failure for Client MAC: a8:08:cf:b4:a7:dw5 UserName:host/HASTNAME.domain.local User Type: WLAN USER Reason: Authentication failed

If anyone could …
I am having problem with using arpspoof on my kali linux box.  i am receiving the following error " arpspoof: couldn't arp for host host). I am able to ping to all my network devices and SVI's. I have bulilt out my own Network lab that have cisco routers, swithches, and firewalls. All my devices are receiving ip's from my DHCP server, and able to get on the internet. But for some strange reason the kali linux box arp table isn't populating and it's showing only (which is the SVI), and the cisco switch arp table is populated.  

Below is the command Im using.

arpspoof -i eth0 -t

I have 4 vlans in my network (User's, Server's, Management,and kali)

10.10.9.x/24= users
10.10.8.x/24= servers
10.10.7.x/24= managment
10.10.6.x= kali
Need to setup Multicast on a network with Cisco SG220 switches and a Mikrotik router.  The switches are running several VLANs and the MikroTik is the core router for all IP traffic between them.  The Multicast source is a NVR.  I see that all of the devices support Multicast and I have setup a Multicast address on the NVR.  What do I need to do for the Cisco and Mikrotik devices to allow them to move the Multicast traffic around?
Does the Cisco Catalyst 3650 support 802.1ae on downlink ports? thanks!
Ports on Cisco SG300-28PP constantly doing Link up and Link down.
Exploring SQL Server 2016: Fundamentals
LVL 12
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

I am trying to setup port forwarding with Cisco ASA 1500.  Im trying to setup https://website:3443 to a local address.

things Setup:  

Access rules
Source:  Any  "for Now"
Service 3443
Destination:  local address object for host

Nat Rule
Source Interface outside
Source Any
Destination interface inside
Destination address local address object for host
Service Service 3443
Source Nat Type Static
Source Address Original
Destination Address original
Service original
We have the following devices:

9 Host Servers (Dell R620)

Host 1-5 Connected to the Dell S5148F-ON
Host 6-9 Connected to the Cisco 4500

2 SAN (Unity 400) (MD3600i)
2 Dell S5148F-ON Switches
1 Cisco 4500
1 Cisco 4900

We connected the 2 Dell Switches together using 2 100G link and there both connected to the Hosts 1-5 and to the SAN Unity 400. Also we have a 10G connection from one the Dell S5148F-ON to the Cisco 4500. The Cisco 4500 connects to the Cisco 4900 downstream which gets out to the internet.

Can someone please recommend if this is good practice? If not what your recommendations are :)
We have a Cisco 4500 connected to a Cisco Nexus 3172. There is a port channel setup as an access port to allow only VLAN 500 which is the internet VLAN. There is a management VLAN 2422 which is setup with netblock which we are trying to access and we have no access to. Would we configure the port channel between Cisco 4500 and Cisco Nexus 3172 as a trunk port and allow VLAN 2422 to have management access to
I have a client with a LAN, using a Cisco router, and then, in another area of the building I have a D-Link router set up as a wireless access point only (no wired connection to D-Link WAN port, DHCP off).

They want to add a guest network that is isolated from the private LAN.  If I enable the guest network on the D-Link it doesn't work, presumably because the Guest network is trying to go out through the WAN port directly, which isn't used because I've got it configured as an AP only.

If I add another router to handle Guest, in order to get the isolation I need from the company's private LAN, I've had to use 2 additional routers to get the isolation.  Is this the way to go, or is there something better that I can do?

Dear Experts,

I have a set of fortigate firewall policies which I need to duplicate on a cisco router.

I have done most of the point A to point B.

The issue I have now is the NAT and there is an IP Pool, is there a guide on how I can translate the rules from firewall to cisco router?

Any help is appreciated.
Hey guys. Hope you might be able to help me out with this sort of...unique situation.

We have two facilities. I'm trying to set up some VLANs, but there's a catch: we have a fiber connection between the two buildings that is causing some problems. Let me give you an outline of our layout.

Internet comes in from ISP to a Cisco RVS4000 router/switch, plugged into WAN. Port one has a cable connecting to the main switch (Cisco) of Facility 1 (F1), which has a DHCP server running Windows Server 2008 (unfortunately. I have a new server to setup when I'm done with this project to fix that). Port three has a cat cable connected to a fiber converter going to single mode fiber running to Facility 2 (F2) about 10 miles away. (That connection is working flawlessly. I can plug into the main switch and be on the same IP range and domain as though it's just a long cat cable, because essentially it is.) At that facility, it's plugged into port 8 of a Netgear (I know) GS510TLP and running to a TP-Link (I know) T1600G-52PS. Port 2 on the Netgear is going to a TP-Link T2600G-28MPS for VoIP and port 3 is going to a T2600-28MPS for cameras.

I created some DHCP scopes and VLANs (VLAN 2 and 3) between all this mess and got it sort of working. By sort of, I mean I can plug into the switch at F1, and VLAN3 will give me a DHCP address from the server. VLAN2 will not. In order to do so, I had to use two other NICs in the DHCP server on the ranges (4.x and 5.x) I'm needing for those …
I have network diagram where we have replace the cisco switches with Aruba switches. We got the current cisco config so we can configure the new Aruba switches accordingly. Can someone help me to share a project plan template or something similar for the implementations. All the cabling will be in place on site and all the devices, spf modules will be there.
I have established two VPN connections in AWS from an environment to a third party Cisco VPN firewall.  Everything is set up as it should be, but we are unable to bring the tunnel up.

I a nutshell, we have established two independent VPN connections, with each on going to a different datacentre.  The configuration has been supplied to the 3rd party agency who are managing an external service that connects through the tunnel to another agency.  The two tunnels are set up as Active and DR tunnels, but will carry the same traffic. in the event of failure, and then our traffic is NAtted twice to reach the destination.

We have tried a number of things but still unable to get the tunnels up from either main or DR datacentre firewalls.

The problem seems to lie in the tunnel configuration; apparently there is an issue with using SLA monitors to keep the tunnel up from the Cisco side; obviously without this the VPN connection will drop.  The information I have seen seems to imply we need to setup a "route all" tunnel at the customer side and then employ static routes to get the right traffic down the tunnel to the firewall - which will cause major issues as our VPC supernet overlaps their networks; also we only want to allow 3 machines on two subnets through the tunnel.

Our other problem is how the VPN failover will work for the DR tunnel.  They are monitoring and will automatically fail over to the secondary VPN tunnel should an issue occur with the primary datacentre …
On my W7 I have a problem to connect through cisco Any Connect ver 4.4 vpn and my ie11 .

when I tried  first login to any Connect it  goes through then I go to My Remote Desktop connection to connect to site I am stack , ie is not showing long in screen  I am getting white screen and error not able to connect??

When I turn of Any Connect  my ie11 is working.
Any idea how to solve this.
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Block/Deny all IPv6 traffic on all ports for a layer 2 device for Cisco 2960S

I've recently discovered there is a LOT of IPv6 traffic generated and passed along, within subnets, on our network.   But one subnet usually has 1700 clients, so a little from each client can get pretty overwhelming. I'd like to set a deny ACL on all the ports of these Layer 2 devices, so they won't pass the traffic, even within the subnet.  Most of it is mDNSv6 from Apple devices, and all of it appears to be multi-cast/broadcast.

I have the commands that they say to use, but they aren't working.  On the cisco they are:

Ipv6 access-list <name>
Deny ipv6 any any

Interface g <x/y/z>
Ipv6 traffic-filter <name> in

this works on a Catalyst 3850, which is Layer 3.  But the IPv6 command only has "mld" and "nd" as options.  Cisco's documentation says it should work on a Layer 2 port, inbound only, but was less clear on how to make it work, and all examples they give, across all documentaton is setting it up on a Layer 3 port.

I've also got this to work on Procurve 2530 switches, which are also Layer 2 only.  It definitely blocks all he IPv6 traffic on the Procurves and on the 3850.

Cisco ACI (SDN) API for integration with cloud management platform, google cloud, AWS or etc for my coming project?

My Explanation for your kind clarification:-

1. Uses Cisco CloudCenter Manager user interface or REST API or OpenDaylight APIs (REST) on Northound. Below is the simple diagram and full explanation from Cisco

2. OpenFlow 1.0 / 1.3, OvenVSwitchDB (OVSDB), Netconf/Yang, BGP-LS, PCEP  to programmatically change the configuration of a network device to enable communication on southbound (plug-ins)

3. Network services APIs: Java


What Cisco ACI (SDN) API for integration with cloud management platform? Tks.
Cisco ASA 5510 and Cisco 2921
Currently we have a Cisco 2921 ISR that we connect directly to the internet we have a 16 block of IPs routed to internal servers and use anyconnect to VPN into the office and have a office to office vpn with a remote office. We use ACL's to manage all the traffic. This is then connected to a 6509 and we have 4 vLans.
The throughput on the 2921 seems really slow for our remote users.

Im looking into a ASA 5510 to replace the 2921. Is this a good Idea or do I run them in line? Im looking for better performance on the VPN side. The 2921 is slow.
Or do I look at something else all together?
On a Cisco switch what is the best way to tell if a port or interface is enabled or disabled by using no shut pr shutdown.

I am trying to setup a port channel between 2 cisco 2960s.  

I am using the following:
Switch2#(config) int port-channel 1
 Switch2#(config-if) switchport mode trunk
 Switch2#(config-if) switchport trunk encapsulation dot1q
 Switch2#(config)int range gig 0/45-48
 Switch2#(config-if) channel-group 1 mode active

The problem is  I get Invalid input detected at

 #switchport trunk  encapsulation dot1q
 % Invalid input detected at '^' marker

Could someone tell me what I am doing wrong?






Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).