Is the ACLs matching logic between a Cisco router and a Cisco firewall (PIX/ASA) the same ? If not, What are the logic differences? I understand that in a router, once a match is found the statements below the match are ignored, I wonder if this applies to firewall.
View 1 Replies
I really need understanding some of the logic behind the default ZBFW settings on my Cisco 881W courtesy of Cisco Configuration Professional. Here are my two questions:
1.) What is the purpose and logic behind consolidating the first class-map (ccp-cls-insp-traffic) in to the second Class-Map (ccp-insp-traffic) as follows?
Code ....
2.) What is the purpose and logic of Policy-Map ccp-inspect is trying to drop traffic from ccp-invalid-src, which is filtering based on ACL 100:
policy-map type inspect ccp-inspectclass type inspect ccp-invalid-src drop logclass type inspect ccp-insp-traffic inspectclass type inspect ccp-protocol-httpclass class-default drop.
Code ....
After hours of trial and error, and searching user groups, I have found that on occasion, ASA v8.4 will stop pings with the IPsec-Spoofing logic. Interestingly, the packet-trace will say everything is allowed.
The fix (at least in my case, and one other) is to narrow the crypto-map to specific hosts, not subnets.
I have an RVS4000 router and it worked well with AT&T's DSL service. I installed it, with my limited knowledge, with no problems. I switched my internet service to Logix and the RVS4000 will not see the Logix signal (the internet LED does not light up on the router). I can hook my computer directly to the circuit and put in the IP address and other info and it works fine. I happened to have another Linksys router handy model # BEFVP41 and it works fine. The router sees the signal and I entered the Logix info in the router and I am off to the www. I can plug the RVS4000 back into the DSL modem and it sees the signal and the internet LED lights.
My question is why won't the RVS4000 work with the Logix signal or is there a setting I am missing? I would like to use the RVS4000 since I paid a lot more for it than I did the BEFVP41.
I'm currently looking at doing some re-design work for a platform we manage on the ACE.I want to be able to run a single VIP and only do a sticky session based around specific URL's not all. I've got the following configuration to apply a sticky session to a URL. [code]Notice, under the Policy-map type loadbalance http first-match WEB-POLICY-L7 i have two class statements, one that matches the URL L7 policy and applies a sticky farm and the second class falls into the default.Am i right in saying with this configuration, any http traffic hitting the VIP 192.168.1.1 that does NOT match /urltobedefined.co.uk/test sticky sessions are NOT applied. But traffic hitting 192.168.1.1 that does match /urltobedefined.co.uk/test will apply the sticky policy?
View 2 Replies View RelatedWhat is the difference between version 1 and version 2 of the 310N? I cannot find any information provided by Linksys or on this forum that describes what the difference is.
View 1 Replies View RelatedWhich of these model numbers have the greatest range?
A: WRT54G
B: WRT54GL
C: WRT54GS
would you explain the main differences between lms 3.2 and 4.2 cause my company is about to purchase the new version;
- how does it changed in taking reports ?
- how does it changed and improved in monitoring?
Is there any difference between these two models from hardware standpoint?
View 1 Replies View RelatedWe have installed Cisco Prime 4.1 and we have discovered all the devices of our network. Although all devices appear as known both in Monitor and in Inventory, some of them are not being monitored correctly.For example, in the Known_Device_List Report, I have a device named 'Switch1' with IP 'x.x.x.' but in the monitoring, it shown by the name 'Switch2' with the same IP 'x.x.x.x'.
It seems that the DFM database doesn't get correctly this device from DCR, but in the LMS 4.1 version there is no option to delete this device from the DFM. I already tried to rediscovery devices throught CLI by the dmctl -s DFM invoke ICF_TopologyManager::ICF-TopologyManager discoverAll command, but with no success.
I am setting up my 2nd 1811 router for NAT and VPN. The 1st 1811 works great, completed a few months ago. On this 2nd 1811, I decided to just copy the working startup-config from the good, 1st router to this 2nd, and then change IPs and from there. I did not do the setup wizard, but just erased the startup-config, reloaded, gave temp IP on local LAN and copied good startup-config from TFTP server.
Question: on this 2nd 1811, I show this:
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip subnet-zero
I do not have this on the 1st, and I cannot get rid of it. Is this due to IOS versions?
On the 1st I have:
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(6)T8, RELEASE SOFTWARE (fc3)
flash:c181x-advipservicesk9-mz.124-6.T8.bin
On the 2nd I have:
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(4)T1, RELEASE SOFTWARE (fc4)
flash:c181x-advipservicesk9-mz.124-4.T1.bin
CISCO881W-GN-E-K9 vs. C881W-GN-E-K9. What's the difference between these routers?
For example, the CISCO881G-K9 has a 3.5G ExpressCard Modem and the C881G has an embedded one with GPS and 3.7G in most versions. The C881G is, for all I know, the newer one. But for the two mentioned above, I can't find any differences at all. The C881 is listed in the Teleworking section of the data sheet. But there is no information whatsoever about any feature or license differences.
Does Ethernet mean a cable is needed?
Does WiFi mean no cable is needed?
I have two computers at my apartment getting two VERY different speeds from my wireless connection. I'm thinking it might be the hardware im using, but I want some expert opinions before I go out and buy anything else. [code] Getting 5 bars of connection and 14.5 -21 Mbps..Both computers on the same desk when tests were run.
View 3 Replies View Relatedwhich differences exist between 7.0 and 7.2 firmwares? I have to decide/choose which of them to run, before continuing to configure my WLAN infrastructure.
View 3 Replies View RelatedMy customer is having Cisco 4507R switch with IOS version 122.31-SG1 which deosnt supports NAC - L2 IEEE 802.1x but supports NAC - L2 IP.What is the difference between these features and which features is required for proper authentication and posture assesment.
View 1 Replies View RelatedSo I have a server running Linux and am looking to add VPN functionality to my home network. I have OpenSSH running and it works great for tunneling and remote file transfers but doesn't quite get the job done.I would like to be able to map a network drive in Windows to my Linux box and understand a VPN could accomplish this, problem is I really don't know anything about Virtual Private Networking! I was hoping someone could explain to me the differences between SSH / VPNs and point me in the right direction towards configuring OpenVPN on my Linux box.
View 4 Replies View RelatedWe are looking at doing some switch replacement. These switches will be in for ~7 years.We need POE for a VOIP phone system, and 10gb uplinks back to the core. We want to have the ability to go POE+ in the future.
We were quoted from our vendor for:WS-C3850-48P-S with 2x715w Power supplies. It looks like the data sheet says that to get POE+ you need 2x1100w or 1x1100w & 1x715w. Do we need to step up to the WS-C3850-48PF-S?
I am working for a customer on an enterprise site containing many 6509's. We have built a test environment and upgraded a chassis from sup720 running 12.2(18)SXF15 to VS-S2T-10Gb running 12.2(50)SY on the management card. I have noticed and so has the customer that there are many commands missing or added and they want an expalnation of these. I can do some of them easily, change syntax etc but for instance it has added a table-map, 50 vlans with a large MTU and large COPP policy.
What are these ?? and also is there a quick way resource etc to find out why the commands have been added/removed, for instance-mls ip cef load-sharing full is missing--
What is the difference between WIRELESS LAN LWAPP and WIRELESS LAN LWAP RECOVERY images? I believe the RECOVERY is used in the upgade process - but what is the other used for?
View 1 Replies View RelatedAside from the obvious differences between these two NAS`s (processor speed, max users, max groups etc) what are the actual real world differences in functionality between the two?
I`m also wondering what the `turbo` bit refers to?Any pros/cons of each??
We replaced a 3560 with a new 2960S and I'm only able to configure a single ip sla where before we had three ip sla entries on the 3560. Obviously, one is a L2 switch and the other a L3 switch. This is an expected difference between switches, correct?
View 6 Replies View RelatedWe are looking to replace some aging 3560 switches with 100Mb/s interfaces. They service IP phones and workstations.
For having IP phones directly connected to access switches that are also servicing workstations, we don't need L3 routing except in the core, so the question is what would we lose if we used 2960S switches for access switches.
I understand from having spoken with Cisco TAC that a limited subset of QoS is available on the 2960S platform. Does that includes the priority queue that is enabled when you turn on mls qos on a L3 switch?
I am trying to decipher the differences between the two models of the 1921 router. One has an IP Base IOS and the other has a Security IOS. I have an ASA so I don't think I need all the Security IOS bells and whistles on an internal router. Although, does the IP Base IOS allow for trunking and sub interfaces? I definitely need that and on CDW's website it says that the 1921-Sec/K9 w/ Security IOS includes 802.1Q and that spec is not listed on the 1921/K9 IP Base IOS model.
View 3 Replies View RelatedI need raise a especial configuration to 34 APs LWAPP associated to WLC 5508 with IOS 7.0.220
This is the Scenario:We have 34 APs LWAPP with 2 SSID (Corporative & Guest), with 2 DHCP different. The Guest SSID receive IP to DHCP from WLC while SSID Corporative receive IP from Microsoft DHCP. The AP On Site are Local and the Foreign AP are configured like H-REAP (H-REAP Local switching and Learn Client IP Address are marked)
Here is the thing, I need configure a new WLAN (Pruebas) for add to 34 APs (Local and Foreign) but this new WLAN must be receive IP from a New Microsoft DHCP
Firstly I configured a new Physical interface and linked to New WLAN (Pruebas) however i don't know how configure the AP and the DHCP because I want that the AP deliver IP addresses depending the Locality.The last because the SuperScope from DHCP is divided in various subnets and because the IP from the AP will be in another VLAN
I thing to buy one of these two products linksys wag120n and the links wag160n and i want to know which the main differences between of these two products.
View 6 Replies View RelatedCould you provide me the main differences between SG500 and Catalyst 3750 command set?
View 2 Replies View Relatedsystem mtu routing 1500 Is there a replacement command for this?
MLS QOS commands not accepted. Has the ME3800 been designed so these buffers don't need to be adjusted?
in the policy map:
class class-default
random-detect dscp-based not accepted. Is there a work around?
[Code].....
I understand that my questions seems to be rather strange cos supervisors is rather old (Sup1A especially). But i am interested in understanding what puprpose were in production SUP32. I cant find out enough differencies between Sup1A with MSFC2 and Sup32 to understand what reasons lead to deploying new sup in none fabric supervisor series.
Both supervisors have same perfomance - 15Mpps and have limitation on backplane bandwith of 32 Gbps (cos both use swithing bus), both supervisors equipped with MSFC2 and etc. Differencies i found:
SUP 32 have 10Gbe ports support (but this seems to be doubtful enhancement - with it perfomance GE ports seems to be more appropriate technology isnt it?) SUP1A equipped with PFC, SUP32 with PFC3BSUP32 deploys CEF (what is benefit of CEF if perfomance same?)
I need to know the key functional differences between the Catalyst switches 3560E, 3560X and 3560G.
View 1 Replies View RelatedWhat's the main technical differences among the 1140 AP series and the 1260 AP series?I know that the 1260 supports external antennas while the 1140 supports internal antennas, but apart from that, is there any other important difference ?
View 10 Replies View RelatedIs there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and wondering if PWR-3845 AC is for one power supply and AC/2 means you get two with one order?
View 1 Replies View RelatedIs there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and if PWR-3845 AC is for one power supply and AC/2 means you get two with one order.
View 1 Replies View Related
