Can Cisco Routers, Switches, or Firewalls run AV?

Similar Messages

• How can i upgrade system IOS images of routers, switches and firewalls

  Hi,
  I am very much surprised and less of understanding yet how Cisco's licensing program or IOS upgrades are done. I have many routers, switches & ASA's of whom i wan to upgrade the IOS's but i cannot do so. How ever i can download those images from internet but i want to know how can i do this from Cisco as i don't want to trust those IOS's available over internet.
  As per my study what i have found that i need to have Cisco Service Contract number for that devices so that i can download updated IOS Images for them.
  Someone kindly explain what are the best methods for the above requirements.
  Regards
  @Mohammed

  You're correct regarding a service contract. Cisco calls this Smartnet support. It includes both hardware support (i.e. returns for failed hardware), software support (including right to download and upgrade your software) and technical assistance (via the Cisco TAC). Smartnet is charged separately for each covered device. Once you have it, your cisco.com userid needs to be associated with your service contract number. Doing that will then allow you to download the software from cisco.com. (There are some very limited cases in which you don't have to have a support contract - mostly when there is a security advisory (PSIRT) indicating the Cisco software was flawed as it was initially released.)
  Every product (or product family) has a product support page on cisco.com. That page includes release notes, configuration guide, users guides, and a link to software downloads for that product. Start by reading the release notes and determining which (if any) upgrade is appropriate for your product. Then you can download and upgrade the software as necessary.

• Remote Command Tool for Cisco Routers/Switches

  Is anyone aware of any tools or scripts out there which allow preconfigured commands to be remotely run again Cisco Router/Switches and display the output result?
  I'm looking for a tool which I can give our Service Desk personnel that will allow them to select from a list of commands enter a target IP Address of a router/switch and then the tool will display the vlan table or the running config of a particular switch-port so they can see if its configured on the correct data vlan or its missing its voice vlan etc.
  For example a Service Desk Operator needs to check what vlan a switch-port is on. So they open the tool, enter the switches IP address and the port number and select an option like "display a switch-ports vlan" and the tool will login into the switch in the background run a show command on the switch and then output the result.
  Thanks.

  Check out rConfig. You will be able to run multiple instances of it i.e. one instance for your standard configuration backups and another for more specific configuration downloads info like show vlan bri commands etc for service desk staff to view.
  You could also use the IOS menu function and create menus or role based access on each of your devices for your users.
  Regards
  Stephen
  ==========================
  http://www.rConfig.com 
  A free, open source network device configuration management tool, customizable to your needs!
  - Always vote on an answer if you found it helpful

• SBR and cisco routers/switches

  HI all,
  i have a juniper SBR and large no  of cisco devices as RAS/NAS.
  i would like to have level 1 team to have just read only profile .
  and level 2 team to have read and write access . i guess to accomplish this on a non cisco aaa product  ,
  1) DO i need to downlaod cisco radius attribute dictonary file . if yes where is the downlaod link ?
  2) As user profiles are basic one ., their should be a standard attribute which has this feature . in case this is true which ietf attribute i can use ?
  3) what aer vsa ? does cisco vsa help me in accomplishing my goals with SBR?
  4) if i get above answers i can move in right direction accompleshing the same with firewall vendor a , ssl vpn vendor b , wifi controller vendor c , dslamp vendor e ....
  Any response will be much appreciated .

  I have a 3750X and an SG300 trunked together and they are both running RSTP.
  I set my 3750X to rapid-pvst
  I set my SG300 to rstp
  A "show spanning" on both devices yields: "Spanning tree enabled protocol rstp".
  Both seem to be communicating STP fine.

• Can cisco 3560 switch act as wireless controlrer

  wireless issue

  Not 3560, but 3650 can do that
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-switches/data_sheet_c78-729449.html
  If you have 3650 model & having some issue, then refer below post that may help you. Even though it refer 3850 configuration should be very similar on 3650
  http://mrncciew.com/2013/09/29/getting-started-with-3850/
  HTH
  Rasika
  **** Pls rate all useful respones ****

• Access Server 2511 can't access Routers & Switch

  Hi,
  i recently bought Cisco Routers, Switch, Access Server and Frame-relay for my CCNP home lab, but problem is that my Access Server 2511 can't connect to any other devices like router or switch, i have configure "loopback 200.1.1.1" than setup "ip host Router1 2001 200.1.1.1" command for all of my other devices, when i try to connect to other devices it give me this message but do not show prompt for that device...
  (Router#f2
  Translating "f2"
  Trying f2 (200.1.1.1, 2001)... Open)
  i leave this message for a long time but Prompt never come....
  i also use CLEAR line command to clear but problem still exist.
  Please help me to resolve this problem...
  Regards,
  ABDUL

  Hi
  Thank you for your guidance, i have done changes which you were suggested, but problem still exit ..this is my fifth day battling with this issue..i can connect and work on all devices through network using # telnet  (ip address of any device) ..i am using the right cable (72-0845-01) Cisco Cab-Octal-Async 8 Lead Octal Cable (68 pin to 8 Male RJ-45s)... now i am thinking that there is a problem with cable or Access Server 2511 physically not with configuration..any way i am waiting for your reply...
  tserver#sh run
  Building configuration...
  Current configuration : 1054 bytes
  version 12.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname tserver
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$sWZ2$iNhMYtvWsbwBSGLnYtphr/
  enable password cisco
  no aaa new-model
  ip subnet-zero
  no ip domain lookup
  ip host f1 2001 172.168.1.1
  ip host s1 2002 172.168.1.1
  ip host r1 2007 172.168.1.1
  ip host f2 2009 172.168.1.1
  ip host s2 2010 172.168.1.1
  ip host r2 2016 172.168.1.1
  interface Loopback0
  ip address 172.168.1.1 255.255.255.0
  interface Ethernet0
  no ip address
  shutdown
  interface Serial0
  no ip address
  shutdown
  no fair-queue
  interface Serial1
  no ip address
  shutdown
  ip http server
  ip classless
  dialer-list 1 protocol ip permit
  line con 0
  password cisco
  login
  transport output telnet
  telnet speed 9600 38400
  line 1 16
  transport input telnet
  transport output telnet
  flowcontrol hardware
  line aux 0
  line vty 0 4
  password cisco
  login
  transport input telnet
  transport output telnet
  telnet speed 9600 38400
  end 

• Ipv6 HSRP gloabl unicast address on cisco 3560 switch

  Dear Team,
  We are using cisco 3560 switch. Now we are going to implement ipv6 in our network. But we are not disturbing to existing ipv4. my question is 1) Can we confiure the global unicast ipv6 address in ipv6 HSRP and 2) can cisco 3560 switch will support ipv4 and ipv6 standby group on same SVI ?                 

  YES

• Facing issue in using SNMPV3 on Cisco Routers

  Hi,
  Actually, i am trying to implement SNMPV3 on Cisco Routers & Switches to manage & monitor these devices in a more secure manner using NMS called Orion (NPM) Network Performance Monitor.
  When i am going to add the node on Orion (NPM), it is showing me an error that the device does not support the interfaces MIB.
  The Routers IOS Version and its feature set is as under:
  Cisco 3800 & 2800 (IOS version 12.4(20)T2 Advance IP Services).
  Configuration as under:
  snmp-server DEPT_GRP V3 auth context DEPT_CTX read DEPT_VIEW
  snmp-server view DEPT_VIEW iso included
  snmp-server view DEPT_VIEW internet included
  snmp-server view DEPT_VIEW interfaces included
  snmp-server view DEPT_VIEW system  included
  snmp-server view DEPT_VIEW chassis included
  snmp-server context DEPT_CTX
  snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123
  snmp-server host 213.42.48.158 version 3 auth SNMPADMIN
  At Orion parameters are given as under:
  username :- SNMPADMIN
  SNMPV3 context :- DEPT_CTX
  SNMPV3 Authentication :- SHA1
  SNMPV3 Privacy/Encryption :- DES56
  Password Key :- cisco123 (All the places)
  Kindly help me out and advise me where i am going wrong. Kindly check the configuration above is anything missing in it regarding the SNMPV3 configuration.
  Rgds,
  Ayaz Ali

  Hi Joe,
  Thanks for your response. As per your reply, i had removed the context and views which were configured earlier on the router and followed the same instructions as you mentioned in your reply, but i would like to tell you one thing about the configuration that i had done for snmp v3.
  Your configuration is :-
  snmp-server group DEPT_GRP v3 auth read v1default
  snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123
  My Configuration is :-
  snmp-server group DEPT_GRP v3 priv read v1default
  snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123
  In your configuration, you are using Authentication (Auth) for the SNMP v3 group and if u select auth (Keyword) then you have to only provide authentication method (SHA,MD5) no privacy keys for encryption (DES,AES) in snmp user configuration, otherwise it will give you an error that credential not matched on the host when you try to poll the device.
  In my configuration, I am using privacy (priv) for the SNMP v3 group, thats why i had given both authentication and encryption keys under SNMP user configuration.
  In short, user settings are dependent on the group settings if you are using auth then it only support authentication but no privacy and if you are using priv then it allow both authentication and encryption (privacy).
  Thanks for your support, it really helped me out in solving the issue. Now, i am able to poll my all routers using snmp v3.
  Rgds,
  Ayaz Ali

• Ask the Expert: Packet Capture Capabilities of Cisco Routers and Switches

  With Rahul Rammanohar 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about packet capture capabilities of Cisco routers and switches.
  In May 2013, we created a video that included packet capture capabilities across multiple Cisco routers and switches. For each product, we began with a discussion about the theory of the capabilities, followed by an explanation of the commands, and we concluded with a demo on real devices. In this Ask the Expert event, you’re encouraged to ask questions about the packet capture capabilities of these Cisco devices:
  •       7600/6500: mini protocol analyzer (MPA), ELAM, and Netdr
  •       ASR9k: network processor capture
  •       7200/ISRs: embedded packet capture
  •       Cisco Nexus 7K, 5K, and 3K: Ethanalyzer
  •       Cisco Nexus 7K: ELAM
  •       CRS: show captured packets
  •       ASR1K: embedded packet capture
  More Information
  Blog URL: Packet Capture Capabilities of Cisco Routers and Switches
  Watch the Video:  https://supportforums.cisco.com/videos/6226
  Hitesh Kumar is a customer support engineer in the High-Touch Technical Services team at Cisco specializing in routing protocols. He has been supporting major service providers and enterprise customers in routing, Multiprotocol Label Switching (MPLS), multicast, and Layer 2 VPN (L2VPN) issues on routing platforms for more than three years. He has more than six years of experience in the IT industry and holds a CCIE certification (number 38757) in service. 
  Rahul Rammanohar is a technical leader with the High-Touch Technical Support Team in India. He handles escalations in the area of routing protocols and large-scale architectures for devices running Cisco IOS, IOS-XR, and IOS-XE Software. He has been supporting major service providers and large enterprise customers for routing, MPLS, multicast, and L2VPN issues on all routing platforms. He has more than 13 years of experience and holds a CCIE certification (number 13015) in routing/switching and service provider.
  Remember to use the rating system to let Hitesh and Rahul know if you have received an adequate response.  
  Because of the volume expected during this event, Hitesh and Rahul might not be able to answer each question. Remember that you can continue the conversation in the Service Provider, sub-community forum shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Erick
      Thanks for the topology. The trigger will be different for labelled  packet as you would need to mention the values of labels too in the  trigger.
       Below are two examples of one or two labels being  used, it depends on where you are capturing the packet in mplsvpn  scenario which will decide teh number of labels being imposed on the  packet.
  Trigger for one label. (if the router on which you are capturing the packet PHP is being performed)
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x88470162 0xE0000000 0 0 0x00006F6F 0x6F6F 7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
  Trigger for two labels. (for other core routers)
  IGP label - 1234
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x8847004D 0x20000162 0xE0000000 0 0 0x00006F6F 0x6F6F7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf000ffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
      You can check the labels being used (by using show ip cef <> details) and covert their values to hex and change the trigger accordingly.
       I have changed the colors for better understanding. If you notice carefully in the trigger the values for ip address, labels have just been converted to their respective hex values which could be replaced.
       Please let me know if this helps.
  Thanks & Regards
  Hitesh & Rahul

• The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches

  Hello
  I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
  Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
  PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
  Is it possible to integrate into Cisco Router such as Cisco 891F ?
  In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
  I think there might be any unsupported feature on Cisco 891F.
  I appreciate any information. thank you very much in advance.
  Best Regards,
  Masanobu Hiyoshi

  Many time in interviews asked comaprison between cisco  routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
  Ummmm ... The most common question I get is "what is the difference between a router and a switch".
  However, if you get a question like this, then my impression to this line of questioning are:
  1.  The candidate they are looking for has in-depth knowledge of routers and switches.  And I mean IN-DEPTH!;
  2.  They are not looking for a candidate.  They just want to stroke their ego.  There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger.  And if you do happen to know the answer, then and there, then expect a tougher follow-up question. 

• Can we schedule backup of cisco san switch 9148 through windows backup utility.

  can we schedule backup of cisco san switch 9148 through windows backup utility.

  sure, you can write a batch/perl/powershell/whatever script that will connect to your switch and then backup the configuration. You need to decided where you are going to back it up to, possible options include TFTP, SCP, FTP, SFTP.  For example i am backing to a TFTP server, my perl script connect to the switch and runs this command:
  copy startup-config tftp://tfpserver-ip/mds9513.$(TIMESTAMP).config
  TIMESTAMP is actually a built-in variable that will be replaced with the date/time configured on the switch.

• Hi, Can you help me I am running an iMac 10.7.5 and iPad 6.0.1 and a macair10.8.2. iCloud is syncing emails and notes but not photos. Photo streaming is switched on on the iMac. what do I need to do to stream photos?

  Hi, Can you help me I am running an iMac 10.7.5 and iPad 6.0.1 and a macair10.8.2. iCloud is syncing emails and notes but not photos. Photo streaming is switched on on the iMac. what do I need to do to stream photos?

  Hi you have basicly 2 Options.
  1 -if you Switch One fotostream on all 3 devices of yours which are working on the same apple id -all Fotos you Take with your iPad will be synchronized via icloud to the other 2 decvices ( w-lan and battery depending).
  2- If you select foots or a whole album in iPhoto on your air or iMac and choose than puplish --> fotostream --> new or existing event you can key in a friends mail. If this friend has iCloud and iPhoto ( for iMac or MacBook ) and click on the link in the email it will download this fotos in the fotostream section in iPhoto. If he has a iPad, iPhone,... It will do it in the foto app and if he doesn't have a iCloud account at all and you choose "public web site" while publishing he can see your fotostream on a website.

• How can i configure hsrp in cisco 3850 switch please guide me

  how can i configure hsrp in cisco 3850 switch please guide me

  Hi Mauleshg,
  Please the below mention link to configure Hsrp hope this will help you.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ip/configuration_guide/b_fhrp_3se_3850_cg/b_fhrp_3se_3850_cg_chapter_010.html
  Br.
  Mohseen Patel

• How can I mirror all ports on CISCO 3750 switches to one Gigabyte port?

  Hi,
  I have a requirement to mirror all the ports on my 7 CISCO 3750 switches, which are in 3 separate stacks, to one single Gigabyte Ethernet port.
  Does anyone know how I can do that?
  Thanks in advance.

  Vlad, thanks a heap for your response.
  I want to apply to my sitation. Please let me know if I get them right in the following:
  Catalyst A
  vlan 901
  remote-span
  monitor session 1 source interface fastethernet 1-48 (I want to monitor all ports on the CISCO 3725)
  monitor session 1 destination remote vlan 901
  Catalyst B
  vlan 901
  remote-span (If I don't need to monitor this switch, do I still need to put anything into this switch at all?)
  Catalyst C
  vlan 901
  remote-span
  monitor session 1 source interface fastethernet 1-48 (I want to monitor all ports on this switch as well)
  monitor session 1 source remote vlan 901
  monitor session 1 destination interface gigabitethernet 3 (There are 4 Gigabit Ethernet Uplink in CISCO 3750, I want all the traffic to go to port 3, is this the right way to do?)
  Thanks in advance.

• Can cisco router support OSPF-TE and ISIS-TE same time for CSPF to compute a TE LSP? I may need to run both IGP in parreral.

  Can cisco router support OSPF-TE and ISIS-TE same time for CSPF to compute a TE LSP? I may need to run both IGP in parreral.

  hello - I have just moved your post to the Topic forums - you had posted your question in an obscure non-visible promotional community  Hopefully our community users will see your question now.