Cisco 3550 SMI switch for security setup ?
I have a 3550 SMI IOS 12.2 switch, I want to setup http, https, dns services for internet. I do not need to set up any mail or web server.
The connection as follows:
Internet ---------Modem----------3550-----------Computer
Modem has no security function, all the security setting will be on 3550 switch. So what is the best approach ?
Is it layer 2 or layer 3 security ? and can I run VPN for the internet surf ? Please kindly advise.
Thanks,
Susan
Thanks for the Reply.
When I config the switch I find out some interesting things, I am no sure if the
configuration is correct or I miss something ? Please help take a look.
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny tcp any any eq bgp
access-list 101 deny eigrp any any
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any any eq www log
access-list 101 permit tcp any any eq 443 log
access-list 101 deny ip any any log
int fa0/1
switchport
switchport access v 10
switchport mode access
access group 101 in
int vlan 1
no ip add
That work normal
But if when I put access list 101 to vlan interface 10, my computer can access the internet. ???
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny tcp any any eq bgp
access-list 101 deny eigrp any any
access-list 101 deny ip any any log
int vlan 10
ip add 192.168.1.1 255.255.255.0
access group 101 in
int fa0/1
switchport
switchport access v 10
switchport mode access
int vlan 1
no ip add
For both case, Vlan 1 is down, I connect nothing and assign nothing to vlan 1.
So is the configuration has problem ? or
Something to do with vlan 1 ?
or something I miss ?
Thanks
Similar Messages
-
Using Cisco MDS 9148 switch for switching and routing
Hi Gurus,
Can you please advice me! Can i configure interface trunking, routing and dhcp services on the Cisco MDS 9148 switch?
Thanks for your response!!Tommy,
MDS9148 is a Storage SAN Fibre Channel switch, it doesn't support Ethernet, IP, VLANs, VLAN trunking, 802.1Q, IP routing, DHCP. It's meant for Fibre Channel connectivity between Fibre Channel server HBAs and Fibre Channel storage.
Roman -
Setting up Cisco SLM248GT-NA switch for VoIP
Hello Everyone,
We have a Cisco slm248gt-na smart switch in our office that I am trying to configure to support and optimize for VoIP. We have desktops hooked up off the phones in most cases. Are there any config guidelines to optimize the switch so it has proper QOS set and VoIP gets higher priority over data.
Thanks, Kind Regards
ShabbirHello Tom,
Thanks for your reply.
We have a pretty straight forward setup. We have 15 Cisco SPA303 phones hooked up to switch and the desktop are connoted via the phone. We have a wireless LAN and a corporate server that servers as a file sharing/vpn type setup. Other than that there are no devices hooked up. We had to implement auto voice vlan feature but were still running into issues like occasional poor voice quality and one way audio type issues. However I did notice something in the configuration menu "Telephone OUI", could you please help us on how to implement that. We are trying to implement best practice to avoid voip related issues that we have been having.
We also see all the ports in trunk mode. Is that the recommended setting or should we change it to access mode?
Thanks, Kind Regards -
I have a new Linksys wireless router that I successfully installed yesterday. It seems to work fine. But I cannot setup the security because there is no icon in my system tray in the lower right corner of my screen. There are lots of icons there but no Linksys icons. I reinstalled the router but still no icon. I have looked at the entire tray, not just the most used icons.
Any suggestions?
AmyAmy are you talking about wireless security?
Try to go to http://www.linksys.com/kb.
look for answer id 949
it has explicit intsructions on how to setup wireless security.
I read this website alot and it teaches you alot of things,
"Give them nothing... But take from them everything..."
-Leonidas "300" -
Cascade Catalyst 3560 switch for loaded traffic
I have a layer 3 Catalyst switch 3560 with 24 FE interfaces.
I need to pump traffic from traffic generator into port 1 and propagate it to other ports; the last port will be connected back to the traffic generator.
I suppose that I need to cascade some of the switchports but how do I configure the catalyst switch for this setup? Is it making use of routed port and static routing?Hi Ankur,
Thanks for the reply.
The traffic generator are layer 3 interfaces which I can assign IP address.
You mentioned that I do not need any routing, but I require traffic coming from the traffic generator(e.g FE1) going into switchport 1 to traverse through the rest of the switchports before exiting from the last switchport back to the traffic generator(e.g FE2). Therefore, I need advice on how to setup the catalyst switch to achieve this.If I assign ip address for this traffic to end at the traffic generator-FE2, the generated traffic will enter the switch at switchport 1 and directly exit from the last switchport without any traversing done. Btw, do I need to cascade my switch with cross cable in this aspect?
Thanks in advance for your advice.
Regards,
Raymond -
Is it possiable to run image for cisco 3550 PWR-SMI on c3500 XL series switch?
Hi,
as you know cisco 3500 XL switches are L2 switches and there is no ios image which supports L3 functionality compiled for that devices, but what will happen if I'll try to run C3550-IPBASEK9-M image on 3500 XL series switch?
Will it boot up?
Will the SVI functionality be available?
Thank you,
Edik.The 3550 is a different hardware family so I think you'll find that the 3500XL will likely not boot up with a 3550 image.
-
Setup crypto for secure communication with other switches
What kind of code can be used to setup crypto for secure communication with other switches.
ok but is there any special code i need to write if i need to create a crypto secure communication between some particular switches.
-
HP 3800 switch port-security one mac in two VLAN for Cisco IP Phone
Hellow all!
I'm want use port-security for ports on my HP 3800. But PC connected
to network via PC port on Cisco ip phone. For phone used 10 voice VLAN,
for data - 1 VLAN (native). Cisco phone add self mac-address in these
two VLAN. On Cisco Switch 2960 i resolve this for 4 command:
switchport port-security maximum 3
switchport port-security mac-address pc_mac
switchport port-security mac-address ip_phone_mac
switchport port-security mac-address ip_phone_mac vlan voice
How i can add one mac in two VLAN's on HP 3800 Switch?
Sorry for my English, please ^_^
This topic first appeared in the Spiceworks CommunityHi Kuarzo, please reference the following;
https://supportforums.cisco.com/document/116426/how-configure-dynamic-mac-port-security-sx300
https://supportforums.cisco.com/document/116256/how-configure-static-mac-port-security-sx300 -
100% Noob - Need Help for basic setup of Cisco 2504 and 1600 AP
Hello,
I am completely noob in (cisco) networking.
I have to setup a basic but secure wireless network.
I have a cisco 2504 and 2 APs 1600 + a random switch
I have 4 ports on the controller.
I want to keep the 1st port on the network for the controller management, plug my internet box on the 3rd port, and my switch on the 4th port. Then the AP will be on the switch.
I am able to make something working when everythings are plugged on the switch, plugged in the first port (default management port).But this is not what I want.
First thing, Is that possible ?
1st port : office network
2nd port : empty
3rd port : Internet Box
4th port : Switch + all APs
Then, if that is possible, how should i configure the controller to make that work ? I am completely lost in the menus.
I dont need a perfect configuration, just something simple and working.
1 SSID, 10 DHCP addresses, block wireless users trying to go on the office network.
If anyone could help my doing that, It would be very nice.
Thank you.You basically need two SSIDs one for corporate users and second for guests .check the link with step by step config and brief details .
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html -
UPDATE: Deal of the Week - Cisco 3550 24 port PoE Switch
Well that didn't last long...our "Deal of the Week" this week sold out in 1 day, so we figured we better do another deal for everyone. - - - Cisco 3550 24 Port PoE Switch - $65.00 --- www.cablesandkits.com/DOW
How might you use PowerShell Direct, the latest addition to the PowerShell family that's coming with Windows 10 and Windows Server 2016? Consider this:Have you ever tried to make a configuration changeon a Friday afternoon, right before beer o’clock, and you couldn’t get access to the machine you needed to change? This problem might be caused by out-of-datesecurity settings, a network change, or something else.PowerShell Direct will work, even when otherwise things would stand in your way.According to Petri, the new software will change the way you operate "between hypervisorhost and guest virtual machine in a secure way." No more "faffing about to get security settings configured, holes poked in firewalls," or remoting in – PowerShell Direct gives you a direct way to open a session on any guest computer in seconds.
If you have Windows... -
Hooking up a cisco 3550 48 port switch to my E2500 router
I am trying to assign an IP to my 3550 switch so I can telnet into it from my computers upstairs but, when I assign the IP to a vlan on the switch and set the port going to the router to access that vlan I still can't see anything pull in the DHCP table on the E2500. The other thing I am not sure about is what I should be setting my default route to is it the 192.168.1.1 or is that just the management IP for the E2500 router? I am pretty sure this is just a case of the E2500 can't deal with the Vlans but with it being set to access it doesn't seem like it should matter it should just live in that Vlan. I can always put a 2600 in front of the switch but I rather not put in a 3rd piece of equipment if I can help it. Any advanced routing information would be appreciated.
If the swtich is a managed switch, it maybe in compatible with the LAN switch on the router as most "home" class routers do not have manged LAN switched for connectors.
I recommend that you contact Cisco about this and see if they have any help and information regarding this. If the management or "smart" features can be disabled on this switch if the has these features, it maybe still usable with the router.
Let us now how it goes. -
Assign VLAN from freeradius to Cisco 3550 Switch
Hi All,
I am trying to assign VLAN from freeradius to the a cisco 3550 switch but it's not working.
I keep getting those lines in the cisco switch debug:
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
What does it mean? Any idea how to solve this?
Below freeradius conf and switch debug.
Thanks.
Configuration on freeradius users file:
wassim Cleartext-Password := "wassim"
Tunnel-Medium-Type:1 = IEEE-802,
Tunnel-Type:1 = VLAN,
Tunnel-Private-Group-Id:1 = 100
Cisco Switch debug log:
3w6d: RADIUS: authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67
3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8
3w6d: RADIUS: NAS-Port [5] 6 50023
3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97"
3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1"
3w6d: RADIUS: Service-Type [6] 6 Framed [2]
3w6d: RADIUS: Framed-MTU [12] 6 1500
3w6d: RADIUS: State [24] 18
3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7 [???????^u^[?#:T?]
3w6d: RADIUS: EAP-Message [79] 69
3w6d: RADIUS: 02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04 [???C??????8?q???]
3w6d: RADIUS: BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61 [?????????c,????a]
3w6d: RADIUS: 64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4 [d!+???n??IPk????]
3w6d: RADIUS: 36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59 [6????w-?(?7??s?Y]
3w6d: RADIUS: F9 37 E6 [?7?]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0 [?Y????_x??Y?M?t?]
3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186
3w6d: RADIUS: authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
3w6d: RADIUS: Tunnel-Private-Group[81] 6 01:"100"
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Recv-Key [17] 52
3w6d: RADIUS: 86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A [??>tv????????.??]
3w6d: RADIUS: 12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76 [?;?????o?c?????v]
3w6d: RADIUS: 61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35 [a?j]b?r?x??M??T5]
3w6d: RADIUS: 40 DC [@?]
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Send-Key [16] 52
3w6d: RADIUS: 8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE [?a??x??????u?p??]
3w6d: RADIUS: 71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E [q?Z!S5???????Cn?]
3w6d: RADIUS: AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8 [???VlB???????~l?]
3w6d: RADIUS: 56 58 [VX]
3w6d: RADIUS: EAP-Message [79] 6
3w6d: RADIUS: 03 06 00 04 [????]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: 82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33 [?Kd??dY??'?????3]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: EAP-login: length of eap packet = 4
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: Tunnel-GID, [01] 100
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to upI believe you should be using the numerical values in your fields, look at this one :
http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment
Tunnel-Medium-Type:1 = 6
Tunnel-Type:1 = 13
Tunnel-Private-Group-Id:1 = -
I can set up my personal account just fine. personal apple id is my [email protected] - I can setup the ipad and face time no problem.
But I don't want to be facetime tutoring with my personal account. I want students to find me by my .edu address
I cannot complete the second apple Id setup, as the confirmation email always fails. Even if I disable all firewall/blocking in outlook and windows.
I get an error every time.
Your request couldn't be completed.
This may have occurred for security reasons or because your session timed out.
So much for Apple being the "simpler" PC for users.
I've been a Windows user/technician for many years. I've never seen anything this aggravating.
Anyone run into this before?Saw this in another forum. You could try it.
Under the FaceTime Account you can only have 1 email set up, but below that you can set up multiple email accounts as phone numbers, I do it all the time.
FaceTime is set up with my account, but since the iPad is more of a family device (its mine, but everyone is allowed to use it), my sister programed her email so that her friends can call her on the iPad and so did my Mom and brother. Their friends dial their numbers (email addresses) and the iPad still rings even though the main number is mine account.
Cheers, Tom -
I got an ipad mini and when i try to switch it on and configure it to use it it says IP is temporarily blocked for security reasons..what do i do?
An odd message? Is this on your home network? Could try at a library.
Robert -
Using LMS 3.2 to setup switches for archive config
Is there a way in LMS 3.2 to setup switches for using the archive config feature such that the filename could be automatically set to be the switch mgmt address or hostname?
So for the below example:
archive
log config
logging enable
notify syslog contenttype plaintext
path disk0:switch01.archive
write-memory
time-period 1440
Would there be a way to set (I'm guessing in netconfig) "path disk0:switch01.archive" with something like "path disk0:$HOSTNAME.archive" or "path disk0:$IP.archive" ?
-DaveNevermind. Figured out that there are variables in the path that I can use for this:
$h - hostname
$t - timestamp
archive
log config
logging enable
notify syslog contenttype plaintext
path disk0:$h-Backup-$t
write-memory
time-period 1440
Maybe you are looking for
-
How to set password on mac air
how to set first password for mac air mike hawthorne
-
Purchased a ringtone through iTunes, can't work out how to set it up as a ringtone on iPhone. Can any one help?
-
Crashing when "Rendering work area" ?
I worked on a few sequences adding Chroma Key effects (superposing images / video shots). Following the 'Adobe Premiere CS3 Bible', I finalized by doing : Sequence / Render Work Area, but close to the end of the process, I got two error messages ("Ad
-
I can't see the data logger to move a lookout application to another computer
To move a application to another PC i can't see historical logging why? Attachments: Toneleria15Jul02.rar 1424 KB Toneleria15Jul02.r00 818 KB
-
ITunes 10.1.1 has wiped my library HELP!!!!!!
Please can someone help me - I updated iTunes to 10.1.1 earlier this afternoon - everything went as normal, I restarted my laptop when it asked me to once the update had completed. Whilst the update was going on I did go into iTunes and purchase a so