Good morning guys !
We are implementing a new environment for a customer and we will put some different devices. One of those is Cisco C93180YC (Multisite solution). Per environment we have one of this switches per rack (2 racks per environment) connected to the spine nexus 9504 through uplink port and the thing is:
If the question its not clear, please, let me know, thanks in advice :)
I was wondering if it was possible to connect a Cisco Console to a laptop using a rollover rJ45-rj45 cable, and an ethernet to USB converter, such as this one:
Will These in combination work to connect and manage the switch?
I'm doing my CCNA-Security since I just finished with my CCNA-R&S and now I'm hearing about this CCP software. I've got it installed and been messing with it, but the only devices I have that work with it are basically routers. Is this how it's basically designed? My switches get discovered but really can't do anything with them. My 5510 and 5506-X don't seem to work with it at all. The book seems to push I need to know how to use this because it's on the CCNA-Security. Is this a widely popular used tool? I've never seen/heard of it before now.
I'm little confused here, I'm having a tour in a company, so i found out that they are working with one IP address on two interfaces from one router, as i know every interface have it's IP address!
Can you please explain this to me and if it's possible how i can do it in Cisco packet tracer.
Thanks in advance.
SW version 220.127.116.11 ( date 10-Jul-2017 time 17:14:12 )
Boot version 1.3.5.06 ( date 21-Jul-2013 time 15:12:10 )
HW version V01
Initial Config ``` sh ru config-file-header v18.104.22.168 / R800_NIK_1_4_202_008 CLI v1.0 set system mode switch
file SSD indicator encrypted @ ssd-control-start ssd config ssd file passphrase control unrestricted no ssd file integrity control ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 ! vlan database vlan 11,21,25,506 exit voice vlan id 506 voice vlan oui-table add 0001e3 SiemensAG_phone_______ voice vlan oui-table add 00036b Ciscophone____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3CAolynk_____________ voice vlan oui-table add 0060b9 Philipsand_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone__________ voice vlan oui-table add 00e075 Polycom/Veritelphone__ voice vlan oui-table add 00e0bb 3Comphone_____________ ! interface fastethernet1 no spanning-tree portfast switchport trunk allowed vlan add 506 switchport trunk native vlan 25 ! ```
After I plug this phone in
config-file-header v22.214.171.124 / R800_NIK_1_4_202_008 CLI v1.0 set system mode switch
file SSD indicator encrypted
ssd file passphrase control unrestricted
no ssd file integrity control
voice vlan id 506
voice vlan oui-table add 0001e3 SiemensAG_phone_______
voice vlan oui-table add 00036b Ciscophone____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3CAolynk_____________
voice vlan oui-table add 0060b9 Philipsand_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone__________
voice vlan oui-table add 00e075 Polycom/Veritelphone__
voice vlan oui-table add 00e0bb 3Comphone_____________
storm-control broadcast enable
storm-control broadcast level 10
port security max 10
port security mode max-addresses
port security discard trap 60
switchport trunk allowed vlan add 506
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop ! ```
I tried googling around but I can find the setting for it to keep the configured native vlan. Has anyone set this up before?
We are looking to support some remote workers. We have some Call Manager/UCCX requirements. For business users CSF phones through MRA is fine however, CSFs through MRA do not support CTI and call recording so for UCCX agents, this solution doesn't work. Only 7800s and 8800s support bidirectional CTI and call recording through MRA. So knowing this, we are trying to come up with ways to deliver CSFs to end users AND get CTI and Call Recording working properly. The obvious solution to this is to extend the network to the end user somehow.
One of the scenarios that we wanted to investigate, is sending a user a small device that can establish a S2S vpn tunnel and perhaps give us some QoS metrics across the line. Ideally we would put together a package for an end user that would include a laptop/workstation preloaded with software and a device that they hardwire into their own network. I am looking for a small "magic box" of some sort that we could potentially buy and manage for user connectivity to help us ensure delivery of service. I saw the following two products:
Looks like they run between $400 and $800 bucks. Does anyone have any other thoughts/ideas? Solution is for one worker in a single household attached to a home user's internet connection. Again, this is just one scenario. We have an AnyConnect based architecture that we are looking at and an MRA enabled 7800 or 8800 solution as well. This would just be a plan C option.
I have a ASA5585. For an example, let’s say I have a public IP of 126.96.36.199, and a wildcard DNS record of *example.com that sends all traffic to that IP. That traffic is sent from an ASA to a load balancer. Is there a way for me to block certain inbound traffic to a specific URL inside my network? Say I want to block INBOUND traffic to cisco.example.com but allow all other traffic to example.com? Remember this is INBOUND traffic not OUTBOUND. I don’t believe I can do this but maybe I’m wrong.
Cisco Support has confirmed that this is possible using regex and class-maps, but is very unusual for inbound traffic, and of course it will not work for HTTPS traffic because regex on the ASA does not do deep packet inspection.
I find myself in the position I have to plan the networking for a LAN party with up to 2000 participants. This is a bit of a challenge, as until now we've done 350 people max. This obviosuly means we're going to need to get some new eqipment.
Currently, we use 4948 switches for the edges. I'm thinking to continue with this, but mix in a few 4948-10GE as well.
For the core we use a 4900M, but obviously that won't do the trick anymore.
We're currently running a 2x1Gb LAG between edge and core, and I'd like to continue with this.
I looked at the Catalyst 6500 ,but as far as I can tell the backplane is a lot weaker leading to bad oversubscripion ratios for the line cards.
After looking around some more, I'm thinking the Nexus 7009, 7010 or similar (depending on what we can get cheaply on ebay) would do the trick.
If anyone has any other suggestions I'm open for that, too.
So, looking at pricing for used parts on eBay, what I'm thinking is ... Nexus 7009 chassis, with:
Can you guys confirm that these are compatible?
Any nasty surprises I should be aware of?
I have an old UCS 560 with a SIP trunk that I want to add some internet redundancy to. I have two net links managed by a Meraki MX 100. Basically it port forwards to the target device from the two different ISP connections to an internal private IP. Meanwhile my SIP provider can be configured with multiple origination IPs with a priority list so if the primary link goes down, it will start sending calls into the second one.
My problem is, I need to rewrite the SIP headers to keep the calls alive, else they'll drop after about 10 seconds due to a keepalive lack of response (hope I'm using the right turn, basically an ACK and OK response). I get around that by rewriting SIP headers from the internal private IP to the public IP.
voice class sip-profiles 1 response ANY sip-header Contact modify "192.168.0.2" "188.8.131.52" request ANY sip-header Contact modify "192.168.0.2" "184.108.40.206" response ANY sdp-header Audio-Connection-Info modify "192.168.0.2" "220.127.116.11" response ANY sdp-header Connection-Info modify "192.168.0.2" "18.104.22.168" response ANY sdp-header Session-Owner modify "192.168.0.2" "22.214.171.124" request ANY sdp-header Audio-Connection-Info modify "192.168.0.2" "126.96.36.199" request ANY sdp-header Connection-Info modify "192.168.0.2" "188.8.131.52" request ANY sdp-header Session-Owner modify "192.168.0.226" "184.108.40.206"
My problem comes in when a call comes in via the secondary IP. The headers are still rewritten to the primary IP so the call drops after about 10 seconds when the keepalive fails to return an OK.
Is there any way I can have my cake and eat it to in this scenario? Or an alternate plan of attack that doesn't require header rewrites?
Not sure where else to ask this. I got a new router because my old one was having problems. The old wifi system (let’s call this wifi A) was a cisco “system”. it had 3 units or parts to it. there was the main router, then connected to that was an ethernet switch. neither the router nor the switch gave off a signal though, in order to get a wireless signal, we had to connect these antennas. they were more than just an antenna you would connect to the router though, it was like a separate extender that you would have to connect to the router via an ethernet.
okay now that you know how the old system worked, let’s get to the problem. i got this new router, it’s NOT a cisco router. i want to use the extenders or antennas from the old system with this new router to boost the connection around the house. however, when i plug in the extenders to the new router, they give off the network signal and name for the old system. when i try to connect to wifi on the devise, the name from the old system comes up along with the name for the new system. the extenders seem to be giving off signal for system A still even though they are connected to the new router.
is there any way i could fix this problem??
A few days ago I posted about a network outage that involved a rather large network. After another full day of hair-pulling, the culprit was found: a broken port channel. The upstream switch had two ports configured for "channel-group mode on". The downstream switch had been replaced recently and cabled incorrectly.
SW1 Gi0/1 ---- SW2 Gi0/1 SW1 Gi0/2 ---- SW2 Gi0/2
SW1 Gi0/1 ---- SW2 Gi0/2 SW1 Gi0/2 ---- SW2 Gi0/3
SW1 Gi0/1-2 are set for "mode on", SW2 Gi0/2 is set for "mode on", and SW2 Gi0/3 is just an access port. Since "mode on" doesn't do any sanity checking, SW1 assumes that both ports on the other side are in a port channel and happily sends data. No one bothered to setup BDPU guard on access ports (and most were set for "switchport mode desirable" to boot), so SW2 happily accepts whatever is sent to it and MACs start flapping all over the place.
It took so long to track down because the entire network is a single L2 domain, so a problem in building 1 manifests as MAC flaps in buildings 2, 3, 4, & 5 as well. We had to verify every single trunk port to catch the problem. Now they gotta go check switch configs in ALL of their locations (over 1,200 switches) because the vendor used the same broken template for everything.
TL;DR LACP = good, "channel-group mode on" = bad
I am trying to install Cisco anyconnect clients on windows 10 HP laptops. The installation would hang as it gets very close to the finish point and complain that: "There is a problem with this windows Installer package. A program run as part of the setup did not finish as expected. Conact your support personnel or package vendor"
I have tried to disable all of my firewall and disable antivirus software. I have also added my ASA address as a trust site in the "Internet Options".
If you have any workaround, please help
I'm not really sure where to start here. My 4948E reaches the end of the blurb I posted below and then waits for about 10 seconds. The status light then switches to orange from green and then it shuts down shortly after. Does anyone have any idea whats wrong with this? I don't have any diagnostic messages after what I posted to help me out. Any help would be appreciated, Thanks!
Power-on-self-test for Module 1: WS-C4948E
Test Status: (. = Pass, F = Fail, U = Untested)
CPU Subsystem Tests ...
Traffic: L3 Looopback ...
Test Results: Pass
Traffic: L2 Loopback ...
Test Results: Pass
Switching Subsystem Memory ...
Packet Memory Test Results: Pass
Module 1 Passed
Rommon reg: 0x00000780
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 12.2(54)SG, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 27-Jun-10 08:37 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x12823FA8
cisco WS-C4948E (MPC8548) processor (revision 5) with 1048576K bytes of memory.
Processor board ID CAT1524S2PD
MPC8548 CPU at 1GHz, Cisco Catalyst 4948E
Last reset from Push Button Reset
1 Virtual Ethernet interface
48 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
I have some questions about some log messages I have been seeing. Not sure if this is working properly or I have some configuration error somewhere I need to fix. On the 7th I updated the IOS on a switch that is directly connected to our core, and of course I had to reboot it. Everything went well and no issues, but I saw these log messages on the core:
Aug 7 2018 19:04:43.785: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 18 on TenGigabitEthernet1/1/22 VLAN1.
Aug 7 2018 19:04:43.785: %SPANTREE-2-BLOCK_PVID_PEER: Blocking TenGigabitEthernet1/1/22 on VLAN0018. Inconsistent peer vlan.
Aug 7 2018 19:04:43.786: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking TenGigabitEthernet1/1/22 on VLAN0001. Inconsistent local vlan.
Aug 7 2018 19:04:43.786: %SPANTREE-2-BLOCK_PVID_PEER: Blocking TenGigabitEthernet1/1/22 on VLAN0025. Inconsistent peer vlan.
Aug 7 2018 19:04:43.786: %SPANTREE-2-BLOCK_PVID_PEER: Blocking TenGigabitEthernet1/1/22 on VLAN0040. Inconsistent peer vlan.
Aug 7 2018 19:04:59.860: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking TenGigabitEthernet1/1/22 on VLAN0018. Port consistency restored.
Aug 7 2018 19:04:59.940: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking TenGigabitEthernet1/1/22 on VLAN0025. Port consistency restored.
Aug 7 2018 19:05:00.176: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking TenGigabitEthernet1/1/22 on VLAN0040. Port consistency restored.
Aug 7 2018 19:05:00.177: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking TenGigabitEthernet1/1/22 on VLAN0001. Port consistency restored.
Then today I created a new VLAN on our core and then added it to a couple other switches and saw these messages on the core:
Aug 14 2018 08:28:51.262: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 37 on Port-channel3 VLAN999.
Aug 14 2018 08:28:51.263: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel3 on VLAN0037. Inconsistent peer vlan.
Aug 14 2018 08:28:51.263: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel3 on VLAN0999. Inconsistent local vlan.
Aug 14 2018 08:29:06.260: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel3 on VLAN0037. Port consistency restored.
Aug 14 2018 08:29:06.260: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel3 on VLAN0999. Port consistency restored.
Is this normal? Or do I need to fix something?
We have a ASA 5508-X and regularly experience bandwidth issues when someone is downloading files. Internet connection is 30/30 Mbps, but when I download a large iso file for example, internet is unusable for all other users..
I know I can create a service policy matching http/https with QoS and limit the bandwidth to x Mbps, but I don't think that's what I need since this is probably applied globally and not per ip or per session.
How can I prevent single users or services (WSUS for example) from saturating the entire internet connection?
I inherited a virtual Cisco FirePOWER appliance. My only experience was one integrated with an ASA. I’m having trouble understanding how traffic is being forwarded to the virtual appliance for inspection? I assume there is a SPAN port somewhere. How do I determine how the virtual appliance is getting the packets? It is NOT inline.
I've got a high profile user who's computer, I believe, goes unauthed after long periods of inactivity. I am pretty sure the PC might be going into sleep mode or disabling the NIC for low power mode but seeing as how this has been an ongoing issue, it's falling to me to deal with.
I have ready tried a few different things:
I have basic log output going to my syslog collectors. I need to figure out a way I can get an Unauth message to go to an alert. If I can get the port status of "unauth" to report to my syslog, I can get Splunk to report on it. Anyone have any thoughts on this?