Routers / Switches :: ACL List Not Working As Expected?
Mar 29, 2011
access-list <#> permit/deny <protocol> <sourceAddress> <sourceMask> <destinationAdd> <destinationMask>Say I applied an ACL inbound on Fa0/0, would the source address be the outside the LAN?So if took the same ACL and applied it as outbound, would the source need to be change to an IP inside the LAN?I am a bit confused by the data flow I'm seeing in packet tracer simulation mode to. I set up an ACL for testing purposes "access-list 199 permit ip 193.20.30.0 0.0.0.63 any" set as inbound, the idea being it permits any traffic from the .0 subnet.When I watch the packet in the simulation, it makes it to the destination address then is dropped by the router on it's way back out to the sender.
View 4 Replies
ADVERTISEMENT
Dec 18, 2011
I have an extended acl on my VLAN interface in bound and it is working like I need it to, securing one side of my network from the other allowing only what I want from my desktops to my servers. The acls look something like this:
vlan70 -----> inbound acl (allows 80/443) ---> vlan100
I need vlan100 to have access to something on vlan70 now and I cannot get it to work. My question is would this work?
vlan70 -----> inbound acl (allows 80/443) ---> vlan100
vlan100 <----- outbound acl (allows 9100) <---- vlan70
Traffic is initiated from vlan100 not from vlan70 then back through so an established rule does not work. Also there are many more ports open in my inbound acl but this is simplified for ease of reading.I want to make sure if I place both an inbound and outbound rule on my vlan and that it is in the right place, both on the same vlan.
View 1 Replies
View Related
Nov 22, 2012
BGP prefix list is not updated when other party having new downstream with different AS number.BGP filter has disabled but the prefix list is still not updated.BGP soft reset is performed, but the prefix list is still not updated.BGP prefix list is only updated when the other party having new prefix with the same AS number.Can explain why?
View 1 Replies
View Related
May 29, 2012
I have 10 new AIR-CAP3502I-A-K9 connected to a WS-C3750X-48PF-L switch. 8 of the APs power on and connect perfectly, but two are problematic. Both devices are granted power, but they never go past the stage of getting power from the switch. A look at POE shows: [code]
Where the AP that is not working is connected to Gi1/0/4. The interface shows down/down. I've tried shutting the interface, removing power, cdp etc.
Are there any other tricks you can think of to get it working or would you say that it's 2 faulty APs? I am not based at site unfortunately so I cannot console to the APs and check them out.
View 5 Replies
View Related
Jan 20, 2012
I have a CSS 11503 with a basic content rule for TCP 10000 going to a few backend servers. I was looking into the default timeout values for flows and when testing using telnet the flow didn't terminate as expected?
For example, i have no 'timeout multiplier' specified in the config and when i look at the output of 'show flow-timeout default' it tells me the default 16 seconds timeout is in effect for *. With that in mind, i telnet to the content rule vip on TCP 10000 and on the backend server using wireshark i can see the TCP threeway handshake. With no data passing i'd expect the CSS to terminate this flow after 16 seconds.. yet it takes exactly 128 seconds before wireshark shows the RST and the flow is terminated. 128 being 8 times the default 16 second flow timeout.
If i try to force the connection to close early by specifiying 'flow-timeout-multiplier 2' in the content rule, or even a multiplier of 40, it still waits 128 seconds to close the telnet connection.
View 1 Replies
View Related
Oct 28, 2012
I'm trying to test such 802.1x wired environment:windows xp sp3 as supplicant windows NPS as radius server 2960 as authenticator latest anyconnect (3.1.01065) + nam and standalone profile editor.I have a question: What is the difference between protected identity pattern and unprotected identity pattern (set in nam profile editor)? As I understand documentation PEAP-MSCHAPv2 is a tunneled method and it uses un- protected identity pattern to protect user's identity during phase 0. But if I use any fake identity here (anonymous, anonymous@[domain], etc) access is rejected (Access-Reject in switch debugs). I have to use exacly the same pattern in unprotected identity pattern as in protected identity pattern ([username] or [username]@[domain]) to gain access, regardless of authenticaton mode (same in machine only, user only authentication).
View 1 Replies
View Related
Jun 25, 2011
I'm trying to set up 2 separate networks in my home, both of which have access to the internet through a single ISP.I have set up my networks using 2 routers as described in the "Version 2" scenario found here: url...The problem is, a computer connected to the LAN side of Router 2 is able to ping and map shared folders on computers connected to the LAN side of Router 1. According to the writeup (last paragraph), this should not be the case.I have been over the setup multiple times to ensure it is per the writeup but each time, I am able to ping and map.Is there some additional router/computer settings that I may be missing?FWIW, here's my take on what is happening (with the ping): When a computer on the LAN side of Router 2 (submet 192.168.1.x) does a ping to a computer on the LAN side of Router 1 (subnet 192.168.0.x), Router 2 sends the request to its Default Gateway (since it's a different subnet).Router 1 however, recognizes this as its LAN side subnet and forwards the request to that computer. The ping response is then routed back from Router 1 to Router 2.
View 10 Replies
View Related
Aug 30, 2011
My office pc internet ADSL router is connected on USB port and office intranet router is connected to LAN post throuh a CAT-5 cable.Both have different gateways.I have manually configured both USB and LAN but internet and intranet does nt work together.I am required to disable one connection to connect the othet one.I want to remotely connect to my office pc and work on intranet( oracle database) .i connect through team viewer but as internet is on,intranet does nt open.i tried to add intranet gateway throuh command line also but it did nt work.office pc is xp ..home pc is vista..
View 9 Replies
View Related
Feb 26, 2012
ive been having some issues with my internet, i had an attack on my pc recently by some american orginization, ive reinstalled new windows on my pc, reset my modem, and nothign seems to work, i have too many tunnel adapters in cmd ip config i think, bell canada hooked up my internet lines and they actually joined two or more wires together and strung them up on the neighbours fence and mine and even wrapped it around a tree branch, god knows why they would even do that, maybe they think when the tree grows it will cost me money to fix it and theyll earn from thier mistakes instead of learn from them... anyway this is my ipconfig test results as explained in previous post from someone.Windows IP Configuration[CODE]
View 1 Replies
View Related
Feb 8, 2011
I have Windows 7 x64 and I'm using ICS to share my internet connection (cable-modem router from Comcast) with another 4 computers in my LAN.Today I decided to install a VPN free program called HOTSPOT SHIELD, and after installing it I can browse fine the Internet with this main computer, but the others in the LAN lost internet connection, although File-sharing still works fine and I can see the Networked computer in Windows Explorer or access them remotely with Remote Desktop Connection.I noticed that the Hotspot Shield program added several routes to my routing table, most of them in the IP-Range 10.31.X.X with a Mask of 255.255.248.0so this virtual Network-card that is created has a VARIABLE IP address 10.31.X.X, the first time I monitored it was 10.31.40.20.
View 6 Replies
View Related
Dec 6, 2011
The modem Time Warner gave me several years ago was dying, I took it in, they gave me a Cisco modem, I plugged it into the computer, works fine, so then I plugged it into my airlink 101 wireless router, the computer recognizes the router but says there is no internet access, i.e. the modem and router are not communicating. Why would change of modem cause lack of communication with the router, is there something different about modems now compared with roughly 5 years ago? And what can i do to fix it so i can have wireless access again? If it matters, I have no protection on my wireless (because I never figured out how).
View 1 Replies
View Related
Nov 27, 2011
I have had the Netgear 3300 Dual Band for three years. Everytime I wanted to access using my laptop, I had to choose between 2.4G and 5G connection. For about a month now, the 5G does not show up. It doesn't show up as a network to select no matter what device I use. I have reset the router and updated the firmware. Both connection lights are blinking. I recently purchased and IPhone 4 and still I do not have the option of selecting 5G.
View 4 Replies
View Related
May 21, 2006
I am trying to use deny mac acl in the 4500 series switch runnning cisco IOS but the command seems to be not working.
Here is the command,
mac access-list extended ABC
deny host 0001.8052.25FF any
int f4/11
mac access-group ABC in
Is there anything I am missing or is it a bug.
View 4 Replies
View Related
Sep 5, 2012
Extended IP access list VLAN20
10 permit tcp any any established
11 permit icmp any any
20 permit tcp any 192.168.20.0 0.0.0.255 eq 80
30 permit tcp any 192.168.20.0 0.0.0.255 eq 443
40 deny ip any any log
[code].....
Above is the network diagram and access list for VLAN 20 and VLAN 30, applied on incoming direction of each valn.But still able to access other port which is not on access list, tried changing the direction with no luck.Inter vlan routing is enabled on CoreSwitch default router is 192.168.10.10
View 5 Replies
View Related
Feb 19, 2013
Since a couple of weeks I have a linksys EA6500. When I go to the device list to see which devices are online the device list is not displayig the correct data. I see devices online that are offline and also devices are offline that are at the moment online. When I try to delete a device that is offline in the list I get error 2315. I have that error in the local and cloud interface. The list has a frozen state from a particular moment.
When I reboot the router then all devices in the list have status offline and the device list stays that way. Nothing gets online anymore or will be added. When I reset the router to factory default all keeps working without problems for approximately 24 hours and after that the problem occurs again. The list freezes again and you are not able to delete a device.
I searched the forums but no one has this problem. I only can find a post that describes my problem but for them a reset worked. In my case a factory reset works also but the problem keeps coming back.
View 9 Replies
View Related
Nov 23, 2011
Not sure why the N7K M1 card doesn't take this command. It works on other N7K at different site. [code]
View 1 Replies
View Related
Jul 15, 2012
I have 3 3560 switches which are configured with trunks between them. They run vlan 10, 11 & 12. I have a 'core' switch (switch 1) of these 3 to which an MPLS router is connected on vlan12. I in addition have another switch hanging off the 'core' switch via a routed link (switch 4). I have EIGRP configured as a stub and as such the IP address on the routed link at the core switch end is of a /24 from v lan 1 on the other switch. This makes the route directly connected and therefore distributed via EIGRP stubs. Switch 1 is then exchanging routes with the MPLS router (via EIGRP).
The problem I have is that from any sub net on any switch (switch 1, 2 or 3) I can ping 192.168.13.1 (switch 4). When I try and ping switch 4 from over the MPLS I am unable to. If I trace to the switch I see it reaches the outside of the MPLS router, but is then unresponsive. The same applies if I try to ping switch 1 on 192.168.13.2. Any of the other IP addresses of switch 1 respond.
The MPLS network is a managed solution to which I have no access. I'm told that the MPLS provider is able to ping switch 1 & switch 4 on the 192.168.13.x addresses from a remote router (192.168.32.2). I have tried from a switch on the same L2 sub net (192.168.32.1) and I don't get a response.
From switch 4 I am able to ping the switch on 1 of it's interfaces (192.168.19.1), but not the interface I mentioned above 192.168.32.1. There are no access lists in place on the switches and no firewalls between the sites.
View 22 Replies
View Related
Jan 17, 2012
I'm paying for 18 Mbps download speed, and my laptops and one desktop get this speed, but the computer from which I write only gets 5 Mbps. He didn't know why.I'm pasting my HJT and DDS logs, and attaching Attach.txt. Ark.txt will be copied to this also.
[code]....
View 4 Replies
View Related
Mar 21, 2012
I have two 5548's in sync mode: I have an existing ACL and I want to add a new line to it, but after I do and try to commit it states the verify failed. [code]
I have to add access list to both switches not in config sync mode.
View 1 Replies
View Related
Apr 22, 2013
Have a rv042g, newest firmware, trying to setup one to one nat on the configs page, I select enable, enter private ip , enter public ip, enter the range, and click "add to list" and nothing.... no error message, doesn't add to the list below it
View 1 Replies
View Related
May 12, 2011
I am doing some really rough budget numbers. What can I expect for a life cycle on some Cisco gear like a 2801 router and a 48 port PoE switch? Is 4 years pushing it too much? We usually don't upgrade unless something breaks.
View 15 Replies
View Related
Aug 22, 2011
Usually, when I connect to nearby game servers I would have 10 - 60 ping. However, recently my NETGEAR CG814WG stops working randomly (The lights are all on, I can connect to it, but there's no internet connection) and I have to reboot it. (I had this router for a bit longer than a year, by the way)Currently I get around 80 - 300 ping connecting to servers in sydney. Ping directly from my router:
Ping statistics:
Pings sent: 25 (4 per second); Replies received: 25 (4 per second)
Bytes sent: 1600 (266 per second); Bytes received: 1600 (266 per second)
25 replies passed verification (0 failed)
Min time: 10 ms; Max time: 400 ms; Avg time: 132 ms; Total time: 6090 ms
When I reboot the router it has low ping (~30) for a minute or two but then the ping increases.
View 1 Replies
View Related
Feb 5, 2013
We have a wifi router RV220W and we need to filter the mac address. The problem is that the number of the "allowed" devices is around 50 (not all connected at the same time), but the maximum number of mac address which can be listed in this router for each VLAN is 20, so for the moment we set 3 VLAN, each one with a different mac adderss list. This is very awkward because the area to be covered by the wifi network is large and we need repeaters, but having 3 VLAN we should put 3 repeaters for each point. Is there any way to configure this router in order to have a single VLAN but with a mac address filter list of 3 x 20 mac address?
View 1 Replies
View Related
Nov 16, 2011
it would be possible to configure a White list on the SRP500 URL filter. In other words the customer wants to specify allowed URL's and all other URL's must be blocked.
View 1 Replies
View Related
Jul 2, 2012
I've got very basic problem but I cannot find the solution... I am sitting on the Cisco 4948E switch. And, I wanted to allow to guys who have not enable password to issue command sh running-config.I used the the following command to do that:SW4948E(config)#privilege exec level 1 show running-config.
View 3 Replies
View Related
Nov 29, 2011
which current SB routers support these features known from RVL200 and RV0XX v. 1.X?:
Block MAC address on the list with wrong IP address
Block MAC address not on the list
View 1 Replies
View Related
May 7, 2012
What signal strength should I expect when in the same room as the e4200 ?I'm checking signal strength with iStumbler and with option-right click on airport menu icon on my Mac.I'm getting a signal strength of about -55 while in the room with the router.What signal strength should I expect while in the same room, no physical obstructions, etc. ?
View 6 Replies
View Related
Dec 17, 2012
I have a Belkin N750 router which I purchased because the box said it had filtering options. I didn't realize that the filtering was only sites that Norton kept track of. There are certain adware sites I know about that I would like to filter. Possible with this router?
View 5 Replies
View Related
Feb 23, 2013
I have a Wireless N router model F5D8236-4 v2 (01) with firmware 2.00.04 (Nov 12 2008 10:51:08) and it's not showing all issued wireless or Wired IP addresses in DHCP Client List.
They all have IP addresses and connect to the internet through the router, but in the router administration page, they're not listing. The Windows devices all show but most of the Mac devices are not, nor is my XBox 360.
My reason for investigating this is because the router seems to keep losing the Mac devices and a router reboot fixes it, but it shouldn't have this problem because all the Windows devices just seem to work.
According to the support page I have the latest available (dated November 12, 2008 which really seems kinda old to me for a Wireless N router). Are there any plans for a new firmware offering for this modem or have you already deprecated it as "legacy equipment"?
View 1 Replies
View Related
Oct 30, 2012
Region : UnitedStates
Model : TL-WDR3500
Set this up last night and it went very easy with the excellent instructions. Transfer rate from computer A to computer B (wired) of a 1 gb file was 12 mb/s and that was from SATA 3 to SATA 3 discs. Using a gigabyte router those values were 55.5 mb/s. Even though this router is only 10/100 that speed is unacceptable. Is there a tip to increase that speed to an expected and reasonable value?Also, the router just quit for no apparent reason and needed a reboot. What are common causes that I might look into to see why this happened.
View 4 Replies
View Related
Jan 17, 2013
Why the below configuration does not work? BGP exchanges routes without a problem all the time the distribute list is removed from the config. When I apply the distribute list it blocks all routes, not just those intended in the prefix list.
[CODE]....
View 2 Replies
View Related
Jan 29, 2011
I want to setup an home network with a wireless router and use multiple switches for wired connections through out my home. I currently have an Airport extreme hooked up to a cable modem and a leviton gateway hooked up to the Airport. The 2 computers connected to the Leviton are on a windows 7 homegroup and share fine, but won't share or discover any wireless device connected to Airport. My main goal is to have a wireless/wired network with all computers sharing information with each other. I want 2-3 wired switches/gateways with a min of 2 devices connected to each, connected to my wireless router whiich is connected to cable modem.
View 3 Replies
View Related
Apr 23, 2011
how to connect two subnets with two switches and one router using router sim software?
View 1 Replies
View Related
