Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Cisco 5520 Wireless Lan Controller unable to connect access point using wired connection using POE injector using CDP I can see access point but unable to have it show up in access point list.  The access point is directly connected to WLC, with no switch or router but both AP and WLC are using ip in same subnet /24.
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

CISCO 4321
I have connected to the cisco via putty and configured passwords, interface gigabiteither 0, and also 0/0/0. I can ping it on the management port and on 0/0/0, but I cannot access the gui via https://192.168.1.1.

This Guide does not tell much at all and I have not found much on google either. Can someone please point me in the right direction. This is router is not in production.

Current configuration : 1429 bytes
!
! Last configuration change at 20:54:05 UTC Thu Sep 13 2018
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname cisco4321
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family

!
no aaa new-model
no process cpu autoprofile hog
!
!
!
!
!
!
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO21062QE7
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
!
!
!
vlan internal allocation policy ascending
no cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip 

Open in new window

0
Is it possible to use Cisco AnyConnect VPN client to make VPN connections instead of old Cisco VPN client v5.0.07.0440?
Here is a screenshot of the old VPN client connection settings:Old Cisco VPN connection properties
If yes, what the anyConnect's XML profile would be?
0
Cisco 7961 IP Phone cannot hear people talking on either end. All looks good in the switch and in call manager.
0
Hello,
I have the topology (upper one in the figure below) where an ESX is directly connected to a Cisco Router. And the link between the two, is TRUNK link handling three VLANs.

I would like to use a Cisco switch c2960 between the router and the ESX server to connect other servers to one of the VLANs.  (lower one in the figure above)
Configuring the ports of the Cisco switch as trunk ports didn't help.
I would like to know what i should do to make everything work correctly.
Thank you.
0
Precedence in Cisco Qos:

in QoS Precedence, there is a list of precedence settings as shown, below.. I would like to know in which case should I select which precedence in the list..
For instance , in case of Voice, or Video, or specific protocol HTTP or HTTPS or FTP or TELNET or SSH, etc how  would I know which on this list to select ?

Thank you


R2(config-pmap-c)#set precedence ?
  <0-7>           Precedence value
  cos             Set packet precedence from L2 cos.
  critical        Match packets with critical precedence (5)
  flash           Match packets with flash precedence (3)
  flash-override  Match packets with flash override precedence (4)
  immediate       Match packets with immediate precedence (2)
  internet        Match packets with internetwork control precedence (6)
  network         Match Packets with network control precedence (7)
  priority        Match packets with priority precedence (1)
  qos-group       Set packet precedence from QoS Group.
  routine         Match packets with routine precedence (0)
  tunnel          Set tunnel packet precedence

Open in new window

0
I want to test a networking solution proposed in Expert-Exchange solution for "2 vlans and one internet connection" Posted on 2018-09-05.

PURPOSE: The Meraki MX64 license is too much for me so I was thinking of using a Cisco 1720 instead, just for testing.  

QUESTION: Please tell me if the Cisco 1720 Modular Access Router will act the same way that the Meraki MX64 does for NAT and DHCP?

ALTERNATIVE: Or can you recommend a better pick?  Perhaps one with gigabit interface - that I can buy used?
0
I am working remotely on a WS-2960X and want to change the config. If it fails I will lose connectivity. If that occurs, I want it to roll back after a short period of time. I have seen how to do this before but I can't find it in search, probably not using the correct term.
0
We have an old Cisco 1800 in a test lab.  The two network interface are configured as follows:

FastEthernet 0/0
192.168.5.33

FastEthernet 0/1
192.168.6.33

The default gateway for PCs on the 6.X network is 6.33 - that is how they can get to the 5.X network.
The default gateway for anyone on the 5.X network is 5.1 (another router with Internet access).
The router with Internet access (5.1) has a static route so it can pass traffic to 6.X from 5.x via 192.168.5.33 (interface on the Cisco 1800).
All systems on the 5.X network can get to Internet no problem because their gateway is 5.1 and it can either send traffic to Internet or back to Cisco for access to 6.x network.
PROBLEM - All systems on the 6.X network CANNOT get past the 5.X network when trying to reach Internet.

Question #1 - How can we tell the Cisco router that traffic coming from 6.X needs to get to the Internet via the router on 5.1?
Question #2 - Do we need tell the router on 5.1 (a Sophos UTM, not cisco) anything about the 6.X network that is not directly connected to it?

Thanks!
0
ASA 5525-X with ASA5525 VPN Premium license.  

When I log on via console I am not able to do basic functions like name an interface or assign an IP address.  Example from interface management 0/0:

host# conf t
host(config)# int management 0/0
host(config-if)# ?

Interface configuration commands:
  channel-group    Etherchannel/port bundling configuration
  default                 Set a command to its defaults
  description          Interface specific description
  duplex                  Configure duplex operation
  exit                       Exit from interface configuration mode
  flowcontrol         Configure flowcontrol operation
  help                      Interactive help for interface subcommands
  lacp                      LACP interface subcommands
  no                        Negate a command or set its defaults
  shutdown          Shutdown the selected interface
  speed                 Configure speed operation
host(config-if)#


Same options on all interfaces.

It feels like the thing is in transparent mode, but there is no firewall command in config mode.

Code version: 9.8(1)
0
Get Certified for a Job in Cybersecurity
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

I need to debug/monitor traffic from a specific IP on a Cisco ASA 5515.

I want the terminal to display information about traffic from a certain IP address in the terminal monitor of my ASA

I assume it something like debug ip 192.168.4.4

Is this possible?
0
We have an old Cisco 1800 in a test lab.  
The two network interface are configured as follows:

FastEthernet 0/0
192.168.5.33

FastEthernet 0/1
192.168.6.33

Each interface is connected to an un-managed Netgear 5 port switch
Each Netgear switch also has a couple of PCs that are configured with an IP on the respective network (either 192.168.5.X or 192.168.6.X)
For some reason, we CANNOT pass traffic from a device on one switch to a device on the other switch through the Cisco router.
This was working in the past, but lab has not been used in several months.
Bottom-line, it is not routing traffic between and then beyond to the destination IP.
I can't provide the config because it is in an isolated environment.
However, when I do a show run, one of the lines says:
no ip routing
From the router via telnet, I CAN ping a device on either the 192.168.5.X or 192.168.6.X network
Also from either side, I can ping as far as interface 0/0 or interface 0/1 so it seems to know how to pass traffic that far
It just won't pass traffic beyond that to another device on the opposite side.
Any help would be appreciated.  I feel like we are just a couple of commands away from getting this router properly working.

Thanks!
0
I have three stacked cisco WS-C3750G-12S swwiches , how can i copy the configurations to 2 stacked switches cisco WS-C3750G-12S
0
Cisco 7942 phone will not register/show up in the MAC Address table. Call Manager is good. Wall jack/switch port checked out as good. Cabling checks good. No errors in the switch log.
0
I changed the IP and Name of a 2960 switch, but randomly after a reboot it reverted back to the old settings.  How can I make sure the changes get written to memory?
0
Cisco Network Question:  2 vlans and one Internet connection

I need to set up a guest network for access to the Internet-only.  The network configuration is:
-  COX Internet
-  RTR_FW: Meraki MX64
-  Core_Switch: WS-C2960X-48FPD_L:  LAN-base
-  Distribution_Switches: WS-C3560CG-8PC-S: IP-base

We presently have one external IPv4 address and use 192.168.168.0/24 internally for operations.

The 2960X is a layer 3 capable switch.

Is there a way to route another network VLAN, something like 172.16.168.0/24, to the Meraki RTR Internet connection.  The Meraki is presently port mapping the external address to the 192.168.168.0/24 network with the Default router of 192.168.168.1.  I used a trunk to the Meraki RTR-FW from the 2960X and it works....

Or do I need to add a RTR and use two virtual interfaces?
0
Need help fixing old BGP setup
I have inherited a piecemeal network that has many things I haven't figured out yet. I'm no network engineer so I lean of the TAC for most complex changes.

 

I have an issue with our BGP changing routes today for some reason and I'm trying to figure out how I can fix it and prevent it from happening again.

 

At some point today our BGP on our edge router (CORE-RTR1) connected to our ISP changed it default route and Gateway of Last Resort from our ISP to another router (OLD-RTR1) on our network that USED TO have a redundant internet connection.

 

This cause a loop where the other two rouers were just sending traffic back and forth to one another. During this - I realized I need to reset/recalculate the routes. In a hurry - I rebooted CORE-RTR1. This fixed this routing issue but I'm pretty sure caused me to lose as information which would have let me see the reason for the route change.

 

My BGP routes are correct now but I want to prevent them from changing again.

 

The BGP section on the two routers is below. Please let me know what additional info would be helpful.

 

CORE-RTR1

core-rtr2#show run | sec bgp
router bgp 33394
bgp router-id 192.168.255.21
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.200.1.11 remote-as 65001
neighbor 10.200.1.11 description BGP Peering across MOE to Northcreek
neighbor 67.131.8.149 remote-as 209
neighbor 192.168.255.103 remote-as 33394
neighbor …
0
Hi,

Can delete command use wildcards?

Tks.

Lucky
0
Cisco-AIR-AP1852I wireless antennas turned off. But to configure Cisco Wireless Mobility you need to turn them on to access the default page. We have 20 AP's and I can't get any of them working. Please help. I am with a Non For Profit - Hope Foundation in South Carolina serving autistic children, and we do not have a Cisco support contract because they are expensive.
There is a sticker on the front - "RADIOS OFF BY DEFAULT"
0
Get Cisco Certified in IT Security
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Cisco ASA 5505 and I need to upgrade to latest IOS.  I upgraded it to 8.4(6) as several documents say is the interim step for anything later.  But I cannot find docs that reference the 5505 going further.  I see a lot of 5506-x references.  I see that htere is also a 8.4(7) as the latest in the 8.x series, but seem to remember putting 5505's at 9.1 and 9.2 in years past, but am not sure.  Can anyone tell me the latest version of IOS to put a 3 year old ASA 5505 at?
0
I have four Cisco 9300 switches that are stacked and serving as access layer switches.  Each switch in the stack has a 1GB network module that I had planned on using to create a linked aggregate trunk to our two Dell Force 10 core switches. The core switches are a master/slave arrangement so everything physically connected to the master is also physically connected to the slave for fault tolerance.

I wanted to make sure that I have this configured correctly in my lab environment.  This stack is replacing a Cisco 4506 chassis that currently has two trunk ports that are just regular 1GB ports on two switch blades in the chassis.

On the 9300 switch, I have the following set to define the port channel and then assigning the channel to the interfaces serving as trunks.

interface Port-channel30
 description *** TRUNK TO DELL FORCE 10 CORE SWITCHES ***
 switchport mode trunk


then on the interfaces:  _1 is the master and _2 is the slave core switch

interface GigabitEthernet1/1/1
 description *** TRUNK TO FORCE 10 4820_1 ***
 switchport mode trunk
 channel-group 30 mode active

interface GigabitEthernet2/1/1
 description *** TRUNK TO FORCE 10 4820_2 ***
 switchport mode trunk
 channel-group 30 mode active

interface GigabitEthernet3/1/1
 description *** TRUNK TO FORCE 10 4820_1 ***
 switchport mode trunk
 channel-group 30 mode active

interface GigabitEthernet4/1/1
 description *** TRUNK TO FORCE 10 4820_2 ***
 switchport mode trunk
 
0
Here's a weird one...

I have to install a Cisco 5506 ASA at a location that had a Cisco 5505 ASA.  The old 5505 will be moved to a branch site.  Both ASA's will be accepting remote access VPN connections and a site-to-site VPN between the ASA's.

Since I'm doing all this remotely, I had the new 5506 shipped to me.  I took a spare 5505 that I had and connected everything to a 3750 switch that I configured to act as the internet.  I got both ASA's configured so that I could establish remote access VPN sessions from "the outside" and access devices on the inside.  The site-to-site VPN came up fine as well.  

I boxed up the 5506 and shipped it to the main office where the existing 5505 was removed and the 5506 was installed in it's place.  Worked perfectly.

The 5505 was then given the new config that I created in the lab environment.  It was then installed in the branch site.  The 5505 came up fine, inside users have internet access, site-to-site VPN works fine and remote access VPN sessions can be established.  But... remote access VPN users can't access any inside devices.  And I can't establish an SSH session to the ASA.

I compared the running 5505 config with the one that works in the lab.  They are identical.  I then setup my spare 5505 on the lab environment with the exact same config.  I can establish a remote access VPN connection, access inside devices and get an SSH session to the ASA working.

The question is: why is it not working on the live site …
0
would like help with a cisco 881w router.
0
Problem:
No one inside the office has internet access.

I'm working with a Cisco 1900 series router,  Cisco 5520 ASA(firewall) and Dell Powerconnect 6224 switches.

Service has been confirmed up to the router.  The line out of the router goes into the Cisco 5520 ASA (firewall).  The line out the firewall goes into one of the Powerconnect Switches which are stacked (configured as master/slave (unit 1 & 2).

I can ping and connect to the switch from the Domain Controller but when I ping the Cisco 5520 (firewall) the reply I get is "Destination Host is Unreachable".  I get the same reply from workstations.

When the problem began one of the PC 6224 switches would not come on so the cables plugged into it were moved to the other switch.  Shortly after the switch that wasn't working came back on.  The cables were then randomly moved back into the switch.  I'm not sure if certain cables were designated for certain ports.

How can I get things working again.

Any help would be greatly appreciated.

Thanks in advance
0
Cisco computer not on the network because of a MAC Address conflict. Shut down the computer. Not sure how to clear the Security violation count, and change the port status Secure shutdown back to up. Did a clear port-security, clear port-security dynamic, no switch port-securty, switch port-security, shut no shut, etc. on the offending/offended port. No luck.
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).