Cisco

24K

Solutions

15K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi, I have 2 separate physical sites (data centers) connected by a L2 ptp dark fiber link with L3 capable switches (Cisco Nexus) at each end. I am trying to decide whether to use a separate transport VLAN interface SVI or "routed ports". Each site would have its own separate Data VLAN with devices in it that would need to communicate with each other, intra-vlan (same site), and across the link to the other sites VLANs. Another area of concern is if I use a L3 "routed port" with static routes to direct the traffic from each end, will the routed port work within a vPC configuration on the Nexus (pair) because it will be an orphan(single) port to the vPC domain ?
0
Starting with Angular 5
LVL 13
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Roaming issues with wireless calls using Apple iPhone 6 in a Cisco wireless environment.  The Cisco controller is a 5520 using firmware 8.5.135.0
Calls are fine if stationary.  Only have issues if roaming in the building.  The building has over 200 3802i access points so coverage shouldnt be an issue.  All are set to a power setting of 5

Any ideas?
0
ASA 5508 failed.
Received a new ASA 5508.
via ASDM I've restored from my latest backup config.
Everything looks great with the exception of the VPN Certificates.

Shouldn't these have restored as well?
I was careful to check the "all ssl vpn config" on the restore options.

VPN users receive "No Certificate" when attempting to log in.
0
We have a Cisco 6509E chassis as the core of our network.  We are trying to run our FOG (Imaging software) server and we are finding multicast is not working through the switch.  We tested this by plugging the server into a variety of other switches that bypass the core and multicasting works perfectly.  I am unsure what settings could be different as I have compared IGMP Snooping and the portfast settings with the switches that work when the server is plugged into them.  

Any ideas?  It is running SUPT2XL as the supervisors running 15.1 on them.
0
Hi We have a fail open policy set. Can someone advise on the quickest way to simply completely turn off scansafe cws using asdm. briefly   - I'm not after a bypass for 1 IP- just want it off briefly while continuing to allow web traffic to flow and then quickly turn back on - - since I have a fail open policy set is it simply a matter of just removing the tower IP address set  in  configuration - device management cloud web security - by having nothing here (removing) will this turn off CWS? - thanksimage from asa Thanks
0
I just arrived on site at a colo where a vendor installed a patch panel and 6 Cisco switches. The cabinet door won't close because the switches and the patch panel are mounted flush with the front rack posts, so the cables (especially, the fiber connectors) extend out from the switch preventing the door from closing. So I've called the vendor and they are going to help but not now.

These are Cisco 93180 switches, with port side intake. How should these switches be installed in a rack with doors that close flush with the front posts? On a shelf? Is there a way to recess the switch?
0
Hi All,

I've got myself into a bit of a problem, I've purchased a Cisco 867VAE (I'm already using these around the company) and unfortunately it came with image c860vae-ipbasek9-mz.152-4.M1.bin

This image doesnt support VPN isakmp I need the advanced security ios.

I downloaded c860vae-advsecurityk9-mz.154-3.M4.bin and flashed it to the FLASH booted up and now I get:

System Bootstrap, Version 15.1(4r)M2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2011 by cisco Systems, Inc.

C860VAE ipbase platform with 256 MB of main memory


Booting flash:c860vae-advsecurityk9-mz.154-3.M4.bin
boot: Launch entrypt: 0x80800000
Self decompressing the image : ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ [OK]

Wrong IOS image on IPBASE Router

I can goto ROMmon and boot back into the old image but how do properly upgrade this router to the new firmware I downloaded?

Another idential model router on another site is running:
System image file is …
0
I am trying to secure access to our Azure environment by limiting IPs on the Azure firewall to the IP indigenous to our office.

For remote users, we use a Cisco AnyConnect VPN hosted from a Cisco ASA 5525 firewall on ASA version 9.1(7). Since we have split tunneling enabled, is there a way to route access to the Azure environment through our firewall so that Azure would identify users coming from the IP tied to our office?
0
Hello,

I'm trying to find a way to apply a mac filter on my WLC so that I can control who can or can not join my internal wifi.  

Preferrably a way that automatically pulls from my PDQ inventory or from my active directory so that we're not manually adding MACs would be great.  

I'm open to any other suggestions as well.  

Thank you!
0
We have 2 network policies set for our Radius clients;
1) Allow VPN connections (to VPN user group)
2) Grant priv 15 access to Cisco devices to admin group


Our issue is that if we have is that only the first policy is being processed - the VPN policy is first then we are unable to get to privileged mode on our Cisco devices, if Cisco is first then users cannot authenticate over VPN as this is being rejected by the Cisco rule.


I believe this was working in the past, so am unsure whether this is a configuration problem or the issue lies elsewhere. Nothing has changed that might explain this problem.


Thanks in advance.
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I have sometimes a problem in my network that some Cisco Switches (2960x-48FPDL) are not pingable . But i can ping the attached Devices .
what can the cause be ?
0
There are a lot of articles out there on my issue, but I need to ask a few questions to feel comfortable with this upgrade.  I'm trying to upgrade the switch using the tar file, but I get the "not enough space on device" error during the file copy.  I've read that you can run the erase flash: command, but I'm a little iffy on that as I don't want to lose my vlan.dat file or my license files.  I have copied all three off to my TFTP server, but I'm still trigger shy.  What is the best way for me to clear space up on the switch without causing myself grief?  Likewise, where is the HTML directory hidden?  I can't see it when I run a directory listing of the flash?  I thought that deleting it would help clean up some space and the copy would put it back, but I can't find it.

Thanks in advance.
0
I have cisco ASA 5510. I want to know if I can configure two or multiple ip address on the same interface at a time or not.

The scenario is like this:

I have 5 public IP addresses : 45.X.X.0/29

There are 4 physical interface: e0/0, e0/1, e0/2 and e0/3.

e0/0:
     name: Outside
     ip add : 45.X.X.2/29

e0/1:
     name: Users
     ip add: 192.168.1.0/24

e0/2:
     name: Servers
     ip add: 192.168.2.0/24

I want the users on lan 192.168.1.0/24 should use 45.X.X.2 for accessing internet or I would say 1.0/24 use dynamic nat with 45.X.X.2. However, now say I want servers on lan 192.168.2.0/24 should use 45.X.X.3 for accesing internet. Currently, both 1.0/24 and 2.0/24 are configured to use 45.X.X.2 for accesing internet.

So, is it possible I can configure 45.X.X.2 and 45.X.X.3 on e0/0 interface ?

PS: Cisco ASA is running ver 7.2
0
hi both on same asa firewall - remote access vpn already in place

can i also add site to site  vpn? thanks
0
Cisco IOS XR term mon constantly displays logs telling that it used an ACL to block ports.  Great, that's what the acl is for.  But is there a way to tell it not to keep showing me these logs when I'm on the console?

Example:

RP/0/RSP1/CPU0:Aug 28 15:45:17.360 CDT: SSHD_[65910]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RSP1/CPU0:Aug 28 15:45:19.069 CDT: devc-vty[184]: %MGBL-TTY-6-CONNECTION_DENY_ACL_ERROR : Connection denied by ACL mismatch. Source Add 101.x.x.x. Dest Add 216.x.x.x. Source Port 9424. Dest port 22. Acl acl_99.
RP/0/RSP1/CPU0:Aug 28 15:45:19.071 CDT: SSHD_[65910]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RSP1/CPU0:Aug 28 15:45:20.903 CDT: devc-vty[184]: %MGBL-TTY-6-CONNECTION_DENY_ACL_ERROR : Connection denied by ACL mismatch. Source Add 101.x.x.x. Dest Add 216.x.x.x. Source Port 53969. Dest port 22. Acl acl_99.
RP/0/RSP1/CPU0:Aug 28 15:45:20.905 CDT: SSHD_[65910]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RSP1/CPU0:Aug 28 15:45:22.579 CDT: devc-vty[184]: %MGBL-TTY-6-CONNECTION_DENY_ACL_ERROR : Connection denied by ACL mismatch. Source Add 101.x.x.x. Dest Add 216.x.x.x. Source Port 35027. Dest port 22. Acl acl_99.
RP/0/RSP1/CPU0:Aug 28 15:45:22.581 CDT: SSHD_[65910]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RSP1/CPU0:Aug 28 15:45:24.407 CDT: devc-vty[184]: %MGBL-TTY-6-CONNECTION_DENY_ACL_ERROR : Connection denied by ACL mismatch. Source Add 101.x.x.x. Dest Add 216.x.x.x. Source …
0
I have a network that uses Cisco Aironet 1832i access points. I need to create an SSID for guest access. I understand VLAN's and tagging, but I'm not sure how to use this to isolate traffic. I can assign a per-SSID VLAN, but my ISP controls the gateway router- my concern is that traffic will go to and from the Internet, and despite being set to my internet-only VLAN (VLAN 10) that when it gets to that last-hop router, traffic will simply be routed back in to the network over the ports that are allowed. Am I overthinking this? We have a couple of network hops before we get to the Internet. Can someone provide a walkthrough or a link that explains how to configure this? We are using AP's with a WLC 3504, and I have control of the whole network up to the ISP gateway. I'd appreciate any ideas or help.
Thanks!
0
I have a question.  EE offers a course on the CCNA track for both tests.  How up to date are they?  I am thinking of changing my focus from server to networking.

https://www.experts-exchange.com/courses/2030/Certification-CCENT-CCNA-Cisco-Certified-Entry-Network-Technician-Associate-Interconnecting-Cisco-Networking-Devices-Part-1.html

Can we verify if the course is concurrent with CCNA's current requirements?
1
Having an issue with a meraki and an ASA site to site.  When i first built tunnel it showed up, both green on meraki and showing MM_active in the crypto sa on the ASA.  But Still can't talk to devices behind the asa.  And periodically when I check asa vpn status it shows red, but when i try to ping something behind the asa i get 100% loss but the tunnel will then show green.  Not sure if its an issue with meraki and using summarized subnets or something else.  Anyone have experience with this?Capture2.PNG
0
I have an HP C3000 blade enclosure with BL460C G8 blades connected to two Cisco 3020 blade switches inside the enclosure with uplinks to our core switch stack, two HPE 5500s.  I am trying to create a new DMZ off of our firewall which means adding a new VLAN (172.x.x.x).  However, I am unable to get traffic to pass within the new VLAN across these two switches and I seem to have narrowed the issue down to the Cisco 3020 blade switches.

For instance, I can connect two laptops on the new VLAN 30 to our core switch and get them to communicate fully.  However, if I move one laptop to one of the external ports of the Cisco 3020 (configured as a trunk port including VLAN 30), I cannot get communication flow between that laptop and the one connected at the HPE 5500 core switch on that same VLAN.  The blades are running ESXi and I've added the new VLAN to all hosts, but I don't think that's pertinent yet.

I have run Wireshark on the laptop connected to the HPE 5500 stack, and I see that that machine receives responses to arp requests for my other test laptop on the VLAN as well as the gateway.  However, running Wireshark on the laptop connected to the Cisco 3020 reveals that arp requests are NOT answered from the laptop on the core switch.  Nor does it receive arp responses from the gateway (our firewall).  I do see plenty of traffic for other VLANs across the trunk port, however.  

I must be missing something, but while I'm new to HPE switches, I copied over every …
0
Should you be charging more for IT Services?
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

I have a cisco 2000 Access Point and I have the firmware.  What is the TFTP command once I telnet into the AP to load the file?
0
Does anyone know where can I find a trusted CISCO image repository of legacy images?

I'm looking for the following match:

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
     1 12    WS-C3750G-12S      12.2(55)SE7           C3750-IPBASEK9-M


Thank you.
0
Hello all.

Could someone advise how to run a command within a Cisco Switch to display what is physically connected to each port?  Our client currently has 3 switches and I would like to create a layout of each switch and what is physically connected on all 48 ports.   I do not know if this can be easily done so help is needed.  Specifically is there a way to tell if its a PC or a Mac or if it can display something to show what the device is in what port?
0
We have a user who is insisting on using his own personal computer equipment on our network. Despite repeated attempts to have this stopped he continues to use only his personal equipment over company issued devices. We have blocked the MAC address of his wired NIC on our switches and that worked but then he just started using wireless to connect. We blocked his wireless MAC address but he keeps getting USB wireless NICS. How can we block his username on the wireless controller? Or is there another option we have overlooked? Firing seems like a good option but unfortuantely one that isn't available.
0
After a storm and a power outage, none of my users are unable to access a Cisco AirLap1130 access point.  The Access point is joined to the Cisco Lan controller.  It has an IP address.  I can ping it.  And it appears as if it is working.  But devices cannot connect to the access point.  What should I try and do to fix it?  Cisco says my contract has expired so I am technically on my own.
0
Hi all,

I have a CISCO 3750x, with some vlans created, now i am connecting a Cisco SG-200 to it, how can i have it see the vlan's i created on the 3750 and the devices to communicate properly?

Sorry havent worked with the SG200 before, so kind of unfamiliar!
0

Cisco

24K

Solutions

15K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).