Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
9

Cisco Classroom Desk Set-up

Not sure if this is the correct place for this question but I figured I give it a shot.

I'm running a new info sec education program where I get to build out a classroom how I would like it set up. I would like the students to be able to sit at a desk, plug into a panel, and connect to a set of servers/Cisco devices on a rack near the back of the classroom.

The reason I came here is that when I was in a Cisco Networking class once, the classroom had these cable channels or patch panels built into the desk that allowed us to connect and move between multiple ports (such as a different console ports) . I was hoping someone here would know what I was talking about and provide a specific place to find them since I have to show my contractor person exactly what I wanted. Even a more official name would be helpful. I've tried googling but came up empty on anything specific.

I appreciate the help!

3

Fibre channel, DS-C9100

Afternoon,

After poorly researching a purchase, i now have one of these DS-C9100, i bought it expecting it to be Ethernet but obviously its not.

I don't expect to be able to resell it for what i bought it for so i'm wondering if i can make use of it.

I bought several QLogic cards at the same time so wanted to know if i can put FreeNAS (or something) on my NAS server (Dell r510) and share the data to all my other systems over the FC.

this would be far faster then my current 1gbps ethernet

thanks

7

Where to NAT? Where to run BGP? Check out our latest tutorial presenting the dual ISP with BGP - NAT Configuration.

7
comment
9

Storage Drives "Missing"

Hello,

I recently upgrade my cisco ucs c220 m3 to 3.0, however; the upgrade, my storage drives are appearing as missing and the cisco flexflash internal failed is coming up as failed. I found steps to re-acknowledge the drives, however; the steps don't match the ucs manager gui.

Is there a way to get the storage drives re-associated again?

https://i.redd.it/arnuttxxzx911.png

https://i.redd.it/7vuafumxp1a11.png

12

HSRP question

What is the difference between commands "delay # and standby preempt delay minimumum #" ?

i know the significance of standby preempt delay minimumum #, but not the exclusive command "delay #. " applied at hsrp interface level.

12
4

Time taken for cisco asa upgrade?

Just wanted to know how much time it takes for the asa to come up and be functional once I hit reload. Is 5 mins a realistic estimate in an enterprise? The model is 5555. I have couple of ASA clusters in Active/Standby to upgrade from 9.8 to 9.9, so wanted to get an estimate.

10

Command that shows what interfaces are in a certain port channel?

If there is anything, what is the command that will show me what interfaces are in a port channel (etherchannel) 1 or 2, for example?

Appreciate any help. Thanks.

1

POE not working on 2960-L 24PS

I cannot for the life of me get POE working. Some details:

  1. If I hit the mode button to get to the POE LED all my ports have no lights on. Not sure if that is normal or not.
  2. I plug a POE (802.3af) camera in and the port does nothing. If I plug an external power supply to the camera it works fine. If I plug the camera into another Cisco POE switch at works it comes right up.
  3. I have tried multiple ports and cables.
  4. I have gone into the interface settings and used the 'power inline auto' command.
  5. I reset the switch back to defaults and still nothing.

Is there some global command that turns on or off POE functionality? It looks like every port is set to auto if I check the status. I'm at a loss.

Thanks!

2

Retrieving the number of interfaces in a VLAN

Is there a way to get a quantity of ports in certain vlans (show vlan brief) via cisco IOS? Or does this require some kind of API and scripting language to do?

Or could I export IOS output as csv somehow and parse it in Excel?

3

NAT over IKEv2 tunnel

Hi guys,

I've got a site-to-site IKEv2 tunnel between my client's 3900 router and a vendor's ASA firewall. The tunnel is up and looking good. Router interface setup looks like this:

Gig0/0.1 - LAN IP 10.53.17.1, connects to LAN switch at 10.53.17.2 Gig0/1 - Ip 172.31.172.2. WAN side connected to firewall.

I am trying to figure out how to NAT traffic inbound from them to a particular internal IP address, as they cannot route directly to the destination due to conflicting subnets.

The IP on the vendor's side of the tunnel is 10.184.1.241. The IP on my client's side that they are trying to hit is 172.16.24.95, which is behind another vendor's router. I do not believe this is relevant to the issue, as we already have proper routing to this IP via the primary LAN. The client's primary LAN is 10.53.17.0/24.

So essentially, the traffic would go like this:

10.184.1.241 --> 10.53.17.x(arbitrary IP in subnet) -NAT--> 172.16.24.95

My understanding is the vendor would need to send traffic to an IP on the LAN, then I NAT that particular traffic to the destination endpoint IP 172.16.24.95. I am going through the cisco NAT documentation, but I have not been able to find how to specify NAT traffic from a particular source IP to a specific destination IP. I cannot interrupt all traffic to 172.16.24.95 because other users at my client's site access that IP directly now.

3

Catalyst 9500 supporting Stackwise virtual?

Am I missing something, I can't seem to get this switch to recognize stackwise virtual commands.

C9500-24Y4C iosxe: Version 16.8.1r

Switch#show license right-to-use

License Name Type Period left

network-essentials Permanent Lifetime network-advantage Permanent Lifetime

0

Alternative chassis for SM-D-ES3G-48-P

Is there any way to use a EtherSwitch module (SM-D-ES3G-48-P) without using a 2900/3900 series router?

Is there a supported/ unsupported chassis or hack to just run the module as an independent switch?

I have this currently running in a 2921 router but am planning to retire the router.

0
comment
8

Do I have this FirePOWER rule right to block all other countries not in North America?

-----------------[ Rule: GEOBLOCK ]-----------------
    Action                : Block

    Source Networks       : ALL_CONTINENTS_EXCEPT_US_AND_INDIA (208 countries)
    Destination Networks  : Private Networks (*.*.*.*)
    URLs
    Logging Configuration
      DC                  : Disabled
      Beginning           : Disabled
      End                 : Disabled
      Files               : Disabled
    Safe Search           : No
    HTTP Header Injection : none
    Rule Hits             : 296
    Variable Set          : Default-Set

=======[ Rule Set: root_category (Built-in) ]=======

===============[ Advanced Settings ]================
General Settings
  Maximum URL Length                  : 1024
  Interactive Block Bypass Timeout    : 600
  Do not retry URL cache miss lookup  : No
  Inspect Traffic During Apply        : Yes
Network Analysis and Intrusion Policies
  Initial Intrusion Policy            : No Rules Active
  Initial Variable Set                : Default-Set
  Default Network Analysis Policy     : Balanced Security and Connectivity
Files and Malware Settings
  File Type Inspect Limit             : 1460
  Cloud Lookup Timeout                : 2
  Minimum File Capture Size           : 6144
  Maximum File Capture Size           : 1048576
  Min Dynamic Analysis Size           : 15360
  Max Dynamic Analysis Size           : 2097152
  Malware Detection Limit             : 10485760
Transport/Network Layer Preprocessor Settings
  Detection Settings
    Ignore VLAN Tracking Connections  : No
  Maximum Active Responses            : No Maximum
  Minimum Response Seconds            : No Minimum
  Session Termination Log Threshold   : 1048576
Detection Enhancement Settings
  Adaptive Profile                    : Disabled
Performance Settings
  Event Queue
    Maximum Queued Events             : 5
    Disable Reassembled Content Checks: False
  Performance Statistics
    Sample time (seconds)             : 300
    Minimum number of packets         : 10000
    Summary                           : False
    Log Session/Protocol Distribution : False
  Regular Expression Limits
    Match Recursion Limit             : Default
    Match Limit                       : Default
  Rule Processing Configuration
    Logged Events                     : 5
    Maximum Queued Events             : 8
    Events Ordered By                 : Content Length
Intelligent Application Bypass Settings
    State                                          : Off
    Bypassable Applications and Filters            : 0 Applications/Filters
Latency-Based Performance Settings
  Packet Handling                     : Disabled

edit: formatting

4

Cisco CUCM issue with getting Jabber properly connected

Hey everyone, I have been stuck getting my locally created CUCM accounts to properly connect with Jabber and I have been stuck on this issue for almost 2 weeks now. I have a localized VM subnet with a CUCM on a 10.1.2 IP along with 2 Windows VMs with Jabber installed. It is basically a test environment I am using to learn more about the product. I follow the proper procedures where you create a End user and then follow up with creating a phone profile and then assigning the phone profile with the end user. The problem arises when logging into Jabber with these new accounts. After specifying the server (the cucm ip) and then proceeding to the login window and providing the correct credentials, I am stuck with a "cannot communicate with server" issue. Is there a solution to this? Thank you

4

UCS - I2C congestion causing fans to run at 100%

Hi all - I have a TAC case open for this but I'm not making as much progress as I would like.

Over the last few weeks, the fans on our UCS chassis would spike to 100% for a short period of time, usually between 2 and 5 minutes. Last week they spiked to 100% and stayed there so I opened a case.

The system is not reporting any faults, including thermal. The tech on the case could see from the tech-support files the I2C bus was congested and suggested I reseat the fans, PSU's and IOM's on the chassis. Doing so fixed whatever the issue was and fans returned to there usual levels.

The next morning I come in and the fans crank up to 100% again. I asked the tech what is causing this, but the response I'm getting is "There's no fault" which doesn't really help me.

I can see that I'm not the first to suffer this, but most threads just suggest reseating the internal components and moving on. Due to the frequency that the fans are hitting 100%, I can't see that being a long-term solution.

We've had the chassis in place for 5 years and it's only just starting doing this, and I haven't changed anything recently including firmware (currently 3.1(2e)).

I wondering if there's way of finding out what is causing the congestion on the IC2 bus. Off the top of my head, it could be something to do with our configuration of the system, a fault with a component or a bug. I'll schedule a firmware upgrade in the next 4 weeks since we are admittedly not at a recent release.

Any wisdom that could be shared would be greatly appreciated :)

Thanks

Gary

9

catalyst 4948 public key authentication

Hey!

Cisco Catalyst 4948

C4948.sw1#sh ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 15.0(2)SG11, RELEASE SOFTWARE (fc2)
............

ROM: 12.2(31r)SGA4
Dagobah Revision 226, Swamp Revision 5

........
System image file is "bootflash:cat4500-ipbasek9-mz.150-2.SG11.bin"
..........

cisco WS-C4948 (MPC8245) processor (revision 0) with 262144K bytes of memory.
Processor board ID FOX11050E6F
MPC8245 CPU at 266Mhz, Fixed Module
Last reset from Reload
2 Virtual Ethernet interfaces
48 Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

I would like to setup ssh public key authentication.

Manual says add the public key for a username, using "ip ssh pubkey-chain "

But device doesn't know about this command

C4948.sw1(config)#ip ssh ?           
  authentication-retries  Specify number of authentication retries
  dscp                    IP DSCP value for SSH traffic
  logging                 Configure logging for SSH
  precedence              IP Precedence value for SSH traffic
  source-interface        Specify interface for source address in SSH connections
  time-out                Specify SSH time-out interval
  version                 Specify protocol version supported 

Tell me, please,how can i do this?

p.s. sorry for my english, I'm not native ^)

9
0
Comments are locked

eBook | BGP Route Aggregation - Minimizing the Size of the Routing Table

0
comment
5

Blade BIOS Time Set in CIMC

I am looking to change BIOS time, without having to log into and manually switch the BIOS time on each blade. Is this possible with some sort of policy?

6

Cisco ASA 9.8 - Source and Destination NAT

Hi all, I can't seem to wrap my head around this and get it working.

I have 2 Cisco ASA's connected directly together with a /24 and behind each is a private network.

I cannot expose the ASA's transit network to the internal routing tables behind each ASA, so therefore need to NAT into and out of the ASA.

So say I have named interface inside and outside on each ASA with the outside network being 192.168.10.0/24 and behind ASA1 is 10.1.1.0/24 and behind ASA2 is 10.2.2.0/24

Behind each ASA will be servers that need to be accessed from the other network.

What should my NAT rules look like to; for example

Server behind ASA2 at 10.2.2.20

Users behind ASA1 will access it by going to 10.1.1.20

What should my NAT rule look like on each side to allow users in 10.1.1.0/24 hit a web interface at 10.1.1.20.

Thank you

3

Is ASA Firepower IPS included for free?

I have configured Firepower before but it's always been the L-ASA5506-TAMC-3Y license. I have a customer who wants us to enable just IPS on a 5506 they purchased on their own, and they believe that since the model is listed on the invoice as "Cisco ASA with FirePOWER Services" that their 5506 includes Firepower's IPS. I'm not clear on if the 5506 includes IPS by default, or if it requires purchasing L-ASA5506-TA-3Y in addition to the ASA. The customer also does not have the PAK number that came with the ASA when it was originally purchased.

Does anyone know if we can get IPS working as-is, or will the customer need to purchase the L-ASA5506-TA-3Y license?

15

NAT inside IP to outside IP

I have a 1921 router at a branch office doing basic NAT + EzVPN. The WAN side of my router is plugged into the LAN network of another company (our office is in their office, so we're using them for Internet).

There's a copier on their LAN at 10.0.0.202 that I want users behind my router to be able to communicate with. The issue is that their IP space (10.0.0.0/24) overlaps with IP space elsewhere in my network associated with a VPN SA so when the router receives traffic destined for it, it sends it over a VPN tunnel instead of sending it out its' WAN port.. The router itself can ping the copier, but nothing behind it can because that traffic is being sent over our VPN tunnel.

What I'd like to do is designate a local IP on our LAN subnet and statically translate that to the copier's IP, so for example my LAN is 192.168.165.0/24 and I'd like to designate 192.168.165.10 and have the router NAT that to the copier's IP of 10.0.0.202 so devices on my LAN can use that IP to talk to the copier. How can I accomplish this?

15
0

Static NAT Route-Map Issue

Hi.

I'm configuring static NAT entries for a host on the internal network so the outside world may access the server. Since there are some port ranges, I decided to use a route-map. In the route-map I defined an ACL that has the allowed ports for the web server. However, when I run the commands not only are the ports that i defined open, but everything that the web server responds to is now accessible from the outside. I'm completely stumped, and can only think there is some type of bug with the route map. Please see below for config.

ip access-list extended NATTED-PORTS

permit tcp any any eq 443

permit tcp any any eq 6000

permit udp any any range 7000 8500

!

route-map NATTED-PORTS permit 10

match ip address NATTED-PORTS

!

ip nat inside source static 10.10.10.5 1.1.1.1 route-map NATTED-PORTS extendable

ip nat inside source static 10.10.10.5 2.2.2.2 route-map NATTED-PORTS extendable

To be clear port 9000 is accessible from the outside, and as you can see not defined in the ACL.

0
1

Vxlans forward bcast thru ASA?

Trying to forward broadcasts (non-DHCP) across customer ASA550x. Heard vxlans may work but has anyone seen this work?

Host on outside has static ip and is listening for bcast.

3

Aironet 1600e in autonomous mode. 2dBi vs 3dBi antennas?

I inherited an Aironet 1600e WAP for my home lab, and I'm not sure what the actual practical difference would be between the two available antennas.

I know the higher the dBi, the more squished the pattern, but what I don't know is what that will mean in practice. I'll be in a 900 sq foot apartment for the next few months, but might move into a house after.

Any insight would be helpful. I can pick up the 3dBi antennas for not much more than the 2dBi antennas right now.

0

DMPS3-300-C-AEC Half-Duplex Calls Using SPA122 [x-post from r/Crestron]

I have two DMPS3-300-C-AEC in two conference rooms. Each DMPS is connected via POTS to a Cisco SPA122. Recently users have reported that sometimes the callee can't hear the caller. I haven't been able to reproduce the issue, and they haven't been able give me much information about it. Apparently it happens quite frequently in both rooms. There is nothing in the program that would cause this, so my guess would be that it's the setting on the SPA122. I also have two other rooms that are using Tesira Fortes and they have no issues. Are there any known quirks or weird settings that need to be applied for this configuration?

Any help would be appreciated as the client is getting quite impatient with this install.

Thanks!

0
3

Which 10gig card and fiber transceivers for cat6500

I need to upgrade to 10gig from my core switch cat6509 to new 3750x access switches over MMF 50micron om3 fiber. They are almost 300m in distance.

I was thinking of getting this 16 port line card for 6509 WS-X6716-10G-3C.

I am unsure of which transceivers to order for the new line card and 3750x access switch fiber module. (Gbic & sfp)

Can anyone point me in the right direction?

Thanks

Community Details

17.5k

Subscribers

130

Online

Create Post
r/Cisco Rules
1.
No Brain Dumps
2.
No direct sales of equipment
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.