Cisco :: Out-Of-Sync Summary Exclude Commands Not Applied In LMS 4.0?
Oct 4, 2011
In earlier versions of LMS it was possible to choose i.e. the Routers category (top level) and enter a series of commands to be excluded from the comparison. In LMS 4.0.1 I experience, in several different installations, that this is not possible. It seems I can enter one exclude command beyond the defaults per category, the rest is not applied even though the feedback from the application is positive. Next time I access the Exclude Commands view, the commands I entered are gone. Is this a change of behaviour or a bug?
View 2 Replies
ADVERTISEMENT
Mar 6, 2012
8.4(3) I need to outside PAT all incoming UDP (SIP/RTP) traffic from outside to an internal IP. The following command makes it work:
nat (outside,inside) source dynamic any obj-10.0.0.173 service udp udp
But it breaks DNS resolution from inside. If I add the above command and try to nslookup from inside to an outside DNS server 64.90.175.90, DNS times out. If I remove the above nat command, it works again. It seems like even though DNS UDP originates from inside which should create a statefull connection, ASA still messes with return DNS responses.I then tried to create an "exclusion" for that IP with the following:
object-group network nat-exclusions
network-object host 64.90.175.90
!
nat (outside,inside) source static nat-exclusions nat-exclusions
but it's not working.I also tried:
nat (outside,inside) source static nat-exclusions nat-exclusions unidirectional
Also not working.How can outside-PAT all UDP traffic excluding DNS.
View 1 Replies
View Related
Feb 13, 2012
I have the following setup:
ADSL ---> Cisco 877 with connected site-to-site VPN's ---> Cisco ASA 5505 with Remote VPN enabled
I want to connect my Android phone to the Cisco ASA 5505 with Remote VPN. When I forward port 500 and 4500 on the Cisco 877 to the Cisco ASA5505 I can connect with the phone.
But as expected, the site to site connections are lost because now they try to reach the ASA 5505 also.
I want to exclude the site to site external IP addresses from doing static NAT to the ASA 5505...how can I accomplish this ?
View 3 Replies
View Related
Oct 17, 2012
I have a number of devices such as Cisco Call Manager, or Cisco Wireless Controllers, etc that I want to remain in DCR but would like to exclude from the Config Archive process. Is there any way of excluding an individual device from this process?
View 3 Replies
View Related
Oct 13, 2011
I have an inventory added to Ciscoworks and am getting alerts on interfaces that I want to exclude but for the life of me I can't figure out how to exclude interfaces. Any tips on how to exclude interfaces from the fault engine in 4.1.
View 3 Replies
View Related
May 16, 2011
I'd like to know if there is a way to exclude passed authentications for a specific username from reporting in the Authentications-TACACS and Authentications-RADIUS reports?
We have a few usernames that are used in scheduled jobs. We only need to know when they fail authentication, so we don't need to fill up the reports with every passed authentication from these accounts. Can this be done?
View 1 Replies
View Related
Jun 27, 2011
I'm working with Nexus 7010 - System version: 5.1(3).
For example, in the 7200 we can include or exclude an OID from the SNMP view entry using the command #snmp-server view.
How can we include or exclude an OID from the SNMP view entry in the Nexus 7010?
View 1 Replies
View Related
Jun 3, 2013
I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
View 4 Replies
View Related
Feb 26, 2013
When you configure an ABR to inject a summary route into an area, what are the circumstances under which the ABR will inject the summary? I.e., since it's not a set of specific subnets learned directly from other OSPF routers, does the summary get injected regardless of what's in the routing table of the ABR?
I would imagine this could cause problems in a situation where there is an ABR injecting a large summary into an NSSA that also has a backup path over the Internet (IPsec tunnel or something). For example, if the area 0 routers from which the ABR receives routes went down, the ABR would continue to inject the summary route into the NSSA thus tricking those routers into sending traffic to the ABR rather than over the backup link.
I can't imagine any other way an ABR would decide when it's suitable to inject the summary though.
View 1 Replies
View Related
Apr 15, 2012
I have two MLS conected by 2 fast ethernet links f0/11 and f0/12 on both sides.I am trying to set up a layer 3 etherchannel using these two links . But when i see etherchannel summary, they dont show up as layer 3. Instead they show as layer 2.
View 19 Replies
View Related
Dec 12, 2011
I am unable to generate bug summary report in RME. Even I can not generate PSIRT report as well..LMS always gives error "incorrect cisco.com credential. enter correct credential" I have checked my credentials are correct... it gives me error no BTKT:0014..I am using LMS 3.1 attaaching snap shot of my patch level and application version running on LMS...
View 3 Replies
View Related
Jan 4, 2012
I have setup a site to site VPN with an ASA 5510 (8.4) and a Cisco 2811. The tunnel is working fine, however both sites have 5 different contiguous networks. The crypto ACL between sites states only one subnet.Is it possible to state a summary address in an ACL rather than having five lines for the ACL?The tunnel works when the router uses an ACL of 10.2.200.0 0.0.7.255, however if a summary address of all the subnets on the inside network of the ASA are stated in an ACL - 10.1.200.0 255.255.248.0 - then the tunnel does not come up.Is it possible to state a summary address on a crypto ACL on the ASA?
View 2 Replies
View Related
Mar 12, 2013
In my Lab environment in GNS I have connected two 7200 series router through fastethernet on router A I have given IP adress 192.168.10.54 and router B I have given IP address 192.168.10.53 and default route as 0.0.0.0 0.0.0.0 192.168.10.53 and when I run the command on router A it shows result as follows "C 192.168.10.52/24 is directly connected ,Fast ethernet 2/0".
So I need to know why it's showing the result of .52 at last why not .53 or .54 at last what is the reason it's showing .52 which I have not mentioned in my IP address.
View 5 Replies
View Related
Dec 2, 2012
I have a 5508 WLC running on 7.0.116, I need to be able to pull all configured users off the WLC and import into excel, I have 900 odd users configured. When I run a show net user summary it only displays a third of users. I'm hitting space to tab through each page, then eventually I just get dumped back to the command prompt.
View 5 Replies
View Related
Feb 28, 2012
I have a Nexus 7K router, has 2 ospf process, ospf 1 and ospf2. OSPF1 has several subnets in 10.1.0.0/16 subnet range , OSPF2 has several subnets in 10.2.0.0/16 subnet range. I want to summary OSPF 1 subnets to 10.1.0.0/16 then redistribute to OSPF2. but it doesn't work. [code]
View 2 Replies
View Related
Dec 14, 2011
I am trying to generate bug summary report from RME but once job completes i can not see/view report. whenever I am trying to click on view under job result to see reports I get apache/http error. snap shot is attached for reference.
I am running LMS 3.2.1 and RME 4.3.2.. struggle alot to reach this stage where I can see report are getting generated for PSIRT and bug summary..but can not see report for Bugs though I can see PSIRT report...
View 1 Replies
View Related
Dec 19, 2012
Anyn equivalent command of show etherchannel summary for a 10008 router running 12.2(33)SB9 ?
View 1 Replies
View Related
Feb 19, 2012
What is the OID for the count of the APs connected (and Status UP) to a WLC 5508?
View 2 Replies
View Related
Sep 16, 2012
I have a layer 3 switch with a bunch of SVIs all in the 192.168.x.0/24 range. I just want to advertise a 192.168.0.0/16 summary to the BGP neighbors. I can do this either by:
1) Redistributing connected into BGP and then using the 'aggregate-address' command to advertise the summary.
2) Specifying a network statement in the BGP config for every single SVI, then using the 'aggregate-address' command.
3) Create a static route to null0 (ip route 192.168.0.0 255.255.0.0 null0) and put 'network 192.168.0.0 mask 255.255.0.0' command in the BGP config.All three fulfill the same purpose of summarizing all the SVIs, but creating the static route is much cleaner in this case. It seems like the aggregate-address command is mostly intended for routers that are aggregating connections coming from other routers and all of them share a common prefix.
View 4 Replies
View Related
Sep 19, 2011
if I can do the following deployment using a Cisco ASA5510 security plus.
At this moment I have two interfaces in use one (outside) with the IP: 172.16.21.254/24 and the other (inside) with the IP: 192.168.4.1/24. Now the customer needs to connect another network that works with the IP segment: 192.168.0.0/22.
The IP segment 192.168.0.0/22 goes from 192.168.0.1 to 192.168.3.254 that means that there is no a overlap with the network segment 192.168.4.0/24. My question is: If I configure another interface in the ASA that works in the segment 192.168.0.0/22 the routing table will auto-summary the network and merge it with the network 192.168.4.0 or will it leave the networks apart??
I don't user dynamic routing protocols but I cannot do the changes if I have doubts because the network 192.168.0.0/22 is a the Network for the Factory Automation Systems.
View 1 Replies
View Related
May 9, 2013
My Cisco 3900 router is not taking the no auto summary command?
View 5 Replies
View Related
Feb 19, 2013
I have a issue where after configuring aaa and rebooting, logging into the console port seems to be auto trying something before it finally times out and let's the user try. I getting the following sequence: [code] I need aaa to work via vty, however I need the device to boot directly to the Username: prompt so I can continue to use my VB script to clear the config when the devices are return from the field.
View 4 Replies
View Related
Mar 11, 2012
I have a Nexus 7K router, has 2 ospf process, ospf 1 and ospf2. OSPF1 has several subnets in 10.1.0.0/16 subnet range , OSPF2 has several subnets in 10.2.0.0/16 subnet range. I want to summary OSPF 1 subnets to 10.1.0.0/16 then redistribute to OSPF2.but OSPF 2 didn't receive 10.1.0.0/16. Below is the config
ip prefix-list all seq 10 permit 0.0.0.0/0 le 32
route-map all permit 10
match ip address prefix-list all
router ospf 1
router-id 10.10.3.9
[code]....
View 2 Replies
View Related
Nov 20, 2011
tell me if there is an equivalent command to Show int Summary on the Nexus 7000?
eg
MYCISCOSW01#show int summary
*: interface is upIHQ: pkts in input hold queue IQD: pkts dropped from input queueOHQ: pkts in output hold queue OQD: pkts dropped from output queueRXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)TRTL: throttle count
[code]....
I find it a useful command on the 6500 to spot high traffic flows.
View 7 Replies
View Related
Oct 18, 2011
I would like to find out if security plus license ASA-5505-sec-pl be applied to ASA5505-K8. I think the strength of encryption should not be determining whether additional feature can be applied or not, but I need to confirm with you people..
View 1 Replies
View Related
May 23, 2012
crypto map mapName 20 match address NAME_20_cryptomapcrypto map mapName 20 set peer IPADDRcrypto map mapName 20 set transform-set ESP-3DES-SHAcrypto map mapName interface IFNAMEcrypto isakmp identity addresscrypto isakmp enable IFNAMEcrypto isakmp policy 10authentication pre-shareencryption 3deshash md5group 2lifetime 86400crypto isakmp policy 30authentication pre-shareencryption 3deshash shagroup 2lifetime 86400crypto isakmp policy 50authentication pre-shareencryption aeshash shagroup 2lifetime 28800(code)
I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used. And then traffic matches "NAME_20_cryptomap" isakmp policy 10 are used. How do i link the crypto map with the specefic isakmp policy?
View 1 Replies
View Related
Nov 30, 2011
I encountered this problem with cisco 870 atm interface. I applied service-policy output, its being accepted but when you do a show run interface, it's not there.
View 5 Replies
View Related
Aug 1, 2012
I get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
View 6 Replies
View Related
Dec 12, 2012
I have a cisco 887 connected as temp measure to a 3g device via a fast0 port. all works fine. VPN comes up...but the moment i apply the crypto map to the vlan.. DHCP stops allocating ip address. I have remove irrelevant config ( dialer, atm etc as they not been used)
config below
p dhcp excluded-address 10.29.80.253 10.29.80.254
ip dhcp excluded-address 10.29.80.1 10.29.80.229
!
[Code]......
View 4 Replies
View Related
Apr 7, 2013
I have a cisco ISE 3355 and WLC 5508 and microsoft Active Directory 2008. I joind the ISE to the ADe successfully and I can see all groups on the AD, also I integrated the ISE with the WLC. my problem is when I created the Authentication policy on the ISE and joined to the AP by the PC nothing applied to the PC.
WLC version 7.4
ISE version 1.1.1.268
View 5 Replies
View Related
Aug 11, 2012
my client insisting to set a dscp value of 56 (= CS7 , the highest priority) for their video packet without any bandwith restriction in the input of fast ethernet port and PPP Multilink serial output port of the 7513 router. What will be the outcome at time of video streaming and video conference ? As this dscp value CS7 is the highest priority and reserved for network only.we are using ospf routing (some of the network is connected through this multilink port via ospf routing), also this ethernet is connected to various statice routed ip network via cisco asa and cisco 4507. The keep alive ospf neighbor router will be lost or not?
View 2 Replies
View Related
Aug 23, 2011
I have a connection between HQ and Branch which connected by GRE tunnel over IPSec. I use Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2911 that has IOS version : 15.0(1r)M9 with ipbase, security and data license.
I tried to apply command to both routers as follows:
Cisco 3745 (HQ)
crypto isakmp key test address 10.1.1.2
crypto isakmp keepalive 60
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map vpn01 local-address Loopback0
[code]....
When I appied this command that will show a notification as below:
NOTE: crypto map is configured on tunnel interface. Currently only GDOI crypto map is supported on tunnel interface.
*** After appied this command, I cannot ping or send any traffic to HQ. ***
I use this command that is working normally on Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2811 that has IOS version : 12.4(7b).
View 2 Replies
View Related
May 12, 2012
it seems that users with active device authorization - e.g. permitting only a certain user defined group - can anyway view all devices or views?Is it possible to apply the same view rule from user management, so that these users can only view certain devices or topologies?
View 5 Replies
View Related
