Due to network security audit we are interesded in encryption algorithm used for authentication of administrator and operators in Starent Networks ST40 Intelligent Mobile Gateway. To be more clearly, we need to know what type of hash is used for password storing when "showsecrets" command is omitted.
View 2 Repliesif there is a wireless adhoc network and i want to provide the security to the data which i want to transmitt over this network but i dont want to encrypt the whole data but to apply encryption in a part of data which conatins the important information.
View 1 Replies View Relatedwe use LMS 4.2.2 to manage our Cisco devices. At the moment all devices are managed with snmpv2. I´ve picked one Catalyst 2960-24TT-L Version 12.2(25)SEE3 and configured snmpv3
Here´s the output of show snmp user:
User name: ciscoworks
Engine ID: 8000000903000022BD29EF40
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: DES
Group-name: LMS
Now, in LMS under Admin->Network->Device Credentials Settings-> i created a new credential set "snmpv3" with the correct user/password and following settings: AuthPriv (enabled) Auth Algorithm MD5 Privacy Algorithm DES (because the 2960 12.2(25)SEE3 doesn´t support any other alorithm).
I´ve edited the credentials and assigned the new set to that device. Now to test the snmpv3 credentials i´ve started an Device credential verification job an chose snmpv3 only. But every time the job failes with the error
Wrong Privacy Algorithm.
I would like to ask whether SHA1 signature algorithm is available for FWSM. We use FWSM code version 3.2(22) in our production network where only MD5 signature algorithm is available. There is a need to upgrade to stronger algorithm SHA1. From my experience I know that this is possible on ASA firewalls running on 8.4. codes. Certificates generated on code 8.4. automatically use SHA1 with RSA Encryption.
Is it possible to have Signature algorithm SHA1 on FWSM? If so, in which code version?
hba-pf-a# sh crypto ca cert
Certificate
Status: Available
Certificate Serial Number: caf44050
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
[Code] .....
I am support one client for, whom falls under Security scans mandatory for new implementation of ASA 5520 device. The client uses Nessus Scan and the test results are attached.The Nessus scanner hit on 1 Medium vulnerabilities.
View 2 Replies View RelatedWill there be some pause in traffic on formed ether channel interfaces (4500E switch), when i will change the default ether channel load balancing method to src-dst-port (or any other non-default method)?
View 1 Replies View RelatedI have a issue in my network, i have 2 data connections with 2 different ISP (Principal & Backup connection). But with ISP "X" the RTO are stable (RTO 240), but with the ISP "Y" the RTO is in 5000 and the connection always are flapping.
View 13 Replies View RelatedWe run 6509 core routers as NTP servers to other IOS routers/switches & servers of several OS flavours.All good. Recently added some Nexus 5000s and cannot get them to lock.No firewalls or ACLs in the path
6509 (1 of 4) state:
LNPSQ01CORR01>sh ntp ***
address ref clock st when poll reach delay offset disp+ 10.0.1.2 131.188.3.220 2 223 1024 377 0.5 -6.23 0.7+~130.149.17.21 .PPS. 1 885 1024 377 33.7 -0.26 0.8*~138.96.64.10 .GPS. 1 680 1024 377 22.7 -2.15 1.0+~129.6.15.29 .ACTS. 1 720 1024 377 84.9 -3.37 0.6+~129.6.15.28 .ACTS. 1 855 1024 377 84.8 -3.30 2.3 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
[code]....
Are we missing some NTP or managment vrf setup in the Nexus 5Ks?
I think I may have a bad port on a 5548, does the NX-OS has any sort of self-diagnostic test on its port?
View 6 Replies View RelatedI am looking how to see the mac table on a Nexus 5000 switch running NX-OS and confirm the mac address on a certain port. Similar to the Sh mac-address-table in IOS and sh cam in Cat-os.
I am sure this is simple I just cannot find the command.
Is it possible to disable mac learning on a specific vlan in the nexus 5000?
View 4 Replies View RelatedI need to open ports 5000 and 5001 on my Cisco PIX 501 to enable some users to be able to connect to our CCTV from outside, how should I open these 2 ports?
View 1 Replies View Relatedi have a use-case in which we need to firewall some of the security-sensitive-vlans to the ASA. In other words, there are few vlans that have their SVIs on the N5k (Layer-3 enabled) which talk to each other and there are some which have the layer-3 on the ASA. The ASA has sub-interfaces for those vlans. The N5k-sw and the ASA are interconnected on the same 1 physical link with a sub-interface on both ( /30) and the ASA is injecting default route to it in OSPF. They are advertising all of their networks in OSPF. I see all the routes in them. (Attached pic),My issue is: I am unable to ping the other sub-interface on the ASA from the N5k. (If you check the attached diagram, i cannot ping 20.1.1.1 from the N5k, although i can reach my next-hop 10.1.1.2) I have made the security-level to 100 for the subinterfaces and the physical interface on the ASA, also have allowed ip,icmps in the ACLs on the sub-interfaces of vlan 10 and 20 in both directions.
View 5 Replies View RelatedWe are using almost 10 Nexus 5k in our DC currently we are getting same error logs in all Nexus 5k." ntpd[4746]: ntp:time reset +0.279670 s " ,Is it major error or just for reset time?
View 1 Replies View Relatedhow can I open my port 80, 5000, and 22 in my modem.
View 1 Replies View RelatedI have a HP DV 5000 laptop XP.I want to watch online videos,movies,sports,etc?
View 2 Replies View RelatedI was wondering what this command that appears in default configuration of cisco routers: scheduler max-task-time 5000.I did some research in forums but did not find anything apart from the "scheduler" command with other options.
View 2 Replies View Relatedtried to read the NEXUS 5000 cpu load: cseSysCPUUtilization 1.3.6.1.4.1.9.9.305.1.1.1 but there is a timeout: Timeout: No Response from 10.100.224.16 Other MIB values readout, like the system value, is ok.We use snmpv3.
View 4 Replies View RelatedI need to open ports 5000 and 5001 on my Cisco PIX 501 to enable some users to be able to connect to our CCTV from outside, how should I open these 2 ports?
View 5 Replies View RelatedAm new to Nexus switching, i have a Nexus box that i need to link with IBM servers with 10GB Network Cards.
how to set up fiber channel on this machine
I have a little problem. My customer is using TACP-PLUS ALPHA (F4.0.3.alpha.v9). Well, the same user than have access to another Cisco equipment, with user test1 by sample, can configure anything in the equipment. But in the nexus 5000, el command "show user-account" indicate just the "network-operator" role. Well, I patch this situation with the next commands:
aaa authorization config-commands default group TACSERVER local
aaa authorization commands default group TACSERVER local
Well, when I do a telnet into the nexus, I can shut the interfaces, config and anything. But, when I ingress by console, I can not to configure the interfaces.I understand that the Nexus 5000 the Tacacs configuration is global for VTY and Console (different in the Cisco equipment Routers by sample).
I have the following configured on my Nexus switches and works with success.
The problem I have is Once I switch of the ACS server I can log on to the Nexus as I have a admin user configured locally on the Nexus and the ACS server unfortunately can not run commands as it tries to point to the ACS server for auhtorization and the ACS server is turned off is it possible for the Nexus to ignore the authorization command if it can not see the ACS server ?
Feature tacacs+
ip tacacs source-interface vlan 705
tacacs-server host x.x.x.x key 7 "xxxxxx"
aaa group server tacacs+ Test-switch (Test-switch is a group configured on ACS 5.2)
[Code]...
I have a Dell Dimension 5000 and I want to transfer the computer to connect via wireless. I have bought a wireless dongle installed all the sot wear but my computer will still not connect to the modem in my house. Is this particular model able to connect via wireless. Or do I need to install more software.
View 1 Replies View RelatedAny opinion on what could cause loops on nexus 5000 ports that are connected to esx hosts ?
View 3 Replies View RelatedI'm planning to upgrade N5K from 5.1(3)N2(1b) to 5.2(1)N1(4)."sh install all impact kickstart bootflash:n5000-uk9-kickstart.5.2.1.N1.4.bin system bootflash:n5000-uk9.5.2.1.N1.4.bin"reports:
...
Compatibility check is done:
Module bootable Impact Install-type Reason
------ -------- -------------- ------------ ------
1 yes non-disruptive reset
...
Is the upgrade really non-disruptive?
I ma trying to query "CISCO-PORT-CHANNEL" mib on Nexus 7000 for portChannel table and I am not getting any info.
Nexus OS versions : Nexus 7000 - System version: 5.1(5)
Nuxus 5000 - System version: 5.0(3)N1(1a)
Any pointers or other alternatives to query through MIB ?
The diagram below is the configuration we are looking to deploy, that way because we do not have VSS on the 6500 switches so we can not create only one Etherchannel to the 6500s.Our blades inserted on the UCS chassis have INTEL dual port cards, so they do not support full failover.
Questions I have are.
- Is this my best deployment choice?
- vPC highly depend on the management interface on the Nexus 5000 for the keep alive peer monitoring, so what is going to happen if the vPC brakes due to:
- one of the 6500 goes down
- STP?
- What is going to happend with the Etherchannels on the remaining 6500?
- the Management interface goes down for any other reason
- which one is going to be the primary NEXUS?
Below is the list of devices involved and the configuration for the Nexus 5000 and 65000.
Devices
· 2 Cisco Catalyst with two WS-SUP720-3B each (no VSS)
· 2 Cisco Nexus 5010
· 2 Cisco UCS 6120xp
· 2 UCS Chassis
- 4 Cisco B200-M1 blades (2 each chassis)
- Dual 10Gb Intel card (1 per blade)
vPC Configuration on Nexus 5000
TACSWN01
TACSWN02
feature vpc
vpc domain 5
reload restore
reload restore delay 300
[code]...
Iam having some issue trying to configure snmp-server context vrf XXX.From some reason even if i put my VRF name i cant see anything about this vrfthis is the command i add:
snmp-server context def vrf datacenter
I m trying to setup a Tacacs config onto my new NEXUS 5000 series.Nevertheless the authentication doesn't work.Actually I followed the config guide but something is not working or missing.I have setup everything through VMWARE with ACS installed on a Windows server.
View 20 Replies View Relatedon some of our ports on Nexu 5000 and on the connected FEX we can see a lot of Jumbo Packets though there is not enableed any JumboFrame on the Switch, all Interface and system MTU is set to 1500.
DBE-LINZ-XX41# sh int Eth113/1/27
Ethernet113/1/27 is up
Hardware: 100/1000 Ethernet, address: d0d0.fd1b.b69c (bia d0d0.fd1b.b69c)
[Code]....
I have 2 nexus 5000 switches configured with a trunk linking the two how can i do the follwoing
BOX 2
vrf context management
ip route 0.0.0.0/0 192.162.88.9
BOX 2
vrf context management
ip route 0.0.0.0/0 192.168.88.10
1. ping between the two boxes, i set up static route's but when i ping i get the error "NO ROUTE TO DESTINATION"
2. routing between the two
We have a requirement to send span traffic to a destination port for monitoring purposes on two 5000s with some 2000 fex boxes attached.
Some of the servers are making use of frames larger than 1500. we have not changed any mtu configuration on the 5000 since installation, and I can see the policy maps is still on 1500.
My first assumption would be that frames larger than 1500 will not be dropped, but it seemingly not (see below). is there a reason why the switch would forward jumbo frames? Also, is there a limitation on MTU for span traffic? There is a MTU command under the span session, but the maximum is 1518. From what I can read the frame will be truncated if it exceeds this. Does that mean the fragments will be dropped?
RX
7495685816 unicast packets 249 multicast packets 147899 broadcast packets
7495833963 input packets 1426823388087 bytes
1608134 jumbo packets 0 storm suppression bytes
[Code]....
I am looking for any assistance with an issue I am having. Within my network, I have two Net App enclaves that replicate with each other. These hang off of separate switches, one at our primary site and one off of our secondary site, just a few miles away. I can replicate from the primary site to the secondary site at 8GB per minute. From the secondary site back to the primary site, however, the replication passes at about 17MB per minute.
The configuration is exactly the same on both ends. The primary Net App enclave hangs off of a 6513 switch and the secondary Net App enclave hangs off of a Nexus5000. Trace routes and pings all show correct paths and connectivity. I have troubleshoot this for a few days and I have been unable to figure out what is causing the replication issues. The fact that this is bi-directional traffic and I am having problems one way is really throwing me off. There are no ACLs or firewalls present between the two switches.