Cisco :: LMS 4.1 - Template Center Configuration Filter Based On User Input?

Nov 30, 2011

is it possible to create some Configuration Template that pushes configurations only to switches or interfaces with a certain actual existing configuration element- e.g. a certain interface description?
Example:Template Parameter Mask asks User for an Interface Description- the User enters e.g. "A101" Second Parameter asks User for an access vlan to deploy to this interfaces- e.g. " 10"
So during deployment LMS make a "switchport access vlan 10" only on interfaces that contain the description "A101".
I know this is possible via Compliance Check/Deploy, but we want to make this more User friendly and flexible so that e.g. a Helpdesk Member can use this Template to easily change the VLAN based on a interface description (which refers in this case to a CAT5 outlet label).

View 1 Replies


Cisco WAN :: 2911 Forward Packet Based On Input Interface

Mar 25, 2013

I have a 2911 router connected to two different ISP. Is it posible to route traffic based on what interface the traffic came first?Lets say I have the deault route to use interface gig0/0(ISP1),  but a certain ip packet reach the router by interface gig0/1(ISP2). Is there any way (if possible without using source NAT) that I could route traffic back to that ip address using interface gig0/1. The source Ip addresses are not fixed, so I can not use Policy Based Routing.

View 1 Replies View Related

Cisco WAN :: 2811 - Static Routes Need Some Input Policy Based Routing

Aug 13, 2011

I have 2 connections a single T1 for voip traffic only and a DSL line for data traffic.the dsl was migrated to a 2811 with out any issues now comes the time to move the T1 over.
on the T1 side I am able to ping the WAN router and the LAN router IP address but nothing behind it.

currently this is the only statment on the router:
ip route Dialer1
as a quick a dirty to remove the above i tried:
no ip route Dialer1
ip route Dialer1
but the DSL side dropped. we have a
for the T1 i would use the following statement.. we have a
ip route

View 12 Replies View Related

Cisco WAN :: ASR-1002 Base Configuration Template

Sep 13, 2012

I am working up a configuration template for an install I am doing in a couple weeks and wanted to take a look at the base config of an ASR1002. 

View 1 Replies View Related

Cisco Routers :: Configuration Template For SRP521W

Nov 3, 2010

Any recommendation for creating a configuration template for the SRP521W?  I can use the Admin-->Backup Config to get a xxx.cfg file, but I cannot edit it with notepad++. Also, i know the config can be view via view-source: [URL], but how would I load a modified copy of this back to the router?

View 8 Replies View Related

Cisco WAN :: VPC Configuration Template With Two Core 6509 Switch

Jan 3, 2013

What is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.

View 3 Replies View Related

Cisco :: LMS4.1 SNMPV3 Configuration Template Required

Apr 6, 2013

Who can give me a SNMPv3 configuration template.I tried many times has been a problem

View 5 Replies View Related

Cisco Firewall :: Does ASA 5512-X Have Category-based Web Filter Built-in

Jun 26, 2012

Does ASA 5512-X have a category-based webfilter build-in?

View 1 Replies View Related

Cisco Switching/Routing :: 7200 - QoS Input Policy Doesn't Classify ICMP Packet Based On DSCP

Dec 20, 2011

I have made some test and i noticed that qos input policy does not classify the icmp packet based on their dscp.The "match dscp ef" or "match precedence 5" is not working only the "match protocol icmp" shows hits.
We need to classify the different icmp packets based on dscp ( TOS ) for measurement purpose.CISCO 7200, 12.4.25d and 12.4.20T have a same behavior.

View 6 Replies View Related

Cisco :: ISRG2 2901 - How To Create Bulk Configuration Files From Template For Staging

Aug 17, 2011

We have created a sample configuration for ISRG2 2901 Router.  The sample configuration is long, and with copy/paste it is possible to skip some lines, and it is difficult to ensure the configuration of every device is standardized due to this error possibility. What we are trying to achieve is first create a template from this sample configuration file, and then create configuration files for each device seperately and automatically. After creating this configuration instances, we want to be able to distribute the configuration files (and possibly the ios) to the devices during the staging phase. Since there are about 1000 2901 routers, creating configuration files is important?
From searching we have found the following tools:
1) CCE (Cisco Configuration Engine): This tool seems to be very efficient for distributing the created configuration files. We may use the serial number of the device, and it provides almost zero touch provisioning of the configuration files to the devices. Creating the configuration file from the template seems to be manual, i.e enter the ip addresses of the interfaces, the routing tables one by one for each device. How can we use velocity template for device configs?

2) Ciscoworks LMS Prime: It is possible to create a baseline template for the devices, and after getting the backup configuration of the routers, it is possible to compare the actual configuration of the device with the baseline template, and understand if there is any difference with each other. This is indeed very useful in order to keep the configuration standardized, we again could not find a way to create bulk configuration files from the baseline template.

3)  Solarwinds Config Generator: This tool is useful for creating a configuration file from a template, but again not for automatically creating configuration files, and needs manual intervention.

4) Excel Macro: It seems that some people have achived to automatically create configuration files with using an excel macro, but we could not find a procedure or tip of how to achieving this.

5) Pearl or TCL/TK Script: Again since we are not software developers but from networking field, it is difficult to achieve a working form of this scripts or codes due to to lack of documentation and development experience.

View 1 Replies View Related

Cisco Routers :: RV082 Bypass Filter For One User?

Aug 1, 2011

I have been asked by a client to restrict access to a number of non work related sites. Easy, blocked them using Firewall> Content Filter. Then I was asked to disable this filter for one user (the Managing Director) so he can access eBay.
I am familiar with doing this on a Netgear device, but so far my efforts with the RV082 have failed.
First I have tried using DHCP to reserve an IP address for this user, then setting 'Access Rules' so that this IP has all access all the time, but this does not appear to work.
I assume setting this IP as the DMZ would achieve what I want but it seems like overkill and not very security wise.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Authorization Of User Based On MAC Address

Aug 23, 2012

A short background. Our corporate SSID is being migrated from using PEAPv0 to EAP-TLS. This restricts access only to company notebooks. Additionally we have barcode scanners which are used to inventory assets. Those devices are not able to use EAP-TLS as they cannot be integrated in the domain and being unable to do certificate based authentication.
As a workaround we planned to use another SSID with access to the same network but using PEAPv0 as authentication method, basically the same SSID but with a different name. As this naturally allows anyone to access the corporate network with a valid username/password I now wanted to add another step into the authentication process - the MAC of the device. I know I can do the filtering at the WLAN controller, but as it has a limited database as well as the fact that it is cumbersome to maintain the MAC list on all the controllers I thought I can do it over our ACS system.
I am now trying to accomplish the following: The user gets authenticated via the internal user store, which is succesful. Now I want to authorize the user via the MAC address, which is stored in the internal host store of the ACS, if access is granted or not.
For this I created the following policy:
Service Selection Policy -- (Rule based result selection)

-- (NDG:Device Type in All Device Types:Wireless And RADIUS-IETF:Called-Station-ID contains <SSID>) | Result: PEAP access

-- Default | Result: DenyAccess
Service PEAP access Identity: Internal Users -- (Single result selection) Authorization -- (Rule based result selection) -- Internal Hosts:HostIdentityGroup in All Groups:Valid_MACs
When I then try to access the wireless network I won't get authenticated. The error I get, when I look into the logs is: 15039 Selected Authorization Profile is DenyAccess
Is it not possible to use one identity store as "attribute database" for the other identity store?

View 5 Replies View Related

Cisco :: ACS 5.3 User-based / Custom Enable Passwords?

Mar 23, 2012

I've installed Cisco ACS 5.3. After I created several internal users (defined password and enabled password), Identiy Groups, Access Polices, Network Devices and AAA Clients (e.g. Cisco 1841) for Radius and configured my Router like this: 

aaa authentication login VTY group radius local-case
aaa authentication enable default group radius enable
Now I'm able to login successful using my internal User. But if I try to use enable to enter the enable level I'll receive the message "% Error in authentication." when I use the defined enable password.
In the ACS logging I'll can see that "$enab15$" is missing. If I setup a user name "$enab15" I can login to enable level, but what have I to do, to use the custom enable passwords?
Step 1.2 - 1.5 is requiered for both (Radius and Tacacs). Then you have to  switch to 2.1-2.7 for Radius or 3.1 - 3.7 for Tacacs authentication.

View 1 Replies View Related

Wireless :: Possible To Make User Based Setup For Each Room

Feb 26, 2011

I have 4 story hotel with 40 rooms, 10 rooms in each floor, i want to setup wifi network to cover all the rooms, what should i do or what instruments to use, is it possible to make user based setup for each room.

View 2 Replies View Related

Cisco Switching/Routing :: 6509 User / Role Based Commands

Sep 8, 2012

I  want to give limited access to our first level support so that they can execute certain basic commands like, port vlan change, access port shut/no-shut on Cisco 6509 and 3750E switches IOS based. I want to restrict them to only few options so they can not make changes to uplink (TenGig) ports and can not issue reload command etc. We do not have TACACS. What is the best way to achieve this?

View 2 Replies View Related

Cisco Switching/Routing :: User Based Bandwidth Limitation On 2950 Switch?

Feb 12, 2012

I have a cisco 2950 switch, connected with 4Mbps of internet and number of users will access the internet. There is no restraction on bandwidth limit for users, if any body use high download the remaining users are facing the slow browsing problems.
So, if i can put a bandwidth limitation for every users the problem will be solved. how to restract the bandwidth on user bases.

View 4 Replies View Related

Cisco Firewall :: ASA 5512 WCCP Configuration With Web Filter

Oct 31, 2012

I am currently trying to enable WCCP between a Cisco ASA 5512 firewall and Barraccuda Webfilter 410 Vx applicance. The ASA firewall is running IOS version 8.6(1)2 and the Barracuda is funning firemware Both the ASA and Barracuda are in the same network and can ping eachother. The ASA has several interfaces, outside, inside, data and dmz. The PCs and barracuda appliance are behind the data interface.  ASA data IP Barracuda IP   All PCs in the subnet use the ASA as the default gateway and should have web requests redirected to the Barracuda. 
Below are the respecive bits of my ASA config
interface GigabitEthernet0/0
description Management
speed 1000

I suspect my issue is that the ASA is generating a Router Identifier of which is my inside network and the barracuda cannot communicate with it.  how I can get this working ?

View 3 Replies View Related

Cisco Switching/Routing :: How To Perform UBRL User Based Rate Limiting On ASR1000

Mar 27, 2012

how to perform UBRL User Based Rate Limiting on ASR1000 like we can do it on Catalyst6500?

View 3 Replies View Related

Cisco Firewall :: ASA 5505 / Track How Much Time User Spends Using Service Based On Port Number

Apr 26, 2012

I want to be able to gather some time metrics based on source IP, and destination port.  Is it possiable to track how much time a user spends using a service based on it's port number.   I have figured out how to capture all the data, and I can then look at timestamps, but I would like a better way if possible.  Can this be done at the firewall, or do I need a different appliance?

View 1 Replies View Related

Cisco WAN :: 867VAE Web-based Configuration?

Nov 8, 2012

i am planning to buy 867vae router and i would like to ask you a few things the configuration is through cli only(because i am not familiar with cli) or it can be web based ? the basic configuration  for dsl and routing  are preconfigured or i have to do everything from scratchf? if someome has configured let say a draytek router, is it the same with this router or its a different world?

View 9 Replies View Related

Cisco WAN :: 6506 Configuration Of Policy Based Routing

Jul 18, 2011

I need to configure Policy Based Routing. There are two WAN Links from two Different ISP : Campus NW has one CORE switch - Cisco Catalyst 6506. [code]

View 3 Replies View Related

Cisco Wireless :: 1552 - Controller Based Mesh Configuration

Jun 26, 2012

I have to install a wireless mesh network shortly using Cisco 1552 APs.  This will be controller based using 5508 controllers.  The controllers currently have some 1262 APs configured in a mesh and bridging configuration so happy that it all basically works.  My question is - what is the "config mesh range' command doing on the controller ( or setting the Range(RootAP to MeshAP) setting on the controller mesh GUI.  The default setting is 12000feet and I have left it at default at present.  Just interested in what this is used for - I assume it alters the mesh protocol parameters somehow ( or the RF parameters perhaps ) as it suggests in the guide that mesh APs will reboot following this command being changed.

View 4 Replies View Related

Cisco Wireless :: Unable To Access Web-based Configuration Using Host Name (WAP4410N)

Oct 17, 2010

I recently bought and installed a WAP4410N access point (using PoE) and it's running stable. I was able to access the web-based configuration by using the IP address of the AP (something like, coming from the DHCP of my router). However, I'm unable to access the web-based configuration using the host name of the device (mentioned next to the device name in the basic setup section of the web-based configuration). I changed the host name several times, but I can't connect to the device using the host name. Accessing the device by its IP address works, but I have to check the logging of my router to find out which IP address I have to use. Is there a way to access the device using the host name?

(I think my WAP4410N has firmware version installed)

View 3 Replies View Related

Cisco Switching/Routing :: Catalyst 6506 Vlan-based Qos Configuration?

Feb 12, 2012

I was unable to configure vlan-based qos on Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1) Seems to me my configuration is not working. Here is the output of the interface:
sh int G1/6 | i rate
Queueing strategy: fifo
30 second input rate 25231000 bits/sec, 4282 packets/sec
30 second output rate 46940000 bits/sec, 9257 packets/sec
And here is my configuration:
interface Vlan3
ip address
service-policy input TEST_IN_PMAP
service-policy output TEST_OUT_PMAP


Why I can't see matches in ACLs? I've double checked the direction and seems to me it is correct. I can't see matches even I configure something like this:

10 permit ip host any 
20 permit ip any host

Why my output rate is higher than 30M? Is it bacause there is no matching traffic here in ACLs? I'm absolutely shure that this host with such ip connected to this interface:

#sh arp | i
Internet           0   feed.beef.f00d  ARPA   Vlan3
#sh mac address-table |  i feed.beef.f00d
*    3  feed.beef.f00d   dynamic  Yes          0   Gi1/6

View 9 Replies View Related

Linksys Wireless Router :: WRT310N / Accessing Configuration Web Based Setup Page

Apr 9, 2012

I have Verizon FIOS internet/wireless router and then a WRT310N wireless router connected to it thru Ethernet cable.  I want to disable DHCP in the Linksys, but when I try to access the set up page at address the Verizon router set up page shows up.  I've tried to connect the router directly to the computer, but it needs the internet connection from the Verizon router.  How do I get to the set up of the Linksys at the same time the Verizon is using the same address?

View 5 Replies View Related

3com - Can't See User Passwords In Configuration?

May 30, 2012

I typed such commands:Code:

View 3 Replies View Related

Cisco :: User Privilege Level For Configuration Backup With PI 1.2

Feb 15, 2013

We have more than 50 devices handling by PI 1.2 (testing) I like to know how to do configuration archiving with user who doesn't have write privilege.
I tried like this.
username john privilege 6 password cisco privilege exec level 6 show running-config
(result) show run --> blank
  I tried this user with one of switch in PI 1.2. It did not do configuration backup
username inout password inout username inout privilege 15 autocommand show running-config
(result) once logged in, it automatically showed running-config. However when I tried with PI 1.2 with this user (inout). I couldn't do configuration back.
reference [URL]
create certain user with read-only privilege while PI 1.2 is able to do configuration archiving ?

View 0 Replies View Related

Cisco VPN :: 5500-X Configuration Of ASA For SSL VPN Requiring User To Enter Both RSA

Feb 25, 2013

I have been searching but unfortunately not successful in finding appropriate documentation on how to configure the ASA such that a user using AnyConnect SSL VPN client is prompted for their username + AD credentials + RSA SecurID token (all three must be presented/entered by the user) in separate fields before the VPN tunnel is established. On latest version of AnyConnect (3.1) and ASA version 9.x on 5500-X.

View 1 Replies View Related

Cisco Switching/Routing :: 3750G-12S Policies Based Routing Configuration

Mar 4, 2012

I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.Currently set my default static route to my Firewall A Currently all of the VLAN for will be routed to
I've created a new VLAN 2 for my network with the VLAN interface 2 ip address, my intention is to route traffic to my by creating the access list and route-map.
I've configure my test pc with a static ip and my gateway pointing to (VLAN 2 gateway) , i'm not able to route to

View 7 Replies View Related

Cisco Firewall :: 1811 / Zone-Based Policy Firewall Configuration

May 16, 2011

I have two 1811's connected in a lab using a ipsec vpn tunnel (using a switch to simulate an internet connection between them).I am trying to configure one of the routers as a ZBPF just to allow a remote windows login (DC on the firewalled side, workstations on the other side).I'm trying to verify that the zbpf is working, but it doesn't seem to stop anything.  I had match icmp added to the class-map, but took it out to test if icmp would fail.  It didn't.  Basically, I don't think the firewall is working at all.  Any thoughts on how I can configure this so that the policies will work between zone-pairs?

Here's an quick drawing:

Here are the configurations:

 Local router:
 hostname sdc-1811-LocalLab
no aaa new-model
resource policy


View 11 Replies View Related

Cisco :: LMS 3.2 RME Compliance Template

Feb 3, 2013

Using LMS 3.2, I've started learning how to use the compliance there a regex to ignore case? For instance, if I have the line:

clock timezone est -5  in some configs, and
clock timezone EST -5  in others
is there a way to tell the template that upper case and lower case are acceptable matches?

View 1 Replies View Related

Add A Dos Based Computer To A Windows Based Network?

Jan 18, 2012

How do I...add a dos based computer to a network running windows 2003

View 1 Replies View Related

Cisco :: LMS 3.2 Compliance Template Syntax

Nov 2, 2011

I want to add the command "no logging event link-status" to all switchport mode access ports EXCEPT for the ones with the following switchport access vlans: 4022,4032,4042,4052,4072 & 4082. How do I create a compliance template to do this? LMS 3.2, RME 4.3.1

View 6 Replies View Related

Copyrights 2005-15, All rights reserved