Cisco WAN :: Ip Pim Address Access List Override 6506

Apr 22, 2013

We have a three tier network with a centralized core switch and multitple distirbution swithces - all 6506 routers.EAch dist switch is its own PIM SM domain and the RP so we never send multicast between the dist switches and through the core.
 
We are putting in a centralized server at the core switch which has to provide specific mcast < X Groups > to all servers at the dist level on all dist switches.
 
So we would like to define the RP <core rp ip>  just for the   <X groups> on the Core switch and tell all the distribution switch that the core is the RP for just the <XGroups>
 
If we put these commands on all the switches including the cores will that set the rp just fo the <XGroups> to the <core rp ip > ?Do I have to define the deine an ACL for all groups if i define it for some or will groups not defined by the ACL defualt to the local RP?
 
do I have to put in the override command ? (We are using MSDP not autorp)
 
ip pim rp-address <distn rp ip>
ip pim rp-address <core rp ip> 99

ip access-list 99
permit <XGroups > mask

View 1 Replies


ADVERTISEMENT

Block 1433 Port With Access List For Specific Ip Address?

Jan 2, 2012

I want to block the sql port access of my server to all except few of my ip addresses while access list on Cisco Router IOS how do i do that.

View 3 Replies View Related

Cisco Firewall :: 5505 - Construct An Access List For Outside Interface Using External Address?

Sep 10, 2012

I'm configuring a 5505 for a remote office.  Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?

View 5 Replies View Related

Cisco Switching/Routing :: 1841 Need To Block MAC Address / Applied Command Access-list

Sep 4, 2012

I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work.

View 24 Replies View Related

Cisco Infrastructure :: 6506 To N7K Some Device Change Its IP Address Configuration

Jul 25, 2012

we just replace 6500 with N7K, after migration there're some device (server,pc,printer) change its ip address configuration (subnet and gateway) by it self. can N7K did it?

View 6 Replies View Related

Cisco Wireless :: WCS 7.0 Vendor Mac-address List

Dec 9, 2012

We are doing a study on our public WiFi to identfy client connections based on wireless Vendor.  about 40-50% of the clients wireless Vendors are "unknown".  Is there a way to update the list of Vendor mac-addresses in WCS?

View 5 Replies View Related

Cisco Routers :: RV220W Filter Mac Address List

Feb 5, 2013

We have a wifi router RV220W and we need to filter the mac address. The problem is that the number of the "allowed" devices is around 50 (not all connected at the same time), but the maximum number of mac address which can be listed in this router for each VLAN is 20, so for the moment we set 3 VLAN, each one with a different mac adderss list. This is very awkward because the area to be covered by the wifi network is large and we need repeaters, but having 3 VLAN we should put 3 repeaters for each point. Is there any way to configure this router in order to have a single VLAN but with a mac address filter list of 3 x 20 mac address?

View 1 Replies View Related

D-Link DIR-825 :: DGL-4500 MAC Address In DHCP Reservations List

Jan 13, 2010

I have a setup using LogMeIn Hamachi and the network type creates a Windows Bridge. I also use the DHCP Reservations List to assign the same IP to specific devices. Well I have the MAC Address for my NIC in the list which works when I am not using the bridge. When using the bridge, of course the MAC address changes and when I try to add it to the list I get the following message in a popup window. The MAC Address is 02:e0:61:05:45:3e I have tried manually entering it, letting the router enter it from the list of computers and just to rule out something stupid, I have tried changing the letters to upper case and removing the colons.

Another issue I can see when this issue is resolved is that I do not believe it will let me add this reservation since I will be using the same IP used by another reservation. My DGL-4500 allowed this if I had the other reservations using the same IP disabled.Below these comments/rants are some feature requests. I have put them last as some of the requests are explained in the comment/rant section.I have read through this list and I have to say that after I purchased the router, which I ordered on-line, I was dreading it, but I have not had issues. It is possible that I am not using features that cause this issue. I believe the issues occur when using certain configurations with the "Enable Advanced DNS Service" enabled. I am not using this service. Since I knew people were having issue s with it, I wanted to see my results leaving that out. I have had this router running since a week before Christmas and I have many Virtual Server entires, QoS and port forwarding entries, https based remote administration, both 5GHz and 2.4GHz networks enabled supporting a/b/g/n(on both networks) and a guest network enabled on both bands all supporting WPA (TKIP and AES). I have 2 Giga wired connections that are always active, a 100Mb connection that is on an off but used almost daily, 2 Laptops that use the 2.4GHz network daily and one is 802.11g 54Mb and the other is 802.11n 150Mb and they are on at the same time almost daily, a printer that is on and used multiple times a week that uses 802.11g and a game system that uses 802.11a this device is used daily. Most devices are on and used at the same time daily and we have a good deal of regular Internet traffic and moderate other network traffic during these times. At night all computers are backed up over the network and most of the other network devices are off or not during this time. Other than having to reboot my Internet hardware provided by my ISP, I have not had issues. The router has been rebooted for config changes and I usually cycle it when I cycle the Internet hardware. Point is, so far no issues, good performance and it works and I have of course had other devices connected using the guest network and I have been testing features, performance, etc.

What's up with having so much variation in how features work across routers?e.g. My DHCP Reservation issue above. This router does not work with a setup like my DGL-4500.This router allows a preset amount of services like QoS and Virtual Server entries while the DGL-4500 just lets you add entries. Now maybe there is a limit and it just looks like there is no limit. Of course, there is at least a limit that is reached when you have used a certain amount of memory with the configuration.so many routers while leaving gaps and the lack of feature explanation and comparison?I switched to this router because I wanted a dual band setup which my DGL-4500 does not provide. That leads to the issue of the new way D-Link deals with dual-band. When I purchased the router it did not list that you had to choose 2.4GHz or 5GHz or it is not simultaneous dual-band. I was duped because I used to install DWL-7100AP for people that needed better wireless options for home businesses and small businesses and that provides simultaneous dual-band and back then if it was dual-band it was simultaneous. But I am disappointed in some of the features lost like WISH support and a few options here and there which do not seem like they are specific to gaming routers and this router is more on the mid range and low high range end of consumer, prosumer, home business and lower traffic small business routers, so why is it missing these features and why does it have the limitations I listed in the "variation in how features work" section above?

Other examples of lack of feature clarity are with Game Fuel, HD FUEL and Intelligent QoS. Isn't Game Fuel Intelligent QoS of some sort. Now from the example provided in the overview for the DGL-4500, Game Fuel optimizes game performance, but it does not say this is automatic or if it works along with the rules you set in the Game Fuel section which is the same as the QoS Engine section in the DIR-825. The difference is that the DIR-825 has a "Enable QoS Engine" option while the DGL-4500 has an "Enable Game Fuel" option. It seems that Intelligent QoS does what Game Fuel does, but expands that to VOIP, Media Streaming, etc. and it may be more automatic. HD Fuel in the only place I have seen it mentioned seems to refer to the combination of Intelligent QoS and the inclusion of 5GHz wireless support. Of course there is no version and feature documentation and in fact while the overview of the DIR-825 talks about gaming with Intelligent QoS, but if you bring up a comparison of routers, the chart has no in the gaming section for the DIR-825. I can't say I have noticed better or worse gaming performance with the DIR-825 compared with the DGL-4500, but given the shear lack of documentation on how to use Game Fuel and Intelligent QoS properly, who knows if I have this setup correctly. I will say the QoS Engine section in the DIR-825 is easier to use than the Game Fuel section in the DGL-4500.

1) The ability to reduce the brightness of the status lights, set them to solid if enabled with brightness options and to set them to off with an option to have some very faint light to show that the router is on. Of course I should be able to set different options to be applied at specific times.

2) Add the applicable features missing from the DIR-825 that are found in the DGL-4500 and applicable features from other routers. Also, get them all so they work the same on each router and let get the best from them all and make that the standard. e.g. In my DHCP reservation example above don't set the standard to the limitations of the DIR-825, but make the DGL-4500 function set or better function set of all routers combined for each feature the standard with-in router categories. e.g. the DIR-825, DGL-4500 and DIR-855 would be in the high end router category for consumer, prosumer, home business and lower traffic small business routers.

3) For DHCP reservations, you should not be limited to the DHCP IP Address Range.

4) On the log-in screen, get a better captcha and fix the tab order.

5) Add a log-out option in the web interface.

6) Allow for a next hop option in the DCHP server section. It would be cool, if there could be a list of IPs allows one to be enabled at a time.

7) Allow different DHCP server settings for each network. There are 5 on the DIR-825. Wired, 2.4GHz regular, 2.4GHz Guest, 5GHz regular and 5GHz Guest. Would be nice if you could set a couple of VLANs on the Ethernet ports and then have different DHCP setings for each VLAN.

For guest wireless networks, allow rules to be set to allow access to certain services on the network. E.g. I may want to allow printing. So allow a single port or multiple ports with easy settings for consecutive port ranges to be opened to an IP, IP range or all IPs and allow all ports for an IP or range of IPs. Of course, leave the allow full access option.

8a) Allow users to set rule sets that can be enabled/disabled like the full access option.

8b) Allow a control that can be set in the rule sets that controls if the wireless devices can talk to each other and another that controls if they can access devices on the wired network and another that controls if the wireless devices can access the Internet.

8c) Allow rules above to be limited to be applied to specific MAC Addresses.

8d) These options would be good to have for the non-guest wireless networks and wired network as well.

View 15 Replies View Related

Unknown IP Address Range On Router DHCP Client List

Nov 19, 2011

I keep getting some additional IP addresses logging onto my home network that have an address outside what should be allowed by the router. The server is running at 192.168.2.1 and is set to only allow clients from 192.168.2.2 - 192.168.2.10 so a total of 9 clients should be allowed on.The problem is that something keeps logging in with an address of 192.168.169.2 or 3 etc. Sometimes more than one device at a time.I have assumed that it is some automated or virtual client as I'm pretty certain my network has not been breached. I have a 9 character password with a relatively random alphanumeric combination, although I haven't tried changing the password (I live in a share house with with a bunch of devices using wireless, so I haven't yet bothered). What I don't understand is how it has connected with the xx.xx.169.xx range at all. I have a Belkin 'Share' Wireless N Modem Router and at some stage there was a 'guest' network but that has since been disabled and I still am seeing the extra address. I have attached a screen shot of the DHCP client list on the router.The following is a list of devices that may be on the network at times, I'm thinking one of these may be responsible for the problem:

Windows Vista Desktop - Only LAN device
PS3
Macbook
Epson wireless printer
Android HTC Desire Mobile Phone
Laptops running various Windows versions (XP, Vista and 7)

A few thoughts I had:

- the android phone is capable of running a wireless hotspot, may have to look into it to see if if has been operating as an access point into the Belkin router, but assumed this wouldn't bring up clients connected to the phone on the home router.

- The desktop has PS3 Media server installed to stream video to the PS3 over the network (not that I have ever managed to get it to work), however this is not ever open on the desktop.

View 10 Replies View Related

Cisco WAN :: AS 65000 Override Connection

Mar 26, 2013

{10.46.0.254/32 is advertised on R1 (AS 65457)} ••>AS (3549) -->AS (4058) ---->AS (17776) ••>R2 (local AS 65458) ••>R3 (local AS 65457) ••>AS 65000 ••>{ R4 (AS 65457) advertises 100.9.254.0/24}
 
Scenario 1:                                                                                                                                                                                                                                                                                                                                                                                         
R2 and R3 are eBGP peers on LAN..
 
R1#show ip bgp neighbors 10.117.36.89 adv
BGP table version is 72, local router ID is 10.46.0.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
             r RIB-failure, S Stale, m multipath, b backup-path, x best-externa
[Code]...

View 5 Replies View Related

Linksys Wireless Router :: E3200 Client List Only Shows MAC Address

Feb 15, 2012

I could get a list of clients on the E3200 wireless (or wired) ports. I have my E3200 setup as a WAP LAN-LAN off a switch and it is not the DHCP server on the network. I can see a list of MACs on the client list, but no client names and no IP addresses. They are definitely named and show up on the WRT54GL (DHCP and NAT) as devices

View 5 Replies View Related

Cisco WAN :: 1720 Router - Commands To Set Access List To Allow Access To Port 551

Nov 29, 2010

I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.

View 14 Replies View Related

Cisco :: WLC 4402 Radius Override Disabled?

Sep 15, 2010

Recently we've been receiving the following log entries on our WLC 4402. Unfortunately Cisco's documentation is less than useful as to what this message means or what could be causing it. [code]

View 9 Replies View Related

Linksys Wireless Router :: Changes In MAC Address Filter List Are Applied Only After Reboot Of E4200

Nov 26, 2011

I have noticed that changes in MAC address filter list are applied only after reboot of router. It is inconvenient.

Router Linksys E4200
Firmware Version: 1.0.03

Operation system on client computer is Windows 7.Can it be resolved in the next version of firmware?

View 1 Replies View Related

Cisco VPN :: ASA 5505 - How To Override Split Tunneling Per User

Nov 5, 2012

I've an ASA 5505, running at ASA 8.2(2). I'm using ASDM 6.2(5).ASA is set up with Split Tunneling and it works perfectly.However, for a few users, I want all traffic, including Internet traffic, routed through the ASA.The spesific users IP address at internet should then be the same as ASA Outside address, not the client local address.The question is therefore:How to simple override the split tunneling at user level?Alternatively set up an "tunnel all" group policy for the specified users?

View 19 Replies View Related

Cisco Wireless :: DHCP Server Override On 4402 WLC

Apr 17, 2012

I have successfully implemented wireless guest access using 4402 WLC as the Anchor and 5508 as Foreign. The Anchor controller also provides dhcp services to guest clients. The 5508 is LAGged and there is no issue with the guests traffic separated from corporate. At a remote site, there is a 4402 WLC using LAG and also acting as a Foreign controller. But when a client connects to the guest WLAN, it obtains a corporate dhcp address instead of the dhcp address assigned from the Anchor controller. The guest WLAN setting is the same as with the 5508 controller i.e. DHCP server override is ticked and the management IP address of the Anchor controller is specfied. Also DHCP Addr required is ticked. Why the 4400 controller is not forwarding dhcp requests to the anchor controller and instead sending to the corporate dhcp server.

View 36 Replies View Related

Cisco :: WLC 5508 802.1 AAA Override - Authentication Success No Dynamic

Nov 28, 2010

WLC 5508: software version 7.0.98.0
Windows 7 Client
Radius Server:  Fedora Core 13 / Freeradius with LDAP storage backend
 
I have followed the guide at URL with respective to building the LDAP and free radius server.  802.1x authorization and authenication correctly work.  The session keys are returned from the radius server and the wlc send the appropriate information for the client to generate the WEP key.
 
However, the WLC does not override the VLAN assignment, even though I was to believe I set everything up correctly.  From the packet capture, you can see that verfication of client is authorized to use the WLAN returns the needed attributes:
 
AVP: l=4  t=Tunnel-Private-Group-Id(81): 10
AVP: l=6  t=Tunnel-Medium-Type(65): IEEE-802(6)
AVP: l=6  t=Tunnel-Type(64): VLAN(13)

View 8 Replies View Related

Linksys Wireless Router :: E3000 - Override Only DNS From ISP

Nov 3, 2012

I would like to override the DNS servers provided by DHCP via my ISP. The other settings I would like to preserve (like my assigned IP).How to achieve this with E3000 ?

View 3 Replies View Related

Routers / Switches :: Override Administrator Login Windows 7?

Apr 25, 2011

every time i go to my log in it ask for a pass word i did not make a pass word i have put in all kinds of pass words and got no where it will not even give me a hint i have went to safe mode it still ask for pass word . i have windows 7 how to rid the problem so that i can get around the administrator and remove it so that i can make another administrator account.

View 3 Replies View Related

Cisco WAN :: MAC Access-list In 881 And 892 Router

Dec 20, 2011

How to implement mac access-list in 881 and 892 router ? As you now that we can get additional switch-port in the same router but  I can't see the function in this router. I guess the switch port must function like the catalyst 2960 switch.

View 3 Replies View Related

Cisco WAN :: 3750 - How Big Can Access-list Be

Nov 20, 2011

I'm creating an access-list that will contain all networks and host that will be redistribute into EIGRP.Till now, this access-list contains 72 entries but this number can increase anytime.
 
I'm using a 3750-x layer 3 switch, and I'm wondering how big this access-list can be, regarding CPU and memory utilization and performance.

View 2 Replies View Related

Cisco WAN :: Access List In 861 Router

Jan 17, 2011

we installed a cisco router in a school with two vlans (VLAN 1 & VLAN 2) VLAN 1 is for teachers and Admin and VLAN 2 is for students. We want so that VLAN 2 shouldn't be able to access any device in VLAN 1 but VLAN 1 should be able to access all devices in VLAN 1 & 2

VLAN 1     192.168.11.0/24
VLAN 2     192.168.12.0/24

I am using VLAN interfaces. I know we have to use some access lists but if i apply

access-list 100 permit ip 192.168.10.0 0.0.255 any
access-list 100 deny ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255
 
With this access list two subnets can not access each other. How these  access list should look likes ?

View 5 Replies View Related

Access-list Port 0?

Jul 25, 2011

I was reviewing some old configs at work today and noticed somthing weird in the access-lists. What is this?

View 6 Replies View Related

Cisco :: Creating An Access Control List?

Apr 6, 2013

Creating an Access Control List

View 2 Replies View Related

Cisco :: Access-list Does Not Exist In The Configuration?

Jan 12, 2012

so far i also knew that if u assign an access-list to an interface:

for example:
int vlan1
ip access-group 150 in

and the access-list does not exist in the configuration it will block everything meaning it will be an implicit deny empty access-list but lately i've noticed on new routers that its different,if i assign an acl to an interface where the acl doesnt exist in the configuration it acts as permit all,

View 3 Replies View Related

Cisco :: Can't Configure Access List According To Project?

Feb 27, 2011

this is a project and my configred file:I can't config access list according to the project.

View 19 Replies View Related

Cisco :: Access List In Vlan Interface

Jan 12, 2013

How to apply access list on Vlans ?

my Scenario is

13 Vlans in cisco 3560 switch (Vlan 10,20,30........ 130)

vlan 10 ---- ip range 192.168.10.0/24 interface vlan 10 ip add : 192.168.10.1

vlan 20 ---- ip range 192.168.20.0/24 interface vlan 20 ip add : 192.168.20.1

here i want to block vlan 10 access to vlan 20 i created extended access list deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

and applied in interface vlan 10 as out now i cant able to access any host in vlan 20 (host 192.168.20.1) but i can able ping vlan 20's gateway 192.168.20.1

View 3 Replies View Related

Cisco Firewall :: Access-list On ASA5520

Feb 23, 2011

I have a question about access-lists on ASA: (5520 running 8.4)Often I want to permit all traffic from networks behind an interface (let's say DMZ in this example) to Internet, but NOT to internal networks. Then I  first configure a Deny from DMZ to all internal network and then a Permit to ANY. If I forget the first Deny I will allow all traffic also to my internal networks. Is it possible to configure an access-list that permit all traffic from a network to all networks that are reachable via a given interface? In this example: Permit all traffic from DMZ to all networks that are reachable via the Outside-interface? This should permit traffic to Internet and deny traffic to internal networks in one statement.If I specify the outside-interface as the destination only traffic to the interface itself will be allowed.

View 1 Replies View Related

Cisco WAN :: Access-list On Router 3945

Mar 15, 2012

I reported a really strange issue on a Cisco Router 3945. Here below info about release software used: [code] Please look at a brief extract of router running configuration file: [code] It’s an easy configuration of Extended ACL and the application on an Ethernet interface. The expected result is:

- The interface works properly (because access list is permitting every kind of data traffic in input)
- Checking “show access-list 180”, the counter of matched packets increments for all the packets that are forwarded inside the fa0/0/1.
 
But actually the Fastethernet 0/0/1 drops all the packets as if all the packets don’t match with access list (And this behavior is really incredible). The interface couldn't be used anymore because any kind of data traffic is denied.

View 14 Replies View Related

Cisco VPN :: Port-security Or Mac Access-list On 861 Or 881?

Nov 4, 2008

how to perform port security or mac access-list on LAN ports of router 861 or 881.There are commands access-list 700-799 , but I don't know how to apply that access list on configured vlan or particular port.

View 1 Replies View Related

Cisco WAN :: Router 2801 MAC Access List

Apr 9, 2013

I want to block access of some clients from the vlan1 to acces internet blocking their MAC address. How can i do this?
 
I have tring this way:
 
access-list 700 deny mac address 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
int fa00
bridge-group 1 {input-address-list 700  output-address-list 700}
 
but it's not working .

View 1 Replies View Related

Cisco Firewall :: PIX 501 With 1 Static IP / NAT / PAT With Access List

Aug 24, 2011

I am having a problem getting this to work and I have always done it with 2 Static ip address.  but now this company changed to 1 and I am doing something wrong.

I have comcast with 1 static IP, I have a local LAN with 6 host and 1 server that does Mail and remote access and web traffic.

I need a config that allows me to use 1 static ip on the outside interface of the PIX and allow with an ACL 7 ports open to the server and allow all the local host out to the internet.

View 11 Replies View Related

Cisco :: Access List To Permit IP's Instead Denies All Traffic?

Feb 16, 2011

I'm new to this forum and Cisco in general but I feel it may be very resourceful to me as I am a new network administrator fresh out of school for a local credit unionHere's my situation:We need to limit access to one of our servers to only 3 workstations used by our IT department. The server is on a Cisco 3560G on port 17, which is the interface I'm trying to apply a standard, basic ACL to, which looks like this:

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved