Cisco 6516 FWSM Module problem

Similar Messages

• Two FWSM module act as Single

  Hi ALL,
  We have two switches and TWo FWSM module is inserted into the Two switches .Can I add the FWSM as a separate device instead of module because i can't telnet the fwsm from Switch.Customer is not ready to configure the telnet option.FWSM module is working as a active and active mode..so virtual single ip is configured....How can i add the FWSM module in this network.

  You can use as the separate device. For the further description the following URL for the configuration for the FWSM will help you
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/context.html

• Replacing Faulty FWSM module in Cluster

  Hi,
  We have a faulty FWSM module in Cisco 6509 switch in Active/Standby cluster mode
  We have purchased a refurbished FWSM module to replace it. It has the same FWSM OS 4.0 (4) and is in factory default configuration
  What procedures should I follow to make this unit live and sync the config between the current active unit to this one.
  Can one of you please explain me the steps and if an link to an article which explains this will be great
  Thanks,
  Chandru

  Hi Bro
  Firstly, insert the newly purchased refurnished Cisco FWSM module into the slot, where the fault Cisco FWSM module was originally located. Second, paste into the configuration from the working unit to this newly purchased refurnished Cisco FWSM module. Note: Please do ensure under the failover commands, one side is primary and the other side is secondary. Lastly, issue the command show failover, to ensure the failover status i.e. NORMAL, is in good working condition.
  I’ve done this countless times, you should do just fine. This is easy.
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fail_f.html
  Regards,
  Ram

• Cisco ISE Vs Cisco Anyconnect Posture module with Advanced Endpoint Protection

  We are planning to use cisco Anyconnect posture module with Adv Endpoint protection to examine the VPN users- This can check whether they a antivirus/anti spyware software installed on their work station and can force to update def file if its older than specified number of days, it can also check the firewall status on their workstation and enable if its not already.This can detect keylogger and emulation softwares also.
  Do we get any additional advantages in using ISE compared to Anyconnect posture module ......
  Siddhartha       

  These are good questions. We had them last year before we decided to purchase ISE, specifically for our VPN users.
  I will be watching this thread to see what kind of responses you get.
  As of right now, I can verify the ISE can indeed check if specific Anti-Virus is installed (i.e., your corporate AntiVirus), or if ANY (supported by Cisco within ISE) antivirus is installed, and it can force an update process for the AV if it detects that the DAT files are older than a admin specified amount of time.
  Our issue at the moment (if you haven't searched the forums) is ISE detected the proper WSUS updates are indeed installed on the users systems and allowing the users system to talk to our internal WSUS server.
  We are now wondering if the Advanced Endpoint licensing on the ASA would have been a better way to go.
  Wishing you luck in finding your answers for us all.
  Dirk

• Install and configure Cisco Network Analysis Module NAM-2

  Hi,
  Does anyone have a step-by-step document on how to install and configure Cisco NAM-2 module ?
  Thanks in advance.
  Regards,
  Lamine

  Hi Lamine,
  The official installation guides for NAM software can be found here:
  http://www.cisco.com/en/US/products/sw/cscowork/ps5401/prod_installation_guides_list.html
  Is this what you are looking for?
  Cheers,
  Shane

• Has anybody experience with "Cisco Anomaly Guard Module"

  Hello,
  had anybody experience with "Cisco Anomaly Guard Module" WS-SVC-AGM-1-K9 for Catalyst 6500?
  We're looking for some IDS/IPS prevention system which could take 2-3 Gbits of traffic. From the documentation it looks not bad, and we can get them as used parts (6500 + Sup720 + AGM +ADM) quite cheap. The second solution is Arbor with cisco12000 as boader router (10Gbit uplink) is much more expencevie.
  Arbor tries of cause sell us their solution as "Cisco Anomaly Guard Module" is ot of sale and doesn't have any new features, but from the Data sheets Cisco AGM is eactly what we need.
  Or may be is there another solution which could be comparable to those two?
  Thank you.

  Hello padatta,
  AGM/ADM are IDS/IPS systems, one can of couse discuss about the terms, but it won't be productive :).
  IDSM2 has not enough performance and it should sit inline, ADM/AGM can change he next hop for the diverted traffic and be out of traffic path during the normal operation.
  Konstantin

• Linksys Cisco WVC210 Network Camera - Problem

  Hello Cisco Members,
  I have problem with one Linksys Cisco WVC210 Network Camera.
  When I Power ON, the PowerLED blinking, other 3 GreenLED light and on LCD Display have nothing.
  I make 30 seconds push resset button, 30 seconds power OFF and havent result. When I connect it to
  Router with DHCP, this camera can not take IP Address... I do not understand where is a problem with
  this camera.
  I write here to get a fix of this problem.
  Regards,
  Vivendi

  Try power on and after 90 seconds go to the Browser and type in 192.168.1.99 (assuming you are on the 192.168.1.xx LAN network) and see if you are able to get to the firmware page, if yes try reload the firmware, if you are not then I would recommend returning the product by getting in touch with Cisco's Tech Support and get an RMA number and instructions on returning the product and get a replacement.
  Alan.

• Cisco Catalyst 4507R Module WS X4424GB RJ 45, Multi-speed Gigabit Ethernet Switching Module (24-port)

  i am confused if this one
  Cisco Catalyst 4507R Module WS X4424GB RJ 45, Multi-speed Gigabit Ethernet Switching Module (24-port)
  would be compatible to its chasis if change by this one
  WS-X4424-GBRJ45-RF
  Catalyst 4000 24port 101001000 Module RJ45 REFURBISHED

  Yes it you get the refurbished with the good one then it would get detected and works fine.
  BTW- This module is EOL /EOS and below is the replacement part for the same:
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/eol_c51_574038.html
  WS-X4424-GB-RJ45
   Catalyst 4500 24-port 10/100/1000 Module (RJ45)
  Replacement-PartWS-X4548-GB-RJ45
   Catalyst 4500 Enhanced 48-Port 10/100/1000 Base-T (RJ-45)
  HTH
  Regards
  Inayath
  ***** Plz rate all usefull posts.

• Catalyst 6500 Module problems

  Hi,
  We are almost a week dealing with a very instable 6500.
  What we see is that modules are undergoing a soft reset. When this reset fails the module has a faulty status. Resetting the module mostly solves the problem. But in some cases more then one module has this problem. Even the supervisor module is undergoing the same soft reset some time.
  Here are the messages that appear in the logging.
  1/07/2005,6:50:41,10.2.0.116,???,LOCAL,NOTICE,2005 Jul 01 06:47:58 %SYS-5-MOD_NOSCPPINGRESPONSE:Module 5 not responding... resetting module
  1/07/2005,6:50:41,10.2.0.116,???,LOCAL7,NOTICE,2005 Jul 01 06:47:58 %SYS-5-MOD_RESET:Module 5 reset from Software
  1/07/2005,6:50:43,10.2.0.116,???,LOCAL7,NOTICE,2005 Jul 01 06:48:00 %SYS-5-MOD_NOSCPPINGRESPONSE:Module 6 not responding... resetting module
  1/07/2005,6:50:43,10.2.0.116,???,LOCAL7,NOTICE,2005 Jul 01 06:48:00 %SYS-5-MOD_RESET:Module 6 reset from Software
  1/07/2005,6:53:36,10.2.0.116,???,LOCAL7,NOTICE,2005 Jul 01 06:50:52 %SYS-5-MOD_RMVDNLDSTOP:Download terminated for module 6. Module removed
  1/07/2005,6:53:36,10.2.0.116,???,LOCAL7,NOTICE,2005 Jul 01 06:50:52 %SYS-5-MOD_DNLDFAIL:Download failed for module 6
  1/07/2005,6:56:44,10.2.0.116,???,LOCAL7,EMERGENCY,2005 Jul 01 06:54:00 %SYS-0-MOD_NOSLCPRESPONSE:Module 1 SLCP not responding... resetting module
  1/07/2005,6:56:44,10.2.0.116,???,LOCAL7,NOTICE,2005 Jul 01 06:54:00 %SYS-5-MOD_RESET:Module 1 reset from Software
  What has been done:
  Since module 5 always reboots first, this card had been replaced. Then we replaced the supervisor. Since still cards where rebooting we replaced the entire chassis. The power modules have also been replaced.
  Anyone seen this problem before?
  Many thanks!

  SBRU_01> (enable) sh ver
  WS-C6509 Software, Version NmpSW: 7.3(2)
  Copyright (c) 1995-2002 by Cisco Systems
  NMP S/W compiled on Aug 1 2002, 17:18:44
  System Bootstrap Version: 5.2(1)
  Hardware Version: 2.0 Model: WS-C6509 Serial #: SCA041201PZ
  PS1 Module: WS-CAC-1300W Serial #: SON04301066
  PS2 Module: WS-CAC-1300W Serial #: SON04290510
  Mod Port Model Serial # Versions
  1 2 WS-X6K-SUP1-2GE SAD03384603 Hw : 5.0
  Fw : 5.2(1)
  Fw1: 5.1(1)CSX
  Sw : 7.3(2)
  Sw1: 7.3(2)
  WS-F6020A SAD03405664 Hw : 2.0
  2 48 WS-X6248-TEL SAD04130FP9 Hw : 1.0
  Fw : 4.2(0.24)VAI78
  Sw : 7.3(2)
  3 48 WS-X6248-TEL SAD0412056T Hw : 1.0
  Fw : 4.2(0.24)VAI78
  Sw : 7.3(2)
  4 48 WS-X6248-TEL SAD04130FJH Hw : 1.0
  Fw : 4.2(0.24)VAI78
  Sw : 7.3(2)
  5 48 WS-X6248A-TEL SAL05062YWP Hw : 3.0
  Fw : 5.4(2)
  Sw : 7.3(2)
  6 48 WS-X6248A-TEL SAL05106KV4 Hw : 2.0
  Fw : 5.4(2)
  Sw : 7.3(2)
  DRAM FLASH NVRAM
  Module Total Used Free Total Used Free Total Used Free
  1 65408K 43089K 22319K 16384K 9993K 6391K 512K 377K 135K
  Uptime is 0 day, 0 hour, 22 minutes
  SBRU_01> (enable) sh mod
  Mod Slot Ports Module-Type Model Sub Status
  1 1 2 1000BaseX Supervisor WS-X6K-SUP1-2GE yes ok
  2 2 48 10/100BaseTX Ethernet WS-X6248-TEL no ok
  3 3 48 10/100BaseTX Ethernet WS-X6248-TEL no ok
  4 4 48 10/100BaseTX Ethernet WS-X6248-TEL no ok
  5 5 48 10/100BaseTX Ethernet WS-X6248A-TEL no other
  6 6 48 10/100BaseTX Ethernet WS-X6248A-TEL no other
  Mod Module-Name Serial-Num
  1 SAD03384603
  2 SAD04130FP9
  3 SAD0412056T
  4 SAD04130FJH
  5 SAL05062YWP
  6 SAL05106KV4
  Mod MAC-Address(es) Hw Fw Sw
  1 00-30-80-f7-7a-c2 to 00-30-80-f7-7a-c3 5.0 5.2(1) 7.3(2)
  00-30-80-f7-7a-c0 to 00-30-80-f7-7a-c1
  00-13-60-48-63-00 to 00-13-60-48-66-ff
  2 00-01-97-09-77-f0 to 00-01-97-09-78-1f 1.0 4.2(0.24)V 7.3(2)
  3 00-01-97-10-c3-30 to 00-01-97-10-c3-5f 1.0 4.2(0.24)V 7.3(2)
  4 00-01-97-09-78-e0 to 00-01-97-09-79-0f 1.0 4.2(0.24)V 7.3(2)
  5 00-30-96-37-98-14 to 00-30-96-37-98-43 3.0 5.4(2) 7.3(2)
  6 00-02-7e-c1-dc-8c to 00-02-7e-c1-dc-bb 2.0 5.4(2) 7.3(2)
  Mod Sub-Type Sub-Model Sub-Serial Sub-Hw
  1 L2 Switching Engine II WS-F6020A SAD03405664 2.0

• Eq 8080 commands not being entered on FWSM module

  Hi There,
     I'm having an issue with some Firewalls in my network. I have several firewall modules (WS-SVC-FWM-1) in 6509s,
  FWSM Firewall Version 2.3(3) <system>
  FWSM Device Manager Version 4.1(3)
  I'm trying to enter the following rules
  access-list ACL-IN extended permit ip host X.X.X.0 X.X.X.0 255.255.255.0 eq 8080
  access-list ACL-IN extended permit ip host X.X.X.1 X.X.X.0 255.255.255.0 eq 8080
  access-list ACL-IN extended permit ip host X.X.X.2 X.X.X.0 255.255.255.0 eq 8080
  access-list ACL-OUT extended permit ip X.X.X.0 255.255.255.0 host X.X.X.0 eq 8080
  access-list ACL-OUT extended permit ip X.X.X.0 255.255.255.0 host X.X.X.1 eq 8080
  access-list ACL-OUT extended permit ip X.X.X.0 255.255.255.0 host X.X.X.2 eq 8080
  What happens is, these commands don't go into the configuration, and I don't get an error, but any rule after it also does not get copied into the config when I copy and paste a list of commands. All the commands before it go in no problem.
  Does it not like eq 8080? Can I not do 'permit ip' with an eq command? Do I have to use 'permit tcp' to enter the command?
  Thanks.

  If you are going to specify a port you need to use the TCP or UDP protocol.  You are specifying IP so you will get an error because of this.

• 6500 has IDSM-2 and FWSM modules

  i got a task to configure Catalyst 6509 supervisor engin sup720-10g-3c  and has FWSM and IDSM-2 service modules .
  what consideration should i take  and is  there is any configuration example for both
  thank you for your help

  They are many posts on this forum on this subject, did you try using the search function?
  http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml
  Regards
  Farrukh

• Cisco 7975 Expansion modules

  Dear,
  I have some questions regarding the expansion modules on phones, specifically the 7916 ones. 
  If i have one with 12 physical buttons and 2 page buttons i can assume it's a 24 line button i have to set on the configuration page of the phone correct? Or am i seeing this wrong. Is there a handy way of knowing this directly?
  I have a specific phone Cisco 7975 that has issues getting the 7916 addon module working, i have set a 7916 24 button on the config page of the phone. The addon module still shows the logo of Cisco and doesn't change.
  The load is present on the call manager, i have seen it via "Device Defaults", shall i proceed in upgrading the 7916 firmware then on the Call Manager, maybe this can solve the problem?
  CM version: 8.6.2

  Most of the times firmware phone/expansion
  Just upgrade phone and expansion.
  And you select 7975 with 7916 24 buttons or 12 buttons
  JH

• MSI 785GM-E51 and memory modules problems

   
  Could anyone help me with one problem. I have motherboard MSI 785GM-E51 and 4 memory modules GOODRAM GR 1333D364L9/2G. But when I'm inserting ALL modules my system not starting (even POST procedure). So working variants - when I'm inserting:
  - one module in first (boot) slot
  or
  - they inserted in first and third memory slots
  Any ideas?

  It is not motherboard problem, but processor itself - I have AMD Phenom II X4 965 Black Edition 3,4 Ghz Core Revision C2 and this revision (according to the article: http://www.fcenter.ru/online.shtml?articles/hardware/processors/27650#02) has problems with support memory modules DDR3-1333 Mhz more than 2 modules. Conclusion - either adjust BIOS settings concerning memory timings and memory controller voltage or replace this kind of processor with the same type but with core revision C3

• Remote Function Module problem

  Hi Experts,
  I have written a Se38 progarm to execute a remote function module, so as to send some data out of the system. The receiving system is an XI system. Pls see below the code and the load at the XI end, I donno why and what mistake am I doing in the se38 program part, as a result of which, only part of the data is getting send to XI.
  REPORT ZRFC_ADAPTER.
  Data: it_final1 type standard table of zrfc_str with header line .
  it_final1-NAME = 'ARNAB'.
  it_final1-ADDRESS = 'ADDRESS'.
  it_final1-EMAIL = 'EMAIL'.
  it_final1-ID = 'ID'.
  CALL FUNCTION 'ZRFC_XI'
  IN BACKGROUND TASK DESTINATION
  'R32XIRFC'
  EXPORTING
  username = sy-uname
  tables
  it_final = it_final1 .
  break-point.
  COMMIT WORK.
  Clear it_final1.
  I have seen in debugging mode, after removing the "
  IN BACKGROUND TASK DESTINATION
  'R32XIRFC'", that the internal table " it_final1 " is working fine......
  The structure used in remote Function Module is
  IT_FINAL LIKE ZRFC_STR -- in tables parameter. and the structure of ZRFC_STR is as follows!
  NAME ZNAME CHAR 14
  ADDRESS ZADDRESS CHAR 40
  TELEPHONE ZTEL CHAR 20
  EMAIL ZEMAIL CHAR 40
  ID ZID CHAR 10
  Note that , apart from a COMMIT WORK statement, there is no other coding done in the SOURCE CODE part of the remote Function Module.
  The load in XI is showing as
  <?xml version="1.0" encoding="UTF-8" ?>
  <rfc:ZRFC_XI xmlns:rfc="urn:sap-com:document:sap:rfc:functions">
  <USERNAME>RETAILDEV</USERNAME>
  <IT_FINAL>
  <item>
  <NAME>ARNAB</NAME>
  <ADDRESS>EMAIL</ADDRESS>
  <EMAIL />
  <ID />
  </item>
  </IT_FINAL>
  </rfc:ZRFC_XI>
  Note that EMAIL is actually a content of field EMAIL and not ADDRESS. But I donno why, it is behaving like this,,
  Pls note, this RFC has been imported completely in integration repository of XI, so we dont have to worry about any settings change or activities, left pending in XI.
  I am very sure, something is missing in the se38 code, pls suggest!!
  Regards,
  Arnab .

  Hi Arnab,
  I am having really doubt that there is problem in field mapping.
  COuld you please check the following.
  In the FM structure contains 5 fields as follows,
  NAME ZNAME CHAR 14
  ADDRESS ZADDRESS CHAR 40
  TELEPHONE ZTEL CHAR 20
  EMAIL ZEMAIL CHAR 40
  ID ZID CHAR 10
  In the Internal Table it has got 4 fields. Check the Mapping properly
  and data on each field.
  t_final1-NAME = 'ARNAB'.
  it_final1-ADDRESS = 'ADDRESS'.
  it_final1-EMAIL = 'EMAIL'.
  it_final1-ID = 'ID'.
  Thanks & Regards,
  Nagaraj Kalbavi

• Windows 2008 R2 on Cisco UCS B200M networking problems

  This is driving me completely nuts.  Let me start by saying I am new to blade servers and Cisco UCS.  I did take an introduction class, and it seemed straight-forward enough.  I have a chassis with two B200M blades, on which I am trying to configure two Windows 2008 R2 servers, which I will eventually make Hyper-V servers.  This is all in a test environment, so I can do anything I want to on them.
  Right now I have installed W2008 directly on hard disks on the B200M hardware.
  The problem is this: even though I think I've configured the network hardware correctly, using the Cisco VIC driver software, I cannot get networking to work in any reliable way.  I cannot even get ping to work consistantly.  I can ping my local server address, but I cannot ping my gateway (HSRP address).  When I try, I get a "Reply from 10.100.1.x: Destination host unreachable (x being each particular server's last octet). I CAN, however, ping the individual IP addresses of the core switches.  I can also ping some, but not all, the other devices that share the servers' subnet.  There are no errors being generated, the arp tables  (for those devices I can ping) look good, netstat looks OK.  But I cannot get outside the local subnet...
  Except when I can.
  There are times when I can get all the way out to the Internet, and I can download patches from Microsoft.  When it works, it works as expected.  But if I reboot the server, oftentimes networking stops working.  Yet another reboot can get things going again.  This happens even though I've made no changes to either the UCS configs or the OS.
  I cannot figure out any reason when it works at some times and not at others.  I've made sure I have a native VLAN set, I've tried pinning to specific ports on the Fabric Interconnects.  There is just no rhyme or reason to it.
  Anyone know of where I can look?  I'm very familiar with Windows on stand-alone boxes (although it's no longer my area of expertise), and I manage a global WAN (BGP, OSPF, Nexus 7k, etc.) so I'm no dummy when it comes to networking, but I am utterly stumped on this one.        

  The problem was this: while the NICs on the blade server are called vNIC0 and vNIC1, Windows was calling vNIC1 "Local Area Connection" and vNIC0 "Local Area Connection 2".  So what I configured on UCS did not match what I was configuring in Windows.  Completely, utterly ridiculous.
  Anyway, networking is working now without any issues.  Thanks for you suggestion; it did get me looking in the right direction.