Cisco Switching/Routing :: Configure NX7000 To Log ACLs Hits On Remote Server
Nov 4, 2011How should I configure NX7000 to log acl's hits on a remote syslog server.
View 10 Replies
ADVERTISEMENT
Cisco Switching/Routing :: Trunk Speed Between 6509 And NX7000
Nov 2, 2011I have connected a 2 TP trunk between 6509 and nx 7000, as shown above. I am trying to have speed 1000 on both sides.If I set speed 1000 on 6509 Trunk disconnect. How to force speed 1000? [code]
View 4 Replies View RelatedCisco Switching/Routing :: View IP Traffic On NX7000 Like On 6509 OIS
Dec 8, 2011I would like to have a view of ip traffic on NX7000 as I am used on 6509 OIS, running the above commands: [code] Finding something like on 7000 ?
View 2 Replies View RelatedCisco Switching/Routing :: 6509 / Route-map Doesn't Get Any Hits
Dec 11, 2011My network has two connections to a third party via links on two seperate ASA , one in location A and one in location B. The link in location A is the primary connection and the other in location B should be used by only two terminals (term1, term2) in location B. ASA are running OSPF and are redistributing static routes as metric-type 1 in OSPF. In order to achive the aforementioned goal, I have configured a route-map on ASA location B, that sets the metric for the route towards the third party to a high value (100). This way, all routers, even those in site B prefer the exit through location A (metric about 24).
I have checked that my routers correctly have the route to the 3rd party through location A, and the OSPF database has records for the network from both locations.In location B, I have configured the following route-map (on 6509)
route-map PREFER-LOCAL-ROUTER permit 10
match ip address XXX
set ip next hop locationB-ASA
int vlanYYYY
ip policy route-map PREFER-LOCAL-ROUTER
[code]....
From the terminals (term1 and term2) I have tried a traceroute towards the 3rd party's subnet, but I don't get any match neither on the access-list nor on the route-map. Unfortunately I have no other way to test that my configuration is correct, since the application on the terminals, that should access the 3rd party network, is not currently running.
I also addedd the statements below to the access-list, because of the test with tracert:
permit icmp host term1 route_to_3rd_party 0.0.255.255
permit icmp host term2 route_to_3rd_party 0.0.255.255
Nothing changed...Is there something wrong with the above config? Is there a chance that there is a problem with the IOS, that simply doesn't show any hits?
Cisco Switching/Routing :: 3750E / Applying ACLs When Routing Between SVI And Routed Interface?
Mar 12, 2013Quick question here. Using 3750E series switches with multiple VLANS configured. These switches serve as our 'core'. I have SVIs configured for the different VLANs and add inbound ACLs in each of the SVIs to control traffic between VLANS. This switch also terminates a P2P Ethernet link which connects to our Colo facility. The port used for this is configured as an L3 port. I noticed today that I was able to send traffic across this L3 link that I thought should have been blocked by an ACL I had in place but it wasn't. So the traffic flowed from a port in say VLAN 20 across this L3 link (assigned with an IP address). Would this traffic flow not cause traffic to be checked against an ACL applied in the inbound direction on the SVI of VLAN 20 (int vlan 20)? Traffic does get checked when routing between SVIs. Why would it not get checked when routing between SVI and L3 interface?
View 2 Replies View RelatedCisco Switching/Routing :: 3750G ACLs Not Working
Sep 17, 2012I am trying to create an ACL that walls off a VLAN and only allows it to the internet. This is on a 3750G, currently the 3750G I am attempting this on is in a stack. I have another 3750G that is a standalone.
The first way I attempted this was to create two access-lists: access-list 101 permit tcp 10.249.1.0 0.0.0.255 any eq 80 access-list 102 permit tcp any 10.249.1.0 0.0.0.255 established
Let's call the 10.249.1.0 VLAN 2. I applied this to the VLAN2 interface, 101 out, 102 in. It didn't work. If I place a deny statement with nothing else, that works.
The second attempt was this: access-list 101 deny ip 10.249.1.0 0.0.0.255 any access-list 101 permit ip any any
I applied this to a VLAN I wanted to block VLAN2's traffic from reaching, let's call that one VLAN 3.
This lets all traffic from any VLAN (including the one I'm trying to block). If I remove the "permit ip any any", then all VLANs are denied. Which I understand is correct due to the implied deny all. What I don't understand is why it isn't applying the ACL to the specific VLAN.
Cisco Switching/Routing :: SW 3750 - ACLs For DHCP
Apr 16, 2013We are configuring ACLs for a dhcp pool on Sw3750
ip access-list extended Test
permit ip any 192.168.1.0 0.0.0.31
permit ip any host 172.16.1.1
And, here is dhcp pool:
ip dhcp excluded 192.168.1.1 192.168.1.3
ip dhcp pool Name
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
But when a PC try to obtain IP automatically, it doesn't work.
Cisco Switching/Routing :: Cat4500 With IOS-XE And Object Group ACLs
Feb 5, 2013Any one know when object-group ACLs will be supported in cat4500 IOS-XE ?? Doesnt seem to be supported now.
View 1 Replies View RelatedCisco Switching/Routing :: Configure 881 Router To Act As DHCP Server?
Jul 9, 2012Is it possible to configure an 881 router to act as a DHCP server to 4 VLAN's each with a different scopes all through a single ethernet interface?
View 2 Replies View RelatedCisco Switching/Routing :: Upload Large ACLs To NX-OS Nexus 7009?
Feb 3, 2013We are migrating from Catalyst 6509 IOS platforms to Nexus 7009. There's the normal differences in commands which is well doucumented. We do have some quite large files containing ACLs varying from 10's of lines to several 1000's of lines. Our normal upload would be done using tftp and then issuing the command 'conf net' on the the 6509. This is no longer the way to do this on NX-OS. I've tried copy ftp: running-config which works fine for small files but for big ones it takes a long time, in some cases I've see it takes 20-30 minutes. The initilal tftp uplaod to the 7009 seems OK but the copy into the running-config is the bit that takes time and initially I thought I'd killed the 7009!! It did finally come back to the prompt. Are the 7009's simply not designed for large ACLs? I did try the configure session (Session Manager) but I couldn't see a way of uploading a file. I tried creating a new session and then exiting it, copying in a file of the same format and then commiting it but it didn't seem to acknowledge the file (checksum?).
View 10 Replies View RelatedCisco Switching/Routing :: Configure New Server With Nexus 5548 Switch
Jul 15, 2012My Name is senthil i need to configure new hp sever with Nexus 5548 how to config.. server side everything finished just i need only
Config tips for Nexus 5k for New server
Cisco Switching/Routing :: Unable To Configure Access Server On 2509
Mar 26, 2012I am having trouble trying to configure my cisco 2509 cisco router for access server. I have two guides shown below: URL and URL
However I am running into some problems. I can go through the second guide up until it asks me to do this command
Step 5: Configure the transport input protocol on the async lines to Telnet.
Access_Server(config-line)#transport input telnet
I cannot put in Transport Input, I only have the option of doing Transport Output let me show some lines from my console:
---------------------------
Access_Server(config)#line 0 14Access_Server(config-line)#no execAccess_Server(config-line)#transport input ?% Unrecognized commandAccess_Server(config-line)#transport ? output Define which protocols to use for outgoing connections preferred Specify the preferred protocol to use
Access_Server(config-line)#transport
------------------------
Im not sure whats going on. I have two routers(cisco 2600 series) plus my 2509 cisco router I am going to use for a access server. I have a two switches 2950 series and I have the access server connected to all of them via a octal cable.
Here is the configuration from the access server:
--------------------------------------
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Mon 17-Mar-08 14:39 by dchih
cisco 2509 (68030) processor (revision M) with 14336K/2048K bytes of memory.
Processor board ID 22840809, with hardware revision 00000000
Bridging software.
Cisco WAN :: 877 Configure Port Forwarding To Remote Server Over Tunnel?
Jun 28, 2012Can this scenario be done one the cisco 877 router? I have VPN Ipsec up and runing on both site. How can to configure the port forwarding to the remote server over the tunnel? url...
View 16 Replies View RelatedCisco :: To Configure MAC Based ACLs With AIR-SAP1602I
May 19, 2013I want to buy an AIR-SAP1602I-E-K9 and I don't know if I can configure a MAC-BASED ACL with this AP, because I must permit the access of the wireless netwok only to determined wireless devices.
View 4 Replies View RelatedCisco Switching/Routing :: Configure 1941 With Routed Subnet From ISP To Forward To Server
Feb 13, 2013I have some questions about how to configure my Cisco 1941 with a routed subnet from my ISP to forward them to 1 or more servers in my LAN.1 Routed subnet /29 from my ISP (over a fiber connection).In my LAN I have (at the moment) 3 servers, and about 15 clients.I would like to use the first ip address from the routed subnet for internet traffic from all the clients in the LAN.I would like to use the second ip address from the routed subnet for server1 so that server1 accept some allowed connections and that server1 connects to the internet with the second ip address from the routed subnet
I would like to use the thirth ip address from the routed subnet for server2 so that server2 accept some allowed connections and that server2 connects to the internet with the thirth ip address from the routed subnet.I would like to use the fourth ip address from the routed subnet for server3 so that server3 accept some allowed connections and that server3 connects to the internet with the fourth ip address from the routed subnet.[code]
Cisco Switching/Routing :: Nexus 7009 Need To Configure DCNM Server To Get License
Jun 18, 2012We've gotten two Nexus 7009's in and I'm starting to configure them when I found I couldn't add VDCs. I found there was no license installed but the only licenses I found that came with them are "Cisco DCNM for LAN Enterprise Lic for one Nexus 7000 Chassis". So my question is this - do I need to configure a DCNM server to get the license pushed to these two 7009s or should there be another PAK for each chassis that I can register and get my enterprise services?
View 1 Replies View RelatedCisco Switching/Routing :: Configure Two 3845 Routers To Act As DHCP Server / Relay?
Feb 14, 2012I am trying to configure two 3845 routers to act as dhcp server and dhcp relay. Clients are connected to the router that relays all dhcp requests to the vrf instance which is used to connect it to the router wich is running dhcp server.
Router1
ip vrf dhcp_dns
rd 8:1
int gi0/0
ip vrf forwarding dhcp_dns
ip address 192.168.200.5 255.255.255.248
[code]...
So far I can see dhcp requests coming from the R1 and dhcp server on R2 replies with the dhcp offer but PC is not getting any ip.
Cisco Switching/Routing :: 3750 - Configure Syslog Server For All Of Device Logging?
Feb 5, 2012I'm looking to configure a syslog server for all of my cisco device logging. I've had a look at CNA and can't find any options to define a syslog server for my switches.
What's the best way to define a syslog server and the severity of the notifications? Also, i'm looking to clear all previous Syste mmessages fon my devices?
Cisco Switching/Routing :: 3550 - Configure Firewall DHCP Server Through 10.1.1.0 Connection?
Oct 2, 2012Is there a way to configure a DHCP server for my internal subnet of 192.168.20.1 which is on a 3550 layer 3 switch from my 5505 ASA Firewall.My subnet of 10.1.1.0/30 is connecting my 5505 to 3550. All I'm trying to do is run a DHCP server down to my hosts. The only options on ASA 5505 is
dhcpd address 192.168.20.1 - 192.168.20.254 outside or inside, which conflicts with my subnet of 10.1.1.0 used to connect my internal subnet of 192.168.20.1 for the whole network.
When I used my router it did not need the (inside, outside) keywords and just an ip helper-address command. How do I configure my my firewall DHCP server to propagate the 192.168.20.0 network through my 10.1.1.0 connection.
Cisco Switching/Routing :: Configure 2960 8 Port Switch With DHCP Server?
Jun 24, 2012I need to configure a Cisco 2960 switch as a DHCP server. The current IP address will be on a different seed than the DHCP addresses. i.e.
Switch IP = 10.1.2.3, GW = 10.1.2.1, Subnet = 255.255.255.0
DHCP addresses would be 192.168.1.1 - 200, GW=???? (10.1.2.3?) and subnet would be 255.255.255.0
Cisco Switching/Routing :: 2960 SI Lan Lite ACLs - Configuring For Admin And Guest Access
Jan 26, 2013I have a 2960 SI lan lite switch that I am configuring for admin and guest access. I have wireless AP's plugged into trunked ports 2 and 3. I am using two vlan's (in addition to the native VLAN). Vlan 5 for Admin and Vlan 10 for guest access. I have ACL configured on the router preventing guest users from accessing the Admin network. I want to prevent those on the guest network from seeing other hosts in the vlan however the lan lite software does not support port ACL's. Any way to accomplish this with this switch.
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
[Code]...
Cisco Switching/Routing :: Configure 2951 To Send Logs To Kiwi Syslog Server?
Dec 21, 2011I have configured my 2951 router to send logs to my Kiwi syslog server like below.
#logging 10.20.20.52
But I am not receiving any logs from my router, the same has configured on my asa5520 and its sending logs.
Cisco Switching/Routing :: Configure 3560 To Force Client To Get IP By DHCP Relay Server?
Jul 30, 2012How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable )
the how to configure on a cisco 3560 ?
Cisco Switching/Routing :: Configure LACP In 3750 For Two Port Connected To Dell M6220 Server Switch?
Aug 1, 2012We have Dell M6220 blade server that server is connected to cisco 3750 switch. I am trying to configure LACP in 3750 for two port which are connected to Dell M6220 server switch. The channel-group 2 mode active commande is not taking then its showing the error protocol mismatch and if i run show int port-channel 2 command the port channel status is showing down. The Dell server switch is on simple mode. below i have attached the required details.
Switch#show int port-channel 2
Port-channel2 is down, line protocol is down (notconnect)
Hardware is EtherChannel, address is 0000.0000.0000 (bia 0000.0000.0000)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
[code]...
TP-Link Dual-Band Wireless :: TL-WDR4300 Configure Ftp Server For Remote Access Of Shared Storage HDD
Jan 26, 2013Region : Singapore
Model : TL-WDR4300
Hardware Version : V1
I need to set up remote access to my HDD connected to my WDR4300, so I can always go online when I am out to retrieve the saved files in the HDD. However I have zero knowledge of network setting of the FTP servers, I can gain access when I am home and connected to the Wireless network, but how to gain access remotely.
WRT610N Server Acts As Gateway Using Routing And Remote Access
Feb 1, 2011I've recently installed a new WRT610N router onto my small business network. Previously my network was as follows: Modem - Server - LAN where the server acts as a gateway using routing and remote access.
The addition to the setup now has the router between the modem and the server itself. After configuring everything - and DISABLING the router firewall and as last resort opening the server to the DMZ i'm having serious issues opening specific ports but not others.
To be specific - the server is sitting in the DMZ open right now. In my routing and remote access any port that I have being forwarded over to another computer is open from the internet with no issues. The problem lies with ports that need to be opened on the server itself with 127.0.0.1 where i'm getting a "connection timed out" from canyouseeme.org.
Why the local opening of ports is having issue? Before the router was installed everything worked great - however the router is needed for wifi and it cannot be configured as an access point only.
Cisco Switches :: SG300 VLANs - Routing And ACLs
Jan 20, 2013I have a SG300-28P that is our Main VLAN Switch. Though the VLANs that I have on it are there mostly because of our Edge Router and our AP541Ns.We have the Following VLANs defined (Subnets Changed to conseal Piblic IPs) [code]
VLAN200 and VLAN201 come into Our Edge Router and out on a Single GE Port via VLAN Tagged to thje SG300.The SG 300 Splits them out to Untagged Ports and they are connected to Two Firewalls, each with a IP in the 200 and 201 Subnets. The AP510 has the VLAN200, VLAN192 and VLA101 tagged Subnets sent to it. The AP521 has three SSID, each associated with a Paticular VLAN.
This all works fine, though there are a few hidden flaws. Since all of the VLANs are present, both Internal and Public IPs, one could craft packets form one network and use the SG300 as its gateway to the other subnet and Gain Access. How can I isolate the Subnets, so that I can still use the SG300 as a Default Gateway for the 10.1.0.0/16 Network Make it so if someone from the 10.1.0.0/16 netwok accesses the 201.201.201.0/24 Subnet it uses the SG300's 0.0.0.0 0.0.0.0 default router (the Firewall IP) and not the VLAN InterfaceIf somone in the 201, 200, 192 Subnets uses the SG300 as a Gateway and tries to access a 10.1.0.0/16 address it gets blocked.
Cisco Firewall :: Configure ASA 5510 For Individual Server Traffic Routing
Jan 27, 2013I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?
Protocols / Routing :: How To Configure VLAN Part Of Hyper-V Server
Oct 29, 2011I'm trying to set up VLANs in my network.So the first device after the internet cloud is my ISP modem/router. I don't really use the router part. The second device is my Linksys WRT54G router with DD-WRT firmware on it.Between the two, there is a subnet just for them. After the DD-WRT router, there is a subnet for my LAN.The third device is my netgear GS108T switch (with vlan support) to which almost all my computers are hooked up. One of those computers is my server that is domain controller and has the roles as shown in the image. What I would like to do is to create several virtual machines in Hyper-V. The trick is that I want to isolate them from the rest of my network. They should be able to access (and be accessed) from the internet but not the rest of my network. So my whole network should be in the same VLAN but each VM should be individually in separate VLANs.
1) I've allready created the VLANs on my Netgear Switch. I know my DD-WRT also has VLAN support. Do I need to create the same VLANs on that also?
2) How to configure the VLAN part of the Hyper-V server? (by the way, my server OS is Windows Server 2008 R2 with the hyper-v role, it's not the bare-metal hyper-v)Should my Virtual Switch be in VLAN 10 and my VMs in the other VLANs?Should the port (on the netgear switch) in which my server is connected, be in VLAN 10 (so that my server is accessible from every other computer in the network)?
Cisco WAN :: ASR1002 - Inspection Of ACL Hits
Aug 17, 2011I'm aware ACL's are handled in hardware on the ASR platform but wondered if there was any way to inspect how many hits we get on each line of an ACL on the ASR, I can't seem to find a command to do this.
Using LOG is not possible due to the large number of hits.
Cisco Firewall :: ASA5510 - Number Of Hits For ACL
Sep 29, 2011I am using ASA5510, and I would like to know if we should reset the number of Hits for ACL ? Actually this number increase in front of each ACL. Is there any specific configuration ?
View 4 Replies View RelatedCisco Switches :: SG200-08 CPU Hits 100% After Running For One Month
May 4, 2013After running for about one month, my SG200-08 hit 100% CPU and pings increase from under 1ms to 300ms. I purchsed the SG200-08 for home due to its support for IGMP snooping. I have a TELUS Optik TV service at home which uses the Microsoft Mediaroom platform and multicast on the local LAN. When the SG200-08 hits 100% CPU, my Cisco STBs start to exhibit multicast issues due to delayed or dropped IGMP messages. I recently upgraded the SG200-08 to firmware 1.0.6.2 hoping that it would fix the issue, but it hasn't worked. [code] Smoking latency graph of the SG200-08 ICMP response time. On May 1st the CPU spiked to 100% and the laency increased to 300ms. The problem has been occuring since I installed the SG200-08 with the CPU spiking to 100% about once a month. Rebooting the SG200 will clear the issue.
View 3 Replies View RelatedCisco Firewall :: 5520 - How To Check Hits On Particular Allowed IP
Aug 10, 2011i allowed one of internal ip using static nat and public ip is 203.18.137.22 and i want to check which IP are hit this public ip ?Is there is any command to check which ip is hitting 203.18.137.22? I have the cisco 5520 asa firewall.
View 6 Replies View Related