working with a trial version of Cisco Prime 1.2. I am looking for a Configuration Compliance tool. I used it in Cisco Works LMS - but I dont see a way to do the same thing with Cisco Prime.
View 1 Repliesi am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration
View 1 Replies View RelatedWhen I connect to my router via the default gateway IP address I no longer have access to the configuration options. It just brings up the recovery tool. It will assign IP addresses when I connect via cat 5, but it will not broadcast an SSID. I have tried updating the firmware, but even after running the update it just takes me to the recovery tool. The only options I have are update firmware or reboot. I thought about using DD-WRT, but this particular router is on the black list for that particular firmware option.
View 1 Replies View RelatedI need want to upgrade my asa from 7.2 to 8.4. Is there any conversion tool for the configuration or should I do it myself?
View 1 Replies View RelatedIs there any tool or script which will automatically generate scripts for routers, switches. I am configuring 100's of cisco 3700 routers and 3500 switches. I want to be consistent with my configuration . I am looking for script that when u run it, it will prompt you step by step to configure router, and switch and generate router config file. I know aobut cisco autoconfig maker but thats not what i am looking for.
View 2 Replies View RelatedWe are replacing CSM modules with 4710 appliances. Is there a config conversion tool? Have not seen it in any Cisco documents.
View 3 Replies View RelatedI am using Prime LMS 4.2.2 software to archive configuration for my cisco Network Device switch and firewall . All works fine except for two new Cisco ASA 5525 and ASA 5545 ( Software Version 8.6.1.2 ) . I have already checked credential , ssh access , snmp configuration and all seem correct. But Archive configuration job end with failure. This is the error message:
View 1 Replies View RelatedPrime 1.3 (POC testing), for testing purposes I discovered a class C range (255.255.255.0) containing a bit of everything (AP 1240, C3560 & C3750).When looking in the config archive only the AP's have configs stored, the others failed, snmp & telnet credentials are the same for the whole range, what could I do wrong ?
View 5 Replies View RelatedI'm currently running CiscoWorks LMS 4.0.1 on Windows 2003 under VMware and just got upgrade licensing for Prime Infrastructure 1.2. I am assuming that I will need to upgrade the current server to Prime LMS 4.2 in order to ensure that data migration to Prime Infrastructure goes well. I am planning to follow Cisco's recommendation to run Prime LMS and Prime Infrastructure in parallel for a time and migrate individual functions.
My real question is about Syslog handling. All of the managed devices are currently sending Syslog data to LMS. As a last step in the migration, is it possible to change the IP address of the Prime Infrastructure server to replace the Prime LMS server so that the Prime Infrastructure server will just start getting all the Syslog data, or do I need to go change hundreds of managed devices to point to a new address?
What is the relation between: cisco NCScisco Prime LMSCisco Prime infrastructure.As i orderd a Cisco Prime infrastructure from a Cisco Partner and what i got is :
x2 cisco NCS appliances
x1 DVD cisco prime infrastructure
x1 DVD Cisco prime 4.2
Using LMS 3.2, I've started learning how to use the compliance templates.is there a regex to ignore case? For instance, if I have the line:
clock timezone est -5 in some configs, and
clock timezone EST -5 in others
is there a way to tell the template that upper case and lower case are acceptable matches?
I am installing a new 5520 with IPS for a client, and they were asking about the PCI compliance of the SSL(WebVPN) being self signed. I am not sure what document to find this information from under the PCI DSS. There was also mention about dual authentication being needed, but without seeing the actual requirements, I am just guessing at it.
What is required for making SSL PCI compliant.
During our recent VA we were told that the below vulnerabilities are exist in the ACS SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability on port 443
SSL Weak Cipher Suites Supported on port 2030
SSL Medium Strength Cipher Suites Supported on port 2030
I want to add the command "no logging event link-status" to all switchport mode access ports EXCEPT for the ones with the following switchport access vlans: 4022,4032,4042,4052,4072 & 4082. How do I create a compliance template to do this? LMS 3.2, RME 4.3.1
View 6 Replies View RelatedI am trying to create a very basic template in compliance manager that checks for interfaces that aren't members of specific VLANs. VLAN 10 being one of them. I want to match interfaces assigned to VLAN 20. According to the documentation I have read, the following range statement should work because 10 falls between 3 and 19:
Submode: interface [#.*Ethernet.*#]
- switchport access vlan [#[3-19]#]
With the preceeding statement, however, interfaces assigned to both VLAN 10 and VLAN 20 are matching the rule. With this specific rule (not a range), only interfaces w/VLAN 20 are processed by the template, which is expected. We actually have numerous VLANs that we want to exclude/include. I only mentioned VLANs 10 and 20 for brevity.
I'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?
View 1 Replies View RelatedI have a customer asking if Cisco supporst CISPR11 - Class B. All Cisco switches appear to support CISPR11 - Class A only. What is the difference? Is Class B supported?
View 0 Replies View RelatedWe use SecurityMetrics as our vendor for PCI compliance scanning. Of all our servers, only the video server fails their scan, and this is their result: "This scan is inconclusive. Though your server had open ports, we were unable to connect to any of them successfully. There is a high probability that some type of firewall or scan-detection software is blocking us from accurately scanning your server. Please configure any firewall or software that would interfere with our scans to allow all traffic from SecurityMetrics" Our streaming video server is our only public-facing server that has port tcp/udp 1755 open (for the mms protocol). All our other servers behind this firewall pass the test, but they only have standard email and http ports open. I am assuming that their scan of port 1755 triggers some sort of threat detection on the ASA. (I have "Basic Threat Detection" enabled only.)
View 1 Replies View Relatedhow to check compliance for only one access list in cisco works.
Example:
I want to run a compliance template that only check access-list 13 to make sure it has the following and nothing else:
access-list 13 permit 1.1.1.1
access-list 13 permit 10.1.0.0 0.0.0.127
If something else is listed, then I'll deploy the template and it will remove any other entry besided the two above.
I have tried a Global config compliance on + access-list 13 permit 1.1.1.1 and it comes back and says it's not compliant and wants to remove everything else, which is every other access list. I have tried submodes thinking that it could check under ip access-list standard 13, but that didn't work either.
confirm whether the Catalyst 3550 with IOS Rel. 12.2(44)SE is compliant with POE IEEE 802.3af? I see some conflicting informaiton on Cisco's web site. Before Release 12.1(22)EA2, Catalyst 3550 PoE-capable switches (without intelligent power management support) caused high-power powered devices that supported intelligent power management to operate in low-power mode. Devices in low-power mode are not fully functional.
IEEE 802.3af—The major features of this standard are powered-device discovery, power administration, disconnect detection, and optional powered-device power classification. For more information, see the standard.
I'm trying to turn off SSH version 1 & 2 to pass PCI compliance. Problem is, I cannot touch the VPN link between the two offices. I'm afraid the PKI certificate used for the VPN will be deleted if i zeroize the RSA key which seems to be the only way to stop the router responding on port 22.
Here is the stuff from the running config related to the crypto map:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[ code].....
I'm only CCNA so I'm not even sure if the certificate or RSA key is being used for the VPN link, but I can't tell from the running config that zeroizing it would be a good idea and not break the VPN. I'm open to other ways of disabling SSH, as we are able to just connect using a console cable. But it looks like denying port 22 with an access-list doesn't even stop the router from responding to the port.
I'm keep failing my pci compliance test I have a wrvs4400n and I keep getting "firewall udp packet source port 53 ruleset bypass" i've blocked port 53 but keep getting rejected. How to set the router?
View 1 Replies View RelatedIs the Aironet 1400 bridge FIPS 140-2 compliance? Based on the Release 12.3(8)JA, the Cisco IOS software release 12.3(8)JA is undergoing FIPS 140-2 Level 2 validation. Does it mean it is FIPS 140-2 compliance with this software level to run on Aironet 1400 bridges? [URL]
View 1 Replies View RelatedI am trying to get our internal network PCI compliant and when I run a network scan from securitymetrics.com I receive the following message about our RV082 router.
Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also :[URL]: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0
I have been googling many different search terms for ssl ciphers, rv082, and pci compliance but didn't see any solutions to this. Any experience with ssl ciphers and how to use more secure ciphers? I just performed a firmware upgrade to 1.3.98-tm in hopes that it would fix this issue.
I'm currently working on migration from CSS to ACE. The ACE appliance is running A4(2.0) code. And i couldn't find the CSS to ACE conversion tool in the Web gui.
View 2 Replies View RelatedI have recently installed several of the new WS-500 series switches into my networks and much to my surprise they are not supported by the CNA tool as the older 500 series were. I tried using the CCA tool, but my routers and legacy switches are not supported under it. One of the reasons I bought the Cisco switches in the first place is because I wanted to use one tool to manage all components in my network. I feel rather irked about what seems to be a purposeful hampering of functionality of the SMB line of equipment. Is there a management application that will allow me to manage all of my Cisco devices from the same console?
View 3 Replies View Relatedi need to move from a pix 515e. V 6.3 to a asa v 8. From what ive read i can use the pix to asa tool to get the converted configuration file to the new asa. So far so good, however, the pix has conduits which i read must be converted via the occ tool. So i ran the pix to asa conversion then ran the occ tool on that output but i keep getting errors. It is not liking the nameif outside, inside, and dmz lines. If i manually edited them out before i run the occ tool it runs but warns there are no interfaces.
View 2 Replies View RelatedI would like to perform vulnerability scan on Cisco switch and router.Is there any free vulnerability scan tool recommended for Cisco device ?
View 2 Replies View RelatedTo test the VPN performance of ASA 5540, I will have to build at least 1000 VPN tunnels. It is time-consuming works if I put all of commands line by line manually. It looked like a bundle of VPN tunnels won't be created by ASDM. I am wonder if there is any generator tool for this. I just tried to google it. I found a software is named as VPN Configure Generator, but it is not free.
View 6 Replies View RelatedI currently have a 2851 router with 2Mbps point-to-point leased circuit on its serial interface and most of the time its congested. Any tool for measuring the current consumption that is happening on the link other than netflow.Was looking for something for a graph or chart displaying the current consumption rate.
View 2 Replies View RelatedIs there a tool which can analyse the incoming and outgoing traffic on a computer hooked to the internet via a router.I would want to know the name of the program or application generating the outgoing traffic or receiving the incoming traffic and if possible the source of incoming traffic.I can read my Dir-628 router's log but all you really see are IP addresses.
View 2 Replies View RelatedI'm looking for Inventory Management tool to take complete details of all IT Assets over network.
View 1 Replies View Relatedsvchost exe virus removal tool
View 1 Replies View Related