Cisco Switching/Routing :: 1841 Need To Block MAC Address / Applied Command Access-list

Sep 4, 2012

I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work.

View 24 Replies


Cisco Switching/Routing :: 3550 / Access List - Block One Ip Or Port

Jan 9, 2012

I have a layer 3 switch, 3550.I have several vlans on there just for playing around with. One of the vlans, has a vonage linksys box attached to it with a UK number attached. From time to time telemarketers call at 03:00 in the morning, this as I'm sure you can imagine is not much fun. The linksys box gets as it's ip.The switch is connected to a non cisco router at
interface FastEthernet0/24
no switchport
ip address
I was thinking a time based access list would work best I have tried several variations but the phone still rings. I have tried access-list 1 deny host permit ..... and more extensive lists but the phone still rings. I have not applied the time-range yet, so that's not the problem.I have applied the list to the vlan interface and to fa0/24 but it's not working.

View 3 Replies View Related

Cisco Switching/Routing :: N7K Hardware Access-list Resource Pooling Command Not Working

Nov 23, 2011

Not sure why the N7K M1 card doesn't take this command. It works on other N7K at different site. [code]

View 1 Replies View Related

Cisco Switching/Routing :: 3750x - Command Cts Dot1x When Applied To An Up-link Interface

May 7, 2012

we're having an issue with the command "cts dot1x" when applied to an uplink interface.  It basically kils the connection with this command is applied.  Once you remove it, everything is back to normal, the platform is a cisco 3750x.

View 0 Replies View Related

Block 1433 Port With Access List For Specific Ip Address?

Jan 2, 2012

I want to block the sql port access of my server to all except few of my ip addresses while access list on Cisco Router IOS how do i do that.

View 3 Replies View Related

Linksys Wireless Router :: Changes In MAC Address Filter List Are Applied Only After Reboot Of E4200

Nov 26, 2011

I have noticed that changes in MAC address filter list are applied only after reboot of router. It is inconvenient.

Router Linksys E4200
Firmware Version: 1.0.03

Operation system on client computer is Windows 7.Can it be resolved in the next version of firmware?

View 1 Replies View Related

Cisco Switching/Routing :: 1841 - Access To Web Server On Outside Address From LAN

Jan 22, 2012

I have a 1841 deployed as my NAT device towards internet. NAT is setup so that internal addresses can access WWW. I also have some NAT translations opening speciic ports from outside to inside in the form: ip nat inside source static tcp A.B.C.D 443 A.B.C.D 443 extendable.
Now have an outside address/port setup with a public DNS reference and using NAT from outside to get access to the corresponding inside address. It works when being outside the LAN.
Now to the problem: From the LAN side of the router - i cannot access the public name. I can ping it - but my browser dont find the webserver behind the name. Someone told me it should be setup as "local firewall domain" - and i should set this up as "source NAT".

View 12 Replies View Related

Cisco Switching/Routing :: 3700 - Command Rejected / Bad VLAN Allowed List

Aug 24, 2012

Im trying to simulate a switch in Gns3 and i use 16ESW module in a cisco 3700 router. why im getting this record after i try to filter which vlans pass through my trunk port:Router(config-if)#switchport trunk allowed vlan 2,3,4 Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.

View 6 Replies View Related

Cisco Switching/Routing :: What Is The Command To Shutdown 1841

Oct 28, 2012

What is the command to shutdown a cisco 1841 (say, to add a module)? I know how to reload / reboot, but does not seem to find any command with an obvious name.

View 1 Replies View Related

Cisco VPN :: 1841 - Ports Allowed In Access List

Oct 14, 2012

Users behind a Cisco 1841 are not able to connect to a network using the Cisco Systems VPN Client. Transport is IP sec over UDP (NAT/PAT). Connection just times out.
Which ports should be allowed in the access list? Or do you have an link to a article for this?

View 5 Replies View Related

Cisco Switching/Routing :: IP Address DHCP Command Not Available On C3550

Nov 19, 2011

I'm trying to configure my C3550 with fast ethernet port 0/48 assigned to vlan 2 in static access mode and SVI vlan 2 configured as dhcp client.
But I see command ip address dhcp is not available on interface vlan 2:
Cat3550(config-if)#ip ad
Cat3550(config-if)#ip address ?
A.B.C.D  IP address 
Cat3550(config-if)#ip address  
Could it be a problem related to the version running on the equipment (see below the output of sh version command not sure of what EA1 stands for)? I read here [URL] that this command was introduced in version 12.1(2)T
If it is a version problem is there any possibility to download upgraded version for free? 
Cat3550>sh ve
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(20)EA1, RELEASE


View 7 Replies View Related

Cisco Switching/Routing :: WS-C6509-V-E / Mac-address-table Synchronize Command

Nov 27, 2011

we have  cisco WS-C6509-V-E with IOS version 12.2(33)SXI4; s3223_rp_IPSERVICESK9_WAN_M) running on a switch. I am trying to configure the command "mac-address-table synchronize" under global config mode. But when I enter the command Cisco(config)#mac-address-table ?It doesn't show the synchronize option?

View 3 Replies View Related

Cisco Switching/Routing :: How To Block Single Mac Address In 3550 Switch

Nov 16, 2011

I need to block this mac address in  my 3550 switch.i enable port security but this mac address comes and do the violation and port is shut down.

View 3 Replies View Related

Cisco Firewall :: Access-List Traffic Control Attempting To Block RDP 3389

Nov 7, 2012

I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels.  Tunnels appear to work.  I am lab'ing some additional controls that I would like to implement.  On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass).  I was hoping to lock things down a little without having to reconfigure all of the Tunnels.  My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN.  One port that I was attempting to block is RDP 3389.  When this ACL is applied to the inside interface it does not block Port 3389 at all.  What am I missing?  Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels? 
Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?
access-list 145 deny   tcp eq 3389
access-list 145 deny   tcp eq 135
access-list 145 deny   tcp eq 137
access-list 145 deny   tcp eq 138
access-list 145 deny   tcp eq 139
access-list 145 deny   tcp eq 445
access-list 145 deny   tcp eq 389
access-list 145 permit ip any any
ip access-group 145 out interface Internal
This work great on a 2821 Router, but not so much on the ASA.

View 11 Replies View Related

Cisco Switching/Routing :: 1841 / HWIC-AP-AG-A Not Providing IP Address To Clients

Dec 5, 2012

I have not yet completed my CCNA, however I have managed to configure a 1841 router with 1 x HWIC-ADSL1 and it also has 1 x HWIC-AG-AP-A which is the only part I am unable to get working.
The Wi-Fi (Dot11Radio) config has enabled me to see the SSID from wireless devices, but they never get an IP address. I need them to get the same IP range as the DHCP service I have in there, there is no option for "IP ADDRESS DHCP" only "IP ADDRESS POOL LAN" Lan is of course my DHCP pool name. however I cannot have the same DHCP pool on both Dot11Radio interfaces.
I know I'm missing one very simple command, but as I've never worked with Radio on Cisco equipment, I am unsure how to fix it.
Then once I get that worked out, I need changing the access from OPEN to WPA or WPA2, etc..
IOS Software on Router is C1841-ADVSECURITYK9-M - Version 12.4(9) T
I can upgrade to a better version of software if needed, I only have a 32mb Flash and 128Mb Ram.
The current Radio Config is:
interface Dot11Radio0/1/0
no ip address
no ip redirects


View 1 Replies View Related

Cisco Switching/Routing :: 6500 Clarification For Using Mac-address-table Synchronize Command

Jul 12, 2010

We want to configure the "mac-address-table synchronize" command on our 6500 series switches to ensure that the CAM tables on our DFCs are in synch with the PFC on the supervisor modules. is recommended that we disable the routed MAC purging with the mac-address-table aging-time 0 routed-mac global configuration command. What is a routed mac entry?  Are there any issues with running that mac aging-time command?
We also plan to run this command "mac-address-table aging-time 14400" to keep our ARP and CAM tables on the same aging time to reduce unicast flooding on our network.  Can we run this command with the "routed-mac" command above?

View 2 Replies View Related

Cisco WAN :: 1841 To Block Access To A Specific Interface

Feb 11, 2013

I have an 1841 between my firewall and the ISP.  Three interfaces - multilink to ISP, FA to my firewall, and FA to my inside network.  I use the inside interface for configs aand snmp access, etc.   Only my ISP-assigned fixed address block will get routed to the multilink by the ISP but I am nervous about the inside interface sitting on my LAN.   I know I can remove it, but if I keep it there, how can I set up an ACL so that all traffic from the multilink interface is denied to the inside interface?  I suppose another way to think about it that the inbound iface can only accept traffic from its own outside, not from the router.I think this is fairly simple but I don't want to knock down the traffic if I get it wrong.

View 8 Replies View Related

Cisco Switching/Routing :: 3560 - Access List On InterVLan Routing

Dec 11, 2012

I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B
Network A.
Network B
The configuration is
interface Vlan1
description Data VLAN


View 14 Replies View Related

Cisco Switching/Routing :: 4500 And Mac Access List

Apr 11, 2011

I'm looking to implement a vlan filter to keep unnecessary stuff off my access-layer. Things like IPv6, IPX etc. I really only want IPv4, ARP and 802.1q on these 4500s. I know on 3750, 3560s etc, when I create the mac access-list, I can do it by ethertype, but on the 4500, I dont have that option.
4th_floor(config)#mac access-list extended Drop-traffic
4th_floor(config-ext-macl)#permit any any ?
  protocol-family  An Ethernet protocol family
4th_floor(config-ext-macl)#permit any any protocol-family ?

View 1 Replies View Related

Cisco Switching/Routing :: 1800 ISR Without Access List?

Apr 19, 2012

I have an 1800 isr that is running with port forwarding only.  It is running a series of ip nat inside source static address port address port commands.  It does not have an access list bound to the outside interface.  This is working fine, but i am wondering if this is a security concern?

View 1 Replies View Related

Cisco Switching/Routing :: / VLAN Access List Not Working?

Sep 5, 2012

Extended IP access list VLAN20
    10 permit tcp any any established
    11 permit icmp any any
    20 permit tcp any eq 80
    30 permit tcp any eq 443
    40 deny ip any any log

Above is the network diagram and access list for VLAN 20 and VLAN 30, applied on incoming direction of each valn.But still able to access other port which is not on access list, tried changing the direction with no luck.Inter vlan routing is enabled on CoreSwitch default router is

View 5 Replies View Related

Cisco Switching/Routing :: 3750 How To Write Access List

Jan 15, 2012

i have one Cisco 3750, am using it as Core Switch where i have 6 more access switches are connected deirectly, and we are using VLANs in our network with the IP reange of , now we had a new Internet connection which is dedicated to Exchange Server only.So we have TWO internet connection One for internet access to all users and another one for only Exchange Server.internet connection for the users is termiated at a Cisco 1700 Series Router and Internet for Exchage Server is terminated at a Cisco ASA Firewall.Now the problem is how can i write an access list, which says that all packets from Exchange server should be routed to ASA Firewall , and all other packets shoulde route to Cisco Router.IP address os Exchange server is,

View 13 Replies View Related

Cisco Switching/Routing :: 4506 - Interface Access-list

Nov 14, 2011

I have one computer connected to the 4506 that management does not want this PC to have access to anything on our network except our DHCP server and the one printer that resides on our network.  I created an extended access list as follows.  Our network is the 10.10.x.x and the external addresses the PC needs to access is 11.1.x.x.  Once this PC is rebooted, it is unable to access DHCP to get the needed IP address it bounces back to a 169.x.x.x address and stops working.
Extended IP access list 2000
permit tcp host host                           (gateway)
permit tcp host host eq smtp              (access from the pc to external server for smtp)
permit tcp host host eq 5721              (access from the pc to external server for remote access)
[ code]...
Then I applied the access-group 2000  on the interface the PC is connected to. What am I missing for DHCP to work and for this PC to always get the ip address that is reserved?

View 3 Replies View Related

Cisco Switching/Routing :: Not Able To Assign Access List To CMP Interface Of Nexus 7K

Feb 6, 2013

I am trying to harden my Nexus box and I am not able to ACL assigment command. Following are the commands I am trying to add.

interface cmp-mgmt module 5

View 1 Replies View Related

Cisco Switching/Routing :: 239 Multiple Static RPs And Access-list Behavior

Aug 14, 2012

I configure multiple static RPs and one of the ACLs denies a source will it move on to the next entry that covers it in another acl? [code] i.e. will be used as the RP for 224 to 238 and will be used as the RP for 239.Will that work correctly, i.e. if a source is trying to register with the router and its for the group, will it be denied against the first RP and then permitted against the second RP?

View 2 Replies View Related

Cisco Switching/Routing :: Vlan Access List In 3750x Switch

Feb 6, 2013

I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 ( and Some Users are in Vlan1 ( , now i want to restrict  the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list . 
interface Vlan1
ip address
ip helper-address


View 2 Replies View Related

Cisco Switching/Routing :: 2960 - Mac Access-list Time Based

Dec 11, 2011

I need to enable/disable a mac access-list on a 2960 scheduled by time. The switch has lanbasek9-mz.122-44.SE6. As the mac access-list can not support time ranges, I tried EEM but seems like it is not supported in this device.

View 1 Replies View Related

Cisco Switching/Routing :: 4948 - Configuration Of Access List For VLAN 2

May 19, 2013

In my core Switch,there are 2 v LAN(V LAN 1 & V LAN 2)my switch is Cisco 4948,so be default ip routing is enable in it. My all servers (DHCP,HTTP,HTTPS) are in v LAN 1 & internet is also in v LAN 1.

My requirement is that v LAN 1 user should not communicate with the v LAN 2 and vice versa. But the v LAN 2 users need an access of all servers and internet which is in v LAN 1. How to configure the access-list. I have try on Packet tracer which i have attached.
note:v LAN 2 user should get the IP from dhcp server which is in vlan1.

View 4 Replies View Related

Cisco Switching/Routing :: 4503 -MAC Access-list Extended To Only Allow Gateway Traffic

Nov 7, 2011

We have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it.  The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command.  So we implemented a MAC Access-List Extended ACL.  Here is what we did
mac access-list extended BLAH
permit #host 0000.XXXX.YYYY any
interface range fa 2/5 - 20
mac access-group BLAH out 
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20.  We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening.  The TUT devices are learning about MAC addresses that are on other TUT devices. 

View 1 Replies View Related

Cisco Switching/Routing :: 3560 - No Access List On Switches And No Firewall Between Sites

Jul 15, 2012

I have 3 3560 switches which are configured with trunks between them. They run vlan 10, 11 & 12. I have a 'core' switch (switch 1) of these 3 to which an MPLS router is connected on vlan12. I in addition have another switch hanging off the 'core' switch via a routed link (switch 4). I have EIGRP configured as a stub and as such the IP address on the routed link at the core switch end is of a /24 from v lan 1 on the other switch. This makes the route directly connected and therefore distributed via EIGRP stubs. Switch 1 is then exchanging routes with the MPLS router (via EIGRP).
The problem I have is that from any sub net on any switch (switch 1, 2 or 3) I can ping (switch 4). When I try and ping switch 4 from over the MPLS I am unable to. If I trace to the switch I see it reaches the outside of the MPLS router, but is then unresponsive. The same applies if I try to ping switch 1 on Any of the other IP addresses of switch 1 respond.
The MPLS network is a managed solution to which I have no access. I'm told that the MPLS provider is able to ping switch 1 & switch 4 on the 192.168.13.x addresses from a remote router ( I have tried from a switch on the same L2 sub net ( and I don't get a response.
From switch 4 I am able to ping the switch on 1 of it's interfaces (, but not the interface I mentioned above There are no access lists in place on the switches and no firewalls between the sites.

View 22 Replies View Related

Cisco Switching/Routing :: 5548 Add Access List To Both Switches Not In Config Sync Mode

Mar 21, 2012

I have two 5548's in sync mode: I have an existing ACL and I want to add a new line to it, but after I do and try to commit it states the verify failed. [code]

I have to add access list to both switches not in config sync mode.

View 1 Replies View Related

Cisco Switching/Routing :: 2800 Block Some URL That Users Have Access Through LAN

Jan 30, 2012

I wish to block some url that users have access through my LAN .That's i wish to block icmp,access towards such sites, i wish to block icmp because dns will resolve the domain and they can access through ip address.what i have in place is a cisco 2800 series routers,

View 7 Replies View Related

Cisco WAN :: Ip Pim Address Access List Override 6506

Apr 22, 2013

We have a three tier network with a centralized core switch and multitple distirbution swithces - all 6506 routers.EAch dist switch is its own PIM SM domain and the RP so we never send multicast between the dist switches and through the core.
We are putting in a centralized server at the core switch which has to provide specific mcast < X Groups > to all servers at the dist level on all dist switches.
So we would like to define the RP <core rp ip>  just for the   <X groups> on the Core switch and tell all the distribution switch that the core is the RP for just the <XGroups>
If we put these commands on all the switches including the cores will that set the rp just fo the <XGroups> to the <core rp ip > ?Do I have to define the deine an ACL for all groups if i define it for some or will groups not defined by the ACL defualt to the local RP?
do I have to put in the override command ? (We are using MSDP not autorp)
ip pim rp-address <distn rp ip>
ip pim rp-address <core rp ip> 99

ip access-list 99
permit <XGroups > mask

View 1 Replies View Related

Copyrights 2005-15, All rights reserved