Cisco Switching/Routing :: N7K Hardware Access-list Resource Pooling Command Not Working
Nov 23, 2011Not sure why the N7K M1 card doesn't take this command. It works on other N7K at different site. [code]
View 1 Replies
ADVERTISEMENT
Cisco Switching/Routing :: 1841 Need To Block MAC Address / Applied Command Access-list
Sep 4, 2012I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work.
View 24 Replies View RelatedCisco Switching/Routing :: WS-C6513 Command To Check 6500 Switch Performance / Resource Usage
Apr 25, 2013I am on a call right now troubleshooting some latency issue. The CPU usage on the sup card is low. Don't see any drops or input errors. I am aware that the switch and its modules have capability limits. Is there command I can run which will tell me if any module is overloaded or if the fabric/backplane is over utilized?My chassis is WS-C6513 and sup card is WS-SUP720-3B.
View 3 Replies View RelatedCisco Switching/Routing :: 192.168.10.10 / VLAN Access List Not Working?
Sep 5, 2012Extended IP access list VLAN20
10 permit tcp any any established
11 permit icmp any any
20 permit tcp any 192.168.20.0 0.0.0.255 eq 80
30 permit tcp any 192.168.20.0 0.0.0.255 eq 443
40 deny ip any any log
[code].....
Above is the network diagram and access list for VLAN 20 and VLAN 30, applied on incoming direction of each valn.But still able to access other port which is not on access list, tried changing the direction with no luck.Inter vlan routing is enabled on CoreSwitch default router is 192.168.10.10
Cisco Switching/Routing :: 3700 - Command Rejected / Bad VLAN Allowed List
Aug 24, 2012Im trying to simulate a switch in Gns3 and i use 16ESW module in a cisco 3700 router. why im getting this record after i try to filter which vlans pass through my trunk port:Router(config-if)#switchport trunk allowed vlan 2,3,4 Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.
View 6 Replies View RelatedCisco Switching/Routing :: Debug Command Not Working On Nexus 5548?
Nov 15, 2012My Nexus is a 5548-UP model, NX-OS version : 5.1(3)N2(1b)
I try to debug an OSPF and an ICMP problem using the debug ip ospf command and the debug icmp command but not output appear on the terminal. As the switch is remote, I entered the terminal monitor command of course.
SG01NX01# terminal monitor
SG01NX01# debug ip ospf 1 packets
SG01NX01# show debug
[Code].....
Cisco Switching/Routing :: (no Shutdown) Command Is Not Working In 2970 Switch Port
Apr 9, 2013a switch port is shutdown, but when i use NO SHUTDOWN command it is working and shows administratively down. like this command does not affect on it. i should enable this port? what can i do btw, port is not in errdisable and portfast is enabled.
View 3 Replies View RelatedCisco Switching/Routing :: 3560 - Access List On InterVLan Routing
Dec 11, 2012I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B
Network A. 10.0.12.0/24
Network B 10.0.24.0/24
The configuration is
interface Vlan1
description Data VLAN
[Code].....
Cisco Switching/Routing :: Nexus 7010 IP Telnet Source-interface Command Not Working
Aug 20, 2012I have configured the ip telnet source-interface Loopback 0 command on a Nexus7010, but when I telnet to another device and do a show users, the ip address is of the closest interface to the device I telnet to, not the ip address of the Loopback. All interfaces are in vrf default. I am running 5.1(6) NXOS.
View 6 Replies View RelatedCisco Switching/Routing :: 4500 And Mac Access List
Apr 11, 2011I'm looking to implement a vlan filter to keep unnecessary stuff off my access-layer. Things like IPv6, IPX etc. I really only want IPv4, ARP and 802.1q on these 4500s. I know on 3750, 3560s etc, when I create the mac access-list, I can do it by ethertype, but on the 4500, I dont have that option.
4th_floor(config)#mac access-list extended Drop-traffic
4th_floor(config-ext-macl)#permit any any ?
protocol-family An Ethernet protocol family
<cr>
4th_floor(config-ext-macl)#permit any any protocol-family ?
appletalk
arp-non-ipv4
decnet
[Code]....
Cisco Switching/Routing :: 1800 ISR Without Access List?
Apr 19, 2012I have an 1800 isr that is running with port forwarding only. It is running a series of ip nat inside source static address port address port commands. It does not have an access list bound to the outside interface. This is working fine, but i am wondering if this is a security concern?
View 1 Replies View RelatedCisco Switching/Routing :: Switch Port Auto-state Exclude Command Not Working In 4500
Jun 3, 2013I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
View 4 Replies View RelatedCisco Switching/Routing :: 3750 How To Write Access List
Jan 15, 2012i have one Cisco 3750, am using it as Core Switch where i have 6 more access switches are connected deirectly, and we are using VLANs in our network with the IP reange of 172.16.0.0 , now we had a new Internet connection which is dedicated to Exchange Server only.So we have TWO internet connection One for internet access to all users and another one for only Exchange Server.internet connection for the users is termiated at a Cisco 1700 Series Router and Internet for Exchage Server is terminated at a Cisco ASA Firewall.Now the problem is how can i write an access list, which says that all packets from Exchange server should be routed to ASA Firewall , and all other packets shoulde route to Cisco Router.IP address os Exchange server is 172.16.2.1, 172.16.2.2.
View 13 Replies View RelatedCisco Switching/Routing :: 4506 - Interface Access-list
Nov 14, 2011I have one computer connected to the 4506 that management does not want this PC to have access to anything on our network except our DHCP server and the one printer that resides on our network. I created an extended access list as follows. Our network is the 10.10.x.x and the external addresses the PC needs to access is 11.1.x.x. Once this PC is rebooted, it is unable to access DHCP to get the needed IP address it bounces back to a 169.x.x.x address and stops working.
Extended IP access list 2000
permit tcp host 10.10.200.242 host 11.1.200.1 (gateway)
permit tcp host 10.10.200.242 host 11.1.2.151 eq smtp (access from the pc to external server for smtp)
permit tcp host 10.10.200.242 host 11.1.2.149 eq 5721 (access from the pc to external server for remote access)
[ code]...
Then I applied the access-group 2000 on the interface the PC is connected to. What am I missing for DHCP to work and for this PC to always get the ip address that is reserved?
Cisco Switching/Routing :: Not Able To Assign Access List To CMP Interface Of Nexus 7K
Feb 6, 2013I am trying to harden my Nexus box and I am not able to ACL assigment command. Following are the commands I am trying to add.
interface cmp-mgmt module 5
Ip access-group NETWORK_MANAGEMENT_ACCESS in
Cisco Switching/Routing :: 239 Multiple Static RPs And Access-list Behavior
Aug 14, 2012I configure multiple static RPs and one of the ACLs denies a source will it move on to the next entry that covers it in another acl? [code] i.e. 1.1.1.1 will be used as the RP for 224 to 238 and 2.2.2.2 will be used as the RP for 239.Will that work correctly, i.e. if a source is trying to register with the router and its for the group 239.1.1.1, will it be denied against the first RP and then permitted against the second RP?
View 2 Replies View RelatedCisco Switching/Routing :: 3550 / Access List - Block One Ip Or Port
Jan 9, 2012I have a layer 3 switch, 3550.I have several vlans on there just for playing around with. One of the vlans, has a vonage linksys box attached to it with a UK number attached. From time to time telemarketers call at 03:00 in the morning, this as I'm sure you can imagine is not much fun. The linksys box gets 192.168.3.3 as it's ip.The switch is connected to a non cisco router at 192.168.0.1
interface FastEthernet0/24
no switchport
ip address 192.168.0.2 255.255.255.0
I was thinking a time based access list would work best I have tried several variations but the phone still rings. I have tried access-list 1 deny host 192.168.3.3 permit ..... and more extensive lists but the phone still rings. I have not applied the time-range yet, so that's not the problem.I have applied the list to the vlan interface and to fa0/24 but it's not working.
Cisco Switching/Routing :: Vlan Access List In 3750x Switch
Feb 6, 2013I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
Cisco Switching/Routing :: 2960 - Mac Access-list Time Based
Dec 11, 2011I need to enable/disable a mac access-list on a 2960 scheduled by time. The switch has lanbasek9-mz.122-44.SE6. As the mac access-list can not support time ranges, I tried EEM but seems like it is not supported in this device.
View 1 Replies View RelatedCisco Switching/Routing :: 4948 - Configuration Of Access List For VLAN 2
May 19, 2013In my core Switch,there are 2 v LAN(V LAN 1 & V LAN 2)my switch is Cisco 4948,so be default ip routing is enable in it. My all servers (DHCP,HTTP,HTTPS) are in v LAN 1 & internet is also in v LAN 1.
My requirement is that v LAN 1 user should not communicate with the v LAN 2 and vice versa. But the v LAN 2 users need an access of all servers and internet which is in v LAN 1. How to configure the access-list. I have try on Packet tracer which i have attached.
note:v LAN 2 user should get the IP from dhcp server which is in vlan1.
Cisco Switching/Routing :: 4503 -MAC Access-list Extended To Only Allow Gateway Traffic
Nov 7, 2011We have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it. The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command. So we implemented a MAC Access-List Extended ACL. Here is what we did
mac access-list extended BLAH
permit #host 0000.XXXX.YYYY any
interface range fa 2/5 - 20
mac access-group BLAH out
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20. We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening. The TUT devices are learning about MAC addresses that are on other TUT devices.
Cisco Switching/Routing :: 3560 - No Access List On Switches And No Firewall Between Sites
Jul 15, 2012I have 3 3560 switches which are configured with trunks between them. They run vlan 10, 11 & 12. I have a 'core' switch (switch 1) of these 3 to which an MPLS router is connected on vlan12. I in addition have another switch hanging off the 'core' switch via a routed link (switch 4). I have EIGRP configured as a stub and as such the IP address on the routed link at the core switch end is of a /24 from v lan 1 on the other switch. This makes the route directly connected and therefore distributed via EIGRP stubs. Switch 1 is then exchanging routes with the MPLS router (via EIGRP).
The problem I have is that from any sub net on any switch (switch 1, 2 or 3) I can ping 192.168.13.1 (switch 4). When I try and ping switch 4 from over the MPLS I am unable to. If I trace to the switch I see it reaches the outside of the MPLS router, but is then unresponsive. The same applies if I try to ping switch 1 on 192.168.13.2. Any of the other IP addresses of switch 1 respond.
The MPLS network is a managed solution to which I have no access. I'm told that the MPLS provider is able to ping switch 1 & switch 4 on the 192.168.13.x addresses from a remote router (192.168.32.2). I have tried from a switch on the same L2 sub net (192.168.32.1) and I don't get a response.
From switch 4 I am able to ping the switch on 1 of it's interfaces (192.168.19.1), but not the interface I mentioned above 192.168.32.1. There are no access lists in place on the switches and no firewalls between the sites.
Cisco Switching/Routing :: 5548 Add Access List To Both Switches Not In Config Sync Mode
Mar 21, 2012I have two 5548's in sync mode: I have an existing ACL and I want to add a new line to it, but after I do and try to commit it states the verify failed. [code]
I have to add access list to both switches not in config sync mode.
Cisco Switching/Routing :: Nexus 5548 - Hardware Port Channel Resource
Mar 30, 2012I am having hard time in understanding the hardware port channel resource concept in Nexus 5Ks. Which scenario is considered as a hardware port channel and which is not. According to Cisco documentation, 5548UP switch with layer 3 daughter card only supports 8 hardware port channels, does this mean we can connect only 8 dual homed Fex to those 5Ks.Will a dual homed fex consumes a hardware port channel?
View 4 Replies View RelatedCisco Infrastructure :: Mac Access-list Not Working In 4500?
May 21, 2006I am trying to use deny mac acl in the 4500 series switch runnning cisco IOS but the command seems to be not working.
Here is the command,
mac access-list extended ABC
deny host 0001.8052.25FF any
int f4/11
mac access-group ABC in
Is there anything I am missing or is it a bug.
Cisco Switching/Routing :: Access-list Logging Rate-limited Or Missed XXXX Packets On 3560G
Jun 3, 2012I'm getting this error message on syslog server (Kiwi syslog)access-list logging rate-limited or missed XXXX packets i did the following commands but still I'm getting the error :logging buffered 16386 debugginglogging rate-limit all 5000no logging consoleno logging monitorip access-list logging interval 30000ip access-list log-update threshold 30000 i don't want to report to the console or monitor i want to report direct to syslog server, because I'm monitoring all the traffic (permit ip any any log) !
View 2 Replies View RelatedCisco Switching/Routing :: 2951 - IP Access-group In Command Not Allowing DHCP
Feb 27, 2013I have a Cisco 2951 Router and I am trying to set it up to use DHCP and for security purposes I need to use the "IP Access-Group in" command. The DHCP will not work when I have this command on the interface that I need to run it through, DHCP works fine when I do not have the "IP Access-Group in" command in the configuration. When I check the log after the failed DHCP attempt it shows up as denied, as if it's being blocked. The IOS I have is c2951-UNIVERSALK9-m 15.0 (1) M3. Conf Reg 0x2102.
View 6 Replies View RelatedCisco :: Command To List Firewall Rules?
May 17, 2012Boss wants a listing of the firewall rules only. What's a command I can run that will give me a listing of this?If I can get an output of firewall rules only, via GUI, that'll work too. It just needs to end up with a printout on a piece of paper telling me what the firewall is doing.
View 17 Replies View RelatedCisco WAN :: 1921 - Priority List Command
Apr 24, 2012Our company had been buying Cisco 1841 routers for years and they have served us well. The 1841 was discontinued and instead we have now purchased a Cisco 1921. It is brand new, running "Version 15.0(1r)M15" of IOS ("usbflash0:c1900-universalk9-mz.SPA.151-4.M4.bin" file).
On our older Cisco 1841 routers, we would always prioritize certain TCP and UDP packets using the priority-list command. However, I have suddenly discovered that priority-list is not available on this brand new router. (?) I am unsure why. I did some reading and according to the document [URL], and priority-group are unsupported in Cisco IOS 15.
Later version of a product isn't as fully-featured as the earlier version. I want to prioritize the following type of network traffic.
UDP ports 8000 through 8063, 2427, 2727, 9300, 9301
TCP port 35300, 60001 through 60010, 2065, 33333, 3065
giving them a higher priority than the rest of other packets. This is necessary for our vendor's VoIP implementation. These packets should be "high" priority; everything else can be "medium."
How To Delete Run Command Dropdown List
Feb 25, 2011How to delete run command dropdown list
View 1 Replies View RelatedAccess Multiple Local Resource From Web
Sep 20, 2012I have a few servers and resources on my local network. A Web server,a game server, a ventrilo server, a few ip cameras with web interface, an IR to IP bridge (web interface),a VPN, a few routers throughout the house, etc. I've been wondering how to get access to those devices from the web, in particular to be able to access the web interface of those devices. VPN access is excluded,I want to do it from a browser.Right now my setup is pretty simple: I have a domain name,and my router is set to forward a :80 request to my web server.Same for the VPN and game serves,at their respective ports.However, I need to be able to access the other web interface,and since I cannot assign an external port to each device in the router table and add the port number at the end of my domain name (not possible of course), I need to find a way to access these other web interfaces.I was thinking of setting a webpage on the web server which lists all resources and their links,but I am not sure if it is possible.For example,I create an admin page on my server asking for a login.Once logged in,a webpage appears displaying IPCam1 for example.Clicking on this link would forward to the local ressource,in this case 192.168.x.x:99 (the address of the cam web server)however,I do not know HTML and I am not even sure it is possible.
View 7 Replies View RelatedWindows 7 And XP Machines - Network Resource Access?
Jun 20, 2011We have a Windows 7 machine and two Windows XP machines. We use windows sharing of resources over a cisco wireless network. Sharing works fine on all computers for files and printers, however the DVD/CD Rom drives are not accessible.Sharing is enabled on all of these devices.When we try to access these DVD/CD Rom drives we get the following error message:Windows cannot access //computer name/resource name.You do not have permission to access //computer name/resource name. Contact your network administrator to request access.
View 1 Replies View RelatedCisco Switching/Routing :: 3750 HTTP Access Not Working
Jul 30, 2012I am facing issue with http login after IOS upgrade on 3750 switches. I upgrade IOS from c3750-ipbase-mz.122-35.SE5.bin to c3750-ipbase-mz.122-53.SE2. bin Any other command I have to run.
View 1 Replies View Related