it seems that users with active device authorization - e.g. permitting only a certain user defined group - can anyway view all devices or views?Is it possible to apply the same view rule from user management, so that these users can only view certain devices or topologies?
View 5 RepliesOn a LMS 4.0.1 :I want to know what is the right way to change the telnet program on the campus mgr map (topology services map), when right-clicking a device icon and selecting telnet.I would like to use a tool of mine, and not to launch a telnet command from the IE browser.I changed the default telnet of Windows in the registry, but the program is still launched as a telnet URL in the browser and this is not what I would like to do.
View 2 Replies View RelatedI installed LMS 4.0.1 and every module works from the local server. Http login from a remote system, topology services does not start, complains about java version. I followed the link to install the java version, it then complains about some Ansiserver stuff.
the client os is win7 64 bits, eplorer version is 7.
When i try to launch topology services in LMS 4.0 i get prompted to install a java plugin. When i install this it tells me to restart the browser but nothing is changed, it asks me if i want to install the java plugin again.
View 7 Replies View RelatedCan LMS 4.0 display event directly on Topology Services when error occurs without accessing the other module by clicking right mouse on device? Anyway, I configured the logging command on all device but I cant see any syslogs on Event Monitor > Syslog. It dislays "No Syslogs are available" message.
View 1 Replies View RelatedI noticed that I cannot remotely check the Topology Services in Ciscoworks LMS 3.2. I have attached a screenshot of the error for reference. When I access Topology Services on the server itself, everything works well.
View 5 Replies View Relatedim trying to figure out the right way of configuring cdp on devices so that they dont show the links as etherchannels segments linked together, i have several port-channels in the network and the layer 2 view seems all messy.
View 1 Replies View RelatedI am using ISE 1.1.1.268 and WLC 7.2.111.3 and NAC agent version 4.9.1.6 on Windows 7 Client machines.
About once a day i get the error "ISE Alarm (WARNING): Dynamic Authorization Failed for Device".
The device it is referring to is my NAD, a WLC 5508 running 7.2.111.3
I have looked at the logs and I cannot see anything in the logs which corresponds to this message so that I can troubleshoot further. Maybe I can if I am enabling the correct logging level on the correct ISE component.
What are the components and the logging level that I should set to get some more detail about this error?
At the moment, I have only set debug logging on Active Directory. I have TRACE logging set on Posture, Run time AAA & prrt-JNI.
I do not want to enable too much debug logs, so what is the specific element that I should be debugging.
I thought debugging the posture element would be enough but when I look at the logs there is nothing there that relates to this message.
I use the Edit Identity option to change the "Display Name" from an IP to a station name, it is overwritten when a discovery has been done. I have checked the discovery settings and tried using the update DCR Display name setting to prevent this from happening, but it makes no difference.Is there something i am missing? This is on LMS 3.2?
View 2 Replies View RelatedI have a issue where after configuring aaa and rebooting, logging into the console port seems to be auto trying something before it finally times out and let's the user try. I getting the following sequence: [code] I need aaa to work via vty, however I need the device to boot directly to the Username: prompt so I can continue to use my VB script to clear the config when the devices are return from the field.
View 4 Replies View RelatedI would like to find out if security plus license ASA-5505-sec-pl be applied to ASA5505-K8. I think the strength of encryption should not be determining whether additional feature can be applied or not, but I need to confirm with you people..
View 1 Replies View Relatedcrypto map mapName 20 match address NAME_20_cryptomapcrypto map mapName 20 set peer IPADDRcrypto map mapName 20 set transform-set ESP-3DES-SHAcrypto map mapName interface IFNAMEcrypto isakmp identity addresscrypto isakmp enable IFNAMEcrypto isakmp policy 10authentication pre-shareencryption 3deshash md5group 2lifetime 86400crypto isakmp policy 30authentication pre-shareencryption 3deshash shagroup 2lifetime 86400crypto isakmp policy 50authentication pre-shareencryption aeshash shagroup 2lifetime 28800(code)
I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used. And then traffic matches "NAME_20_cryptomap" isakmp policy 10 are used. How do i link the crypto map with the specefic isakmp policy?
I encountered this problem with cisco 870 atm interface. I applied service-policy output, its being accepted but when you do a show run interface, it's not there.
View 5 Replies View RelatedI get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
View 6 Replies View RelatedI have a cisco 887 connected as temp measure to a 3g device via a fast0 port. all works fine. VPN comes up...but the moment i apply the crypto map to the vlan.. DHCP stops allocating ip address. I have remove irrelevant config ( dialer, atm etc as they not been used)
config below
p dhcp excluded-address 10.29.80.253 10.29.80.254
ip dhcp excluded-address 10.29.80.1 10.29.80.229
!
[Code]......
I have a cisco ISE 3355 and WLC 5508 and microsoft Active Directory 2008. I joind the ISE to the ADe successfully and I can see all groups on the AD, also I integrated the ISE with the WLC. my problem is when I created the Authentication policy on the ISE and joined to the AP by the PC nothing applied to the PC.
WLC version 7.4
ISE version 1.1.1.268
my client insisting to set a dscp value of 56 (= CS7 , the highest priority) for their video packet without any bandwith restriction in the input of fast ethernet port and PPP Multilink serial output port of the 7513 router. What will be the outcome at time of video streaming and video conference ? As this dscp value CS7 is the highest priority and reserved for network only.we are using ospf routing (some of the network is connected through this multilink port via ospf routing), also this ethernet is connected to various statice routed ip network via cisco asa and cisco 4507. The keep alive ospf neighbor router will be lost or not?
View 2 Replies View RelatedI have a connection between HQ and Branch which connected by GRE tunnel over IPSec. I use Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2911 that has IOS version : 15.0(1r)M9 with ipbase, security and data license.
I tried to apply command to both routers as follows:
Cisco 3745 (HQ)
crypto isakmp key test address 10.1.1.2
crypto isakmp keepalive 60
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map vpn01 local-address Loopback0
[code]....
When I appied this command that will show a notification as below:
NOTE: crypto map is configured on tunnel interface. Currently only GDOI crypto map is supported on tunnel interface.
*** After appied this command, I cannot ping or send any traffic to HQ. ***
I use this command that is working normally on Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2811 that has IOS version : 12.4(7b).
In earlier versions of LMS it was possible to choose i.e. the Routers category (top level) and enter a series of commands to be excluded from the comparison. In LMS 4.0.1 I experience, in several different installations, that this is not possible. It seems I can enter one exclude command beyond the defaults per category, the rest is not applied even though the feedback from the application is positive. Next time I access the Exclude Commands view, the commands I entered are gone. Is this a change of behaviour or a bug?
View 2 Replies View RelatedSo there are two VLAN's traveling over the port attached to the controller (User vlan 100, and Guest vlan 102). I need to block the guest from everything but the internet allowing the free flow of everything else on the User vlan. All info sanitized of course.I think I have the ACL's correct for what I am trying to accomplish I just can not get this ACL to work on a trunk port.Confirmed the ACL to work correctly on access ports however.
ip access-list extended Wireless
permit ip 172.100.0.0 0.0.255.255 any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any any eq domain[code].....
I am having ASA firewall 5520. I want to block yahoo mail, gmail using regex for particular users only.
View 5 Replies View RelatedI need to Upgrade my NCS to version 1.1.0.58. Actually my NCS is in the version 1.0.1.4 and i have a lot of templates configured and 1500 Access Points applied.
I have 5 WLCs and will do too the upgrade in the WLCs to version 7.2.130.0.
Will I lose some configuration with these upgrades ? Because the version 1.1.0.58 has more features than version 1.0.1.4 in the NCS and the WLC was adjusted some bugs.
The configurations that i has in the NCS version 1.0.1.4 is H-REAP and in the version 1.1.0.58 will be the FlexConnect, theoretically is the same, but i don't know if the configuration is the same in the two versions.
Can i do a downgrade in the NCS from version 1.1.0.58 to 1.0.1.4 if i have problems ? I was looking for a document who show how can i do this, but i didn't find nothing about.
How to check applied group policy on the domain clients
View 1 Replies View RelatedI'm havoing probems with my network "stuttering" and wanted to update the firmware. The RVO82 is currently running v2.0.0.19-tm and I have downloaded the latest; V 4.0.0.0.07-tm and tried to upload it to the router using both Safari and Firefox but the update won't take. I have followed the instructions to go to a fixed ip of 192..168.1.50 and have a connection directly to the router( bypassing the switch) but cannot get it to update.
View 1 Replies View Relatedwe're having an issue with the command "cts dot1x" when applied to an uplink interface. It basically kils the connection with this command is applied. Once you remove it, everything is back to normal, the platform is a cisco 3750x.
View 0 Replies View RelatedI have a 3560G and an ASA FW, for which I am trying to use PBR to append the next hop. The gateway is the switch VLAN address and the amended net hop is the same VLAN interface on the ASA. Trouble is, I can ping the FW from a client, but not the switch. If I remove the route map, I can ping both. Even more strange is this is the case for some VLANs, but not all!
Config:
HOST ON VLAN 96
IP 10.11.120.99
S/M 255.255.255.240
[Code].....
I have a customer that has a stack of 3750x switches installed in production and now would like to install the powerstack cables. The switches are in production and downtime would like to be avoided. Can you install the powerstack cables with the switches powered up? I would assume you can, but wanted to verify before doing so.
View 4 Replies View RelatedI am confused on how acl's respond on normal cisco switch (eg.6500) when applied on respective vlans. this is my scenario:on a 6506, i have 2 main vlans in question: Vlan 100 ( vendor1 - 172.16.100.0/24 ) & Vlan 200 ( vendor2 - 172.16.200.0/24 ). the requirement is,
- vendor1 should be able to access/ping vendor2 end points
- vendor2 should not be able to access/ping vendor1 end points
Now, if i ping from a host 172.16.100.11 in vlan 100 to another host 172.16.200.21 in vlan 200, will i be able to get a successful response ?
I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work.
View 24 Replies View RelatedI have noticed that changes in MAC address filter list are applied only after reboot of router. It is inconvenient.
Router Linksys E4200
Firmware Version: 1.0.03
Operation system on client computer is Windows 7.Can it be resolved in the next version of firmware?
i have an issue with the lms 4.2 Topology Data Collection. After installation the Topology Data Collection was running normaly, but since first server reload the Topo Data Collect under Inventory > Dashboards > Device Status > Collection Summary is "frozen".Is there any option to stop this process elsewhere? I cannot find anything under jobs in running state or so. Clicking on Schedule only give me the option to start data collection, but lms always returns that the process is running.
View 9 Replies View Related1)i have problem in LMS 4.2 , he shows most devices not connected to topology sitting lonly even though the have cdp enable , how to force these to join the topology
2)why some devices are shown unreachable , even though i can ping them from lms server and gets reply, also they have community and cdp configured
The regular problem with the LMS topology and WAN Links when you see the branches are disconnected from the HQ BUT in my case the branches are already connected via Layer2 links but unfortunately some intermediate layer2 modem/switch exist in some branches which prevent CDP discovery but you will find both HQ and branch router in the same subnet .
View 1 Replies View Related