Cisco :: Many MAC Addresses On Same Port?
May 25, 2012
We got a bunch of port-sec violations on port fa1/0/42. after checking logs, we noticed that the MAC address responsible for generating the alert was not one, but many.We asked the user, he said he only restarted his computer.The MAC addresses happen to be existing MAC on the network.How is it possible that a port-sec violation is made by many MAC addresses on the same port, successively?
Syslog message generated from device SW_Etage1: May 25 15:17:08 10.100.254.11 1454802: May 25 15:19:11.693 CET: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 6416.8dbb.930e on port FastEthernet1/0/42.
Syslog message generated from device SW_Etage1: May 25 15:17:29 10.100.254.11 1454805: May 25 15:19:32.874 CET: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 78e3.b58f.1011 on port FastEthernet1/0/42.
[code]....
View 11 Replies
ADVERTISEMENT
Dec 12, 2011
Is there a way to set static ip addresses to each port on at sf 300-08?
View 1 Replies
View Related
Sep 25, 2011
I have a customer thats got a Linksys router now, that has a DMZ port.The DMZ port is configurede to it routes the extra public ip-adress to the DMZ port it has.At the DMZ port they have another router connected, where they routes the public ip-adresses på some other devices.How can i make this setup on a Cisco ASA 5505 (With the Security Plus licens)What i have to do is to replace the Linksys router, and make it so, so it works like it was before with the Linksys.
View 5 Replies
View Related
Nov 2, 2011
I just thought if it's possible to make sure that only approved IP addresses for each of divisions of a company can be used.How can I assign for a port one/more public addresses and be sure that only this port is using it/them. Thing is I have only one 24 bit public Network ID provided to me by ISP. One IP address of the range is used for ISP's gateway. So I have 253 addresses to be distributed among divisions. However to avoid IP address conflicts I have to be sure that only dedicated for a division IP address/es is/are used by the division.
Router is 2821.
Switch is 2950.
View 11 Replies
View Related
Oct 12, 2011
Just purchased a Cisco RV110W for our small business. We were told this was easy for us to use and secure enough for our small office and for our travelling sales staff to access our website.
We purchased 2 dedicated IP-addresses, 216.82.5.230 for access to one server, and 216.82.5.231 for access to a second server (these IP-Addresses given are just an example; not real).
These come into the single RV110W WAN port. The two servers are plugged into 2 of the 4 LAN ports.
But the WAN setup page only accepts one WAN IP-Address. So when we put in 216.82.5.230, the outside world can HTTPS into one server, but we don't know how to get them to HTTPS to the second server when the other staff uses 216.82.5.231.
In summary, how to use the RV110W admin panel to forward the HTTPS/SSL traffic from 216.82.5.230 to one server (setup internally on 192.168.10.20), and the HTTPS/SSL traffic from 216.82.5.231 to the other server (setup internally on 192.168.20.20 using the VLAN setup on this router)?
View 1 Replies
View Related
Nov 9, 2012
Is there any solution for automatic switching between wired and wireless network connection?
In my work we have two option for connection to network. Wired for working but with blocked pages like youtube and other streaming media. And wireless for visitors which haven't blocked any pages but I can't do my work on it. Can I by connected to both and some utility will doing switching between them? I want to use streaming and be connected to wired network which has blocked streaming.
View 1 Replies
View Related
Dec 30, 2012
I am a total Cisco novice who has just had a ASA5505 installed to replace a linux freeware firewall (smoothwall).I'm told that the 5505 can't port forward traffic (e.g. ssh) from two external IP addresses to two internal destination machines via the same port # (22 in this example).
View 9 Replies
View Related
Feb 28, 2012
I have a weather station at our high school that needs UDP port 9500 open inbound/outbound to specified IP addresses.
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
View 1 Replies
View Related
Jun 21, 2012
ASA 5505 Firmware 8.3(4), ADSM 6.4(2).I have a public IP address of 168.87.3.4.I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1).I need to foward different ports (10020-10080) to a different internal address (192.168.1.2) Everything I read tells me how to do this in a 1 to 1 static NAT.
View 1 Replies
View Related
Jul 25, 2011
I have purchased a subnet of 8 private IP addresses from my ISP. 109.x.x.128/29.The ISP has placed a juniper router within our data centre which is routing purely from 109.x.x.206/30 to 109.x.x.128/29 with the ip of fa0/1 set to .129.
I have linked a cisco 5505 to fa0/1 of the juniper from fa0/0 and configured its IP to .130. I have configured NAT to translate our client pool 192.168.16.x /24 address' to the internet.
Is it possible for the 5505 to route / map my remaing private IP addresses through its external port? I have tried creating a seperate VLAN for a DMZ for our servers to sit within but am returned with a subnetting error as VLAN for my external port is all ready configured within the same subnet.
View 2 Replies
View Related
Oct 8, 2012
In setup for old RV042 (V1), when updating / adding Mac addresses, the table is always sorted by IP addresses. But in the new oneRV042 (V3) I have, even with latest firmware 4.2.1.02 the list is random, thereby increasing the chance of user entering DUPLICATE IP addr with diff Mac addr. That will result in conflict.If the firmware sorts the DHCP entries by ip addresses, user would be able to catch duplicate ip errors even if the system does not flag the errors. All Cisco smart engineers can you all get the dhcp entries SORT by ip addresses.
View 2 Replies
View Related
Apr 21, 2013
When I try connecting via anyconnect the logs (and anyconnect messages) state the connection "cannot be established due to no addresses being available for SVC connection'". The group etc has a dhcp scope assigned, (and this was working for the past year). I'm not sure what config changes (if any) he made before leaving.
View 10 Replies
View Related
May 21, 2012
We've never had a problem setting up ASA to ASA or ASA to PIX vpn site to site tunnels using RFC-1918 addresses ( 10.x.x.x usually ). Now we have a customer ( a hospital ) that requires a public non-RFC1918 address to be presented to them. Since the addresses that we send are routable, they get routed through the internet instead of going through the tunnel. Here's the boiler plate from the customer:
"Important Note: The following information is to be used as a guideline in setting up a VPN connection between XXXX and your organization. Currently, XXXX supports only site-to-site VPN’s and all partners MUST present valid registered public IP addresses through the VPN tunnel.XXXX is unable to accept RFC-1918 addresses (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). We do not support PPTP, L2TP, or client VPN connections through a dialer application."
I was able to get a tunnel running between two ASA-5505 units using a public class C address that is currently not routable. How do I get this to work with a routable address? The tunnel will be carrying patient data and is basically a single server to single server link. It needs AES-256 and SHA-5 encryption but that shouldn't be a problem. The hospital is using a PIX, we are using an ASA-5510 with Security Plus license. We also have a couple of ASA-5505 units with base license to test with.
View 1 Replies
View Related
Nov 15, 2011
We sold an ESW 540 switch to a 3COM customer that is replacing old equipment. This replacement will be on different faces so we have to interconnect some 3COM switches to the Cisco equipment. We are installing rigth now and this two situations:
Virtual machines can´t get IP addresses via DHCP (using a different MAC address) when connected to the Cisco switch. Physical machines receive IP addresses from DHCP without problem. This situation never happened with 3COM switches.When we interconect the Cisco Switch to the 3COM switches (not using uplink ports) the connection never goes up. Remembering that 3COM switches are old we fixed the speed to 100 Mbps Full Duplex but it didn't work.
View 5 Replies
View Related
Mar 15, 2012
On my desk top home computer (XP Home Edition) connected directly to High speed Internet modem/router with a ethernet cable :The modem/computer connection worked for many months. Recenttly, I had to re-install my Network Driver because of a virus problem. The LAN icon now says :"Status: Acquiring Network Address" but it never gets to a connected status. IPconfig/all shows all 0.0.0.0 I have another laptop (Windows 7) using same network/modem thru wifi WLAN mini card and it connects fine to the Internet. IP values[CODE]
View 1 Replies
View Related
Oct 8, 2012
Why do we need them? Could we leave the LAN with a subnet broadcast packet (for instance with an address of 192.168.1.255 /24). Are those addresses used for something?
View 4 Replies
View Related
Apr 18, 2013
when you have a device that you don't know it's IP what do you do to find it out, I normally just plug directly into the device and use nmap to scan the ranges I think it might be, but that takes quite some time?
View 17 Replies
View Related
May 25, 2011
I've just installed a 2106 Controller at a remote site. The Controller is seen by the WCS at the main site so, connectivity is good and I'm able to login from the main site. I've configured the DHCP server which is at the Main site on the AP manager interface and the Manager interface and on the WLAN of the new controller but, APs are not getting addresses.
View 6 Replies
View Related
Apr 18, 2011
I purchased a Cisco 520 and am trying to set it up on my home network.Its ADSL PPPoA for WAN.I am trying to setup 2 LANS. One General Network,One DMZ for webhosting.Now, since this router has 4 ethernet ports, i assumed i did not need VLANS. Except when i try configure an interface with an IP address i get this error: % IP addresses may not be configured on L2 links.Now. Ive looked around on the internet about this error. And it seems that since these interfaces are not Layer 3 interfaces,they need to be associated with VLANS.This would be OK. Except this requires an IP address on an interface on the router! Back to square one.
View 6 Replies
View Related
Apr 16, 2012
I have a solution of thre ACS.. one primary and two secondaries. My customer report me that in port of the switch where is connected the ACS show two mac address. [code]
View 1 Replies
View Related
Feb 5, 2012
I have a Cisco 2811 with 8 serial interfaces. Three of them are in multilink1 which is our active connection to AT&T MPLS. I have the other 5 in multilink3 which will be an upgrade to a new MPLS. The two multilinks have different ip addresses. AT&T cannot get the multilnik3 (the new one) to come up. The serial links are clean with no errors. Cisco TAC looked at the config and ran some debugs. Their conclusion was that the far end AT&T router keeps dropping the multilink.Here is a debug of what it does (this shows only one serial interface in the multilink - for testing purposes). [code]
View 6 Replies
View Related
Oct 15, 2012
I have a client that has 6 public IP addresses. He needs to use 3 of them. One for workstations which is currently working fine. It is using the default gateway IP. One for a email/web server which has a statis NAT and is also working fine. But we need an additional NAT but it is for 3 servers that all need to go out as the smae public IP. I am not sure and been unsuccessful getting those to go out as the same IP. I either cannot get them to exit the same IP or it breaks the workstation NAT.
Workstations would be 10.0.0.100 - 200 going oput the FE1 interface or I think x.x.94.122
Email would be 10.0.0.5 going out the statis NAT of x.x.94.123
I then need 10.0.0.2 - 4 to go out x.x.94.124
I removed some ACLs and IP info for security. Attached is the current config.
interface FastEthernet0
description $ETH-WAN$$FW_OUTSIDE$
ip address x.x.4.240 255.255.255.0
[Code]....
View 1 Replies
View Related
Mar 4, 2011
Our company is a small one and steadily growing towards mid size. We currently have about 200 or so users. Naturally we have run out of IP addresses and now we must redesign the entire IP schema.Initially our plan was to just implement a class B subnet for the whole network with certain ranges belonging to certain kinds of devices/machines/servers.Are there any cons to this? If so, could you link me to documentation that explains this?
View 4 Replies
View Related
Nov 20, 2012
I have an exercise with picture you find below. The question is: Will the network shown in the diagram work correctly when you consider that the MAC-addresses PC0 and PC8 are the same, and why?
View 1 Replies
View Related
Jan 20, 2012
I am in charge of a network that has two dns servers with directorys, one main and one for back up. I also have a cisco firewall.When I run a scan on my network, the scan results return clients that have two diffent IP addresses for one client or server etc.
View 1 Replies
View Related
Jun 27, 2011
I have a DIR-615 rev C1 with the latest firmware (v3.13). I am trying to reserve all the IP addresses in my home network, which includes a printer, 3 computers, a network bridge to a PS3, the PS3 itself, an iPhone, and an A/V receiver. On my network setup page, I can see the MAC addresses under DHCP CLIENTS for the wired Win7 computer, a Win7 computer with a USB adapter, the PS3, the network bridge to the PS3, the iPhone.
[code]...
View 13 Replies
View Related
May 21, 2012
I've created a tonne of dhcp scopes on my routers before never had any issues, however this one will not hand out any addresses at all, i even give the router a reload to see if any magic happened but nothing, ive ended having to put a temp server in with just dhcp installed until i get the router diong what it should my config below, its something simple i havent seen, as ive compared it to plenty of my working DHCP configs and seen nothing.
View 11 Replies
View Related
Oct 8, 2011
I have an unusual deployment scenario which may require the use of a SRP-521W, the scenario is as follows:Temporary Setup:Cisco 857 As the ADSL router until Ethernet Hand-off is installedMultiple IP addresses delivered on the ADSL WAN serviceCisco 857 put into Bridge Mode and connected to SRP-521W WAN portCisco 521W handles the Authentication and RoutingCheck Point Firewall System connected to SRP-521W LAN-1Check Point Firewall has WAN IP 203.XXX.XXX.XXXCisco UC-540W Connected to SRP-521W LAN-2Cisco UC-540W has WAN IP 203.XX.XX.XX If you understand the above scenario, I am curious if this can be done and if so how? I need to keep the networks totaly separate and the only thing they would have in common is the Cisco SRP-521W.It should also be noted that the SRP-521W Is being used because the ADSL service is only temporary whilst the Fibre Build is completed and the carrier provides an Ethernet Hand-Off, then the Internet service will change to this type of presentation and the ADSL router will be relegated to the dark world of loneliness.I have gone through the router and have been playing around with the settings, the issue Is I have nothing in the LAB work up that can allow me to replicate this environment and test it before deployment... So, how to reduce the amount of trail and error I have to encounter to get it to work.
View 5 Replies
View Related
Nov 23, 2011
I would like to configure an 877w I just bought. It's connecting to a UK ADSL2+ link.I'm a penetration tester and I want to put the Cisco router in front of my existing firewall which has an IPS on it, so that it doesn't get in the way of port scans and vulnerability scans. My ISP has issued me with 14 usable addresses a/240 subnet and basically I want to be able to use the route with just the public IP addresses. I have configured Cisco routers before, but never with this type of configuration. It's always been single public IP address NAT'd through to one or two internal LAN's.
It will be nice if I could assign the wireless and fast ethernet ports to the same VLAN using the public addresses. I don't want to use DHCP I'm quite happy statically assigning IP addresses to the computers wireless and LAN interfaces. I am reasonably certain this is possible because not sure how to do it and a little busy at the moment carrying out penetration tests.
View 7 Replies
View Related
Sep 15, 2011
I've put in an SRP-527W for a client and got it working fine. However, it's not connecting using the 5 static IP addresses BT gave me. Where do i input the 5 static IP's on the router that it should connect using?
View 1 Replies
View Related
Jan 21, 2013
I work for a company that recently upgraded to a Cisco RVS4000 router in place of a failing D-Link router. I configured the RVS4000 to utilize the same address space as the D-Link previously did (192.168.0.0 Network Address, 255.255.255.0 Subnet Mask, RVS4000 in Gateway Mode with IP Address 192.168.0.1, DHCP Scope from 192.168.0.101 - 200 managed by the RVS4000) before installing it on the network. I powered down the D-Link as well as the cable modem, then all of the workstations in the office. Then, I installed the RVS4000, powered up the cable modem, and once it was ready, powered on the RVS4000.
When devices connect, the RVS4000 is assigning them an IP address in the 192.168.1.0/24 subnet, instead of the 192.168.0.0/24 subnet. I have verified that the RVS4000's GUI is showing the correct settings, but connected devices are not picking up addresses from the correct address pool. In troubleshooting, I went to each workstation, released and renewed their IP addresses, and they picked up addresses in the correct subnet. I thought everything was solved, but the next day, the same problem resurfaced.
I left the DHCP lease time at the defaul value "0", which according to the unit's documentation should correspond to a 24-hour lease period. I suspect this is why I had to renew the clients' IP addresses the next day (today), but I still don't get why the RVS4000 wants to give out addresses in the 192.168.1.0/24 scope. Could this be a holdover from the factory settings?
Additional Information: I did not set up any VLANs on the network and the office only requires one subnet as there are not a lot of devices connected, nor do we need the traffic segragated. The VPN functions of the RVS4000 work fine. Using the QuickVPN utility, I can access the network and resources on the network remotely without issue.
View 2 Replies
View Related
May 7, 2013
I am in the process of implementing 750 Cisco Access Points acros the business. I need to make a note of the serial numbers and Mac addresses for our inventory before I get these configured and sent out to their relavent destinations. The AP's have have arrived in boxes of 10 (75 boxes). The sticker on the box with the barcode is either covered with a postage sticker, ripped, or my scanner will not scan it becaise it is too small. There is a sticker with the serial bundle which is larger and therefore scanable. Is there a way that I can scan this and get the MAC address and serial number.
I know that this is not a technical question but I don't want too spend the next 3 weeks opening 75 boxes and removing each AP individually and recording it.
View 4 Replies
View Related
Feb 10, 2011
I currently have a asa 5500. is there a way to authenticate based on mac address throught the vpn client. We are haveing problems with useres using there home computers to connect. Yes they are smart enought to install the client and copy the profile.
View 1 Replies
View Related