Cisco :: LMS 2.6 Commands On Router But Not In Baseline
Oct 15, 2012
I have created a baseline template to run compliancy checks, I understand that lines beginning with a + are mandatory and lines begining with a - should not be on the router. What I need to know is, is there a catch all for any other commands on the router config (startup or running) but not mentioned in the baseline? For example, lets say this is my baseline:
+ service timestamps debug datetime msec
+ service timestamps log datetime msec
+ service password-encryption
+ hostname [hostname]
The router comes back as compliant as it has all the above lines. However there is obviously more config on the router, but this doesn't show? So I know I can get commands that are in the baseline but not on the router; but what about the other way round - on the router but not on the baseline? Surely this exists - at the least from a security point of view, an attacker could well have configured the Dot11Radio int, however without entering the command with the minus prefix I can't tell? LMS 2.6
View 4 Replies
ADVERTISEMENT
Mar 8, 2011
I've to connect 2 building with fiber, for this I use 2 HP baseline switches.How do I have to configure the 2 switches so that i can have PC connected to switch 2 able to "talk" with the server connected to switch 1 ?
View 9 Replies
View Related
Oct 13, 2011
LMS 3.2.1, what is the correct baseline template syntax to accomplish the requirement 2:
Requirement 1
• Check if the router is running H323: You can do it looking for the command “h323-gateway voip interface”. If that command is found on a router then it is an H323 voice gateway
• Configure the global command: voice class h323 1
[Code]...
View 1 Replies
View Related
Jun 12, 2012
We need to implement VLANs on my company's network. I have 3750 L3 swtich, ive setup 3 vlans for testing. ive setup SVI everything.now how do I connect it to 3com that will also use VLANs. should I set trunk port of cisco and 3com? or no need?
View 2 Replies
View Related
Jun 6, 2012
Are the IOS commands the same on a router and a ASA for these two topics....CBT Nuggets where I train has 553 videos for some of the new topics. I am preparing for 554 as it has more ASA focus and thats more interesting to me.
View 1 Replies
View Related
Jan 13, 2013
I have just received a new cisco 2901 and started on its configuration. when I started configuring VPN tunnels, I saw that non of the crypto commands are available.
The router runs on iOS 15.1.From what I read, people refer that the router needs to past a license activation or something like that. When I run show verison - i do see "none" under most of the categories.
View 6 Replies
View Related
Jun 16, 2012
I have an old 2621xm router in CCIE lab at home. Only a week ago I started having issue on 2 of them. The problem is on one of them when I go under interface configuration and I type "no shut" nothing happens. Interface stays in administratively down status and when I check running config "shutdown" is still under interface.
On the other one the same problem but only with "router rip" command. I configure my rip routing but then when I check running config there is no rip section and also RIP is not running under "show ip protocols rip".These routers are connected to 2511 AccesServer. So I thought the issue might be communication from AccessServer to these devices. I connected a console cable straight to them and still the same problem. Everything else is working on these devices.
View 10 Replies
View Related
Jun 11, 2013
There are no commands like route-map & ip sla monitor on my cisco 1841 router, its ios version is 12.4(T1). I have to configure load balancing and failover on this router but without these commands i cant do that.
View 3 Replies
View Related
Jan 9, 2011
I was attempting to setup our 7204 Cisco router to use RADIUS for authentication via the AAA commands. I must have messed up when configuring it as it comes up via TELNET asking for a username and password but doesn't take my AD credentials. How might I login to this router to fix the config? Do I need to do a password recover process?
One note, I didn't save the running-config to startup-config, so if I restart the router will it load the startup-config, thus overwriting the running-config that wasn't working?
View 2 Replies
View Related
Mar 24, 2013
When i enter configuration mode for ATM any DSL commands are not recognized. Believe i have the right IOS.
.ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"Last reload type: Normal Reloadversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!no aaa new-model!
[Code] .......
View 2 Replies
View Related
Jan 19, 2012
I want to configure a bsc network with a cisco 2901 router, but bstun commands are not enabled. I've already found a lot of tutorial about "How to configure bstun network" but none about how to enable it.
"show bstun", "show bsc", "bstun peer-name", etc. return "% Invalid input detected at '^' marker."
Here my "show version" :
Router#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M2, RE)
Technical Support: [URL]
Copyright (c) 1986-2011 by Cisco Systems, Inc.
[Code].....
View 4 Replies
View Related
Apr 10, 2012
I am using DHCP/TFTP to autoconfigure a 3945 router. The router properly obtains an IP address and finds the correct TFTP server. The issue lies in the download of the configuration file from the TFTP server. The router downloads the file, gives the "Ok" message, and prompts you to press Return to get started. When I view the running-config, several commands are missing from the Serial 0/0/0 section (HWIC-2T). If I modify the config file on the TFTP server to use Serial 0/0/1 instead and repeat the process, the configuration file loads without any issues and Serial 0/0/1 has all of the commands.
I also tried moving syntax around in my config file, but the end result is still the same. If I use Serial0/0/0 - I don't get all of the commands. If I use Serial 0/0/1, I do.
View 1 Replies
View Related
Nov 29, 2010
I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.
View 14 Replies
View Related
Apr 14, 2013
In studying and testing SSL VPN on an ASA I have the network as shown in the attached diagram. The configuration is based on an ASA with 8.3 but our ASA is 8.2 and at this time I'm not familiar with the new NAT configuration and commands in 8.3 or later and how to translate the 'nat (inside,outside) source static' for me to an 8.2 version.
View 3 Replies
View Related
Jul 13, 2011
I try to get a ASA with the new software 8.4.2 running. On an old pix we had the nat command: static (inside,outside) tcp interface www 192.168.15.252 www netmask 255.255.255.255 0 0,In all the new documents about 8.4.2 I can find that it should work with something like:
object network web_host nat (inside,outside) static interface service tcp www www
I want to forward http traffic from the outside interface to this host. In the log I just get entries about blocking ACL - but both is allowed on the outside access-list - traffic to the inside IP and also to the outside interface IP.
I also tried it with "Public Server" - but when I try to use the Interface address I just get the message: Address x.x.x.x overlaps with outside interface address.
Is it still possible to do port forwarding on the outside interface?
View 5 Replies
View Related
Feb 4, 2011
I have two nic one connected with DSL modem with gateway 192.168.1.1 for Internet. another nic connected with office Intranet with gateway 10.226.122.x . I can connect only one network at a time disabling other.. I know route add command can be used for linking the both network so I can simultaneously use Internet and Intranet..can you elaborate with example (five years ago I set up the same with route add command.. now my memory failing..)
View 1 Replies
View Related
Nov 12, 2012
Any link to the commands in the Roman asa 55xx ? Did not find on Cisco's documents.
My small ASA 5505 crashed and comes up in Roman. Like to try get SW and Config back if possible.
View 4 Replies
View Related
Nov 6, 2012
I have a Cisco 3925 router running IOS 15.2 I am trying to configure IP SLA on it. The configuration is supposed to be what is pasted below. but the CLI is rejecting the commands.Its taking oly the "ip sla responder" command after that if I enter "ip sla 1083180034" command it says invalid input. [code]
View 5 Replies
View Related
Mar 14, 2012
I have configured the TACACS in my network and I have configured the aaa authorization commands 15 default if-authenticated group tacacs+ in Cisco 6504 Switch. Its allowing me to Login by Unable to run the Sh run commands ,i am getting Aithorization error emssage. If i am checking sh Privillage its showing level 15. Same configuration fine in other device with out issue.
View 2 Replies
View Related
May 9, 2011
Have a conceptual question bout CLI command authorization. We have ASC 5.2 up and running, providing AAA services for network devices. Now I need to make profiles for users in certain group to restrict dem CLI "rights" to show, clear counters and show running-config commands. I need to accomplish dis task.I should clrete separate privillege levele profile (let it be 2), specify commands at this level, assign Group this Authorization Prifile and make some additional changes in my devices.
View 26 Replies
View Related
Sep 25, 2012
I am looking to configure PBR in Nexus. The current setup in IOS is :
interface Vlan10
ip address 172.27.206.1 255.255.255.0
ip address 172.27.208.1 255.255.254.0 secondary
ip policy route-map Vlan_10_to_Corp
route-map Vlan_10_to_Corp permit 10match ip address Vlan_10_to_Corp
set ip next-hop 172.27.209.250!route-map Vlan_305_to_EFH permit 30
[code]....
But, Nexus PBR will not work with deny statements init. Now, what options do I have ?
View 2 Replies
View Related
Jan 22, 2012
we've got a pair of old 3745's that are getting upgraded to new 2911's, and I'm trying to run IOS 15.2 on the new routers to get them most current before going into test and production use.The routers are doing BGP, IPv4, and HSRP, and I'm trying to put one in at a time as to not have to big bang everything at once. I'm putting the one that matters least in first, and basically using the same config as the old one, which was running IOS 11.
I was using "no ip mroute-cache" on ethernet interfaces, and it says that command is deprecated and I should use the MFIB commands instead. Darn if I know what that means, I believe it was set up so the ethernet interfaces had IP multicast fast switching disabled, which was set up by our vendor 10 years ago so I'm not sure if it matters. It would seem logical to me this would have an impact on HSRP and speed of failover. Does this matter, and if so how in the world do I do this with IOS 15.2?The second one is the use of "no fair-queue" on our serial connection for a T1. This command isn't there either, and I'm not sure if I even need to bother on this. It was set up on the old router on a T1 Frame Relay circuit.
View 2 Replies
View Related
Jan 20, 2013
I need enable WPS function on WAP4410N. This is possible with CLI command #set wps enable. But how I can connect to WAP4410N with CLI?
View 1 Replies
View Related
Oct 19, 2011
I have just received 4 static ip's from my isp, i want to be able to point these ip's at different services on my internal servers, for example: [code]. The firewall I have is Cisco PIX 515, how to set the NATing up or commands?
View 1 Replies
View Related
May 22, 2012
today I received a Cisco Router 881G with PCEX-3G-HSPA-G for a customer that ordered a Router with the feature to send/receive SMS and to remotely active the 3G Internet connection through SMS. I believe that the router that meets this requirement is the Router 881G that I received today. In particular, the model is:
CISCO881G-K9
Now, I installed the router and configured the 3G link that is working properly BUT all the commands related to the SMS are completely missing. In particular, I miss the command:
cellular gsm sms send
gsm sms archive path
In the following documentation I see that these commands should be available: [URL]The fact that these commands are missing sounds very strange to me since the documentation is pretty clear. Do I need to activate any license? I also upgraded tha router to the last version...
Here it is the show version of the Router:
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(3)T, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sat 24-Mar-12 00:00 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
[code]....
View 3 Replies
View Related
Mar 16, 2011
How do I get a list of ALL IP addresses on a network using the DOS command prompt?
View 6 Replies
View Related
Aug 30, 2012
I am having issues recieving UDP response from my smart lighting control, i can here it in the same town but not from overseas..internal ip address 192.168.0.3 port 6000 it hears my commands from overseas i just cant here its response.
View 3 Replies
View Related
Jan 3, 2012
In case I view the crashinfo file with more crashinfo:data, there is a "Log buffer:" section, which has logged all the commands executed by users.
View 4 Replies
View Related
Jan 31, 2013
We are replacing two 3750E switches with 4500X using cat4500e-universalk9.SPA.03.03.02.SG.15111.GS2
1. is there a command reference available for this ios - can't seem to find out
2. Im using GLC-T gbics and we normally would set the speed to either 100 or 1000 now that option does not seem to be available.
3. when I entered username etc. I got a message " CLI deprecated soon".
View 1 Replies
View Related
Jan 5, 2012
To test the VPN performance of ASA 5540, I will have to build at least 1000 VPN tunnels. It is time-consuming works if I put all of commands line by line manually. It looked like a bundle of VPN tunnels won't be created by ASDM. I am wonder if there is any generator tool for this. I just tried to google it. I found a software is named as VPN Configure Generator, but it is not free.
View 6 Replies
View Related
May 21, 2012
I have cisco 2911 with IOS-universalK9 mz.SPA.150.1.T, but that does not accept the ip sla monitor commands XX, XX or rtr ip sla XX. How active these commands in IOS or what you belong to?
View 1 Replies
View Related
Feb 8, 2012
I do not have the option to run sh mls qos commands. I am trying to look at the cos-map on my 7200 router. The code I am running is c7200-p-mz.122- 25.s9.bin.I also do not see the mls qos command listed globally and it is not an available command in config t mode.
View 1 Replies
View Related
Jul 30, 2012
SSH commands not available in IOS cat4500e-universalk9.SPA.03.02.00.XO.150-2.XO.bin I just recently upgraded to universal k9 as the k9 versions usually include the crypto, shh commands however I still do not have access to these commands, is there anything I must to to enable these?
View 2 Replies
View Related
