I have a 3845 router. Setup SSH Version 2generated rsa keys (1024)set login localtransport input ssh and telnet is enabled since I can't get ssh connection working When I connect using SSH, I get the following error. server refused authentication protocol.
View 21 RepliesI have this card installed onmy 3845 running version 12.4(18). But this card fails to show up.
here is what I found in a show tech.
WIC Slot 0:
Unknown WAN daughter card
WIC module not supported/disabled in this slot
Hardware Revision : 2.0
Top Assy. Part Number : 800-27738-02
Part Number : 73-10677-02
Board Revision : B0
Deviation Number : 0
Fab Version : 02
PCB Serial Number : FOC********
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : HWIC-2FE
Version Identifier : V01
CLEI Code : COUIAFUCAA
Base MAC Address : 001a.6c70.260b
MAC Address block size : 2
Connector Type : 01
EEPROM format version 4
EEPROM contents (hex):(code)
We have one core switch and we are planning to add a 6509. Both are none VSS.All the access switches are Catalyst 3560 series.
We plan to have all 3560s to have a link to each of the core. Without VSS, it is not possible to etherchannel to both core switches correct?What protocol should I configure to prevent in case one core fails? HSRP, VRRP, GLBP?
Do I need to run spanning tree protocol? if so which one?What is the best way to connect from each Catalyst 3560 for load balancing and redundancy? One to each core?
When i access a url with http, it works fine. But with https it dosen't work, and get the message on the firefox as "The proxy server is refusing connections Firefox is configured to use a proxy server that is refusing connections. Check the proxy settings to make sure that they are correct. Contact your network administrator to make sure the proxy server is working.
View 1 Replies View RelatedWe have multiple RA VPN groups on a 3845 router.RADIUS authentication is currently happening between the 3845 and a single Windows 2008 server. We have a specific windows group that AD users are members of, and they are allowed to connect via VPN.
I'm creating a new RA VPN Group, which should only allow different AD users. Is it possible to create another RADIUS association to the same server, or do I need to authenticate against a different Windows server?
I am trying to configure two 3845 routers to act as dhcp server and dhcp relay. Clients are connected to the router that relays all dhcp requests to the vrf instance which is used to connect it to the router wich is running dhcp server.
Router1
ip vrf dhcp_dns
rd 8:1
int gi0/0
ip vrf forwarding dhcp_dns
ip address 192.168.200.5 255.255.255.248
[code]...
So far I can see dhcp requests coming from the R1 and dhcp server on R2 replies with the dhcp offer but PC is not getting any ip.
Is the subject line status correct? I have a gigabitethernet port (3845) that went from admin down, to reset and then status Down, protocol Down. Then I had another gigabitethernt port on a different 3845 router. To show port in status of UP and protocol Down, I didn't see a reset occur on this port. Which status is correct and does the reset step affect the final status being different?
View 8 Replies View RelatedI faced a strage issue as one of our router port cable was removed from the router port but the Port status is showing as up /up which made our HSRP state to active active causing an outage , The router we are usign is cisco 3845 and IOS is c3845-adventerprisek9-mz.124-8b.bin
View 4 Replies View RelatedI have a 3845 that will not let me ping to the internet from my PC.On interface g0/0 I have a connection to a internet connection (another router), using DHCP to get it's address (it gives g0/0 IP 192.168.0.3).On interface g0/1, I have a connection to my LAN (I assign the interface IP 10.10.1.1).
I can ping the router. The router can ping the internet, do DNS resolution, etc.I have ensured routing is enabled. The only route I have configured is a default static route: 0.0.0.0 0.0.0.0 192.168.0.1.Oddly, if I choose 0.0.0.0 0.0.0.0 g0/0, I cannot ping sites on the internet from the router.
I tried setting up ip nat inside for my LAN and ip nat outside for the WAN/internet uplink, but this did not work.
This was the issue, I missed finishing the NAT setup.I can make the router ping out all day, and have my PCs ping the router, but getting the connection between the two is not working.
I get the following error:
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 27 Mar 2012 09:02:12,254, Could not send syslogs, removing the subscriber...Connection refused: connect
SyslogCollector - [Thread: SyslogObjectForwarder] ERROR, 27 Mar 2012 09:03:15,223, Could not send syslogs, removing the subscriber...Connection refused: connect
Syslog subscription seems ok but syslog messages are dropped and not forwarded:
I attached SyslogCollector.log, SyslogAnalyzer.log, AnalyzerDebug.log
I can ping 192.168.1.254 gateway for about 5 seconds and lose the Ethernet connection.On IE nothing happens.Is there any tool I can use to find the router address or update firmware or restore factory default settings.
View 7 Replies View RelatedWe are using an ASA with 8.4 in transparent mode. Connection fails when a host on inside tries to connect to a server on outside. This server uses mac-address 0100.5E00.0000 to load balance but replies with real mac-address.Firewall logs "Deny TCP".ARP inspection is disabled.
View 2 Replies View Relatedi have to get a 2811 acting as a terminal server?
View 11 Replies View RelatedWe just replaced our ancient 6509 dedicated SAN switch with a Nexus 5548UP (with 4 2248 FEXs).Our old SAN 6509 was completely separated from the Core 6509, and that Core 6509 doubled as a Datacenter switch. We've now segmented the "Datacenter" and "Core." The SAN and servers are connected to the Nexus gear rather than the Core. The old SAN had only 3 vlans. One for SAN data (Vlan16), one for management interfaces (Vlan250), and one for switch management (Vlan15).
As part of my cleanup, I want to get rid of that Vlan15 and use vlan250 for switch management. In another building, we have a 3750 that provides SAN (Vlan16) and management (Vlan250) connectivity to a single Equallogic box and a Dell PowerVault tape drive for backup purpose. That 3750 is the only device that still has an address on Vlan15 (other than the core). Refer to the drawing below.
The Core 6509 is the gateway for Vlan250 and Vlan15. I have created an interface for Vlan250 on the 3750. ACLs exist on vty connections of each switch allowing telnet access ONLY from the Mgmt 2960. There are no ACLs on the Vlans themselves.From the Mgmt 2960, I can telnet to the 3750 using either its Vlan250 IP address or its Vlan15 IP address. However, if I shut down Interface Vlan15 on the Core 6509, I can no longer telnet to the 3750, not even using its Vlan250 IP address.
The connection times out. If I attempt to telnet to the 3750 via Vlan250 from the Core 6509, I get connection refused (which I should get due to the ACL on the vty connections). I can still telnet to other devices on Vlan250 (such as the management interfaces on the Nexus 5Ks). Why am I able to telnet to the 3750's Vlan250 Interface only when the Core's Vlan15 Interface is Up?
my firewall log is full of entries listing policy violations rejections. These look like traffic from LAN to WAN that is being rejected, right? [code]Noted that most of the rejections are in the 40,000-60,000 port range.
-new RV042G
-WAN 1 set to 10.x
-LAN 192.168.1.1
Action Interface SourceInterface Source Destination Time
1. Allow All Traffic [1] LAN Any Any Always
2. Deny All Traffic [1] WAN1 Any Any Always
3. Deny All Traffic [1] WAN2 Any Any Always
Have tried re-flashing firmware to current version (was already on it), disabled SPI, disabling Denial of Service, all no change.Also noted another issue with logging; bug? When the router was brand new out of box and again after firmware flash:
* the "All" drop down of System Log was BLANK, not logging any entries although other drop downs such as "System Log and Firewall Log were
* email alerts were not being triggered for log entries
* clear log button appears to resolve the issue after which the ALL shows all entries now
I am trying to telnet to my asa 5510 from the core swith,however i received the below msg,how enable it?
172.30.1.100 is the inside interface of the asa
CITYCORE#telnet 172.30.1.100Trying 172.30.1.100 ... % Connection refused by remote host
CITYCORE#
Region : Australia
Model : TD-W8968
Hardware Version : V1
Firmware Version : 0.6.0 1.1 v0005.0
Build 120926 Rel.27100n
ISP : Bigpond
I am trying to setup port-forwarding (6360 for IP 192.168.1.111 & 6361 for IP 192.168.1.112) on this TD-W8968 modem. But when I test it on [URL]. I get a message "connection refused".
I have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
On SW2:
*Mar 1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1
*Mar 1 00:57:00.711: AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
*Mar 1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0
*Mar 1 00:57:02.303: AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
[code].....
My customer wants to have mapping of WLAN SSID with different authentication protocol as show below .
1: EMP-M for Mschap
2: EMP-G for Peap GTC
3: EMP-T for TLS
For example EMP-M SSID users should be connected with only PEAP(MSCHAPv2) and not on other methods like PEAP-GTC/EAP-TLS .
customer is currently having WLC 5508 and using ISE for AAA . Any tip how we can do the above requirement through WLC .
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
I'm trying to connect to ISP with PPPoE method using Cisco 861 equip. On the other side Cisco 3845 BRAS.Session fails at authentication phase. Authentication protocol chosen by routers is ms-chap-v2. Chap supported also. [code]
View 2 Replies View Related I replaced an ACS certificate that had been installed as follows:
1. Generate CSR file and private key file, then send CSR to GeoTrust (Key length: 2048 and Digest to sign with SHA1)
2. GeoTrust send me a certificate. Issued by "GeoTrust SSL CA".
3. Install the certificate on the ACS. Restart ACS service.
4. ACS Certification authority setup. Issued by "VeriSign Class 2 Public Primary Certification Authority - G3"
5. Edit certificate trust list and select "VeriSign Class 2 Public Primary Certification Authority - G3" as trusted.
6. Enable EAP-TLS, then restarted the ACS service. The problem is when i try to enable EAP i get the error msg:Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.I searched on cisco and it said to disable the CSA, but in fact there is no CSA installed on this server.
OS: Win 2003 sp2Cisco ACS: Release 4.2(0) Build 124
I have a question about ACS RADIUS authentication with Alteon 3408 L4 Switch.
I configured a ACS 4.2.1(build 15 patch 4) software for windows on Windows Server 2008 Server STD.TACACS authentication with CISCO product was successfully passed.but RADIUS (IETF) authentication with NORTEL 3408 Switch was failed. ACS Authentication Failure Code was a " ACS password invalid "
I read the post that RADIUS VSA is needed in my environment.but i can not search any sample Nortel VSA dictionary configuration. Need Notel specific VSA configuration.
I have bought Cisco ISR 881 C880DATA-UNIVERSALK9-M with c880data-universalk9-mz.150-1.M7.bin ios.
command "show ver" tell me:
License Information for 'c880-data'
License Level: advsecurity Type: Permanent
Next reboot license Level: advsecurity
So I have advsecurity. On cisco site there was a thing URL
"Table 5. Cisco IOS Software Features on Cisco 880 Series: Advanced Security Feature Set (Default)"
that tell me I have RIP protocol to use. But when I type "router rip" command and sub router sommands like: network, passive-interface, redistribution. There are no in runnning-config such things after all I've done. It have not been saved.
then the command "show licence":
#show license
Index 1 Feature: advipservices
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
I need even RIPv2 to have simple routing information to exchange.
And I don't know. Cisco 880 series is G2 or G1. Cisco ISR beginning from 890 series is G2. About 880 I don't know. There no informanion about it or at least I have not found it yet. On one 891 is the same problem. When I type "router eigrp 1" everything is great. But when "router rip" - do no work.
I configured WiFi connection on Windows XP and Windows 7 with EAP-TLS (using Cisco WLC 7.0.235.3 and Cisco ACS 5.2.0.26.10). It is configured with computer authentication and computers certificates are autoenrolled from Microsoft PKI.It works well!
Now I configured Windows 8 with same configuration.First authentication works but if I manually disconnect and reconnect, I got this error on ACS: 22047 Principal username attribute is missing in client certificate.In EAP packets, we could see that Windows 8 sent a TLS session ticket but session was not resumed correctly by ACS..On ACS configuration, we checked this option "Enable EAP-TLS Session Resume" with session timeout "7200".
I have encounterd a broplem on my Cisco 805 model.
When i use the command "show ip interface brief" the status shows "up" but the protocol is "down" on my serial interface.
The link between my to sites is down after this happend.
When I config BGP on my 3750X Switch, it show error as below:
protocol not in this image
should I need to upgrade the IOS or Where I can found a supported image (support BGP)
I am trying to enter this command in Cisco 2960 but the device is not accepting it. Is this because of IOS or this command is not available for 2960?
View 1 Replies View RelatedI am trying to review the port-channel configuration on a 6500 series. I am issuing the "show etherchannel summary" command and the out put shows the Group, Port-Channel, and Ports. It does not show me the protocol that is in use such as PAgP or LACP. Does this have to do with the Etherchannel in the "On" mode rather than "active", or "Auto"?
View 2 Replies View RelatedRunning ACS5.2, Windows XP Pro, Window Server 2003 and Cisco Anyconnect Client. When the machine name password changes between the PC and the AD server the ACS will error out with "24485 Machine authentication against Active Directory has failed because of wrong password".TAC has been working with us on this and sees the error in the logs but does not have an answer on with to do to solve this. It has the same problem with Wireless Zero. Once the PC is rebooted the error goes away for 30 days. We are in a hospital setting so this is a not just a minor problem
View 16 Replies View RelatedI have configured SPAN in cisco 3750 switch as below mentioned. but the destination port protocol is down.switch(config)#monitor session 1 source interface gigabitethernet1/0/1switch(config)#monitor session 1 destination interface gigabitethernet1/0/11 ingress vlan 1
View 8 Replies View RelatedOn our backbone (Cisco 6509) we have the following config.
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-200 priority 24576
1. is rapid-pvst the best spanning tree protocol to use? on some switches we have pvst (not rapid)
2. do all switches in the LAN need to use the same protocol?
3. does line 3 :priority 24576 mean that someone set tis switch as root manually? how can one further enforce the backbone as root (so noone adds a old switch with lower root id)
I'm trying to implement the UDLD protocol (Cisco-compatible), but face some problems. There is no enough information for implementing this protocol neither in RFC 5171 [URL] nor on [URL] How can I get a more detailed information regarding protocol state machines and timers?
View 2 Replies View Related