Cisco :: 2028 WLC Management Interface / Unexpected Traffic

Apr 16, 2012

I have a number of WLCs/WiSM2 running 7.0.230.0 (still using WCS for management). The management interfaces for the controllers are on a purely private subnet. While going through the intenet edge ASA logs I noticed some traffic drops for the controllers on the Inside interface. I took a packet capture from the controllers and found that they were sending TCP traffic to a number of IP addresses (Microsoft, Hotmail and Google) - always with a src port 2028 (submitserver) with the ACK/FIN flags set. Why this traffic is coming from the management interfaces? The management interface is not used by any wireless clients and is not the default interface for any of the SSIDs.

View 4 Replies


ADVERTISEMENT

Cisco :: WLC Management Interface Unexpected Traffic 2028

May 22, 2013

I have a number of WLCs/WiSM2 running 7.0.230.0 (still using WCS for management). The management interfaces for the controllers are on a purely private subnet. While going through the intenet edge ASA logs I noticed some traffic drops for the controllers on the Inside interface. I took a packet capture from the controllers and found that they were sending TCP traffic to a number of IP addresses (Microsoft, Hotmail and Google) - always with a src port 2028 (submitserver) with the ACK/FIN flags set.

View 2 Replies View Related

Cisco Switching/Routing :: Unexpected Traffic On Nexus 5000 Trunk Port?

Feb 6, 2013

So I took a laptop with wireshark and plugged it into a nexus 5000 port that is configured as a trunk with 3 vlans allowed on it. The laptop was seeing all kinds of traffic on the wire, most of it was not involving my laptop.
 
For example: Server A VLAN 10= 10.10.10.1  Server B VLAN 20= 10.20.20.1 and wireshark laptop is plugged into a trunk port which is allowing those vlan's. The vlan's are routable.
 
10.10.10.3 is seeing the entire conversation when 10.10.10.1 backs up 10.20.20.1 even though it has no reason to see it. It is as if the trunk is spanning traffic to the laptop port. No span is setup however. It's really weird. This is not just broadcast traffic, but actual tcp taffic between Server A and B. Why would a trunk port see traffic between 2 other servers talking to each other on the vlan.
 
Trunk port configuration below:
 
Interface Ethernet 141/1/3 
switchport mode trunk
switchport trunk allowed vlan 10, 20

View 5 Replies View Related

Cisco Firewall :: PIX 501 / Can Traffic Goes From Inside Interface To Outside Interface

Oct 9, 2011

I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
 
Inside Interface Address: 132.147.162.14/255.255.0.0
Outside Interface Address: ISP provided IP address
 
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (132.147.162.14) so what my access list to be configured? and what my subnet mask shoud be there?
 
Pix(config)#access-list outbound permit tcp 132.147.162.14 255.255.0.0 any eq 80
Pix(config)#access-list outbound permit udp 132.147.162.14 255.255.0.0 any eq 53
Pix(config)#access-group outbound in interface inside

View 7 Replies View Related

Cisco :: Separate Interface For Management On ASA

Nov 5, 2012

I'm trying to separate my management traffic from regular traffic by splitting the management and "outside" interface to separate vlans but I'm hitting a routing issue. Say I have have a management network of 192.168.1.0 255.255.255.0 running across vlan 1 and I want to use 192.168.2.0 255.255.255.0 running across vlan 2 for the outside interface to send all the other traffic excluding the management traffic across. Tag both vlans on the external interface, say Eth0/0 Default route of route outside 0.0.0.0 0.0.0.0 192.168.2.1, With this, you can not hit the management interface because there is no route defined for the 192.168.1.0 network. However of course if you try to set one, you'll get the "connected route exists" error. How can I set the default route or gateway of the 192.168.1.0 network on the ASA. Switches just don't complain like the ASA does.

View 8 Replies View Related

Cisco :: 6509 Sup-2T Management Through CMP Interface

Dec 3, 2012

We acquired recentlty a new Cisco 6509 with Sup-2T supervisor card
 
My question is the following : we have a management subnet on a Copper-based switch; we manage all equipments through this network. I planned to configure the management interface on the 6509 to connect this switch & monitor the VSS through it However, since it is a CMP interface, most of the actions (SNMP, IOS upgrade.. won't be possible through this link)  Moreover, I don't think LMS would be able to get the configuration through it (except by configuring a script running "attach" command & show run
 
Is there something I miss or must I add another interface of the Catalyst to this network (the problem being that I have no copper line card)

View 2 Replies View Related

Cisco :: 5508 - Forwarding Management Traffic From WLC

Aug 4, 2011

I am trying to forward mgmt traffic from my WLC (5508) to the NNM server. The WLC it self comes in to the mgmt server, but i dont get any snmp traps/message from the Accespoints
 
Is there some configuration I have to do ?
 
I have checked the community strings,trap receiver etc, but the WLC is showing up in the mgmt server so i think those parameters should be ok.

View 4 Replies View Related

Cisco WAN :: SRP 527W Web Management Interface Inaccessible

Jan 27, 2011

We have recently purchased a Cisco Small Business Pro SRP 527W router, all seems good and it is running smoothly, no disconnections or sync issues like our last router. However, after a certain amount of time the web management interface is unavailable through the browser (accessing it via 192.168.1.254 or the alternative we set-up 1.1.1.1) It is totally unavailable and timeouts in the browser yet there is still internet access and network is still alive. The web management interface was accessible before though and the only solution I have been able to do to access it again is to reboot this router.Could it be possible that because port 80 is forwarded to a different IP it interferes with the Web management interface? And how wcould the interface port access be changed?

View 2 Replies View Related

Cisco :: WLC 2006 - AP Connecting To Management Interface?

Jun 7, 2011

I have running a Wireless LAN Controller Cisco 2006.Today my management IP its public with Internet access. I am thinking in use a private IP without internet access. I have certains Access-Points in other building, that connect to AP Manager interface using Internet . When i see the tcp connections, i look that the access-point not only have TCP connections to AP Manager interfaces, it have TCP connections to Management interface too!!!.If i shutdown the connection between Management interface and Access-Points (mantaining the connection between Access-Point and AP Manager interfaces)?

View 1 Replies View Related

Cisco Application :: ACE 4710 - Management Only Interface?

Apr 25, 2012

Am trying to replicate the managment interface functionality of a CSS on ACE 4710 but have problem with it being treated as a general routed interface.
 
Scenario
On ACE 4710 I have a front-end interface for client facing VIPS and a back-end interface facing a server farm, taking care of load balancing flows
 
Non load-balance system traffic for the back-end servers also flows through these two ACE interfaces, following a default route path (the back-ends use the ACE as default gateway) i.e. dns requests from the servers flow through the ACE egressing the front-end interface to hit a firewall and route to an internal dns server.
 
Issue
If I add a "management interface" to the ACE 4710 and give it an IP address for management access, the interface by default assumes 'routed' mode and as the ACE treats this as a general interface it will route traffic out of it. For example if the IP address of this management interface is on the same network as the internal dns server, it breaks that connectivity. This as the ACE will see the "management" interface as best route to directly connected network and send traffic to dns server over that, however dns server response traffic will follow its defult route path via firewall and ACE front-end interface to get reply to back-end server. The firewall will block this traffic as traffic is asymmetrically routed and firewall not seen the initial dns request packet.
 
Question
Is there a way of making an ACE interface a 'non routed' management only interface for out of band management use? That is ACE will not attempt to route general traffic through the interface
 
I realise I could achieve this with multiple contexts but want to have a single context for various reasons - i.e. to have a kind of like for like CSS replacement using ACE 4710

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Management Interface

Feb 13, 2012

I am having issues with the ASA 5510 management interface. I can't communicate with this interface. It is showing DOWN/DWON even if I type NO SHUT several times.
 
My existing config is as follows 
our-asa-01# sh run
Saved
ASA Version 7.2(5)
hostname our-asa-01
names
dns-guard
interface Ethernet0/0
[code]....

View 5 Replies View Related

Cisco WAN :: 3845 - Traffic Shaping For Bandwidth Management

Jun 1, 2011

I am trying to get ride of an old traffic management appliance and would like to replace it by a simple Cisco 3845.
 
The configuration is really simple:
 
Customers -- Router 3845 -- Internet
 
I want to be able to provide bundles to customer such 64kps garanteed/ 2mbps MIR (retail) and 2mbps garanteed no MIR (business).
 
I need also to specify to the router the total internet bandwitdh available (example: 20mbps symetrical).
 
This configuration will work ? Should I worry about any performance issue if I start to have a lot of customers ?
 
ip access-list extended Cust1
permit ip any sub_Cust1
permit ip subCust1 any

View 2 Replies View Related

Cisco WAN :: RV042 Traffic Management - Download / Upload?

Mar 1, 2013

I just acquire the RV042.We have a DSL  [WAN1 :download good, bad uplaod] and an SDSL line 4MB OVH [WAN2].

Receive all downstream traffic to WAN1Send email upstream traffic to WAN1Send  upstream traffic to OVH and guarantee good bandwidth to 10 TSE access and webex traffic 
I built the following rules:
 
The problem ... nothing works ... the downstream traffic comes from WAN2 and upload on WAN1 or WAN2.

View 1 Replies View Related

Cisco WAN :: Configuring SSH On ASR1002 / Apply To Management Interface?

Jun 30, 2010

How to configure SSH on a ASR 1002 and apply it to the Management Interface?

View 3 Replies View Related

Cisco Wireless :: WLC 5508 Management Interface Connection

Aug 1, 2010

I'm setting up a new 5508.  I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface.  In this case, port 1.
 
The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem.  I can access the 5508 via https using the SP.  However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x).  Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect.  We are using WCS and I cannot add the device from the WCS.  About all I can do is ping that interface.

View 6 Replies View Related

Cisco Firewall :: ASA5512-X Setup Using Management Interface

Jun 28, 2012

I have a brand new ASA5512-X running 8.6.1, and am trying to do an initial setup using the Quick Start Guide that came with it.  However, the Management Interface is not working.  I have a PC connected and set to use DHCP, but the port is not active. I connected a console cable and can see in the config that the interface is shutdown.  So I set it to active, and the port is now active, but is not giving out a DHCP address as the guide says it should.I would like to use the ASDM Startup Wizard to configure this device, so how do I get it to work the way the instructions say it should?

View 2 Replies View Related

Cisco Firewall :: ASA5540 Management Interface IP Addressing?

May 9, 2011

How does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
 
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed

View 1 Replies View Related

Cisco :: 1130AG - Block Management Interface Webpage

Mar 29, 2012

I'm working on creating an open wireless scheme and we are simply going to use WPA with a key.  What I'm getting a little stuck on is preventing access, by the guests that will connect to the WAPs, to the gateway/management webpage.  I've been looking into seperating with VLANs and trunks (internal with management access and external for guests) but having a hard time with the configuration scheme. 
 
Not sure if there is an easy way to just block that in the config or what.

View 1 Replies View Related

Cisco Firewall :: 5520 - Configuring ASA Management On Sub-interface

Jul 27, 2010

I have two ASA 5520 with 4 Giga interfaces and 1 management interface.
 
I need to use 4 interfaces four data traffic
 
1- Inside
2- Outside
3- dmz-1
4- dmz-2
 
The remaining will be the management interface only.How can I configure the Statefull failover and Management?
 
1- I used the management0/0 for The stateful failover.
 
2- I used gig 0 for outside
 
3- I used gig 1 for inside
 
4- I used gig 2 for dmz-1
 
5- I divided the gig 3 to two sub interfaces
a- gig0/3.1 for dmz-2
b- gig0/3.2 for Management and I defined it as a management-only

View 6 Replies View Related

Cisco Switches :: Accessing SG300-28P Via Management Interface?

Dec 21, 2012

I have a new SG300-28P, and have had occasional issues with being unable to connect to it via anything other than the serial port.  I have connectivity between my machine and the switch (tested with ping each way), and in fact, have the same problem if I take a laptop to the switch and connect them directly.What happens is that though the switch is operating normally, http, https, ssh and telnet attempts to access all fail in one way or another.  Ssh and telnet either yields no response or a refused connection (even though those services are enabled).  For http and https, I'll occasionally get enough of the web page to be able to tell what it is ... but attempts to log in just don't work.While this is happening, the CPU and packet load on the switch is very, very low.Rebooting didn't work entirely, though it may have made it better.  Resetting to factory defaults and then reconfiguring makes it work.This is using the latest firmware: 1.2.7.76.

View 3 Replies View Related

Cisco Wireless :: WLC 5508 7.3 Management Interface Access To GUI?

Jan 16, 2013

After I've upgraded software to the v7.3 and applied AP-SSO it made imposible to access the controller's gui via Service-port. So we tried to access it by management-port, but there is some problem too. It is not working from another subnets. But default gateway on management vlan is set correctly and I even tried to turn of all acl's on switch. WLC is only accessible from the same network. But at the same time wlc is replying on ping fine.All other protocols cannot connect to the controller.

View 3 Replies View Related

Cisco Firewall :: Management Interface In Cluster ASA 5515x?

Jan 6, 2013

I have a misanderstand about management interface configuration in cluster. So I have a cluster asa 5515X with management interface. i Would like to be able to connect to any of the member of my cluster on management interface, so i would like to fix a different ip on management interface on each of my node ip 92 and 91. I think it is the only way to make asa firmware update to access local flash on each node.
 
my config
 
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif

[Code].....

View 9 Replies View Related

Cisco WAN :: 7200VXR - NPE-G2 Fast-Ethernet Management Interface?

Apr 30, 2012

Is there a keyword that we use under the interface to specify that it is purely management?
 
We need to assure that the subnet and any node on that subnet is not shared with the default routing table.
 
how do we set the gateway for the management interface if the node we are sourcing the ssh session from is on a different private subnet?

View 2 Replies View Related

Cisco :: 5508 Controller Setup - Management Interface

Jan 2, 2012

I'm trying to verify some behaviors I'm seeing with my 5508 controller setup, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.

I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
 
From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1
I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet
I can connect to the controller via 10.10.8.200 both through the web interface and telnet
while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
 
We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.

View 8 Replies View Related

Cisco Firewall :: ASA5510 - Cannot SSH Or ASDM To Management Interface

Jan 21, 2013

I try to SSH and get access denied.
 
I try to ASDM and get "Unable to launch device manager from 172.16.252.100"
 
I think I am missing something. Software is 8.4(5) and running in Transparent Mode.
 
Inside/Outside are in bridge-group 1. No BVI is configured as we will be using Management0/0 for access.
 
login as: test
test@172.16.252.100's password:
Access denied

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA5520 Use Management Interface As Regular

Oct 16, 2011

i have a Cisco ASA 5520 8.4(1) with a ASA 5520 VPN Plus license
 
i want to use the management interface as a regular interface (using the no management-only command)is this interface a Gig interface as well ?

View 1 Replies View Related

Cisco Wireless :: 3502 - Set NAT Address For Management Interface

Oct 19, 2011

I have got a 3502 setup and functioning in Office Extend mode. I have found one issue though. I have to set the checkbox on the my Management Interface to Enable NAT Address and put the external address in the box. Once this occurs no internal APs can join the controller.
 
Need setting this up with a single controller behind a router and not having to set the NAT Address for the Management interface? Should I setup a second interface on the controller to be for external management?

View 9 Replies View Related

D-Link DIR-655 :: Slow Management / Interface And Best Firmware?

Jun 19, 2012

owner of a new B1 here. I've seen various recommendations for 2.03 as a firmware, as mine came with 2.04. Why is this recommended? Is there any others that are recommended?Additionally, after connecting up to the router via ethernet (192.168.0.1), the control mechanism for the router is rather slow. I've owned many routers, and this might be the slowest administration/settings page i've seen for a router. Is this normal?

View 8 Replies View Related

Cisco :: 3750X Management Interface Out-of-band Default Gateway

Aug 31, 2012

I've got a 3750X, IOS 15.0 IP Base license, reset to factory defaults, and I want to use the FastEthernet0 out-of-band management port on the backside next to the console port. The idea is that this port should provide a management interface that does not participate in the routing table. Problem is, contrary to the documentation, that configuring an IP address on the interface does make it show up in 'show ip route'. So it's still part of the routing table. Also, I'm unable to find the commands to change this and set a default gateway for just the management interface. I'm pretty sure this has to be possible, I remember seeing something similar on an ASA once. The 3750 configuration guide on Cisco.com does not seem to mention it.I considered using VRF but it's an IP Base license, no VRF.

View 1 Replies View Related

Cisco Routers :: Cannot Access The Web Management Interface Of SRP521W-U From A Different Subnet

Oct 30, 2012

i cannot access the web managemnet interface of this router from a different subnet.THe WAN interface is a 4G LTE connection,I have disabled both the SPI firewall and NAT and enabled remote management from any ip address but i cannot access the admin web page from a remote subnet.Doing a port scan of the routers WAN or LAN address i cannot see any ports open at all...its as if firewall or NAT is still enabled somehow.

View 0 Replies View Related

Cisco :: 5508 - Unable To Access Controller Using Management Interface

Apr 3, 2013

I configure IP address on the management interface port 1 of 5508 controller when i connect it direct to my laptop i can't ping or access controller from my laptop even i connect through layer 2 switch still i can't not.
 
IP Address of management interface : 10.21.0.50
Laptop IP Address : 10.21.0,51

View 13 Replies View Related

Cisco Switching/Routing :: Nexus 7K Out Of Band Management Interface?

Dec 8, 2012

regarding to the out of band Management interface , if I configured an intervace vlan to be as a managment interface for one vdc ( the default vdc ), when I connected to this vdc via telnet , can I switch to any other vdc ?  ( suppose that I have the Admin role which allows me to enter and config all the vdc's )If that is possible so that I dont have to make a dedicated managment ip for each VDC I need to do that only if I want to make vdc admin's account to allow some users to access specific vlans only , is that true ?

View 2 Replies View Related

Cisco Wireless :: 5508 / WLC Management Interface Not Bound To Port

May 6, 2013

I have 2 x 5508 Wireless Controllers, 1 mgmt port on each as standard. I noticied something different between these controllers running the same code.I can bound a physical port to the mgmt interface on one controller but not the other (both interfaces are untagged)see below, this config appears on one controller but not the other? Is this something to do with the initial setup? How can I add Phyiscal information to the other controller mgmt interface, I cannot delete the mgmt interface. Physical InformationPort Number Backup Port Active Port Enable Dynamic AP Management?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved