[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a Cisco Catalys 2960. We are short in ports in one office, we need to connect a UniFI 8 Port switch to the port, the port shuts down on the switch in err-disable state, due to bpduguard. so I figured I need to disable BPDU guard feature on that port. is the this the correct solutions?

It seems that the BPDU guard is enabled on all ports, How can i disable bpdugurad on that single port and not effect anything?

Will disabling BPDU on the switch cause any damages?

Thanks in advance
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Is Cisco UCM  Version 12, can I do the following:

  1. Set a user's voicemail to allow breaking out back to the main menu
  2. Monitor Hunt Group and Call Volumes in Real Time
  3. Monitor Agent Login/Logged Out StatE?
I have a Cisco ASA FPR-2110.  I am running ASA code and I'm using ASDM.
I have Pings blocked so external sources can't ping my WAN interface.

How do I, through ASDM, allow pings only to a certain set of public IP's?
Cannot ping or access via ip new cisco switch

show running-config
v2.4.0.94 / RTESLA2.4_930_181_045
CLI v1.0
file SSD indicator encrypted
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a31af4e4430033719968c0
unit-type unit 1 network gi uplink te
unit-type unit 2 network gi uplink te
unit-type unit 3 network gi uplink te
unit-type unit 4 network gi uplink te
spanning-tree mode mst
vlan database
vlan 3,5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SG350x
management access-list admin
ip http authentication aaa login-authentication https local radius
snmp-server server
snmp-server location "Server Room"
no ip domain lookup
ip name-server
ip telnet server
interface vlan 1
 no ip address dhcp
interface vlan 3
 name "Corpyy"
interface vlan 5
 name "Guest"
interface GigabitEthernet1/0/1

Cisco Switches: Various models.
As someone unfamiliar with these, I have been tasked with removing all configuration information from them, to return them to "stupid" or factory reset.
While I can find the makes and models and have a serial cable (attached via a USB) converter to my laptop.
I do not seem to be able to PuTTy in.
What connection I establish returns "garbled text".

The forums I have read all seem to suggest similar PuiTTY configuration settings - which I am unfortunately having no luck with.
I do not have any IP or config info...or I might have tried to TelNet.

I can provide more information if required - but this will give you a flavour of the issue.
Is there a default reset button - or switch - inside the case.

Any assistance will be gratefully received.
Dear Experts,

I want to check the end of life for Cisco software 3.16.7bs, but I only manage to find for 3.16 only.

Is there a website that list out all the IOS software EOL support?
Working to establish IPsec Site-to-Site VPN, the local network is 192.168.0.x behind a Cisco RV130W and far end has a Cisco NSA 2600 and also has a pre-existing VPN with the 192.168.0.x subnet. The tunnel needs to support a single host on each end.

Is it possible to assign a 2nd IP Address to the PC in my network, say, and use this for the VPN?
we just moved to Cisco AMP for email. It has been a nightmare of epic proportions. I would like to get some feedback as to others experience. We had reseller do install. We have had email being blocked due to new IP address of the Cisco appliance. We have had email disappearing into the either without a trace.  Some times it shows hitting the Cisco appliance but not Office 365 and the other way around. But the hardest part is the email that disappears without a trace. Or email that is kicked back to the sender but no notice on our end. Had reseller do the install.

Looking for feedback- we were almost going with VIPRES email filtering solution as it did the same thing with attachments and links but had some great features like stripping and email with too large of an attachment and sending the email on with a ling for you do download the attachment from VIPRE.  The GUI for Cisco is cumbersome and not very intuitive. VIPRE's was very intuitive.

Out intent was to get the Firepower/AMP for Email and AMP for Endpoint all installed- Firepower went without a problem but the email piece has not gone well so we are definitely not moving forward with Endpoint at this juncture.

This has been going on now for over a month- Cisco and Microsoft saying its the others fault etc.
I'm trying to Port Map access to my http server from the outside by mapping both source IP/PORT to a destination IP/PORT.
This is what I need to do....  Does anyone have an idea how I can do it on a Cisco ASA 5520
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address
object network INSIDE_APACHE

object network HTTP_ALLAN_OBJ
 nat (outside,inside) static service tcp 8080 80

ciscoasa# sh nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source dynamic any interface
    translate_hits = 5904, untranslate_hits = 43

Auto NAT Policies (Section 2)
1 (outside) to (inside) source static HTTP_ALLAN_OBJ   service tcp 8080 www
    translate_hits = 0, untranslate_hits = 0
Can Dahua PFS4228-24P-370 24-Port PoE Switch support on Cisco layer 3 core switch 3850 ? See attached specification. Tks.
Starting with Angular 5
LVL 12
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

So we currently have a Cisco ASA 5512-X, v9.2.

We are currently on split tunnel for VPN, however, we want to move away from split tunnel as it causes routing issues for us to AWS.

Is there a good way for me to build out another VPN interface and apply new profiles/rules to test?
Hi, need help on network devices. See attached drawn diagram for yr kind advice.

Having Cisco Core Layer 3 switch 5000 Series onward

Having Dahua Access PFS4228-24P-370 24-Port PoE Switch => https://www.dahuasecurity.com/products/productDetail/7041

Not sure whether is compatible to configure RSTP / STP with Trunk Port on Cisco Core Layer 3 to talk to Dahua POE managed switch


MAN Network setup.

I am tasked with setting up a MAN network.  We currently have 5 offices; 3 on East Coast and 2 on the WC.  

We are getting Comcast ENS 500mg circuits at these locations.  The plan is to have the 3 East coast offices come back to the HQ office in NY and the 2 West Coast offices to go to the office in Seattle with Seattle being the failover option if HQ goes down somehow.

We currently have a range of ASA5506/5525/5545 at the office locations that handoff to the switches.  It is a pretty flat network with the users on a /24 subnet and any VLANs at HQ are done on the 5545 handed down.  Would ASAs be best for a MAN network, will they do the job or is a router needed.

Currently I have these office's on a IPSEC VPN tunnel back to HQ.  Passing just their /24 subnet to HQ and we send out the required subnet(s) back to them for needed access.

Remote office - ASA5506/ASA5525 (depending on office) ISP connected to them then inside interface to L2 switch.

HQ - Layer 3 switch handoff to ASA -- multiple stack switches behind it.HQ DiagramProposed_Topology.vsdx
Cisco 3850 switch.

Did a password recovery, and am trying to load the former OS.

When I do a directory of flash, I get the following:

6 cat3k files

I'm not getting the wording at the switch: prompt to boot to that former image.
Our company has installed a pair of Cisco 2960x switches (Model: WS-C2960X-24TS-L) stacked with FlexStack Plus stacking module. Currently, we have configured the local user database for a few network administrators to logon and managing the switches.

<.. Extracted Running-Config..>
username mcms_admin password 7 <..Password..>
username mcms_admin2 common-criteria-policy policy1 password 7 <..Password..>
username mcms_admin3 common-criteria-policy policy1 password 7 <..Password..>
aaa new-model
aaa common-criteria policy policy1
 min-length 8
 max-length 25
 numeric-count 1
 upper-case 1
 lower-case 1
 special-case 1
 char-changes 4

ip ssh time-out 60
ip ssh version 2
ip ssh server algorithm mac hmac-sha1
ip ssh server algorithm encryption aes256-ctr
line con 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
<.. Extracted Running-Config..>

Currently, the switch does NOT trigger any audit logging if an administrator logon successfully or logon failure to the switches. When entering a "Show Log" command, the switch only show interface up/down/connect/disconnected status.

Our security team would like us to implement some kind of logging such that there will be a historical Logon audit log whenever a system admin (Or intruder) logon failure or successfully to the network switches both a SSH remote user or thru the console port.

Our team is a bit new to the Cisco network management and would like to know how can…
Win7 source pc unable to find the WDS server from the Image Capture Wizard.  I receive an error message "network location could not be reached".  I can ping the WDS server (Windows 2008 R2) ip and the source pc non-stop.  The WDS boot-up screen shows up on the source PC so I have to believe that it is communicating with the WDS server.  I've updated the drivers in the capture image and added the registry entry "maximumBlockSize" (set to match the value of the Cisco 2960 switch).

After all that, still can't get the WDS server to capture the image from the source PC.  Any help in resolving this would be greatly appreciated!
Cisco Switch - need a quick refresh

If i have a switch where the port is active and a cable is plugged in but nothing on the other end of the cable. Would i see Gi1/0/1 up, line protocol up or would i see Gi1/0/1 up, line protocol down?

Now if i have a computer that's off on the other end of the cable, would it show Gi1/0/1 up, line protocol down?
I need to configure a basic zone based firewall rule on a Cisco 4331 to block most common attacks from the internet.

The Problem:
I'm having some issues with latency and slow uploads after having attempted to configure a zone based firewall rule on a Cisco 4331 Router.  

Further Details
A customer has a 100/100Mbps Fibre link and when directly plugged into a laptop, it comes very close to those speeds. When going through the Cisco router (without a firewall rule), it is around 90Mbps down and 30Mbps up with a latency of around 30ms (so something is already not quite right on the Cisco in regards to the uploads). With the zone firewall rule configured in the config below, it is still around 80-90Mbps down, but the upload is significantly further degraded to now only 4Mbps, with a latency of close to 200ms!

Also to point out, the ISP requires shaping which is why there is a shaping rule configured below as well:  
shape average 100000000 98000000 0

Open in new window

I'm very new to configuring Cisco routers, so I need some help as to where the problem might be?

Thank you.

Here is part of my Config:

class-map type inspect match-any internet-traffic-class
 match protocol http
 match protocol https
 match protocol dns
 match protocol icmp
class-map match-any CCP-Transactional-1
class-map match-any CCP-Voice-1
class-map match-any CCP-Routing-1

Open in new window


I have two users set up in Actitive directory , user-a is in Group A and user-b is in group A and Group B

In the ASA LDAP mappings I have,

"User group A" mapped to "End user VPN profile" and "group B" mapped to "Admin user VPN profile".

However if either User A or B logs in they both get the end user profile. Is there any way to prioritise the profile assigment so that "user b " gets the admin profile and "User a" gets the end user one?

I feel like this should be possible or does each user need to be in a unique group? In the debug I can see the member of groups are being returned correctly, and I have copied and pasted from there to and the policy names to insure there are no miss types
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Now that I created my Win7 Enterprise image, I've ran the sysprep util and the Windows 2008 R2 server that has WDS configured is ready for the image.  I have done this process several times before without a problem but for whatever reason, when I boot the source pc up using network boot, the source pc gets the WDS splash screen.  So I know the source pc is communicating to the WDS server.  However once I enter in the server name for where the image should be stored, I get a network error.

In the error log, I see the connection between source pc and WDS server timed out.  I'm running a constant ping to the source pc so I know it's still communicating but further research showed there may be something with our Cisco 2960 and/or possible vlan configuration.  Where would I check for a setting that would drop the traffic between the two?  Note: all of the network traffic is on the same lan and doesn't go through any routers, just the Cisco switches.

Thanks in advance for your time and assistance.  If you need additional information or for me to clarify anything, please let me know.
I'm presently looking for a new occupational opportunity and I get many calls/emails from different places, some seem like they are from overseas, and they are for the same position?  Is there a way I can also become an "IT recruiter"?  How simple of a task can this be and what will I need to get started?  Also, seems like 95% of the communication I do receive might be from overseas, although the positions are in the US.

I also wanted to know if there might be a particular website/s besides the standard linkedin, indeed, that these recruiters find open positions?

Just curious :), but is someone knows please enlighten my innocence.
Hi Team,

We are performing firmware upgrades on CISCO UCS B200 M4

We are unable to move ESXi host into maintenance mode in Horizon view VDI environment in an instant cloned.

ESXi host version:6.0 Update 3

VMware Horizon Version:7.1.0 build-5170113.

Could you please assist us.
I went into a Palo Alto interview and was asked how I would handle or advise a client on best practice that went against what the particular client presently had in their environment.  

I wanted to get a glimpse of to how to answer for future interviews I might have with this particular position?

What should I have said or points that needed to be brought up?
Had an issue last week with upgrading a 4451 - X and Cisco recommended Image:  

Was using image:  isr4400-universalk9.03.13.00.S.154-3.S-ext.SPA.bin

The Primary and secondary routers were stable for about 20 minutes and started to reload on their own.  The two engineers from Cisco were awful from the TAC Case we had open.

The Image I wanted to use was: isr4400-universalk9.03.13.10.S.154-3.S10-ext.SPA.bin

Anyone have knowledge of crashes on 4451-X using the Denali platform?  So far, I am unimpressed.
Our time clocks communicate with several IP Address and I need our Cisco 501 Pix firewall to allow inbound/outbound (two way) traffic to and from this list: - - - - - -

All for HTTP (80), HTTPS (443), SMTP (25) ports
Attached is our Pix 501 config file.  It is not clear to me if the access-list acl_out properties are set up correctly and if I need to additional lines for fixup protocol.

Also, does the Windows DNS Server Firewall setting need to be modified or added to?







Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).