Cisco CSS11501 - Interface Configuration
Is it possible to configure the port speed and duplex on the ethernet interfaces? If so, how would I do it?
In interface configuration mode, use the 'phy' setting.
CSS(config-if[ 2/2])# phy ?
100Mbits-FD 10/100 ports only. Set to 100 Mbits/s, Full-Duplex
100Mbits-HD 10/100 ports only. Set to 100 Mbits/s, Half-Duplex
10Mbits-FD 10/100 ports only. Set to 10 Mbits/s, Full-Duplex
10Mbits-HD 10/100 ports only. Set to 10 Mbits/s, Half-Duplex
1Gbits-FD-asym Gigabit ports only. Set to Full duplex with asymmetric
pause toward link partner
1Gbits-FD-no-pause Gigabit ports only. Set to Full duplex with no pause
1Gbits-FD-sym Gigabit ports only. Set to Full duplex with symmetric
pause
1Gbits-FD-sym-asym Gigabit ports only. Set to Full duplex with symmetric and
asymmetric pause toward local device
auto-negotiate Allow the interface to auto-negotiate speed and duplex
mode.
Similar Messages
-
Pix515 multiple interface configuration
Hi, actually i have this scenario:pix 515e version 6.2(2) with on board
6 interfaces but now configure with 3 interfaces (in this mode):
INTERNET ROUTER (ETH 172.17.10.1)
I
I
I
I(OUTSIDE - 172.17.10.2)
PIX -INTF2--.2--------------(172.17.12.0/29)--------.3(PARTNER)
INSIDE (172.17.8.1/23)
I
I
I
I
MY LAN
then 3 interfaces configuration without NAT.
there are the static routes:
route outside 0.0.0.0 0.0.0.0 172.17.10.1 1 route intf2 192.168.54.209 255.255.255.255 172.17.12.3 1 route intf2 192.168.129.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.131.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.134.0 255.255.255.0 172.17.12.3 1
traffic outcomes from my default gateway coming out from 172.17.10.1, traffic out/in from /to network 192.168.x.x/16 is forwarded from intf2 this scenario works well.
but tomorrow i must add new two routers on 2 new interfaces and i would have this new scenario:
ISP ROUTER (.3 ) ISP ROUTER (.1)
\ I
172.17.14.0/30 \ I 172.17.10.0/30
\ I
INTF3(.2) \ I(OUTSIDE - .2)
(PARTNER)(.3)(172.17.13.0/29)INTF5(.2)PIX-INTF2(.2)(172.17.12.0/29)(.3)(PARTNER)
INSIDE (172.17.8.1/23)
I
I
I
I
I
MY LAN
and this would have to be future situation:
the traffic that outcomes from 172.17.8.1/25 coming out from
172.17.10.1
the traffic that outcomes from 172.17.8.128/25 coming out from a new interface 172.17.14.3 except traffic out/in from 192.168.0.0/16 coming out from 172.17.12.3 traffic that outcomes from 172.17.9.1/25 coming out from interface
172.17.14.3 except traffic out/in 192.168.0.0/16 coming out from
172.17.13.3
traffic outcomes from 172.17.9.128/25 coming out from 172.17.10.1
is it possible this scenario?
can you help me with this configuration?obbligatory i use NAT?
sorry for my bad english...
thanks in advance
MattTry these links:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094763.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094769.shtml -
Cisco BackUp Interface Operation Failing
OK Experts,
I have made this issue very simple for you guys to help me out.
I have two routers R22 and R23. I have configured the back up interface on R22 to be interface fas 0/1. Everything appears to be working fine. I issue the command show backup and I get the following on R22
r22#show backup
Primary Interface Secondary Interface Status
FastEthernet0/0 FastEthernet0/1 normal operation
r22#
Also I get the following:
FastEthernet0/1 10.10.13.2 YES manual standby mode down
However, when I shutdown interface fast 0/0 to test the back up interface fast 0/1 I get the following:
r22#show backup
Primary Interface Secondary Interface Status
FastEthernet0/0 FastEthernet0/1 disabled
r22#
FastEthernet0/1 10.10.13.2 YES manual standby mode/disabled down
So it doesn't work.
Attached are the configs.
I was wondering if someone could help me figure out why this won't work.
CheersHello Carlton,
there are some notes about your tests:
a) the configuration of the primary interface includes two logical interfaces main interface and a vlan based subinterfaces both fail when you disable fas0/0, the secondary interface has only IP configuration at main interface level
from your log files:
interface FastEthernet0/0
backup interface FastEthernet0/1
ip address 10.10.14.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/0.1
encapsulation dot1Q 12
ip address 10.10.12.2 255.255.255.0
You should remove the subinterface fas0/0.1 as a minimum to make interface configurations compatible,
b) the specific type of interface you would like to use for backup is LAN based Fastethernet.
The backup command had been introduced for providing a backup interface for serial interface and the secondary interface may be a serial interface or ISDN based ( in this case a DDR call is triggered over ISDN).
The dial backup command reference says that support for gigabit interfaces in C7600 has been later introduced.
see
http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_a1.html#wp1012054
The use of backup command may be supported or not for fastethernet interface on your routers.
If it is not supported, you can easily implement an alternate solution, because you are running OSPF in area 0 in all router interfaces
router ospf 1
log-adjacency-changes
>>network 0.0.0.0 255.255.255.255 area 0
So all you need to do is to increase OSPF cost on fas0/1 to create a backup path
on R22, R23:
conf t
interface fas0/1
ip ospf cost 50
Hope to help
Giuseppe -
WLC DHCP Settings - Under Dynamic Interface configuration
Hi Guys,
If I have a dynamic interface that is connected to a subnet where the router interfaces have DHCP servers configured under the helper address commands, do I need to configure the DHCP fields under the dynamic interface configuration?
I have helper address configured on the connected routers AND these fields configured with the same DHCP servers.
Just wondering if I can take the IPs out of the WLC configuration?
Many thx indeed,
KenKen, the DHCP address under the dynamic interface, is the address the WLC will unicast the DHCP request to when a client tries to use that interface. Under normal operation this address is needed. There is a way to get the WLC to bridge the packet to the wire so that it is a broadcast instead of a unicast packet. CLI command is config dhcp proxy disable.
But I do believe that even if you issue the CLI command, the software wants the DHCP address listed under the dynamic interface.
HTH,
Steve -
Network Interface Configuration
For Solaris 9,
<<Q1>> What is the following interfaces name means? le, hme? Which is the Ethernet port?
<<Q2>> Where is the networking configuration file stored in the Solaris 9?
<<Q3>>How to configure the network interfaces in Solaris 9?
<<Q4>> Did we need to restart the network after we have edit the network configuration? If, how to restart the network? (e.g. in Debian /etc/init.d/networking restart).
Please assist.You also posted this same question at another forum web site.
It appears your answer is going to be over there.
There's now no sense in duplicating it here.
['Network Interface Configuration' at www.LinuxQuestions.Org|http://www.linuxquestions.org/questions/solaris-opensolaris-20/network-interface-configuration-652192/] -
How to enter into interface configuration mode on aironet 1130AG
How can I enter into "interface configuration" on Aironet 1130AG, AIR-LAP1042N?
When I put following commands in enable
conf t
interface Dot11Radio1
but, it fails and I cannot enter into "interface configuration".
How can I do this ?
The reason why I enter into
conf t
interface Dot11Radio1
because I want to disable cdp via CLI ( serial console).
best regardsGeorge,
I ran into an exception the other day – lightweight 3500s (and presumably 3600s) are allowing config t without the debug precursor. The lab version I’m doing this on is 7.0.220.0. Do you have same/different results? I’m not sure if this is tied to the AP model or the lw code they’re running. I’ll need to do some more testing.
Justin -
Cisco 5508 interface design problem
Cisco 5508 interface design
now i have connect wlc into infra same picture but ap can't register into wlc. How create interface for this diagram. please help me because access switch is unmanage switch i can't config trunk on this.i can install for this solution this isn't ?
thank you for best support.
samyWhy are your AP's on different Vlans?
If you plan to create SSID's on different Vlans then you will need a trunk port to the WLC as the switch needs to pass tagged frames to it and the WLC needs to pass tagged frames back.
Out of interest, you are using a 5508 which is a fairly expensive piece of kit yet you are connecting it to an unmanaged switch. Why? -
Cisco Messaging Interface-Not Running
Hi All,
On the UCM 6.0 the Cisco Messaging Interface service is activated and when i check the status in 'control center feature services' it shows 'Not Running' and 'Activated'. If i start and refresh the page it again shows as 'Not Running'Hi Vineet,
This interface is only used in CCM to Legacy VM integrations (via SMDI) if you are not setup that way this is why you are seeing this :)
Cisco Messaging Interface Service
The Cisco Messaging Interface allows you to connect a simplified message desk interface (SMDI)-compliant external **Third Party** voice-mail system with the Cisco CallManager. The CMI service provides the communication between the voice-mail system and Cisco CallManager. The SMDI defines a way for a phone system to provide a voice-mail system with the information needed to intelligently process incoming calls.
Genrally the Cisco Messaging Interface (CMI) is a Cisco CallManager service that should be run only on the publisher server. This service intercepts calls destined for voicemail and generates appropriate SMDI messages, which are then delivered to one of the server's Component Object Model (COM) ports.
From this doc;
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a008037e2f3.html#wp1024396
Hope this helps!
Rob -
Cisco Messaging Interface down
Hi all,
I'm having an issue on a CUCM machine running 6.0.1.2112-1. If I run the RTMT I get to see numerous of alerts saying:
'Service status is DOWN.
Cisco Messaging Interface...'
The alert keeps popping up every 30 seconds.
Can anyone tell me what the cause of this alert could be, and how it can be solved?
With kind regards,
Paul van den IJssel
Digacom, The NetherlandsHello Paul --
I assume that you are using Cisco Unity/Unity Connection/Unity Express for the voicemail platform. If so, you will not need the Cisco Messaging Interface service and you can deactivate it from the serviceability pages. The service is only needed for external voicemail systems that are not Cisco.
Please let me know if you have any other questions. I hope this helps. Please rate helpful posts.
Thanks,
Ohamien -
Will Cisco sa520w interface with ProCurve 2626/2650? is the sa520w overkill?
Hey,
The company I work for recently bought another company. At the new company there is an old expired Firebox X 550e. I am planning to replace an old expired Firebox X 550e with a Cisco sa520w. Will the Cisco sa520w interface with ProCurve 2626 & ProCurve 2650 switches?
Would you recomand a different security appliance/router than the Cisco sa520w. The main business needs are hardware firewall, VPN access for MAC (snow leopard & lion) and Windows xp/7 pro.
The other router I have been looking at: RV220W.
If i got the sa520w i would ge the 3 year IPS + ProtectLink Web bundle.
Recommendations are welcome.
-MikeHey,
The company I work for recently bought another company. At the new company there is an old expired Firebox X 550e. I am planning to replace an old expired Firebox X 550e with a Cisco sa520w. Will the Cisco sa520w interface with ProCurve 2626 & ProCurve 2650 switches?
Would you recomand a different security appliance/router than the Cisco sa520w. The main business needs are hardware firewall, VPN access for MAC (snow leopard & lion) and Windows xp/7 pro.
The other router I have been looking at: RV220W.
If i got the sa520w i would ge the 3 year IPS + ProtectLink Web bundle.
Recommendations are welcome.
-Mike -
ACS-4.1 - doesn't display Radius(Nortel) in Interface configuration
We have one ACS running over Windows that we can see the Radius(Nortel) option in Interface Configuration.
Have anyone treated with this issue?That is probably because you have no AAA device configured for Radius (Nortel). IF you configure one, it will appear in the interface configuration
Nicolas
===
Don't forget to rate answers that you find useful -
Cisco ASA 5510 Backup Interface configuration
Hi Experts,
I am a newbie with Cisco Firewalls, pls help.
We have a BSNL Leased Line of 2MBPS with few Static IP's of Which 2 IP's are configured in Firewall 1 For the Outside Interface and one for publishing the DMZ server. Most of the times due to some reasons or the other the BSNL line is going down. so now I need to configure one another TATA Broadband 1MBPS Dialup Line as a Backup for the BSNL Line so as to provide a uninterupted Internet to our users.
Pls guide me the Steps
Thank in Advance.
Anish NHi Anish,
Check the below mentioned link for configuration.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml -
Hi,
I have configured cisco ASA 5505 but I can't get access to internet using my laptop connected to the ASA. I did not use the console but the graphical interface for the configuration. I changed the inside adress of the ASA and it is 192.168.2.1. From the inside I can't ping the material in outside and from outside I can't ping the laptop connected to the ASA.
Here is my configuration:
Result of the command: "show running-config"
: Saved
ASA Version 8.2(5)
hostname xxxxxxxxxxxxxxxxx
domain-name xxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxxxxxxxx encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.48 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name processia.com
access-list outside_access_in extended permit ip any any
access-list icmp_out_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ipv6 access-list outside_access_ipv6_in permit ip any any
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group icmp_out_in in interface outside
access-group outside_access_ipv6_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.2.2-192.168.2.129 inside
dhcpd dns 80.10.246.2 80.10.246.129 interface inside
dhcpd ping_timeout 5000 interface inside
dhcpd domain xxxxxxxxxxxxxxxxx interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
policy-map global_policy
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:7e6f35db321b722ca60009b0c0dc706e
: end
Thank you for your helpHi Sylla,
The static route you have configured for Internet access needs to be corrected:
route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.
-Mike -
Cisco ASA 5505 Configurations. Help... Beyond Frustrated
Hello All,
I'm fairly new to Cisco products and Network management in general. At my place of employment, I was hired as an IT Tech- Repair and Building computers, most aspects of Physical networking, and software refresh/upgrades as well as solving compatibility issues among a plethora of other things. I've configured APs, a couple Catalyst switches, a router or two, and that is about the breadth of my Cisco knowledge. I was kind of thrown into a project which is to update the current inventory of computers which all run Windows XP Professional. We are making a capital purchase of 20 Laptops and 40 Desktops all of which will run Windows 7. This means the outdated PIX they were using is now useless. I purchased a Cisco ASA 5505 (Version 8.2(1)) because it is compatible with Windows XP and Windows 7. I have spent several days and sleepless nights trying to figure out how to configure this thing. I was hoping to use SSL for the VPN. I did some basic configurations just to get started but like I said, I have no real experience with Adaptive Security Appliances and I am so frustrated right now. I tried using the Wizard to no avail. I did a write erase using CLI and tried to configure that way but I'm doing something wrong as far as I can tell. The configurations were mostly pulled from here, the Cisco Community, and a couple other web sites.
I’m connecting the ASA 5505 to a cable modem (gateway 24.39.245.33) and to our Netvanta for VPN purposes. Here are the commands/what I have configured so far:
hostname AMDASA
domain-name asa.(mydomain).com
enable password (encrypted)
passwd (encrypted)
interface Ethernet0/0
description TWCoutside
switchport access vlan 2
no shutdown
write mem
exit
interface Ethernet0/1
description Port1inside
switchport access vlan 1
no shutdown
write mem
exit
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.250 255.255.255.0
write mem
exit
interface Vlan2
nameif outside
security-level 0
ip address 24.39.245.36 255.255.255.240
write mem
exit
object-group icmp-type DefaultICMP
description Default ICMP Types permitted
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
write mem
exit
ftp mode passive
write mem
clock timezone EST -5
clock summer-time EDT recurring
write mem
exit
dns server-group DefaultDNS
domain-name asa.adcmotors.com
write mem
exit
access-list acl_outside extended permit icmp any any object-group DefaultICMP
access-group acl_outside in interface outside
access-list acl_inside extended permit icmp any any object-group DefaultICMP
access-group acl_inside in interface inside
write mem
exit
write mem
That is the extent of the configurations I made via CLI. I don't know how to set the DNS lookup from a static port and I have no idea what else I'm supposed to do after the above configurations I have done. Is there a place to actually obtain ALL of the configurations needed to VPN in? Is there an easier way to make this thing work? I've seriously grown a patch of gray hair because of this device. Please help me if you can!!!!!!Hi our desperate friend .
First I would suggest to use the Cisco VPN client instead of SSL VPN (AnyConnect). The configuration is a bit simpler and for the SSL VPN you would need to install the client on the ASA and purchase additional license if you plan to have more than 2 clients. The VPN Client usually comes with the ASA. If you dont have it or dont have access to download it from cisco.com go to the person from which you purchased your ASA and ask him how to get it.
That said, I also think that your ASA lacks of some basic configuration as of now. If you are planning to use this in replacement for your current PIX. You would need to configure a default route and some basic NAT:
route outside 0.0.0.0 0.0.0.0 24.39.245.33
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0
Now regarding the VPN Client configuration you would need to something like this:
Create an isakmp policy:
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
Create a couple of ACLs that we will use later:
access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list split_tun standard permit 192.168.0.0 255.255.255.0
Create a Pool for the VPN Clients to use:
ip local pool TestPool 192.168.100.1-192.168.100.20 mask 255.255.255.0
Create a Group Policy:
group-policy TEST internal
group-policy TEST attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tun
Create a group:
tunnel-group TEST type ipsec-ra
tunnel-group TEST general-attributes
address-pool TestPool
authentication-server-group ABTVPN
default-group-policy TEST
tunnel-group TEST ipsec-attributes
pre-shared-key cisco123
Create crypto map and do a NAT 0:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface outside
nat (inside) 0 access-l nonat
Finally create a user that you will use to connect:
username test password test123
Then you would need to configure your VPN Client to connect with the ASA.
Here is a config Example of VPN clients to the ASA. It uses an external server for the authentication but just skip those parts. For the initial config you might want to keep the authentication local.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
I hope this helps. Feel free to ask if you have any questions. Also it would very usefull if you could upload the current config (show run) of the ASA in case you need to ask something else.
Have fun.
Raga -
Does 6509 switch support CDP bypass feature when interface configured with IEEE 802.1X?
hi, guys
we are deploying CISCO video endpoints (SX 20) for out customers, as the access switch is 6509 which version is 12.2(33)SXJ5
following is the configuration on the interface, but the endpoints can not pass through the authentication, and also it can not get IP address
from DHCP server , so just want to know whether if the 6509 switch support CDP BYPASS feature?
interface GigabitEthernet x/xx
switchport
switchport access vlan 400
switchport mode access
switchport voice vlan 409
authentication host-mode multi-domain
authentication port-control auto
authentication timer reauthenticate 65535
authentication timer inactivity 120
authentication violation restrict
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x timeout supp-timeout 10
spanning-tree portfast edgeWhat image are you running now ? I am facing the same problem in 8.4(1) workround : upgrade to 8.4(2)GLX.
Maybe you are looking for
-
Hello, in linksys administration guide for SPA9000 the Day time format is defined as Start time: and End time. Is it possible to have more than one periods of Day time? For example lets say i want to define Day time beetween 08:00 and 13:00 an
-
Image viewed in Photoshop CC looks different when viewed in Elements 11 Organizer, why?
I'm viewing a Nikon raw file (.nef) in Bridge CC, Camera Raw, and then in Photoshop CC. In Camera Raw I've made some adjustments before viewing it in Photoshop. For cataloging I prefer to use Photoshop Elements 11 Organizer (there are several reaso
-
Problem with app (F110)
Hi all, When I am running APP F110 all the invoices are coming gin exception list only, And cheques r not creating and letters r not coming . can any one tell me the reason and solution please. Regards, Mahesh
-
I have just ordered a new macbook pro! I ordered the new one with retina display, but in the order it doesn't say anything but macbook pro 15". How do I know it's the right one?
-
Question about the vi : Average Last Five Values
Hello, I found the vi to make the average of the last five values here : https://decibel.ni.com/content/docs/DOC-4013 But i think that it is not really the average of the last five values... The problem in my opinion is that the shift register on the