Cisco

24K

Solutions

15K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

I need to re-IP all the voice VLANs in a company. My first thought was to just renumber the SVIs at each site related to VOIP. But that would then cut me off from being able to reset the phones from the Call Manager because the gateway no longer works. OR would it be the case that losing connectivity to the Call Manager, the phones might just reboot themselves?

If not that - might there be a way to recycle the inline power at the switches to force the phones to reboot? e.g

int range Gi 2/0/1 - 47
    power inline never

    {WAIT}    

    power inline auto

Any other thought on the most efficient means to reboot all the phones on a switch when they can't talk to the Call Manager?
0
Success in ‘20 With a Profitable Pricing Strategy
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

How to backup the existing running configuration of Cisco routers and switches? So that l can load the configuration to another replacement device if failure
0
I have ordered 1 GB internet service (BW) hand off from Bell. The firewall will be the gateway for 5 offices with total 200 users. I would like to install CISCO ASA 5500 series as internet gateway. ASA will have VPN to AZZURE as well for AD and SQL sync. Can you suggest the ASA model best fit for us? Current firewall is 5508 X which handles 1 office (40 users) and 200 GB hand off but we are upgrading the circuit to 1 GB and adding 4 more offices (total of 200 users).
0
I have two 4500 32 port Cisco switches running build 3.11. They are connected via SFP stack cables. What do I need to do in the switch so  the primary switch can see the connected switches ports so they appear as one large switch?
0
I have a Cisco Voice Gateway 4331 that handles all of our calls in conjunction with Cisco Call Manager.  The voice gateway has a PRI circuit connected to a port and three POTS lines using the remaining three ports.  In this example, I want to have the internal extension 3337 use the specific port of a POTS line on port 0/2/2.  This is for a fax machine (attached to CUCM via an ATA 190) that only sends and I am having trouble with it being reliable over the PRI.  I was hoping to tie it to a POTS line to avoid trouble.

I tried the following and it did not seem to work correctly.  I feel like I am missing an important component:

dial-peer voice 3199 pots
desc ***** Send faxes over pots lines for mailroom *****
preference 1
answer-address 3337
port 0/2/2
forward-digits all

In the above, I am attempting to identify the internal extension of the fax machine (3337) so that it can be directed to use the POTS line on port 0/2/2.  Is there another set of commands that I might be missing?
0
Just wondering if I can I deploy two VPN gateways (could be any platform - say Cisco ASA at both ends), where one location is in the USA and one is in China.

If this can't be done, where can I find more information on this restriction.  Not sure where I can find more information on the "Great Firewall" in China that may restrict this.
0
Restoring an Archive File to 2960

I can successfully transfer a file to and from my Cisco 2960 switch. I have an archive function in my configuration and it works great. I am trying to restore a config from my backup location to the flash on the switch. I can successfully SCP from the switch to my backup location and transfer the files to the switch flash. The file shows/ displays there. However, the file size on flash shows zero / 0.

I have verified the contents of the config in notepad. The file size, when viewed from computer, is 13 KB. I can open in notepad either using a .txt or .cfg extension.
0
Cisco Router Model: ISR-4331

When I try and ping any external DNS hostnames from the Cisco CLI I receive the following error. I can seem to ping external IP Addresses ok

tfs-mt-r1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/6 ms
tfs-mt-r1#ping google.com.au
% Unrecognized host or address, or protocol not running.

tfs-mt-r1#ping news.com.au
% Unrecognized host or address, or protocol not running.

Cisco Config is as follows:
Current configuration : 5242 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 300000
!
hostname tfs-mt-r1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!



no ip domain lookup
ip domain name totalfire.com.au
ip dhcp excluded-address 192.168.0.1 192.168.0.20
!
ip dhcp pool tfs-mt-lan
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 61.9.194.49
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4331/K9 sn FDO21320SXJ
!

Open in new window

0
After upgrading our FMC 4500 to 6.5.0, we can no longer SSH into it.

Here are the symptoms:

1. Before upgrade, we could successfully use Putty and SecureCRT to access CLI via SSH

2. We are trying to use Putty and SecureCRT and neither emulator is working after the upgrade.

3. SecureCRT says "password authentication failed"   see pic

4. Putty says "access denied"    see pic

5. We have verified usernames and pw's of people attempting to access and they have admin rights.

6. We have attempted multiple users

7. We are not using external authentication. All of our users have local accounts to the FMC

8. See attached FMC Log file tooPutty ErrorSecureCRT Error1Secure CRT Error 2FMC-Log.txt
0
Hello,

I am trying to announce a test prefix via BGP to test a new expressroute circuit we have setup.  I have a cisco 3850 layer switch and I would like to know the commands needed to setup this test prefix so I can do it without disrupting our current traffic. Tks in advance.

peer_asn                      = 650XX
primary_peer_address_prefix   = "172.16.0.0/30"
secondary_peer_address_prefix = "172.16.0.4/30"
vlan_id                       = 150
0
How to Generate Services Revenue the Easiest Way
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

I am doing some discovery on a spoke of a DMVPN. I don't have access to the hub/hubs.
In the configuration seen below I have several ip nhrp map multicast statements and ip nhrp.
Is this indicating that this spoke has six different hubs to which it *could* register if the first one goes down? Thank you.

 ip nhrp map multicast 66.66.8.129
 ip nhrp map 10.77.126.1 66.66.8.129
 ip nhrp map multicast 66.66.8.130
 ip nhrp map 10.77.126.2 66.66.8.130
 ip nhrp map multicast 66.66.8.136
 ip nhrp map 10.77.126.3 66.66.8.136
 ip nhrp map multicast 66.66.8.138
 ip nhrp map 10.77.126.5 66.66.8.138
 ip nhrp map multicast 66.66.8.134
 ip nhrp map 10.77.126.7 66.66.8.134
 ip nhrp map multicast 66.66.8.131
 ip nhrp map 10.77.126.9 66.66.8.131
0
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/eos-eol-notice-c51-736509.html
Above link mentioned it's the IOS that will be EOSL.

What's the EOSL date for Cisco 2960x hardware itself & what's the replacement model?
We need a model that has 48 more months at point of implementation.
0
Hi,

I have question. Can we manage Firepower 4110 without using FMC (Firepower management center) or I will need to buy one?
Which appliance or virtual FMC I need to buy? and is there any free license or no?

Thanks in advance
0
I have multiple Cisco swithces 3850's and 2960's in my envirronment.  I am using port channels on some, but is there a command to tell if LACP is enabled on every port on a switch or certain ports only?
0
It has been a while since I create a static port channel on a Cisco 4500 and want to make sure I am doing it correctly
Port-Channel Requirements
Ports: TE 1/12 and TE 1/19
Mode: on (static)

I know you can do a config t group and list a range of interface to configure at once, but how can I setup a port channel when the ports are not consecutive? Also when done, how can I add a description to the new port channel. It is the same method for adding a description to a regular interface?
0
I have a remote site that is connected to our main site using a WAN between two Cisco routers. The Cisco GRE tunnel is up and stable.
At the remote site I have a mix of Windows 7 and Linux PCs on a single 192.168.37.x subnet with mask 255.255.255.0. The gateway is 192.168.37.10.

At my central site I have two RDS servers on a single subnet. The servers IPs are 192.168.39.246 and 192.168.39.222. with subnet mask 255.255.255.0. I use EIGRP and RIP across both subnets and the route tables in the routers are good. The gateway is 192.168.39.10.

At the remote site all of the Windows 7 PCs can remote access both servers using mstsc.exe.
At the remote site only some Linux PCs can access both servers using rdesktop/ping.

I have three out of five Linux PCs at the remote site that can only access the server with IP address 192.168.39.222. They cannot reach the server address 192.168.39.246 using rdesktop or even ping. The server firewalls are the same. The Linux installations are identical, having been cloned from the same image.  This was working until about a week ago.  Now these three machines can only see the one server. There are no ACLs on the Cisco routers that would cause this. There are no firewall settings on the Linux boxes that I can see.  I have numerous Linux PCs on the central site - all can see both servers. If I try reaching the remote PCs from the ~246 server, only the two that can reach it can be pinged or accessed using VNC. The Linux PCs that cannot see …
0
Dear Experts
We have installed Cisco FTD 1010 for routing and firewall and Cisco FMC for managing FTD . We have CISCO 1830 SERIES (WIRELESS ROUTER)  integrated with windows AD, windows radius server for wireless users of Windows AD to access network. Now would like to implement the best practice method for guest users
1. Please suggest should we have to create guest user in windows AD and provide these details to guests. Guest users  would only require the internet hence not sure is this best practice, think if go by this approach then guest users will connect to the same network

2. or should we have to create guest user at wifi device level and separate guest network from LAN private network ( hence this assigns IP to the guest users and they are not connected to our internal network. Please suggest the best practice.

Thanks in advance.
1
I need to clone/copy a Cisco 2960 layer 3 switch config to an identical Cisco 2960.  I need to also copy the layer 3 configuration (routes, vlans, etc).  Anything I have seen only lets you copy the layer 2 config.  Yes I tried to Google the problem first, but there is not much I can find on how to do it.
Any help would be appreciated, thank you.

Steve
0
Hi

We are trying to authenticate from a Cisco ASA firewall with our Domain Controller that is hosted in Azure over a site to site VPN connection.  We have this working fine from the ASA to our on premise DCs using IPSec VPN.

Azure support have said we should add a rule on the NSG to allow this traffic through (they have tweaked it too) but does not work.  It times out on the firewall console (this is externally managed).

LDAP connection over the site to site VPNs to the DC works fine using LDAP.exe and i can bind to it.  

Ideas?
0
Angular Fundamentals
LVL 19
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

hi guys,

At the place I work at, we have a primary internet line and a secondary internet line. The secondary isn't being used as it is a failover. However, the primary line  with a Cisco 1941 has got its CPU usage to almost 90% every single day. The secondary line is not being utilised at all. That also has a Cisco 1941.

We have a change freeze window coming up for almost 2 months! So we can't do anything from this Friday onwards.

The future plans will be to upgrade WAN bandwidth and change the Cisco routers. But for now, if I wanted the secondary line to become utilised, would you use a Meraki Mx68 to do the load balancing? So that it would sit in front of the two routers and it would load balance the traffic to one or the other to turn it into an SD-WAN capable system?

Are there any other ways that you can think of?

Thanks for helping
Yash
0
I support several Windows Server 2016 servers and not running into this issue
- At first, I thought we had a router issue. The router has been upgraded to a newer Cisco model (originally we were using a "Netgear Prosafe router")
- The server is not in a domain. There are approximately eight computers in a peer-to-peer network at this time. The computers cannot map a drive to the server until we physically change it from public to private. Then it connects. But on the server, I cannot change it to private.
- When the server is rebooted, all users lose connection to their map drives until we go back and change the PC from public to private (or work on older Windows 7 PCs)
0
I'm trying to set up a certificate on a Cisco ASA-5506x for the first time and wanted confirmation that I'm on the right track.  The immediate reason for it is for PCI compliance, but it would generally be a good thing anyway.

We don't do any hosting where the ASA is located, but we are using VPN connections.

My understanding is that I can do it as follows:
1)  Set up a new A record on the DNS server for our domain (ourdomain.com) named asa.ourdomain.com and point it at the public static IP address of the ASA
2)  Obtain a certificate for asa.ourdomain.com from a certificate authority using DNS authentication (I do have access to the DNS server for the domain)
3)  Install the certificate on the ASA

Am I on the right track here?
0
Hi,

Everything went ok apart from 1 question I have:

steps:
upgrade to same IOS - done
set priority to 1 to be member - done
write erase - done
delete vlan.dat done
backup run config of stack

stacked the 3rd switch correctly
powered on added switch
current joined stack not powered down
switch came up as stack - sh switch shows as member

Issue:
now not sure if this is normal but none of the new switch interfaces had any VLAN assigned in their config.
I did a int range and assigned them all -so no big problem. However I was expecting them to be picked up and configured from the master. So is what I have experienced normal??
0
Will a Cisco 1000BASE-SX SFP work in an Palo Alto Networks PA-3020 SFP slot?
My googling is not being helpful on this one. Thank you.
1
Are the two Cisco SFP modules 1000BASE-SX = GLC-SX-MM functionally interchangable?

Thank you.
0

Cisco

24K

Solutions

15K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).