Cat 500 disabled port state
I have a couple of Cat 500 express routers in a two building network connected with wireless access points. I had a wireless drop to due to a user unplugging the wireless AP and my switch put my port into disale state "due to traffic only passing in one direction" Is this something that i can avoid having to deal with in the future or is it software feature that you have to deal with on the lower end switches?
ok thanks i will give that a shot and see if that works. I remember though when I first set this site up I had set each of the ports on those two switches to Access Point...i wasnt able to pass traffic and hit another IP?? I had to set the port to Router in order for it work properly....
SW1---AP1======Bridge=====AP2---SW2
thats my layout....
thanks for the help...
Similar Messages
-
LMS 4.2 - Err-disable port state
Hello,
I'm trying to figure it out how exactly LMS learns about ports in err-disable state? Which MIB or command is used?
I have two ME3400 switches with err-disabled ports but LMS shows only the ports of one of the them. Both switches are ME-3400-24TS-A
and have the same IOS version (12.2(53)SE). I'm sure data collection is running fine because it updates the other discrepancies.
What i have tried by now:
- did an SNMP walk from LMS on CISCO-ERR-DISABLED-MIB - no info found there on port status
- did an SNMP walk from LMS on CISCO-STACK-MIB - I know that this MIB contains object portAdditionalOperStatus (1.3.6.1.4.1.9.5.1.4.1.1.23) which shows the operational status of the ports, but it seems that ME3400 does not support it (although it supports CISCO-STACK-MIB), because I cannot see the SNMP reponse in the trace:
========================================================================
The following is a SNMP walk of device 192.168.6.89 starting from .1.3.6.1.4.1.9.5.1.4.1.1.23
SNMP Walk Output
.1.3.6.1.4.1.9.5.1.4.1.1.23
CISCO-STACK-MIB::portAdditionalOperStatus = No Such Object available on this agent at this OID
========================================================================
So how does LMS knows which ports are in err-disable state?
Kind regards,
VelinHello,
The OID that LMS uses for detecting the err-disabled state of the ports is 1.3.6.1.4.1.9.9.548.1.3.1.1.2 (cErrDisableIfStatusCause) from CISCO-ERR-DISABLE-MIB
Velin -
Is it possible to completely disable port 23 on a Cisco device?
When we run the 'show control-plane host open-ports' command on any of our routers (but specifically a CGR 2010) we are seeing port 23 in a listening state.
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
tcp *:22 *:0 SSH-Server LISTEN
tcp *:23 *:0 Telnet LISTEN
udp *:123 *:0 NTP LISTEN
Our auditors are leery of this even though we have shown that we do not have telnet enabled on the VTY lines, only SSH, and there is an ACL in place for further protection. Is there ANY way to completely disable port 23 to keep it from running AT ALL upon startup? I have been scouring the internet for a solution to this and have come up dry. I feel that there has to be a way to do this, but can't figure it out. Is it possible to do at all? And if not I would really like to find some official documentation from Cisco stating that the ports are on by default and cannot be disabled so that I have something to give to our auditors.
Thanks!You cannot shut off the telnet service completely on an IOS router, including the CGR 2010. This can be done on NX-OS ("no service telnet").
As Leo notes and as you mentioned you're already doing, securing the vty lines is considered a good practice. You might also add control plane policing. I've seen that configuration pass NERC audits used in nuclear plants here in the US.
As far as getting something official from Cisco, you'd have to open a TAC case or work with your reseller to get something from the business unit. -
FTP/File Sender Adapter over SSL - 500 Illegal PORT command.
Hello Experts!
I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
Server: server01
Port: 21
Data Connection: Active
Timeout: 100
Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
This is an excerpt of the logs of connection steps:
#Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
#Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
#Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
#Plain##ftp server returns reply '234 Proceed with negotiation.'#
#Plain##ftp server returns reply '331 Please specify the password.'#
#Plain##ftp server returns reply '230 Login successful.'#
#Plain##ftp server returns reply '200 PBSZ set to 0.'#
#Plain##ftp server returns reply '200 PROT now Private.'#
#Plain##ftp server returns reply '215 UNIX Type: L8'#
#Plain##ftp server returns reply '200 Switching to ASCII mode.'#
#Plain##ftp server returns reply '250 Directory successfully changed.'#
#Plain##ftp server returns reply '500 Illegal PORT command.'#
Does anybody know how to solve it?
Thank you in advance!
Roger Allué i VallOk! This is the maximum i could obtain:
Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
I think we found the problem though. FTP Administrator says this is wrong:
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
it should be
Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
Something is making SAP PI to take a wrong ip address (This server has two).
I'll let you know if we solve it!!
Thank you!!! -
Port State Coloring in Prime Optical
We are in the process of changing from CTM to Prime Optical. I can't seem to find the Port State Coloring option in the Prime Optical Control Panel. Is this option no longer available, or am I looking in the wrong Place?
Thanks SteveWe're experiencing similar problem when syslog for STP loop (severity 2) is received, recognized as critical but no alarm is created.
-
Disable port monitoring task not working
Hi,
On SCOM 2012 SP1 the task "disable port monitoring" is not working. When I run it shows a success message but the port\interface keeps to be monitored on scom, the ports that I'm trying to disable the monitoring are members of the Relay Network
Adapters Group. Is there any way to fix this task or manually stop the monitoring of the port\interface ?Hi Carlos,
By coincidence I ran into the same problem today.
It can be disabled by creating an override where you target the specific port object and set the parameter enabled=false.
I am not 100% sure this is the correct way but it works. I am assuming the disable port does something similar but I have to open up the task to confirm this.
For now I hope this helps.
Regards Marthijn van Rheenen
Blog: Heading To The Clouds -
Can I manipulate disabled/rendered state for components in a central way?
I need to manipulate the disabled/rendered state of components in a central way prior rendering - in order to implement some security stuff.
Its not an option for me to do this in the JSF pages themselves.
I kind of assumed that I could either implement a phaselistener or a viewhandler and intercept - but I can not get access to the components until RENDER_RESPONSE - afterphase.... and thats a bit too late.
I have spent some time searching for a way to do this but it seems that others are facing the same issues. So far this article seems the best way to do it: http://appfuse.org/display/APF/Secure+JSF+components
But I would prefer to avoid using aspectj.
I need some help to point me in the correct direction?
Regards,
ChristianAny help would be highly appreciated - what do you experienced developers do in order to implement this kind of logic?
Have a nice weekend.
Regards,
Christian -
Cisco Cat 500 Express deficiency
I have heared complaints about the Cisco Cat 500 switch.
When using the Cat 500 with AP1200 and 7920 IP phones, the phones do not roam from AP to AP.
Also I have found out that the Cat 500 will not relay dhcp request to a server on a seperate vlan from it's configured ip address.
With CLI switches, the "ip helper-address under the vlan will acheive this. With the Cat 500, how do u acheive directed broadcast.
Looks like this switch is not very good. The smartports do not work very well, you will find that choosing "other" as a smartport fixes most connectivity issues.
Cisco your comments?The Cat 500 Express is a Layer 2 switch - like the older model switches, it has a single SVI which is in one VLAN.
If you have more than one VLAN, then you will probably have a device that routes between them (this won't be a Cat 500 - it would be a Cat 3xxx layer three switch or a router most likely) and this device would be what provides Ip-helper functionality...
Regards
Aaron
Please rate helpful posts... -
Hi,
Can anybody clarify the port states in RSTP.
Discarding, Learning & Forwarding.
Does the port state move to 'Blocking' after it finds a redundant link or 'Discarding'
Regards,
PratikHello Pratik,
a good review of port roles can be found f.e. at
http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d84bc.html#1034652
and a description of the "Sequence of Events During Rapid Convergence", which includes what port state can follow which other port state can be found at
http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d84bc.html#10743
Hope this helps! Please rate all posts.
Regards, Martin -
Receiving email notification of port state changes
Hello
I have a small SAN comprising 4 x MDS9509's and a Fabric Manager Server.
The FMS is set to email fabric events, but it doesn't email on port state changes i.e. IF_DOWN_LINK_FAILURE and IF_UP. I'm assuming this is because they are not actual fabric changes.
What is the best way for me to be able to receive email notification of these changes?
Thanks
StevenYou can use callhome
MDS(config)# ip domain-lookup
MDS(config)# ip name-server
MDS(config)# snmp-server contact
MDS(config)# callhome
MDS(config-callhome)# email-contact <[email protected]>
MDS(config-callhome)# phone-contact
MDS(config-callhome)# streetaddress
MDS(config-callhome)# enable
MDS(config-callhome)# transport email from <[email protected]>
MDS(config-callhome)# transport email smtp-server
MDS(config-callhome)# no destination-profile short-txt-destination alert-group All
MDS(config-callhome)# destination-profile short-txt-destination alert-group Syslog-group-port
MDS(config-callhome)# destination-profile short-txt-destination email-addr <[email protected]
MDS(config-callhome)# no duplicate-message throttle
Regards,
Roman -
Disable-warning statement in weblogic-ejb-jar.xml
I'm having problems with the <disable-warning> statement in the weblogic-ejb-jar.xml file. I havn't been able to find documentation on exactly where the statment is supposed to be placed, as all sites just say to include the statement in your weblogic-ejb-jar.xml file. I found a working solution where I placed the statement after declaring all the weblogic-enterprise-bean and right before the closing </weblogic-ejb-jar> statment.
Now the problem is that I have included a <transaction-isolation> block and weblogic complains about my disable warning statment.
Does anyone know the proper location for the <disable-warning> statement?
here is the format that was working before:
</weblogic-enterprise-bean>
<disable-warning>BEA-010054</disable-warning>
</weblogic-ejb-jar> now I have:
</weblogic-enterprise-bean>
<transaction-isolation>
<isolation-level>TRANSACTION_READ_COMMITTED</isolation-level>
<method>
</method>
</transaction-isolation>
<disable-warning>BEA-010054</disable-warning>
</weblogic-ejb-jar>I have tried putting the disable warning before the transaction-isolation and after and weblogic complains about both.
Any Ideas?
Thanks for your time.I have tried putting the disable warning beforethe
transaction-isolation and after and weblogic
complains about both.
Any Ideas?It would be a good idea to post the message weblogic
is displaying. There are a couple of things you could
check:
* As per the documentation, the <disable-warning> tag
was added in 8.1. Check if you are using the correct
DTD for Weblogic 8.1 (and the version of Weblogic
is 8.1 or higher
* As per the DTD, the <disable-warning> comes after
the <transaction-isolation>
<!ELEMENT weblogic-ejb-jar (description?,
weblogic-enterprise-bean*,
security-role-assignment*,
run-as-role-assignment*,
security-permission?,
transaction-isolation*,
idempotent-methods?,
enable-bean-class-redeploy?,
disable-warning*)
ke sure you maintain this order of elements within
<weblogic-ejb-jar>
Refer to
http://e-docs.bea.com/wls/docs81/ejb/DDreference-ejb-j
ar.htmlYep, it was pointing to an older dtd. Thank you! -
SPA2102 FXS port state monitoring
Hi all,
Is there any way to get FXS port state for LinkSys SPA2102 VoIP adapter (i.e. is there a phone that connected to it or not) remotely, for example, via SNMP ?
Thanks.Here's the bug ID: CSCse15025
Doubt the NM is faulty - we had the same issue in a 2821 and migrated to 12.4(4)T4 to correct it. No hardware replacement required. All has worked fine since then.
HTH
Tom -
Change textfield to textfield (disabled, saves state) programmatically
How can a normal textfield be changed programmatically to a textfield (disabled, save state).
I do not want to use the HTMLDB "Read Only" implementation.
Thanks in advanceHow can a normal textfield be changed programmatically to a textfield (disabled, save state).
I do not want to use the HTMLDB "Read Only" implementation.
Thanks in advance -
I have a large site that changes monthly _ I keep getting a
FTP 500 invalid port command message and the file does not upload
which means I have to go through the whole thing manually.( I'm
using Dreamweaver MX). I gather this is a Windows problem - does
anyone know of a fix
Many thanks for any adviceAfter a client initiates an FTP session, the server establishes a new back connection to the client. This connection extends from the server (outside the firewall boundaries) to a dynamically allocated port number on the client computer. Because the port number is not known in advance, old packet filters open the entire range of high-numbered ports (greater than 1023) for incoming connections. This reconnection at a higher port is done with the following FTP command:
This reconnection at a higher port is done with the following FTP command:
port h1, h2, h3, h4, p1, p2
The values of h1 through h4 are octets of the client IP address. The last two values of p1, and p2 are used to determine the port. The following formula is for p1, and p2:
p1 X 256 + p2 = port
If the Firewall Network Address Translation (NAT) does not correctly change this IP address (h1 through h4), the server generates the error message.
The following sample command is an example of a port command:
port 10,20,30,40,5,25 = (IP Address: 10.20.30.40 / Port: 1305) -
The Enterprise 500 switch seems to automatically set MAC port violation feature, and it does not appear possible to disable this via the web interface.
I?m using a laptop that has a MAC address associated with its WiFi interface, which is presented via the Wireless Access Point, When the laptop roams from one Access Point to the next one, the MAC address now appears on the new LAN switch port via the connected second Access Point and due to a securtiy port feature the port port is blocked. is there any way to disable the security port set on the switch?I'm using the Cisco Network Assistant 4.0, and when I?m not able to untick the security port box is there any mode that set the privilege to allow users changing the setting? when the wireless device roam from an AP to another the port connected to the 2nd AP is blocked due to this security port blocking feature.
Yes, the AP are connected to port configured as smartport AP.
I'm going to test different smart port roles to see if this fixes the problem.
Many thanks
Maybe you are looking for
-
when I commenced subscriptions for PhotoshopCC i was billed $19.99 per month. The advertised fee is now $9.99 per month for a single product. How do I change to the lower payment plan.?
-
Is it Possible to install oracle 9i 32 bit on Sun Solaris Intel Edition
Dear OTN Members , It is possible to install ORACLE 9I Sun SPARC Solaris (32 Bit) on Sun Solaris Intel Editon 2.8 . Please inform me on email :- [email protected] [email protected] Thanking You Piyush Patel - Server name :- pi.com - Filename - Date/T
-
Adobe Help CS5: Text In Search Field Hard To Read
I'm using Local Help. In the Search field, letters are way too close and very hard to read. There seems to be no anti-aliasing either. Is it possible that some font be missing in either my Photoshop Installation or in my System (OX 10.6.3)? Thanks fo
-
To write a single query to get the desired output.
Hi, I have table by name "employees" it contains 20 records meaning 20 employee details. some of the column it contains are employee_id,Hiredate as below. EMPLOYEE_ID|HIRE_DATE 100|6/17/1987 101|9/21/1989 102|1/13/1993 103|1/3/1993 104|5/21/1991 107|
-
Rollup process is getting failed in PC
Hi, The Rollup job gets failed daily in PC with following error message " Error when structuring the index of aggregate 100929 for InfoCube /BIC/FICPROB "and once i repeat the job it will get success. I need to know the reason why it get fail, if any