1)is there any methods to let LMS 4.2 discover Cisco devices based on specific ip like Loopback address ? coz in my Cisco devices i have more than ip address configured?
View 4 RepliesI have an EA4500. I am trying to block a specific site based on keywords in the webpage address. how to get the EA4500 to block sites with based on keywords.
View 1 Replies View RelatedI use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
View 2 Replies View RelatedI've installed a Windows Server 2008 R2 Enterprise Edition with ADDS, DNS and DHCP server.Everything is configured correctly and running fine when I use an independent network.When I uninstall the DHCP on the server and connect it to my primary network with a Linux router (ClearOS) handling DHCP i get an error message on the client computer when trying to boot with PXE."PXE-E76: Bad or missing multicast discovery address".What do I need to do to make this work with my Linux router? Some port that has to be forwarded internally from the router to the WDS server?
View 5 Replies View RelatedOn my cisco IOS 12.4 router,Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.
View 6 Replies View RelatedWhat i am trying to achive is allow only specific mac addresses on switch and deny all others by using MAC ACE. What should i do? First deny any any and then permit or ?
View 1 Replies View RelatedA short background. Our corporate SSID is being migrated from using PEAPv0 to EAP-TLS. This restricts access only to company notebooks. Additionally we have barcode scanners which are used to inventory assets. Those devices are not able to use EAP-TLS as they cannot be integrated in the domain and being unable to do certificate based authentication.
As a workaround we planned to use another SSID with access to the same network but using PEAPv0 as authentication method, basically the same SSID but with a different name. As this naturally allows anyone to access the corporate network with a valid username/password I now wanted to add another step into the authentication process - the MAC of the device. I know I can do the filtering at the WLAN controller, but as it has a limited database as well as the fact that it is cumbersome to maintain the MAC list on all the controllers I thought I can do it over our ACS system.
I am now trying to accomplish the following: The user gets authenticated via the internal user store, which is succesful. Now I want to authorize the user via the MAC address, which is stored in the internal host store of the ACS, if access is granted or not.
For this I created the following policy:
Service Selection Policy -- (Rule based result selection)
-- (NDG:Device Type in All Device Types:Wireless And RADIUS-IETF:Called-Station-ID contains <SSID>) | Result: PEAP access
-- Default | Result: DenyAccess
Service PEAP access Identity: Internal Users -- (Single result selection) Authorization -- (Rule based result selection) -- Internal Hosts:HostIdentityGroup in All Groups:Valid_MACs
When I then try to access the wireless network I won't get authenticated. The error I get, when I look into the logs is: 15039 Selected Authorization Profile is DenyAccess
Is it not possible to use one identity store as "attribute database" for the other identity store?
Any solution for NAT only for a specific ip address or a range of ip addresses from the same subnet?
I've read that the router in gateway mode automatically makes the translation and in router mode does not. Starting from this, is there any way to nat from firewall access rules only.
using ACS 4.2 and I can't find a way to bind an incoming NAS port to a specifc IP Pool:
When a user connects the request to auth comes from 2 possible NAS ports randomly (this cannot change). Depending on which NAS makes the requests determines the IP range required, so I need 2 IP Pools. There is no way to say 'if request comes from NAS1 give IP from Pool1 and if request comes from NAS2 give IP from Pool2'
I have gone around and around with NAFs and NARs, but cannot do this.I can create 2 ACS groups with the specific NAS and specific IP pool within, but then I cannot have a single username bound to both groups.
I moved the auth to an AD group in the hope that I could bind that single AD group to the 2 ACS groups; and so have a single username, but no joy.
I have a network setup where two servers from inside need to communicate with a remote network via 2 VPN gateways. The destinations are same. However, the chalange is each server need to follow it's own VPN gateway. Since i can't configure PBR (policy based routing) in ASA, can i configure something like MAC Address based routing. I can't use destination based routing since the remote network are reachable from the both VPN Gateways.
View 1 Replies View RelatedI'm trying to get started on setting up my first Transparent ASA.I understand an ASA in Transparent Mode can now have an ip address with Bridge Groups or some such mechanism. I'm looking for examples of how to set that up and other information below. Is the ip address associated with the device or is it interface specific? Will I be able to SSH with that ip address setup? Can I use ASDM if the Transparent ASA has an ip address? This 5512X has an IPS. Any one who has setup an IPS on this platform knows it has some very particular requirments in order to communicate with the outside world. I need examples of how to do that with a Transparent ASA.How is NAT setup differently (if at all) on a Transparent ASA?Are ACLs done any differently?
View 3 Replies View RelatedI would like to allow PING on RV042 from WAN side only from specific IP address, but when I set the rule, RV042 does not respond on WAN side, because Block WAN Request is Enabled.BUT! When I disable "Block WAN Requests", now any IP can ping my router from WAN side. Although I set access rule to Deny Ping from WAN side to anyone, it still responds.
View 1 Replies View RelatedWe will shortly be installing a Cisco 3825 router, to be connected to the BTNet service, over fibre.We will be binding many public IP addresses to the router.
Is there a way of defining a specific bandwidth limit per IP address, or range?
Currently using WCCP with squid for content filtering. One of our sites we connect to needs to see the connection coming from our public IP address, not the proxy server IP. I've created a acl in squid for direct lookup, but the website gets angry with the X-Forwarder-Header squid attaches to each packet. Is there a way in a cisco ASA 5505 to bypass wccp for a specific public ip address or url?
View 4 Replies View RelatedHow does a firewall block or filter traffic on a specific port or IP address?
View 1 Replies View RelatedI want to block the sql port access of my server to all except few of my ip addresses while access list on Cisco Router IOS how do i do that.
View 3 Replies View RelatedI have a WAG160Nv2 and I want to block specific external ip addresses from trying to get at our server that uses the WAG160Nv2 as an internet gateway. It's not immediately obvious if this can be done from looking through the config pages.
View 4 Replies View RelatedI want to limit data consumed by one of my devices; how can I do that. I have set up wireless network using Belkin AC 1200 DB.
View 1 Replies View RelatedI just bought a Catalyst 2960S to test out the feature "Port-Based Address Allocation" which is required for our factory. I followed the instruction from Cisco IOS and did all the steps but I could not get it to work, my network client did not received the expected IP address that I configured.
View 8 Replies View RelatedI am thinking about purchesing this router. But I need know if this router has DHCP reservation function. If router can assign to specific MACs their own IP adress. I had WRT160N for a week, but my ISP change technology. WRT160N had this function, but I am reading here, that WAG160N not.
View 5 Replies View RelatedSwitch is a Nortel 5520
PC is Windows 7, with Intel 82579LM adapter
When PC was first attached to network, it could not ping gateway(switch). Turns out it was broadcasting for the gateway's MAC address, but never got a response. Tonnes of testing later, if I just change one number on the MAC address of the adapter, it receives a reply from the switch and can ping the gateway.
Why doesn't the native MAC address work?
Update: Just the vendor portion is the determining factor. As long as it starts with 2C-59-E5, it will not work. 2C-58-E5 will.
Update 2: Pinging anything in the same subnet works, just pinging the gateway interface of the switch doesn't happen. Tried on multiple drops, and there are other devices on those drops.
Does the 2960 switches with LAN-Lite support DHCP Server Port-Based Address Allocation?
View 1 Replies View RelatedASA 5520 running 8.0.4
ASDM v.6.1
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
I have a Router 2801 with the run conf :
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.63
ip dhcp excluded-address 192.168.1.192 192.168.1.254
!
[code]....
I want to assign a specific IP to a specifig host by MAC .. for example i want the ip 192.168.1.10 to be assign to the host "client1" by mac.I've been creating a new dhcp pool static:
!
ip dhcp pool static
host 192.168.1.10 255.255.255.0
hardware-address xxxx.xxxx.xxxx
client-name client1
!
but the "client1" is still taking other ip.
How do I...add a dos based computer to a network running windows 2003
View 1 Replies View RelatedI am having trouble getting 1142 LAP to find the controller. We are running an ASA 5505 at our main campus where the 5508 is located. Each Of our distribution centers have a PIX501 and from there about 3-5 AP's each. The AP's that were primmed before instalation work great, however we need the ability to get the other ones that were already installed and not finding controller to work with out cycling them through main campus. I have opened up UDP ports 12222-12223 and 5246-5246 with no luck.
View 1 Replies View Relatedwe're evaulating the Cisco SM 4.2. After adding my ASA 5520 the Policies are discovered from the device except the RA VPN Policies.I tried to trigger the discovery process manually and i got this errormessage Please verify the device "IP address", "hostname", "domain name" and "port number" are correct, there is network connectivity between the CS Manager server and the device, and the device is configured to accept https connections, the device is running, and then retry this operation.which i don't understand because the other policies were retrieved just fine.
View 0 Replies View RelatedI have a problem discovering some ASA firewalls on a network. I have several ASA firewalls on this /24 network, but some of them I can't discover e.g 149.x.x.107 is discovered ok, but 149.x.x.20 I can't discover. It seems that it's not even trying to discover the devices I have problems with. Nothing is shown in the discovery log.
View 11 Replies View RelatedLMS 4.2, W2K8 R2.I was having an issue with discovery adding devices to with corrupt information (seemingly random strings of characters in several fields). While I was trying to clean this up a scheduled discovery kicked off and further exacerbated the issues I was having. Frustrated, I deleted all entries from the discovery schedule until I could get things cleaned up.
Now I want to go back and troubleshoot the discovery process. Trouble is, I can't get discovery to do anything anymore. I disabled all modules but CDP. I added a single seed IP address under the CDP configuration. This is the address of a 3560V2 switch that is not in DCR. When I started discovery it completed in about 2 seconds and didn't discover anything, including the seed device. So I added another 3560V2 as a seed device under global settings. Same results. Thinking that it had been working using scheduled discovery, I set up a schedule and kicked it off that way. Same results. Finally I added one of these seed devices to DCR and let LMS fully learn about it. Ran another discovery. Still no joy.
I started an SNMP debug on the seed devices before starting discovery. I see the SNMP get coming from LMS, the switches respond and the discovery completes with 0 devices discovered.CS Discovery.log contains no meaningful information. Only messages about "No appenders could be found for logger".
my customer is using Cisco Prime 4.1 as an Upgrade from LMS 4.0 and has made a discovery of a new added Cat 4506E with a Sup 7E and Modules.All the devices have been discovered, excepted the module WS-X4712-SFP+E.Is this card not supported yet ?I could not find any detailled and actual information about the support or not of this module, or about the conditions for the Module support it in Prime 4.1..How ist it possible to proceed to having this module discovered ?
View 1 Replies View RelatedWe have just installed LMS 4.0.1 and started to discover parts of the network. After the discovery process finished successfully - 100+ new devices were added to DCR message - I was able to see the devices by clicking on their number but when I go to Inventory-Add/Import/Manage Devices I cannot see any device in the Group that I created.If I restart the CiscoWorks Daemon Manager process the newly discovered devices are added to the custom Group. This seems like a bug as I had a LMS 4.0 evaluation installation a few months ago and device discovery was working fine meaning the devices were added immediately to the Inventory.
View 4 Replies View Relatedi am installing a CWLMS 4.0 and everything was good until i have reached the discovery for the devices, i am dealing with a bank setup and the branches is connected using layer 3 MPLS, branches are located behind the ISP router, so as a cdp neighbor i cant see anything but the ISP router at my Core.
so i cant see the branches routers as neighbors to my (seed Device) Core, and i have tried to use the ping sweep and i could not reach them also. and also to add them manually as we were doing before in the earlier versions of CWLMS, using the Devices and Credintials, this option is removed from the LMS 4.0 as i have red in a document.
1- snmp is configured on all devices.
2- access-list is configured on all devices.
3- i am able to reach the LAN Devices without any problems and the configuration is the same on all of the devices.