I was unable to telnet in to a SQL server on port 1433 to test the connection from the client PC.the application could connect and this alone verifies it is working on port 1433 for sql.My question is how can a telnet command on a specific port be blocked ?
View 3 Replies
confirm if "negotiation auto" is supported gigabit port for C3925E router.
Router(config-if)#Interface gi0/2
Router(config-if)#description test link
Router(config-if)# no ip address
Router(config-if)# negotiation auto
^
% Invalid input detected at '^' marker.
Is there a way to ask the above switch how much power it's supplying to various ports?I've found some stuff in POWER-ETHERNET-MIB, but it's only the main power supply and the up/down status of the various ports.
It looks like what I want is
[URL]
but my SG500 tells me:
snmpwalk -v2c -cpublic serverswitch 1.3.6.1.4.1.9.9.402
CISCO-SMI::ciscoMgmt.402 = No Such Object available on this agent at this OID
I have a cisco asa 5520. i need to forward telnet to a router on the inside interface. Here is what i have done so far but it doesnt seem to be working.
I have created an access-list that looks like this:
access-list 102 extended permit tcp any host 10.10.60.2 eq telnet
But when do this it still doesnt forward my request to the router at 10.10.60.2 . So just to explain what im trying to do. I use Putty, i am putting the outside interface IP into putty, selecting telnet and opening the session. i need the outside interface to see this request and know to forward port 23 to the router on the inside interface with IP 10.10.60.2. The ASA is running version: asa842-k8.bin
I'm having some difficulties configuring my Cisco WLC (5508) - ver 7.0.230.0 .I'm have multiple client device residing on same vlan associated to the WLC but unable to telnet over port 8090. However, when inter-vlan, client device able to telnet over port 8090.Say Machine A as application hosted machine and Machine B as client machine; [code] i should be looking on the WLC to allow telnet port 8090 over from Machine A to B within the vlan .
View 2 Replies View RelatedI'm currently configuring a HP Laserjet P4515 printer. It has its own built in Jetdirect so, all that jazz is done.
I'm having issue when I telnet to port 9100. I type the typical Jetdirect commands: ? / MENU yet I receive no information back from any commands I type. Even configuration commands. Typically, all this gets me is a printed page (since 9100 is also the print port) with the commands I've attempted to type. Some garbled, some not.
We have recently purchased SG 300-52Port Cisco Switch to support our Network but they constantly having some bizarre issues or I assume bugs, i.e. we cannot Telnet nor SSH to the switch now, whereas we were able to SSH before, we have set them up for Remote Log Services to get some syslogs and reports but no report have been generated nor logs,
I have done some testing through Wireshark and there are absolutely no reports / logs.We have some real issues with this switch and it’s hard to believe that this is a Cisco Product,
SG 300-52 Port Gigabit Managed Switch
Firmware Version (Active Image ) : 1.1.1.8
Firmware Version (Non-active ) : 1.1.0.73
Boot Version : 1.0.0.4
I have a new 877 that I am using for internet traffic for 3-4 internet only devices.I also have a clean network that i want to insure no cross contamination. However I plan on rolling this out to many sites, but for management I was hoping to set up a reverse telnet to the console port from our one of my clean switches. which should allow me to keep the units seperated and allow me to manage changes etc remotely. Unfortunatly there is no Aux port on the clean switch (3560). Is there still a way to acheive this? can i configure one of the ethernet ports to connect to the console of the 877?
View 2 Replies View RelatedWe have several routers that can only be accessed on telnet port 6066 (vice 23). I have no global exec privilege so I can not provide config.So my question is: how do you configure the router to accept port 6066 for telnet and deny port 23?
View 4 Replies View RelatedI am having issues with 'telnet' on port 2821 to a range of servers connecting through vlan interface from my core switch 6513 running s72033_rp-DVIPSERVICESK9_WAN-VM) version 12.2(33)SXH7, RELEASE SOFTWARE (fc3). The telnet on port 1556 and 13724 is ok.
View 1 Replies View Relatedwithin ACS 5.3, I'd like to use 2 external authenticator for the same service, like vpn remote-access.For the authentication, I know I can create an identity chain, to query SecurID and then AD, in case of user not found in SecurID.For the authorization rules, I need to provider a wide vèn access for SecurID users and narrow vpn access for AD user.Are there some parameter to use in compound conditions for SecurID ?
View 1 Replies View RelatedHave a Rev. B1 w/207NA on Time Warner with a Moto Surfboard SB5150.Working with TiVo's, we've been through hell and back trying to resolve why Multi Room Viewing doesn't seem to want to work - but only one way! The newest TiVo's their Premiere model with HD and all the bells and whistles, it sees the other TiVo and all the other software that can send programs back and forth with it.
I brought on a Series 2, which is an older model that's non HD and has some older software in it. While the Premiere and the other PC's/Software around the building's network can 'see' the Series 2 and it can 'see' the other shared PC's, etc. the thing can't 'see' the Premiere.This has been going on for awhile, I've worked with TiVo Support also to unlock ports, IP addresses and anything else we could think of. Still no luck. Then we had a strange occurance!
The DIR-655 seemed to 'lock up' or disconnect from the Net. One day I was surfing the Now Playing menu in the Series 2 and the other TiVo wasn't showing as usual. I checked it again during a commercial for something totally different and suddenly noticed there it was!! I thought it was weird, so I went out front to check with the person using the main TiVo if they had made any changes or done anything - they hadn't, but did mention their Net connection was gone.
I turned around and looked at the 655's status lights and noticed while all the rest were fine - the WAN/Net status light was totally out. Not a single blink. And then I looked at the Moto cable modem and noticed it's 'activity' light was also totally dormant. I twisted the Moto to get a better look at it and things started working again, I tightened the cable modem cable on the rear and that was it.
From that point on - once again, the front TiVo won't show on the back TiVo! Does every other way, but not that. In our discussions on TiVo we thought it could've been the cable modem firewall or something, but I retested it and this time it had NO effect. Tried not only taking out the cable-cable but the Ethernet cable as well to ensure all were tested. Still didn't now up. What I thought was going on was the 655 had turned into a giant 'Hub', which would've caused the TiVo's to use their old-fashioned Beacon software to 'find' each other. When the 655 software kicked back in from that glitch, the hub setup would've obviously stopped and the 655's software settings would've kicked back in.
I have a complete list of the ports internally that need to be open for those two TiVo's to communicate, but I can't find anything in the 2.07NA GUI (or Help manuals) that tell me how to write a rule to open those ports internally. I wouldn't think there's any internal blocking or firewalling going on (I have it set to allow communications between clients on the internal Net) but there's so many settings in this GUI it makes your head spin!
I have a Cisco ASA 5510. I have detected an infected workstation on my internal LAN which has caused my IP to be blacklisted by Barracuda Networks and other RBL. I have scanned and cleaned the workstation removing the spambot. I want to prevent all my internal workstations from sending SMTP traffic on Port 25 through my ASA 5510 device. I only need to allow my Exchange Server access to send out traffic on port 25. configure this setup using ASDM 5.0? I know it may be easier using CLI, but using the ASDM would really be preferred.
View 4 Replies View RelatedI am working on an ASA5505 and am trying to open the ftp port. I have a server (192.168.10.202) on the local LAN which is attempting to download antivirus updates from the net via ftp.
Saved
:
ASA Version 8.3(2)
!
hostname SITE
enable password XXXXXX
passwd XXXXXX
names
[code]....
I have an ASA 5505 running 8.4.I am only letting ICMP traffic in from the outside.As a test, I opened a couple of ports I need on the ASA.I cannot access these ports and I do not get a denied error in the log.
I contacted the ISP and they are not blocking these ports.I ran an online port scanner to check ports 1-100 as a test. They all came up as blocked on the port scanner. The only deny error I got on the ASA was for port 80.Is this normal behavior? If so, how do I get it to show all of the deny errors so I know the traffic is at least hitting the firewall?
I've blocked all traffic on port 80 (Advanced-Access Control- Apply Advanced Port Filter- All IP range and Port 80 selected) to avoid any kind of Web Access. I won't use Web Filter because there are too many URLs to be blocked.
However I have a problem to keep Google Earth working, since it uses port 80.
Is there a way to keep Google Earth working, even blocking traffic on Port 80? I've tried configuring an application rule to let Google Earth working, but it didn't work (it seems that I can not create an exception for Filter Port) .
I thought I had the configuration to allow bi-directional traffic for my Blackberry server. I have a second fw with the same config and it worked on that one. But right now, my blackberry server is down, and all the users are upset.
ASA Version 8.2(2)
!
hostname asa5505
[Code]......
i am using asa5540 with 7.0(8). firewall was configured in transparent mode.
now i am looking for block ip phone communication from site to site and head office. i am using cucm 7.1.2b.
all site was connected through ofc. no nat was using.
I am attempting to block outbound traffic for a specific PC on my LAN using the ASDM.
View 2 Replies View RelatedWe had a core switch (Cisco 4503), distribution switches(Cisco 3750) and access switches in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured due to initial design poblems. Recently one of the rogue user in vlan 1 connected to one of the access switch send rogue arp packets to the network (suspecting arp packet with interface vlan 1 ip of core switch with wrong mac-address (gateway ip of vlan 1)) and resulted in a prolonged network outage for the vlan 1. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack like enabling DAI in the switch. I have checked the DAI implemenation feasibility with my knowledge and found that it is not possible to configure to the access switches(Cisco 2960) in which the user directly connected. But found that Distribution switch connected to that particular access switch seems to be able to configure since DAI commands are available to configure in switch.
Is it possible to block ARP packets with the interface vlan 1 IP Address with rogue mac-address by configuring DAI in the above mentioned Distribution switch and the port connected to the mentioned access switch?
I am setting up a Linux apache and bind server to test the behaviour of Windows XP,Vista, 7 and Mac OS X.I have setup a apache and bind already and they were tested individually. I used Firefox and IE to access the apache page by type in the IPv6 address and the page was showed correctly. And I have tried to query the AAAA record of a local zone "testing.com" in my Bind server using nslookup and the result is good too.However, it is strange that I cannot get it work if I type in the FQDN "http://testing.com" in Firefox and IE. I tried to capture the IPv6 traffic in Wireshark (Attached in this post) and there are no DNS query when I try to access the page. Is there anything that I have to set to get it work properly?(Actually I have tested the same thing on Mac OS X and Vista too but the result is the same)Below is my Windows 7 network setting and some nslookup query:
C:Usersvmware>ipconfig /all
Windows IP Configuration"
Host Name . . . . . . . . . . . . : vmware-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
[code]....
If i require ACS 5.3 in HA. Do i need to procure two ACS with the add-on licenses?
View 1 Replies View RelatedI think I know what I'm talking about here, I just need someone to confirm that what I want to do is possible, and the way Im planning on doing it will work..Basically, I have a sky router (sagem model), and the wireless is weak upstairs in my house.So, I have ordered a new access point.What I want to do is keep the same wireless ssid and key etc, so my devices just connect.
View 6 Replies View RelatedIs it possible to find out the IP address of a PC connecting via Remote Desktop Connection.Running XP Pro on a network,I have admin rights to the PC's, but no direct access to the servers.Event viewer shows some details, but no IP address.
View 3 Replies View Relatedi have a query regarding the no. of isakmp policy priority creating..when i create a new policy in ASA 5500 firewall, i get the below error...i assume it will support only 20 nos, where as we can use between 1-65535.. can anyone from cisco confirm it...running version is 8.x & VPN Plus license.Policy limit reached. No more than 20 isakmp policies can be configured.”
View 2 Replies View RelatedI inherited a PIX 506 with 6.3. I will admit my background is more towards switching/routing. But while I know it is dinosaur, I need to maintain for partner interoperability. I just want to confirm that what I am thinking is correct and inf not how I can correct it.My thought is that since the access-list command doesn't list "eq" at the end, all ports and protocols are allowed?The other thing I am not used to is that the access-list has not id/number included in the command, so I assume that access-group specifies this functionality.
Here is a snippet of the current config:
object-group network Ext_Net network-object 192.168.0.0 255.255.255.255
object-group network Int_Net network-object 10.0.0.0 255.255.240.0
object-group network DNS network-object 192.168.0.254 255.255.255.255 network-object 192.168.0.253 255.255.255.255
object-group network Servers network-object 192.168.0.25 255.255.255.255 network-object 192.168.0.62 255.255.255.255 network-
[code].....
We have subscribed for MPLS links from Service provider we have a DC where the core connectivity is 90 MB and Remote branch location Connectivity is 64 Kbps. We are in process of enabling QOS for our links with co-ordination with Service provider ; as per our finding the branches have more RX traffic (downloading) so after discussion with provider we were advised to mark traffic from the core end and give it to the provider.The provider at its PE will honor the marking and set some B/W percentages and prioroty based on the DSCP marking values.
We need to mark this traffic so it is feasible to mark the traffic at the core DC router which has the below H/W details,Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36161439
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
or is it feasible to mark the traffic at the core switch.
Kerio Control with AD, DNS."Failed to send DNS query to server 127.0.0.1: 10049".
View 1 Replies View RelatedI wanted to know how, if there are any script which will send an alert once a file has reached a destination over an TCP network.
View 3 Replies View RelatedI am in the process of planning our new network. Our business is changing from hosting its own data centre, to moving it to a professional facility. We have 120 users, over 100 servers (physical and virtual) and three sites (main premise, data centre, dr site). The new network will connect all three. Our new WAN links are almost ordered. We will be making use of a managed MPLS IP VPN, with a 100M access rate at each site. I am currently focusing on the desing of the network at the main business premise. We have a significant investment in Cisco 2960 & 3750 switches and Fortinet firewall appliances. I plan to re-use these in the design.
Our current LAN is very flat and I want to segment the network. My plan is to create a number of VLANs, enable the Inter VLAN routing on the 3750 and then attach the 3750 to the Fortinet appliance which will provide stateful firewalling and traffic policin based on the VLAN (subnet) addresses. It is important that the traffic be routed as quickly as possible from this site to our prod and dr data centres.The 2960's act as the access layer, the 3750 as the distribution layer. The 2960's will connect via port channels (layer 2) to the 3750's and the VLAN interfaces will be configured on the 3750.
I was then planning on creating a VLAN on the 3750 to connect to the Fortigate appliance with a /29 address to limit the addresses used whilst also providing some flexibility for any future design changes.I want to implement a little security between the VLANs on the 3750 switches. I have a question about this coming up.I then plan to use the Fortigate appliance to do basic traffic policing based on source/destination addresses.
The WAN routers will connect to the Fortinet appliance on a Gigabit copper interface. The WAN routers will run HSRP between themselves and only one router will be active at any one time. The failover will be managed by the Fortigate and Cisco routers.I plan to define those addresses hosted at the other data centres and associate them with the interface associated with the WAN.I will then define the routing on the firewall for the two other data centres through summary routes for each of the sites. We will run static routing from the Cisco 3750 to the Fortigate and Fortigate to WAN router. We have no other networks/sites and won't have any others in the future.
I have a wireless network with WLC and WCS and ACS integrated for user authentication.Web login has been enabled on the WLC and authentication of Username is done through ACS.
Q1. For specific SSID (TEST) specific username (Tom) is used for authentication,where as Tom cannot be used for authentication for any other SSID.
Q2. Weblogin page pushed by WLC is https on virtual IP 1.1.1.1 want it to be pushed through http protocol.
We have Cisco 7609 Router and one 6 Mbps link which is on ethernet . When we are trerminating on Gigaethernet of 7609 router it is not coming up. While same link is showing up and working fine on other routers which is having Ethernet interface.
View 1 Replies View RelatedI have a Linksys RV042 and I came aceoss the setting " Dynamic IP+Domain Name(FQDN) authentication" setting under the Local Security Gateway type. How this option actually works. I tried googling but couldn't find a proper link.
View 1 Replies View Related
