Cisco :: Upgraded Configuration Of About 650 Devices
Apr 5, 2012
I have upgraded the configuration of about 650 Cisco devices (catalyst switches, routers, ASA, VGxxx, etc.) so as to integrate a new AAA server (Cisco ACS 5.3). This AAA server is bound with an Active Directory Server (MS Windows Server 2008 R2) for user authentication (only for admin purpose not for network access).Before this upgrade, the AAA server was Cisco ACS 4.1 (not bound to the Active Directory Server). Cisco devices are managed with a Cisco LMS 4.01 server. I modified the Network Level Login Credentials of the full privileged user of LMS because any caracters of the password were not accepted by AD. Therefore, in order to maintain the telnet connection availibility beetween the LMS server and the network devices, I had also to upgrade the appropriate device credentials in DCR. Finally I got the following issue when performing the credential verification : telnet incorrect !
When performing direct telnet connection with TeraTerm, I can reach the device and the user authentication is well performed by the ACS server and the AD server. Log files on the ACS 5.3 server show the accepted connection, the initiator and the tarjet device.But when LMS sends a telnet connection on to the same device (through a credential verification job), the ACS 5.3 does not receive the authentication inquiry (nothing in the tacacs+ log file). When performing AAA authentication debugging on the switch, the bind message repeats many times with no following authorization message (as requested also in debug). [code]
I reversed to the initial configuration of the switch (with ACS 4.1 as AAA server, not bound to AD) and performed a test with the same LMS server (with reversed credential data). The credential verification job is successful and the debug mode of AAA shows a correct negotiation beetween the switch and its ACS server : [code]
Indeed the ACS 4.1 authentication log file lists the successfull connection of the LMS server to the switch.In the two cases I exported the device credentials to a csv file to check the availability of each.
So, how to explain why a telnet session initiated by a terminal, can connect in both cases (ACS 4.1 ans ACS 5.3) to the switch and a telnet session coming from a LMS job can only connect to the ACS 4.1 server? When the switch "sees" an incoming telnet session request from everywhere, it must send it to the AAA server specified for authentication. I do not anderstand why the request from LMS is not sent to ACS (no record in log file, even according authentication deny.
I'm having a cow of a time trying to implement a NAT configuration after having upgraded our ASA5510 recently from IOS 8.2 to 8.4. The upgrade went fine, however we now have a need to add a new NAT rule and I'm not sure whether it's possible.
The upgraded NAT rule and access list works fine at allowing external access to a web server.
However we now need to NAT the SOURCE address (either to a pool or single address) of incoming http requests before forwarding the request to the server. Hence the server will see all requests as originating from a pool with a route heading back to the ASA. The basic issue is that the severs default gateway does not return to the ASA, so "tagging" the source address of external requests to an address or interface associated with the ASA should allow the server to return the traffic to the ASA. I know we shouldn't be doing it this way but we can't see any alternative.
Having read a huge amount of examples we can access the server with the above config (or Object NAT), and we can NAT incoming traffic,however we can't combine the two by having all external http requests Source Natted before forwarding to the server.
I have some problem with WS-C4006 Cisco Catalyst that LMS doesn't collect and put into "never collected" area. I also see that those devices doesn't show the classic prompt ">" and "#". Could be the main problem ? If yes how can configure LMS to recognize a different prompt for devices.
i have upgraded a PIX 525 lately to a 5510 ASA, but i have faced a problem after this.One of the DMZ's are connected to a switch that is not connected to my VTP domain on a DMZ port.
with access-list to permit from host to host with all ports opened.my problem is that the outside client is able to initiate a windows VPN to a server that i have in the DMZ, BUT it disconnects after almost 10minutes. What might be the reason of the disconnection.Note, a cisco remote access VPN is also configured on the FW, and it doesnt disconnect.
I have a brand new ACS version 5.2. Everything is working fine. I go to cisco website and download the following packages:5-2-0-26-8.tar.gpg From there, I ssh into the ACS and performed the following: acs patch install 5-2-0-26-8.tar.gpg repos acs-52-patch That works without any issues. My ACS is now upgrade to 5.2.0-26-8 An hour later, when I tried to perform this: acs patch install ACS_126.96.36.199.tar.gz repository Upgrade_to_5.3.0. it is not working. I get this message: Failed to copy file 'ACS_188.8.131.52.tar.gz' from repository Upgrade_to_5.3.0 (Error -306).
I have a Cisco 881W router. It has historically run IOS 12.4 (20.T3) without issue. I recently upgraded the IOS to version 12.4 (24.T5). Once I made that upgrade, my ability to fully throttle my downstream bandwidth became seriously limited and variable going from a steady 6Mbps to an unreliable 2-3Mbps. No other changes were made to my environment. The degredation in performance was so bad that my AppleTV would no longer stream Netflix or YouTube.I downgraded back to the original IOS 12.4 (20.T3) and the downstream bandwidth and variability issues disappeared. As well, my ability to stream movies or videos with my AppleTV on Netflix or YouTube returned without issue.I wonder if upgrading to IOS 12.4.24.T5 enabled some new commands that I'm not catching or there is something else at play that I'm totally missing.
I upgraded our 3560-48-ps switch from c3560-advipservicesk9-mz.122-35.SE5.bin to c3560-ipservicesk9.mz.122-55.SE4bin and is having issues now.
Since I upgraded to the new IOS our older machines on the network can no longer connect to the domain and is not getting an IP address sh ip dhcp binding and sh ip dhcp conflict does not show any output, however all newer machines on the network received dhcp addresses without any problems and can connect to the network and internet.
For testing purposes I put the old IOS back on the switch and the older machines could connect again and received dhcp addresses.No other changes were made to the config.
I did a comparison on Cisco's website and both IOS's support DHCP. Not sure why the new IOS would not give any output when I ran the commands.older machines : Apollos and NCS (They all have XP service pack 2 with Intel 2.8 processors.)
I have a SR520 router with the ADSL WAN built in. I am looking to ignore the ADSL port and utilise the 4 FA ports to route between two networks.Can I configure the ports on the switch part of the router to become Layer 3 and take there own Ip addresses? If so I can save myself the purchase of a new router.I have used loopbacks before but not sure that will work.
I have a big problem with my cisco wap4410n .. I have upgrade the firmware of this AP to V184.108.40.206 for supporting multiple SSID after my upgradation is finished ..one time I can able to access the administration page But when I connected to another system the same AP I cannot able to connect through ethernet .The network connection in the system shows connected for one second and not connected for the next second its simultaneously repeating the same ..and still not connecting ..i changed my ip setting to default ie 192.168.1.xxxx and again to old config 192.169.3.xx any way the same instance is showing ..
In the WAP the power led, wireless led , are connected good but the Ethernet led is blinking off on stage.I have many times hard reset the WAP but off no use the same happens .i could not able connect to WAP.This may be the worse case ever seen in wap4410n …
I recently upgraded my Pix 515e from 6.3 to 7.08. Upgraded pmd to adsm. If I do a show ver, it states 7.08. But, if I do show config, it still shows 6.3.Why would they be different? Since adsm runs fine, I know that the upgrade went fine.
I have an older router, Linksys WRT54G, how crappy is this?. How much better speed/connection can I get from a new router? . If you have any suggestions for routers under $100 that would be a big upgrade from this please post it.
I previously owned a Linksys WRT54G V.8 wireless router, I upgraded my router to a DLink DIR-655 N Router in hopes to improve my internet download speeds. As a comparison I ran several online speed test for both routers. However, All test yielded similar results with minimal improvements. I also downloaded large files utilizing rapidshare's download manager, again with no improvement in download speed. I thought moving from a G to an N router would improve my download speeds. The drivers on the DLink router are current. Are there any tweaks or tricks i can do to increase my download speeds?
I have a BEFSR41 that often goes brain-dead and the DHCP stops working. I've tried three times to download and install new firmware but it always fails with a "pattern mismatch". My current firmware version is 2.00.02 and the file I am downloading is 2.00.04 build 8. Yes, I have verified that my hardware version is 4.3.The download file from this website is corrupted.
I upgraded from Vista 64 bit to Win 7 64bit and one of the first things I've noticed was that youtube videos take forever to load, I use to stream on 720p videos in realtime but now even 360p can struggle to load, 480p videos you have to pause for 30 seconds. Oddly, speedtest indicate my full 15mbps down and 1mbps up, regular downloads go fast but streaming youtube, vimeo, or anykind of videos take a while.
My initial guess was that it has something to do with the Wi-fi PCI card. I have D-Link dwl G-550 and on windows compatibility center it says its not supported. Windows 7 automatically detected and installed its own drivers, it works ok.
We have an ASA5520 with VPN working fine.We replaced the router, which upgraded the OS from v12.2 to v15.0. We duplicated all the addressing and routing statements from the old router. Now the VPN still connects but the outside host can't ping the inside host anymore. The outside host can't ping any further than the inside interface of the router (10.4.1.1). The Router can ping the outside host, so I know the tunnel is up.I suspect there is a difference in the OS versions that is tripping us up. Perhaps in the way that we have reused the 10.x.x.x address range?
I have a situation where are three units stack of 3750 which i need to upgrade.The flash memory on all the switches are the same which is 57.4 MB. The tar file which I was trying to use was 21 MB.
Now the trouble is that the client wanted to do upgrade without overwriting the existing file. I tried doing automatic upgrade using tar file. It started all OK with downloading the tar file successfully on the master flash. but then it failed thereafter. It did not show any error on my telnet screen however I could see errors (Error code 10054) on the TFTP server regarding the download of the same file on the flash ( i am guessing this was the flash of the next unit in the stack).
" You need to make sure you have sufficient space available in the Flash of the master switch. The master switch should have twice the amount of space of the .tar image file size. This space is needed to store the .tar file as well as to store the content of the .tar file that you extract."
The tar file being 21 MB and looking at the dir below I dont think it is possible use this option since I dont have that much space. I have 34 MB free which according to the doco should be atleast 42 MB.what is the best option I have with me given the constraints that I cannot upgrade the flash at this stage.
1. Could I use the manual upgrade (using bin file) if that can do the needful,
2. Do I simple try automatic upgrade using tar file but with overwriting option so it overwrites the existing image on the flash.Could i take a copy of the existing image on the tftp server using "archive upload-sw" command?
3. Is there a way I could upgrade without transferring image onto the flash and instead using tftp for the stack switch to boot from?
Is the 5512 able to be field upgraded to a 5515 and so on through 5555? I.E. Can I add ram and other hardware to make the boxes more powerful as my requirements increase? I was hoping this would have been a new feature with the ngen firewalls.
I have the exact same problem: network adapter disconnects itself and I am unable to disable and enable it again, because it is unresponsive under the device manager and the network and sharing center. The only solution is to reboot the computer, where I can then have access to the network adapter and can reset it.This is since I upgraded windows vista to windows 7 4 days ago. I have upgraded all the driversI have uninstalled the network adapter driver and rebooted, and reinstalled the latest update with no difference.Running the computer in safe mode with networking has not yielded a crash so far, but have not tested this enough.I have tried disabling IPV6 as some people have said this could be reason, but it still crashes.It is somewhat different from what many people mention as I cannot reset the connection without rebooting (which I could live with). I do not use torrents or any site like that.
I previously owned a Linksys WRT54G V.8 wireless router, I upgraded my router to a DLink DIR-655 N Router in hopes to improve my internet download speeds. As a comparison I ran several online speed test for both routers. However, All test yielded similar results with minimal improvements. I also downloaded large files utilizing rapidshare's download manager, again with no improvement in download speedI thought moving from a G to an N router would improve my download speeds. The drivers on the DLink router are current
I upgraded my router from version 1.2 to 1.35NA, through the Tools / Systems page on the router (uploaded the bin file). I am connected to the router via a wired connection.
During the upgrade, the message said I wouldn't be able to access the webpage until 75 secs. I watched it count down the seconds and then when it refreshed, I could not get to my routers page: 192.168.1.2
The DLink Router is connected as a pass through router to my FIOS router, so that I can use the wired ports and I use the DLink as my wireless router (fios router wireless strength was poor).
All the lights on the router are working as though everything is ok. I am still connected to the Internet, so it appears that the pass through of my wired ports is still working after the firmware upgrade, but wireless is not. Not surprising. I expect I may have to upload my settings (which I did save), but since I cannot get to the routers page, I feel a bit stuck.
two more bits of into. I also tried getting to 192.168.0.1, which might be the default? and I cannot get there either. My Fios router is on 192.168.1.1 (and as mentioned, the DLink should be at 192.168.1.2). Fios Router reports that the 192.168.1.2 port is inactive.
I am today playing with the settings in my DIR-655 NA B1 router when I notice that a firmware upgrade is available.I clicked the button and the router automatically downloaded the file named DIR655B1_FW207NAB09.bin. I flashed it and was saying that it needed to wait 180 seconds (3 minutes) to reprogram the router after which it came up with a 404 not found on the screen. I am not able to access my router, it is bricked and I can't even re-flash the firmware comes back with Incorrect hardware ID image, Please check. I notice that the 2.07NA firmware file on the website is named DIR655B1_FW207NAB05.bin. What gives this is the first time a firmware upgrade has bricked anything I own?
I recently upgraded to Windows 8 with my XPS 16. I know the Intel R 5150 is not working right with Windows 8 just like everyone else I've seen post on various sites when they upgraded. My concern is.. when is there gonna be an updated driver!? You would think if Windows was gonna make it available to upgrade your OS to 8 that they would have all this straitened out. Now I have to get rid of 8 just so I can have WiFi!
I can't win. After dealing with the internet dropping once every two weeks, I decided that upgrading the firmware might work. Turns it all it did was exacerbate the problem and now my internet drops every few minutes. I've been plugged into my modem for a good 20 minutes at this point with no drops. Has my router just shit the bed or can this be fixed?
Currently my home network is being switched via TrendNet TEGs80G unmanaged gig switches. I have been using them for about a year now with no issues. As my home network becomes more advanced, I recently just added a Cisco ASA5505, I am thinking about swapping those unmanaged devices, 4 of them, to managed. I was looking at the Cisco SG300-10 for upstairs, and a 16 port variant for my main core. These devices do not support full Cisco IOS cli, but they are manageable with a rich feature set nonetheless. My question is, should I swap the unmanaged devices with the more expensive Cisco devices, or just keep what works and save the money until I really need to spend it. As previously stated, my home LAN works just fine as it is, however my WiFi, NTV550s, server and workstations are all on the same network. Probably not the most secure but it is what it is without VLAN support.
When my RV220W used firmware 220.127.116.11 the PPPoE login to AT&T/Bellsouth DSL worked just fine. I upgraded to version 18.104.22.168 and now it won't connect. The PPPoE connection still works from my prior Linksys router so there wasn't a change on the ISP side. Has something changed in firmware 22.214.171.124 that requires a change to the PPPoE profile?
DSL Modem is a Motorola Netopia (model 2210-02) with firmware 7.7.3r10 operating in Bridged mode.
I recently upgraded a relatives Dell Inspiron 1545 laptop from Windows Vista Home Premium 32bit! To Windows 7 Enterprise 64bit. Previously this was connected wireless to a netgear router. On upgrading the OS i have found that the previous network is no longer showing up in the list of avalible networks even though a number of other devices can still connect and see the broacast of the SSID. As other networks are showing up and the laptop can succesfully connect to others I dont see this as being a driver issue. I have checked the router configuration for broadcast of SSID and MAC filtering. My next step will be to connect the router and laptop via ethernet.
i have a linksis WRT120N and had to call someone to fix it up to the net modem when i got it but i have upgraded the speed of my net from 256KB to 1MB and now facing the same problem.when i call the net provide they said they dont support 3rd party stuff but told me itd because of conflict between router and modem.
Both routers are set to provide DHCP.DSL modem: Verizon Westell Wirespeed B90-210015-04 I have no idea whether this modem is also a router, but everything used to work. OS: Windows 7 Professional N x64, SP1 My computer has two ethernet ports, but only one is in use at a time. I also have VMWare Workstation installed, so there are a couple virtual adapters in the mix, but VMWare is not running during any of these tests.Yesterday (Sat, 10-Mar-2012) I replaced my old router (A) with the new one (B). The A router has been working fine for many years; I just needed wireless access. After the initial setup, the B router worked fine, using hard lines connected to the switch ports, and the wireless access features (laptop and Android phone) - for about a day. It suddenly dropped the internet connection early this afternoon, Sun, 11-Mar-2012, ~1220hrs PDT. I heard it go out because I was streaming NPR at the time.Using the B router, my desktop computer (connected via a wire) can still talk to my laptop (wireless), but neither of them can see the internet.When I swap back to the A router (wires only), it now has no internet connection either! But the desktop and the laptop (both wired) can still see each other via the (wired) router.When I remove the router from the network and connect the DSL modem directly to my desktop computer, I have internet access; it works fine! But not if a router is in the circuit.
(1) Router B seems to work because my wired desktop and my wireless laptop can communicate locally.
(2) Router A still works because my desktop and laptop can communicate with each other using a wired network hosted by the A router.
(3) The DSL modem seems to work because my desktop has internet access when connected directly to the modem.
(4) Neither of the routers can communicate with the internet through the DSL modem.
I spent an hour in a chat with Verizon tech support. I've power-cycled everything. I've reset both routers to default specs and reconfigured them. I've reset the DSL modem via its button. I've used different cables. It appears that neither of the routers can successfully communicate through the DSL modem to the internet. But they both used to. Why would it just suddenly stop connecting through the modem?
Scenarios: computer <-> DSL modem <-> internet | works! computer <-> either router <-> DSL modem <X> internet | NoGo desktop <-> either router <-> laptop | ping OK
ipconfig /all results when connected directly to the DSL modem (internet connected):
I have an Inspiron One 2305. Upgraded from Win7 to Win8x64 now wireless doesn't work. Hardwire works fine. Ran wireless for a day, while hooking up as a Homegroup. Now it sees the router but won't connect.