We use a couple of 2910al ProCurves for our core switching/routing then we have a few 2626 access switches.
Despite allocating adequate ports in our new building, I'm still having a problem with users plugging in shitty little D-Link 5 port hubs at there desk.
I'm guessing I'm going to have to only allow the mac's of approved workstations? Which sounds like a management nightmare.
I have a 5K with 5 downstream 3560's. I now have a new 5k that I would like to add to the existing 5K as a HA peer. What is the best way to accomplish this with the least amount of downtime for the downstream switches.On the 3560's, i plan setting up port-channels once HA is setup on the 5k's.
View 1 Replies View RelatedI need to support a bunch of security cameras mounted on poles in our parking lot and an IP intercom system mounted on some gates. Because of environmental factors the switches at the poles need to be hardened and the spec from the vendor installing the gear is for GarretCom Industrial unmanaged switches which would make sense.
However when Information Security got wind of this scheme they (probably correctly) are requiring me to secure the ports that these unmanaged switches connect to. I have 2 choices: port security w/ MAC filtering or 802.1x. Because all the devices at the poles and gates support 802.1x and because I may need to go out there to troubleshoot stuff (and will invariably forget to add the MAC of whatever device I am using) I would prefer 802.1X multi-auth mode.
Problem:
When I ran a quick test on a test 3560 running some 15.0.1 code I could get a laptop to connect via 802.1x EAP-TLS successfully if it was directly connected but when I connected the same laptop via a dumb Netgear switch I confiscated from a luser it would not connect. The 3560 error said that the laptop never responded.
Question:
Before I spend a whole lot of time on this, is this something that should work? I don't see any practical use for the feature if it won't however the documentation I am using specifically mentions downstream hubs but I am not sure if they mean real hubs (which I don't think are even made anymore) or if they mean unmanaged switches.
I plan to try a couple of different unmanaged switches tomorrow and digg a little but I would like to know if I am wasting my time on something that will never work or if there is a little gotcha somewhere.
having problems with a slow network at work.. ive just become resonsible for the network and inherited a lot of ancient kit.upstairs we have a switch connected to our router.. downstairs we have 2 ancient hubs, daisychained and with 30 devices connected via cat5 and cat5e cable.the question is, if i get the cabling cut, recrimped and all of the cabling connected to the single switch instead of the 2 hubs is there any reason for it not to work, or for performance to be worse?
View 10 Replies View RelatedWe're trying to establish a "simple" vpn tunnel between a cisco 800 and a draytek 2910, situation:
LAN (192.168.2.0 ) --cisco800 ----- internet ------ draytek ----LAN (192.168.20.0 )
WAN-ports , internet access on both sides are working fine.vpn configuration part cisco:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[code]....
What can be wrong: other protocol? something with pfs? diffy hellman group: i heart draytek used 1 and cisco 2?debugging on the cisco site keeps on ginving the error message:
entry number 487 : CRYPTO-4-IKMP_BAD_MESSAGE
IKE message from x.x.x.x failed its sanity check or is malformed
timestamp: 4002880
So we recently moved our Comcast demarc to our new server room which resulted in moving the SMC modem from our old server room where it directly connects to the firewall - to a new room where it connects to a 2910 switch, LACP to our L3 switch, LACP to another 2910, then to Sonicwall.
Since the move our internet has been dropping off randomly for about 2-5 minutes then it will come back online. This happens anywhere from 10 to 50 times a day. Sometimes it happens a half hour apart, sometimes it is 15 minutes apart, sometimes it will go 8 hours without issue.
The modem has been replaced, the Comcast line has been "tested."
The modem remains online when we lose internet connectivity - I can connect to it using a laptop on it's lan port and ping out to google.com while an computer connected beyond the switch and sonicwall cannot connect.
I have run a constant ping from a home comptuer to the modem as well as to our sonicwall (both static addresses) and they both seem to go offline when we lose internet connectivity.
Since the issue started, I moved the Sonicwall so that it connects directly to the 2910 that the modem connects to, put it in a vlan with the modem so they only talk to each other and it still results in the same intermittent disconnects. I checked all the port statistics on both ports as well as the event logs, and trunk links and find nothing abnormal.
I take the switch out entirely and plug the modem directly into the firewall like it was prior to the whole move. Works fine.
Traffic is not an issue and the switch in question also connects all my production servers and iSCSI SAN together without issue.
I have Cisco 2910 router that have 3 interfaces:
g0/0 - LAN
g0/1 - WAN1
g0/2 - WAN2
I would like to configure port forwarding in such way that connections to both WAN interface on identical ports will be redirected to a single host in a private network. When I issue command: ip nat inside source static tcp 10.10.10.X 8080 interface g0/1 8080 everything is fine, until I add the second command: ip nat inside source static tcp 10.10.10.X 8080 interface g0/2 8080
After that, the first statement is just replaced by the second one, not added to configuration.
l have a web-site and when l go on it it comes up with blank page internet explorer cant load this page.l have phone talk talk and they cant fix it.l have a d-link router,its only my own web-site l cant access all other web-sites l can access.
View 2 Replies View RelatedI have a connection between switches, There are a 3560 (Gi0/37) and a 2960 (Gi0/1), the problem is in the port Gi0/37 of the 3560 switch and this is the log. [code]
I dont understand what is the problem, actually i have added the command power inline never on the port and the problem is solved, but we haven´t changed configuration.
We have been deploying Cisco SF200-24P switches for our systems for over a year now. They connect to a Cisco 881 router. In many cases we are also deploying Cisco AP541s.Over the last few months, on an intermittent basis, the switches will simply freeze, blocking all traffic flow. The power LED also goes dark. It appears the switch has frozen. The only thing that seems to revive the switch is a hard reboot by pulling the power cord. In the last couple of weeks, one site in particular has gone down a handful of times. That client of our is fed up. Our patience is running thin too.
I cannot see any indications in the logs to any event that might give a clue as to the problem. We definitely see this problem with the 1.2.7.76 firmware and the 1.2.9.44 (latest as of typing this). Not sure if with earlier 1.1.2 firmware.Without a fix, we likely will have to change switches and possibly vendors as we need a reliable switch.I see some vague references to a similar problem. And one reference to a SG300 series having what sounds like the same issue.
using task manager in XP it is clear that while browsing data is being uploaded mirroring the data downloaded..ie in a given period if 18mB comes downstream (just surfing) then 11mB goes upstream. The graph in task manager shows that the peaks and troughs of the data upstream and downstream exactly correspond and watching the bytes tick over confirms that data goes out for every data coming in.I assume that this should not happen? I realise ip protocols have some kind of error detection that may require uploading data, but the amount sent seems excessive! From my limited understanding of networking and running wireshark it looks like that when packets come from an ip on the web ( i use the terms web/internet interchangeably ) then packets are sent out to the same ip ... using TCP and HTTP ( I don't really understand them ). The info for one such packet going out is "Continuation or non-HTTP traffic" using the HTTP protocol, which sounds a bit contradictory. I regularly run virus scans and rarely find anything. The cpu regularly maxes out and its usually something to do with firefox ( I've heard of buffer overflows but i assume the problem is a relatively old processor and hardware).The browser is firefox. OS is XP.Coincidentally, the pc was recently rebooting after crashing until I disabled "restart on system failure" which prevented the crashes ( if they were crashes and not just the system reacting to an error ). Again, that is a bit suspicious but maybe not. Spybot, bit defender quickscan,avira, zone alarm, malwarebytes etc haven't flagged anything up.Maybe the router is not configured properly. As with all these things, there will be some simpler things to start with to diagnose this issue (if there is one ) but I don't know what they are.The pc uses wifi to connect. The isp is not the best and the speed is pretty bad for adsl. Every couple of days the router needs rebooting because it stops giving out ip's.
View 6 Replies View RelatedSomeone hacked into my computer through my Netgear router. They took over as Administrator and setup a Atheros (sp) driver. They pretty much have total control over my computer. How can I rid myself of this hack and protect nyself in the future?
View 5 Replies View Relatedi have distributed my internet through lan by router .but i think that, that user whom i have gave my net is forwarding to other users too through hub.
View 1 Replies View RelatedI currently have 1 cat 5 jack at my tv/entertainment area and will be needing additional jacks to add gaming consoles,streaming video player and internet ready tv at the same location.The current jack installed at that location is coming from a D-Link 8 port Gigabit switch installed in a different room.The switch is at capacity,all ports are full,so no additional availability there.My question is how to expand port availability at the entertainment area.Is it possible to put another switch or hub at that connection?Would there be a conflict with cascading a switch from one to another? I have a 25 meg fiber optic incoming service,so there is plenty of speed and bandwith available to handle these componets.
View 1 Replies View RelatedI am using a broadband connection on a PC running Windows 7. The plan which my ISP is providing me comes with a speed of 4Mbps upto first 20 GB and then 512Kbps after that, every month. My problem is that I am getting only 65-70 Kbps download speed. (tested over various sites and torrents). My router (Nokia Siemens) settings show that my Downstream speed has been assigned as 7999 Kbps but still I am not getting the speed anywhere near that and I have not consumed the 20GB limit as yet.
View 12 Replies View RelatedI fought my ISP (frontier) for weeks trying to get their 7500 DSL/modem/router configured in bridge and working into the WRT600N. Finally gave up and put a new Engenius EVR100 behind the 7500 bridge and it came up fine in 10 mins. Now I would like to use my old WRT600N downstairs as a second router and run it in the range of the Engenius DHCP, with DHCP turned off in the WRT600N.
My question is this ... Do I set the WRT600N as a static IP address and use an address in the range issued by the EVR100?And, if so, what would the sub-net mask, default gateway and DNS numbers be? Also would the router address itself (lets say I use 192.168.0.120 from the EVR100 range) be different then the static IP address?
Comparing my brand new linksys x3000 (Firmware Version:v1.0.03) with my old zyxel p660hw I see that the linksys is running a downstream noise margin of 8.2dB while the old zyxel is running a downstream noise margin of 15dB. Needless to say, I am very disappointed. why the linksys value should be so much lower?
View 5 Replies View RelatedI'm using an RFC 1483 Bridged adsl connection on a WAG54GS router. Downstream rate says 2043 Kbps, and upstream rate only 35 Kbps. In the router setup page I have not found any place to change downstream/upstream rates. How can I increase \the upstream rate?
View 2 Replies View RelatedAlthough our usage policy clearly states NO PORN, i'm still catching users watching porn. I'm to the point where i'm going to start shunning mac addresses. Before I do that I would like to first send them a message, like Net Send used to do, warning them to stop.
View 2 Replies View RelatedI managed to create VLAN 30 (mgmt) and VLAN 888 (blackhole) on this SG 300 switch. Now I've configured ports 1-6 untagged on VLAN 30 and left ports 7-8 untagged in VLAN 1. Port 10 is my uplink to my router, which config looks like this:
interface gigabitethernet10
spanning-tree portfast
spanning-tree guard root
switchport trunk allowed vlan add 30
switchport trunk native vlan 888
If I connect a device into port 7 or 8, I get no IP address from the relevant DHCP server on my router. Thus, I thought I could add VLAN 1 to the trunk, but here's the surprise:
swi01-zg-#configure t
swi01-zg(config)#int gi10
swi01-zg(config-if)#switchport trunk allowed vlan add 1
VLAN 1 : VLAN was not created by user.
I have an RV042 router and I'm looking to monitor the total upstream and downstream traffic from within the router. I know there is tons of software that I can put on a netowrk computer to monitor traffic, but is there any software that I can put on the router itself that will monitor the traffic from within the router?
View 1 Replies View RelatedWe have several DMVPN-connected sites that are connected to our 2821 ISR pair.They're all configured as eigrp stub connected summary. Yesterday, a few of the sites went inaccessible, but the VPN tunnels were still up and running. Upon further investigation, we noticed that the remote sites stopped receiving routing updates from our 2821's. As a quick fix, we added static routes to bring the sites back up.Later that night, we removed the static routes and cleared the eigrp neighbors, hoping it would fix the problem. When it didn't, we cleared them two more times.Suddenly, the router lost all downstream adjacencies. While we were adding statics to at least bring the sites back up, all of the adjacencies came back.
View 2 Replies View RelatedIn our environment we've got a Cisco ACS-Server providing Tacacs+ (mainly for access to routers/switches) and Radius (for 802.1x-validating end hosts) services.
Aside from our IOS-based switches we've got a SG200-18 acting as a workgroup switch.
I'd like to set up user authentication on the SG200 (i.e. authentication of users accessing the switch) as well as 802.1x validation of end hosts via our existing Cisco ACS 5.x.
Unfortunately the docs for the SG200 in the chapter "Configuring RADIUS Parameters" only mentions "...For the RADIUS server to grant access to the web-based switch configuration utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.... - no examples etc.
Since the WEB-based SG200-interface is absolutely new to me I'm looking for some hints/examples on how to set up the Cisco ACS Radius Server in order to interact with the SG200.
The SMART Designs state that both the ESW500 and 300-series switches should not be used for deployments of over 100 IP phones.But now that both the UC560 can go up to 138 (128 IP phones) and the BE3000 can go up to 300 users is this design restriction still valid or is the Catalyst 2960 and above the only options?
The QPT is still showing both the 300- and ESW500 switches as options for all versions of the UC560, and the 300- and 2960 switches are shown as valid options in the LAN for the BE3000.
I'm setting up a new SF-300-08 with SNMP.I have defined Groups OK.But, when I go to Add User, the Group pulldown is grayed out and I can't add a user.
View 1 Replies View RelatedI have a buddy who owns a bar and wants to install a insecure wireless router for his customers downstream from his SBC Global ATT Modem/Wireless Router combo.
-Modem/Router Combo: Actiontec GT724WG
-Downstream Unsecure Wireless Router: D-Link DIR-651
He says has 3 static ips for the modem, and 1 of the network cables coming from the modem directly into the D-Link Router. I first attempted to just plug it into the uplink, and let DCHP do its magic, but I had no luck with that. I could connect to the router but it didn't have internet.
So I restarted the downstream router, and plugged the network cable into the 1st port, and suddenly I had internet on the wireless but it would constantly go up and down, and ping times were extreme erratic.
I am trying to come up with the best way to traffic shape traffic with 3750 Me switches. the traffic will be coming from a 6504 Sup-7203b downstream and going out the wan. Core---L3---->6504--intvlan80--trunkport to--->3750Me---g/1/1/1-trunkport to---MetroE network--->int f0/0.80--branch router. The idea is to use the 3750 to traffic shape the traffic going towards the wan/branch to 500 to match the contracted rate and then to use qos on shaped rate. I tried to apply it to g1/1/1 using port based policies but it did not shape the traffic. I changed everything to IP interfaces and it worked. I need to break up the metroe into different vlans so I can bring branch offices in on different vlans.c
View 3 Replies View RelatedWe are running ACS 5.2 patch 6 and want to restrict access for users to be able to add devices to the system.For example, admin person in site A can only add devices into the site A group and cannot see/access other sites groups.
View 1 Replies View RelatedWe are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies View RelatedIs it configurable to allow wifi user to user traffic on WLC 5508?
View 4 Replies View RelatedAny router that allow blocks all IPs and only allows access for IPs that are on a stored list?
View 1 Replies View RelatedI have opened the ports up on my Virgin Super Hub, and everything else in my house connected to this network can access the ports which I've opened, however just on this PC, I can't seem to open them, I've tried closing my firewall, and that didn't work either.
View 18 Replies View Related