Cisco :: LMS Prime 4.1 Port Security Report
Jan 31, 2012Has any one identified a way to run a report in Cisco LMS Prime 4.1 to report if switchports have port-security and Sticky-mac enabled?
View 1 RepliesHas any one identified a way to run a report in Cisco LMS Prime 4.1 to report if switchports have port-security and Sticky-mac enabled?
View 1 RepliesI am trying to run Audit reports for config change (Reports > Compliance and Audit > Change Audit > Standard). If I use "Immediate" Run Type a report gets generated with exactly what we need. If I try to use anything else so LMS can generate an email we keep getting this error. I had a look on the forum and supposedly this should be fixed since 3.2.
View 7 Replies View RelatedWe are about to a large amount of access points from access ports to trunks. Is there a report function in NCS that will give me a list of the APs and their CDP neighbor? I am able to view the information under "monitor/devices/access points" but I can't export that information to a useable format.
When I get the list the next step will be to create a configuration task in LMS 4.2 to configure the switch ports.
Just looked at report after having upgraded to WCS 7.0. It is reporting that SSH is disabled. It is enabled on the controller. The timeout value was set to zero for telnet access. No indication was given that the telnet timeout value also affected SSH as well. I set the timeout value to a non-zero number and reran the task that generated the report. The Enable SSH line item on the report no longer shows up.
View 2 Replies View RelatedWhen i am in report generator to create a unused up report i have any of my devices in the devices selector menu. This a same for all reports of the switchport menu. But for the other menu like inventory performance my devices appeard. I make a reboot of my server but no change. I'm looking the logs.
View 4 Replies View RelatedCan LMS 4.1 give a report for port capacity in stack switches? We are starting to have issues where our techs are going out and plugging devices into switches and the switches are getting full. We would like to be able to see how many ports are left in each switch.
View 2 Replies View RelatedI'm trying to add our two 5585-X + CX20 units to Cisco Prime Security Manager. The ASAs seem to add correctly but the CX20s appear "undefined" for software version and model. Clicking on "Device Configuration" I get the error "Message From Server: SyntaxError: Unexpected token .
View 0 Replies View RelatedI'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable. It's different every time I apply the config to the same group of ports. However if I do them one at a time it seems to work. But I really don't want to configure 6 fully populated switches one port at a time. We also have a lot of 3750's and they gave me no problem using a port range. [code]
View 4 Replies View RelatedI'm currently running CiscoWorks LMS 4.0.1 on Windows 2003 under VMware and just got upgrade licensing for Prime Infrastructure 1.2. I am assuming that I will need to upgrade the current server to Prime LMS 4.2 in order to ensure that data migration to Prime Infrastructure goes well. I am planning to follow Cisco's recommendation to run Prime LMS and Prime Infrastructure in parallel for a time and migrate individual functions.
My real question is about Syslog handling. All of the managed devices are currently sending Syslog data to LMS. As a last step in the migration, is it possible to change the IP address of the Prime Infrastructure server to replace the Prime LMS server so that the Prime Infrastructure server will just start getting all the Syslog data, or do I need to go change hundreds of managed devices to point to a new address?
What is the relation between: cisco NCScisco Prime LMSCisco Prime infrastructure.As i orderd a Cisco Prime infrastructure from a Cisco Partner and what i got is :
x2 cisco NCS appliances
x1 DVD cisco prime infrastructure
x1 DVD Cisco prime 4.2
I'm using packet tracer, I enabled port security on fa0/18 and set it to shut down when a violation occurred, I set it to only allow 1 mac address, so I tested it by plugging in another PC and the port shut down so the security was working, however when I plug the old pc back into the port it still stays shut down, how do I activate it again.
FastEthernet0/18 is down, line protocol is down (err-disabled)
One of our clients just installed a new security system and they need to be able to view the cameras from outside the network. According to the vendor, we should only need ports 81 and 2000 forwarded to the internal DVR on both TCP and UDP. They really aren't much troubleshoot the network config.
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name ********
enable password ******** encrypted
passwd ******** encrypted
[code].....
I have applied port security in one cisco switch and i have enabled port security in one port.I have applied port security as sticky and applied "restrict" on violation of the portsecurity.Now i have connected a PC to that switch port. Later i have connected another PC. The packets got dropped. But when i connected the original PC again, the packets flow started again.So, i have a doubt. Will the packet flow get establish, when the original PC is connected again to a port which is applied with port security violation "Restrict"?
View 2 Replies View RelatedI was wondering if there is a workaround to have a mac access-list bond to a port security violation action our need is the following: we have a range of 10 mac addresses that can use any port on the 3750, we only want to allow those ones yet we also need to tak action if a denied mac appears on any port of the switch.the only work around I found is to basically go into a port-rage mode and list all the allowed mac addresses under all the ports of the switch. I would also add to that a port violation action. did not test it but should work. problem is, it would be a huge config.I did read that we can create a mac access list and then bind that mac to physical ports wich will actually simplify our solution yet I did not find a way to bind the mac list with a port violation action.
View 1 Replies View RelatedI have installed CSA on windows 7 with rule to block rpc port 135.But when i am scannig this host, this port is still opened.I changed OS to Win Vista,Win7 x86, but there is no changes.Is it possible to block port 135 using CSA on windows 7?
View 2 Replies View RelatedWas wondering how to set port security on the 881. I have all the FE ports shutdown except one and want to limit that port to one specific MAC address.
View 7 Replies View Relatedhow to perform port security or mac access-list on LAN ports of router 861 or 881.There are commands access-list 700-799 , but I don't know how to apply that access list on configured vlan or particular port.
View 1 Replies View RelatedThere are three Win 7 laptops on the LAN trying to connect to the ASA5500 Firewall. They generate a Severity Level 3 alert and try the same port three times then move to the next numerical port and try that three times. Is this a malicious Hack.
View 5 Replies View Relatedwe are using 2960 cisco switch asn we are trying to configure port security.we are able to configure MAC base port security, but unbale to configure IP base port security.can any one guide us can do IP base port security like MAC port security. if not which switch will support IP and Mac base port security.
View 6 Replies View RelatedHow do I disable the USB port in the 881 router?
881router#show usb port
Port Number: 0
Status: Disabled
Connection State: Disconnected
Speed: Full
Power State: ON
How do you configure port-security on a 2811 router? If not, is there a way to configure some type of security on each port ?
View 3 Replies View RelatedI am using 3560 switch senerio is that we have dhcp server on and I want that switch filter mac on whole switch ports not on a some port. Switch only give IP to the mac whcih is in mac table of switch/particular which we enter manually.I have read chapter 62 of port security but it doesnot fulfill my requirements.I am also using 3com 5500Ei switch in which we dont have to bind a mac on every port, we just enter a mac in the switch and it filter itself by using simple commands.DHCP server is not in our hands, we cant do any things there.
View 1 Replies View RelatedI have a Cisco home rack lab which is behind my ASA 5505. I use my ASA to connect to the internet. My situation is I travel a lot for work, and I am unable to do my labbing practice. I am pretty new to ASA and would like to do a port forwarding to access my access server which is connected to my Cisco routers and switches.My network topology is this: (internet)-------(ASA 5505)----------(3550)-------(CM32 Access Server)----------(Cisco Rack) This is how I setup my remote access:
Code:
ssh 0.0.0.0 0.0.0.0 outside
i'm trying to use VNC as a remote desktop i was told to forward port 5900 in order to connect. but whatever i do i still an error saying that the port is not forwarded..Connection test failed.VNC Server appears to be behind a NAT router with IP address x.x.x.x. You will need to configure that router to forward port 5900 to this computer before you can connect to VNC Server over the Internet.as you can see here the port is forwarded to the server computers local IP.i have no firewalls active, and no anti-virus software that could be blocking VNC.
View 1 Replies View RelatedI'm new to CiscoWorks and I inherited the system in my new job. We are running LMS 3.2 and I want to run a report to see what versions of IOS that are running on the network.
View 3 Replies View RelatedI have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
View 1 Replies View RelatedIs it possible to use Port Security mechanism between two switch (3750 or 3560) ports while trunk has been configured? If it's not possible, is there any other way to ensure that no other Switch can be connected other then the one switch which has been configured/placed by a network engineer?
View 4 Replies View Relatedconfigure port security Cisco 500 Swich ? There is no CLI mode in this switch?
View 2 Replies View RelatedOne of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
The logging buffer on the switch displays the following:
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down.
I have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.
View 1 Replies View RelatedI have network consists of more then 20 cisco 2950/2960/3700 switches. I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]
View 5 Replies View RelatedWe have several 3750 stacks across our campus that we are unable to completely clear port security on. We have mac address stick set up on all access ports. When we clear the sticky address on the port, the mac address is removed from the running config like normal, but we keep getting port-security voilations. If port security is taken off the port completely, i.e. no switchport port-security, traffic still doesn't pass the port. Even clear port security across the stack doesn't work. If we try to reload the stack, only the master reboots, and the other switches in the stack lose switch capabilities.
View 1 Replies View RelatedI've just completed a port security project at a site on numerous Cisco switches and all works well, however they have 2 Nortel 5520 switches (which I left until the end) which they would like to lock down. I have logged a message on the Nortel forums and I have heard nothing for days. I just need to lock 2 ports down to the Mac address of 2 computers stopping any other computer being plugged in.
View 2 Replies View Related