Cisco WAN :: What Ios For 827-4v Is Right And Working Normally From 12.4 Level
Dec 12, 2010
what ios for 827-4v from 12.4 can i use for IPSEC+ddns?i tested some from 12.4 but normally working only 12.3(26)GD, but i want ddns feature? some from 12.4 is working with tracebacks, other is not loading - with error (loadprog: error - program section linked to illegal address)
View 4 Replies
ADVERTISEMENT
Aug 10, 2011
I have a customer with a 861 ISR.I want to block all the privilege 0 users from access the enable command
If i telnet into the device, as a priv=0, enable does not work
If i telnet into the device, as a priv=15, enable does work
If i telnet into the device, as a priv=0, enable does not work
If i telnet into the device, as a priv=15, enable does not work
I have issued the command:privilege exec level 15 enable Should block everyone except 15's from accessing the enable command SSH and TELNET are on the same vty:
line con 0
login authentication local_authen
no modem enable
line aux 0
line vty 0 3
[code]....
Basically TELNET is following the rules ( priv=0 not allowed to access enable ) but SSH is not following the rules ( both priv=15 and priv=0 cannot access the command ) is there a way from blocking somes users from login in completely?
View 9 Replies
View Related
Jan 18, 2012
We have a 7206VXR with an NPE-G1 processor. We're running the standard stuff on it, but here are the highlights.We just enabled netflow on it to send the data to an external source for analysis and the overall CPU level increased, but not significantly. About what should we expect for the overall CPU level? At this point, it's averaging close to 40% during peak hours.
View 4 Replies
View Related
Jun 27, 2011
I have ASA 5505 that has two inside security level 100 interfaces and an outside interface.On the inside interface we have corporate domain subnet with DC and 30 hosts. On the inside2 interface I have few servers that runs specific application important for our business needs, and dumb terminals that are connected to them.I have a laptop user that periodically needs access from our corporate vlan1 to one of the servers on inside 2 vlan via remote desktop or some other remote viewer client,so he can view reports etc.I have enabled same-security-traffic intra-interface command and added nat exempt command pointing specific laptop host machine to that specific server.
Now my main concern is regarding security. This user carries his laptop home, browses the web, puts USB memory, and you can imagine how this machine is susceptible to all kind of malicious software. Inside2 vlan is very important and until now it has been a very secure environment.This is no longer the case since all traffic between this inside sec level 100 vlan host and corresponding inside2 sec level 100 server is now allowed because of the enabled same level interface traffic and nat exemption rule. Do I have another solution that would allow communication based on just a tcp port number for this host? Something like port forwarding from outside to inside Vlan interface?
View 10 Replies
View Related
Jun 13, 2011
I have cisco ACS 5.2 and external identity source as RSA secure ID.Currently when the RSA user login to AAA Network devices, User id & passcode prompt coming after giving the credential its going to user exec mode.Then after "enable" command again asking for Passcode giving passcode then user able to logged in successfully.
I need RSA users to get direct privlege level15 (privlege mode) ? no need to ask enable password ?
I checked this for local ACS users it is working and loca users getting directly privelege mode access...
View 2 Replies
View Related
Feb 11, 2013
I am on the lookout for free dynamic DNS for top level domain name.There seem to be quite a few free dynamic DNS providers for third level domain but I am having trouble finding one for top level domain. I am almost on the verge of actually mapping the top level domain to a CNAME of a third level domain with dynamic DNS but I really don't want to do that.
View 3 Replies
View Related
Oct 31, 2011
Is there any easy way to tell what networking level my laptop is capable of? Its an older IBM, T30.Wireless works fine but I'm thinking of upgrading the router and want to make sure the laptop will connect using the faster N network speed.
View 5 Replies
View Related
Sep 21, 2012
I have 2 dmz interfaces(dmz1 and dmz2) with security level 50. I am able to ping the hosts on dmz2 from dmz1. I am running a service on a dmz2 host on port 82 but i am not able to access that service from dmz1. Also, i have an inside interface at security lever 99 which is able to access that service.
Also, i have defined the following command to allow same security level communication.
same-security-traffic permit inter-interface
View 2 Replies
View Related
Feb 15, 2013
We have more than 50 devices handling by PI 1.2 (testing) I like to know how to do configuration archiving with user who doesn't have write privilege.
I tried like this.
username john privilege 6 password cisco privilege exec level 6 show running-config
(result) show run --> blank
I tried this user with one of switch in PI 1.2. It did not do configuration backup
username inout password inout username inout privilege 15 autocommand show running-config
(result) once logged in, it automatically showed running-config. However when I tried with PI 1.2 with this user (inout). I couldn't do configuration back.
reference [URL]
create certain user with read-only privilege while PI 1.2 is able to do configuration archiving ?
View 0 Replies
View Related
Nov 10, 2011
On a Cisco ASA 5520. I have 2 interfaces that are the same security level. I need hosts on 1 of these interfaces to be able to get to a specific IP and port on the other but I DON'T want to blanket enable 'same-security-traffic permit inter-interface" I have added an ACL inbound on the interface allowing the desired traffic and inbound on the other for return traffic and it simply doesn't work.
interface GigabitEthernet0/3.175
vlan 175
nameif Test175
security-level 30
ip address 172.30.175.1 255.255.255.0
[code]....
View 13 Replies
View Related
Feb 3, 2011
We have an ASA5520 firewall, IOS 8.0(4), running in routed mode with an operational Cisco 2821 router to ASA-5520 L2L IPsec VPN.:All Internet searches explain how to enable a L2L IPsec VPN from the LOWER security-level interface to a HIGHER security-level interface- and this is how our setup is configured and it is operational and working fine.:We now have a need to setup another L2L IPsec VPN tunnel on the same firewall BUT this time traffic will be arriving on the HIGHER security-level interface destination is to a LOWER security-level interface.:Is it possible to enable a L2L IPsec VPN tunnel between a HIGHER security-level interface to a LOWER security-level interface?
View 5 Replies
View Related
Mar 27, 2013
I have issue with traffic passing between same security level interfaces. I want to control traffic between same security level interfaces with ACL. Even no restriction, traffic does not go through. [code]
I tried to access server from THREE network to web server at FOUR network I have no response. In sh xlate output it shows "PAT Global 10.124.104.254 (28889) Local 10.124.103.1(2922) " I am not sure what else should I do. I add both same-security-level commands and it is the same.
View 6 Replies
View Related
Jan 28, 2013
Quote from the RV180 manual; 'By default, all access from the insecure WAN side is blocked from accessing the secure LAN, except in response to requests from the LAN or DMZ.'
Does this mean a general access-rule for the firewall blocking all inbound (WAN --> LAN) data is not required?
View 1 Replies
View Related
Dec 8, 2012
In the bottom screenshot how to determine the coverage level, I couldn't find any explicit documentation on that .
View 3 Replies
View Related
Mar 13, 2012
In official information for SG300-28p noise level is 40.6 dB, but in fact its too noisy. Is it possible to change speed of fans? I use only 8 PoE ports.
View 1 Replies
View Related
Sep 1, 2011
We are using WiSM WLCs and WCS to control a variety of 1131,1142 and 1252 APs utilising AP groups.
I've noticed on WCS that the power of certain APs is at a low setting, even though the APs surrounding them are also at a low setting. This is causing some gaps to appear on the heatmaps. I was under the impression that the WLCs would regulate the AP power to compensate for any gaps. Currently the global TX power level assignment method algorithm is set to automatic every 600 sec.
Now, obviously I could change this to fixed (not ideal as I may not want all my APs to run at max power all the time) or to on demand (also not ideal due to the increased admin).
Is there a way I can verify that the automatic power levels are adjusting as they should? Why are there gaps appearing in my heatmaps?
*NB It's not just the gaps on the heatmaps, I'm getting reports of dropping wireless signals from users hence me looking at the heatmaps and they just happen to correspond.
WLC version 6.0.199.4
WCS version 7.0.172.0
View 4 Replies
View Related
Jan 3, 2013
if there is a MIB available for the EHWIC-4G-LTE-V card that would allow me to monitor the current RSSI level?
If I issue the command "show cell 0/1/0 radio" on my Cisco2911 router, I get the following info. I'd like to monitor the "Current RSSI" level in Solarwinds.
Router>show cell 0/1/0 radio
Radio power mode = ON
Current RSSI = -67 dBm
LTE Technology Preference = AUTO
LTE Technology Selected = LTE
View 7 Replies
View Related
Nov 16, 2012
I'm trying to implement some best practices for ASA running on Software Release 8.2 and had a question about the default security-level behavior. Let's say I have 3 interfaces...
-inside (security-level 100)
-dmz (security-level 50)
-outside (security-level 0)
I have an ACL on the inside interface allowing http access to anywhere. Because of the ACL, the implicit higher to lower security level access is nullified. Correct?
I do NOT have any ACL on the dmz interface applied. So, would the servers in the dmz be allowed outbound access to the Internet due to the default higher to lower security level behavior?
View 3 Replies
View Related
Mar 9, 2013
We have wireless in the house, the router, etc is down in the basement where my office is. Is there any way to increase the strength to the main level of the house? Our house is standard size, but it seems to weaken upstairs.
View 4 Replies
View Related
Sep 10, 2012
I have an ASA 5520 8.2(5) with ACS 5.1, I made the configutation of Authentication and is working well, now how I can configure the authorization and get into the privileged level 15 mode directly.
View 6 Replies
View Related
Sep 14, 2012
I have a Cisco3800 with IOS Version 12.3(14)T2 and I have an HWIC-1GE-SFP module inserted on it.
I need to know if there is a command to verify optical power level in this module inserted in the Cisco 3800 router?
Something similar to the following command that I can execute in an Cisco ASR9K:
show controllers Te0/0/0/1 phy | i Rx
View 4 Replies
View Related
Oct 27, 2011
I have a 6509E switch with dual 6Kw power supply that is logging "Power supply 1 input has changed. Power capacity adjusted to 2671.20W" then will bounce back to normal at random times from 1sec to 10sec. Is there a command to check what each input level of the power supply to try to identify possibly which source is causing the problem? The power supply input lights remains green while this is occuring.
View 3 Replies
View Related
Apr 29, 2011
I can't seem to enable in ASA with a non-15 privilege level user configured in ACS 4.2 (tacacs).When I enable in IOS device, it enables and "show privilege" shows level 10 as expected. ACS should be configured correctly as it works fine with IOS. User is not set with explicit settings. Group is set with "max enable level" 15 and "shell exec priv level" 15. The enable password is set to the internal ACS PAP password. Works fine in IOS.When I enable in ASA, it fails to enable, and ACS log says "Tacacs+ enable privilege too low". I suspect that ASA tries to enable into level 15 explicitely. If I try to issue "enable 10" command in ASA it says: Enabling to privilege levels is not allowed when configured for AAA authentication. Use 'enable' only. [code]
View 2 Replies
View Related
Sep 21, 2011
We have an ADSM (version 5.2(3) ) . In ASA ( version 7.2(3)) we are working with routing, access restriction and configuring IPSEC vpn with integration to our AD. We need to get two diferent profiles: one for networking administrators, who are going to manage routing, acls and have the root for ASA, and the other profile is going to be for the vpn administrators. As I read from the ASDM 6.0 user guide is posible define command privilege level. So do you consider posible to define a particular level for all the command related with ipsec vpn (Create, Modify and Delete) and asociate that particular level with the user for vpn administration.
View 1 Replies
View Related
Nov 28, 2012
Whether ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting.
View 1 Replies
View Related
Dec 9, 2012
I am running PI1.2 virtual appliance (on ESXi 5.0). i had some issues and open a ticket to TAC. the TAC engineer requested me to send him the below:
/opt/CSCOlumos/logs/failed_inventory_feature.log
/opt/CSCOlumos/logs/ifm_inventory.log
.
.
My question is how do we get to the shell of PI1.2? i know we can get to the shell of LMS4.2. do we have access to shell of PI1.2 virtual appliance?
View 5 Replies
View Related
Jun 25, 2011
I'm facing a problem with two vlans. Each vlan has internet access by NAT.
In each vlan there is at least one server, who should be accessible from the other vlan and vice versa.
The function "same-security-traffic permit inter-interface" doesn't work, because NAT control is in place - so an expert.
Some experts told me it's not possible to route back out the same interface, and also not route back out the seperate subinterfaces as well.
View 12 Replies
View Related
Oct 7, 2012
I have two 3750x in a stack running c3750e-universalk9-mz.122-55.SE3.bin with License Level: ipservices?I am planning to upgrade to c3750e-universalk9-mz.122-58.SE2.bin will this keep my ipservices licence or revert back to IPbase
View 3 Replies
View Related
Nov 21, 2012
currenly running a C6509E, with a WS-SUP720-3B running IOS level S72033-adventerprisek9_wan-MZ.122-22.SXH3. I want to install a WS-X6748-GE-TX blade and would like NOT to have to upgrade IOS at this time. Future migrations are planned. Can this be done?
View 6 Replies
View Related
Feb 11, 2013
I am on the lookout for free dynamic DNS for top level domain name such as example.com
There seem to be quite a few free dynamic DNS providers for third level domain but I am having trouble finding one for top level domain. I am almost on the verge of actually mapping the top level domain to a CNAME of a third level domain with dynamic DNS but I really don't want to do that.
View 2 Replies
View Related
Mar 5, 2012
I'm fine tuning some of our ASA logging config, and am having an issue with one particular syslog ID.The message is: syslog 106100: default-level informational (enabled)and the log settings are:
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
[code]....
This ACE log entry is generated by explicit deny any any statements at the end of all the ACLs, e.g.access-list inside_access_in extended deny ip any any log interval 600 Based on the config, I would expect to see this being logged to the syslog server, but not to the local buffer, but am still seeing them locally in the buffer:
Feb 22 2012 10:58:20: %ASA-4-106100: access-list inside_access_in denied udp INSIDE/HOSTABC(52629) -> OUTSIDE/HOSTXXX(162) hit-cnt 5 300-second interval [0x3baecf1e, 0x0]
It also still shows these as level "warning", %ASA-4-106100, instead of the default %ASA-6-106100 I've tried removing and re-applying the config at different levels but it still reports in the buffer log as level "warning", %ASA-4-106100 This also doesnt affect every 106100 log that is generated. Most messages are generated at the correct level 6 severity but some seem to randomly log at level 4. There doesn't seem to be any pattern to this. The same access-list line can produce severity level 4 and 6 106100 messages.
View 2 Replies
View Related
Jul 16, 2012
For a week now, one of my Cisco 3945 routers displays, from time to time, the following message in its log:
2012-07-16T14:12:43.852017+00:00 cb00-r103 220: [syslog@9 s_sn="59"]: Jul 16 16:12:42 MEST: %SYS-2-INTSCHED: 'may_suspend' at level 4 -Process= "OSPF-100 Hello", ipl= 4, pid= 320
2012-07-16T14:12:43.852017+00:00 cb00-r103 221: [syslog@9 s_sn="60"]: -Traceback= 15CB073z 9081B7z 2851571z 11B7582z 11C275Ez 11C2906z 11C03E3z 1B907B5z 1B9064Cz 1BA5737z 172047Fz 47FFDCz 4D2EEDFz 4D2ED71z 4D2EA2Bz 4D30097z
2012-07-16T15:06:11.686817+00:00 cb00-r103 222: [syslog@9 s_sn="61"]: Jul 16 17:06:10 MEST: %SYS-2-INTSCHED: 'may_suspend' at level 4 -Process= "OSPF-100 Hello", ipl= 4, pid= 320
2012-07-16T15:06:11.686817+00:00 cb00-r103 223: [syslog@9 s_sn="62"]: -Traceback= 15CB073z 9081B7z 2851571z 11B7582z 11C275Ez 11C2906z 11C03E3z 1B907B5z 1B9064Cz 1BA5737z 172047Fz 47FFDCz 4D2EEDFz 4D2ED71z 4D2EA2Bz 4D30097z
[code]....
It never happened before and the configuration did not change. The only thing that happened, the WAN connection (point-to-point to a Cisco 3845) went down and the router rebooted while the WAN was down. When the WAN came up again, everything went fine, until about an hour later and the first occurrence of this mentioned log.This 3945 does establish an IPSec tunnel with its peer (the 3845) and all the traffic, including OSPF, is going through the tunnel.
View 4 Replies
View Related
Jul 14, 2012
I have ASA 5585 with SSP20. I want to enable same security level subinterfaces (routed mode) to communicate with each other.
I have put below command at global level but somehow it is not happening.
hostname(config)# same-security-traffic permit inter-interface
Do I also need to check for NATing or some other things apart from above command?
View 2 Replies
View Related