Using LMS 3.2, I've started learning how to use the compliance templates.is there a regex to ignore case? For instance, if I have the line:
clock timezone est -5 in some configs, and
clock timezone EST -5 in others
is there a way to tell the template that upper case and lower case are acceptable matches?
I want to add the command "no logging event link-status" to all switchport mode access ports EXCEPT for the ones with the following switchport access vlans: 4022,4032,4042,4052,4072 & 4082. How do I create a compliance template to do this? LMS 3.2, RME 4.3.1
View 6 Replies View RelatedI am trying to create a very basic template in compliance manager that checks for interfaces that aren't members of specific VLANs. VLAN 10 being one of them. I want to match interfaces assigned to VLAN 20. According to the documentation I have read, the following range statement should work because 10 falls between 3 and 19:
Submode: interface [#.*Ethernet.*#]
- switchport access vlan [#[3-19]#]
With the preceeding statement, however, interfaces assigned to both VLAN 10 and VLAN 20 are matching the rule. With this specific rule (not a range), only interfaces w/VLAN 20 are processed by the template, which is expected. We actually have numerous VLANs that we want to exclude/include. I only mentioned VLANs 10 and 20 for brevity.
I am installing a new 5520 with IPS for a client, and they were asking about the PCI compliance of the SSL(WebVPN) being self signed. I am not sure what document to find this information from under the PCI DSS. There was also mention about dual authentication being needed, but without seeing the actual requirements, I am just guessing at it.
What is required for making SSL PCI compliant.
During our recent VA we were told that the below vulnerabilities are exist in the ACS SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability on port 443
SSL Weak Cipher Suites Supported on port 2030
SSL Medium Strength Cipher Suites Supported on port 2030
working with a trial version of Cisco Prime 1.2. I am looking for a Configuration Compliance tool. I used it in Cisco Works LMS - but I dont see a way to do the same thing with Cisco Prime.
View 1 Replies View RelatedI'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?
View 1 Replies View RelatedI have a customer asking if Cisco supporst CISPR11 - Class B. All Cisco switches appear to support CISPR11 - Class A only. What is the difference? Is Class B supported?
View 0 Replies View RelatedWe use SecurityMetrics as our vendor for PCI compliance scanning. Of all our servers, only the video server fails their scan, and this is their result: "This scan is inconclusive. Though your server had open ports, we were unable to connect to any of them successfully. There is a high probability that some type of firewall or scan-detection software is blocking us from accurately scanning your server. Please configure any firewall or software that would interfere with our scans to allow all traffic from SecurityMetrics" Our streaming video server is our only public-facing server that has port tcp/udp 1755 open (for the mms protocol). All our other servers behind this firewall pass the test, but they only have standard email and http ports open. I am assuming that their scan of port 1755 triggers some sort of threat detection on the ASA. (I have "Basic Threat Detection" enabled only.)
View 1 Replies View Relatedi am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration
View 1 Replies View Relatedhow to check compliance for only one access list in cisco works.
Example:
I want to run a compliance template that only check access-list 13 to make sure it has the following and nothing else:
access-list 13 permit 1.1.1.1
access-list 13 permit 10.1.0.0 0.0.0.127
If something else is listed, then I'll deploy the template and it will remove any other entry besided the two above.
I have tried a Global config compliance on + access-list 13 permit 1.1.1.1 and it comes back and says it's not compliant and wants to remove everything else, which is every other access list. I have tried submodes thinking that it could check under ip access-list standard 13, but that didn't work either.
confirm whether the Catalyst 3550 with IOS Rel. 12.2(44)SE is compliant with POE IEEE 802.3af? I see some conflicting informaiton on Cisco's web site. Before Release 12.1(22)EA2, Catalyst 3550 PoE-capable switches (without intelligent power management support) caused high-power powered devices that supported intelligent power management to operate in low-power mode. Devices in low-power mode are not fully functional.
IEEE 802.3af—The major features of this standard are powered-device discovery, power administration, disconnect detection, and optional powered-device power classification. For more information, see the standard.
I'm trying to turn off SSH version 1 & 2 to pass PCI compliance. Problem is, I cannot touch the VPN link between the two offices. I'm afraid the PKI certificate used for the VPN will be deleted if i zeroize the RSA key which seems to be the only way to stop the router responding on port 22.
Here is the stuff from the running config related to the crypto map:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[ code].....
I'm only CCNA so I'm not even sure if the certificate or RSA key is being used for the VPN link, but I can't tell from the running config that zeroizing it would be a good idea and not break the VPN. I'm open to other ways of disabling SSH, as we are able to just connect using a console cable. But it looks like denying port 22 with an access-list doesn't even stop the router from responding to the port.
I'm keep failing my pci compliance test I have a wrvs4400n and I keep getting "firewall udp packet source port 53 ruleset bypass" i've blocked port 53 but keep getting rejected. How to set the router?
View 1 Replies View RelatedIs the Aironet 1400 bridge FIPS 140-2 compliance? Based on the Release 12.3(8)JA, the Cisco IOS software release 12.3(8)JA is undergoing FIPS 140-2 Level 2 validation. Does it mean it is FIPS 140-2 compliance with this software level to run on Aironet 1400 bridges? [URL]
View 1 Replies View RelatedI am trying to get our internal network PCI compliant and when I run a network scan from securitymetrics.com I receive the following message about our RV082 router.
Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also :[URL]: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0
I have been googling many different search terms for ssl ciphers, rv082, and pci compliance but didn't see any solutions to this. Any experience with ssl ciphers and how to use more secure ciphers? I just performed a firmware upgrade to 1.3.98-tm in hopes that it would fix this issue.
Have upgraded WCS to 7.0 due to a Mesh network feature we needed, but now see I can no longer edit the AP migration templates. The interface allows me to create or delete them but the command dropdown box does not show an Edit option. So now for every AP I want to migrate I need to create a new template before I can select the AP's and migrate them. I still need to migrate about 220 APs....
Looking though the function it tells me to click on the Migration Template name. However neither in MS IE nor Firefox this works, there is no link activated.
I am working up a configuration template for an install I am doing in a couple weeks and wanted to take a look at the base config of an ASR1002.
View 1 Replies View RelatedAny recommendation for creating a configuration template for the SRP521W? I can use the Admin-->Backup Config to get a xxx.cfg file, but I cannot edit it with notepad++. Also, i know the config can be view via view-source: [URL], but how would I load a modified copy of this back to the router?
View 8 Replies View RelatedMe and some friends of mine talking about making a small website for us to share our photos together and be able to add comments under each photo, for example or even better with a simple forum. I have a bit experience making website, but we prefer to use web templates / packages for that also we would be able to add comments( built-in Code, no external links for those codes be needed). We prefer to have our website sure we know there are thousands of free photo-sharing websites out there.
View 2 Replies View RelatedAsking about Packet Tracer. I currently use packet tracer 5.3.2.Can you give me any link where to download router template on packet tracer? I want to explore cisco 2821 but packet tracer 5.3.2 has an existing of cisco 2811 only then, I tried to add the 4 ports of RJ11 but I cannot see the 4 port telphone.
View 4 Replies View RelatedI get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
View 6 Replies View RelatedI am trying to apply WLAN template from NCS to two WLCs 5508 and I receive this message."Another WLAN with same SSID and either WPA1/ WPA2/ WPA1+WPA2 is enabled. Please change the Layer 2 security policy."The template has layer 2 security with WPA+WPA2 enable and 802.1x.I have other WLAN template with other name and other SSID with the same security policies with no problem to apply.
View 2 Replies View RelatedWhat is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.
View 3 Replies View RelatedWho can give me a SNMPv3 configuration template.I tried many times has been a problem
View 5 Replies View RelatedLMS 3.2.1, what is the correct baseline template syntax to accomplish the requirement 2:
Requirement 1
• Check if the router is running H323: You can do it looking for the command “h323-gateway voip interface”. If that command is found on a router then it is an H323 voice gateway
• Configure the global command: voice class h323 1
[Code]...
The business i work for uses a "Do it myself" template for their website. (this is through their webhosting company). I can not add FTP to this website, we have to completely redo it with code and whatnot in order to have access to FTP. We would like users to download a template from our website (no problem) and then send us their artwork files back to us. These can be upwards of 150mb. Is there another option that i am not aware of to do this? Can't use email, has a limit of 25mb.
View 6 Replies View RelatedAccording to cisco manual in order to change SDM template i need to reboot switch, but when i have C3750-X stack do i need to reboot stack or maybe will be enough reboot in sequence the stack members?
View 3 Replies View RelatedI attempted to assign a User Roles template to a## 2504 controller and if failed with message stating controller version not supported. My current WCS version is 7.0172, if I upgrade to the lastest version will that resolve the template issue?
View 4 Replies View RelatedNetwork Resources - Network Devices and AAA Clients- File Operations - Add - gives me File Format Validation Faliled. I am carefull to leave the header as it is. The header in the Import Template looks faulty, see attached. When exporting devices I also get the same header as attached. I also tried to change the header so its all in one column, but with same result.
View 1 Replies View Relatedis it possible to create some Configuration Template that pushes configurations only to switches or interfaces with a certain actual existing configuration element- e.g. a certain interface description?
Example:Template Parameter Mask asks User for an Interface Description- the User enters e.g. "A101" Second Parameter asks User for an access vlan to deploy to this interfaces- e.g. " 10"
So during deployment LMS make a "switchport access vlan 10" only on interfaces that contain the description "A101".
I know this is possible via Compliance Check/Deploy, but we want to make this more User friendly and flexible so that e.g. a Helpdesk Member can use this Template to easily change the VLAN based on a interface description (which refers in this case to a CAT5 outlet label).
We are trying to get the waep template (default no changes) from the Cisco WebAuth bundle to work on a 5508 controller.
We've setup the controller to use the custom login.tar that comes with the waep template folder in the bundle. We setup the WLAN to work off the global template and we used the config network web-auth secureweb disable command to allow only http rather than https (which is supposed to work in 7.2 code)
When we test with the custom bundle, we get no answer from the controller, just a url of [URL]
If we turn custom off, and use internal everything works...
Just to be clear.. we aren't looking for authentication (user and pass) we are trying to do the enter your email and click accept to the aup method.
Make a netflow template to get information about http code errors in a nexus 7010?
View 3 Replies View Related
