Cisco :: Permit Snmp Queries On Just One Interface?
Feb 27, 2013I'm familiar with snmp-server views and excluding certain mib's, but is it possible to permit an snmp host to poll just one interface and nothing else on the router?
View 2 Replies
ADVERTISEMENT
Cisco Firewall :: ASA5505 Blocking LAN Domain Queries
Dec 6, 2012data centre hosted system with 4 servers connected to a CISCO ASA5505, everything was working fine with 4x windows server 2003 machines but since pulling 2 out and replacing them with windows server 2008 machines i get a flood of the error below and it blocks communications back to the IP listed which is the domain controller so naturally this makes the 2 new servers unusable.
1: they are all connected to the inside VLAN directly via the ASA's switch ports.
2: the are all in the same 255.255.255.0 subnet including the ASA inside interface
3: removing the gateway on the affected machines makes no difference the ASA continues to block it which indicates whether or not the machines use the asa as a gateway its inspecting the traffic and blocking. [code]
Cisco :: Stopping SNMP Traps For Interface Up / Down?
Oct 3, 2012I am getting these unwanted entries on my syslog server.03/10/2012 12:57:48 172.21.113.20 Error 23898: Interface FastEthernet0/1, changed state to downI tried to stop them with no snmp trap link-status but it hasn;t worked.[CODE]
View 4 Replies View RelatedCisco WAN :: 1841 - SNMP OID For Interface Utilization
Jan 13, 2013I have a cisco 1841, Im trying to write an app which will get the Interface Utilization on my 2 atm interfaces and fast eth 0/0 interface.
I’ve been reading up and have got as far as downloading the codeplex snmp library project. I’m using the snmpget app to get details off my 1841 successfully, but I now need to know the OID for interface utilization and how to define which interface to get.
Cisco Firewall :: ASA 5520 - SNMP Outside Interface
Mar 16, 2013i have a Problem with SNMP on the ASA Outside Interface. I want to monitor the Interface via SNMP (linkup, link down). I have a Active/Passive Cluster running on 8.4.2 and configured SNMP (v1) for Test on the Outside Interface. It's not that hard but when i try to test my Configuration with (peerless) SNMP Tester the Interface doesn't respond. Did i forget to configure something? Searched the forum but didn't find anything useful.
View 4 Replies View RelatedHow To Enable Snmp On SVI Interface On Cisco ME-3600X-24FS-M
Sep 14, 2011how to enable snmp on SVI interface on cisco ME-3600X-24FS-M?I can't see traffic on SVI via snmp.
View 13 Replies View RelatedComputer On The Network Causing High Latency - ARP Floods And Name Queries
Jan 26, 2013Recently me and my girlfriend have been having issues with in game latency, receiving pings close to jittering to well over 300 where they were formerly in the 30-40s to identical servers. We live with a Chinese housemate who is extremely conscious of her privacy/personal space, we noticed a dirge of active ports on the router (both TCP and UDP) which seemed to have no association with any major application and assumed it was the old P2P boogie-monster. She is the only one who uses Wifi, an upon briefly deactivating the Wifi, all ping issues were instantly resolved. The bizarre thing is we still have plently of up/download bandwidth, I mean we're not swimming in a fibre optic connection but still a relatively healthy 1MB dl/70KB/s ul, more than enough for gaming.Deciding we needed a better idea of what was going on in the network, we downloaded Wireshark. We discovered a couple of things that might mean something, they might mean nothing at all:Firstly there was a deluge of random ARP requests coming from the suspect IP, something along the lines of:"who has 192.168.0.(random number) Tell (suspect computer's IP)"repeated over and over in bursts. A little googling found us this: Has Your Network been Now given that she is Chinese and is probably exposed to a lot of Chinese websites, is there any chance that this could be the root cause - could it drown the network to the extent that it produces terrible pings?Secondly there have been an inordinate amount of name queries coming from her IP to 192.168.0.255 (broadcast channel), they generally take the form of:
NBNS92Name query NB WPAD<00>
or
NBNS92Name query NB ISATAP<00>
and occasionally, it will name query my network id, leading to: (her ip being 192.168.0.3)
2144211275.734470000192.168.0.3 192.168.0.255NBNS92Name query NB (my id)<20>
2144231275.739314000192.168.0.3 (my id)TCP6658451 > netbios-ssn [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
2144251275.741325000192.168.0.3 (my id)NBSS126Session request, to (my network id)<20> from (her network id)<00>
2144271275.744124000192.168.0.3 (my id)SMB213Negotiate Protocol Request
[code]....
Now combine this with the sometimes 9-10 active ports our router assigns to her IP (which don't appear to relate to anything according to numerous port id sites), does this send out a red flag to any of you? I realize it would be so much easier if I could get access to her computer, but as I said, she is very private and timid and doesn't seem to like even having people in her room, let alone letting them use her computer.
Cisco :: 12000 SNMP MIB OID For POS Interface Output Packet Drops
Jan 30, 2012MIB OID and the values.also i want to know the values og output packet and output packet drops MIB OID values of POS interface on GSR router (12000).because i am getting many output packet drops on these pos interface.how do i get these values from the router.
View 1 Replies View RelatedCisco Routers :: RV180 - Incorrect SNMP Interface Counters
Sep 7, 2012I am attempting to monitor bandwidth utilization of the WAN port for the RV180 via SNMP and I am getting strange results. If a 256MB file is transferred from a remote server (without compression), the ifInOctets counter doesn't increment by anything resembling 256MB:
$ snmpget -v2c -c public 192.168.1.1 IF-MIB::ifInOctets.5 IF-MIB::ifOutOctets.5
IF-MIB::ifInOctets.5 = Counter32: 365402138
IF-MIB::ifOutOctets.5 = Counter32: 32610053
[Code].....
I'm reasonably certain that the .5 interface is the WAN port based on the value of ipAdEntIfIndex.X.X.X.X, but even if that were not the case, none of the other interfaces increment by a value close to the amount of data transfered. SNMP monitoring of a WAP121 on the same subnet returns expected results. I can only assume that SNMP on the RV180 is completely broken.
The router has the latest firmware available (1.0.1.9). There is only one network connection and the RV180 is the default gateway for all internal hosts.
Cisco :: 2800 Enable SNMP Discovery Through External Interface
May 28, 2012I'm trying to add some 2800 series routers to our monitoring environment, but I can't get them discovered.
On the Mgmt Server I need to go through a "discovery" process to add the 2800 to the system. For this I target the internal interface ( i) but the discovery fails. I'm assuming the packets are getting dropped on the outside interface (e). I know SNMP is set up correctly and works as I had PRTG installed on a local box (p) for testing purposes.
The intention is to do the data gathering via a proxy agent (p), so enableing SNMP on the outside interface is not going to do me any good.What do I need to do to let those discovery packets pass through? At least temporarily?
Linksys Wireless Router :: E4200 V1 Interface Counters / SNMP Support
Jun 12, 2012Any chance of one or preferably both of these before I flash the router to a more competent firmware?Rather ridiculous that there's no interface counters and no SNMP server. I prefer keeping stock firmware where possible but I need this functionality, it really isn't a big ask.That said I have an E4200 v1, which already looks like abandonware given it's been 6 months since the last firmware update - not amused and no intention of swapping a high performance router for one that sacrifices performance for better NAS functionality.
View 8 Replies View RelatedCisco :: Snmp Oids For Command Show Counters Interface Intx / Y Delta On Catalyst 6500
May 23, 2011I have a question about SNMP OIDs for the command "show counters interface intx/y delta" on Catalyst6500. The customer wants to create graphs for the following values:Overruns, qos0Outlost, InErrors, OutErrors, InDiscards, OutDiscards etc..Is possible to get these values using SNMP?
View 3 Replies View RelatedCisco :: ASR1002 SNMP Statistics For GRE Tunnel Interface Statistics
Mar 28, 2013We use Cacti to get interfaces statistics of a ASR1002 router (version 03.04.02.S.151-3.S2).A new GRE tunnel has been created, but unfortunately we are not able to get basic interface average during the day.What is surprising is the fact the graphs are built on the night only.
It seems as soon as we exceed some level of Bandwidth (~ 700-800k) the tool does not get the information.The OID I try to get are ifHCInOctets (.1.3.6.1.2.1.31.1.1.1.6) and ifHCOutOctets (.1.3.6.1.2.1.31.1.1.1.10) and some other interface statistics for both 64 and 32 bits. [code]
Cisco Firewall :: How To Permit Traffic From Outside To DMZ On ASA 8.4
Jan 22, 2013I Have this Topology: R1 is as server and i want to public that server in INTERNET using public IP 7.7.7.7, but i can not do that. I tried to do a NAT but it just translate from DMZ to Outside, however i can not to ping to 7.7.7.7 from Outside (R2).
I have a route in R2
7.7.7.7 [1/0] via 200.200.200.1
On R2 i can´t ping to 7.7.7.7
On R2 i can´t ping to 172.16.0.2
On R1 i can ping to 200.200.200.2
On Inside i can ping to 172.16.0.2
when i try to ping from DMZ to Outside (200.200.200.2) the debug, and show nat details, show me:
ciscoasa(config)# nat: translation - dmz:172.16.0.2/26 to outside:7.7.7.7/26
nat: untranslation - outside:7.7.7.7/26 to dmz:172.16.0.2/26
nat: untranslation - outside:7.7.7.7/26 to dmz:172.16.0.2/26
nat: untranslation - outside:7.7.7.7/26 to dmz:172.16.0.2/26
ciscoasa(config)#
ciscoasa(config)# sh nat detail
[code]...
Cisco :: Config 2600 And Permit Samsung DVR Publishing?
Feb 12, 2013I need config mi own Cisco Router 2600 and permit to External Internet my Samsung DVR SDE-4001
View 3 Replies View RelatedCisco :: Access List To Permit IP's Instead Denies All Traffic?
Feb 16, 2011I'm new to this forum and Cisco in general but I feel it may be very resourceful to me as I am a new network administrator fresh out of school for a local credit unionHere's my situation:We need to limit access to one of our servers to only 3 workstations used by our IT department. The server is on a Cisco 3560G on port 17, which is the interface I'm trying to apply a standard, basic ACL to, which looks like this:
View 10 Replies View RelatedCisco Firewall :: Cannot View Permit Entries In The Log On ASA 5520
Apr 6, 2011I can not seem to view my "permit" entries in the log on my ASA 5520. I set up logging-lists, changed the level to 3 on the logging statement, and simply can't find it anywhere.
Partial config:
logging enabled
logging timestamp
logging JC-L3 level errors
logging monitor JC-L3
logging buffered JC-L3
logging trap notifications
[code]....
Cisco WAN :: How To Configure ASA 5505 To Permit MySQL Traffic
Aug 9, 2011I have an application behind an ASA 5505 that needs to access a mysql database over the Internet. How do IO configure the ASA to allow this remote mysql connection?
View 1 Replies View RelatedCisco WAN :: Permit Connection From Outside To Inside In 2911 Router?
Jan 24, 2012I need to permit the connection from outside to inside in a 2911 Cisco router, only from an Public IP Address (suppose 1.1.1.1) to some local private IPs.
I have one question:
Using the command:
ip nat inside source static tcp <local ip> <port> <global ip> <port>
The "global IP" can be the Public IP from where the connection starts (in this case 1.1.1.1)? or it must be the Public IP assigned the the Router interface connected to the Public Network.
Cisco :: Configure ASA5505 To Permit Access To Internal LAN?
May 12, 2013I have configured a Cisco ASA 5505 to allow VPN access from outside to my LAN using Cisco VPN Client software. The connection is establishing properly with the ip address from my VPNPool. From outside (on VPN connection) I can ping the interface e0/0 (outside) and the interface e0/1 (inside) of the firewall, but I cannot ping the layer 3 switch interface to which the ASA is connected ( int gi1/0/22 ip address 192.168.1.2/30 ) and I cannot ping any vlan interfaces inside my switch. Therefore, I cannot connect to any server on my internal LAN. I am available at any time if further information is needed. find attached my ASA config.
View 7 Replies View RelatedCisco WAN :: 800 Router - Permit Some IP To Connect Over Port 3389?
Apr 22, 2011Below is my show run of a Cisco 800 router (Two VLAN's, single WAN) that works fine. Problem is that in this senario port 3389 is open for everyone. Only two remote users are allowed to connect trough port 3389. Let's say WAN IP's : 22.33.44.55 and 66.77.88.99. How would a good access-rule look like to fix it?
no service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname cisco-867!boot-start-markerboot-end-marker!logging buffered 51200logging console criticalenable secret 5 ***!no aaa new-modelmemory-size iomem 10clock timezone GMT 1clock summer-time GMT date Mar 30 2002 1:00 Oct 26 2035 1:59!!no ip source-route!!ip dhcp excluded-address 192.168.10.200 192.168.10.254!ip dhcp pool Vlan2 network 192.168.10.0 255.255.255.0 domain-name dsl.local default-router 192.168.10.254 dns-server 213.144.235.1 213.144.235.2 lease 0 8!!ip cefno ip bootp serverno ip domain lookup!!!archive log config
[Code]....
Cisco Firewall :: ASA 5510 - Setting Up ACL To Permit Access Only To The Nat Subnet?
Apr 9, 2012setting up an ACL on my ASA 5510 to permit access only to the Nat subnet from inside to the outside interface. This firewall is setup for the DR solution in the production network. I am applying following acl in the inbound direction on the inside interface.
permit ip any "Nat_subnet"
After appliying this acl to inside interface I observed that I can ping to the destinations in NAT'ed subnet but unable to ssh to the servers. Following is the summary of my configuration.
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.135.241 255.255.255.248 standby 192.168.135.242
[code].....
Cisco AAA/Identity/Nac :: ACS5.2 Command Sets Permit All Commands
Mar 3, 2011I have everything working on a new 5.2 ACS but:I can only make a command set that permits things and denies all.I thought with the check box. Permit any command that is not in the table below" one could allow all and specifically deny commands.and that would allow the user to do all commands except for conf and set. But it doesn't seem to adminstratively block it, it allows them to still "conf" for instance.
Then it works as expected, it allows the commands that are permitted and denying all unspecified commands.I know I am in the right command set because the changes I make are reflected immediately.Can someone test the "Permit any command that is not in the table below' and tell me if it works? I can make it work with the unchecked box, sure, but it would be nice to get it to work.
Cisco Firewall :: ASA 5520 - Permit Traffic To Inside Via MAC - Address?
Apr 6, 2011I have a handheld device that will be used for inventory outside of our office. It has 3g capabilities. Is there anyway I can permit traffic from this device from the outside world coming into my network? I need to open a couple of ports so it can hit the server. But I have no intention to open these ports up to the entire world. I use an ASA 5520 with a managed router from our provider. I looked around on the Cisco site and the only information I found was for permitting and denying traffic from devices that are within the network.
View 2 Replies View RelatedCisco Firewall :: ASA5510 Permit Incoming Connection From Remote LAN
Sep 4, 2011Actually all service from site to site is permitted, without restriction.I want to insert an ASA to block some internet traffic on main site.I try to configure my ASA5510.No problem for outgoing connection or to permit a single service on main site.But impossible to give access to all service/connection from all remote site to main site. [code]
View 7 Replies View RelatedCisco Firewall :: ASA 5510 Ways To Allow Outside Adapter To Permit Smtp
Oct 25, 2012We have a 5510 (8.2) with the following 4 interfaces (security-levels) inside (95), outside(0), dmz(25), and test (95). The dmz network is 10.10.10.0/24 and the outside interface is 40.133.84.69.We have run into a situation where a dmz hosted iRedMail server running postfix (10.10.10.51) is relaying mail which in some cases points back to us at 40.133.84.69 and into our Exchange server. In these cases in the dmz server's mail logs we see postfix timeout trying to connect to smtp at 40.133.84.69. When I try to telnet from 10.10.10.51 to the outside interface on port 25 it times out.We've tried different ways to allow the outside adapter to permit smtp (or any service!) from 10.10.10.51 but we're left scratching out heads.
View 1 Replies View RelatedCisco Firewall :: ASA 5510 - See Logged Traffic On Permit Rules
Feb 9, 2012I have a rule which permits traffic to a web server and logging is enabled. But when I go to syslog I am only seeing traffic which has been denied. What needs to change to be able to see the logged traffic on permit rules?
View 1 Replies View RelatedCisco Switching/Routing :: EDS 316 / 208 - Network Don't Permit Traffic UDP In VLAN
Jul 17, 2012I have problems in my Cisco network until I connected some Moxa devices.This Moxa are models EDS-316 and EDS-208
My principal trouble is the traffic UDP. Suddently the network don't permit the traffic UDP in VLAN where are connected Moxa devices.
During an hour the Moxa can send TCP traffic, but can't send UDP. If a Moxa device is unplugged from network, all devices connected to him can work offile from principal network, but if I plugg again the Moxa is like disable.
After one hour (more or less) the system restart all functions and work fine.I catch the logs from TXerrorsInPorts and all the ports where is connected a Moxa have errors all time.
I don't know which is the problem, but I think that problem is in negotiation from Moxa to Cisco.This is the configuration from a port where is connected a Moxa: [code]
Cisco VPN :: ASA5540 - AnyConnect/SSL - Permit Local Network Access
Jul 20, 2011We have SSL VPN using the AnyConnect client going to an ASA5540.
Is there a way to permit users to access their own LAN, but still force them to use the VPN tunnel for Internet access?
If I'm reading the documentation correctly, it seems that when you activate split tunnelling, it allow LAN access, but will also allow the user to access the Internet over the LAN instead of over the VPN.
Cisco Firewall :: ASA 5585- TCP Syslog / Logging Permit-Host Down
Jul 5, 2012We have a firewall service environment where logging is handled with UDP at the moment. Recently we have noticed that some messages get lost on the way to the server (Since the server doesn't seem to be under huge stress from syslog traffic). We decided to try sending the syslog via TCP. You can imagine my surprise when I enabled the "logging host <interface name> <server ip> tcp/1470" on an ASA Security context and find out that all the connections through that firewall are now being blocked. Granted, I could have checked the command reference for this specific command but I never even thought of the possibility of a logging command being able to stop all traffic on a firewall.
The TCP syslog connection failing was caused by a mismatched TCP port on the server which got corrected quickly. Even though I could now view log messages from the firewall in question in real time, the only message logged was the blocking of new connections with the following syslog message: "%ASA-3-201008: Disallowing new connections."
Here start my questions:
- New connections are supposed to be blocked when the the TCP Syslog server are not reachable. How is it possible that I am seeing the TCP syslog sent to the server and the ASA Security Context is still blocking the traffic?
- I configured the "logging permit-host down" after I found the command and it supposedly should prevent the above problem/situation from happening. Yet after issuing this command on the Security Context in question, connections were still being blocked with the same syslog message. Why is this?
- Eventually I changed the logging back to UDP. This yet again caused no change to the situation. All the customer connections were still being blocked. Why is this?
- After all the above I removed all possible logging configurations from the Security Context. This had absolutely no effect on the situation either.
- As a last measure I changed to the system context of the ASA and totally removed the syslog interface from the Security Context. This also had absolutely no effect on the situation.
At the end I was forced to save the configuration on the ASAs Flash -memory, remove the Security Context, create the SC again, attach the interfaces again and load the configuration from the flash into the Security Context. This in the end corrected the problem. Seems to me this is some sort of bug since the syslog server was receiving the syslog messages from the SC but the ASA was still blocking all new connections. Even the command "logging permit-host down" command didn't wor or changing back to UDP.
It seems the Security Context in question just simply got stuck and continued blocking all connections even though in the end it didn't have ANY logging configurations on. Seems to me that this is quite a risky configuration if you are possibly facing cutting all traffic for hundreds of customers when the syslog connection is lost or the above situation happens and isn't corrected by any of the above measures we took (like the command "logging permit-host down" which is supposed to avoid this situation altogether).
Cisco Switches :: SG300 - Implement ACL To Permit Or Deny Access Between Vlans And Hosts
Mar 25, 2012I have a SG300 Switche working in layer 3 mode.I configured 3 VLANs on the switch, assigned all ports, given IP addresses to VLANs interfaces, etc.Now I want to implement ACL to permit or deny access between vlans and hosts.Can I apply an ACL to a whole VLAN (in or out) like Catalyst models?I mean apply the ACL to the entire vlan or the only way in this model is to implement that ACL port by port?Every time I have a new port configure to work in a Vlan I have to implement the ACL?
View 4 Replies View RelatedCisco Switching/Routing :: Block / Permit Intra Vlan Traffic On 3750
Feb 21, 2013I have One switch 3750 and many switch 2960 c.I use one ASA 5510 to reach emote branche site (vpn conexion).I use one router 1841 for internet conexion.Router 1841, ASA and catalyst 2960 are connected on the 3750.Default gateway of all user is ASA IP
I configured Vlan 3750 and it work.Now I need to implement security : permit/block specific traffic between vlan [code] From vlan 72 I cannot have remote access on computer in vlan 34 and I cannot ping computer in vlan 34.
Cisco Firewall :: 5510 - Outlook Port Only Permit (POP3 995 / SMTP 587) With TLS Encryption
Jun 3, 2012In Cisco ASA 5510 , outlook port only permit ( pop3 995/smtp :587) with TLS encryption. How we can do it thru ASDM .
View 1 Replies View Related