My current network has a Cisco WLC 4440 with a number of Aironets connected. I noticed that it says there are about 90% of my APs are rogues. closer investigation in the Rogue APs page shows SSIDs of a few businesses around. When i click on the mac address i see that the rogue is not on the wire but i have a number of APs dectecting each rogue.
Now the question is are my waps transmitting or repeating these rogues? If so how can i prevent it without sending a deauth to their wap which is not part of the good neighbour policy ( as i understand it)?
Not sure if this is part of the same question above too, but i do have a rogue client on an SSID that is not mine but shows up on my AP, what is legally right for me to do to prevent use of my network devices by the external client?
I have an MSE 3355 running 126.96.36.199, Cisco Prime Infrastructure 188.8.131.52 and 6 wism2 running 184.108.40.206. MSE was correctly added to Prime and assigned to maps and controllers. Context Aware Service is Enabled and Up and I have a permanent license installed with a limit of 3000 elements. The appliance is not able to perform client or rogue tracking. This is what I see under Services->Mobility Services Engines->Context Aware Service->General:
Version220.127.116.11 Operational StatusUpNumber of Tracked Wireless Clients0Number of Tracked Tags0Number of Tracked Rogue APs0Number of Tracked Rogue Clients0Number of Tracked Interferers0Number of Tracked Wired Clients0Total Elements Tracked0Tracked Elements (Wireless Clients, Rogue APs, Rogue Clients, Interferers and Wired Clients) Limit3000Tracked Tags Limit 3000
I am facing a problem with transmitting of VoIP traffic through VPN.
I have a 1921 router in my end where two ISP's terminate and load balancing is done over the ISP'S. I also have a site-to-site IPSEC VPN connection to remote location. Also I am having to analog phones connected to the network through an ATA. My Call manager is in the peer end and has public IP assigned to it. The IP phones get registered when coonected to general inernet connection.
The loadbalancing and VPN is working fine. Now I need to transmit the VoIP traffic over the VPN. I have configured the same but seems not working. [code]
My question is about the maximum possible transmitting power in a Cisco 1242AG-E-K9.I did an update of my AP on a new ios version and since then, the maximum power for me is limited to 17 dbm. I check this within the console and the "show controllers dot11radio0 | include Power:" command. I thought that I had 20dbm before the update, but unfortunately I can't proof this by myself because I have no AP left with the old firmware.
Is it possible that the upgrade did this? I read about the regulatory domains for the transmitting power. I live in Switzerland, so I thought I could use 100mW if I want to. I read it's not possible to use the 100mW at each speed but I think I should stull be able to select the 20dbm/100mW or am I missing something?
The switch has been set to Level 3 Routing. Port 27 has been in use as a Fiber Transceiver with no problems for several weeks. This week I tried connecting a second Fiber Transceiver to Port 28, and it would not work.
Swapped the physical GBIC modules in the ports, and the situation remained exactly the same: Port 27 works, Port 28 would not work.
Connected to the copper-part of the combo Port 28, it immediately connected and worked fine.
Connected an external Fiber Transceiver Box in place of the GBIC in Port 28, and it immediately connected and worked fine.
Swapped the new Fiber jumper (Port 28) with the existing Fiber jumper (Port 27), and the new connection came up immediately and worked fine. The existing connection would not work when connected to Port 28.
By "not working", I am not able to ping across the connection. The link light comes on and blinks. The transmit/receive statistics show as if data is processing on this switch, but on the other side of the Port 28 connection, the switch shows Transmit traffic, but no Recieve traffic.
My internet connection is continuously transmitting and receiving, even when there is no application running! is there any way to find out what is being transmitted or received and how to reset the connection?
I purchased a EA4500 and at first I could connect to it through its default ciscoxxxxx ssid on my laptop which is 2.4GHz only. I upgraded the firmware using the PC utility and now I can't find the 2.4GHz SSID no matter what settings I do. I've disabled and enabled it multiple times, changed it to have no security or with security and enabled and disabled it and renabled it. Nothing seems to work, but for some reason the 5GHz side I can connect to using a 5GHz device. I've also tried disabling the 5GHz side, but still no 2.4GHz.
I'm having an issue with a 2 week old WMP54G pci adapter. The behavior is as follows: I get a successful connection and excellent speeds, but every 10 seconds it stops transmitting and drops off the network for a moment. Then everything comes right back. 10 seconds on, drop, 10 seconds on, drop.I've investigated possible sources of interference, but there aren't any strong networks coming though on the same or nearby channels. Moreover, other devices sitting in essentially the same spot are connected consistently and show no variation in the signal strength.
Other info: OS is Ubuntu 10.10, the machine is a Dell GX270.
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
We are about to share a 10 MBit ISP connection with 2 others companies, and they are going to split the bill up into 3,3 and 4 Mbit, so we where thinking that we could setup a switch before their and ours router and provide them with a static IP from our ISP. But is it possible to set a bandwidth limit on the ports of a Cisco Catalyst 2960-8TC, so that we can set a limit of 3,3 and 4 on 3 ports.
I have 7 POE switches that have ESI IP phones attached. I have two VLANS, 1 and 2. VLAN 2 is used for voice and is defined in each switch.The ESI IP phones connect to my POE switch ports and the pc attaches through the ESI IP phone.
I have had voice quality issue between floors in my building. Talking to others on my floor via the IP phone, there are no voice quality issues. [code]
I currently use a device called the Access Enforcer which runs OpenBSD. I have 3 stable, working VPN tunnel's where the other side's device is a Cisco ASA 5520 or 5540. I was setting up my 4th VPN where the other side used a Cisco ASA 5520 and ran into issue's. The Cisco side can bring up the tunnel. Once the tunnel is up each side can talk to the other side. However, when the tunnel is dropped, the OpenBSD side cannot bring up the tunnel. The error received is on the OpenBSD device is "isakmpd: transport_send_messages: giving up on exchange from-XX.X.X.0/24-to-XX.XXX.XXX.240, no response from peer XX.XX.XXX.141:4500". I have been trying to figure this out for weeks now and can't seem to find the cause.
I am trying to configure a 3750G that has been sitting on the shelf for several months and am getting the following error -
% Error: Unable to create flash:/microcode_update% Error: It must not already exist
Normally, getting an error during POST isnt a good thing. My first thought was that flash was corrupted or flagged RO somehow. I did fsck flash: with no change. I next tried fsck /test flash:. It tested 77 blocks and performed 0 erasures. It had been running for about 15 minutes with no problems reported so far. Multiple reboots of the switch still report the same error.
I have reviewed the history of what I have done on this switch and finally think I found the problem. I noticed a microcode_update directory that I am not used to see on a 3750. Deleted the directory using the rmdir command and rebooted the switch. On reboot, I noticed that a front_end/ directory was listed as being created as well as fe_type_1 and fe_type_2 were created. The switch now boots up without any errors.
I have two Cisco Aironets 1401 connected to a Cisco Catalyst 3560 Switch. When users log onto the Wifi the APs authenticate with a Freeradius that then authenticates with LDAP.
Recently users have been getting kicked off of the network but I'm not sure why.If so how do I set these APs to roam with my setupd?For all I know there could be an issue with the switch I'm just not sure where to start when it comes to troubleshooting this issue.
Guys I am using a cisco 2911 router with three interfaces: Gi0/0 connected through a switch to all my servers and Gi0/2 which will connect to another server, and Gi0/1 is my outside interface connecting through a switch to two ISP's.I have webservers and Terminal servers/File Servers with 10.0.0.0 network address connected throught My Gi0/0 interface.Now I want to implement a Cisco Advanced firewall for security on my router using CCP.I want the firewall to work such that it allows external users to access the servers on Gi0/0 through ports 0,23,25,20,21,53, 110,3389. and to access the SIP server on Gi0/2. My issue is can i just create two DMZ's for both interface Gi0/0 and Gi0/2 without creating an inside zone and Gi0/1 as outside zone as my internal traffic is mostly server based and the users connect remotely through terminal server to access resourcess using RDP, secondly how do I open the relevant ports.I have checked alot and all I have seen is just basic process on using the wizard I have no idea how to go about this issue.
I bought a new cisco 3550 switch to prepare for my Cisco certification prepration. Actually i dont know how to connect the cisco switch to a laptop with only usb ports....... earlier i used to do my practise using Cisco packet tracer but i think for CCNP switch that is not enough thats y i bought second hand switch. how can i connect that switch with my toshiba laptop which has only USB ports. do i need to buy some sort of convertor or other hardware. And if so what does u call it and how much does it cost?
I am struggling to have my PPTP traffic to get routed through NAT to reach other Server LAN segment. I am using Cisco 2921 router as a PPTP server.This Cisco 2921 router is working as PPTP server and doing NAT also to reach Server LAN segment (LAN-B).My problem is after PPTP connection establishes I cannot reach any of the LAN segment, but after connecting PPTP I can browse Internet without any issue, but none of the LAN element is reachable. Please have a look on the configuration I am posting 2921 router configuration to suggest something, I have also attached the network setup for better understanding…Just to update Clients in LAN-A can access Internet as well as servers (LAN-B). [code]
I would like to know the IOS which supports :ACL Support for Filtering on TTL Value feature on my Cisco 7600 device. I check on cisco and found the Cisco 12.4T release but this software doesn't fit onto my chasis. which software should I upgrade to on my cisco 7600 to have this feature.
I have a cisco router I would like to reset the password for. Its the first password that is entered. for exampleUser access verificationPassword:I have changed the en password using this command:router(config)#enable secret cisco123 <---example password
I finally got the Site to Site Vpn from our corporate to remote site. Is there a way to connect a cisco phone over that network. Since both Voice Vlans are exempt from acl I would imagine all traffic is clear to go accross? and if so I just have to set the phone to our tftp/ccme. Will that work.
I want to create a user who only has access to "router>" prompt on the CLI. this user should not be able to do enable command and by no other means be able to go to global configuration mode. I know the command router(conf t)# username ABC privilege 1 password ABCPASS, but even with this command, this user gets privilege 15 access.
I have the CISCO 1800 and I have there the HWIC-2T. I have two questions.First is an easy one. I want to replace the HWIC-2T with HWIC-4T but the CISCO 1800 guide and the HWIC-4T guide says that they dont fit together but I inserted the HWIC-4T in to the CISCO 1800 it recognized him with all the 4 Smart Serial ports that it hase. The question is, how can I check if the CISCO 1800 supports the HWIC-4T?Second question is how can I configure one of the Smart Serials in the HWIC-2T/4T to comunicate with the X.25 Protocol? What I have now is at one end CISCO 1800 and at the other end CISCO 2800 and they are comunicating with each other throught one of the Smart Serials they have. I want to connect to each one of then an old pc that comunicate only with X.25 and I want this two computers to comunicate with each other throught those two routers.
We're currently evaluating Cisco Prime LMS 4.2.Something we've been trying to achieve for the past couple of days is to have LMS notify us when a Microsoft Host is Unreachable, and then to notify us once that alarm has cleared (the Microsoft Host is Reachable again).
We're at the point where the Microsoft Host was discovered, LMS incorrectly identified it as a Cisco Call Manager, so we changed it's identity to non-cisco device > microsoft host > microsoft host. LMS currently has the device listed as being in the 'Questioned' state. SNMP timeout has been set to 15 seconds, and the SNMP community is correct.
Being new to LMS Prime, and having not received any training on the product to this point, we turned to the admin guide, but we couldn't find anything that goes into detail for how to manage the notification for non-Cisco devices.
Is what we're trying to achieve possible with Cisco Prime LMS 4.2? We just want to be able to receive simple 'host unreachable' notifications for Microsoft servers, and the corresponding 'cleared' notifications once the server is back online.
I'm trying to understand CEF; I know it's used most commonly in layer 3 switches but that routers can also do it. The routers that support CEF must have special hardware I'm assuming? (Since CEF is layer 3 processes in ASICs) How can we check if a router is capable of CEF? Does anyone know a good link/graphic that shows how much faster CEF is than software-based layer 3 processes?
Basically, I have a network which has a LAN and a DMZ. I need to isolate a few servers and users from the LAN so I created a VLAN on the switch. I assigned it an IP address in a different subnet and assigned ports to the VLAN. Port forwarding is configured on the switch.For testing purposes, before this goes live, I connected a computer directly to one of the switch ports (ge4/5) and assigned it a static IP in that subnet, the gateway being the VLAN IP. I can ping the VLAN IP but I can’t ping the router or get to the Internet,I tried setting the gateway to the ASA VLAN interface (e0/1.4) with the same result.The 1st step is to get Internet access. The next step will be to allow access to the Exchange server on the LAN.There are many devices not shown on the diagram but the important ones are there.
Having a hard time getting Cisco phones to roam 'cleanly' in a Cisco unified wireless environment; Cisco 2504 controller with Cisco LAP1142n (lightweight) APs. The phone SSID is not broadcast and is using WEP encryption. The problem is that when the user is walking around the property, traversing from AP to AP in-call (external and internal calls), they notice the point at which the phone roams from AP to AP - it's literally two or three seconds of no sound and then the call resumes back again. Fast SSID change has been enabled, we've tried locking the SSID to 802.11a only, b only and g only but with only slightly better results when locked to B. We've lowered the client roaming threshold RSSI to -75dB from -80dB, this also yielded better results but still a couple of seconds gap exists. Cisco TAC came in on a Webex session earlier, changed a few QoS settings and advanced wireless settings on the controller, but to no avail. Wireless signal has been proven to not be an issue; several AIRMagnet PRO surveys have been carried out showing the signal throughout the property to meet the -67dB requirement.