I get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
View 6 Repliesmy client insisting to set a dscp value of 56 (= CS7 , the highest priority) for their video packet without any bandwith restriction in the input of fast ethernet port and PPP Multilink serial output port of the 7513 router. What will be the outcome at time of video streaming and video conference ? As this dscp value CS7 is the highest priority and reserved for network only.we are using ospf routing (some of the network is connected through this multilink port via ospf routing), also this ethernet is connected to various statice routed ip network via cisco asa and cisco 4507. The keep alive ospf neighbor router will be lost or not?
View 2 Replies View RelatedUsing LMS 3.2, I've started learning how to use the compliance templates.is there a regex to ignore case? For instance, if I have the line:
clock timezone est -5 in some configs, and
clock timezone EST -5 in others
is there a way to tell the template that upper case and lower case are acceptable matches?
I have a issue where after configuring aaa and rebooting, logging into the console port seems to be auto trying something before it finally times out and let's the user try. I getting the following sequence: [code] I need aaa to work via vty, however I need the device to boot directly to the Username: prompt so I can continue to use my VB script to clear the config when the devices are return from the field.
View 4 Replies View RelatedI want to add the command "no logging event link-status" to all switchport mode access ports EXCEPT for the ones with the following switchport access vlans: 4022,4032,4042,4052,4072 & 4082. How do I create a compliance template to do this? LMS 3.2, RME 4.3.1
View 6 Replies View RelatedHave upgraded WCS to 7.0 due to a Mesh network feature we needed, but now see I can no longer edit the AP migration templates. The interface allows me to create or delete them but the command dropdown box does not show an Edit option. So now for every AP I want to migrate I need to create a new template before I can select the AP's and migrate them. I still need to migrate about 220 APs....
Looking though the function it tells me to click on the Migration Template name. However neither in MS IE nor Firefox this works, there is no link activated.
I would like to find out if security plus license ASA-5505-sec-pl be applied to ASA5505-K8. I think the strength of encryption should not be determining whether additional feature can be applied or not, but I need to confirm with you people..
View 1 Replies View RelatedI am working up a configuration template for an install I am doing in a couple weeks and wanted to take a look at the base config of an ASR1002.
View 1 Replies View RelatedI am trying to create a very basic template in compliance manager that checks for interfaces that aren't members of specific VLANs. VLAN 10 being one of them. I want to match interfaces assigned to VLAN 20. According to the documentation I have read, the following range statement should work because 10 falls between 3 and 19:
Submode: interface [#.*Ethernet.*#]
- switchport access vlan [#[3-19]#]
With the preceeding statement, however, interfaces assigned to both VLAN 10 and VLAN 20 are matching the rule. With this specific rule (not a range), only interfaces w/VLAN 20 are processed by the template, which is expected. We actually have numerous VLANs that we want to exclude/include. I only mentioned VLANs 10 and 20 for brevity.
crypto map mapName 20 match address NAME_20_cryptomapcrypto map mapName 20 set peer IPADDRcrypto map mapName 20 set transform-set ESP-3DES-SHAcrypto map mapName interface IFNAMEcrypto isakmp identity addresscrypto isakmp enable IFNAMEcrypto isakmp policy 10authentication pre-shareencryption 3deshash md5group 2lifetime 86400crypto isakmp policy 30authentication pre-shareencryption 3deshash shagroup 2lifetime 86400crypto isakmp policy 50authentication pre-shareencryption aeshash shagroup 2lifetime 28800(code)
I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used. And then traffic matches "NAME_20_cryptomap" isakmp policy 10 are used. How do i link the crypto map with the specefic isakmp policy?
Any recommendation for creating a configuration template for the SRP521W? I can use the Admin-->Backup Config to get a xxx.cfg file, but I cannot edit it with notepad++. Also, i know the config can be view via view-source: [URL], but how would I load a modified copy of this back to the router?
View 8 Replies View RelatedI encountered this problem with cisco 870 atm interface. I applied service-policy output, its being accepted but when you do a show run interface, it's not there.
View 5 Replies View RelatedMe and some friends of mine talking about making a small website for us to share our photos together and be able to add comments under each photo, for example or even better with a simple forum. I have a bit experience making website, but we prefer to use web templates / packages for that also we would be able to add comments( built-in Code, no external links for those codes be needed). We prefer to have our website sure we know there are thousands of free photo-sharing websites out there.
View 2 Replies View RelatedAsking about Packet Tracer. I currently use packet tracer 5.3.2.Can you give me any link where to download router template on packet tracer? I want to explore cisco 2821 but packet tracer 5.3.2 has an existing of cisco 2811 only then, I tried to add the 4 ports of RJ11 but I cannot see the 4 port telphone.
View 4 Replies View RelatedI have a cisco 887 connected as temp measure to a 3g device via a fast0 port. all works fine. VPN comes up...but the moment i apply the crypto map to the vlan.. DHCP stops allocating ip address. I have remove irrelevant config ( dialer, atm etc as they not been used)
config below
p dhcp excluded-address 10.29.80.253 10.29.80.254
ip dhcp excluded-address 10.29.80.1 10.29.80.229
!
[Code]......
I am trying to apply WLAN template from NCS to two WLCs 5508 and I receive this message."Another WLAN with same SSID and either WPA1/ WPA2/ WPA1+WPA2 is enabled. Please change the Layer 2 security policy."The template has layer 2 security with WPA+WPA2 enable and 802.1x.I have other WLAN template with other name and other SSID with the same security policies with no problem to apply.
View 2 Replies View RelatedI have a cisco ISE 3355 and WLC 5508 and microsoft Active Directory 2008. I joind the ISE to the ADe successfully and I can see all groups on the AD, also I integrated the ISE with the WLC. my problem is when I created the Authentication policy on the ISE and joined to the AP by the PC nothing applied to the PC.
WLC version 7.4
ISE version 1.1.1.268
What is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.
View 3 Replies View RelatedWho can give me a SNMPv3 configuration template.I tried many times has been a problem
View 5 Replies View RelatedLMS 3.2.1, what is the correct baseline template syntax to accomplish the requirement 2:
Requirement 1
• Check if the router is running H323: You can do it looking for the command “h323-gateway voip interface”. If that command is found on a router then it is an H323 voice gateway
• Configure the global command: voice class h323 1
[Code]...
I have a connection between HQ and Branch which connected by GRE tunnel over IPSec. I use Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2911 that has IOS version : 15.0(1r)M9 with ipbase, security and data license.
I tried to apply command to both routers as follows:
Cisco 3745 (HQ)
crypto isakmp key test address 10.1.1.2
crypto isakmp keepalive 60
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map vpn01 local-address Loopback0
[code]....
When I appied this command that will show a notification as below:
NOTE: crypto map is configured on tunnel interface. Currently only GDOI crypto map is supported on tunnel interface.
*** After appied this command, I cannot ping or send any traffic to HQ. ***
I use this command that is working normally on Cisco router 3745 that has IOS version: 12.3(18) and Cisco router 2811 that has IOS version : 12.4(7b).
it seems that users with active device authorization - e.g. permitting only a certain user defined group - can anyway view all devices or views?Is it possible to apply the same view rule from user management, so that these users can only view certain devices or topologies?
View 5 Replies View RelatedIn earlier versions of LMS it was possible to choose i.e. the Routers category (top level) and enter a series of commands to be excluded from the comparison. In LMS 4.0.1 I experience, in several different installations, that this is not possible. It seems I can enter one exclude command beyond the defaults per category, the rest is not applied even though the feedback from the application is positive. Next time I access the Exclude Commands view, the commands I entered are gone. Is this a change of behaviour or a bug?
View 2 Replies View RelatedSo there are two VLAN's traveling over the port attached to the controller (User vlan 100, and Guest vlan 102). I need to block the guest from everything but the internet allowing the free flow of everything else on the User vlan. All info sanitized of course.I think I have the ACL's correct for what I am trying to accomplish I just can not get this ACL to work on a trunk port.Confirmed the ACL to work correctly on access ports however.
ip access-list extended Wireless
permit ip 172.100.0.0 0.0.255.255 any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any any eq domain[code].....
The business i work for uses a "Do it myself" template for their website. (this is through their webhosting company). I can not add FTP to this website, we have to completely redo it with code and whatnot in order to have access to FTP. We would like users to download a template from our website (no problem) and then send us their artwork files back to us. These can be upwards of 150mb. Is there another option that i am not aware of to do this? Can't use email, has a limit of 25mb.
View 6 Replies View RelatedI am having ASA firewall 5520. I want to block yahoo mail, gmail using regex for particular users only.
View 5 Replies View RelatedAccording to cisco manual in order to change SDM template i need to reboot switch, but when i have C3750-X stack do i need to reboot stack or maybe will be enough reboot in sequence the stack members?
View 3 Replies View RelatedI attempted to assign a User Roles template to a## 2504 controller and if failed with message stating controller version not supported. My current WCS version is 7.0172, if I upgrade to the lastest version will that resolve the template issue?
View 4 Replies View RelatedI need to Upgrade my NCS to version 1.1.0.58. Actually my NCS is in the version 1.0.1.4 and i have a lot of templates configured and 1500 Access Points applied.
I have 5 WLCs and will do too the upgrade in the WLCs to version 7.2.130.0.
Will I lose some configuration with these upgrades ? Because the version 1.1.0.58 has more features than version 1.0.1.4 in the NCS and the WLC was adjusted some bugs.
The configurations that i has in the NCS version 1.0.1.4 is H-REAP and in the version 1.1.0.58 will be the FlexConnect, theoretically is the same, but i don't know if the configuration is the same in the two versions.
Can i do a downgrade in the NCS from version 1.1.0.58 to 1.0.1.4 if i have problems ? I was looking for a document who show how can i do this, but i didn't find nothing about.
There are 10, 50 and unlimited users profiles for the ASA 5505, reason for that restriction? Does that mean for example that only 10 users can go through a 10-user 5505?
View 6 Replies View RelatedWe are using ASA 5510 Version 7.2(4) at our organisation. The requirement is we need to give an access to a user with limited access so that he can run only specific commands on configuration mode. We don't have Cisco TACACS server instead of that we are using a microsoft radius server.
View 6 Replies View RelatedI am running the SGE2000 as my l3 core switch with multiple inter-vlans.
have a customer requirement that needs to restrict eg. GUEST-VLAN10 to all other VLANS in the network. Only allowing access to the internet.
It seems on the switch i am able to bind ACL to per port interface. if this is possible on the SGE2000
Router 2811 got 3 Interfaces. One Interface connected to INTERNETProvider, Second Interface connected to Sales_Dept, Third Interface connected to Business_Dept. Internet Bandwidth in Total is 8MB. I need assistance to allocate 6MB total bandwidth to Sales_Dept and 2MB total to Business_Dept Sales_dept has 48port switch 2960, Business_Dept 24 port switch 2960. Gateway for users is the 2811 Router and both are on different subnets
View 3 Replies View Related