Not sure if this is the correct place for this question but I figured I give it a shot.
I'm running a new info sec education program where I get to build out a classroom how I would like it set up. I would like the students to be able to sit at a desk, plug into a panel, and connect to a set of servers/Cisco devices on a rack near the back of the classroom.
The reason I came here is that when I was in a Cisco Networking class once, the classroom had these cable channels or patch panels built into the desk that allowed us to connect and move between multiple ports (such as a different console ports) . I was hoping someone here would know what I was talking about and provide a specific place to find them since I have to show my contractor person exactly what I wanted. Even a more official name would be helpful. I've tried googling but came up empty on anything specific.
I appreciate the help!
After poorly researching a purchase, i now have one of these DS-C9100, i bought it expecting it to be Ethernet but obviously its not.
I don't expect to be able to resell it for what i bought it for so i'm wondering if i can make use of it.
I bought several QLogic cards at the same time so wanted to know if i can put FreeNAS (or something) on my NAS server (Dell r510) and share the data to all my other systems over the FC.
this would be far faster then my current 1gbps ethernet
I recently upgrade my cisco ucs c220 m3 to 3.0, however; the upgrade, my storage drives are appearing as missing and the cisco flexflash internal failed is coming up as failed. I found steps to re-acknowledge the drives, however; the steps don't match the ucs manager gui.
Is there a way to get the storage drives re-associated again?
Just wanted to know how much time it takes for the asa to come up and be functional once I hit reload. Is 5 mins a realistic estimate in an enterprise? The model is 5555. I have couple of ASA clusters in Active/Standby to upgrade from 9.8 to 9.9, so wanted to get an estimate.
If there is anything, what is the command that will show me what interfaces are in a port channel (etherchannel) 1 or 2, for example?
Appreciate any help. Thanks.
I cannot for the life of me get POE working. Some details:
Is there some global command that turns on or off POE functionality? It looks like every port is set to auto if I check the status. I'm at a loss.
Is there a way to get a quantity of ports in certain vlans (show vlan brief) via cisco IOS? Or does this require some kind of API and scripting language to do?
Or could I export IOS output as csv somehow and parse it in Excel?
I've got a site-to-site IKEv2 tunnel between my client's 3900 router and a vendor's ASA firewall. The tunnel is up and looking good. Router interface setup looks like this:
Gig0/0.1 - LAN IP 10.53.17.1, connects to LAN switch at 10.53.17.2 Gig0/1 - Ip 172.31.172.2. WAN side connected to firewall.
I am trying to figure out how to NAT traffic inbound from them to a particular internal IP address, as they cannot route directly to the destination due to conflicting subnets.
The IP on the vendor's side of the tunnel is 10.184.1.241. The IP on my client's side that they are trying to hit is 172.16.24.95, which is behind another vendor's router. I do not believe this is relevant to the issue, as we already have proper routing to this IP via the primary LAN. The client's primary LAN is 10.53.17.0/24.
So essentially, the traffic would go like this:
10.184.1.241 --> 10.53.17.x(arbitrary IP in subnet) -NAT--> 172.16.24.95
My understanding is the vendor would need to send traffic to an IP on the LAN, then I NAT that particular traffic to the destination endpoint IP 172.16.24.95. I am going through the cisco NAT documentation, but I have not been able to find how to specify NAT traffic from a particular source IP to a specific destination IP. I cannot interrupt all traffic to 172.16.24.95 because other users at my client's site access that IP directly now.
Am I missing something, I can't seem to get this switch to recognize stackwise virtual commands.
C9500-24Y4C iosxe: Version 16.8.1r
Switch#show license right-to-use
network-essentials Permanent Lifetime network-advantage Permanent Lifetime
Is there any way to use a EtherSwitch module (SM-D-ES3G-48-P) without using a 2900/3900 series router?
Is there a supported/ unsupported chassis or hack to just run the module as an independent switch?
I have this currently running in a 2921 router but am planning to retire the router.
-----------------[ Rule: GEOBLOCK ]----------------- Action : Block Source Networks : ALL_CONTINENTS_EXCEPT_US_AND_INDIA (208 countries) Destination Networks : Private Networks (*.*.*.*) URLs Logging Configuration DC : Disabled Beginning : Disabled End : Disabled Files : Disabled Safe Search : No HTTP Header Injection : none Rule Hits : 296 Variable Set : Default-Set =======[ Rule Set: root_category (Built-in) ]======= ===============[ Advanced Settings ]================ General Settings Maximum URL Length : 1024 Interactive Block Bypass Timeout : 600 Do not retry URL cache miss lookup : No Inspect Traffic During Apply : Yes Network Analysis and Intrusion Policies Initial Intrusion Policy : No Rules Active Initial Variable Set : Default-Set Default Network Analysis Policy : Balanced Security and Connectivity Files and Malware Settings File Type Inspect Limit : 1460 Cloud Lookup Timeout : 2 Minimum File Capture Size : 6144 Maximum File Capture Size : 1048576 Min Dynamic Analysis Size : 15360 Max Dynamic Analysis Size : 2097152 Malware Detection Limit : 10485760 Transport/Network Layer Preprocessor Settings Detection Settings Ignore VLAN Tracking Connections : No Maximum Active Responses : No Maximum Minimum Response Seconds : No Minimum Session Termination Log Threshold : 1048576 Detection Enhancement Settings Adaptive Profile : Disabled Performance Settings Event Queue Maximum Queued Events : 5 Disable Reassembled Content Checks: False Performance Statistics Sample time (seconds) : 300 Minimum number of packets : 10000 Summary : False Log Session/Protocol Distribution : False Regular Expression Limits Match Recursion Limit : Default Match Limit : Default Rule Processing Configuration Logged Events : 5 Maximum Queued Events : 8 Events Ordered By : Content Length Intelligent Application Bypass Settings State : Off Bypassable Applications and Filters : 0 Applications/Filters Latency-Based Performance Settings Packet Handling : Disabled
Hey everyone, I have been stuck getting my locally created CUCM accounts to properly connect with Jabber and I have been stuck on this issue for almost 2 weeks now. I have a localized VM subnet with a CUCM on a 10.1.2 IP along with 2 Windows VMs with Jabber installed. It is basically a test environment I am using to learn more about the product. I follow the proper procedures where you create a End user and then follow up with creating a phone profile and then assigning the phone profile with the end user. The problem arises when logging into Jabber with these new accounts. After specifying the server (the cucm ip) and then proceeding to the login window and providing the correct credentials, I am stuck with a "cannot communicate with server" issue. Is there a solution to this? Thank you
Hi all - I have a TAC case open for this but I'm not making as much progress as I would like.
Over the last few weeks, the fans on our UCS chassis would spike to 100% for a short period of time, usually between 2 and 5 minutes. Last week they spiked to 100% and stayed there so I opened a case.
The system is not reporting any faults, including thermal. The tech on the case could see from the tech-support files the I2C bus was congested and suggested I reseat the fans, PSU's and IOM's on the chassis. Doing so fixed whatever the issue was and fans returned to there usual levels.
The next morning I come in and the fans crank up to 100% again. I asked the tech what is causing this, but the response I'm getting is "There's no fault" which doesn't really help me.
I can see that I'm not the first to suffer this, but most threads just suggest reseating the internal components and moving on. Due to the frequency that the fans are hitting 100%, I can't see that being a long-term solution.
We've had the chassis in place for 5 years and it's only just starting doing this, and I haven't changed anything recently including firmware (currently 3.1(2e)).
I wondering if there's way of finding out what is causing the congestion on the IC2 bus. Off the top of my head, it could be something to do with our configuration of the system, a fault with a component or a bug. I'll schedule a firmware upgrade in the next 4 weeks since we are admittedly not at a recent release.
Any wisdom that could be shared would be greatly appreciated :)
Cisco Catalyst 4948
C4948.sw1#sh ver Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 15.0(2)SG11, RELEASE SOFTWARE (fc2) ............ ROM: 12.2(31r)SGA4 Dagobah Revision 226, Swamp Revision 5 ........ System image file is "bootflash:cat4500-ipbasek9-mz.150-2.SG11.bin" .......... cisco WS-C4948 (MPC8245) processor (revision 0) with 262144K bytes of memory. Processor board ID FOX11050E6F MPC8245 CPU at 266Mhz, Fixed Module Last reset from Reload 2 Virtual Ethernet interfaces 48 Gigabit Ethernet interfaces 511K bytes of non-volatile configuration memory. Configuration register is 0x2102
I would like to setup ssh public key authentication.
Manual says add the public key for a username, using "ip ssh pubkey-chain "
But device doesn't know about this command
C4948.sw1(config)#ip ssh ? authentication-retries Specify number of authentication retries dscp IP DSCP value for SSH traffic logging Configure logging for SSH precedence IP Precedence value for SSH traffic source-interface Specify interface for source address in SSH connections time-out Specify SSH time-out interval version Specify protocol version supported
Tell me, please,how can i do this?
p.s. sorry for my english, I'm not native ^)
Hi all, I can't seem to wrap my head around this and get it working.
I have 2 Cisco ASA's connected directly together with a /24 and behind each is a private network.
I cannot expose the ASA's transit network to the internal routing tables behind each ASA, so therefore need to NAT into and out of the ASA.
So say I have named interface inside and outside on each ASA with the outside network being 192.168.10.0/24 and behind ASA1 is 10.1.1.0/24 and behind ASA2 is 10.2.2.0/24
Behind each ASA will be servers that need to be accessed from the other network.
What should my NAT rules look like to; for example
Server behind ASA2 at 10.2.2.20
Users behind ASA1 will access it by going to 10.1.1.20
What should my NAT rule look like on each side to allow users in 10.1.1.0/24 hit a web interface at 10.1.1.20.
I have configured Firepower before but it's always been the L-ASA5506-TAMC-3Y license. I have a customer who wants us to enable just IPS on a 5506 they purchased on their own, and they believe that since the model is listed on the invoice as "Cisco ASA with FirePOWER Services" that their 5506 includes Firepower's IPS. I'm not clear on if the 5506 includes IPS by default, or if it requires purchasing L-ASA5506-TA-3Y in addition to the ASA. The customer also does not have the PAK number that came with the ASA when it was originally purchased.
Does anyone know if we can get IPS working as-is, or will the customer need to purchase the L-ASA5506-TA-3Y license?
I have a 1921 router at a branch office doing basic NAT + EzVPN. The WAN side of my router is plugged into the LAN network of another company (our office is in their office, so we're using them for Internet).
There's a copier on their LAN at 10.0.0.202 that I want users behind my router to be able to communicate with. The issue is that their IP space (10.0.0.0/24) overlaps with IP space elsewhere in my network associated with a VPN SA so when the router receives traffic destined for it, it sends it over a VPN tunnel instead of sending it out its' WAN port.. The router itself can ping the copier, but nothing behind it can because that traffic is being sent over our VPN tunnel.
What I'd like to do is designate a local IP on our LAN subnet and statically translate that to the copier's IP, so for example my LAN is 192.168.165.0/24 and I'd like to designate 192.168.165.10 and have the router NAT that to the copier's IP of 10.0.0.202 so devices on my LAN can use that IP to talk to the copier. How can I accomplish this?
I'm configuring static NAT entries for a host on the internal network so the outside world may access the server. Since there are some port ranges, I decided to use a route-map. In the route-map I defined an ACL that has the allowed ports for the web server. However, when I run the commands not only are the ports that i defined open, but everything that the web server responds to is now accessible from the outside. I'm completely stumped, and can only think there is some type of bug with the route map. Please see below for config.
ip access-list extended NATTED-PORTS
permit tcp any any eq 443
permit tcp any any eq 6000
permit udp any any range 7000 8500
route-map NATTED-PORTS permit 10
match ip address NATTED-PORTS
To be clear port 9000 is accessible from the outside, and as you can see not defined in the ACL.
I inherited an Aironet 1600e WAP for my home lab, and I'm not sure what the actual practical difference would be between the two available antennas.
I know the higher the dBi, the more squished the pattern, but what I don't know is what that will mean in practice. I'll be in a 900 sq foot apartment for the next few months, but might move into a house after.
I have two DMPS3-300-C-AEC in two conference rooms. Each DMPS is connected via POTS to a Cisco SPA122. Recently users have reported that sometimes the callee can't hear the caller. I haven't been able to reproduce the issue, and they haven't been able give me much information about it. Apparently it happens quite frequently in both rooms. There is nothing in the program that would cause this, so my guess would be that it's the setting on the SPA122. I also have two other rooms that are using Tesira Fortes and they have no issues. Are there any known quirks or weird settings that need to be applied for this configuration?
Any help would be appreciated as the client is getting quite impatient with this install.
I need to upgrade to 10gig from my core switch cat6509 to new 3750x access switches over MMF 50micron om3 fiber. They are almost 300m in distance.
I was thinking of getting this 16 port line card for 6509 WS-X6716-10G-3C.
I am unsure of which transceivers to order for the new line card and 3750x access switch fiber module. (Gbic & sfp)
Can anyone point me in the right direction?