whenever I setup URL filtering in 1841 router with policy-map type http and zone-pair command, I experience 100% CPU spike. is there any workaround?
View 1 RepliesI installed a CSC-SSM-20 module on ASA 5510. After policy services have been enabled, services works well for a few minutes, after that the cpu usage's module rise to 100% and all http traffic is wholy blocked, till the cpu usage go down.This happens very frequently and traffic stay blocked for such a long time that it makes the csc-ssm module unusable. It's disabled right now. ASA version is 8.2(1)and CSC-Module version is 6.6.1172.0.
View 1 Replies View RelatedWe are running Cisco 6509-e and we are running load test and when traffic reach 80 mbps switch start reponding very slow. I checked CPU usage and it was using 100% and connection to the switch from outside to inside are 80K. once connection dropp Cisco release CUP and it start responding normal. [code]
View 4 Replies View RelatedIm running ASA 8.0(3) on Active/StandBy failover pair.Last night I realized the CPU usage of my production ASA was 99%,,, on the ASDM Firewall Dashboard I can see counters like this:
Dropped Packet Rate (ACL Dropped) = 6000+ (more than 6 thousand)
Scanning Attacks = 18600+ (more than Eighteen thousand)
I went on the ASDM and checked the RealTime Log viewer and I have about 30 entries per second of these:
4Oct 19 201111:35:12401004Shunned packet: 10.64.10.1 ==> 10.64.0.1 on interface NewLAN
[code]...
I have an ASA 5520 with a CSC-SSM modul,the problem is when i am logging in to my ASDM, on the content security monitoring, it's showing the CPU and memory are at 100%(CSC) but when i directly connect csc-ssm MODULE it comes down,so is it problem with ASDM , java OR csc.
View 5 Replies View RelatedI have a 1841 router plugged into a 100M Comcast ethernet connection. My router cpu is really high and users download speed isn't as high as before. Can a 1841 handle 100M circuit with 100 users on it? What would cause the router's cpu to be high? I don't think there are any viruses or malware on the lan.
#sh proc cpu his
r2.leaguecity-toy-startoy 06:06:26 PM Wednesday May 30 2012 PST
111 1 1 1 111 24 1 1 1 1
400369232222544222330359645223283294332688334452308404382236
[Code].....
do i still need ACS if i have the NAC appliance say 3310.
View 3 Replies View Relatedgood web monitoring/filtering software for use in the home? I want to be able to monitor/review visited websites and block harmful/unsuitable content.
Must be compatible with Mozilla Firefox.
I'm trying to configure TrendMicro IOS content filtering. I have this working on a separate box, running 15.1.
On this particular testbed, I have a 2900 running:
System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T1.bin"
And the following licensing:
Technology Package License Information for Module:'c2900'
Code...
I have currently downloaded Norton Anti-virus and came up with the error 5013,3. I have tried to follow the steps to fix this error, but now come up with the error that the Base Filtering Engine cannot be found. How do I find this and install again?
View 2 Replies View RelatedWhat is the best email service that puts a high priority on privacy yet is still easy to use on a daily basis?
View 2 Replies View RelatedTrying to update my firmware 1.00.01 B15 to 1.00.01 B17. I downloaded the firmware to my desktop (using mac os X 10.5.5) and connected my computer directly to port 1 on the back of the router. I used the Firmware upgrade tool under the Administration tab to upload the new firmware file. The update progress starts but fails at 98%
View 4 Replies View RelatedIs it possible to generate CSR using SH1 instead of md5 on Cisco 1841 for SSL VPN, because the provider that I try to use doesn't accept md5. Also tried to import there private key and got an error "Error: invalid PEM boundary"
View 4 Replies View RelatedI have come across articles mentioning that URL Filtering can be implemented by using ASA 5505 with URL Filtering Servers. But Websense and other Web Filtering Servers are paid ones ? Are there any free solutions available ? What exactly is N2H2 ? The reason is I don 't want to increase the CPU utilization of ASA by implementing URL filtering within the device. If I have around 30 nodes which connects to the internet via a 2Mbps line through ASA 5505 and if I want to block around say 10 or 15 URLs , will it increase CU utilization beyond permissible limits ? Currently the CPU Utilization is around 10 - 15 . Here's the infrastructure setup .
------------------------------------------------------------
Nodes -->Switches-->ASA 5505-->Internet
-------------------------------------------------------------
I configured a 1841 router that connects to a DSL modem. This DSL connection is our Internet connection for vendor and IT testing. I have connectivity to the Internet using nat and have configured the router to act as a DHCP server. It seems to be working fine. I just want to configure some best practices for securing the device from the outside access. Is there some standard best practices I should be configuring?
View 2 Replies View Relatedhowever recently when i check my internet usage log on my wireless company (Rogers) the usage is totally off from what my bandwidth tracker shows me. So i decide to turn off my wifi and see what happens, there has always been this weird wifi connection appearing whenever my wifi appears, then afterwards when i turn off my wifi the suspicious wifi connections disappear. is this possible that someone is using our wifi? i might just be overreacting but it has brought me to concern that if the usage continues my family will have to end up paying over $30 for extra internet use. it is very frustrating me because when i check my DHCP client table it only shows 3 connection, ethernet - my desktop which is not turned on, 2 wireless connection - my laptop and my sister's laptop.
View 6 Replies View RelatedI have a 1841 with 12.4(16) IOS.In my configuration I have to interfaces for internet access, without vrf:
interface ATM0/0/0
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
[code]....
This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection) Then, I have this interface in VRF named "lan123"
interface FastEthernet0/1.23
encapsulation dot1Q 123
ip vrf forwarding lan123
ip address 192.168.143.254 255.255.255.0
ip nat enable
Now the issue.If I write:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0
this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.
If I try to use:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0 global
there is an error indication.
I am having a Cisco 4507 switch. The CPU on the switch is running between 50% to 60% constantly. To troubleshoot I collected some logs using debugs & show commands.
debug platform packet all receive buffer
show platform cpu packet buffered
debug platform packet all count
show platform cpu packet statistics
show processes cpu sorted | exc 0.00
show platform health
show platform cpu packet statistics
show platform health output shows the below process crossing the target value.
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
Stub-JobEventSchedul 10.00 13.41 10 47 100 500 13 13 10 5462:52
K2PortMan Review 3.00 5.35 15 11 100 500 4 4 3 1799:47
What I need to know is, though these process are running in Low Priority, will there be any issue if the CPU goes high due to these process.
I have just finished installing LMS 4.2 on a new VM (Windows 2008 R2 Standard Edition SP1). I have already reloaded the server, all LMS services have correctly started. However, the process CS_sm_server.exe still using 100% CPU.Windows 2008 R2 Standard Edition SP1
View 6 Replies View RelatedWe have two offices connected using Site-to-Site VPN (IPSEC) as shown:(IP ficticius)Office 1 - We had to use 2 routers since we have a range of valid IPs: From a host in office 2 we normally ping 192.168.102.1 (gateway at office 1),But when pinging a host inside office 1 (eg: 192.168.102.8) 50% of packets have been lost.Could it be a hardware problem?
View 1 Replies View RelatedI am working at a client site that is an MPLS customer. The customer has an MPLS circuit that runs between their Main HQ and their Disaster Recovery site. I have been asked to analyze and report as well on the way the Qos Policy is written, and to provide any recommendations on how they can improve performance.There is a statement within the Qos Policy as it exists at each end on the 3825 routers. The statement is called "shape average percent". Here is the policy from one side:
policy-map QoS
class COS2_traffic
set dscp af31
shape average percent 12
bandwidth percent 13
[code]....
What does this statement mean and how is it different than the the "bandwidth percent" statement?
I have two switches that always are with yours CPU in 39 or 40 %. the switches are:
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1)
I think it's very strange the CPU always in 39 or 40 %. neither all ports of the switches are busy there are 6 ports free in each switch. 40 % I think it is a high value for CPU maybe because my IOS version 12.0 ?
after IOS upgrade to 15.x on Cisco2811 MEM util raised from 20% to 43%. Is it critical?Which level of MEM utilization is critical?
View 6 Replies View RelatedWhenever i try to download an exe file from the internet, its just get stuck at 99%. It doesn't happen with .rar or any other file. Not to mention, I was able to download net fremwork 4.0 exe installer though. I tried these things: Used different browsers. Used different download managers. Disabled firewall and AV.
View 1 Replies View RelatedI have ATT DSL and pretty much every night, I lose a large portion of the Internet. I cannot ping these sites, while the rest of the net works fine. The other night, I could not ping major domains like ATT, CNN, MSNBC, BBC (a chronic missing domain). On the other hand, I could get Yahoo fine and go to a streaming audio site and run music perfectly...but about 90% of the Internet was unreachable. Could not load their sites nor ping them in command line. The other 10% worked flawlessly.
View 12 Replies View RelatedWe have a client that has a large number of AIR-AP1252AG-N-K9 installed in the network with power injectors. We have seen a about 48% failure rate of AP's failing with all 3 red lights on the unit. Once I get the AP in the lab I'm unable to get any response from the console, therefore unable to troubleshoot.
View 3 Replies View RelatedI have one Catalyst 4503 with Supervisor 7L-E 10 with IOS - XE 03.02.00.XO. . One of its gigabit interfaces is connected to a Internet link of 1 Mega. In terms of QoS i would like to limit the total bandwidht of this gigabit interface to just one 1 Mega and simultaneous i want share bandwidth between traffic classes with bandwith percent up to 1 Mega and not 1Giga.
View 1 Replies View RelatedIs Cisco 3945 router support URL based filtering . For example to block website [URL] but not the main site [URL].
View 1 Replies View RelatedI have a Cisco SR-520 router which I am trying to configure and install the IOS content filter. I have read many of the documents on this but some of the lines do not work, from using the pages belowURL
you are supposed to enter parameter maps as follows:-
parameter-map type trend-global global-param-map
server trps.trendmicro.com
cache-size maximum-memory 256
cache-entry-lifetime 1
The router has 12.4 (20) T4, which is supposed to be supported, the only other way of configuring is using CCP which is not compatible with SR-520's you recieve hardware not supported message's.
Site-to-site tunnel between 881 router and ASA 5510 don't work stable,When PHASE 2 completed and Ipsec Tunnel has been builded, 881 resend some entities which will increment error counters.
View 1 Replies View RelatedIf you are familiar with the Huawei HG520s router, I want to filter an ip range (ex. 192.168.1.10 to 192.168.1.255) so that no other users can connect on this ip range and start using the router.
View 2 Replies View RelatedJust got my new E4200 v2 router. Set up mac filtering for one device and after saving the change the router was refreshing and disconnected all my devices and could not log in to the router wired or wirelessly and had to do a factory reset. Have the latest firmware. Is this a defect in the router?
View 2 Replies View RelatedSince I have this router E4200 my network undergoes changes alone. I have a MAC filtering as I had in my previous WNRL 160N and had no problems but here the overnight me are the 14 that I have enabled MAC, put another 3 that are not from where I changed the settings WiFi network, I've put in hidden, change encryption type and others and continues to happen randomly, and I added the router directly to the list of allowed MAC. I have remote management disabled in the Cisco Network Magic are not those MAC. not because it adds the MAC and I removed some that I have put the single.
View 9 Replies View Related