Cisco Switches :: Asa 5520 / What Are Optimal Values For Mac And Arp Timeout Values
Jan 8, 2013
What are the best values for "mac address-table aging-time" and "arp timeout" by following scenarios?:- single sg300-10 as layer3-switch with a maximum of 10 local (direct connected) hosts - and a 3750x-stack with 100 local hosts + hsrp with a other stack of the same sort or for asa 5520 as internet gateway for 500 clients?I use at the moment a mac aging-time from 300 seconds and a arp timeout from 3600 seconds.
View 6 Replies
ADVERTISEMENT
Mar 20, 2012
I've been having a debate with a colleague about QOS COS values. My colleague says I need to use COS values across layer 2 trunk links between access layer switches and core switches. My argument is if phones are marking packets with DSCP values I don't need to be concerned with Cos.The reason I ask is we're implementing a new phone system, the ip phones will mark RTP traffic wih dscp value EF and Call signaling with DSCP value of CS3. If my understanding is correct I can trust the dscp values of the phones. We are using Cisco 4507 switches which I believe automatically trust dscp values so I would just need a class-map to match the dscp values and apply the output policy map on the egress interfaces as follows? [code]
View 3 Replies
View Related
Aug 1, 2012
I have copied status codes from show ip bg command output and its explanation (from Cisco documentation site)., d and h (suppressed, dampened and history). I read somewhere that these are to control flapping routes. But not able to understand it completly.Raised this question in a couple of forums but didnt get a proper reply.The table entry is suppressed.??The table entry is dampened. ??The table entry history. The table entry is validThe table entry is the best entry to use for that network.
View 2 Replies
View Related
Dec 6, 2011
Now, with all the unified communications, voice, video and data are in the same device, and I try to give priority to voice and some applications, but in the WLC I can not find the way to mark all that kind of packets.
Is it possible to do that? like in a LAN making the marking as voice, signaling and any kind of application? as I marked in all the LAN.
the equipment:
WLC 5508 v7.0.116
AP 1142N
View 5 Replies
View Related
Oct 6, 2010
I am running ACS 5.2 (more detail below) eval demo version for a proof of concept and noticed an oddity.. It appears that if you create a Endstation Filter and click the CLI/DNIS tab, click Create and then click DNIS and enter your info ex: *coolssid and hit submit it shows everything correctly, but if you go back and edit it. it swaps them.
Version : 5.2.0.26Internal Build ID : B.3075.EVAL..If you have the webex recording viewer you can watch the little Webex Recording I did showing the steps and the issue.
View 6 Replies
View Related
Feb 2, 2012
We purchased a Cisco 541w router for one of our customers.
The main reason was to provide them with 3g backup solution for their business.
In order for the router to recognise the 3G router the firmware was upgraded SRP540_1.02.01_023_081211_1136.
We arrived on site last night to do the install but couldn't make any changes to the already configured router. Every time we attempted add a vlan or adjust the dhcp scope the router would return "The values are invalid".
Worked at this for over 1 hour and then decided to factory reset the router to see if that would revert the router to use the original firmware.
This didn't revert to the previous firmware but we magically could now make network changes without problem.
So everything was good, we reconfigured the router, tested 3G and failed the wan1 interface back and forth and the customer was very happy.
Customer arrived onsite this morning and the router was running on 3G. Every 8 - 10 minutes it was attempting a failover between connections.
I decided to turn off the failover for the time being and investigate further but yet again i was back to "the values are invalid"
We've had to pull the router as the customer is about 2hours away and revert back to their BT router.
Found this document for another SRP model - A warning message may appear in the Basic Wireless Settings screen with the text “The values are invalid” when modifying the wireless profile. Set the SRP 521W to its default setting (CSCtd49614).
[URL]
Will firmware SRP540_1.2.4_003_011112_1847 released only 2 days ago cure the problem?
View 1 Replies
View Related
Dec 10, 2012
how to perform Linear Hashing in databases on given values?
View 2 Replies
View Related
Oct 18, 2012
Type of Wireless Adapter I have: Intel WiFi Link 1000 BGN When I click on (Properties) and then click the (Advanced) tab, there is a list of properties on the left and a list of values to choose from on the right. I'm curious on what each property does and, which property/value would be most "effective" or "appropriate" for a certain location/situation I'm in.
View 1 Replies
View Related
Oct 17, 2011
I have a WLC 2106 with 3 APs. Everything works and users can connect, but the throughput seem to be lower than it should (it is around 8Mbps and should be around 30-50Mbps). And all speed and duplex has been accounted for.
I am trying to understand the stats that I see for the 802.11 MAC counters I under the Wireless APs.on the controller.
That screenshot is attached. I see high numbers for the following areas:
- Tx Failed Count
- RTS Failure Count
- FCS Error Count
what these mean and what could cause this? Maybe these are normal and not a concern.
View 1 Replies
View Related
Sep 1, 2011
my cisco 2611 series router is showing garbage value at start up and not allowing me to enter in Romon mode I check the bitrate in console .it is 9600/8N till then i am unable to start the router Can you tell me how to change configuration register value without entering in rommon mode
View 6 Replies
View Related
Sep 24, 2012
I am scanning the documentation for CPI 1.2, trying to get it to use CSACS 5.3 for my authentication/Authorization. The docs say to create a TACACS Shell Profile, and add the TACACS A/V Pairs as needed... . nowhere could I find a listing of AV Pairs I can use to grant authorization. I did see that what ever pairs I did use, I must keep the menu chain in tact..
View 6 Replies
View Related
Jul 4, 2012
i am searching for the right SNMP-OID to poll the values of the CPU-load from a VSS (6509E)here a OID for VSS-Switch1 and a other OID for VSS-Switch2 values like cli-command "sh proc cpu" of the supervisor-module in slot 5.
View 1 Replies
View Related
Apr 16, 2012
I have a WS- C2924C-XL switch that I would like to upgrade the IOS version on. The IOS version in question can only be installled on an 8MB version of this switch, I have tried to confirm the amount of memory present in the device but I am getting conflicting values depending on where I look.The model number would indicate that this device is a 4MB version, therefore not compatable with the upgrade.Running the show version command from the CLI shows Processor having 8192K/1024K bytes of memory.Accessing the switch via the VMS management interface displays a value of 4MB.
View 5 Replies
View Related
Oct 30, 2011
I'm looking at a stack of WAP200 and WAP4410N APs. I'd like to use Cacti to track number of associations on each AP.What's the OID I should be querying? Are there multiple OIDs that would correspond to the multiple SSIDs? I'm running 2 SSIDs on all of them, and it would be extra nice to be able to track number of stations on each SSID, though the total number would also be acceptable as well.
View 4 Replies
View Related
Apr 29, 2012
I've been working on a 3560 that doesn't seem to map dscp values to a new value: mls qos map dscp-mutation ToR1 22 24 to 46
[Code]....
On the router on the other side, I created an acl that matched on dscp 46, but it doesn't match on it. I've tried moving the mutation map to the ingress interface and I've tried setting dscp with a service policy instead of marking COS and using internal dscp. Where is the mutation map supposed to be placed: ingress or egress? Also, I added an entry in the acl on the router to see if I was mapping to dscp 24, and I am:
[Code]....
So it seems like the mutation map is being ignored completely. Any reason why?
View 7 Replies
View Related
Jan 10, 2013
I have a switch where the current power threshold is set to -20.0db. The problem is that the receive power fluctuates between -19.9db to -20.1db, which is causing it to throw alarms on my solarwinds monitoring server. What I would like to do is change it to a different warning threshold, but I can't seem to find the command to do so. This is a catalyst 3750 running IOS version 12.2(55)SE3. [code]
View 5 Replies
View Related
Nov 8, 2011
I want to get the result of the following command with snmp. Is This possible?
The command is "show extended channel 2/0 csna oper". I need to know, if the status is "closed" or "setupcomplete". Can I catch these values with snmp?
I did a snmpwalk but can´t find any lines with these values. Is there a specific IOS version necessary?The hardware is a Cisco 7204VXR with IOS 12.1(5)T10 and microcode xcpa28-1
View 2 Replies
View Related
Feb 4, 2010
We have a C4500 with 2 sup V which is showing high CPU values sometimes.When this occures, the switch shows 95-100% for total cpu for a few hours at a time.show proccesses cpu shows process Cat4k Mgmt LoPri with an unusual cpu value of 65% The show platform heath command gave me a high reading for K2FibFC DelFlow which is about 50% at this peak but is normaly around 1%?
what the process K2FibFC DelFlow means and what could be the cause of this peak?
View 12 Replies
View Related
May 16, 2013
Access point gives all junk vlaues in console. I am getting all outputs while booting up and executing commands. But To say, it is as simple as printing with spelling mistakes
View 2 Replies
View Related
Oct 14, 2012
We have a 4500 series switch that is running around 39% cpu utilization but seems to be dragging a bit. I did a show platform health and GalChassisVp-review has a target of 3% but an actual of 17%. All other actual values were at or below target values. I then went to show platform cpu packet statistics and in the "Packets received by Packet Queue" all queue packet values at 5 sec, 1 min, 5 min and 1 hour avg were either 0 or 1 with the exception of Esmp - that averaged 351/377/317 and 313 respectively. I then checked show platform hardware acl input entries static and the entry type InputEsmpToCPU had a whopping 10121370 hit count. All other entry types were well under that number.
View 2 Replies
View Related
Oct 26, 2011
I'm working on a catalyst c3750 and for my work i need to prioritize certain streams independent of their bandwith usage.
The streams are the following:
- voice
- video
- data
I created policy maps based on vlans like below:
policy-map VOICE
class class-default
set precedence 5
policy-map VIDEO
[Code]...
View 7 Replies
View Related
Jan 13, 2013
I recently bought an EA4500 specifically to utilize the QoS feature. I have my xbox in the set up for the prioritization, but when I try to set the bandwidth to 250 kbps upload, it resets to 0. My xbox is hardwired to the router and I know most of the feature set of this particular router is geared towards wifi, but I would assume the QoS settings would apply to the wired devices as well. exchanging this router for one that supports DD-WRT?
View 8 Replies
View Related
Oct 19, 2011
I have a stack of 4 Cisco WS-C2960S-48FPS-L switches running c2960s-universalk9-mz.122-58.SE1 code. One of our network monitoring tools is indicating discards on a certain port on the switch. Upon further investigation I am seeing the Total output drops values change in a very odd manner.
The numbers seem to go from 573 to 1146 to 1719 then back down to 573 and it starts the same pattern over: [code]
The port utilization is quite low, the highest I've seen over the past 7 days is 3.5% with a polling period of every 30 seconds using Statseeker. Yet the discards are bouncing all over the place.
I've searched though the bugs for 12.2(58)SE1 and didn't see anything.
View 13 Replies
View Related
Jun 2, 2013
I am using 10Gig link to connect distribution and access switches. Since we are terminating the cables at multiple locations, we are also doing the link budgeting. The CISCO SFP 10G-LR module data sheet shows two values for the transmit power one of which is maximum power .5dBm and another is minimum power -8.2 dBm. Which value should I choose for the link budgeting.
View 1 Replies
View Related
Jun 4, 2012
I have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it. I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.
What to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time.
View 2 Replies
View Related
Oct 25, 2011
I configured multiple vlan on my Cisco ASA5520. Everything work perfectly except RDP (3389) connections. The connections are established but but after a period of inactivity, the user is disconnected from server (black screen). The same problem happens with other type of connections (client/server), exemple : Oracle, file sharing. Before installing the ASA, computers and servers were in the same vlan and it worked well.
There's a notion of inter vlan timeout connection ?
View 5 Replies
View Related
Jul 8, 2012
I have an ASA 5520 and I am having trouble getting the AnyConnect VPN authentication timeout feature to work properly. I thought I did have it working a couple of months ago, but right now it is not giving me more than the default 12 seconds. I have tried intervals of anywhere from 25 seconds up to 120. I am currently runnign version 6.4 on the ASA and AnyConnect 2.5.3055.
View 8 Replies
View Related
Jun 2, 2010
When users are VPN connected their telnet sessions timeout after an hour of inactivity. Looking at the connections on the firewall they are showing as idle. Is there a configuration change or something else that has to be modified?
View 2 Replies
View Related
Sep 1, 2011
Per PCI & company policy all VPN users have a 12 hour session limit. They will disconnected after 12 hours regardless of use. Is there any way to send a message prior to the 12 hour limit to warn the users that they will be disconnected in x minutes? I'm running SSL VPN on a ASA 5520 ver 8.4(1)
View 1 Replies
View Related
Aug 9, 2012
At the moment I am trying to connect to a DHCP ISP, but the connection only last for 10-15mins and then it will automatically disconnected. Every time I reset the WAN port , service back to normal for another 10-15 mins >< The are no log or any error message when connection timeout. the status of the WAN port is normal "Up Up"I have tried this config on another ISP and everything work just fine!!!
Fiber connector -------> Cisco 1812 (FastEthernet1) --------->LAN
Router#sh run
Building configuration...Current configuration : 3205 bytes
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
[code]....
View 1 Replies
View Related
Nov 26, 2012
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
View 1 Replies
View Related
May 6, 2013
what would be causing my management HTTPS session to a SF200-24 to suddenly timeout? I receive "The session has been timed out. You may log in again" few mins after logging into to switch.Sometime it happens within 45seconds, other times after 3mins, timouts are not consistent. And, i was not idle when it timed-out. My HTTPs idle time-out is set for 10mins.
I had a continuous PING going to managment IP, and it did not drop any pings when session timed-out.Interface stats are also clean. I tried IE, FireFox, Chrome and all are timming out.
I've changed the HTTP default idle-time out from 1 to 10 and my HTTPs stopped timing out. Management Access Authentication is cleary set for HTTPs, and the Idle-timeout for HTTPs was set for 10mins since install. Yet, adjusting the HTTP idle-timeout cleared the issue.
View 1 Replies
View Related
Jan 25, 2012
I have an SG300-20 here for testing (firmware: 1.1.2.0, boot version: 1.0.0.4, language version: 1.1.1.6 English). Everything seems to work on it, except, that if I choose Radius authentication by mac address only, then the switch does not honor the Idle-Timeout and Session-Timeout attributes from the Radius server (freeradius).
The setup is the following: I have a no name access point plugged in to switch port gi1. The port gi1 is set up for Radius authentication by mac address only. The access point itself is authenticated, no problem with that. If I connect through the access point by (say) a mobile phone, it is authenticated, no problem. The radius server does send the Idle-Timeout and Session-Timeout attributes, I checked it by running "freeradius -X", both are set to 30 seconds. Then I turn off the wireless card in my mobile phone and check the dot1x users by "show dot1x users". My mobile phone's mac address remains there for 5-10 minutes, so the Idle-Timeout and Session-Timeout does not work.
Another way I could resolv this problem is by explicitely asking the switch to reauthenticate the user. Unfortunately there is no CLI command to do just that, I can do however a reauthentication on a port using "dot1x re-authenticate gi1" (for example). But it does not work as it is expected: the switch uses the stored mac-address to reauthenticate the user, so nothing changes on the port (unless something changes in the radius server). I think it should work like the following: remove the authenticated user from the port, and whenever that mac address makes some network traffic, then reauthenticate as if it were a completely new connection. BTW: it would work for me also if I could just remove an authenticated user from a port, but I did not find a command to do that.
As a last resort I can simply shutdown the port, bring it up again ("shutdown" and "no shutdown" in the interface config), then all users are removed from the port and they all mush reauthenticate. But it causes a network outage for a couple of seconds for all users on that port, on a busy access point it is quite disturbing, and it is not an elegant way to do this.
So my actual question is: is there a way to remove an authenticated user either automatically (Idle-Timeout and Session-Timeout) or manually from this switch?
I enclose the relevant part of the running config.
interface range gi1-2
dot1x host-mode multi-sessions
exit
vlan database
vlan 2-4
exit
[code]....
View 2 Replies
View Related