Cisco :: C6500 - Create SNMP For Couple Of Servers / Access List For Separate Community
Jun 4, 2013
On C6500 series I have to create a separate community to send a SNMP trafic for a couple of gig interfaces.The user that will collect these informations has a Monitoring server and is only interested in monitoring traffic on those link and maybe pps.
I understood to create a an ACL pointing to his IP of the server, and that create a community and associate this access list with that community. Those commands I have, but I need to send the user the MIBs or other relevant info on how to collect and forbid everything else but thos interfaces.Do I need to give the SNMP HOST command and associate with this community after that.
I am using cisco Nexus5548 and trying to enter a snmp community, but it doesn't accept it. I enter a community name that is less than 32 characters, with symbols, numbers and letters.
I have a C3825, and have been using standard ACLs and a PBR to route certain HTTP traffic via an alternative default gateway:
route-map RTRMAP-OfficeLAN permit 10 match ip address RTRMAP-OfficeLAN-toADSL set ip next-hop x.x.x.x
This is working absolutely fine, and as expected, all traffic matching the ACL is being sent to x.x.x.x However, we have recently expanded our network, and I am now receiving various networks via BGP from various sources. All BGP incoming via iBGP is tagged in communities:
Community (expanded) access list 100 permit 37xxx:100 Community (expanded) access list 200 permit 37xxx:200 Community (expanded) access list 300 permit 37xxx:300
[code].....
All communities are also matching prefixes when executing either 'sh ip bgp community 37xxx:100' or 'sh ip bgp community-list 100' What I am trying to achieve, is create an EXCEPTION for the policy route. Traffic matching the community lists, must be forwarded based on the routers routing table, whilst traffic maching the ACL, must be sent via the policy route...
route-map RTRMAP-OfficeLAN permit 5 match community 100 200 300 400 500 ! route-map RTRMAP-OfficeLAN permit 10 match ip address RTRMAP-OfficeLAN-toADSL set ip next-hop x.x.x.x
My logic dictates to me that the above should work, but looking at the route-map, I get matches on seq 5 and pacets are exiting the route-map as expected (first matched). However no traffic that does NOT match community 100,200,300,400 or 500 and that DOES match the RTRMAP-OfficeLAN-toADSL never matches.
The counters on the route-map for seq 5 is increasing, but no counters are increasing at seq 10.. It's almost as if seq 5 is matching all traffic.
I have a XSR-1805 (Version 7.5.0.0) enterasys router here. Got SNMP server to work successfully. The thing is that I couldn't make the router restrict a range of address allowed to use a community. Only 10.1.0.13 is allowed to use SNMP in this case.
Nexus1000V and I was wondering if there is a way to limit snmp access via access-list on the RO/RW community, as can be done on IOS. I can't find anything relevent on the Reference Pages
i m working in a domain environment . for example my domain name is testdomain.com. i create a shared folder on it and give everyone a read control over it. then i create a folder in that shared folder with name of test. i also create a user with name test. i give full control to test user over test folder. now when i access the test folder from network with username test. i can read that folder but when i create the file or folder in the test folder it will show the following error..."unable to create a folder"new folder" access is denied.
i'm trying to connect 5 servers together to create a private network.Each server has a network of it's own and i'm trying to make all 5 servers communicate with each other to share and search data simultaneously..
We successfully use this oid on our Aironet 1240 series AP's to list the dot11 associations to the AP:1.3.6.1.4.1.9.9.273.1.2.1.1.18 (cDot11ClientSubIfIndex).However, that oid does not work on our Aironet 1140 series AP's. Any equivalent oid?
I'm trying to create a route-map for an EIGRP Distribute list on a N7K, the goal is to not advertise a 10.0.0.0/8 and 172.31.30.20/32 networks out a link to a remote site while permitting all other traffic to the internet (default). I configured the ACL/route-maps below and applied them outbound on the N7K interface but no subnets at all are being received on the remote site router.
ip access-list DENY_10.0.0.0 10 permit ip any 10.244.244.20/30 <<--WAN interface network 20 deny ip any 10.0.0.0/8 25 deny ip any 172.31.30.20/32 30 permit ip any any
Our current topology is a single N7K with two 48port 10Gb F2 linecards and FEX 2224TP in the server racks. In a few of the racks that house important servers, we have placed dual FEX 2224's. Each FEX has 2 10Gb links back to the N7k (each link on a separate LC). I've tried to create a port-channel for the important servers in such a way that each NIC on the server is connected to a separate FEX - but its failing (simple drawing attached). I've read multiple posts saying this is possible, and others that say its not. I've also submitted a TAC case and have been told it's impossible to port-channel interfaces on separate FEXs connected to a single N7k - but I find this an impossible limitation and want to verify it's actually right. Is this really a limitation?
There are 3 laptops in my house including mine, and i keep losing network/internet access every couple of minutes so I have to go to the router, unplug the device, and plug the device back in every couple of minutes, usually 10-15, although it varies, and the same has been going on with the two other laptops, so it's not just my laptop.
I am taking a college course using Microsoft Windows Server 2008 Administrator Lab Manual. The labs assume that you are in a MS lab with the ability to connect to thier domain and servers. I want to create my own virtual lab to simulate MS environment so I can follow the assignments. I have VirtualBox installed. I am a completely new to servers and networking
I am trying to create a port channel between HP servers (4 nic) and two nexus 2k. The server side its a single team with 803.2ad fault taulerence and on the nexus side it have created two port channel (port channel 1 for nexus 2k1 and port channel 2 for nexus 2k2) and made them ACTIVE (channel group mode active)
But when i add a another server on different ports and port channel them the same way as the above server on nexus 2k1 and nexus 2k2, the first server stops pinging. so i have to sht down the first port channel and reopen them - then it works, however it says NO NETWORK ACCESS on the servers (running windows 2008). the only way is to reboot the server i cant be doing this on a production network.
I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.
i have computer A with 2 NICs.... NIC 1 has ip 192.168.x.x which has access to internet and NIC 2 10.0.x.x which as access to server files and other docs....i have computer B with ip 192.168.x.x but want to be able to access 10.0.x.x using computer A as a router is this possible and how do i go about doing that. i was thinking about bridging NIC 1 and NIC 2 adding static route on computer A and adding a second ip 10.0.x.x to computer B NIC (i know it is possible to add 2 ips on one NIC in windows) so i can have access to the file server...is what i mention possible
I try to add a Catalyst 2960 to Cisco Network Assistant, I get the prompt for password but I get a "Authentication failed". I use the same login / password for telnet that works fine. Http admin page is reachable but I cannot login with the "admin" account.
I would like to know how long a route would maintain its community tag when it traverses ***?Basically, a route is tagged 100:1000 when exiting AS100, and then accepted into AS200. AS200 will not modify the tag. Would AS200 export the route to AS300 with the same 100:1000 tag?
I have two separate network with their own internet access as shown below I want to keep all setting of the left network unchanged. I can change the IPs and setting of the right side network.I want to be able to access all devices of the two network from my computer but in the same time the two network work as usual with no problems ( the same when they are sperate).One option is to set the LAN of modem 2 to 192.168.2.2 and connect one of the LAN port to LAN port of the Mkrotik router. Set the WAN of my private home router as
I want to share one broadband connection between network A 192.168.1.xxx and network B 192.168.0.xxx. Network A is SBS 2008 while B is Linux with static IPs.
We have a rack with a Cisco Catalyst 3750 that is networked with other racks in the data center and uses bandwidth from the data center co-location (which is also an ISP). We had a need to install a Comcast Business Class modem in this rack and want to be able to manage this modem remotely. What I have done so far is.
My fiance recently signed up for the Screen-wise Panel for Google research. Basically they monitor your TV usage and your internet usage. As part of the program they installed a Cisco WIFI router. I've got no issue with them logging the sites visited etc but I'm a little worried about them possible collecting private information (banking / work related stuff) that I don't want going out there. According to what I've read what's supposed to happen is they replace your router with the new Cisco router.The "technician" who came in and installed the router was actually a builder and not an IT technician and rather than replace our router he connected the Cisco router into port 4 of our router... I wasn't in at the time.
What I was looking to do is separate Port 4 of my router into a separate VLAN that can access the internet, but not access anything on ports 1-3, or the wireless. However, I want to be able to see everything on port 4 from the other side (in other words I want to see "into" the port 4 VLAN, but don't want them to see out). I also wanted DHCP to assign IP addresses correctly depending on where you were plugged in. In this example the first VLAN (your current router ip address) is going to be on 192.168.1.1, and the second VLAN (the new on we create on port 4) is going to be on 192.168.2.1.This is exactly what I'm looking to do, I could then connect the kids machines / tablets / ipods to the Cisco router and have the main machine and my work laptop on the main router... but I don't have a clue how to do it. </quote> Is this something that I am able to do with the Netgear router I own and is it hard to set up?
We have 25 remote sites that use MPLS back to the company HQ that has one connection to the internet.Also at the HQ we have a seperate ISP connection.The remote sites and HQ have AP's which provide internal company access. We would like to have a seperate Guest WLAN at these remote sites to provide access to the ISP connection at the HQ's. Do we need to have an anchor controller? From documentation I have been reading it looks like anchor controllers are mostly used for networks that have a single connection to the internet and they use the FW to control/ secure the guest and company network from each other. Is there a differnt way of seperating the guest wireless and company wireless network securely from each other but use the same WLC's and AP's??
We have a two separate businesses in the same building who will both need access to shared resources and the same internet connection. They will need to remain on separate subnets and cannot communicate directly to each other. The current switch is a Cisco ESW-520-48P and we are looking at purchasing an SG-300-20P for the new business moving in. Heres how we envisage setting it up:
ESW-520 will host Company A's network. Workstations, servers etcSG-300 will have two VLANS. VLAN1 will host all Company B's network. Workstations, servers etc. VLAN2 will host the shared resources such as printers. The internet gateway is a UNIX based system with 3 NICS. 2 NICS are taken up by ADSL connections while the other NIC is the LAN, which would connect to VLAN2 on the SG-300. We would like to define which ADSL connection to route through depending on which subnet traffic is originating. The ESW-520 will need access to the shared resources and internet gateway on VLAN2 on the SG-300.
i have two WAP4410N wireless router. with software version (2.0.1.0) , here i have a problem on SSID broadcast and access.i have created Two ssid's WC72 and SREE with same security configuration WPA2-personalmixed . i cant see the broadcasted SSID of name SREE where i only view WC72 and get connected to it..
where i initially want is separate SSID and internal network access for internal employees and Guests (shouldn't connect to internal network).
We just got a new replacement router at our home. We had a 2wire 2701 HG-S (we got this for free when we signed up for our DSL service) and now replaced it with a Netgear N300 Work and Play model. I want to know if we can set up the 2wire router as another access point to improve our wireless signal range. Right now we have a good signal upstairs (where the Netgear router is located), but not the best signal downstairs. I am able to run an Ethernet cord from the Netgear router downstairs to the 2wire if necessary, if it will improve our WiFi signal. Both of these routers are router/modem combos that include the DSL modem, in addition to wireless access point btw. Is this even possible to do? Would it require me to install a custom firmware onto the 2wire router?
How to implement mac access-list in 881 and 892 router ? As you now that we can get additional switch-port in the same router but I can't see the function in this router. I guess the switch port must function like the catalyst 2960 switch.
I'm creating an access-list that will contain all networks and host that will be redistribute into EIGRP.Till now, this access-list contains 72 entries but this number can increase anytime.
I'm using a 3750-x layer 3 switch, and I'm wondering how big this access-list can be, regarding CPU and memory utilization and performance.
