Cisco Switching/Routing :: 2811 / IOS Firewall Commands Not Working?
Mar 8, 2013
I have a Cisco 2811 router and i want to experiment on the IOS firewall.The thing is, none of the commands that are proposed in online guides - like ip inspect, ip audit, etc. - seem to be working. I just get "unrecognized command" on a router that is supposed to support such features. I'm wondering if it has something to do with the IOS image.
My show version output is this:
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.3(11)T9, RELEASE SOFTWARE (fc3)
Technical Support: [URL]
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 13-Dec-05 08:24 by ccai
I am trying to set up a SLA statement on an ASA 5505 version 8.2(5). When I enter the command "sla monitor schedule 1 life forever start-time now" I get a message stating "%Entry not configured."
We are replacing two 3750E switches with 4500X using cat4500e-universalk9.SPA.03.03.02.SG.15111.GS2
1. is there a command reference available for this ios - can't seem to find out 2. Im using GLC-T gbics and we normally would set the speed to either 100 or 1000 now that option does not seem to be available. 3. when I entered username etc. I got a message " CLI deprecated soon".
I do not have the option to run sh mls qos commands. I am trying to look at the cos-map on my 7200 router. The code I am running is c7200-p-mz.122- 25.s9.bin.I also do not see the mls qos command listed globally and it is not an available command in config t mode.
SSH commands not available in IOS cat4500e-universalk9.SPA.03.02.00.XO.150-2.XO.bin I just recently upgraded to universal k9 as the k9 versions usually include the crypto, shh commands however I still do not have access to these commands, is there anything I must to to enable these?
I am looking for soem best-practice and useful logging commands on 6500 and 3750 platforms. Some of them I have listed below. Is there any important ones I am missing Also, I need to know what kind of recommended logging level is for buffer and what is loggign level for syslog server?
I've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.
configuration of NAT on an ASA 5520. On the ASA I have 1 x WAN connection and 1 x Internet Connection as well as the Inside and DMZ. I want to translate traffic from certain subnets on the inside (say 10.1.2.0 255.255.255.0) to an outside address (say 1.2.3.0 255.255.255.0). I'm assuming the ASA using the number after the brackets to distinguish what to translate? So if I had another entry with a '2' after the brackets, any of the '1' entries wouldn't translate to this? I have access-lits inbound on the INSIDE interface, I'm assuming these are applied before any NAT and only items allowed through the access-list are allowed to NAT?
I also have an address I would like to statically NAT with a certain port number, how do I do this? After I've configured this, what are the commands to apply NAT on the interface?
I just started a evaluation license for IP Base on my 3850 switches. But i can't configure HSRP cause the commands are not there (I rebooted allready). Do you need enterprise for HSRP on the 3850?
I have a 3750E stackable swtch and I need to configure neflow on it. Are there any IOS versions that support netflow on the 3750E? Is there any possible to configure netflow on a 3750E? I do not see any netflow commands available on the switch?
We are upgrading from 3550 - 3560 switches.On the 3550's we have this on each interface: [code] The 3550's wont accept the wrr-queue commands. How to set these on the 3560's.
I am trying to configure 802.1x wired on a 3560 switch and don't see the required commands under the interface. I am running c3560-ipbasek9-mz.122-55.SE6.bin. I was thinking it might not be available on the ipbase image, but I do have the commands on a 3750g running the ipbase image, so I'm not sure about that.
I am running a 15.1 or so version of the IOS on a 1921 router. I have plugged in the external PoE injector into the router, and the PoE light on the front of the case is lit green. I have no options in the IOS to enable power on the EHWIC ports. I have most licenses enabled, including data and security.
What are recommended commands to get input for network documentation (for disaster recovery)?
I've got 6500 with these modules: WS-SVC-FWM-1, WS-SVC-IDSM-2, VS-S720-10G, WS-X6704-10GE, WS-X6748-SFP and dozens of WS-C3750E-48TD in couple of buildings.
I want to give limited access to our first level support so that they can execute certain basic commands like, port vlan change, access port shut/no-shut on Cisco 6509 and 3750E switches IOS based. I want to restrict them to only few options so they can not make changes to uplink (TenGig) ports and can not issue reload command etc. We do not have TACACS. What is the best way to achieve this?
Unable to enter global QoS commands on the 4500E chassis? We're using 12.2(53)SG. If I go to 'conf t', there is no 'qos' command. In the configuration manuals I've seen for the 4500, the following commands seem to be supported:
I went through the configuration guide for 4500 series switches for NSF/SSO for failover between Sup's. I just wanted to know that that are we supposed to run the SSO command on both of the supervisors? Secondly, are we only supposed to run the nsf process under EIGRP on the secondary supervisor and routing peers and not on the primary supervisor?
The book says only ospf external routes of type 2 will be redistributed.But when I tried to configure the above command on router, I was not able to configure it; there was no external or internal option available with redistribute ospf command.
Below is the output:
R2(config)#router rip R2(config-router)#redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistributed routes route-map Route map reference vrf VPN Routing/Forwarding Instance <cr>
Do we have such command for eigrp? For example If i want to redistribute only external routes from eigrp into ospf, do we have any command such as :redistribute eigrp 1 external ?I understand there is several ways to achieve to same goal however I am just curious if we could acheive the same goal using single redistribute eigrp command without any route-map.
I am using DHCP/TFTP to autoconfigure a 3945 router. The router properly obtains an IP address and finds the correct TFTP server. The issue lies in the download of the configuration file from the TFTP server. The router downloads the file, gives the "Ok" message, and prompts you to press Return to get started. When I view the running-config, several commands are missing from the Serial 0/0/0 section (HWIC-2T). If I modify the config file on the TFTP server to use Serial 0/0/1 instead and repeat the process, the configuration file loads without any issues and Serial 0/0/1 has all of the commands.
I also tried moving syntax around in my config file, but the end result is still the same. If I use Serial0/0/0 - I don't get all of the commands. If I use Serial 0/0/1, I do.
I'm trying to configure LLDP-MED between a Cat45010+E Sup7 (IOS 15.1) and Polycom CX600 Lync phones. I have created and applied the correct network policy for the interfaces.
From these sites, I need to send all the correct TLVs or the phones won't respond: {URL}.
When a scour the config of the switch, I can't find any related configuration commands relating to the specific LLDP-MED TLV components which are enabled/disabled. Where are they hiding? I would like to confirm which TLVs are being sent by my switch and if they are matched to the phone. I can always use the DHCP method, put this is not preferred.
I have cisco 2911 with IOS-universalK9 mz.SPA.150.1.T, but that does not accept the ip sla monitor commands XX, XX or rtr ip sla XX. How active these commands in IOS or what you belong to?
I have an old 2621xm router in CCIE lab at home. Only a week ago I started having issue on 2 of them. The problem is on one of them when I go under interface configuration and I type "no shut" nothing happens. Interface stays in administratively down status and when I check running config "shutdown" is still under interface.
On the other one the same problem but only with "router rip" command. I configure my rip routing but then when I check running config there is no rip section and also RIP is not running under "show ip protocols rip".These routers are connected to 2511 AccesServer. So I thought the issue might be communication from AccessServer to these devices. I connected a console cable straight to them and still the same problem. Everything else is working on these devices.
There are no commands like route-map & ip sla monitor on my cisco 1841 router, its ios version is 12.4(T1). I have to configure load balancing and failover on this router but without these commands i cant do that.
We have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shunned.
is there any fixed way to get rid of this. what commands can i use to verify related configuration on the firewall.
I have four 2811 routers with IOS 12.4(15)T installed. Embedded Event Manager was introduced in IOS 12.3(4)T, why do I not have it?! I've been at this for over a month, when I try to see the command 'event manager' I get Unrecognized command? According to all EEM documentation I can find, this should work on our machines!
This is a 2811 rotuer running Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(24)T3, RELEASE SOFTWARE (fc2) Not sure why this isn't working. Can see it expects to parse the command. Can see this device is vtp server. Can see other vlans were defined here.
I am facing a problem on a 2811 router. The CPU is remaining around 60% and the router throughput is reaching at most 18 MB while according to the data sheet the 2811 maximum throughput is 61MB. I have checked the output interpreter in order to try and figure out the cause of the high CPU and to determine if it is affecting throughput but there are not processes consuming more than 10%. I have attached the show tech-support and the show process cpu history outputs.
I currently have a 2811 and a LAN setup via a sub-interface FA0/1.3 and using a HWIC-AP I have a sub-interface dot11radio 0/1.5. I have them setup to work and surf the inet great, but I have recently been overly annoyed with the fact that the wifi cannot access windows shares on desktops and visa versa with the laptops.
The trick to make this happen is currently they are not on the same subnet. I know the answer is bridging the interfaces but when I do this using the simple commands:
bridge 1 protocol ieee interface x & y bridge-group 1
Although what should be simple has failed (good thing I tftp'd my working config). Here is my current configuration.
interface FastEthernet0/1.30 encapsulation dot1Q 30 ip address 192.168.3.1 255.255.255.0
