Cisco :: 6509 Sup-2T Management Through CMP Interface
Dec 3, 2012
We acquired recentlty a new Cisco 6509 with Sup-2T supervisor card
My question is the following : we have a management subnet on a Copper-based switch; we manage all equipments through this network. I planned to configure the management interface on the 6509 to connect this switch & monitor the VSS through it However, since it is a CMP interface, most of the actions (SNMP, IOS upgrade.. won't be possible through this link) Moreover, I don't think LMS would be able to get the configuration through it (except by configuring a script running "attach" command & show run
Is there something I miss or must I add another interface of the Catalyst to this network (the problem being that I have no copper line card)
View 2 Replies
ADVERTISEMENT
Apr 27, 2010
I have a cisco 6509 configured with a cisco NAM module. I have reset the config of the NAM module by the config clear command. Since this moment I can't no more ping the NAM module via the management port: OK via the 127.0.0.91 address and log in ok via the ios cli session command. [code] I have already tried to reboot the module via the ios cli hw module command and nothing better.
View 12 Replies
View Related
Mar 6, 2011
I need to enable Management access to FWSM using CA ssl certificate.
FWSM Version 3.2(5) in Cisco 6509 switch.
Got to know how to generate, import and export certificate but my query is how to get it applied to the management ip do i need to apply in the management interface.
View 1 Replies
View Related
Jul 1, 2012
We've just invested in a pair of Sup2Ts to upgrade a Sup720 6509 chassis but I'm unsure exactly how the management port(s), aka the Connectivity Management Processor (CMP), should be configured (and patched) in a dual supervisor system?Is each CMP an independent entity or is the management interface configuration (IP address, gateway, etc) replicated between supervisors?If it's the latter then do both management ports need to be physically connected at the same time?
View 1 Replies
View Related
Nov 5, 2012
I'm trying to separate my management traffic from regular traffic by splitting the management and "outside" interface to separate vlans but I'm hitting a routing issue. Say I have have a management network of 192.168.1.0 255.255.255.0 running across vlan 1 and I want to use 192.168.2.0 255.255.255.0 running across vlan 2 for the outside interface to send all the other traffic excluding the management traffic across. Tag both vlans on the external interface, say Eth0/0 Default route of route outside 0.0.0.0 0.0.0.0 192.168.2.1, With this, you can not hit the management interface because there is no route defined for the 192.168.1.0 network. However of course if you try to set one, you'll get the "connected route exists" error. How can I set the default route or gateway of the 192.168.1.0 network on the ASA. Switches just don't complain like the ASA does.
View 8 Replies
View Related
Jan 27, 2011
We have recently purchased a Cisco Small Business Pro SRP 527W router, all seems good and it is running smoothly, no disconnections or sync issues like our last router. However, after a certain amount of time the web management interface is unavailable through the browser (accessing it via 192.168.1.254 or the alternative we set-up 1.1.1.1) It is totally unavailable and timeouts in the browser yet there is still internet access and network is still alive. The web management interface was accessible before though and the only solution I have been able to do to access it again is to reboot this router.Could it be possible that because port 80 is forwarded to a different IP it interferes with the Web management interface? And how wcould the interface port access be changed?
View 2 Replies
View Related
Jun 7, 2011
I have running a Wireless LAN Controller Cisco 2006.Today my management IP its public with Internet access. I am thinking in use a private IP without internet access. I have certains Access-Points in other building, that connect to AP Manager interface using Internet . When i see the tcp connections, i look that the access-point not only have TCP connections to AP Manager interfaces, it have TCP connections to Management interface too!!!.If i shutdown the connection between Management interface and Access-Points (mantaining the connection between Access-Point and AP Manager interfaces)?
View 1 Replies
View Related
Apr 25, 2012
Am trying to replicate the managment interface functionality of a CSS on ACE 4710 but have problem with it being treated as a general routed interface.
Scenario
On ACE 4710 I have a front-end interface for client facing VIPS and a back-end interface facing a server farm, taking care of load balancing flows
Non load-balance system traffic for the back-end servers also flows through these two ACE interfaces, following a default route path (the back-ends use the ACE as default gateway) i.e. dns requests from the servers flow through the ACE egressing the front-end interface to hit a firewall and route to an internal dns server.
Issue
If I add a "management interface" to the ACE 4710 and give it an IP address for management access, the interface by default assumes 'routed' mode and as the ACE treats this as a general interface it will route traffic out of it. For example if the IP address of this management interface is on the same network as the internal dns server, it breaks that connectivity. This as the ACE will see the "management" interface as best route to directly connected network and send traffic to dns server over that, however dns server response traffic will follow its defult route path via firewall and ACE front-end interface to get reply to back-end server. The firewall will block this traffic as traffic is asymmetrically routed and firewall not seen the initial dns request packet.
Question
Is there a way of making an ACE interface a 'non routed' management only interface for out of band management use? That is ACE will not attempt to route general traffic through the interface
I realise I could achieve this with multiple contexts but want to have a single context for various reasons - i.e. to have a kind of like for like CSS replacement using ACE 4710
View 3 Replies
View Related
Feb 13, 2012
I am having issues with the ASA 5510 management interface. I can't communicate with this interface. It is showing DOWN/DWON even if I type NO SHUT several times.
My existing config is as follows
our-asa-01# sh run
Saved
ASA Version 7.2(5)
hostname our-asa-01
names
dns-guard
interface Ethernet0/0
[code]....
View 5 Replies
View Related
Jun 30, 2010
How to configure SSH on a ASR 1002 and apply it to the Management Interface?
View 3 Replies
View Related
Apr 16, 2012
I have a number of WLCs/WiSM2 running 7.0.230.0 (still using WCS for management). The management interfaces for the controllers are on a purely private subnet. While going through the intenet edge ASA logs I noticed some traffic drops for the controllers on the Inside interface. I took a packet capture from the controllers and found that they were sending TCP traffic to a number of IP addresses (Microsoft, Hotmail and Google) - always with a src port 2028 (submitserver) with the ACK/FIN flags set. Why this traffic is coming from the management interfaces? The management interface is not used by any wireless clients and is not the default interface for any of the SSIDs.
View 4 Replies
View Related
May 22, 2013
I have a number of WLCs/WiSM2 running 7.0.230.0 (still using WCS for management). The management interfaces for the controllers are on a purely private subnet. While going through the intenet edge ASA logs I noticed some traffic drops for the controllers on the Inside interface. I took a packet capture from the controllers and found that they were sending TCP traffic to a number of IP addresses (Microsoft, Hotmail and Google) - always with a src port 2028 (submitserver) with the ACK/FIN flags set.
View 2 Replies
View Related
Aug 1, 2010
I'm setting up a new 5508. I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface. In this case, port 1.
The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem. I can access the 5508 via https using the SP. However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x). Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect. We are using WCS and I cannot add the device from the WCS. About all I can do is ping that interface.
View 6 Replies
View Related
Jun 28, 2012
I have a brand new ASA5512-X running 8.6.1, and am trying to do an initial setup using the Quick Start Guide that came with it. However, the Management Interface is not working. I have a PC connected and set to use DHCP, but the port is not active. I connected a console cable and can see in the config that the interface is shutdown. So I set it to active, and the port is now active, but is not giving out a DHCP address as the guide says it should.I would like to use the ASDM Startup Wizard to configure this device, so how do I get it to work the way the instructions say it should?
View 2 Replies
View Related
May 9, 2011
How does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed
View 1 Replies
View Related
Mar 29, 2012
I'm working on creating an open wireless scheme and we are simply going to use WPA with a key. What I'm getting a little stuck on is preventing access, by the guests that will connect to the WAPs, to the gateway/management webpage. I've been looking into seperating with VLANs and trunks (internal with management access and external for guests) but having a hard time with the configuration scheme.
Not sure if there is an easy way to just block that in the config or what.
View 1 Replies
View Related
Jul 27, 2010
I have two ASA 5520 with 4 Giga interfaces and 1 management interface.
I need to use 4 interfaces four data traffic
1- Inside
2- Outside
3- dmz-1
4- dmz-2
The remaining will be the management interface only.How can I configure the Statefull failover and Management?
1- I used the management0/0 for The stateful failover.
2- I used gig 0 for outside
3- I used gig 1 for inside
4- I used gig 2 for dmz-1
5- I divided the gig 3 to two sub interfaces
a- gig0/3.1 for dmz-2
b- gig0/3.2 for Management and I defined it as a management-only
View 6 Replies
View Related
Dec 21, 2012
I have a new SG300-28P, and have had occasional issues with being unable to connect to it via anything other than the serial port. I have connectivity between my machine and the switch (tested with ping each way), and in fact, have the same problem if I take a laptop to the switch and connect them directly.What happens is that though the switch is operating normally, http, https, ssh and telnet attempts to access all fail in one way or another. Ssh and telnet either yields no response or a refused connection (even though those services are enabled). For http and https, I'll occasionally get enough of the web page to be able to tell what it is ... but attempts to log in just don't work.While this is happening, the CPU and packet load on the switch is very, very low.Rebooting didn't work entirely, though it may have made it better. Resetting to factory defaults and then reconfiguring makes it work.This is using the latest firmware: 1.2.7.76.
View 3 Replies
View Related
Jan 16, 2013
After I've upgraded software to the v7.3 and applied AP-SSO it made imposible to access the controller's gui via Service-port. So we tried to access it by management-port, but there is some problem too. It is not working from another subnets. But default gateway on management vlan is set correctly and I even tried to turn of all acl's on switch. WLC is only accessible from the same network. But at the same time wlc is replying on ping fine.All other protocols cannot connect to the controller.
View 3 Replies
View Related
Jan 6, 2013
I have a misanderstand about management interface configuration in cluster. So I have a cluster asa 5515X with management interface. i Would like to be able to connect to any of the member of my cluster on management interface, so i would like to fix a different ip on management interface on each of my node ip 92 and 91. I think it is the only way to make asa firmware update to access local flash on each node.
my config
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif
[Code].....
View 9 Replies
View Related
Apr 30, 2012
Is there a keyword that we use under the interface to specify that it is purely management?
We need to assure that the subnet and any node on that subnet is not shared with the default routing table.
how do we set the gateway for the management interface if the node we are sourcing the ssh session from is on a different private subnet?
View 2 Replies
View Related
Jan 2, 2012
I'm trying to verify some behaviors I'm seeing with my 5508 controller setup, I've zero experience with this hardware and clueless on the best practices. With that said... out of the box I ran through the AutoInstall process.
I gave my service port an IP address on my subnet, 10.10.8.0/24 vlan 100 and gave the management interface the ip address 10.10.30.5/24 vlan 130
From my host I can ping the management interace 10.10.30.5 and the interface gateway 10.10.30.1
I cannot connect to the controller via 10.10.30.5 either through the web GUI or telnet
I can connect to the controller via 10.10.8.200 both through the web interface and telnet
while connected to the service port, I can ping the management port IP but I cannot ping the 10.10.30.1 gateway.
We have attached two test 3502I AP's and they found the controller and pulled correct ip addresses, clients can authenticate and access network resources as well as the Internet so for the most part, things are working but it concerns me that the management interface can't ping its own gateway.
View 8 Replies
View Related
Jan 21, 2013
I try to SSH and get access denied.
I try to ASDM and get "Unable to launch device manager from 172.16.252.100"
I think I am missing something. Software is 8.4(5) and running in Transparent Mode.
Inside/Outside are in bridge-group 1. No BVI is configured as we will be using Management0/0 for access.
login as: test
test@172.16.252.100's password:
Access denied
[Code].....
View 7 Replies
View Related
Oct 16, 2011
i have a Cisco ASA 5520 8.4(1) with a ASA 5520 VPN Plus license
i want to use the management interface as a regular interface (using the no management-only command)is this interface a Gig interface as well ?
View 1 Replies
View Related
Oct 19, 2011
I have got a 3502 setup and functioning in Office Extend mode. I have found one issue though. I have to set the checkbox on the my Management Interface to Enable NAT Address and put the external address in the box. Once this occurs no internal APs can join the controller.
Need setting this up with a single controller behind a router and not having to set the NAT Address for the Management interface? Should I setup a second interface on the controller to be for external management?
View 9 Replies
View Related
Jun 19, 2012
owner of a new B1 here. I've seen various recommendations for 2.03 as a firmware, as mine came with 2.04. Why is this recommended? Is there any others that are recommended?Additionally, after connecting up to the router via ethernet (192.168.0.1), the control mechanism for the router is rather slow. I've owned many routers, and this might be the slowest administration/settings page i've seen for a router. Is this normal?
View 8 Replies
View Related
Aug 31, 2012
I've got a 3750X, IOS 15.0 IP Base license, reset to factory defaults, and I want to use the FastEthernet0 out-of-band management port on the backside next to the console port. The idea is that this port should provide a management interface that does not participate in the routing table. Problem is, contrary to the documentation, that configuring an IP address on the interface does make it show up in 'show ip route'. So it's still part of the routing table. Also, I'm unable to find the commands to change this and set a default gateway for just the management interface. I'm pretty sure this has to be possible, I remember seeing something similar on an ASA once. The 3750 configuration guide on Cisco.com does not seem to mention it.I considered using VRF but it's an IP Base license, no VRF.
View 1 Replies
View Related
Oct 30, 2012
i cannot access the web managemnet interface of this router from a different subnet.THe WAN interface is a 4G LTE connection,I have disabled both the SPI firewall and NAT and enabled remote management from any ip address but i cannot access the admin web page from a remote subnet.Doing a port scan of the routers WAN or LAN address i cannot see any ports open at all...its as if firewall or NAT is still enabled somehow.
View 0 Replies
View Related
Apr 3, 2013
I configure IP address on the management interface port 1 of 5508 controller when i connect it direct to my laptop i can't ping or access controller from my laptop even i connect through layer 2 switch still i can't not.
IP Address of management interface : 10.21.0.50
Laptop IP Address : 10.21.0,51
View 13 Replies
View Related
Dec 8, 2012
regarding to the out of band Management interface , if I configured an intervace vlan to be as a managment interface for one vdc ( the default vdc ), when I connected to this vdc via telnet , can I switch to any other vdc ? ( suppose that I have the Admin role which allows me to enter and config all the vdc's )If that is possible so that I dont have to make a dedicated managment ip for each VDC I need to do that only if I want to make vdc admin's account to allow some users to access specific vlans only , is that true ?
View 2 Replies
View Related
May 6, 2013
I have 2 x 5508 Wireless Controllers, 1 mgmt port on each as standard. I noticied something different between these controllers running the same code.I can bound a physical port to the mgmt interface on one controller but not the other (both interfaces are untagged)see below, this config appears on one controller but not the other? Is this something to do with the initial setup? How can I add Phyiscal information to the other controller mgmt interface, I cannot delete the mgmt interface. Physical InformationPort Number Backup Port Active Port Enable Dynamic AP Management?
View 2 Replies
View Related
Nov 1, 2010
I have a client with an AP541n, most recent firmware installed. When he logs into the management interface (via IP using Google Chrome browser), it will work for a few minutes and then just disappear. If he attempts to reload the page he gets a message similar to a website being down (page cannot be displayed). The idle timeout has been extended to 4 hours, but this can happen at any point while logged into the interface.
View 1 Replies
View Related
Apr 7, 2011
We recently reset a 4400 controller in a school. Although all access points associated, clients could not get the Internet. On investigating we suddenly lost connection to the web interface. We tried hyperterminal connections to reset, but found that the managament interface had the ports "unconfigured". We finally reset the configuration, and when we tried to start from scratch it now does not allow a port designation. It asks for 1 or 0 but says both are invalid when entered.
View 2 Replies
View Related