Cisco Application :: Installing 294 Inline At A Site
Apr 8, 2012
I have a new deployment I am working on. I am unclear on the Inline setup. One location is configured as a trunk between the router and the switch, with voice and data traffic going through it. We will be installing a 294 inline at this site.What impact will it have on voice traffic? We are using G0/0 for management, not the Inline interfaces. Is that any additional configuraiton needed to inline if done this way? I didn't get prompted for vlan ID, or anything like that during the setup as an accelerator.Are these setup with default optimizations out of the box, or is there additional programming needed once they are online? I found where to build custom applications, but wonder if there is anything needed to be done once they are online for default traffic.
I have 2 basic questions I am having doubts about it and would love to have some clarifications:
1) I configure in one ACE4710 (running 4.2.2) context a bridged interface and in another context the same interface, like here below : [code] Then I move to the Juniper context and I try to create an interface (either L-2 or L-3) but it doesn’t work: [code] So if I configure an interface as bridged in one Context, I cannot configure it in another context??
2) If I want to migrate in context Microsoft from One-armed to inline (L-2 bridged), can I migrate one service at the time ( I.e. the config i showed above for context Microsoft, would it work also for one-armed based???)
I'm attempting to redirect SSL from the base site to a different page on the same SSL site. I want to redirect https://10.4.16.54/* to[URL] . If I enter[URL], site loads, but if I enter simply https://10.4.16.54, it times out. The ssl_sharepoint service is my ssl_proxy_list.
In previous versions of LMS, I navigated to RME - Devices - Inline Edit to increase the snmp timeout. I haven't been able to locate the same process in LMS 4.2. Where I can locate this feature?
i have a ip-cam that is connect with power inline on my cisco router, i want to scheduler a reboot daily, of this ip-cam is there a posibility to use a daily time (time-range) to shutdown the interface and back up, or shutdown de inline power on this interface and back up ? i have ios version 12.4
I am having issues getting my (now former) routers to have internet access. They also kept seeming to become unresponsive when trying to change the settings and continual resets were necessary. 2 of them have now lost a battle with a sledgehammer and before I acquire a new one I want to know if my laptop is somehow infecting these routers, because 3 of them had similar symptoms before they met their fate with a 12 lb sledgehammer.This is in an apartment complex. Next to the cable modem, there is a Netgear router. This router has 4 outputs with ethernet cable going to 3 different apartments, one of them is mine which is in a separate building 200 hundred feet away. Rather than run an ethernet cable this distance, I made a reflective enclosure installed it under a carport and broadcast a signal to my apartment, and this worked great for 3 years. When the router next to the cable modem failed and was replaced, my personal router would no longer transmit the internet to my apartment.
We have just purchased and installed a 4506-E chassis. It contains a supervisor, two POE blades and 3 non-poe blades. Version is 12.2(53)SG1. Anyhoo, one of the ports isn't providing power to an IP phone. We can plug the phone into any of the other POE ports and it works fine. Is there a way to test an idividual port for POE problems? What could the problem be? The port works for normal data but will not provide power.
i'm stuck at registering inline posture node to primary node. I doing fresh install both ISE appliance using version 1.1.1, patched all 3 available patach version after install. AD and DNS were perfectly configure, ping using hostname able to resolve Everything set, so both PSN and iPEP generate CSR and ready to let CA server to signed. But anyway this is the outcome i get Error message "Unable to authenticate. please check server and CA certificate."
01. - What certificate template to be use primary node and inline posture node? I having problem the CA certsrv won't show computer template for inline posture node. can i use web server template and on the extension include client autthenticaiton andserver authentication on this case?
- What certficate template use for primay node CSR?
02. According to Cisco ISE user guide 1.1.1, it mentioned "Creating certificate trust list in Primary ISE Node"
So first action is importing Root and CA certificate . my rootCA.cer import to certification operation certifcate store, while CSR generated then Bind CA certificate. question, should i check anything like "Tust for client authentication" checkbox or any other option to be check? How about Inline Posture node, should i export the CA certificate and import to primary node's certificate store?
Essentially, not all ports on our brand new SG300-28P switches provide Inline Power to our older 7900 series phones. I can connect the phone a couple ports down and it usually powers up, but not always. Often I can also connect an 802.3af device to one of the troublesome ports and it will received power, however I am noticing there are some ports that now refuse to supply PoE at all?
This is equipment that has been running perfectly fine for several years now, on C3524 PWR XL switches. I can also tell you that this is not isolated to one switch, but all 5 of our SG300 access switches. And, yes, the firmware has been updated to 1.1.2.0.
I am running a 15.1 or so version of the IOS on a 1921 router. I have plugged in the external PoE injector into the router, and the PoE light on the front of the case is lit green. I have no options in the IOS to enable power on the EHWIC ports. I have most licenses enabled, including data and security.
I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
I have a LAP-1142 connected to one of our PoE blade in our 4506 switch, it used to work fine with the following power consumption:
Interface Admin Oper Power(Watts) Device Class From PS To Device --------- ------ ---------- ---------- ---------- ------------------- ----- Gi4/3 auto on 21.5 20.0 AIR-AP1252AG-A-K9 3
However, we had power issue on Apr 28, so it failed and we saw from the log below:
Apr 28 13:57:38.990: %C4K_ETHPORTMAN-3-INLINEPOWEROVERDRAWN: Inline powered device connected on port Gi4/3 exceeded its hardware protection threshold.Apr 28 13:57:39.694: %PM-4-ERR_DISABLE: inline-power error detected on Gi4/3, putting Gi4/3 in err-disable state After the power restored later, the other LAP connecting with the same blade restored without any problem, except this one:
Interface Admin Oper Power(Watts) Device Class From PS To Device --------- ------ ---------- ---------- ---------- ------------------- ----- Gi4/3 auto on 16.6 15.4 Ieee PD 3
Cisco IP phones attached to a Moduke in one of my Cat6500 access Switches suddenly went down. Upon closer inspection of the Switch Sys log, I observed the following Sys log error messages: [Module 9 is experiencing the following error: Inline Power Module - PS Voltage bad. ]A sh Mod output indicates the PoE daughter card and Main Module are "ok" - see attached output. It appears issue is related to the the actual Power Supply module and not the blade module and installed PoE Daughter card. I am inclined to open a TAC case for a PS replacement, but wanted to see if this can be resolved without a hardware replacement. At this time all 48 IP phones attached to this module are out of Service.
We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?
The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
Below are my configure on the Cisco 877 in site A.
Building configuration... Current configuration : 5425 bytes ! ! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01 ! version 12.4 no service pad
cisco products and am struggling getting a VPN going between an ASA 5505 and 5510. I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).
I would like to ask, given that i got 2 units of ISE-3315 appliance, one need to be primary node for admin-policy service-monitoring, another unit then become Inline posture node.For the preparation on line posture node, what shoud i do on it?
01. For the unit ready to become inline posture node, so I just boot it, install the OS from sractch (using version 1.1.1), then start the initialize setup etc, like Normal setup?
02. Before i regieter, what is the deployment nodes i should select for inline posture node unit? provided the admin-policy service-monitoring will become primary node, and registration for inline posture node will be next action.
I have a switch 3560v2 with an IOS 12.2(50) SE1.All the lights ON and console error message below:POST: inline power post failed for port 0 up to port 15.Then, the system hanged and all lights (indicator) ON.
I have ASA 5505, i configured site to site vpn between central site and remote site and is working. Now the problem is we use remote site for troubleshooting purpose, so we need to create a tunnel from remote site to central site. I need to configure such a way that remote site can craete a tunnel to central site, but central site not able to create a tunnel, it just respond to remote site.
i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?
We have two switches of the same model (WS-C3560-48PS-S) that are not providing PoE. I'm trying to remotely determine what the cause of the issue is.
Here is some output.
Hostname#show power inlineAvailable:0.0(w) Used:0.0(w) Remaining:0.0(w) Interface Admin Oper Power Device Class Max (Watts)--------- ------ ---------- ------- ------------------- ----- ----Fa0/1 auto off 0.0 n/a n/a 15.4Fa0/2 auto off 0.0 n/a n/a 15.4Fa0/3 auto off 0.0 n/a n/a 15.4Fa0/4 auto off 0.0 n/a n/a 15.4Fa0/5 auto off 0.0 n/a n/a 15.4Fa0/6 auto off 0.0 n/a n/a 15.4Fa0/7 auto off 0.0 n/a n/a 15.4Fa0/8 auto off 0.0 n/a n/a 15.4Fa0/9 auto off 0.0 n/a n/a 15.4Fa0/10 auto off 0.0 n/a n/a 15.4(code)
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
I am trying to set up a site to site ipsec connection. AT site A, I have Vlan's 652-10.55.216.0/24, Vlan653 -10.55.217.0/24, Vlan 654-10.55.217.0/24 and Vlan655-10.55.219.0/24 and at site B, Vlan650-10.55.214.0/24 and Vlan651-10.55.215.0/24.The problem is that I am unable to get any associations when i do a "sh crypto isakmp sa"/"sh crypto ipsec sa" on either router at each site.I am also unable to ping by pluging in a laptop into the site at each site. Laptop at site A is set to access vlan 655 and laptop at site B is set to acess vlan 651. I can ping all the devices from one end to the other.I have turned on debug crypto isakmp, debug crypto ipsec, debug crypto ipsec errors but dont get anything at all as output.I have attached the sh run for each router Cisco (1941/K9) and switch (Catalyst 3750) at each site.
I have an ASA 5525 and need to configure site to site ipsec vpn to 3 peers. I currently have an existing /28 public address from my ISP that is used by other services.Is there a way to use this existing ip range to configure IPSEC tunnels to 3 peers ?
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
We've just deployed a site-to-site VPN using a 5505 ASA on the client's site and a checkpoint Nokia FW on our site. Everything seems to be fine except that the user's connections to their file shares seem to be intermittently dropping. One minute the connection to the shares is there, next thing it's lost. There is no logic to it because no two users are experiencing issues at the same time, as a matter of fact even on the same PC where a user has access to 3 shares on 3 different servers, one could be showing as connected whereas the other two be dropping. [code]
As you can see the Duplex and Speed are set to auto, I've rectified this since then and I'm keeping a close eye on the output errors, and collisions. However, I'm afraid that this did not rectify the issue and the users are still experiencing intermittent connection dropping to their file shares over the VPN!
I have a request to establish a site to site VPN with a customer. While collecting the information I give them our local network subnet which is a private subnet (192.168.5.0). They asked me if I could give them a public address instead. They can not work with the 192.168.5 subnet. Is this possible?
My side of the VPN is an ASA 5505 running 8.2(2). The other side i believe is a Checkpoint.
I've setup a site to site vpn on an ASA 5510 using ASDM (as I have many times before) and the tunnel appears to be up but I am not able to pass traffic. When I run the packet tracer from my inside network to the remote destination network, it shows that it is blocked by the implicit deny ip any any rule on my inside incoming access list.
Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.
Currently the rules are as follows
Incoming External allow ip any any allow tcp any any allow udp any any default deny
[code].....
It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.
