I have a ACS 5.1, My mailing server does not run on standard port number of smtp (25). Need to know if i can customize the port number suiting my mailing server requirement.
View 0 RepliesI want to configure RBAC for ANM 4,2 using tacacs+ and ACS 5.1 [code]
When the admin user logs in, this policy element is triggerd, but the Role is not sent back.How to configure the Custom Attribute?
I have been tasked with migrating from ACS 4 to ACS 5.3. I havent had any training and so i am finding it a bit different. Currently i have this issue -
I have a group in the ACS 4 for users accessing via wireless on the ACS - Code...
is there a way to have multiple instances of user custom attributes and insert those as multiple instances of the A/V Pair in the authorisation profile in ACS 5.2/5.3 ?Background: We have to migrate a ACS 4.2 to 5.3. In ACS 4.2 our client used the multiline attribute
Number
#Name
#Description
#Type of Value
#Inbound/Outbound
[code]....
to specify multiple routes to various networks in the RADIUS reply spcific for every single PPP username of routers dialing in.Using the internal user database, extended by a string attribute and using that attribute as source of a dynamic value in the access-policy works basically. But as I have only ONE single line instance of the attribute for every user, I can only return ONE framed-route.We have lots of cases where multiple routes have to be assigned to one router.I 'd like to avoid defining a seperate access profile for every remote RAS router for external PPP Dial-In...[URL]
how to add tacacs custom attribute to ACS 4.2 for Nexus 1000V:shell:roles="network-admin admin-vdc"In the interface configuration I've added new service, service - shell, protocol - tacacs+.In the group settings I've enabled this attribute configuration. And it is not works. Default privilege level is assigned to any user with access allowed.
View 8 Replies View RelatedI am trying add custom attributes for Juniper Netscreen TACACS+ authentication to a v5.2 ACS. The advice is to add it to the group as follows:
ervice = netscreen {
vsys = root
privilege = read-write
} I know how to add this to a version v4.x ACS
However, I do not know how to apply this to the custom attribiutes to a v5.x ACS?do I add the vsys and privilege attribute seperately or together? What should be the attribute name? netscreen? Should it be mandatory?
I am trying to set up a custom service on my netgear configuration page. I have a netgear router model# Wnr834m. every time i click the "add custom service" button the page redirects to "system authentication failed" and logs me out. What can i do to set up the new port?
View 1 Replies View RelatedWe are running ISP and now a days we have many spam in our network, we want block the SMTP port 25 block on Cisco router 7200. So we can block the spam in our network.
View 3 Replies View RelatedI have an RV042 that I have configured to send alert logs to a comcast email address. Recently comcast changed their SMTP port from 25 to 465. I can't find where to change the port settings in the RV042 to send the router logs via port 465.
View 1 Replies View Relatedhow to go about setting up the ASA to block any SMTP traffic outbound except for our Exchange Server. This is in relationship to a SpamBot issue that blacklisted us. I have an ASA 5510 running version 6.2(5) / 8.2(2) with three ports. DMZ, Inside and the Outside interface. Up till today, I only needed to block outside traffic to our internal network which I used the ASDM to configure a rule on the outside interface for an incoming rule. I am assuming I need to create an outgoing rule on the outside interface; however, just to make sure I understand the terminology/traffic flow, I created the rule with my computer as the source (192.168.0.131) with ALL destination and the service as HTTP. My logic, which seems to fail here, is that any traffic from my computer going outbound would be blocked; however I am still able to browse... That said, if I were to change the source as the Exchange server and the Service Type to SMTP, it would not actually block traffic and therefore not solve our problem. I even gone as far as permitting traffic from my computer, expanding the hit counter and I see no hits. So I am no doubt doing this wrong. What I do know, is when I first created the rule, a second rule was automatically created (Implicit rule) that deny all sources and blocked all HTTP traffic until I changed it to Permit?
View 2 Replies View Relatedi cannot send emails to outside, i have an access rule on interface inside permit source: inside destination: any servic: tcp/smtp and when i make paket tracer it shows me that the packet is dropped but i cant see through which rule!!
ASA version: 8.4(3)
ASDM version 6.4(7)
In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .
View 1 Replies View RelatedI am having a ASR 1002 V 12.2(33)XND2t which is running on Tacas?I want when i login it shoudl directly go into the # prompt. I am not interested in typing enable on > prompt.
The configs are:
aa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default none
!aaa authorization console
!aaa authorization config-commands
[code]....
How to know port number of any URL, for example what is port number used by google.
View 19 Replies View Relatedwhat is the maximum number of AAA clients supported by a single ACS5.3 instance?
View 1 Replies View Relatedwhat port number does ping use?
View 3 Replies View RelatedI changed my router from Belkin F5D 7633-4 (G) to Belkin F5D 8636-4 v2 (N) on the 7633 I was able to set up virtual server page and access my CCTV cameras remotely with no problem but on the 8636 with the same info into virtual servers page I get "No 1 WAN address is invalid".The format of the page is slightly different the 7633 required "inbound Port" number to be put in twice in different boxes side by side and the same with "Private Port".The 8636 has only one box to enter the port number under each heading.
View 3 Replies View RelatedI would like to understand how public IP works in remote access. I do have belkin router and when I access it remote I type my public IP and after it the port number for example xxx.xxx.xxx.xxx:80 and if I would like to access an IP cam remotely in the same network i would do the same thing xxx.xxx.xxx.xxx:5656 (public IP). I do know my Public IP is unique.Thus, its quite logical I can access my devices remotely. my understanding of the port number is application specific that addresses packets in different applications in the same computer. For example port 80 is for HTTP connection used browsing the web, for chatting in MSN i will use different port number specifically for MSN...etc. my question is how I can access my belkin router remotely by typing the public IP and the port number knowing that the port number is application specific not device specific? My second question is, is it possible to access two routers in the same network remotely?
View 7 Replies View RelatedEnd user has APs config with Radius server, working fine
-server 10.42.1.21 auth-port 1645 acct-port 1646
-server 10.36.1.46 auth-port 1645 acct-port 1646
In some weeks all APs will be migrated to WLC. My doubt is regarding the config in RADIUS Athentication Server port number field. There is only one option for adding.Which port number should I use? , When a new server is added always show 1812 port number; documentation states that is for authentication and 1813 for accounting.
Is is possible to set the port number for syslog eg 192.168.75.50:20514 ? i presume the protocol would stay udp
View 3 Replies View RelatedWe have IP device on the farm switch(cat6500, which is an access layer siwtch), with the gateway on the core switches (Nexus7000), on the core when I do show ip arp, I found the mac.But when I do sh mac add add of that mac there is no port attached to that mac.
Since that particular vlan only resides on the cat 6500 and two cores, so I logged in to the 6500, and when I show mac- in that vlan, I didn’t find that mac addresss. Instead, I found another mac address with last 8bit are the same of that mac.
Is it some kind VIP of the mac? How so, if no port, how can the switch forward the frame? [code]
With basic "Wizard" setup I got DHCP and port 80 for the camera. It was working just fine with MyDLink and locally with DLink-ViewCam software and some local test web pages. However, we have a wireless printer on that router which also uses port 80, so when it was installed we set up a "port forward" for port 80 traffic to it for administration from other subnets. How MyDLink website is able to tunnel through our hardware firewall and the wireless routers firewall to communicate with the camera is not clear to me (perhaps someone can send me a link to an explanation??), but it works...Thus, to allow access to the camera from other subents, I wanted to change the camera's port from 80 to another, say 8181 and set up the appropriate "port forwarding for TCP and UDP. All of the steps below were from a PC within the camera's subnet/router so port forwarding is not an issue
View 5 Replies View RelatedI have configured the following access-list on routers fa0 interface (i am using 1801)
access-list 111 permit ip any any log
and applied it in "in" direction on Fa0 interface.
Now when i am sending ssh packets to this interface its showing below
*May 14 05:09:00.104: %SEC-6-IPACCESSLOGP: list 111 permitted tcp 172.18.128.2(0) -> 172.18.128.146(0), 1 packet
why its not showing any port number ?
Where can you set the port numbers for auth and accounting on a WAP321?I can see where to set up to four IP addresses for the servers themselves, shared secret etc - but nowhere can I see where the port number is configured.
In a day and age of exceptionally limited IP resources, cloud hosted services and even just a little "security through obscurity" there are many reasons for needing to set a non-standard port number for the radius server.I'm at a loss how it could be in residential products, but not small business devices?
Background: currently have a WRT320N, thinking of upgrading to an EA4500 assuming ONE feature has been improved: Port Forwarding.
Scenario: Currently I have a WRT320N router, and while it "does everything we need" it has one limitation that is now getting in the way: limitation on number of forwardable ports. In the port forwarding panel, it has 15 total rows: the first five rows can be enabled for specificaly named services (SMTP, FTP, etc). The last 10 rows are fully customizable in that we can set the name, ports and protocol.
The problem is that of the 13 total ports I currently need to forward, only ONE of them is listed in that fixed list. So, sadly, I can only use one of those first five rows. I've now filled the remaining ten custom rows, and still have need for two additional ports (for now, may need more down the road).
Trying to get creative, I figured maybe I could just spill over to the Port Range Forwarding page and add a row or two there. The only problem: it's buggy. I've found that if the Single Port Forwarding list is filled, then the Port Forwarding Range entries don't work properly. For example, if I wanted ports 12345 and 12346 forwarded to 192.168.1.5, they work fine with two single port forwarding entries. However, if I delete those, add two other port lines I need forwarded (the single list being full again), and add a port forwarding range 12345..12346, they don't work properly, ports just are closed. Only the singles work, the ranges don't.
Question: Has the EA4500 resolved this issue and allow for either more lines (i.e. 20 customizable entries instead of 10), or, better, does it just have an [Add Entry] button to allow for additional rows to be created? In today's day and age, where one single device (such as an Xbox) can take four rows, a 10-row limit is pretty sparse. Comparing it to some competitors, for example the D-Link DIR-825 (aging, but still great) allows you to add as many as you want.
I realize "expensive" firewalls like SonicWall's have virtually unlimited customization, but I don't need many of the additional features and don't want to spend $350 on a "high-end" firewall to solve the problem of needing two more ports open.
Clarifying whats the correct # of port asic in WS-X6704-LC?According to the following link (Catalyst 6500 Architectural white paper): [URL]
"In the WS-X6704-10GE line card, there are two port ASICs each supporting 2 x 10 Gigabit Ethernet ports"
While in the document: Understanding Quality of Service on the Catalyst 6500 Switch: [URL]
Table 10.
WS-X6704
Number of 10 GE Ports 4
- QoS on 10-Gigabit Ethernet Line Cards (WS-X6704-10GE)
So whats correct? 4 port asic or 2 port asic?
# Port ASIC’s on the linecard 4
# Physical Ports per Port ASIC 1
Are you only able to have two sessions for port mirroring on a Cisco 4510?
View 1 Replies View RelatedI'm developing a project where I use the SNMP protocol to discover the network. By discovering the network I mean go through all the routers and switches and retrieve the IP routing table from routers and the forwarding table from switches. With the routers I have no problem. For the switches I need to know for each port the MAC addresses and the Vlans. Basically it's use SNMP to find a port number from a MAC address. To do that i followed this tutorial: [URL]
The problem is that I'm using a Cisco 3725 Router with IOS 12.4 (21) and a NM-16ESW module to work as a Switch and when I use the OID .1.3.6.1.2.1.17 corresponding to the BRIDGE-MIB as it follows:
snmpwalk -v2c -c myrouter 10.1.1.5 .1.3.6.1.2.1.17
it returns:
SNMPv2-SMI::mib-2.17.1.1.0 = Hex-STRING: 00 00 00 00 00 00
SNMPv2-SMI::mib-2.17.1.2.0 = INTEGER: 0
SNMPv2-SMI::mib-2.17.1.3.0 = INTEGER: 4
From this I guess there's no information on the router about Vlans or anything. Other thing is that when I use community string indexing it returns a timeout. My theory is that this version doesn't support indexing but I don't know.
how can I get the Port Number from a MAC address from this "switch" (it's a router working as a switch) using SNMP?
I'm in the middle of a Nexus 5000 project and recognized today while configuring port-channels, that some of the interface numbers are reserved for internal use.
Is it possible to change or configure which port-channel interface numbers are allocated for internal use by NX-OS?
Unfortunatly I wasn't able to find a solution for this issue in the offical Nexus documentation, the search function of this forum or Google. If I did miss something or didn't look careful enough at the Nexus docs, I'm also happy with RTFM (... fine manual) responses and links to the info :-)
Additional info:
Nexus5k(config)# interface port-channel 128 ignored port-channel128: internally used, configuration not allowed
Port-Channels 111, 113, 115, 119, 121, 200, 211, 222 were created manually, but 127 - 129 were not.
Nexus5k# show port-channel usage
Total 11 port-channel numbers used
============================================
Used : 111 , 113 , 115 , 119 , 121 , 127 - 129 , 200 , 211 , 222
Unused: 1 - 110 , 112 , 114 , 116 - 118 , 120 , 122 - 126 , 130 - 199
201 - 210 , 212 - 221 , 223 - 4096
[Code]......
I want to be able to gather some time metrics based on source IP, and destination port. Is it possiable to track how much time a user spends using a service based on it's port number. I have figured out how to capture all the data, and I can then look at timestamps, but I would like a better way if possible. Can this be done at the firewall, or do I need a different appliance?
View 1 Replies View RelatedI have some tunnels which terminate to my home router. I'm allowing the other ends of the tunnels to use my voice setup. I need to prepend *67 to all called numbers which don't originate from my house. I don't want people calling my home number based on the caller-id number they see when someone across one of the tunnels calls.
So if 5008 calls 212-333-4444 I want it sent to my provider as *672123334444. If 5001 calls a number, I don't want it touched. Can I do this? I can use IOS or CUCM here.
I am trying to get a vlan change done with CoA and MAB on a WLC 7.2 but it looks like it doese't disconnect the client, hence no new dhcp request.
Everything is working except 'port bounce'. I can see the new vlan in the controller, if i do a ifconfig /renew on the client it gets the new subnet and everything works as it should. If i remove the endpoint in ISE it swaps the vlan again on the controller, but no port bounce.
Using a command prompt, how do I discover the internal IP of an unused router, which I set to a custom value and forgot? The router is not currently in use for internet access. I would like to access the control panel of the router without resetting it.I attached my netbook to the router with an RJ45 cable and disabled the netbook's wireless adapter to avoid conflicts with my current network. Using an elevated command prompt, I did an "ipconfig /release", rebooted and ran "ipconfig /all", but the gateway entry is blank. An "arp -a" returns 169.254.190.120 as the only interface. A "netstat -a" returns 169.254.190.120:xx...'s, 127.0.0.1:xx...'s, and 0.0.0.0:xx...'s, but no router internal IP address.Is there a way discover the attached device without resetting?
View 1 Replies View Related