Cisco WAN :: 3750 - QoS With Access Lists Not Working
May 17, 2011i have a stack of 3750 (WS-C3750G-24TS-1U with IOS 12.2(53)SE2).
This is the conf I have:
!
class-map match-all DC_SC-to-DC_UW
match access-group 100
[Code].....
ADVERTISEMENT
Cisco WAN :: QOS On 1841 With Access Lists?
Jan 15, 2013I have new DIA Internet service coming in and unlike the last vendor who provided a router, I am configuring my own. This is my first full Cisco config - I've been looking at this for 3 days now. I have SIP signalling, rtp and default traffic on a (3) t1 multilink (4.5mb). My lan and firewall uses dscp tags and passes them to the 1841 for outbound. The ISP only prioritizes by destination address so I just need the 1841 to respect the tags internally. Inbound, I have only port numbers to go by to differentiate voice traffic and I want to tag EF and CS3 accordingly for use by the 1841 and the rest of my network.
Below is part of my proposed config. I have read tons of Cisco docs and looked at all the queuing methods and this one I understand the best. I am getting the error: "CBWFQ : Can be enabled as an output feature only", so I presume that something is wrong on an input definition somewhere. For now all the firewall functions are done at the actual firewall (Sonicwall NSA) so other than limiting ports to the PBX everything else is just pass-through. Any changes required. IOS is 12.4(4)T1.
[Code]....
Cisco :: Access Control Lists And A Bridge Group?
May 13, 2012I've got a Cisco 1841 with 2 FastEthernet ports here. My Cisco isn't great, and I've been given a problem I don't seem to be able to crack.Essentially, I have one network with two sides. I've connected these to fe0/0 and fe0/1 on the router, and put them interfaces into a bridge group which as far as I can tell, essentially makes the router a 2 port switch...I know this won't make a lot of sense from a normal network point of view, but what we need to do is allow all traffic from fe0/0 to fe0/1, but not allow any traffic in the reverse direction. The traffic allowed to flow from fe0/0 to fe0/1 must include broadcast traffic (infact that is the most important traffic, its how the silly theatre application works). None of the traffic is IP addressed.... ie, each of the devices on the network assign themselves an IP address, and then throw broadcast traffic out on to the "dedicated physical network" that exists between them for communication[CODE]
View 2 Replies View RelatedCisco Firewall :: ASA 5510 8.2(1) Using Hostnames In Access-lists?
Jul 12, 2012I need to allow a specifc hostname through my firewall. I found this article: [URL] But it's only for 8.4 updated ASA's and above.
Doing more research, I found this article: [URL] And have been trying to reverse engineer it. Am I on the right track?
Cisco Firewall ::ASA 5550 - ADSM Created Access Lists
May 9, 2012I am trying to unravel a ASA 5550 config that has been created over several years, by multiple people, some who used ADSM, some who used CLI.
None of them ever removed any lines from the configuration, and none did any documentation. When examining the actual configuration from a CLI perspective:
1. Does an ADSM- created access list end with any specific ADSM- added suffix?
2. When ANY access list is created in an ASA 5550, does it HAVE to be included in the access-group command to be functional? Can it also be functional if referenced in a "nat" command?
3. If the access list does meet either of the criteria specified in question #2, is it completely non-functional?
4. If an access list is applied to a logical or physical port that is shut down, is the access list functional?
Cisco Firewall :: PIX515 - Timeout ICMP / Access Lists?
Mar 29, 2011I am using a Pix 515 with IOS 8.0(3).I have in my access list on the outside interface.......access-list outside_access_in extended permit icmp any 12.23.34.0 255.255.255.0 echo access-list outside_access_in extended permit icmp any 12.23.34.0 255.255.255.0 echo-reply.......in order to allow ping requests and ping replies into my inside network. This certainly works since I can ping the inside from outside and vice versa, but in the ASDM display of access rules, the hit count for these two lines is always zero. If I run 'show access-list', the hit count for these lines is non-zero.
Why doesn't the hit count show up in the ASDM gui display?Also, I have read that the PIX does not treat ICMP in the same way as TCP or UDP and there is no stateful behaviour towards ICMP. However, if I set up a continuous ping from outside to inside and then disable the above access list rule allowing echo requests towards the inside, the ping continues whereas I would expect it to stop.
In the config there is 'timeout icmp 00:00:02' if there is no stateful connection for ICMP, why is there a timeout value for it?
Cisco Switching/Routing :: Object-groups In Access-lists On 3750X?
May 29, 2013I have started to use ip extended access-lists on several 3750X-switches to filter inbound and outbond traffic on the VLANs. But it seems that the use of object-groups is not supported, is this correct? Is it really no way to group different ip-addresses into groups and then use these groups in the access-lists?
I am running sw version 15.0(1)SE2.
Cisco Firewall :: Automatic Naming / Binding Of Access Lists With ASA 5550?
May 8, 2012I have been told that if an access list is created with the suffix _access_in, that if the preifx is the name of an interface, then that access list is automatically bound to that interface, even if there is no explicit command doing that. I looking at the config of an ASA 5550.
example:
Interface is Production
access list is called Production_access_in.
Is that access list automatically bound to the Production interface, even though it does not show up in any other commands?
Cisco Firewall :: ASA5505 8.4(4)1 Access-Lists Created In CLI Do Not Show In ASDM
Apr 30, 2013Yesterday, I configured ASA via CLI for Static PAT and created some entries in an access-list. I will be testing that setup this evening.
However on a quick double check of the settings on the device via ASDM I could not see the acess-list settings. I searched every tab and found nothing so I PuTTYed into the device and checked the running config. The rules I created were right there. Is this something I should expect? If so doesn't it defeat the point of having a GUI if it does not show a complete running config?
Access Control Lists Deny Traffic From Entering Network
Oct 5, 2011My network topology consists of 3 directly connected routers where the central router contains sensitive data and i need to block traffic from ENTERING the LAN adjoined to that router. My issue is creating an access list to DENY traffic from entering the network connected to Fa0/1 but ALLOW traffic to exit from that network. I am using one class C network which is subnetted 7 times to provide me with the required LAN's.
View 2 Replies View RelatedCisco Switching/Routing :: Outbound Versus Inbound Access Lists On Catalyst 3750X?
Mar 17, 2013I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
View 1 Replies View RelatedCisco Switching/Routing :: 3750 HTTP Access Not Working
Jul 30, 2012I am facing issue with http login after IOS upgrade on 3750 switches. I upgrade IOS from c3750-ipbase-mz.122-35.SE5.bin to c3750-ipbase-mz.122-53.SE2. bin Any other command I have to run.
View 1 Replies View RelatedCisco Switching/Routing :: 800 / Use ASA To Configure All The Vlans And Intervlan Routing And Access Lists?
Jul 4, 2012upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies View RelatedCisco WAN :: 2621 / Time-Based Access Lists Using Time Ranges?
Jan 4, 2011I have one 2621 router i want to creat time base access list so that one of my subnet user(10.128.194.0 255.255.255.128) use only internet between 11am to 2pm.
View 15 Replies View RelatedCisco :: Where Do Prefix-Lists Fit In
Sep 25, 2012Difference between ACL , Distribution list and route map?
View 5 Replies View RelatedCisco :: LMS 4.1 Device Change Audit Lists Wrong Users?
Aug 14, 2011I have noticed that under the Device Change Audit list under the configuration dashboard. LMS lists the wrong user for the last change. For example. User ABC performed a change on a switch yesterday but switch shows user XYZ has performed the change.
e.g.
SwitchA
! Last configuration change at 16:27:06 AEST Mon Aug 15 2011 by ABC
User XYZ then performs changes on switchB, switchC. These show up correctly. but the change on switchA shows user XYZ instead of ABC.
User XYZ has never logged into the switchA in question.
Cisco WAN :: 3750 - New VLAN 220 Not Working?
Aug 15, 2011I am into creating a new VLAN, what I have missed in the setup / configuration. I have multiple Cisco switches, the VLAN is configured on a 3750. My attempt was to place the VLAN on one port (as concept) and work from there - - so it is on 2-02 of my main Cisco stack. The new VLAN is 220 - Printer. My present IP scope is 192.168.200.x - running out of addresses - trying to add 192.168.220.x. on VLAN 220 to relieve some pressure - -- Most I can do is ping the VLAN IP - 192.168.220.1 and that resolves - - but if I attach a networked device with a 192.168.220.x address - - cannot get there..
Here is the switch info...
version 12.2
parser config cache interface
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
[code]....
Cisco Switching/Routing :: 3750 SVI QoS Not Working?
May 2, 2012I want to police the traffic coming from host 10.0.0.10 that is connected to another switch via port-channel interface the port-channel have interfaces G2/049 and G2/0/50 , i have applied below config to the SVI 112 but this is not working, as the host is still able to go beyond the policed rate also in the "sh policy-map interface vlan 112" command everything is showing 0(zero).
class-map match-all CM_FTP_PORT_49
match input-interface GigabitEthernet2/0/49
class-map match-all CM_FTP_PORT_50
[Code]......
Cisco Application :: 3750 - FT Failover Not Working
May 1, 2012We have 2 ACEs configured as Active/Standby. FT vlan is configured directly using a crossover cable , not using a switch for the FT vlan.ACE is setup in routed mode ,vlan 29 is client vlan and 28 is server vlan ,both are being trunked on ACE-- trunk 3750 switch.
When I shutdown the port on 3750 for the primary ACE , data connectivity wise ,primary ACE is down ,but the secondary is not taking over ,and also when I do sh ft group status on the secondary ACE,I see the status of STANDBY_HOT and the peer state: ACTIVE.
Cisco Switching/Routing :: EEM Script Not Working On 3750
Mar 27, 2013I have applied below script and i can see the script successfuly exceuted but i cant see the file which should store on the flash.Below is script, event snmp oid 1.3.6.1.4.1.9.2.1.56 get-type next entry-op ge entry-val 60 exit-time 10 poll-interval 1
action 1.1 syslog msg "CPU Utilization is high"
action 1.2 cli command "en"
action 1.3 cli command "show proc cpu sorted | append flash:abc.txt"
action 1.4 cli command "show proc cpu history | append flash:cpu2info.txt"
action 1.5 cli command "show ip inter bri | append flash:cpu3info.txt"
action 1.5 syslog msg "cpu commands verification"
When I do show flash i cnat see the files in the flash.
Cisco Switching/Routing :: 3750 - CEF Working Concept
Feb 1, 2012CEF concept working in cisco 3750 , 4500, and 6500 switch.If we implement in router how it s working...
View 1 Replies View RelatedCisco Switching/Routing :: 3750 L3 Multicasting Not Working
Dec 17, 2011We plan to implement multicasting on our network where the sourec and destination are going to be in different vlans.I have a test 3750 switch, Layer two multicast works fine, when I place the source and destiantion in different VLan it fails. [code]
View 7 Replies View RelatedCisco Switching/Routing :: 3750 VTP (v3) Communications Not Working Through Trunk
Nov 8, 2011I have a couple 3750 switches that I am trying to run VTP Version 3 on.one as primary and the other as "server" which implies secondary from my research. [code]Additionally, running a show VTP devices yields a "No VTP3 devices found" on both devices. Despite ensuring that the domainname and password match.I have a patch cable from Gi1/0/1 on switch one runnning to Gi1/0/1 which from what I read is acceptable on GigE.
View 2 Replies View RelatedCisco Switching/Routing :: 3750 - Gigabit Ports Not Working
May 1, 2013I have two switches, WS-3750-24PS-S connected in two cabs via fiber. Patch panels at both ends with patch leads. Used tester to confirm end to end fiber connectivity. When plugged in, one switch lights up the other does nothing.
Ports are as follows:
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
same at both ends. Tried both GI ports same result. swapped transceivers over and the same result, (one switch lit one not - the same switch in both cases). put both transceiver in each switch, (gi0/1-0/2 in a single switch). on the one that lights up in the original scenario we get link on both ports and they come up, on the other nothing happens. shut down both ports on the malfunctioning switch and no shut them, no change.
Show transceivers doesn't show transceivers on the malfunctioning switch, and no attempt is made to bring the ports up if the fiber is removed and replaced.
it is almost as though the two gb ports are kaput. Anything else I can try?
Cisco Switching/Routing :: 3750 Get Rebooted And Now SFP Module Is Not Working
Mar 19, 2012In my Cisco 3750 get rebooted and now the SFP module is not working.
It showing the following error message.
05:13:22: %PHY-4-CHECK_SUM_FAILED: SFP EEPROM data check sum failed for SFP inte
rface Gi1/0/26
05:13:22: %GBIC_SECURITY_CRYPT-4-ID_MISMATCH: Identification check failed for GB
IC in port Gi1/0/26
What is the error message indicating and what is the solution for this.
Cisco Switching/Routing :: 3750 - New Switch Not Working Correctly
Jan 30, 2012I have a Catalyst 3750 switch configured in a network. I would like an additional 3750 switch as a "hot" standby. A 2nd 3750 switch was purchased, and the same configuration was entered in to the new switch, so I have 2 switches with the exact same configuration.
When I move the connections to the new switch, I have a few VLANs that do not come up. One VLAN does come up and work normally. The VLANs in question show down, protocol down, and a show ip route reveals routes to the networks on these VLANs are not there When I put everything back on the original switch, everything works normally.
Why would the new switch not work with the exact same configuration?
Dell :: Bluetooth In Vostro 3750 Not Working (Windows 8)
Jan 20, 2013I have Dell Vostro 3750 with Windows 8. Bluetooth stopped working. I had problems with it from the start.I installed the driver: [URL]tried different drivers before.In Device Manager this driver has a yellow exclamation. ^Tasks and Settings Bluetooth^Bluetooth option is grayed in charm bar.
View 3 Replies View RelatedCisco Switching/Routing :: 3750 Telnet Still Working When Accessing This Switch
Apr 12, 2012I only want SSH to be allowed when accessing this switch, but telnet is still allowed, why? Whe authenticate via radius.version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 3750!boot-start-markerboot-end-marker!logging buffered 64000logging console informationallogging monitor informationalenable secret 5 $1$1K$!username admin privilege 15 secret 5 $1$Bs$cLHusername users view priv3 secret 5 $1$Jfnviwp!!aaa new-model!!aaa authentication login default group radius localaaa authentication enable default lineaaa authorization consoleaaa authorization exec default group radius local !!!aaa session-id commonclock timezone GMT 0clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-12ssystem mtu routing 1500udld aggressiveno ip domain-lookupip domain-name CB!!login on-failure loglogin on-success log!!crypto pki trustpoint TP-self-signed-3817403392enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3817403392revocation-check nonersakeypair TP-self-signed-3817403392!!crypto pki certificate chain TP-self-signed-3817403392certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383137 34303333 3932301E 170D3132 30343133 31303539 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38313734 30333339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C31D AE6DD8B5 56245317 AD96F4F4 727385D4 97A5B138 488A215E 4294FC40 1C5B2F26 2B75E1CF E562F240 118F2F50 0CFF2449 16EC66EA 2D489F5F F36BFD05 ACCC79CA DDDA984D 4CB7AB DD95A5E0 9274A225 3F5A3634 DEBF1A2A 416E2189 B35B4473 C7D5EE2C E3D41675 A86F31CD.
View 3 Replies View RelatedCisco Switching/Routing :: Traffic Policy Is Not Working On Catalyst 3750?
Jan 28, 2013Unable to limit traffic on catalyst 3750 gigabit ports it has fiber modules,
I want to limit traffic 2mb per port
I have tried srr-queue and policier but it is not working and there is no ratelimit command under any interface, Applying policy to output is not supported of the interface
policy-map rate-limit
class class-default
police 2000000 8000 exceed-action drop
int gi1/0/3
service-policy input rate-limit
still when I start download it goes to 10 mbps
Cisco AAA/Identity/Nac :: Catalyst 3750 - TACACS Authentication Stopped Working
Jul 25, 2011We have a Catalyst 3750 switch that failed over to local login after the Tacacs authentication stopped working. I went through the configuration settings and everything appears to be identical to another switch in this same building.
View 4 Replies View RelatedCisco Switching/Routing :: 3750 To Squid Routing Not Working
Nov 23, 2011I am using a cisco 3750 in my network as a gateway, and above it I use a squid machine for caching my internet. My network is like this:
Basically I have two VLANs on my network which are VLAN10 and VLAN100, VLAN10 is the cooperate network of my office. VLAN100 is the management VLAN which i use for the switches. I keep the squid as well the client in VLAN10.
squid (192.168.1.50)---->cisco 3750(192.168.1.123)---->Distribution Switch(cisco 2960)---->client PC (192.168.1.5)
I have done nating on squid and internet is working pretty fine when I use the client gateway as the squid, but when I use the cisco 3750 as my gateway after adding route maps for forwarding the internet traffic coming to the cisco 3750 to squid it disconnects me from internet as well I cannot even reach the switches from the corporate network. These are the only Lines I used for the routing:
!
route-map proxy-redirect permit 10
match ip address 110
[Code]......
Cisco WAN :: 3750 - How Big Can Access-list Be
Nov 20, 2011I'm creating an access-list that will contain all networks and host that will be redistribute into EIGRP.Till now, this access-list contains 72 entries but this number can increase anytime.
I'm using a 3750-x layer 3 switch, and I'm wondering how big this access-list can be, regarding CPU and memory utilization and performance.
Cisco Switching/Routing :: 3750 / PBR Routing Not Working?
Jan 3, 2012My network is like this:
Cisco 3750 (Core Switch)-----> Cisco 2960 (Distribution Switch)-----> Client (PC, Laps, Printers…etc)
Basically I have 3 VLAN’s. Office VLAN (for cooperative usage) which is VLAN 999 which has a defined IP address of 192.168.1.123 and Guest VLAN (for the guests who visits our hotel, most of it are wifi AP’s) VLAN 20 which has an IP address of 10.172.4.1. All these SVI are defined on the core switch.
Is there any way I can introduce a new VLAN lets say VLAN 40 and use PBR to route the packets going to VLAN 40 in the IP range 192.168.1.x to VLAN 999 and 10.172.4.1 to VLAN 20? I have tried this already and it is not working. Here are the configurations I have used.
Access-list 110 permit ip 10.172.4.0 0.0.0.255 any
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
route-map INT_RVLAN permit 10
match ip address 120 110
set ip next-hop 192.168.1.123 10.172.4.1
interface VLAN 40
ip policy route-map INT_RVLAN
Where have I gone wrong?