On our public wi-fi network we have an acceptable use policy page that users must accept in order to access the internet. However I would like to exclude a few devices from having to do this. We have a couple of Kindle devices from a vendor that they configured to automatically connect to the internet for updates twice a day. But they cannot accept the policy so they are blocked.
View 3 Replies
I want to setup a vpn tunnel from a Cisco VPN Client in the internet over a fritzbox to the Cisco 876 (Version 15.1(4)M3) so that the vpn tunnel terminates at the Cisco 876.For that reason I used the command "crypto map mymap" on the int fastethernet 1. When I try to connect, the VPN Client opens the window for username and password but then ends with the message "not connected". When I do "debug crypto isakmp" the Cisco 876 shows the message: "phase 2 SA policy not acceptable!". [code]
View 3 Replies View RelatedI find myself having to venture out into the realm of wireless (I'm more of a UC/DC engineer...) and i've got a problem i'm trying to track down. Installed two WLC 5508s, WCS, 3502i APs (123 of them...) in a 4-floor high school. What i'm finding is lousy throughput from a lab of PCs with little USB b/g/n adapters. I took my Macbook in and ran iStumbler to get an idea of the SNR but honestly, i'm not sure what i'm looking for.
For the particular room/SSID/band that i was looking at, i found that in the 2.4 range, i was getting 53% signal strength and about 16% noise. Is that a good level? In WCS, i can see close to a dozen APs in relation to the AP in question, so i'm wondering if the SNR is too high..
Has anyone come accross a problem whereby an SSID becomes unavailable when selecting a Radio Policy of '802.11g Only'? The SSID is configured identically accross multiple controllers, but only works on the WISM's. The same WLAN profile on a 5508 is unavailable unless I select a Radio Policy of 'All'.
All controllers (WISM's and 5508's are running 6.0.188.0)The WLAN profile is using MAC Filtering[WPA2][Auth(802.1X)] as the security policy.
I have set up a new wireless network for a customer and they want to use the guest portal for som users.The problem that I am expering is that on a particular site with many small buildings user complains that they have to reauthenticate using the webportal when moving between the buildnings. I have tired extending the idle user timeout on that particular wlan in the cisco 5508, but I still having this problem.
I would actually like if the user login via the guestportal at the beginning of the work day and after say 4-5 hours they have to reautencitcate.And if they loose network connectivity (moving between buildings, iphone/andriod shutting down wifi adapter, etc) they shuld be fine connecting again because they have aldready authecnticated once during the last 4-5 hours.
Is this possible via the ISE?My second question deals with 2.4 and 5 Ghz band.I use AP groups on each of my distribution areas. All groups have the same SSID but diffrenet egress interfaces (interfaces groups). And in some of these I want to save the 5 GHz band for voice over wlan and in others i would like to use both bands.
Do I have to create diffrent wlan profiles with diffrent radio policys and same SSID or could I do this in the AP group settings using RF-profiles?
We have a 7206VXR with an NPE-G1 processor. We're running the standard stuff on it, but here are the highlights.We just enabled netflow on it to send the data to an external source for analysis and the overall CPU level increased, but not significantly. About what should we expect for the overall CPU level? At this point, it's averaging close to 40% during peak hours.
View 4 Replies View RelatedWhen I try to print over the network I'm getting a dicom toolkit exception error. Any idea what this means and how to correct.
View 1 Replies View RelatedI took a SANS 401 class a few years back, and I remember them showing us how you could break PING (buffer- overflow? memory stack?)by pinging things you wouldn't normally.This was on WinXP I can't duplicate this on Win7, and have forgotten what exactly it was we typed in....I think it was some ALT-code characters, or a tick, 0x33 or something....I realize PING can take octal, decimal, and hexadecimal values?
View 5 Replies View RelatedIn last days I'm having problems with a Cisco 1812 device. It works for some time but then crashes and gives the same info.
View 6 Replies View RelatedIm trying to configure a SR520 with the CCA, but every time I try and apply the changes to the router i get the following error.
"java.lang.nullPointerException"
Using CCA 3.0(1) and Java Version 1.6.0_16 from Sun Microsystems Inc?I assume this is an issue with Java, as like with the SDM you had to use an Old Vertion.
What would be an acceptable number of wireless connections to a WRVS4400N router? I'm working in the IT department for a new company, and one of the offices complains that using VoIP and doing large file transfers are constantly a problem. They are all connecting wirelessly to the WRVS4400N. I managed to vpn in and connect to the web interface of the router, and it shows that there are 30 devices connected wirelessly to it. However, when people plug into the wall jack VoIP and data seem to work fine.I can't find any info on what a best practice would be for number of wireless connections to the router. There's no Vlans setup on it from what I can tell, so that may be my next step, to separate data and voice traffic.
View 2 Replies View RelatedI have a client devices constantly sending data (~ 13 kb per second) to a server through a Cisco AP1241AG (802.11g).I use Iperf to test throughput, but I am having a difficult time determining what an acceptable throughput rate would be.I know in "theory" the best throughput rate I could get is 54 Mbps, but since my client devices only send 13 kbps is 1 Mbps more than enough? or is 13 kbps the low limit for my throughput test?
View 1 Replies View Relatedi have a seagate goflex home wireless hardrive and kaspersky PURE, and the only way i can get the hard drive to work is by turning off kasperky's firewall. is there anyway i can add an exception on the firewall so i can have it running and still have my wireless hard drive running at the same time
View 1 Replies View RelatedRegion : Austria
Model : TL-MR3420
Hardware Version : V2
Firmware Version :
ISP :
I'd like to make exception keywords in the Access Control but I don't know how I could possibly do this. E.g. I have put in the keyword "apple" to be blocked, so if a domain has the keyword "apple" in it, it will be automatically blocked. What can I do, however, if I want to make an exception for the domain "appletree.com"? I haven't found any way to make an exception to specific domains or keywords.
I want to know that what is the minimum acceptable size of preamble in ethernet frame. if it is less than 7 bytes before sfd begins , will the packet drop?
View 1 Replies View RelatedOur switch had a little crash-fest this morning at 2:30 AM. I did find a web page about diagnosing Software Forced Crash Exceptions, but it did not look like ours was one of the more easily-identifiable ones.
It may be worth noting that we've only used this switch for about a month, everything seemed fine until now. When we got the switch it did not have any GigE modules, and this week we put 2 into it and have been using them for 2 servers.
It looks like the switch was crashing repeatedly over a period of 20 minutes, and then it stopped and normalized. In the logs of the router that this switch uplinks into, we could see the ethernet port flapping during the time that the switch wasn't reachable.
Here's the Show Stack on the switch:
Sfld_3550# show stackMinimum process stacks:Free/Size Name4404/6000 vegas_flash init3352/6000 SaveCrashBuffer5716/6000 CDP BLOB8512/9000 IP Background5596/6000 vqpc_shim_create_addr_tbl5584/6000 SPAN Subsystem5552/6000 SASL MAIN4944/6000 vegas IPC process8704/9000 cdp init process5404/6000 RADIUS INITCONFIG4928/6000 Vegas CrashBuffer5664/6000 URPF stats2536/3000 Rom Random Update
[code].....
I am troubleshooting memory leaks and buffers issues on my 1900 and had some doubts regarding the problems that my router causes.Intermitently during the day for no reason the gig0/0 interface connected to ISP stops responding from our management network (log shows that the interface goes down). The ISPs modem responds fine from my management network.The issue goes away by itself in 20 minutes, sometimes more or after a hard reboot.Sometimes a router would increment a throttle value to 1. When running for 4 days without a reboot, the router raised 39 throttles and 57 input drops. [code] The router is running Version 15.1(2)T4 and I was not able to find any caveats on cisco web page (although I havent used the bug finder tool)Is this only leak I found a reason to start worrying or I can disregard it and continue basic troubleshooting (change cable and plug my ISP to another port)
View 3 Replies View RelatedI have a ThinkPad running 2000PRO that I just installed a WPX54G Notebook Adapter. After installing and restarting the computer I get a window saying External exception E06D7363. Also, when I go into configure it says the adapter is inactive. When the computer first starts up the icon for the adapter is green then turns gray.
View 9 Replies View Relatedwe're evaulating the Cisco SM 4.2. After adding my ASA 5520 the Policies are discovered from the device except the RA VPN Policies.I tried to trigger the discovery process manually and i got this errormessage Please verify the device "IP address", "hostname", "domain name" and "port number" are correct, there is network connectivity between the CS Manager server and the device, and the device is configured to accept https connections, the device is running, and then retry this operation.which i don't understand because the other policies were retrieved just fine.
View 0 Replies View RelatedI have the following policy maps in on my 6509:
policy-map Customer
class QoS-voice
shape average 2000000
class class-default
fair-queue
When I apply it to an interface (int vlan1005)- I get:
Router (config-if)#service-policy output Customer
shape average command is not supported for this interface
Configuration failed!
This also happens with priority, bandwidth, etc. How can I configure QoS on this 6509 then?
sample config for ASA 8.4 L2L VPN using Policy NAT?We could have multiple VPN tunnels terminated on the central ASA and our customer's LAN subnets could be interfering.Basically I need to build something like this [URL]but the problem is that I have ASAs running 8.4
View 2 Replies View RelatedI tried to configure policy-map under Cisco Catalyst WS-C3560V2-24TS(c3560-ipservicesk9-mz.122-50.SE5.bin).
View 4 Replies View RelatedI set up a full mesh LAN-to-LAN VPN for a client with 4 sites. Each site has an ASA 5505 running 8.2(5). Site-to-site VoIP traffic runs in the VPN tunnels, as well as traffic to/from a file-server located at the main site. There are two back-up servers, one at the main site and one at a remote site. The main site has 2 bonded T1s and the other three sites have a single T1. How should I go about setting up my QoS?
My top requirement is that VoIP traffic will never be pushed out of the way for data traffic. My secondary consideration is to give more preference to file-server traffic than to web traffic and to make back-up traffic the least important. I'm currently researching to see if the VoIP provider is DSCP marking EF on the VoIP traffic, but I am going to assume they are for now. I know the IP of the file-server and back-up servers.
i am doind a policy NAT on the folowing scenarion.
acess-list policy_nat extended permit ip host 10.0.0.1 host 192.168.1.1
static (inside,outempresa) 170.66.53.1 access-list policy_nat
I understand that when host A 10.0.0.1 wants to connect to host B192.168.1.1 its going to be translated to 170.66.53.1 when host 192.168.1.1 wants to connect to10.0.0.1 the same entry will change the destination when the packet hits the asa from 170.66.53.1 to 10.0.0.1, is that correct ?
Why my 857 adv security don't have class-map and policy map command ? now i wanna use traffic shaping on this but when i use command class-map it doesn't have. [code]
View 3 Replies View RelatedHow can I configure police-based nat to allow ICMP-only traffic on asaos 8.4.1 or 8.3?On 8.3 it was very simple:global (outside) 1 interface ,access-list outside_nat_outbound extended permit icmp any any,nat (outside) 1 access-list outside_nat_outbound.
View 10 Replies View RelatedI have a L2L tunnel I need to convert from 8.2 to 8.6 and need to understand the static policy Nat conversion. I have single hosts that require a 1-1 nat to addresses given to be my the vendor that reside on my firewall. Other works i have /24s that I static nat my inside host to so that the vendor can access the host for support.Example. server 10.11.103.44(real server on my inside network)
5.5.98.0/24-Defined for local traffic via L2Ltunnel
object-group network Carebridge_Local
description Mckesson Local network list
network-object 5.5.98.0 255.255.255.0
[code]......
How would I accomplish the same in Ver. 8.6
How to migrate a following VPN (site-to-site) config from ASA 8.2 to ASA v8.3,ASA 8.2
View 4 Replies View RelatedI have a weird issue with a QOS policy that I have implemented. Details are below.
This is basically the policy I have created. It is running on a Cisco 877 router (running Advance IP Services 12.4). The internet connection is an Internode ADSL service.
class-map match-any VOIP
match access-group name VOICE-OUT
!
!
[Code]....
I am trying to convert QOS policy on 6500 CAT to IOS as below,
1-getting error when try to apply on interface.
2-How can I apply both into one plicy map because IOS convertor puts into two policy maps.
CAT
set qos policer aggregate Limit_WSUS rate 4000 policed-dscp erate 4000 drop burst 1000 eburst 1000set qos policer aggregate Limit_SCCM rate 4000 policed-dscp erate 4000 drop burst 1000 eburst 1000clear qos acl all
#WSUSset qos acl ip WSUS dscp 0 aggregate Limit_WSUS ip host 172.16.9.3 any
set qos acl ip WSUS dscp 0 aggregate Limit_SCCM ip host 172.16.10.5 any
[code]....
I am prepping new ASA 5525-X's for a client that has multiple S2S VPN's. On some of the VPN connections, I need to do a policy nat to translate some of their subnets to a single IP address before it goes over the S2S VPN. However, when I try to use a subnet, I keep getting the following error:
Subnet cannot be used as mapped source in dynamic nat policy.
This works fine on their old ASA's which are running 8.2 code. I figured out I can use a network range, but cannot go over 65535 (or whatever it is) addresses in that range. This is very annoying when they have multiple networks they want to allow over the S2S VPN. Is there anyway around this or am I stuck creating a network range for each subnet?
I have the following very simple policy configured on a Cisco 1841.
policy-map Shape-2Mb class class-default shape average 2000000 interface FastEthernet0/1[code]....
I'd just like some clarification on the best ways to monitor this. Looking at the 'sh policy-map int fa0/1' i get this:
FastEthernet0/1 Service-policy output: Shape-2Mb Class-map: class-default (match-any) [code]...
some of the sections don't make much sense to me. What is the output of that command.
I have devices on Inside interface of ASA that need to get to Internet to get ntp. Hence I want to set up dynamic pat (interface overload) which 8.3 style would be
-object network obj_NTP-DEV
-host 192.168.1.250
-nat (INSIDE,INTERNET) dynamic interface
But I need to limit nat to only Internet destined traffic on ntp port not all ports for traffic from 192.168.1.250.I'm not using this nat set up to control outbound access - I also have incoming RA VPN tunnels to the box and traffic from these sources need to be able to get to 192.168.1.250 and the above simple set up would break that access as all traffic involving 192.168.1.250 would get nat'd
Reading the doco I've sent myself round in a loops trying to figure how you are meant to do such a " Dynamic Policy NAT (overload)" call it what you will config in 8.3
