Cisco CSS11501 - Interface Configuration

Similar Messages

• Pix515 multiple interface configuration

  Hi, actually i have this scenario:pix 515e version 6.2(2) with on board
  6 interfaces but now configure with 3 interfaces (in this mode):
  INTERNET ROUTER (ETH 172.17.10.1)
  I
  I
  I
  I(OUTSIDE - 172.17.10.2)
  PIX -INTF2--.2--------------(172.17.12.0/29)--------.3(PARTNER)
  INSIDE (172.17.8.1/23)
  I
  I
  I
  I
  MY LAN
  then 3 interfaces configuration without NAT.
  there are the static routes:
  route outside 0.0.0.0 0.0.0.0 172.17.10.1 1 route intf2 192.168.54.209 255.255.255.255 172.17.12.3 1 route intf2 192.168.129.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.131.0 255.255.255.0 172.17.12.3 1 route intf2 192.168.134.0 255.255.255.0 172.17.12.3 1
  traffic outcomes from my default gateway coming out from 172.17.10.1, traffic out/in from /to network 192.168.x.x/16 is forwarded from intf2 this scenario works well.
  but tomorrow i must add new two routers on 2 new interfaces and i would have this new scenario:
  ISP ROUTER (.3 ) ISP ROUTER (.1)
  \ I
  172.17.14.0/30 \ I 172.17.10.0/30
  \ I
  INTF3(.2) \ I(OUTSIDE - .2)
  (PARTNER)(.3)(172.17.13.0/29)INTF5(.2)PIX-INTF2(.2)(172.17.12.0/29)(.3)(PARTNER)
  INSIDE (172.17.8.1/23)
  I
  I
  I
  I
  I
  MY LAN
  and this would have to be future situation:
  the traffic that outcomes from 172.17.8.1/25 coming out from
  172.17.10.1
  the traffic that outcomes from 172.17.8.128/25 coming out from a new interface 172.17.14.3 except traffic out/in from 192.168.0.0/16 coming out from 172.17.12.3 traffic that outcomes from 172.17.9.1/25 coming out from interface
  172.17.14.3 except traffic out/in 192.168.0.0/16 coming out from
  172.17.13.3
  traffic outcomes from 172.17.9.128/25 coming out from 172.17.10.1
  is it possible this scenario?
  can you help me with this configuration?obbligatory i use NAT?
  sorry for my bad english...
  thanks in advance
  Matt

  Try these links:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094763.shtml
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094769.shtml

• Cisco BackUp Interface Operation Failing

  OK Experts,
  I have made this issue very simple for you guys to help me out.
  I  have two routers R22 and R23. I have configured the back up interface  on R22 to be interface fas 0/1. Everything appears to be working fine. I  issue the command show backup and I get the following on R22
  r22#show backup
  Primary Interface   Secondary Interface   Status
  FastEthernet0/0     FastEthernet0/1       normal operation
  r22#
  Also I get the following:
  FastEthernet0/1            10.10.13.2      YES manual standby mode          down
  However, when I shutdown interface fast 0/0 to test the back up interface fast 0/1 I get the following:
  r22#show backup
  Primary Interface   Secondary Interface   Status
  FastEthernet0/0     FastEthernet0/1       disabled
  r22#
  FastEthernet0/1            10.10.13.2      YES manual standby mode/disabled down
  So it doesn't work.
  Attached are the configs.
  I was wondering if someone could help me figure out why this won't work.
  Cheers

  Hello Carlton,
  there are some notes about your tests:
  a)  the configuration of the primary interface includes two logical interfaces main interface and a vlan based subinterfaces both fail when you disable fas0/0, the secondary interface has only IP configuration at main interface level
  from your log files:
  interface FastEthernet0/0
  backup interface FastEthernet0/1
  ip address 10.10.14.2 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/0.1
  encapsulation dot1Q 12
  ip address 10.10.12.2 255.255.255.0
  You should remove the subinterface fas0/0.1 as a minimum to make interface configurations compatible,
  b) the specific type of interface you  would like to use for backup is LAN based Fastethernet.
  The backup command had been introduced for providing a backup interface for serial interface and the secondary interface may be a serial interface or ISDN based ( in this case a DDR call is triggered over ISDN).
  The dial backup command reference says that support for gigabit interfaces in C7600 has been later introduced.
  see
  http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_a1.html#wp1012054
  The use of backup command may be supported or not for fastethernet interface on your routers.
  If it is not supported, you can easily implement an alternate solution, because you are running OSPF in area 0 in all router interfaces
  router ospf 1
  log-adjacency-changes
  >>network 0.0.0.0 255.255.255.255 area 0
  So all you need to do  is to increase OSPF cost on fas0/1 to create a backup path
  on R22, R23:
  conf t
  interface fas0/1
  ip ospf cost 50
  Hope to help
  Giuseppe

• WLC DHCP Settings - Under Dynamic Interface configuration

  Hi Guys,
  If I have a dynamic interface that is connected to a subnet where the router interfaces have DHCP servers configured under the helper address commands, do I need to configure the DHCP fields under the dynamic interface configuration?
  I have helper address configured on the connected routers AND these fields configured with the same DHCP servers.
  Just wondering if I can take the IPs out of the WLC configuration?
  Many thx indeed,
  Ken

  Ken, the DHCP address under the dynamic interface, is the address the WLC will unicast the DHCP request to when a client tries to use that interface. Under normal operation this address is needed. There is a way to get the WLC to bridge the packet to the wire so that it is a broadcast instead of a unicast packet. CLI command is config dhcp proxy disable.
  But I do believe that even if you issue the CLI command, the software wants the DHCP address listed under the dynamic interface.
  HTH,
  Steve

• Network Interface Configuration

  For Solaris 9,
  <<Q1>> What is the following interfaces name means? le, hme? Which is the Ethernet port?
  <<Q2>> Where is the networking configuration file stored in the Solaris 9?
  <<Q3>>How to configure the network interfaces in Solaris 9?
  <<Q4>> Did we need to restart the network after we have edit the network configuration? If, how to restart the network? (e.g. in Debian /etc/init.d/networking restart).
  Please assist.

  You also posted this same question at another forum web site.
  It appears your answer is going to be over there.
  There's now no sense in duplicating it here.
  ['Network Interface Configuration' at www.LinuxQuestions.Org|http://www.linuxquestions.org/questions/solaris-opensolaris-20/network-interface-configuration-652192/]

• How to enter into interface configuration mode on aironet 1130AG

  How can I enter into "interface configuration" on Aironet 1130AG, AIR-LAP1042N?
  When I put following commands in enable
  conf t
  interface Dot11Radio1
  but, it fails and I cannot enter into  "interface configuration".
  How can I do this ?
  The reason why I enter into
  conf t
  interface Dot11Radio1
  because I want to disable cdp via CLI ( serial console).
  best regards

  George,
  I ran into an exception the other day – lightweight 3500s (and presumably 3600s) are allowing config t without the debug precursor. The lab version I’m doing this on is 7.0.220.0. Do you have same/different results? I’m not sure if this is tied to the AP model or the lw code they’re running. I’ll need to do some more testing.
  Justin

• Cisco 5508 interface design problem

  Cisco 5508 interface design
  now i have connect wlc into infra same picture but ap can't register into wlc. How create interface for this diagram. please help me because access switch is unmanage switch i can't config trunk on this.i can install for this solution this isn't ?
  thank you for best support.
  samy

  Why are your AP's on different Vlans?
  If you plan to create SSID's on different Vlans then you will need a trunk port to the WLC as the switch needs to pass tagged frames to it and the WLC needs to pass tagged frames back.
  Out of interest, you are using a 5508 which is a fairly expensive piece of kit yet you are connecting it to an unmanaged switch. Why?

• Cisco Messaging Interface-Not Running

  Hi All,
  On the UCM 6.0 the Cisco Messaging Interface service is activated and when i check the status in 'control center feature services' it shows 'Not Running' and 'Activated'. If i start and refresh the page it again shows as 'Not Running'

  Hi Vineet,
  This interface is only used in CCM to Legacy VM integrations (via SMDI) if you are not setup that way this is why you are seeing this :)
  Cisco Messaging Interface Service
  The Cisco Messaging Interface allows you to connect a simplified message desk interface (SMDI)-compliant external **Third Party** voice-mail system with the Cisco CallManager. The CMI service provides the communication between the voice-mail system and Cisco CallManager. The SMDI defines a way for a phone system to provide a voice-mail system with the information needed to intelligently process incoming calls.
  Genrally the Cisco Messaging Interface (CMI) is a Cisco CallManager service that should be run only on the publisher server. This service intercepts calls destined for voicemail and generates appropriate SMDI messages, which are then delivered to one of the server's Component Object Model (COM) ports.
  From this doc;
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a008037e2f3.html#wp1024396
  Hope this helps!
  Rob

• Cisco Messaging Interface down

  Hi all,
  I'm having an issue on a CUCM machine running 6.0.1.2112-1. If I run the RTMT I get to see numerous of alerts saying:
  'Service status is DOWN.
  Cisco Messaging Interface...'
  The alert keeps popping up every 30 seconds.
  Can anyone tell me what the cause of this alert could be, and how it can be solved?
  With kind regards,
  Paul van den IJssel
  Digacom, The Netherlands

  Hello Paul --
  I assume that you are using Cisco Unity/Unity Connection/Unity Express for the voicemail platform. If so, you will not need the Cisco Messaging Interface service and you can deactivate it from the serviceability pages. The service is only needed for external voicemail systems that are not Cisco.
  Please let me know if you have any other questions. I hope this helps. Please rate helpful posts.
  Thanks,
  Ohamien

• Will Cisco sa520w interface with ProCurve 2626/2650? is the sa520w overkill?

  Hey,
  The company I work for recently bought another company. At the new company there is an old expired Firebox X 550e. I am planning to replace an old expired Firebox X 550e with a Cisco sa520w. Will the Cisco sa520w interface with ProCurve 2626 & ProCurve 2650 switches?
  Would you recomand a different security appliance/router than the Cisco sa520w. The main business needs are hardware firewall, VPN access for MAC (snow leopard & lion) and Windows xp/7 pro.
  The other router I have been looking at: RV220W.
  If i got the sa520w i would ge the 3 year IPS + ProtectLink Web bundle.
  Recommendations are welcome.
  -Mike

  Hey,
  The company I work for recently bought another company. At the new company there is an old expired Firebox X 550e. I am planning to replace an old expired Firebox X 550e with a Cisco sa520w. Will the Cisco sa520w interface with ProCurve 2626 & ProCurve 2650 switches?
  Would you recomand a different security appliance/router than the Cisco sa520w. The main business needs are hardware firewall, VPN access for MAC (snow leopard & lion) and Windows xp/7 pro.
  The other router I have been looking at: RV220W.
  If i got the sa520w i would ge the 3 year IPS + ProtectLink Web bundle.
  Recommendations are welcome.
  -Mike

• ACS-4.1 - doesn't display Radius(Nortel) in Interface configuration

  We have one ACS running over Windows that we can see the Radius(Nortel) option in Interface Configuration.
  Have anyone treated with this issue?

  That is probably because you have no AAA device configured for Radius (Nortel). IF you configure one, it will appear in the interface configuration
  Nicolas
  ===
  Don't forget to rate answers that you find useful

• Cisco ASA 5510 Backup Interface configuration

  Hi Experts,
  I am a newbie with Cisco Firewalls, pls help.
  We have a BSNL Leased Line of 2MBPS with few Static IP's of Which 2 IP's are configured in Firewall 1 For the Outside Interface and one for publishing the DMZ server. Most of the times due to some reasons or the other the BSNL line is going down. so now I need to configure one another TATA Broadband 1MBPS Dialup Line as a Backup for the BSNL Line so as to provide a uninterupted Internet to our users.
  Pls guide me the Steps
  Thank in Advance.
  Anish N

  Hi Anish,
  Check the below mentioned link for configuration.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

• Cisco ASA 5505 configuration

  Hi,
  I have configured cisco ASA 5505 but I can't get access to internet using my laptop connected to the ASA. I did not use the console but the graphical interface for the configuration. I changed the inside adress of the ASA and it is 192.168.2.1. From the inside I can't ping the material in outside and from outside I can't ping the laptop connected to the ASA.
  Here is my configuration:
  Result of the command: "show running-config"
  : Saved
  ASA Version 8.2(5)
  hostname xxxxxxxxxxxxxxxxx
  domain-name xxxxxxxxxxxxxxxxxxx
  enable password xxxxxxxxxxxxxx encrypted
  passwd xxxxxxxxxxxxxxxxxxxx encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 192.168.1.48 255.255.255.0
  ftp mode passive
  dns server-group DefaultDNS
  domain-name processia.com
  access-list outside_access_in extended permit ip any any
  access-list icmp_out_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ipv6 access-list outside_access_ipv6_in permit ip any any
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  access-group icmp_out_in in interface outside
  access-group outside_access_ipv6_in in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.2.2-192.168.2.129 inside
  dhcpd dns 80.10.246.2 80.10.246.129 interface inside
  dhcpd ping_timeout 5000 interface inside
  dhcpd domain xxxxxxxxxxxxxxxxx interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  policy-map global_policy
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:7e6f35db321b722ca60009b0c0dc706e
  : end
  Thank you for your help

  Hi Sylla,
  The static route you have configured for Internet access needs to be corrected:
  route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
  The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.
  -Mike

• Cisco ASA 5505 Configurations. Help... Beyond Frustrated

  Hello All,
  I'm fairly new to Cisco products and Network management in general. At my place of employment, I was hired as an IT Tech- Repair and Building computers, most aspects of Physical networking, and software refresh/upgrades as well as solving compatibility issues among a plethora of other things. I've configured APs, a couple Catalyst switches, a router or two, and that is about the breadth of my Cisco knowledge. I was kind of thrown into a project which is to update the current inventory of computers which all run Windows XP Professional. We are making a capital purchase of 20 Laptops and 40 Desktops all of which will run Windows 7. This means the outdated PIX they were using is now useless. I purchased a Cisco ASA 5505 (Version 8.2(1)) because it is compatible with Windows XP and Windows 7. I have spent several days and sleepless nights trying to figure out how to configure this thing. I was hoping to use SSL for the VPN. I did some basic configurations just to get started but like I said, I have no real experience with Adaptive Security Appliances and I am so frustrated right now. I tried using the Wizard to no avail. I did a write erase using CLI and tried to configure that way but I'm doing something wrong as far as I can tell. The configurations were mostly pulled from here, the Cisco Community, and a couple other web sites.
  I’m connecting the ASA 5505 to a cable modem (gateway 24.39.245.33) and to our Netvanta for VPN purposes. Here are the commands/what I have configured so far:
  hostname AMDASA
  domain-name asa.(mydomain).com
  enable password (encrypted)
  passwd (encrypted)
  interface Ethernet0/0
  description TWCoutside
  switchport access vlan 2
  no shutdown
  write mem
  exit
  interface Ethernet0/1
  description Port1inside
  switchport access vlan 1
  no shutdown
  write mem
  exit
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.250 255.255.255.0
  write mem
  exit
  interface Vlan2
  nameif outside
  security-level 0
  ip address 24.39.245.36 255.255.255.240
  write mem
  exit
  object-group icmp-type DefaultICMP
  description Default ICMP Types permitted
  icmp-object echo-reply
  icmp-object unreachable
  icmp-object time-exceeded
  write mem
  exit
  ftp mode passive
  write mem
  clock timezone EST -5
  clock summer-time EDT recurring
  write mem
  exit
  dns server-group DefaultDNS
  domain-name asa.adcmotors.com
  write mem
  exit
  access-list acl_outside extended permit icmp any any object-group DefaultICMP
  access-group acl_outside in interface outside
  access-list acl_inside extended permit icmp any any object-group DefaultICMP
  access-group acl_inside in interface inside
  write mem
  exit
  write mem
  That is the extent of the configurations I made via CLI. I don't know how to set the DNS lookup from a static port and I have no idea what else I'm supposed to do after the above configurations I have done. Is there a place to actually obtain ALL of the configurations needed to VPN in? Is there an easier way to make this thing work? I've seriously grown a patch of gray hair because of this device. Please help me if you can!!!!!!

  Hi our desperate friend .
  First I would suggest to use the Cisco VPN client instead of SSL VPN (AnyConnect). The configuration is a bit simpler and for the SSL VPN you would need to install the client on the ASA and purchase additional license if you plan to have more than 2 clients. The VPN Client usually comes with the ASA. If you dont have it or dont have access to download it from cisco.com go to the person from which you purchased your ASA and ask him how to get it.
  That said, I also think that your ASA lacks of some basic configuration as of now.  If you are planning to use this in replacement for your current PIX. You would need to configure a default route and some basic NAT:
  route outside 0.0.0.0 0.0.0.0 24.39.245.33
  global (outside) 1 interface
  nat (inside) 1 192.168.0.0  255.255.255.0
  Now regarding the VPN Client configuration you would need to something like this:
  Create an isakmp policy:
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha    
  group 2
  lifetime 86400
  Create a couple of ACLs that we will use later:
  access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list split_tun standard permit 192.168.0.0 255.255.255.0
  Create a Pool for the VPN Clients to use:
  ip local pool TestPool 192.168.100.1-192.168.100.20 mask 255.255.255.0
  Create a Group Policy:
  group-policy TEST internal
  group-policy TEST attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split_tun
  Create a group:
  tunnel-group TEST type ipsec-ra
  tunnel-group TEST general-attributes
  address-pool TestPool
  authentication-server-group ABTVPN
  default-group-policy TEST
  tunnel-group TEST ipsec-attributes
  pre-shared-key cisco123
  Create crypto map and do a NAT 0:
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map Outside_dyn_map 10 set transform-set ESP-3DES-SHA
  crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map
  crypto map Outside_map interface outside
  nat (inside) 0 access-l nonat
  Finally create a user that you will use to connect:
  username test password test123
  Then you would need to configure your VPN Client to connect with the ASA.
  Here is a config Example of VPN clients to the ASA. It uses an external server for the authentication but just skip those parts. For the initial config you might want to keep the authentication local.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
  I hope this helps. Feel free to ask if you have any questions. Also it would very usefull if you could upload the current config (show run) of the ASA in case you need to ask something else.
  Have fun.
  Raga

• Does 6509 switch support CDP bypass feature when interface configured with IEEE 802.1X?

   hi, guys
          we are deploying CISCO video endpoints (SX 20) for out customers, as the access switch is 6509 which version is 12.2(33)SXJ5
  following is the configuration on the interface, but the endpoints can not pass through the authentication, and also it can not get  IP address
  from DHCP server , so just want to know whether if the 6509 switch support CDP BYPASS feature?
  interface GigabitEthernet x/xx
   switchport
   switchport access vlan 400
   switchport mode access
   switchport voice vlan 409
   authentication host-mode multi-domain
   authentication port-control auto
   authentication timer reauthenticate 65535
   authentication timer inactivity 120
   authentication violation restrict
   dot1x pae authenticator
   dot1x timeout tx-period 5
   dot1x timeout supp-timeout 10
   spanning-tree portfast edge

  What image are you running now ? I am facing the same problem in 8.4(1) workround : upgrade to 8.4(2)GLX.