Cisco Switching/Routing :: 2911 / Block All Traffic But Allow One Way Data Transfer?
Feb 5, 2013
I am trying to connect a Control network that can not have access to the Internet, or any other network for that matter, to my Admin network so that I can retrieve trend data about the plant that goes into a database. Right now the process is print information, hand jam into excel spreadsheet, print again, and hand jam into another excel spreadsheet on the other network. Reports are printed automatically once a day, but would like a simplified way of getting data from one network to the other without having to re-enter data several times. Current policies stipulate no USB drives connected to Control systems. Even if we could loosen that, personnel needed to transfer data is not available and going to each individual machine would take more time than current system.Now that background is laid, I have two 2911 ISR routers with EIGRP configured, each with a 4 port EHWIC card. The 3 L3 ports on the router are setup as follows: interface G0/1 to the internet, interface G0/2 to a wireless back haul, and interface G0/0 for IT network. I then have 3 VLANs setup on the EHWICs for our Admin network. We will move the IT network to a VLAN on the remaining EHWIC port and connect the two 2911's through the G0/0 interface. I am going to have one computer on my Administration network dedicated to receiving the information and have a program that will take that data and import it to a database. I need to allow only that computer to receive traffic from the Control network and I need no traffic to flow back into the Control network. In other words I will transmit data from the control network to the admin computer using one protocol (TFTP more than likely) and block any other traffic coming out of and going into the Control network.
Customer production environment is nexus 5000 use 1 G interface * 4 and config Port-channel ( LACP ) uplink to C3560 , The port channel link is 802.1q trunk , but Data transfer is low , the sh int display as follow :
Why transfer performance pool and how to fix
N-5548UP# sh int ethernet 1/30Ethernet1/30 is up Hardware: 1000/10000 Ethernet, address: 547f.ee14.ed25 (bia 547f.ee14.ed25) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is trunk full-duplex, 1000 Mb/s, media type is 10G Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 Last link flapped 9week(s) 6day(s) Last clearing of "show interface" counters 20w2d 30 seconds input rate 152 bits/sec, 19 bytes/sec, 0 packets/sec 30 [Code]...
I have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
’m somewhat new to Cisco routers this is my first attempt at getting one to work. I work in an environment with multiple locations, most are using the Cisco Model: 2911/K9 or the Model: 2921/K9 routers running IOS Version 15.0.We just added a new small office and all I had in the way of a router was a Cisco C1841-IPBASE-M router, running IOS Version 12.4.When setting up the C1841 I kept the configuration pretty much the same as the others allowing for the differences in the OS. I can remote into the 0/0 (outside port) from over the network, I can ping to that port without fail, but I can’t send or receive traffic from the 0/1 (inside port).
I have configured multicast(ip pim dense-mode) on two 2911 that are connected by a Multilink( 3 Mbps) Wan connection.The configuration works fine for awhile and sometimes all day but at some point one of the Multilink interfaces stops passing multicast traffic.I perform a SH Multilink 1 on the interfaces and one show multicast packets incrementing and one does not, it just stops.The problem acts like there is a buffer that gets full and after that happens it just stops working.
Got servers in vlan 10 ip range 10.0.0.0 and servers in vlan 20 ip range 20.0.0.0 at the same layer 3 switch. (c6509 sup720)I would like to block TCP traffic initiated from Vlan 20 to Vlan 10. But the servers in Vlan 10 needs to be able to open an TCP connections to Vlan 20 did test with the ACL thats blocking (ack/established/syn) but unable to get it to work.Or it works both directions or is works non directions.
How can I collect the data about the traffic on my Cisco 2960S? Have I use only the snmp? Any workaround for simulate a netflow? The IOS c2960s-universalk9-mz.150-1.SE2.bin.
in switch 2960s ( c2960s-universalk9-mz.122-55.SE5 ) , i want to marking the traffic between two hosts (Data replication), i choose to use " mac access-list" to classify my trafic before apply the policy marking . but did'nt work . c
! my mac ACL mac access-list extended test permit host 000a.1a41.aa52 host 000a.1a41.1bc2 ! class-map match-all test match access-group name test
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
I have a Cisco C3560CG which is running C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2.The switch has vlan 1 and vlan 50 configured, vlan 50 should have access to a limited number of host in vlan 1.The following acl has been applied on the inbound to vlan 50:
I sure the above would work, but for some reason some of the packet counter are not incrementing but the traffic is being blocked. But I would like to see the counter increment.Also I have that I may beed to use VACL wouls this be the case?
I have One switch 3750 and many switch 2960 c.I use one ASA 5510 to reach emote branche site (vpn conexion).I use one router 1841 for internet conexion.Router 1841, ASA and catalyst 2960 are connected on the 3750.Default gateway of all user is ASA IP
I configured Vlan 3750 and it work.Now I need to implement security : permit/block specific traffic between vlan [code] From vlan 72 I cannot have remote access on computer in vlan 34 and I cannot ping computer in vlan 34.
I would like to conect a USB device to a computer using WiFi instead of the USB cable the device has. The thing is that I'm not sure about the drivers. Is there any USB Wireless device that transmits the USB data "raw" and the receiver plugged to the computer gets the data with the driver of the remote device in the own PC?
I have a new Palm Vx and have installed Version 3 Palm Software followed by an upgrade to 4.0.1.This works fine with the new Palm but I can't transfer all the data from my old Palm (almost 12 years of stuff) to my new Palm.
just upgraded my ASA5510 from IOS 8.25 to 8.42Everything is running fine apart from one VPN between ASA5510 and cisco 887V router.The VPN session is up but no data traffic is being passed through The tunnel although this VPN was working fine with old IOS. The tunnel is up but no data is passing through IKEV1 session.
I am currently using Win XP in my desktop. I am planning to buy a Laptop with Win7 o/s. S how to transfer data from XP desktop to Win7 laptop uisng the LAN cable?
I have a laptop and a pc...i want to transfer loads of data (about 100 gb) from the laptop to the desktop.I have NO means to do it wirelessly.how to accomplish this so seemingly cumbersome task via wires? (i read in some other places about connecting it via lan wire and then changing the ip addresses.where on my desktop will i see the data of my laptop?
I have 2 cat 5 cables one has the network jack end on it and the other end has a usb end? What is this used for? Can it be used to transfer data from one computer to another?Also how can i tell if I have a crossover cable?
I have recently been encountering file transfer probles across our network from wireless to wired, and vice versa. The transfer will start and process about 50% and then we lose internet connection, and it requires a router reboot to get connectivity again?
how can i connect my laptop in network so that i can transfer the data from another pc to my laptop.Also provide the information how to use ethereal software for internet traffic?
Windows 7 32 bit laptop ----> Windows 7 64 bit PC with USB network adapter.
I'm trying to move a folder from one computer to the other. There are about 300 files totalling 3mb.
At around "234 files remaining", the transfer freezes, and after a minute or so, the network connection on the destination computer is shown as Disabled. If I right click and choose "Enable", it makes the attempt, says "connection failed", and then "It is not possible to connect at this time. No network was detected. You may need to plug in your network cable to complete the connection."
What will fix it is unplugging the USB network adapter and replugging. But it only allows a little bit more transfer before it happens again.
I tried initiating the transfer from one computer, and again from the destination (bringing the files to it), but the problem occurs just the same. On additional attempts it will reconnect to the other computer and allow me to browse the files, but the connection crashes again without any more progress. My internet connection is fine otherwise, doesn't do this unless I'm transferring data across the network. I disabled Eset real-time protection but have windows firewall up (I'd rather not turn it off).
I was assembling and testing some custom production machines here, and I had to perform a data transfer between two windows 7 machines through an HP 1400 switch. I saw 100MBps transfers for the first time. I only wish I could get the main network to operate that fast.
I have a SMTP relay deployed on the DMZ for mailing. I have also a mail servers installed in the internal lan,
I want to allow trafic from dmz to reach internal lan, and i want normally also allow stmp relay from dmz to reach Internet.
How can i block trafic from DMZ to reach Internal Lan (instead of smtp) if the to allow trafic from dmz to internet i must put ANY in the policy?
For allowing trafic from DMZ to reach Internet, the policy must be DMZ -----> ANY ----->Services., this policy means DMZ can implicity reach Internal Lan?
RV110W connected to ISP via PPPoE. MTU is default setting - 1492. IPSs tarif - 100 Mbit/sec IN, 40 Mbit/sec-OUT.When the laptop is connected to RV110w via ethernet the data transfer rate is 45 Mbit IN / 25 Mbit OUT.When a laptop is connected to ISP directly without a router a data transfer rate is 95 IN / 35 OUT.
I've recently upgraded the configuration on one of our 1130 series standalone access points. I've implemented RADIUS authentication, WPA2 encryption etc. in an effort to make our network more secure. While this part seems to be working as planned, our data transfer speeds have taken a major hit. On our test AP, with only one laptop connected, the laptop will report a connection at 54 Mbits. When using any speed test service the speed reported is approximately 15 Mbits. We have 100 Mbit internet, and desktops connected to ethernet show much higher speeds. When transferring files via our own LAN, data transfer rates average approximately 2 Mbytes/second. I've tested this on 3 separate laptops, some relatively new, and it seems they all get the same speeds.
Long story short, our wireless seems to be operating under a third of its reported speed.
I have a laptop running Windows XP that has a wireless card inside.
I have a Single Board Computer (SBC) running Linux that has an 'wireless access point' connected to one of it's Ethernet ports. I want to be able to transfer data between the laptop and the SBC wirelessly (cabling is not an option)
The 'wireless access point' I am using is the EnGenius EOC5611P - it can be configured for: 1. Access Point
2. Client Bridge
3. WDS Bridge
4. Client Router
I don't know which one of these I need,so working that out would be a good start!
I'm using Pix 501 with firmware: Version 6.3(3)I have problem with Pix 501:
+ transfer rate data between interface outside and inside very slow, even between 2 interface inside. + I have test file transfer between 2 PC connect via interface inside. + Results transfer 1 file 1MB with total time 60s
I don't upgrade software current from 6.3(3) to 6.3(5) via TFTP. It's error Please see attach file.
Hardware Software profile; Laptop - Windows 7 Desktop - Vista Ultimate SP2 Router - Cisco Linksys E3200 Cables - CAT6
I am a sales engineer, so I use my desktop and laptop all the time. When on road, I sync my desktop with my laptop using a program called ViceVersa. This a very good, reliable syncing program that I have been using for over 10 years ( with upgrades ).
The program allows me to sync my desktop and laptop. The program also shows the data transfer rate during the syncing process. The typical data transfer speed is between 5MB/s and 10MB/s with sometimes up to 12MB/s. A typical sync between the computers will take about 3 - 5 minutes at the ~ 10 MB/s transfer rate using ethernet CAT6 cable inteface. At about 11pm last Tuesday,there was a Windows update on both my Vist and Win7 computers. On wednesday, I went to do a typical sync. The system has dramatically slowed to 59KB/s max. This is about 150 times slower than 5-10MB/s that I was used to for so many years. My typical sync was now taking about 2 hours....unacceptable ! I have tried everything to figure out what is going on and how to fix it but nothing has worked.
Then I tried to see what would happen if I disconnected my ethernet cable ( between the router and the laptop only ) and just sync using the wireless network. With that configuration, the transfer rate is ~ 2.5 MB/s which is not great but is much, much better than 59KB/s. I actually do not know what a reasonable wireless transfer rate should be since I never really did it before due to the faster speed of the wired configuration.
This is just a LAN. Only connecting my Desktop to my Laptop via the Cisco router.
How I can get my wired configuration back up to the 5-10MB/s transfer rate that it once was?
