Cisco WAN :: 881 / Force Ports To Accept Only Devices With Specific Mac Addresses
Nov 12, 2012
I have a cisco router 881 with advipservices running ios Version 15.2(4)M1 this router is a device that the user will connect company equipement with antivirus and such.is there a way I can force the ports like fe0 fe1 2 3 to accept only devices with specific mac addresses?if not, is there a way for me to apply an acl to vlanX to block everything that's not from these specific addresses?
View 4 Replies
ADVERTISEMENT
Sep 14, 2011
Is there a way to force a specific speed for the local ports? I'd prefer not to rely on the autonegotiation.
View 5 Replies
View Related
Nov 20, 2012
I have recently purchased an SG-300-52 Managed Switch. (This is the first managed switch I have used, so I am trying to figure out what I can do with it and how it works.)
I would like to know how to find out the IP address of each computer connected to each port of the switch. Is this possible and if so how can I do this from the browser interface?
View 9 Replies
View Related
Jun 1, 2011
I'm trying to route all default traffic from my production environment through my ASA 5520 on the "outside2" interface.The 5520 has a site to site VPN to our DR site on the "outside/inside" interfaces via one ISP. On another ISP, interfaces "outside2/inside2" go to the internet.
When I make my 3750 stack default route for the inside2 interface IP I cannot get to the internet. When it is pointed to the inside interface on my 5505, I can.
I get the following errors when I try to open google.com from a production server:Why is the 5520 trying to use the "outside" interface instead of the "outside2" interface to go out?
View 6 Replies
View Related
Jul 1, 2012
I use a cisco asa 5520 to terminate multiple site to site VPNs. Due to the configuration of a parteners network, i have had to install 2 routers into this parteners network, i have been supplied static private IP addresses for each router each router has a unidue LAN subnet which is the VPN's protected network.The partener use's PAT with only one public facing IP address.The VPNs are initiated from the parteners network using an IP sla ping.
Upon installing my first VPN router in the partenrs network, once NAT-T was enabled on the local ASA the VPN started working fine. After installing the second VPN router i tried installing the new config on to the ASA but via CSM, the ASA complains that it can not have 2 VPN's with the same peer address configured.
View 3 Replies
View Related
Oct 10, 2011
Trying to get a service setup with a third party to access our system (ERP web service to access our ERP data, making data available to customers and vendors via internet). They require that I setup four external IP addresses to have access through the firewall. I haven't figured out how to do this. I'm using a Linksys WRV200 router.
View 1 Replies
View Related
Sep 24, 2012
I inherited a Cisco ASA 5505 and am trying to piggy back the device off of an established Network. Here is the basic layout:
192.168.10.1 (Core Router - Handles DHCP/DNS)
192.168.10.9 (ASA 5505 - Piggy backing off of Network)
192.168.40.x (ASA 5505 - VLAN)
I'm able to get onto the Internet without any problems. Devices from the 192.168.10x Network can not ping the inside VLAN1 (192.168.40.x). However, I would like traffic going from the inside VLAN to the Outside VLAN to be blocked, except for 192.168.10.1 and 192.168.10.9. I've tried using ACL's but end up killing my Internet connection. 192.168.10.1 is the default route and is how I get out to the Internet. Is this possible? Essentially, I'm trying to set up a small Network that guests can connect to. The idea is that they can get to the Internet, but that is it. They can't get to internal resources on the 192.168.10.x Network
Here is the config:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password EeCsulrpu.9LalEE encrypted
[Code].....
View 5 Replies
View Related
Jun 11, 2012
I have 2 PC's networked via a gigabit switch. They are both running Windows 7 Ultimate 64-bit and are on the same workgroup.Addresses Of both - A: 192.168.0.1 , B: 192.168.0.2 , Both are on the same subnet 255.255.255.0.Can I have 2 LAN ports on the PC - "B" , with 2different IP addresses But connected to the same workgroup.I don't need the second port for accessing the PC-B or accessing any of its files or anything. But can 2 programs access each of these ports independently.
View 1 Replies
View Related
Apr 30, 2012
Is the Cisco IOS version specific to the number of ports?IE, would a 24pt 2960 switch use the same IOS version as an 8 pt 2960 switch? Or is there a different IOS for each number of ports?
View 5 Replies
View Related
Apr 18, 2013
I have a client that is trying to use an ISP hosted web filtering and content management gateway, the ISP wants to use and L2L ISPEC VPN from the site to their gateway to control traffic. We got the tunnel up today with a test ACL for test client side devices to go down the tunnel, but they are blocking all traffic that isn't being scanned. The problem is they are on an ASA 5510 with 8.2.2. You cannot add tcp ports into the nonat ACL, it errors out when you try to apply the nat (inside) 0 access-list nonat statement. We can define ports to go down the VPN in the interesting traffic ACL with out issue, but there is no way to send just the web ports down the VPN, and allow other ports out the regular overflow interface NAT. I have been looking into 8.4 and seeing if it allows a policy NAT (twice NAT for the VPNs) to define a port on an IP range (IE: nat (inside,outside) source static WEBINSPECT WEBINSPECT destination static any any ) but define that as web ports only.I don't have a test ASA to use, but i'm guessing that l2l vpn will be by IP only and I can't define a port to tunnel.
View 8 Replies
View Related
Mar 18, 2012
I wish to set up a ASA5505 with QoS, and to allow specific port numbers to have priority going through compared to rest of the traffic. Eg ports 21, 80, 443. So for example if im maxing out a torrent, it doesnt impact web traffic etc.The current link its connected to is 100mbit/2.5mbit connection..
View 1 Replies
View Related
Mar 25, 2012
My university provides one Ethernet port per student in dorm rooms. They assign IP addresses based on which port you connect to and forbid multiple computers connected to the one port using a hub or switch.DHCP leases are 24 hours long, but you can switch out 10 different devices with different MAC addresses and keep getting the same IP. How does this work? Do they just figure that if you're using a hub connecting multiple stations to the one port that they don't care if there's a conflict?
View 3 Replies
View Related
Jan 16, 2013
I have two WAP4410N devices on my network.When I try to connect with a wireless device (iPad, Smartphone, etc...) it does not connect.However, if I assing that device a static IP, it connects.Here is the setup:
-2 WAP4410Ns that have static IP's assigned to them. They plug into my 3560's
-Three Cisco Catylist 3560, one of which is my Default Gateway.
-Windows 2008 Server R2 (Domain Controller, DHCP, DNS)
View 1 Replies
View Related
Mar 28, 2013
On the System Summary screen in the Port Statistics table when you click on one of the Connected links the pop open window does not show the IP address of the connected device when using IPv4. Where can I find this?
If the devices are using static IP addresses and not getting them from the DHCP server they do not show in the Client Table under DHCP Status.
If they are know MAC addreses because they have been assigned to static IPs on the DHCP setup screen they will not show up in the Uknown MAC Addresses pop up window.
View 1 Replies
View Related
Oct 10, 2011
We have a Cisco 4400 controller and a mix of 1010 and 1131 access points.
We have been running out of IP's on our DHCP server because the apple devices are not releasing there IP's.
View 1 Replies
View Related
Nov 18, 2012
How can I restrict wireless access to specific devices? Ideally, I would like to turn the access off and on to restrict my children's usage when we're not around or when they try to sneak on during the night.
View 5 Replies
View Related
May 16, 2011
Bought a DIR-601 for my sister and her kids for their home. Setup and works successfully. Sis asked if there is a way to give her laptop bandwith priority over the kids devices. As is, they are all sharing limited DSL bandwidth. Reading the manual, I see the QOS feature for specific types of traffic, and other limiters and schedules to shut out certain MAC addresses entirely. But wondering if this throttling feature exists in the router also.
View 11 Replies
View Related
Jan 8, 2013
We are looking to possibly purchase 2 RV042G routers. The main goal is to tie 2 sites together (via the internet) utilizing the site-to-site VPN feature.
Here is where it gets a little tricky. Since this device has 2 WAN ports, is it possible to assign a seperate IP address for each from our ISP? Then, what we would like to do is assign a couple LAN ports to have the traffic flow through WAN1 and the other LAN ports to flow through WAN2. The LAN addressing can be on the same subnet or seperate.
View 6 Replies
View Related
Sep 2, 2012
I am studying for my CCENT and have two Cisco switches and three Cisco routers. I have 'configured' the switches and routers but how to obtain valid IP addresses to assign to my devices and how I can connect these devices to the internet via my wireless home hub.
View 3 Replies
View Related
May 10, 2013
I have a Belkin Play N600 HD router. Does it have the capability to let me assign fixed IP addresses to devices like printers, NAS drives, and cameras so I know where they are?
View 2 Replies
View Related
Apr 18, 2012
A company with 20 branches in Rio de Janeiro area. The main servers are in a datacenter located in downtown.Each branch has a RV042 router with firmware version 1.3.12.19-tm (Feb 13 2009 13:03:21) installed.All users in this network have a proxy configuration pointing to proxy.[blah].com.br port 3128.the HTTP/HTTPS traffic should go through proxy only. [code] Some "smart" users were caught using Ultrasurf application, which changes the proxy settings to go through port 9666 or even 443.In other machines, we've found some black proxies [for example: 212.46.27.142 port 8080].
My objective:
- To close all ports in Firewall -> Access Rules section and grant permission only to some selected and specified ports.
- To redirect all HTTP/HTTPS connections to go to proxy's IP address only.
Which Access Rules can I set in these RV042s in order to block and prevent these users to continue abusing this network?The users who were caught using Ultrasurf were fired.
View 3 Replies
View Related
Feb 5, 2012
I'm trying to limit the bandwidth on certain ports to 3Mbps and others 1Mbps for a project, however when I do a bandwidth test from a website the speed on the router doesn't seem to change it's as if the changes over telnet aren't actually affecting the swtich's qos settings. I have verified that the policy is attached to the interface and the settings are correct as well.
Router
Telnet address: 10.xxx.xx.xx
Password:
[Code].....
View 1 Replies
View Related
Mar 5, 2012
How do I go about opening specific ports on an E4200?I'm having disconnect issues with a particular game, and the Customer Service drone thinks the ports required for the game aren't open. Nevermind the fact that it's worked fine for 6 months now, and the problem only started a few days ago.I figured I'd humor the idiot and open the ports, but all I can find is information on forwarding, not making sure the ports are open
View 3 Replies
View Related
Apr 20, 2013
open specific ports on 1941w Integrated Services Router.This specific router is a wireless VPN router that has a wired module and a wireless module and VPN so I'm getting 3 subnets on my network - 192.168.1.. for the wired connections, 10.100.1.... for wireless LAN connections and 10.100.2... for VPN remote connections.I know that by default all connected computers can access my Linux server data through telnet so the telnet port is open by default, the problem is that I have some other software licensing system on my Linux box that needs to be accessed through port 27000 and most of my users are using wireless connections and can't access that license because post 27000 is closed.what is the comand to open this post or any other port that I need to be open on the wired module, wireless module and VPN or at least poit me to somewhere where I can find all the commands that I can use for this router?
View 6 Replies
View Related
Apr 7, 2013
I need clarification on cisco WLC 4402 which have two ports .
Can we connect one port on CORP core switch and one port in DMZ zone to bifurcate the guest traffic from WLC itself ?
View 3 Replies
View Related
Oct 25, 2011
I use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
View 2 Replies
View Related
Oct 8, 2012
In setup for old RV042 (V1), when updating / adding Mac addresses, the table is always sorted by IP addresses. But in the new oneRV042 (V3) I have, even with latest firmware 4.2.1.02 the list is random, thereby increasing the chance of user entering DUPLICATE IP addr with diff Mac addr. That will result in conflict.If the firmware sorts the DHCP entries by ip addresses, user would be able to catch duplicate ip errors even if the system does not flag the errors. All Cisco smart engineers can you all get the dhcp entries SORT by ip addresses.
View 2 Replies
View Related
May 24, 2011
ASA 5520 running 8.0.4
ASDM v.6.1
Need assistance understanding how in ASDM/Configuration/Site-to-Site VPN/Connection Profiles/ "Any Entry" I can specify that I only want to offer an IKE Proposal of pre-share-aes-256-sha?
The IKE Proposal field has a number of possible options including: pre-share-aes-256-md5, pre-share-3des-md5, pre-share-aes-256-sha, pre-share-aes-192-sha, pre-share-3des-md5, pre-share-aes-sha and pre-share-3des-sha.
I am able to pick a specific IPSec Proposal w/o issue but when I attempt to do the same for the IKE Proposal, and click OK the choice does not "stick" but rather returns to the entire list as defined above.
View 2 Replies
View Related
Jul 1, 2012
Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
View 4 Replies
View Related
Dec 18, 2012
I have a Router 2801 with the run conf :
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.63
ip dhcp excluded-address 192.168.1.192 192.168.1.254
!
[code]....
I want to assign a specific IP to a specifig host by MAC .. for example i want the ip 192.168.1.10 to be assign to the host "client1" by mac.I've been creating a new dhcp pool static:
!
ip dhcp pool static
host 192.168.1.10 255.255.255.0
hardware-address xxxx.xxxx.xxxx
client-name client1
!
but the "client1" is still taking other ip.
View 10 Replies
View Related
May 30, 2012
I have my Router, not asa, with IOS Easy VPN Server established. If I use split tunneling my clients can access the net all day long and access hosts and resources over the VPN on the other side of the network as if it were plugged into the lan. The hard part I cant figure out is how to force tunnel. I want all internet access to go through the router and not to split tunnel in addition I want to retain the ability to access local resources as if I were plugged into the LAN. I have security reasons for doing this and I am not worried about a little extra load on the router. Let me know where to start looking. I can provide configs if necessary. If I do be warned I am trying to learn what all this nifty Cisco Config Pro GUI can do so my config is gonna be full of all kind of stuff that is messy. I wont post unless asked.
View 1 Replies
View Related
Oct 29, 2012
I have a setup with a few sites that have layer three switches behind firewalls. I've been successful in setting up GRE tunnels between all the layer three switches, the GRE traverses IPsec which goes between the firewalls at each site. That way, the GRE is encrypted over the Internet and I don't have to deal with protocol forwarding and stuff. The GRE tunnels are terminated at the loopback addresses of each layer three switch, this works well for the most part, except that I need to put static routes for each loopback address in each switch to point via the firewalls, because when OSPF comes up over the GRE tunnels it starts advertising the loopbacks, and as such the switches think they can get to them over the GRE (which is built from the loopbacks to begin with), as you can see, sort of a catch 22. The static route method works fine, but it makes it so that I can't access the loopback address for monitoring/management purposes from any other sites on the basis that the local core tries to send it directly to the firewall rather than over the GRE tunnel. Is there any way to force only the GRE traffic out via the firewall while letting any other loopback-destined traffic go over the GRE? I'm thinking this could be done with a properly-matching route-map, but I'm not sure where I would apply it, could I apply it directly to the loopback or would the GRE traffic skip that on the way out?
View 7 Replies
View Related
May 4, 2011
can I force an IPSEC L2L tunnel to use NAT-T encapsulation no matter what? Automatic detection says none of the endpoints are behind NAT. I know I can disable it by the "crypto map XXX set nat-t-disable" command, but I want the exact opposite.
I have a very strange issue where asynchronos routing is making my life as a technician very hard.
A side question; Can I do something about an ISP that is policy-base-routing its ESP traffic (and/or translating it)?
ASA5505 ===>===>===> ISAKMP traffic ===>===>===> ASA5510
212.178.155.73 80.62.yyy.xxx (traffic source IP: 212.178.155.73)
[Code].....
View 3 Replies
View Related
