I am looking for a script or applet that will dis/enable an ethernet interface on Cat 6500 based on reachablity to an external destination. Reachability should be verified either directly by sending ICMP packets, or based on IPSLA status.
View 4 RepliesI want to learn that,on cisco switch (2950,3600,6500 series) IpV6 default open? İf It comes open on default,how to disable?
View 19 Replies View Relatedwe need to use Nexus technology over 6500 based VSS in entreprise ?
View 1 Replies View RelatedI am trying to Disable Telnet and enable SSH in CatOS for 6500 .
View 12 Replies View Relatedhow to: port forwarding to 2 different destinations based on incoming WAN port
The default HTTP service works fine: TCP80/80-> 192.168.0.55
I have a couple of IP security camera's I'd like to be able to access remotely that also listen on port 80. I tried TCP & UDP 8009/8009-> 192.168.0.9 without any luck. Not sure how to handle the port redirects on the RV042G? Seems simple and was on the Symantec, could be user training :-)
I was able to do port redirect with the Symantec Firewall I'm replacing.
On the supervisor card of a cisco 6500 series, according to the following link, [URL] it only has 2 uplink ports on the card. Would I be correct in assuming that I only have those to ports that I can configure IP addresses on?
The cisco that is being devlivere is coming with a 48 port switch and 24 port fibre switch. Could I change any of those ports into a router port and configure IP addresses on those?
The supervisor card is a ws-sup-720-3b the 48 port switch is a ws-x6748-ge-tx the 24 port fibre switch is ws-x6724-sfp
I have recently bought cisco 2901 in order to replace it with our 1811W that we have at the moment.When I try to set a failover / backup with rtr; it seems like the function is not valid.Once I select rtr and set the object #, the reachability command is not available.Does that mean this function is not a part from the license package I have?
View 6 Replies View Relatedis it possible with LMS 4.0 to do a simple reachability test for an IP address not based on device?The ip address I want to check for reacheability is not the management ip address I add in Inventory->Device Administration->Add->Device Properties->IP Address For example: I want to test the reachabilty of the IP-address 10.113.15.4, not management ip, it shall be an interface ip address.With the performance monitoring I want to test the reachability, if it fails continuously 2 times I want to get a notification with an low severity.After 6 continuously fails of the reachability test I want to get a notification with an medium severity and in the end after 12 continuously fails of the reachability test I want to get a notification with an criticaclc severity. The threshold configuration and the threshold criteria should not be the problem,the problem is where do/can I enter the corresponding ip address I want to test.
View 1 Replies View RelatedIt started out in CL, I cannot see the CAPTCHA applet, which is provided by Google. Fine. CL tells me to go to Google.com/recaptcha/demo and it says: "We're sorry...... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now. See Google Help for more information" Ok, is google BLOCKING ME? I DID have some Trojan on my computer, but no more I removed it with MB.IT GETS WORSE.I CANNOT ACCESS GOOGLE HELP. ALL I SEE IS A WEIRD INCOMPLETE SCREEN, with some odd random characters.....
View 1 Replies View RelatedTopology: 3560 <-access-mode-link-> ASA5510 - Internet,3560 has 3 VLANs and 3 corresponding SVIs (default-gateways for VLANs),Just configured RAS VPN on ASA5510 and successfully made connection,Now, from RAS VPN (IPSEC) client workstation CLI, can ping all 3560 SVIs,CANNOT PING host devices plugged into switchports.
View 1 Replies View RelatedWhat could cause this log message and put the port in errdisable?
15w2d: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on FastEthernet0/22.
15w2d: %PM-4-ERR_DISABLE: loopback error detected on Fa0/22, putting Fa0/22 in err-disable state
15w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to down
I want to use an EEM applet on a Cisco IOS 2431 voice gateway running 15.1(2)T to take action upon expiration of a SIP registration (with its sip registrar). I thought that it might be possible to use existing error messages generated by the ios sip application to trigger an EEM applet.Is there a reference that lists all SYSLOG messages that SIP can generates, and their error levels? Can you show me how to turn on syslog messages, so that I can cause a SIP registration expiration on my GW and then see what SYSLOG messages are produced?
I think I understand how to write an applet and its event trigger from a SYSLOG message pattern, but I am having trouble seeing any SIP error messages at all, except if I turn on Debug, which usually produces way too many messages and may impact performance.
I want to use vertrigo localhost but due to port 80 enable it is not runing so how can i disable this port.
View 2 Replies View RelatedI can't download WAMP and am told Port 80 is blocking it. How can I resolve the problem?
View 1 Replies View RelatedI have 2 pairs of Nexus 5000 units (pair 1 and pair 2). A pair consists of 2 Nexus 5000 (A and B) connected to each other via a VPC containing 2 ports ie P1-5KA -- P1-5KB (vpc domain 6) and P2-5KA -- P2-5KB (vpc domain 10) [code] Hsrp exists between all four with a virtual address of 10.18.136.1. P1-5KA is the Active with P1-5KB as Standby.
I can ping between the four using their SVI addresses. I am unable to ping the HSRP virtual address .1 from P2-5KA or P2-5KB.I can ping ok only if I shut the VPC between P2-5KA or P2-5KB or define another mac address under the HSRP config other than the system default. IP Packet debugs show that ping sourced from P2-5KB to P1-5KA loop between P2-5KA -- P2-5KB. Pings sourced from P2-5KA to P1-5KA are transmitted but none of the 4 device debugs show a receive. both peer-gateway and delay restore 120 have been configured under all vpc domains and all units rebooted.
I'm administrator of small network. I wish to replace my old switches by new SG300-10 and SG300-16 managed switches. I have big trouble in my network because everyone can assign IP his neighbour (or any IP) to his network card. I have policy that IP is 172.16.1.X with x is home number. Could I do that IP based ACL assigned to port where is cable from home example 29, permit only IP 172.16.1.29 (mas 255.255.254.0) (from specified port only permit packets with specified source IP (LAN user IP) other (if user set not his IP) is denied) ?
I want know that before buying equipment. How to configure that ?
I think IPv4 Based ACE, action: permit, source IP: 172.16.1.x (nr of home), widcard 0.0.0.0, destination: any, protocol: any, source port: any ?
and in ACL Binding, I have to bound this ACL to port where user whose IP is in ALC is connected?
How do I disable the USB port in the 881 router?
881router#show usb port
Port Number: 0
Status: Disabled
Connection State: Disconnected
Speed: Full
Power State: ON
So ive been trying to enter a yahoo fantasy hockey mock draft and it wont seem to load. Ive tried both IE and Firefox, no luck..ive updated my adobe and jave..no luck i cant seem to get it to load..
View 2 Replies View RelatedI have a inspiron 1525 and 9 times out of 10 when I start up the computer I get the message "Dell wireless WLAN card wireless network tray applet has stopped working". When this happens I can still get on the internet. But I can't scroll the screen using the touchpad. Dell installed a new touchpad and that worked for about one day. I hooked up with them online twice and one tech updated the touchpad driver and another said it was my avast software that causes the problem, I say no way, because it worked for 6 months before this problem started.
View 4 Replies View RelatedI'm using PfSense 2.0.1. What im trying to do is connect to a game server I have running here in my house. I can connect to it locally with 192.168.8.6 no problem. I have it port forward correctly so that the rest of the world can connect to it via my WAN ip address. The problem comes is I want to be able to connect to it with my WAN address so that if someone decides to follow me STEAM will show my WAN address not my internal IP address of the server im connected to. I have "Disable NAT Reflection for port forwards" UNCHECKED which is what I am supposed to do according to documentation from PfSEnse. But it still doesn't seem to work.
View 5 Replies View RelatedI have a customer with a Sonic wall that I want to replace with a 521.He currently has port forwaring setup so that only 3 ip addresses can access the port forward. Everyone else is dropped. Is there a way to do something similar?I can make it work for a single one via the DMZ tab with a source ip address. but there is not a way I can find to add the allow for the other two remote connections.
View 1 Replies View RelatedThis is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
View 2 Replies View Relatedusing ACS 4.2 and I can't find a way to bind an incoming NAS port to a specifc IP Pool:
When a user connects the request to auth comes from 2 possible NAS ports randomly (this cannot change). Depending on which NAS makes the requests determines the IP range required, so I need 2 IP Pools. There is no way to say 'if request comes from NAS1 give IP from Pool1 and if request comes from NAS2 give IP from Pool2'
I have gone around and around with NAFs and NARs, but cannot do this.I can create 2 ACS groups with the specific NAS and specific IP pool within, but then I cannot have a single username bound to both groups.
I moved the auth to an AD group in the hope that I could bind that single AD group to the 2 ACS groups; and so have a single username, but no joy.
this is my first time configuring a cisco router. For instance, a cisco router 1700 with 2 ethernet WICs and 1 LAN port. We have 2 ISPs one more stable than the other. We use an RDP session to an external host identified by lets say IP address 200.1.1.2 using ISP2 to get to this computer. We use ISP1 for all the internet usage, web pages, youtube etc. We are thinking of using this cisco router 1700 to make the packet filtering and routing of this RDP session to the correct ISP2 since we only have 1 NIC per computer on the LAN side.
The main idea would be:
| YES -----> ----------- then use ISP2
LAN---------> Are the packets RDP ?
| No--------> ----------- then use ISP1
Does this can be achieved using packet filtering using extended ACLs and to be router from the lan interface to route rdp (port 3389) packets to ISP2 WAN interface?
I have recently separated a few sites that I operate, into multiple virtual machines, all with their own IP.Basically, site A is located on for instance www.siteA.com, Site B is located on blog.domain.com etc etc. So my question is, how do I (with the Cisco RV220W), forward port 80 based on host?[URL]
View 3 Replies View RelatedI recently saw a Cisco demo of ISE with a customer and the Cisco SE was setting the port description to the logged in username (dot1x). I can't find any docs on doing this. I did find some old ACS docs that mention using an AV pair and sending aaa:suplicant-name in the result, but that isn't working. I'm trying this on a 3750. and using ISE.
View 3 Replies View RelatedI have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.
View 1 Replies View RelatedI have upgraded a couple of 2960G switches to 12.2.52SE and now discovered that TCP port 4786 is open on the switches.
I have looked in the document{URL}, trying to find a way to disable this function/port, but didn't find anything useful. Any way to disable this function/port?
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
I have one public IP address but multiple local servers that run on the same port. I cannot change the port the clients use to connect to this server, so I can't do a port map in my NAT router. The solution I had in mind, is to filter on source address. If a client from public IP X.X.X.X connects to port Z, I want it to go to internal server 10.10.10.10 and if a client from public IP Y.Y.Y.Y connects to port Z, I want it to go to internal server 10.20.20.20. Is this possible? I'm using an ASA5510 but I could also switch to a 5505 for this.
View 3 Replies View RelatedI am upgrading from 3750-E IOS 12.2 to 3750-X IOS 15.0
I have a dhcp pool set up to give out an ip address based on the Physical port of the switch. I also have it configured to give out "reserved only" addresses.
The configuration works when i plug a dhcp device in the 3750E. (IOS12.2) The configuration does not work when i use the same config on 3750X (IOS15)
When i debug dhcp, i see the DHCP discover message come in, but no offers or anykind of response from the 3750X.
If i remove the "reserved only" line the switch gives out IPs, but of ocurse not the ones i want. I did that to prove both the client and the switch can give out an IP.
So i have a feeling the subscriber-id client-id interface name mapping is not right, or not created.
Here is a snippet of config.
!
no ip dhcp use vrf connected
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
[Code]......
We are testing a Zone Based FW config since 1month, everything run smooth but we're having problem ( big slow speed access ) when a user try to reach a website on a non-standard port ( 8080 in that case ). All the trafic stay in our LAN, using a IPSEC/EZVPN connection between the 2 sites.As soon as I have disabled the Zone Based FW, the speed was much better.
I'm sure I'm missing a parameter to fix that problem but I tried many different options and I didn't find anything yet. All the routers are Cisco 1811 running adv IP Services 15.1.2.T1 IOS.A port-map has been created to map the port 8080 to the HTTP protocol for the inspection.The PC will have an IP address in the 10.2.2.x/24 and will access a server on 10.2.3.x/24, both devices are part of the zone private in each site/LAN.All the access between sites are managed by an ASA; the IPSEC/EZVPN peer.Little summary, it's gonna be something like : SiteA with a PC on private zone then on public zone for the EZVPN to SiteB on public zone and then private zone to access the server in the LAN.
Ask this question, if someone came across a 6513, one of the RJ45 ports are constantly falling.The question is how to disable logging on a specific portno logging event link-status does not work.
View 1 Replies View Related