Search Results

Search found 1134 results on 46 pages for 'cisco'.

Page 25/46 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >

  • ASA access lists and Egress Filtering

    - by Nate
    Hello. I'm trying to learn how to use a cisco ASA firewall, and I don't really know what I'm doing. I'm trying to set up some egress filtering, with the goal of allowing only the minimal amount of traffic out of the network, even if it originated from within the inside interface. In other words, I'm trying to set up dmz_in and inside_in ACLs as if the inside interface is not too trustworthy. I haven't fully grasped all the concepts yet, so I have a few issues. Assume that we're working with three interfaces: inside, outside, and DMZ. Let's say I have a server (X.Y.Z.1) that has to respond to PING, HTTP, SSH, FTP, MySQL, and SMTP. My ACL looks something like this: access-list outside_in extended permit icmp any host X.Y.Z.1 echo-reply access-list outside_in extended permit tcp any host X.Y.Z.1 eq www access-list outside_in extended permit tcp any host X.Y.Z.1 eq ssh access-list outside_in extended permit tcp any host X.Y.Z.1 eq ftp access-list outside_in extended permit tcp any host X.Y.Z.1 eq ftp-data established access-list outside_in extended permit tcp any host X.Y.Z.1 eq 3306 access-list outside_in extended permit tcp any host X.Y.Z.1 eq smtp and I apply it like this: access-group outside_in in interface outside My question is, what can I do for egress filtering? I want to only allow the minimal amount of traffic out. Do I just "reverse" the rules (i.e. the smtp rule becomes access-list inside_out extended permit tcp host X.Y.Z.1 any eq smtp ) and call it a day, or can I further cull my options? What can I safely block? Furthermore, when doing egress filtering, is it enough to apply "inverted" rules to the outside interface, or should I also look into making dmz_in and inside_in acls? I've heard the term "egress filtering" thrown around a lot, but I don't really know what I'm doing. Any pointers towards good resources and reading would also be helpful, most of the ones I've found presume that I know a lot more than I do.

    Read the article

  • How do I connect to and factory reset a Catalyst 3560 Switch?

    - by Josh
    My company just bought another company. In their server room they had some older hardware, which I would like to repurpose. One of these is a Cisco Switch: C3560G-48TS-S. I found some instructions about this switch here but this is not a guide for a beginner. I have no idea how to connect to this thing to begin running the commands. It says Configure the PC terminal emulation software for 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control. But I can't find anything on how to do this (assuming with telnet?) or even what program to use. I also don't know how to find the IP address of the device to connect to it. My research also says once I get in there, I need to run clear config all Is this the right command? Also, what if I can't get the username and password for these devices? Is there some way to factory reset (my only experience is with devices that have a hardware reset button) EDIT: I should note that when I push the button on the front the three lights blink, which according to the documentation indicated the switch is configured and "not available for express setup"

    Read the article

  • lacp, cicso 3550, 3560, help with configuration

    - by Flamewires
    Hey all this is a repost from a question I asked on the cisco forums but never got a useful reply. Hey I'm trying to convert the FreeBSD servers at work to dual-gig lagg links from regular gigabit links. Our production servers are on a 3560. I have a small test environment on a 3550. I have achieved fail-over, but am having troubles achieving the speed increase. All servers are running gig intel (em) cards. The configs for the servers are: BSDServer: #!/bin/sh #bring up both interfaces ifconfig em0 up media 1000baseTX mediaopt full-duplex ifconfig em1 up media 1000baseTX mediaopt full-duplex #create the lagg interface ifconfig lagg0 create #set lagg0's protocol to lacp, add both cards to the interface, #and assign it em1's ip/netmask ifconfig lagg0 laggproto lacp laggport em0 laggport em1 ***.***.***.*** netmask 255.255.255.0 The switches are configured as follows: #clear out old junk no int Po1 default int range GigabitEthernet 0/15 - 16 # config ports interface range GigabitEthernet 0/15 - 16 description lagg-test switchport duplex full speed 1000 switchport access vlan 192 spanning-tree portfast channel-group 1 mode active channel-protocol lacp **** switchport trunk encapsulation dot1q **** no shutdown exit interface Port-channel 1 description lagginterface switchport access vlan 192 exit port-channel load-balance src-mac end obviously change 1000's to 100's and GigabitEthernet to FastEthernet for the 3550's config, as that switch has 100Mbit speed ports. With this config on the 3550, I get failover and 92Mbits/sec speed on both links, simultaneously, connecting to 2 hosts.(tested with iperf) Success. However this is only with the "switchport trunk encapsulation dot1q" line. First, I do not understand why I need this, I thought it was only for connecting switches. Is there some other setting which this turns on that is actually responsible for the speed increase? Second, This config does not work on the 3560. I get failover, but not the speed increase. Speeds drop from gig/sec to 500Mbit/sec when I make 2 simultaneous connections to the server with or without the encapsulation line. I should mention that both switches are using source-mac load balancing. In my test I am using Iperf. I have the server(lagg box) setup as the server(iperf -s), and the client computers are client(iperf -c server-ip-address), so the source mac(and IP) are different for both connections. Any ideas/corrections/questions would be helpful, as the gig switches are what I actually need the lagg links on. Ask if you need more information.

    Read the article

  • IPv6 routing to another interface

    - by Robert
    I'm trying to get an IPv6 enabled router to forward data from one interface to the other and I'm having issues. When following this example (http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080ba6106.shtml) I am able to get full connectivity between all 3 routers in my simulator. However when I try to use only 1 router; I can't get connectivity to the other interfacs on the same router. My PC is directly attached to FA 0/1 and it can ping the router's interface. However it can not ping any other interface on the router(which unless I'm missing something it should be able to do). The router on the other hand can ping everything. I thought static routes might help; but the router already has routes for everything. I'm thinking the packet should come in; router looks up the destination in it's ipv6 routing table and then realizes it's for itself, and should respond. I thought maybe it couldn't respond directly; so I tried pinging a device like 2001:0000:0000:1000::2, but i don't get a response. I'm running on IOS 12.4. I'm missing something(hopefully simple), but I just can't see what it is. With only 1 router; how do I enable my PC to talk to the other subnets? Thank you in advance, Robert Topology: R1 FA 0/0: 2001:0000:0000:0000::1/52 FA 0/1: 2001:0000:0000:1000::1/52 FA 1/0: 2001:0000:0000:2000::1/52 Loopback 0: 2001:0000:0000:3000::1/52 PC: 2001:0000:0000:2000::2/52 PC plugs directly into FA 1/0 on the router. --- Configuration --- ipv6 cef ipv6 unicast routing interface Loopback0 no ip address ipv6 address 2001:0000:0000:3000::1/52 ipv6 enable ! interface FastEthernet0/0 no ip address duplex auto speed auto ipv6 address 2001:0000:0000::1/52 ipv6 enable ! interface FastEthernet0/1 no ip address duplex auto speed auto ipv6 address 2001:0000:0000:1000::1/52 ipv6 enable ! interface FastEthernet1/0 no ip address duplex auto speed auto ipv6 address 2001:0000:0000:2000::1/52 ipv6 enable --- end of config --- --- routing table --- IPV6Lab#show ipv6 route IPv6 Routing Table - 10 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 C 2001:0000:0000::/52 [0/0] via ::, FastEthernet0/0 L 2001:0000:0000::1/128 [0/0] via ::, FastEthernet0/0 C 2001:0000:0000:1000::/52 [0/0] via ::, FastEthernet0/1 L 2001:0000:0000:1000::1/128 [0/0] via ::, FastEthernet0/1 C 2001:0000:0000:2000::/52 [0/0] via ::, FastEthernet1/0 L 2001:0000:0000:2000::1/128 [0/0] via ::, FastEthernet1/0 C 2001:0000:0000:3000::/52 [0/0] via ::, Loopback0 L 2001:0000:0000:3000::1/128 [0/0] via ::, Loopback0 L FE80::/10 [0/0] via ::, Null0 L FF00::/8 [0/0] via ::, Null0 --- end of routing table ---

    Read the article

  • ASA 5505 stops local internet when connected to VPN

    - by g18c
    Hi I have a Cisco ASA router running firmware 8.2(5) which hosts an internal LAN on 192.168.30.0/24. I have used the VPN Wizard to setup L2TP access and I can connect in fine from a Windows box and can ping hosts behind the VPN router. However, when connected to the VPN I can no longer ping out to my internet or browse web pages. I would like to be able to access the VPN, and also browse the internet at the same time - I understand this is called split tunneling (have ticked the setting in the wizard but to no effect) and if so how do I do this? Alternatively, if split tunneling is a pain to setup, then making the connected VPN client have internet access from the ASA WAN IP would be OK. Thanks, Chris names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.30.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 208.74.158.58 255.255.255.252 ! ftp mode passive access-list inside_nat0_outbound extended permit ip any 10.10.10.0 255.255.255.128 access-list inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.30.192 255.255.255.192 access-list DefaultRAGroup_splitTunnelAcl standard permit 192.168.30.0 255.255.255.0 access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 192.168.30.0 255.255.255.0 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool LANVPNPOOL 192.168.30.220-192.168.30.249 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.30.0 255.255.255.0 route outside 0.0.0.0 0.0.0.0 208.74.158.57 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.30.0 255.255.255.0 inside snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 192.168.30.3 vpn-tunnel-protocol l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl_1 username user password Cj7W5X7wERleAewO8ENYtg== nt-encrypted privilege 0 tunnel-group DefaultRAGroup general-attributes address-pool LANVPNPOOL default-group-policy DefaultRAGroup tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key ***** tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context : end

    Read the article

  • Unicast traffic between hosts on a switch leaving the switch by its uplink. Why?

    - by Rich Lafferty
    I have a weird thing happening on our network at my office which I can't quite get my head around. In particular I can't tell if it's a problem with a switch, or a problem with configuration. We have a Cisco SG300-52 switch (sw01) in the top of a rack in our server room, connected to another SG300-28 that acts as our core switch (core01). Both run layer 2 only, our firewalls do routing between VLANs. They have a dozen or so VLANs between them. Gi1 on sw01 is a trunk port connected to gi1 on core01. (Disclosure: There are other switches in our environment but I'm pretty sure I've isolated the problem down to these two. Happy to provide more info if necessary.) The behaviour I'm seeing is limited to one VLAN, vlan 12 -- or, at least, it's not happening on the other ones I checked (It's hard to guarantee the absence of packets), and it is: sw01 is forwarding, to core01, traffic which is between two hosts which are both plugged into sw01. (I noticed this because the IDS in our firewall gave a false positive on traffic which should not reach the firewall.) We noticed this mostly between our two dhcp/dns servers, net01 (10.12.0.10) and net02 (10.12.0.11). net01 is physical hardware and net02 is on a VMware ESX server. net01 is connected to gi44 on sw01 and net02's ESX server to gi11. [net01]----gi44-[sw01]-gi1----gi1-[core01] [net02]----gi11/ Let's see some interfaces! Remember, vlan 12 is the problem vlan. Of the others I explicitly verified that vlan 27 was not affected. Here's the two hosts' ports: esx01 contains net02. sw01#sh run int gi11 interface gigabitethernet11 description esx01 lldp med disable switchport trunk allowed vlan add 5-7,11-13,100 switchport trunk native vlan 27 ! sw01#sh run int gi44 interface gigabitethernet44 description net01-1 lldp med disable switchport mode access switchport access vlan 12 ! Here's the trunk on sw01. sw01#sh run int gi1 interface gigabitethernet1 description "trunk to core01" lldp med disable switchport trunk allowed vlan add 4-7,11-13,27,100 ! And the other end of the trunk on core01. interface gigabitethernet1 description sw01 macro description switch switchport trunk allowed vlan add 2-7,11-16,27,100 ! I have a monitor port on core01, thus: core01#sh run int gi12 interface gigabitethernet12 description "monitor port" port monitor GigabitEthernet 1 ! And the monitor port on core01 sees unicast traffic going between net01 and net02, both of which are on sw01! I've verified this with a monitor port on sw01 that sees the net01-net02 unicast traffic leaving via gi1 too. sw01 knows that both of those hosts are on ports that are not its trunk port: :) ratchet$ arp -a | grep net net02.2ndsiteinc.com (10.12.0.11) at 00:0C:29:1A:66:15 [ether] on eth0 net01.2ndsiteinc.com (10.12.0.10) at 00:11:43:D8:9F:94 [ether] on eth0 sw01#sh mac addr addr 00:0C:29:1A:66:15 Aging time is 300 sec Vlan Mac Address Port Type -------- --------------------- ---------- ---------- 12 00:0c:29:1a:66:15 gi11 dynamic sw01#sh mac addr addr 00:11:43:D8:9F:94 Aging time is 300 sec Vlan Mac Address Port Type -------- --------------------- ---------- ---------- 12 00:11:43:d8:9f:94 gi44 dynamic I also brought up an unused port on sw01 on vlan 12, but the unicast traffic was (as best as I could tell) not coming out that port. So it doesn't look like sw01 is pushing it out all its ports, just the right ports and also gi1! I've verified that sw01 is not filling up its address-table: sw01#sh mac addr count This may take some time. Capacity : 8192 Free : 7983 Used : 208 The full configs for both core01 and sw01 are available: core01, sw01. Finally, versions: sw01#sh ver SW version 1.1.2.0 ( date 12-Nov-2011 time 23:34:26 ) Boot version 1.0.0.4 ( date 08-Apr-2010 time 16:37:57 ) HW version V01 core01#sh ver SW version 1.1.2.0 ( date 12-Nov-2011 time 23:34:26 ) Boot version 1.1.0.6 ( date 11-May-2011 time 18:31:00 ) HW version V01 So my understanding is this: sw01 should take unicast traffic for net01 and send it only out net02's port, and vice versa; none of it should go out sw01's uplink. But core01, receiving traffic on gi1 for a host it knows is on gi1, is right in sending it out all of its ports. (That is: sw01 is misbehaving, but core01 is doing what it should given the circumstances.) My question is: Why is sw01 sending that unicast traffic out its uplink, gi1? (And pre-emptively: yes, I know SG300s leave much to be desired, and yes, we should have spanning-tree enabled, but that's where I'm at right now.)

    Read the article

  • ASA 5505 Vlan question

    - by Wayne
    I am setting up a cisco asa 5505 with the base license. I can communicate from inside-outside, outside-inside, inside-home, which is my desired traffic security. I can get http, ssh, and other access from inside-home, but I can't ping from inside-home (192.168.110.0 host to 192.168.7.1 or 192.168.7.0 host). Can someone explain. My config is listed below interface Vlan1<br> nameif inside<br> security-level 100<br> ip address 192.168.110.254 255.255.255.0 <br> !<br> interface Vlan2<br> nameif outside<br> security-level 0<br> pppoe client vpdn group birdie<br> ip address removedIP 255.255.255.255 pppoe <br> !<br> interface Vlan3<br> no forward interface Vlan1<br> nameif home<br> security-level 50<br> ip address 192.168.7.1 255.255.255.0 <br> ! <br> interface Ethernet0/0<br> switchport access vlan 2<br> ! <br> interface Ethernet0/1<br> ! <br> interface Ethernet0/2<br> ! <br> interface Ethernet0/3<br> ! <br> interface Ethernet0/4<br> switchport access vlan 3<br> ! <br> interface Ethernet0/5<br> shutdown <br> ! <br> interface Ethernet0/6<br> shutdown <br> ! <br> interface Ethernet0/7<br> shutdown <br> ! <br> ftp mode passive<br> clock timezone EST -5<br> clock summer-time EDT recurring<br> access-list Outside-In extended permit icmp any any <br> access-list Outside-In extended permit tcp any any eq www <br> access-list Outside-In extended permit tcp any any eq https <br> access-list Outside-In extended permit tcp any any eq 5969 <br> access-list inside_nat0_outbound extended permit ip any 192.168.111.0 255.255.255.224 <br> access-list standardUser_splitTunnelAcl1 extended permit ip 192.168.111.0 255.255.255.0 any <br> access-list standardUser_splitTunnelAcl1 extended permit ip 192.168.110.0 255.255.255.0 <br>any access-list inside_in extended permit icmp any any <br> access-list inside_in extended permit ip any any <br> access-list home_in extended permit icmp any any <br> access-list home_in extended permit ip any any <br> pager lines 24<br> logging enable<br> logging asdm informational<br> mtu inside 1492<br> mtu outside 1492<br> mtu home 1500 <br> ip local pool vpnuser 192.168.111.5-192.168.111.20<br> icmp unreachable rate-limit 1 burst-size 1<br> asdm image disk0:/asdm-524.bin<br> no asdm history enable<br> arp timeout 14400<br> nat-control <br> global (outside) 1 interface<br> nat (inside) 0 access-list inside_nat0_outbound<br> nat (inside) 1 0.0.0.0 0.0.0.0<br> nat (home) 1 192.168.7.0 255.255.255.0<br> static (inside,outside) tcp interface https 192.168.110.6 https netmask 255.255.255.255 <br> static (inside,outside) tcp interface www 192.168.110.6 www netmask 255.255.255.255 <br> static (inside,outside) tcp interface 5969 192.168.110.12 5969 netmask 255.255.255.255 <br> static (inside,home) 192.168.110.0 192.168.110.0 netmask 255.255.255.0 <br> access-group inside_in in interface inside<br> access-group Outside-In in interface outside<br> access-group home_in in interface home<br> route outside 0.0.0.0 0.0.0.0 RemovedIP 1<br>

    Read the article

  • Synergy 1.4.2 Linux server, OSX client, Media/Function key mapping issues

    - by at165dB
    I'm using an Apple bluetooth keybord to control my Linux synergy server. SSH tunneling, Mouse, Keyboard, and Copy&Paste all work. Linux sees all the media/app keys that are on top of the F# keys correctly. However if I press any of those keys while controlling my OSX client, nothing happens on the client. Running synergys with -d DEBUG1 I can see the following keycode info: Pressing the "dim monitor" key that also serves as F1 generates: new mask: 0x2000 event: KeyPress code=232, state=0x0010 new mask: 0x2000 If I press "fn" and the same key, I can see it sending what I'm assuming is an F1: event: KeyPress code=67, state=0x0010 onKeyDown id=61374 mask=0x2000 button=0x0043 send key down to "foo.cisco.com" id=61374, mask=0x2000, button=0x0043 new mask: 0x2000 event: KeyRelease code=67, state=0x0010 onKeyUp id=61374 mask=0x2000 button=0x0043 send key up to "foo.cisco.com" id=61374, mask=0x2000, button=0x0043 I'm guessing I need to tweak my synergy.conf so that the server sends keys that it currently isn't. I'm also not sure what I need to do to tweak the keys that it is sending, but are not working. Below are all the other keys I'm having issues with. Does anyone have any idea how I can enable their functionality? brighten monitor: new mask: 0x2000 event: KeyPress code=233, state=0x0010 new mask: 0x2000 expose: new mask: 0x2000 event: KeyPress code=128, state=0x0010 new mask: 0x2000 dashboard: new mask: 0x2000 event: KeyPress code=212, state=0x0010 new mask: 0x2000 dim keyboard: new mask: 0x2000 event: KeyPress code=237, state=0x0010 new mask: 0x2000 brighten keyboard: new mask: 0x2000 event: KeyPress code=238, state=0x0010 new mask: 0x2000 rewind: event: KeyPress code=173, state=0x0010 onKeyDown id=57521 mask=0x2000 button=0x00ad send key down to "foo.cisco.com" id=57521, mask=0x2000, button=0x00ad new mask: 0x2000 event: KeyRelease code=173, state=0x0010 onKeyUp id=57521 mask=0x2000 button=0x00ad send key up to "foo.cisco.com" id=57521, mask=0x2000, button=0x00ad play/pause: event: KeyPress code=172, state=0x0010 onKeyDown id=57523 mask=0x2000 button=0x00ac send key down to "foo.cisco.com" id=57523, mask=0x2000, button=0x00ac new mask: 0x2000 event: KeyRelease code=172, state=0x0010 onKeyUp id=57523 mask=0x2000 button=0x00ac send key up to "foo.cisco.com" id=57523, mask=0x2000, button=0x00ac fastforward: event: KeyPress code=171, state=0x0010 onKeyDown id=57520 mask=0x2000 button=0x00ab send key down to "foo.cisco.com" id=57520, mask=0x2000, button=0x00ab new mask: 0x2000 event: KeyRelease code=171, state=0x0010 onKeyUp id=57520 mask=0x2000 button=0x00ab send key up to "foo.cisco.com" id=57520, mask=0x2000, button=0x00ab mute: event: KeyPress code=121, state=0x0010 onKeyDown id=57517 mask=0x2000 button=0x0079 send key down to "foo.cisco.com" id=57517, mask=0x2000, button=0x0079 new mask: 0x2000 event: KeyRelease code=121, state=0x0010 onKeyUp id=57517 mask=0x2000 button=0x0079 send key up to "foo.cisco.com" id=57517, mask=0x2000, button=0x0079 volume down: onKeyDown id=57518 mask=0x2000 button=0x007a send key down to "foo.cisco.com" id=57518, mask=0x2000, button=0x007a new mask: 0x2000 event: KeyRelease code=122, state=0x0010 onKeyUp id=57518 mask=0x2000 button=0x007a send key up to "foo.cisco.com" id=57518, mask=0x2000, button=0x007a volume up: event: KeyPress code=123, state=0x0010 onKeyDown id=57519 mask=0x2000 button=0x007b send key down to "foo.cisco.com" id=57519, mask=0x2000, button=0x007b new mask: 0x2000 event: KeyRelease code=123, state=0x0010 onKeyUp id=57519 mask=0x2000 button=0x007b send key up to "foo.cisco.com" id=57519, mask=0x2000, button=0x007b eject: event: KeyPress code=169, state=0x0010 onKeyDown id=57345 mask=0x2000 button=0x00a9 send key down to "foo.cisco.com" id=57345, mask=0x2000, button=0x00a9 new mask: 0x2000 event: KeyRelease code=169, state=0x0010 onKeyUp id=57345 mask=0x2000 button=0x00a9 send key up to "foo.cisco.com" id=57345, mask=0x2000, button=0x00a9

    Read the article

  • Trying to configure HWIC-3G-HSPA

    - by user1174838
    I'm trying to configure a couple of Cisco 1941 routes. The are both identical routers. Each as a HWIC-1T (Smart Serial interface) and a HWIC-3G-HSPA 3G interface. These routers are to be sent to remote sites. We have connectivity to one of the sites but if remote site A gors down we lose connectivity to remote site B. The HWIC-1T is the primary WAN interface using frame relay joining the two remote sites We want the HWIC-3G-HSPA to be usable for direct connectivity from head office to remote site B, and also the HWIC-3G-HSPA is do be used for comms between the remote sites when the frame relay is down (happens quite a bit). I initialy tried to do dynamic routing using EIGRP however in my lab setup of laptop - 1941 - 1941 - laptop, I was unable to get end to end connectivity. I later settled on static routing and have got end to end connectivity but only over frame relay, not the HWIC-3G-HSPA. The sanitized running config for remote site A: version 15.1 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service udp-small-servers service tcp-small-servers ! hostname remoteA ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings enable secret 5 censored ! no aaa new-model clock timezone wst 8 0 ! no ipv6 cef ip source-route ip cef ! ip domain name yourdomain.com multilink bundle-name authenticated ! chat-script gsm "" "ATDT*98*1#" TIMEOUT 30 "CONNECT" ! username admin privilege 15 secret 5 censored ! controller Cellular 0/1 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.2.5 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 encapsulation frame-relay cdp enable frame-relay interface-dlci 16 frame-relay lmi-type ansi ! interface Cellular0/1/0 ip address negotiated encapsulation ppp dialer in-band dialer idle-timeout 2147483 dialer string gsm dialer-group 1 async mode interactive ppp chap hostname censored ppp chap password 7 censored cdp enable ! interface Cellular0/1/1 no ip address encapsulation ppp ! interface Dialer0 no ip address ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 Serial0/0/0 210 permanent ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 220 permanent ip route 172.31.2.0 255.255.255.0 Cellular0/1/0 permanent ip route 192.168.3.0 255.255.255.0 10.1.1.1 permanent ip route 192.168.3.0 255.255.255.0 Cellular0/1/0 210 permanent ! access-list 1 permit any dialer-list 1 protocol ip list 1 ! control-plane ! line con 0 logging synchronous login local line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line 0/1/0 exec-timeout 0 0 script dialer gsm login modem InOut no exec transport input all rxspeed 7200000 txspeed 5760000 line 0/1/1 no exec rxspeed 7200000 txspeed 5760000 line vty 0 4 access-class 23 in privilege level 15 password 7 censored login local transport input all line vty 5 15 access-class 23 in privilege level 15 password 7 censored login local transport input all line vty 16 1370 password 7 censored login transport input all ! scheduler allocate 20000 1000 end The sanitized running config for remote site B: version 15.1 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service udp-small-servers service tcp-small-servers ! hostname remoteB ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 censored ! no aaa new-model clock timezone wst 8 0 ! no ipv6 cef ip source-route ip cef ! no ip domain lookup ip domain name yourdomain.com multilink bundle-name authenticated ! chat-script gsm "" "ATDT*98*1#" TIMEOUT 30 "CONNECT" username admin privilege 15 secret 5 censored ! controller Cellular 0/1 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.3.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 encapsulation frame-relay clock rate 2000000 cdp enable frame-relay interface-dlci 16 frame-relay lmi-type ansi frame-relay intf-type dce ! interface Cellular0/1/0 ip address negotiated encapsulation ppp dialer in-band dialer idle-timeout 2147483 dialer string gsm dialer-group 1 async mode interactive ppp chap hostname censored ppp chap password 7 censored ppp ipcp dns request cdp enable ! interface Cellular0/1/1 no ip address encapsulation ppp ! interface Dialer0 no ip address ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 Serial0/0/0 210 permanent ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 220 permanent ip route 172.31.2.0 255.255.255.0 Cellular0/1/0 permanent ip route 192.168.2.0 255.255.255.0 10.1.1.2 permanent ip route 192.168.2.0 255.255.255.0 Cellular0/1/0 210 permanent ! kron occurrence PING in 1 recurring policy-list ICMP ! access-list 1 permit any dialer-list 1 protocol ip list 1 ! control-plane ! line con 0 logging synchronous login local line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line 0/1/0 exec-timeout 0 0 script dialer gsm login modem InOut no exec transport input all rxspeed 7200000 txspeed 5760000 line 0/1/1 no exec rxspeed 7200000 txspeed 5760000 line vty 0 4 access-class 23 in privilege level 15 password 7 censored login transport input all line vty 5 15 access-class 23 in privilege level 15 password 7 censored login transport input all line vty 16 1370 password 7 censored login transport input all ! scheduler allocate 20000 1000 end The last problem I'm having is the 3G interfaces go down after only a few minutes of inactivity. I've tried using kron to ping the local HWIC-3G-HSPA interface (cellular 0/1/0) every minute but that hasn't been successful. Manually pinging the IP assigned (by the telco) to ce0/1/0 does bring the interface up. Any ideas? Thanks

    Read the article

  • FreeBSD 8.1 unstable network connection

    - by frankcheong
    I have three FreeBSD 8.1 running on three different hardware and therefore consist of different network adapter as well (bce, bge and igb). I found that the network connection is kind of unstable which I have tried to scp some 10MB file and found that I cannot always get the files completed successfully. I have further checked with my network admin and he claim that the problem is being caused by the network driver which cannot support the load whereby he tried to ping using huge packet size (around 15k) and my server will drop packet consistently at a regular interval. I found that this statement may not be valid since the three server is using three different network drive and it would be quite impossible that the same problem is being caused by three different network adapter and thus different network driver. Since then I have tried to tune up the performance by playing around with the /etc/sysctl.conf figures with no luck. kern.ipc.somaxconn=1024 kern.ipc.shmall=3276800 kern.ipc.shmmax=1638400000 # Security net.inet.ip.redirect=0 net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 net.inet.icmp.maskrepl=0 net.inet.icmp.log_redirect=0 net.inet.icmp.drop_redirect=1 net.inet.tcp.drop_synfin=1 # Security net.inet.udp.blackhole=1 net.inet.tcp.blackhole=2 # Required by pf net.inet.ip.forwarding=1 #Network Performance Tuning kern.ipc.maxsockbuf=16777216 net.inet.tcp.rfc1323=1 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.recvbuf_max=16777216 # Setting specifically for 1 or even 10Gbps network net.local.stream.sendspace=262144 net.local.stream.recvspace=262144 net.inet.tcp.local_slowstart_flightsize=10 net.inet.tcp.nolocaltimewait=1 net.inet.tcp.mssdflt=1460 net.inet.tcp.sendbuf_auto=1 net.inet.tcp.sendbuf_inc=16384 net.inet.tcp.recvbuf_auto=1 net.inet.tcp.recvbuf_inc=524288 net.inet.tcp.sendspace=262144 net.inet.tcp.recvspace=262144 net.inet.udp.recvspace=262144 kern.ipc.maxsockbuf=16777216 kern.ipc.nmbclusters=32768 net.inet.tcp.delayed_ack=1 net.inet.tcp.delacktime=100 net.inet.tcp.slowstart_flightsize=179 net.inet.tcp.inflight.enable=1 net.inet.tcp.inflight.min=6144 # Reduce the cache size of slow start connection net.inet.tcp.hostcache.expire=1 Our network admin also claim that they see quite a lot of network up and down from their cisco switch log while I cannot find any up down message inside the dmesg. Have further checked the netstat -s but dont have concrete idea. tcp: 133695291 packets sent 39408539 data packets (3358837321 bytes) 61868 data packets (89472844 bytes) retransmitted 24 data packets unnecessarily retransmitted 0 resends initiated by MTU discovery 50756141 ack-only packets (2148 delayed) 0 URG only packets 0 window probe packets 4372385 window update packets 39781869 control packets 134898031 packets received 72339403 acks (for 3357601899 bytes) 190712 duplicate acks 0 acks for unsent data 59339201 packets (3647021974 bytes) received in-sequence 114 completely duplicate packets (135202 bytes) 27 old duplicate packets 0 packets with some dup. data (0 bytes duped) 42090 out-of-order packets (60817889 bytes) 0 packets (0 bytes) of data after window 0 window probes 3953896 window update packets 64181 packets received after close 0 discarded for bad checksums 0 discarded for bad header offset fields 0 discarded because packet too short 45192 discarded due to memory problems 19945391 connection requests 1323420 connection accepts 0 bad connection attempts 0 listen queue overflows 0 ignored RSTs in the windows 21133581 connections established (including accepts) 21268724 connections closed (including 32737 drops) 207874 connections updated cached RTT on close 207874 connections updated cached RTT variance on close 132439 connections updated cached ssthresh on close 42392 embryonic connections dropped 72339338 segments updated rtt (of 69477829 attempts) 390871 retransmit timeouts 0 connections dropped by rexmit timeout 0 persist timeouts 0 connections dropped by persist timeout 0 Connections (fin_wait_2) dropped because of timeout 13990 keepalive timeouts 2 keepalive probes sent 13988 connections dropped by keepalive 173044 correct ACK header predictions 36947371 correct data packet header predictions 1323420 syncache entries added 0 retransmitted 0 dupsyn 0 dropped 1323420 completed 0 bucket overflow 0 cache overflow 0 reset 0 stale 0 aborted 0 badack 0 unreach 0 zone failures 1323420 cookies sent 0 cookies received 1864 SACK recovery episodes 18005 segment rexmits in SACK recovery episodes 26066896 byte rexmits in SACK recovery episodes 147327 SACK options (SACK blocks) received 87473 SACK options (SACK blocks) sent 0 SACK scoreboard overflow 0 packets with ECN CE bit set 0 packets with ECN ECT(0) bit set 0 packets with ECN ECT(1) bit set 0 successful ECN handshakes 0 times ECN reduced the congestion window udp: 5141258 datagrams received 0 with incomplete header 0 with bad data length field 0 with bad checksum 1 with no checksum 0 dropped due to no socket 129616 broadcast/multicast datagrams undelivered 0 dropped due to full socket buffers 0 not for hashed pcb 5011642 delivered 5016050 datagrams output 0 times multicast source filter matched sctp: 0 input packets 0 datagrams 0 packets that had data 0 input SACK chunks 0 input DATA chunks 0 duplicate DATA chunks 0 input HB chunks 0 HB-ACK chunks 0 input ECNE chunks 0 input AUTH chunks 0 chunks missing AUTH 0 invalid HMAC ids received 0 invalid secret ids received 0 auth failed 0 fast path receives all one chunk 0 fast path multi-part data 0 output packets 0 output SACKs 0 output DATA chunks 0 retransmitted DATA chunks 0 fast retransmitted DATA chunks 0 FR's that happened more than once to same chunk 0 intput HB chunks 0 output ECNE chunks 0 output AUTH chunks 0 ip_output error counter Packet drop statistics: 0 from middle box 0 from end host 0 with data 0 non-data, non-endhost 0 non-endhost, bandwidth rep only 0 not enough for chunk header 0 not enough data to confirm 0 where process_chunk_drop said break 0 failed to find TSN 0 attempt reverse TSN lookup 0 e-host confirms zero-rwnd 0 midbox confirms no space 0 data did not match TSN 0 TSN's marked for Fast Retran Timeouts: 0 iterator timers fired 0 T3 data time outs 0 window probe (T3) timers fired 0 INIT timers fired 0 sack timers fired 0 shutdown timers fired 0 heartbeat timers fired 0 a cookie timeout fired 0 an endpoint changed its cookiesecret 0 PMTU timers fired 0 shutdown ack timers fired 0 shutdown guard timers fired 0 stream reset timers fired 0 early FR timers fired 0 an asconf timer fired 0 auto close timer fired 0 asoc free timers expired 0 inp free timers expired 0 packet shorter than header 0 checksum error 0 no endpoint for port 0 bad v-tag 0 bad SID 0 no memory 0 number of multiple FR in a RTT window 0 RFC813 allowed sending 0 RFC813 does not allow sending 0 times max burst prohibited sending 0 look ahead tells us no memory in interface 0 numbers of window probes sent 0 times an output error to clamp down on next user send 0 times sctp_senderrors were caused from a user 0 number of in data drops due to chunk limit reached 0 number of in data drops due to rwnd limit reached 0 times a ECN reduced the cwnd 0 used express lookup via vtag 0 collision in express lookup 0 times the sender ran dry of user data on primary 0 same for above 0 sacks the slow way 0 window update only sacks sent 0 sends with sinfo_flags !=0 0 unordered sends 0 sends with EOF flag set 0 sends with ABORT flag set 0 times protocol drain called 0 times we did a protocol drain 0 times recv was called with peek 0 cached chunks used 0 cached stream oq's used 0 unread messages abandonded by close 0 send burst avoidance, already max burst inflight to net 0 send cwnd full avoidance, already max burst inflight to net 0 number of map array over-runs via fwd-tsn's ip: 137814085 total packets received 0 bad header checksums 0 with size smaller than minimum 0 with data size < data length 0 with ip length > max ip packet size 0 with header length < data size 0 with data length < header length 0 with bad options 0 with incorrect version number 1200 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 300 packets reassembled ok 137813009 packets for this host 530 packets for unknown/unsupported protocol 0 packets forwarded (0 packets fast forwarded) 61 packets not forwardable 0 packets received for unknown multicast group 0 redirects sent 137234598 packets sent from this host 0 packets sent with fabricated ip header 685307 output packets dropped due to no bufs, etc. 52 output packets discarded due to no route 300 output datagrams fragmented 1200 fragments created 0 datagrams that can't be fragmented 0 tunneling packets that can't find gif 0 datagrams with bad address in header icmp: 0 calls to icmp_error 0 errors not generated in response to an icmp message Output histogram: echo reply: 305 0 messages with bad code fields 0 messages less than the minimum length 0 messages with bad checksum 0 messages with bad length 0 multicast echo requests ignored 0 multicast timestamp requests ignored Input histogram: destination unreachable: 530 echo: 305 305 message responses generated 0 invalid return addresses 0 no return routes ICMP address mask responses are disabled igmp: 0 messages received 0 messages received with too few bytes 0 messages received with wrong TTL 0 messages received with bad checksum 0 V1/V2 membership queries received 0 V3 membership queries received 0 membership queries received with invalid field(s) 0 general queries received 0 group queries received 0 group-source queries received 0 group-source queries dropped 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 V3 reports received without Router Alert 0 membership reports sent arp: 376748 ARP requests sent 3207 ARP replies sent 245245 ARP requests received 80845 ARP replies received 326090 ARP packets received 267712 total packets dropped due to no ARP entry 108876 ARP entrys timed out 0 Duplicate IPs seen ip6: 2226633 total packets received 0 with size smaller than minimum 0 with data size < data length 0 with bad options 0 with incorrect version number 0 fragments received 0 fragments dropped (dup or out of space) 0 fragments dropped after timeout 0 fragments that exceeded limit 0 packets reassembled ok 2226633 packets for this host 0 packets forwarded 0 packets not forwardable 0 redirects sent 2226633 packets sent from this host 0 packets sent with fabricated ip header 0 output packets dropped due to no bufs, etc. 8 output packets discarded due to no route 0 output datagrams fragmented 0 fragments created 0 datagrams that can't be fragmented 0 packets that violated scope rules 0 multicast packets which we don't join Input histogram: UDP: 2226633 Mbuf statistics: 962679 one mbuf 1263954 one ext mbuf 0 two or more ext mbuf 0 packets whose headers are not continuous 0 tunneling packets that can't find gif 0 packets discarded because of too many headers 0 failures of source address selection Source addresses selection rule applied: icmp6: 0 calls to icmp6_error 0 errors not generated in response to an icmp6 message 0 errors not generated because of rate limitation 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length Histogram of error messages to be generated: 0 no route 0 administratively prohibited 0 beyond scope 0 address unreachable 0 port unreachable 0 packet too big 0 time exceed transit 0 time exceed reassembly 0 erroneous header field 0 unrecognized next header 0 unrecognized option 0 redirect 0 unknown 0 message responses generated 0 messages with too many ND options 0 messages with bad ND options 0 bad neighbor solicitation messages 0 bad neighbor advertisement messages 0 bad router solicitation messages 0 bad router advertisement messages 0 bad redirect messages 0 path MTU changes rip6: 0 messages received 0 checksum calculations on inbound 0 messages with bad checksum 0 messages dropped due to no socket 0 multicast messages dropped due to no socket 0 messages dropped due to full socket buffers 0 delivered 0 datagrams output netstat -m 516/5124/5640 mbufs in use (current/cache/total) 512/1634/2146/32768 mbuf clusters in use (current/cache/total/max) 512/1536 mbuf+clusters out of packet secondary zone in use (current/cache) 0/1303/1303/12800 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/6400 9k jumbo clusters in use (current/cache/total/max) 0/0/0/3200 16k jumbo clusters in use (current/cache/total/max) 1153K/9761K/10914K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/8/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines Anyone got an idea what might be the possible cause?

    Read the article

  • A BYOD World in Mobile Enterprise Brings the Need to Adapt

    - by Webgui
    Yesterday brought a lot of news coverage that Cisco has stopped funding and planning its Cius enterprise-grade tablet.  Citing “market transitions” in which an increasing number of people b ring their own smartphones and tablets to work, Cisco General Manager OJ Winge said in a post on the company's official blog that “Cisco will no longer invest in the Cisco Cius tablet form factor, and no further enhancements will be made to the current Cius endpoint beyond what’s available today.”  Employees are “bringing their preferences to work” and collaboration “has to happen beyond a walled garden,” he said.The blog post also cited a recently released Cisco study which found that 95% of organizations surveyed allow employee-owned devices in some way, shape or form in the office, and, 36% of surveyed enterprises provide full support for employee-owned devices.   How is Cisco planning to move forward to adapt to this changing business environment?  Instead of focusing on tablets for enterprise customers, Cisco will instead "double down" on software that works across a variety of operating systems and smart phones and tablets, Winge said.See the post from the Cisco blog here - http://blogs.cisco.com/collaboration/empowering-choice-in-collaboration/ We at Gizmox recognize this need to adapt to the changing environment.  Our Enterprise Mobile solution is designed and built for that post-PC, BYOD business world.  We recognized the importance of providing a cross-platform solution that can easily target different devices and operating systems. We went with a web-based mobile application approach in order to achieve that and we decided to go with the new open web standard - HTML5.Our solution however provides both client and the server side programming and its uniqueness is that it allows those cross-platform HTML5 mobile applications while developing within Visual Studio using classic visual form based development. As a result, .NET developers can build secure, efficient, data-centric enterprise mobile application for cross platform mobile devices with their existing skills and tools.  See our new video about our EnterpriseMobile solution Enterprise applications today need to work on all devices, across different platforms and OS’s.  It’s just a fact of life.  How about you – do you bring your own device to work?  What’s your company’s BYOD policy?

    Read the article

  • pfSense Firewall or Linsys/Cisco router for small offices

    - by Tim Meers
    I'm about to start switching some networks around for multiple small offices. Each office has about 10 to 15 users and 10 to 15 computers. Each office has a spread of generic routers and access points. The routers vary from being used as routers, to just being an access point for wireless. Nothing formal has really ever beem implemented for each of the 10 offices. What I'm wanting is to set up a pfSense box for each office to configure things like: traffic shaping (for VoIP QOS) URL Filtering DHCP static routing multiple VLANs I'll then use some of the existing hardware for wireless. Maybe even integrate the wireless right into the firewall depending on the office layout. So my question, would this be better to do a full blown firewall box, or but a new business class or high end consumer class Linksys router to do the URL filtering, QOS and DHPC? Each option could allow for remote access and VPN for remote maintnance and each would only cost a nominal about of money for something decent, i.e. under $250.

    Read the article

  • channel interference in cisco wireless access points 1130ag

    - by baskaran
    hello all, i am working as a network admin . in our client company we are eabling more than 70 access point in these 5 are outdoor access points . in this outdoor access points i am getting channel interference is failed , i have changed the channel manually through wlc . at that time only i am getting passed ,after that again it will be failed . so wt should i do ,please help me.

    Read the article

  • SNMP counter issues with cisco RV082

    - by Chance
    Does anyone else poll this router with SNMP? We are using firmware version: 2.0.0.19-tz We are having problems with the traffic counters, some of them appear to be implemented as 16 bit counter instead of 32 bit counters. The reason this is causing problems is that they roll over (at 65,000) to 0 in less than our minute polling cycle, really skewing our metrics. The counter for the Lan (interface 2) seems to be functioning properly, however interfaces 3 and 4 (WAN and DMZ / WAN2) rollover at 65000. Tue May 11 08:38:31 EDT 2010 IF-MIB::ifInOctets.1 = Counter32: 137634 IF-MIB::ifInOctets.2 = Counter32: 1865677943 IF-MIB::ifInOctets.3 = Counter32: 12450 IF-MIB::ifInOctets.4 = Counter32: 49354 Look at counter IF-MIB::ifInOctets.4 5 seconds later: Tue May 11 08:38:36 EDT 2010 IF-MIB::ifInOctets.1 = Counter32: 137634 IF-MIB::ifInOctets.2 = Counter32: 1865836207 IF-MIB::ifInOctets.3 = Counter32: 13167 IF-MIB::ifInOctets.4 = Counter32: 12900 Any suggestions? Seems like a bug to me, however I just wanted to make sure I wasn't crazy.. Thanks!

    Read the article

  • Using two Cisco Aironet 1100's

    - by daniel
    Is it possible to use two of these both providing connectivity to the same network name for additional signal by having one plugged into a hot data port and having the other only powered by the AC? It seems to have worked for one day, then it stopped and I have the middle light blinking, and the other "hot" one solid in the middle and flashing rapidly on the last light.

    Read the article

  • Connect ADSL modem SMC7904WBRA-N to CISCO RV082

    - by Cy.
    I have a SMC7904WBRA-N ADSL modem/router that connects to the internet with a static IP given by the provider. I've received a RV082 to create a VPN connection which is having problems to connect to the remote VPN Server. After many tries we deduced that the SMC7904WBRA-N is being problematic with the NAT and I have been suggested to put the SMC router into the appropriate DSL bridging mode so the RV082 gets direct access to internet with the static IP. Can you give me any hints on how could this be done? Which mode is that?

    Read the article

  • Cisco RV016 dual WAN and VPN setup

    - by sklr
    I have a VPN of several RV016 routers and I want to set some of them with 2 ISPs. I plug the two ISP cables in WAN 1 and 2 ports and configure the router to "Intelligent Balancer(Auto Mode)". It works ok like that, but the VPNs that I set use the public IP of the provider. For example if I have 5 VPNs set for ISP1 (WAN1) and the balancer sends the request trough WAN2 it can't use any of the configured VPNs because the public IP is different. How do I deal with this problem?

    Read the article

  • Setting up a VPN tunnel between a Linux box and a Cisco FW

    - by Meni
    Hi. I have a linux box (ubuntu) and I have a service provider that will only allow an IPSEC tunnel connection between his network and my linux box. I have these details from the service provider: Service Provider: Peer IP – Lan on service provider's side - 10.10.10.10/24 Linux box details: Peer IP - Lan - Connection details: Phase1: Sha Aes 128 DH - group x Preshared – Lifetime – 24h Phase2: Sha Aes 128 Lifetime – 1h I am not sure which app I need to install on the linux box that will support this type of connection. Any ideas? Thanks!

    Read the article

  • Formatting data from management database

    - by bVector
    I've got some data that goes like this: Config_Name Question Answer Cisco WAN Sensitivity: High Cisco WAN Authorized Users: Brent, Charles Cisco WAN Last Audited: n/a Cisco WAN Next Audit: 3/30/2012 Cisco WAN Audit Signature: Cisco WAN Username: MYCOMPANY Cisco WAN Password: Cisco WAN Encrypted-A ENCRYPTED DATA Cisco WAN Encrypted-B Cisco WAN Encrypted-C vCenter server Sensitivity: High vCenter server Authorized Users: Brent, Charles vCenter server Last Audited: vCenter server Next Audit: 3/30/2012 vCenter server Audit Signature: ENCRYPTED DATA vCenter server Username: administrator vCenter server Password: vCenter server Encrypted-A ENCRYPTED DATA vCenter server Encrypted-B vCenter server Encrypted-C AKSC-NE01 IPMI Sensitivity: High AKSC-NE01 IPMI Authorized Users: Brent, Charles AKSC-NE01 IPMI Last Audited: AKSC-NE01 IPMI Next Audit: 3/30/2012 AKSC-NE01 IPMI Audit Signature: ENCRYPTED DATA AKSC-NE01 IPMI Username: MYCOMPANY AKSC-NE01 IPMI Password: AKSC-NE01 IPMI Encrypted-A ENCRYPTED DATA AKSC-NE01 IPMI Encrypted-B AKSC-NE01 IPMI Encrypted-C and I need it to be in this format: Config_Name Sensitivity: Authorized Users: Last Audited: Next Audit: Audit Signature: Username: Password: Encrypted-A Encrypted-B Encrypted-C AKSC-NE01 IPMI High Brent, Charles 3/30/2012 ENCRYPTED DATA MYCOMPANY ENCRYPTED DATA Cisco ASA5505 WAN High Brent, Charles n/a 3/30/2012 ENCRYPTED DATA MYCOMPANY ENCRYPTED DATA vCenter server High Brent, Charles 3/30/2012 ENCRYPTED DATA administrator ENCRYPTED DATA the tabs get messed up on here but hopefully you get my drift. does anyone know an easy way to do this? I haven't found one with excel just yet.

    Read the article

  • why is port 500 in use and how can I free it? VPNC error

    - by kirill_igum
    i tried to use network manager to connect to my university's vpn; it didn't work. then i used a command line vpnc: > sudo vpnc [sudo] password for kirill: Enter IPSec gateway address: vpn.net.**.edu Enter IPSec ID for vpn.net.**.edu: ** Enter IPSec secret for **@vpn.net.**.edu: Enter username for vpn.net.**.edu: ** Enter password for **@vpn.net.**.edu: vpnc: Error binding to source port. Try '--local-port 0' Failed to bind to 0.0.0.0:500: Address already in use then i did this: sudo vpnc --local-port 0 with the same config and it all worked. i'd like to be able to use network manager gui to connect to vpn. I wanted to find out which program uses the port 500: > sudo netstat -a |grep 500 tcp 0 0 *:17500 *:* LISTEN udp 0 0 *:4500 *:* udp 0 0 *:17500 *:* unix 3 [ ] STREAM CONNECTED 63500 unix 3 [ ] STREAM CONNECTED 12500 @/tmp/.X11-unix/X0 there is nothing that uses 500 i'm using ubuntu 10.10 on thinkpad x201t

    Read the article

  • Shared secret length limit on OSX VPN client

    - by Samuel
    I'm trying to setup the built-in VPN client with OS X. The settings I'm using (IPsec GW, shared secret, etc...) work flawlessly using other clients (IPsecuritas, vpnc, etc...) but isn't working with the built-in client. The error I get is: Wrong shared secret (not the exact message, since OS X is localized) The shared secret is 128 chars long so I'm wondering if it's hitting a length limit. I would like to know if that's true, and if so, how I could overcome it?

    Read the article

  • SSTP BPDU with bad TLV and macflap -- info please

    - by Adeodatus
    Hi All, I'm slowly locking down the network I've inherited and mac-flapping has been a problem in the past with customers doing all kinds of crazy things. Thats changing but I am now encountering this error: Dec 30 18:31:31 10.50.1.50 1565: 001567: Dec 30 18:31:30: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.f681 in vlan 1 is flapping between port Gi0/5 and port Gi0/48 Dec 30 18:43:28 10.50.1.50 1566: 001568: Dec 30 18:43:26: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on GigabitEthernet0/5 VLAN1. Dec 30 18:48:18 10.50.1.50 1567: 001569: .Dec 30 18:48:17: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on GigabitEthernet0/5 VLAN1. unfortunately, that mac address is the mac of our core router, the only link to the internet, on port gi0/48 On the other end of gi0/5, I have about 50 bridged customer machines connected through a series of managed and unmanaged L2 switches. Yes, on VLAN1 too ... like I said, working on changing this slowly. In the mean time, it has me quite baffled on how to deal with this and track down the customer or switch that is the problem. What else could be going on with these messages ... the bad TLV is a new one for me. Any ideas? Thank you and Happy New Year to you all!!

    Read the article

  • Fortinet: Is there any equivalent of the ASA's packet-tracer command?

    - by Kedare
    I would like to know if there is not Fortigates an equivalent of the packet-tracer command that we can find on the ASA. Here is an example of execution for those who don't know it: NAT and pass : lev5505# packet-tracer input inside tcp 192.168.3.20 9876 8.8.8.8 80 Phase: 1 Type: ACCESS-LIST Subtype: Result: ALLOW Config: Implicit Rule Additional Information: MAC Access list Phase: 2 Type: ROUTE-LOOKUP Subtype: input Result: ALLOW Config: Additional Information: in 0.0.0.0 0.0.0.0 outside Phase: 3 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group inside-in in interface inside access-list inside-in extended permit tcp any any eq www access-list inside-in remark Allows DNS Additional Information: Phase: 4 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Phase: 5 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Phase: 6 Type: NAT Subtype: Result: ALLOW Config: object network inside-network nat (inside,outside) dynamic interface Additional Information: Dynamic translate 192.168.3.20/9876 to 81.56.15.183/9876 Phase: 7 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Phase: 8 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 94755, packet dispatched to next module Result: input-interface: inside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: allow Blocked by ACL: lev5505# packet-tracer input inside tcp 192.168.3.20 9876 8.8.8.8 81 Phase: 1 Type: ROUTE-LOOKUP Subtype: input Result: ALLOW Config: Additional Information: in 0.0.0.0 0.0.0.0 outside Phase: 2 Type: ACCESS-LIST Subtype: Result: DROP Config: Implicit Rule Additional Information: Result: input-interface: inside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule Is there any equivalent on the Fortigates ?

    Read the article

< Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32  | Next Page >