I have worked on cisco switches only..I want to configure nortel5510 have configured vlan.but Switch Ip address is changing when I am giving ip address to port. and i cant see port ip configuration in show runn also i want to configure loopback.I am configuring switch ip address 192.168.123.1/24 but when I give ip address to port 192.168.120.17/29(PORT IN DEFAULT VLAN) switch ip address changes automatically.I have port 1-4 configured in vlan 1 other ports are in L3 vlan.I want see port ip address details Like we see in cisco (SHOW IP INTERFACE BRIEF ) what is command in NORTEL??
I've just completed a port security project at a site on numerous Cisco switches and all works well, however they have 2 Nortel 5520 switches (which I left until the end) which they would like to lock down. I have logged a message on the Nortel forums and I have heard nothing for days. I just need to lock 2 ports down to the Mac address of 2 computers stopping any other computer being plugged in.
We just installed a hosted VOIP system using Cisco 7900 series IP phones. We are having a strange issue with a few computers where they pull DHCP information from our VOIP provider's DHCP server on the Internet and not our LAN DHCP server.
The switchports areconfigured as: switchport mode access
My rationale behind this is that the phones would use CDP to get their VLAN info from the providers Cisco router and the PCs would just ride on the default VLAN. But this is not the case. Computers randomly keep getting DHCP info from the provider's router. Do I have to use voice vlan x and make the switchports trunks?
We are a business partner of a larger company that gives us a VPN access to connect to one website. It's the Nortel VPN so it's old but it's set to disconnect our Internet when we connect which is really inefficient. I understand why it does that but right now we use two computers, we have one as our main one then another sitting here just for VPN.Does the Nortel VPN work system wide when it disconnects the Internet? Or is there a way to use Ethernet and Wifi and just have the VPN connect over Ethernet and just disconnect the Internet there but keep my local network on Wifi? Or is that not possible? I'm assuming it's not just wondering if there's any alternatives.
For the moment we run a Nortel VPN server at work and I have on my laptop the Nortel VPN client. While I could connect through when I had my Linksys E2000 connected up now I can't after I replaced it with the 5505. (running 8.4(1).) what I should do on my 5505 so I can allow the nortel client to connect out?
We are having one HP core switch and VLAN is configured on it. Four Nortel BES1010(24port) switches will be connected to this HP switch. We need to configure the VLAN tagging in the Nortel switches in order to make deices connected to nortel switches can communicate with devices in the VLAN.
I'm trying to establish a site to site ipsec tunnel between an ASA 5520 and a Nortel Connectivity box. Despite trying a number of different transform sets and IKE setups it keeps failing at phase 1 with:
Information Exchange processing failed Received an UN-encrypted INVALID_ID_INFO notify message dropping.
2xASA5510s (Active/Standby) --->3925 Internet Router---->Internet
Going to:
2xASA5510s(Active/Standby)---->3925 Internet Router A----->ISP (Primary) ---->3925 Internet Router B----->ISP (Backup)
Note: Only one ISP just different speed connections
We're going to be using BGP to the ISP. Our goal is to advertise one subnet via BGP over both links using routerA as the primary and routerB only if it fails. How can should I configure my ASA and the internet routers to accomplish this?
How to configure dynamic VLANs (IP subnet-based) using Nortel JDM? My company is now using port based VLAN and it wastes a lot of time reconfiguring the port to its VLAN everytime their devices moved from one place to another place. So I think using IP subnet-based VLAN might solve the problem?
We have discovered Nortel/HP C-GbE2 switches on our network are sending spanning tree Topology Change Notifications (TCN). The HP switches only have servers connected and no other switches leading to any other network segment so we are not clear why the switches are sending spanning tree TCNs every second. We do not have a support contract. Can anyone on the Cisco side speak to what's referenced on page 5-6 of the attached document? I found the attached document which talks about diabling spanning-tree (page 5-6) in Cisco environment but wanted to consult with an expert before proceding. Document (Configuring Nortel Gigabit Ethernet Switch Modules for IBM BladeCenter in a Cisco Environment Solution Brief.
Currently using Cisco ISE 1.1 to authentication both dot1x and mab from Cisco switches. Both features are authenticating properly.When we use a Nortel/Avaya switch for the authenticator, we are unable to authenticate using mac bypass (non-eap (or neap) in Avaya talk..). The correct authentication policy is found in the ISE, but the mac address is not found in the database. We know it is there because the same mac is authenticating with the Cisco switch. Dot1x authenticates properly from both the Cisco and Avaya authenticators. Could this be an issues with the username/password format in the Radius packet from the Cisco?
How to build dhcpd pools for nortel phones on an asa 5505. This is the config that I'm trying. The results I'm getting are that the pc and the phone both pull addresses from the data pool. If I switch the vlans on the trunk port, both devices pull from the voice port.
We have 2 x Nortel 8600s (now Avaya) that are 6-7 years old. They have 96 1GB ports on each and we only use about 30 and the CPU average is around 2% and memory is 40% (256mb). Going into 8600s we have 8 x Nortel 5520 48port gig switches.
We want to replace the 8600s at some point and I wondered roughly what Cisco device would possible suit us. We are not after the best high end switches that we will never utilise, but ones that will aid us grow for the next 5 years.
I have a Cisco ASA 5510 connected to 2 private lans (1 for my HQ pc's{inside} and 1 for the worldwide mpls{outside}) It is also connected to the public internet at interface "public" and my dmz at "dmz" interface. I suspect I have a routing issue because packet-trace yields allow, the nat looks ok and the objects look ok at least to me but I'm the one with the non working config so...Basically this is the desired flow:
1. I need all traffic from the inside to be able to flow to the outside unimpeded as they are both trusted networks. (this is ok right now as I allow everything via access-list 101.)
2. I need any host on the public internet to be able to reach a server on the dmz via the pat which I set up from the "public" interface to the "DMZ" interface. The desired flow would be that the person on the internet types in [URL] and this is directed to the public interface ip which forwards to the webserver object on the dmz. (I cannot get this working any which way)
3. I need the dmz to be able to communicate with another server on the mpls via the "outside" interface when it recieves the request from the public it then checks with this other server on the outside via nat(translating the dmz range into the ip of the outside interface on the firewall)I have a default route that points to the mpls or outside interface for 0.0.0.0 0.0.0.0 via 10.x.x.1 - (and although I'm not sure I suspect this could be conflicting with traffic that needs to be sent to the "public" interface .... meaning that the firewall should dump packets bound for 0.0.0.0 0.0.0.0 to the public interface - 184.x.x.194 but I'm very reluctant to change the default route as this is in production and I'm not sure how it will affect traffic).However, I do suspect that if I changed the route from default to static as such:
route 10.0.0.0 255.0.0.0 10.x.x.1 (this would get all lan and mpls traffic to the mpls gateway) route 0.0.0.0 0.0.0.0 184.x.x.193 (this would send everything else from public to the public internet gateway)I think this is accurate but then I would bypassing my corporate internet proxy which is behind the mpls gateway at 10.x.x.1? Is there a way to get http traffic originating from the lan (10.x.x.x) to use the mpls gateway and http traffic for the dmz to use the public internet gateway at 184.x.x.193. I don't want to start causing a flow problem for the internet nor do I want to bypass my corp internet proxy.Either way I cannot get this to work, eventhough the logic checks out, I cannot get even a ping response when I allow icmp any any for testing. Note: I can ping resources on each network from the firewall, not only it's own ports in the associated network but other resources on those networks as well.
Here is the running-config:
ciscoasa# sho run : Saved : ASA Version 8.4(1) ! hostname ciscoasa domain-name marcjacobs.lvmh
we have a cisco ASA5510 and our client owns a Juniper device. we already have a vpn tunnel in place between the two locations and its working fine.Now, they have some networks which are in more secure zone, if we add those subnets to the present tunnel we are not able to access them. so what they are suggesting that we can reconfigure the VPN to be a route based VPN instead of policy based OR configure a second VPN tunnel.am not sure of cisco ASA supports route based tunnels???.. Can we create a 2nd tunnel between the same devices ( asa5510 and thei juniper device) as the IP remains same, only the internal remote networks will change for me. do i need to make any changes to the present tunnel??
I am attempting to set up FTP behind this new CISCO ASA 5510 we just bought. I haven't configured a cisco device in 5 years, so I am having issues., i think i am close. If I FTP from outside (fixed) IP it connects and takes the password but hangs on PASV and gives no data connection below is my configuration. It is simple since I seem to have the connection inside correct. and yes you can connect to the FTP server from inside without issue.
I have one Asa 5510 with base license. now we wish to add one back up ISP for VPN fail over, is this possible to configure backup ISP with this ASA 5510 and how ?
Check ASA features
Cisco Adaptive Security Appliance Software Version 8.2(2) Device Manager Version 6.2(1)
Compiled on Mon 11-Jan-10 14:19 by builders System image file is "disk0:/asa822-k8.bin" Config file at boot was "startup-config"
We have some users who use citrix outside corporate network through citrix web interface.These users are high priority users and we want to prioritize the citrix traffic. I want to make sure that my configuration will fullfill our requirements. Below is the configuration i was thinking to implement.:
ASA(config)# priority-queue outside ASA(config-priority-queue)# exit ASA(config)#access-list CTX-QoS extended permit tcp any 10.1.1.200 255.255.255.255 eq https ASA(config)# class-map CTX-QoS-CMAP ASA(config-cmap)# match dscp ef ASA(config-cmap)# match access-list CTX-QoS ASA(config-cmap)# exit ASA(config)# policy-map CTX-QoS-PolicyMap ASA(config-pmap)# class CTX-QoS-CMAP ASA(config-pmap-c)# priority ASA(config-pmap-c)# exit ASA(config)# service-policy CTX-QoS-PolicyMap interface outside
I am not seeing the IKE Policy configuration screens while configuring IPSEC VPN on ASA 5510. (Using ver 9.1(1) / ASDM 7.1) following the wizard after step 8, I am expecting the screen where you configure DES/3DES ,etc the screen does not show up - Have the right (3DES) licence.
I have created the following config for an ASA 5510. I implemented a DMZ on it. Is this config as secure as I can get it. I want the web server in the DMZ to only be able to access port 80 and 1433 on the SQL box inside.
I’m intending to establish a VPN connection between Nortel 1140E phone behind a ADSL router and a Cisco ASA 5520.can any one confirm to me if the vpn client on the Nortel 1140E phone is compatible with Cisco ASA
We have 3 Nortel RG 9150 remote PBXs installed at a branch location, and they have been functioning well for years plugged into 3Com 4500 10/100 switches. These switches have a very basic configuration; nothing special. We are transitioning over to Cisco 2960 switches with very basic configurations. The problem is that when we plug the 9150 into the 2960 switch, the RX light flashes like it should, but the TX light only flickers intermittently. We cannot ping it from the switch or local router. Everything in this building is in VLAN 1. I've tried turning on full duplex on the 9150 and/or hard-setting the speed/duplex on the 2960 switch. The company that maintains our 9150 sent a guy out who was completely puzzled by this too. In some ways this seems too basic to be a problem, but it is. The twist on this problem is that the 3Com switch, which the 9150s are plugged into, is connected directly into the Cisco 2960 that I can't make them work on. Plug them into the 3Com, they work; move them upstream to the Cisco, and they stop, even after I reboot them.
Here are the port configs of the 3Com and Cisco switches.
I have a customer that wants to change their Nortel 5520 switches to a Cisco solution, and I wanted to ask what would be a good solution for this customer. presently they have 4 48 port PoE and 2 24 port PoE stackable 5520, and they are interested in redundant power supplies for the switches. I was thinking that the 3750 is good for this site.
BTW, the ASA is running version 7.0 (8) and I'm doing this through the command line.I've got a group of workers coming in a couple times per week that need wireless access to 1 printer on our network and internet access; I'll deny them access to the rest of our LAN.I've already configured an AP with WPA2 on a seperate subnet and put a router between it and our network. I've setup the router to apply an ACL to allow access to the printer's IP, deny to the rest of our main subnet, and permit everything else to go to our ASA 5510 that is serving as our gateway. From a laptop connected to the access point:I'm able to ping the printer's ipI'm not able to ping other workstations or our servers, as intendedI'm able to ping the ASA's inside interface The only part I can't seem to pull off is the final part of getting the ASA to translate the IP's from the new subnet to the outside interface.
So we have:
Laptop > Wireless AP > Router with ACL > Primary LAN > ASA5510 > internet
PAT is working fine for the primary LAN, but the laptop can't hit the internet.
i want to configure asa 5510 to send syslog messages to syslog server which i placed in my inside interface. also if enableing syslog will inrease the cpu utilization or memory? the necessary configuration parts?
I have been struggling to come up with the proper config to do a NAT of an incoming VPN tunnel to a VLAN on my network. I have an ASA 5510 with an IPSEC site-to-site tunnel to a partner network of 166.110.0.0/17.I have several VLANs on the ASA interface behind a cat4500 router (192.168.100.024, 172.16.4.0/24, 166.110.128.0/22 etc). The only network that the partner network sees is the 166.110.128.0/22.My problem is that I need to give them access to a node on my 192.168.100.0/24 net, but can't get the admin on the other side to add a route and adjust his tunnel.
creating a DMZ with my current configuration. Most of my configuration has been through the ASDM as I am still learning. I'm looking for a good tutorial through the ASDM to get me on my way. What I need to accomplish is this:
I have an internal GIS server which needs to have a constant database connection to an remote GIS Server which is already configured. I've got a separate VLAN setup on my 3750 switch which connects to the DMZ configured port on my ASA with a security level of 50. My GIS server has been placed in the DMZ VLAN which is accessible from my internal clients. I have a /30 Internet block which is being used for Internet and VPN. I have a separate /28 block that I'm assuming I'll need for the DMZ to work properly.
I'm working on getting a ASA 5510 set up and am having major difficulties. I'm really new to ASA and coming over from Microsoft ISA. Below is my configuration, how to get this all sorted out. As of nwo it doesn't appear that any traffic is going through whether it's incoming or outgoing. [code]