Cisco CUEAC 9.1 configurations
I have installed Cisco CUEAC 9.1. In User Configuration mode then in Queue MGMT option, i am unable to find Queue DDI option like as in previous version 8.6. We have following options.
1. Name
2. Queue DDI
3. Priority
4. Saluation
But in 9.1 version, we got these options.
1. Name
2. Priority
3. Saluation
All other Directory, CUCM are synced working correctly. Only Queue DDI option is missing. I also tried by making DDI manual CTI route points & then synced but all in vain. Need Help regarding this issue.
Regards;
Humza Khan
Alhumdulillah, I has successfully solved this issue thank you for your entire support.
Regards;
Humza Khan
Similar Messages
-
I remove default VOIP Monitor Service in "Cisco desktop administrator>Services Configuration > Multiline, Monitoring & Recording >Remove VoIP/Recording & Playback Services". Now I can't choose in "Services Configuration > Multiline, Monitoring & Recording > VoIP Monitoring Device" Default VOIP Monitor Service. How can I return choice my VOIP Monitor Service(IP UCCX)?
Hi Kalitamih,
This can be regenerated by the Cisco Desktop VOIP Monitor Service.
Please stop the service and start it (do not restart). Let me know how it goes and if it resolves the problem.
Regards,
Arundeep -
Cisco 2504 Local radius configuration, is their any ways for backing up the user db? In case the WLC dies
Please find the guide to keep the backup:-
http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0/configuration/guide/c70mfw.html#wp1063850 -
License Cisco ESA in Cluster Configuration
Guys,
Do you have any idea about license Cisco ESA in Cluster Configuration
> If i have two appliance in cluster configuration and i have 1000 user, which option for license i must buy ?
1. Just one license for two appliance (which in cluster configuration) with 1000 user capacity
2. Two license with 500 user capacity for each appliance, appliance 1 with 500 user capacity license appliance 2 500 user capacity license
3. Other license.
BRYou only need to buy 1000 user licenses for which ever options or packages you buy. The only option that is not based on the number of users is if you want a Cisco Content Security Management Appliance or SMA for centralized reporting and quarantine.
Another good thing to note, is that if you have a virtual environment the hardware appliances are no longer required, and are not nearly as expensive as they were in the past. So depending on your requirements you may be off the ground pretty quick.
Also make sure to get all your features bundled. I would at least get AMP, Sophos A/V, DLP, and Encryption. This also means you can transfer and copy your license to as many appliances (Physical or Virtual) you need to support your environment. -
Juniper SSG and Cisco ACS v5.x Configuration
I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma. I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.
Configure the Juniper (CLI)
1. Add the Cisco ACS and TACACS+ configuration
set auth-server CiscoACSv5 id 1
set auth-server CiscoACSv5 server-name 192.168.1.100
set auth-server CiscoACSv5 account-type admin
set auth-server CiscoACSv5 type tacacs
set auth-server CiscoACSv5 tacacs secret CiscoACSv5
set auth-server CiscoACSv5 tacacs port 49
set admin auth server CiscoACSv5
set admin auth remote primary
set admin auth remote root
set admin privilege get-external
Configure the Cisco ACS v5.x (GUI)
1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
Create the Juniper Shell Profile.
Click the [Create] button at the bottom of the page
Select the General tab
Name: Juniper
Description: Custom Attributes for Juniper SSG320M
Select the Custom Attributes tab
Add the vsys attribute:
Attribute: vsys
Requirement: Manadatory
Value: root
Click the [Add^] button above the Attribute field
Add the privilege attribute:
Attribute: privilege
Requirement: Manadatory
Value: root
Note: you can also use 'read-write' but then local admin doesn't work correctly
Click the [Add^] button above the Attribute field
Click the [Submit] button at the bottom of the page
2. Navigate to Access Policies > Access Services > Default Device Admin > Authorization
Create the Juniper Authorization Policy and filter by Device IP Address.
Click the [Customize] button at the bottom Right of the page
Under Customize Conditions, select Device IP Address from the left window
Click the [>] button to add it
Click the [OK] button to close the window
Click the [Create] button at the bottom of the page to create a new rule
Under General, name the new rule Juniper, and ensure it is Enabled
Under Conditions, check the box next to Device IP Address
Enter the ip address of the Juniper (192.168.1.100)
Under Results, click the [Select] button next to the Shell Profile field
Select 'Juniper' and click the [OK] button
Under Results, click the [Select] button below the Command Sets (if used) field
Select 'Permit All' and ensure all other boxes are UNCHECKED
Click the [OK] button to close the window
Click the [OK] button at the bottom of the page to close the window
Check the box next to the Juniper policy, then move the policy to the top of the list
Click the [Save Changes] button at the bottom of the page
3. Login to the Juniper CLI and GUI, and attempt to change something to verify privilege level.Cisco Prime LMS is not designed to manage appliances like the ACS. ACS is not on the LMS supported device list and I would doubt that it would be as LMS's functions are mostly not applicable to the appliance or software running on it.
You can use ACS as an authentication source for LMS, but authorization is still role-based according to the local accounts on the LMS server. -
Hi,
I have installed Cisco CUEAC 9.1, every thing synced but Queue DDI option is not available. I tried to use Name as DDI but didn't work. But in Version 8.6 we have DDI Queue option right under Name option.
I need support on this issue urgently.
Regards;
Humza KhanAlhumdulillah, I has successfully solved this issue thank you for your entire support.
Regards;
Humza Khan -
Site to Site calling issue - Cisco 2911 Dial Peer Configuration
My customer dials from remote site to main site to their main site number, the call by-passes their auto attendant and goes directly to any random available party.
At first fingers were pointing to the their PBX, however we noticed one of their sites that wasn't managed by our company did not have the issue. We cut that site over to our service and the issue started right up. I believe it is possibly due to the way the dial peers are configured and how the calls route into the PBX. Unfortunately I do not understand much about them and curious to know if anyone has any history on a issue similiar to this or any input whatsoever?
Cisco equipment/Dialpeer config below ........
co IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2) - Cisco CISCO2911/K9
dial-peer voice 100 voip
description --- VoIP Dial-Peer ---
translation-profile outgoing 7digit
huntstop
preference 1
service session
destination-pattern .T
progress_ind setup enable 3
session protocol sipv2
session target sip-server
incoming called-number .T
voice-class codec 99
dtmf-relay rtp-nte
fax-relay ecm disable
fax rate 14400
fax nsf 000000
ip qos dscp af41 signaling
no vad
dial-peer voice 150 voip
permission none
description 900 block
huntstop
destination-pattern 1900T
session protocol sipv2
session target sip-server
voice-class codec 99
dtmf-relay rtp-nte
ip qos dscp af41 signaling
no vad
dial-peer voice 151 voip
permission none
description 900 block
huntstop
destination-pattern 900T
session protocol sipv2
session target sip-server
voice-class codec 99
dtmf-relay rtp-nte
ip qos dscp af41 signaling
no vad
dial-peer voice 101 pots
description --- INCOMING Calls from PBX ---
incoming called-number .T
direct-inward-dial
dial-peer voice 1001 pots
description --- Calls to the PBX ---
preference 3
destination-pattern .T
port 0/0/1:23
forward-digits 4
Here is some ISDN debug information
BAD CALL
Protocol Profile = Networking Extensions
0xA11C0201420201008014484152545F20484F54454C535F434C4159544F4E
Component = Invoke component
Invoke Id = 66
Operation = CallingName
Name Presentation Allowed Extended
Name = XXXXXXXXXXX
Display i = ''XXXXXXXXXXX''
Calling Party Number i = 0x2180, ''XXXXXXXXXX''
Plan:ISDN, Type:National
Called Party Number i = 0x80, ''6551''
Plan:Unknown, Type:Unknown
Aug 19 16:10:47.242 GMT: ISDN Se0/0/1:23 Q931: RX <- ALERTING pd = 8 callref = 0xAB15
Channel ID i = 0xA98381
Exclusive, Channel 1
Aug 19 16:11:02.634 GMT: ISDN Se0/0/1:23 Q931: RX <- CONNECT pd = 8 callref = 0xAB15
Channel ID i = 0xA98381
Exclusive, Channel 1
Aug 19 16:11:02.634 GMT: ISDN Se0/0/1:23 Q931: TX -> CONNECT_ACK pd = 8 callref = 0x2B15
GOOD CALL
Protocol Profile = Networking Extensions
0xA116020144020100800E475245454E204D4F554E5441494E
Component = Invoke component
Invoke Id = 68
Operation = CallingName
Name Presentation Allowed Extended
Name = XXXXXXXXXXXXXXXXXX
Display i = ''XXXXXXXXXXX''
Calling Party Number i = 0x2180, ''XXXXXXXXXX''
Plan:ISDN, Type:National
Called Party Number i = 0x80, 'XXXX''
Plan:Unknown, Type:Unknown
Aug 19 16:15:07.999 GMT: ISDN Se0/0/1:23 Q931: RX <- ALERTING pd = 8 callref = 0xAB17
Channel ID i = 0xA98381
Exclusive, Channel 1I done the configration via CCA and the running conf i can see two voip dial peer. this is the site where all trunk line roured. Customer from other site2 needs to call outside by taking line from site1.
dial-peer voice 2100 voip
corlist incoming call-internal
description **CCA*INTERSITE inbound call to SITE 1
translation-profile incoming multisiteInbound
incoming called-number 82...
voice-class h323 1
dtmf-relay h245-alphanumeric
fax protocol cisco
no vad
dial-peer voice 2101 voip
corlist incoming call-internal
description **CCA*INTERSITE outbound calls to SITE2
translation-profile outgoing multisiteOutbound
destination-pattern 81...
session target ipv4:192.168.50.1
voice-class h323 1
dtmf-relay h245-alphanumeric
fax protocol cisco
no vad
no dial-peer outbound status-check pots -
Cisco ASA 8.6 configuration issues
Hello all ,
internet router-----------outside------------- ASA -------inside-------------cisco 3750 (----A----)
|
|
DMZ
|
|
Cisco 3750 (-----B---)
1- switch A -- wireless User + Cisco Wireless Ip phones
2- Switch B -- CUCM
Problem discriptiom :
--- from switch A i can not ping SwitchB (DMZ) so ip phones can not reached to CUCM
--- on switchA 4 VLANS are configured with Different SSIDs and internet is working fine .
--- on Switch A i want 2 VLANs (vlan60 and vlan 80) to communicate with DMZ also (Not working )
## some relevent Config is as under :
SWITCH A CONFIG
===============
vlan internal allocation policy ascending
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
interface GigabitEthernet1/0/1
switchport access vlan 60
switchport mode access
spanning-tree portfast
|
|
|
|
|
|
interface GigabitEthernet1/0/23
description **connected to ASA-Inside**
switchport access vlan 100
switchport mode access
interface Vlan10
ip address X.X.100.5 255.255.255.0
interface Vlan50
ip address X.X.6.12 255.255.255.0
interface Vlan60
ip address X.X.8.251 255.255.255.0
interface Vlan80
ip address X.X.10.251 255.255.255.0
interface Vlan100
ip address X.X.20.1 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.20.2
=========================================
ASA CONFIG
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address X.X.20.2 255.255.255.0
|
|
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address X.X.21.2 255.255.255.0
|
|
interface GigabitEthernet0/5
nameif outside
security-level 0
ip address 192.168.2.5 255.255.255.0
|
|
object network IN-OUT
subnet 0.0.0.0 0.0.0.0
object network W-PHONE
subnet X.X.10.0 255.255.255.0
object network BECA-WIRELESS-USER
subnet X.X.8.0 255.255.255.0
pager lines 24
|
|
nat (inside,outside) source dynamic IN-OUT interface
nat (inside,DMZ) source dynamic W-PHONE interface
nat (inside,DMZ) source dynamic BECA-WIRELESS-USER interface
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
route inside X.X.6.0 255.255.255.0 X.X.20.1 1
route inside X.X.7.0 255.255.255.0 X.X.20.1 1
route inside X.X.8.0 255.255.255.0 X.X.20.1 1
route inside X.X.10.0 255.255.255.0 X.X.20.1 1
timeout xlate 3:00:00
============================================
switch B
interface GigabitEthernet1/0/17
switchport access vlan 50
switchport mode access
switchport voice vlan 20
spanning-tree portfast
interface GigabitEthernet1/0/18
switchport access vlan 50
switchport mode access
interface Vlan10
ip address X.X.100.1 255.255.255.0
interface Vlan20
ip address X.X.7.1 255.255.255.0
ip helper-address X.X.6.6
interface Vlan50
ip address X.X.6.30 255.255.255.0
ip helper-address X.X.6.6
interface Vlan60
ip address X.X.8.252 255.255.255.0
interface Vlan101
ip address X.X.21.1 255.255.255.0
ip forward-protocol nd
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 X.X.6.4
ip route X.X.6.0 255.255.255.0 X.X.21.2
ip route X.X.7.0 255.255.255.0 X.X.21.2We would also need to see the ACL configuration of the ASA as this is what actually controls the flow of traffic, that is if routing is correct which it seems to be from your configuration.
What you can do is run a packet-tracer on the ASA to see if the packet is allowed through the ASA:
packet-tracer input inside tcp 12345 detail
This should give you an indication where or if there is a misconfiguration on the ASA.
Please post the output here if you require further assistance. Also a full ASA configuration (remove public IPs and passwords) would help to identify the issue.
Please remember to rate and select a correct answer -
HOME#sho run
Building configuration...
Current configuration : 5657 bytes
! Last configuration change at 10:51:11 UTC Fri May 17 2013 by admin
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HOME
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 $1$bgx9$VrtQW3Wg182VyYhKAHLbN.
no aaa new-model
memory-size iomem 10
crypto pki trustpoint TP-self-signed-1190003239
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1190003239
revocation-check none
rsakeypair TP-self-signed-1190003239
crypto pki certificate chain TP-self-signed-1190003239
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313930 30303332 3339301E 170D3133 30353137 31303333
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31393030
30333233 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C002 80BBF151 E095E469 AA7DBB18 2A9E3CC2 4AC223F6 ABE0AF49 876C1203
65D0E246 786F174D E5B7897A 44C5755A 2571E58A 184A6C62 DD992A2A D8A24878
25A8D3C3 03F5D3C2 522EC8BB 302B0CCD 2945087A 7AF01418 D0056679 6F64DB4A
BE2D5DA1 106CD03A 83B422A2 3CCBAE88 F2413123 12269390 6949DFE0 411118E7
8F210203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12484F4D 452E7777 772E7961 686F6F2E 636F6D30 1F060355
1D230418 30168014 3D2D854D 1203F50D 77F4ABC5 B61CEAF6 C922F4DF 301D0603
551D0E04 1604143D 2D854D12 03F50D77 F4ABC5B6 1CEAF6C9 22F4DF30 0D06092A
864886F7 0D010104 05000381 8100B24C 48BACACE 87ADEA03 386F2045 CC89624A
4EB1AD09 062EB2A4 CF4C96CA 0B2CF001 BD2C3804 8DC47FED 6A5B5F0D 3965AC6E
4FC4682F 707E4132 8F27C083 C7FAE1BD 21D055E6 C79D5DAD 051B6321 D35DB4F2
044E6BBD DAD08B6A 6ED87C7E 08F4F7E1 4EFDFB6F 867AF6FA 84165CFC D219D56F
A82EABD4 AD9CFA24 A5088145 E571
quit
ip source-route
ip routing protocol purge interface
ip dhcp excluded-address 10.10.10.1
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
domain-name www.google.com
dns-server 192.168.1.1
lease 0 2
ip cef
ip domain name www.yahoo.com
ip name-server 84.235.6.55
ip name-server 84.235.57.230
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FCZ1516933C
username admin privilege 15 password 0 cisco
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address dhcp
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip nat enable
ip virtual-reassembly
ip tcp adjust-mss 1452
interface Vlan2
no ip address
ip nat inside
ip virtual-reassembly
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^C
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
banner motd ^Cuthorized ^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password cisco
logging synchronous
login local
transport input telnet ssh
scheduler max-task-time 5000
endHOME#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
HOME#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset down down
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 192.168.1.120 YES DHCP up up
NVI0 10.10.10.1 YES unset up up
Vlan1 10.10.10.1 YES NVRAM down down
Vlan2 unassigned YES NVRAM down down
HOME#
fast ethernet is connected to my internet connection -
Cisco PI 2.0 Configuration Archive fails Nexus 5000
Hi,
we recently upgraded Cisco PI from 1.3 to 2.0 and i thought this problem would be solved but it did not. I have added two Nexus 5548 switches that i can monitor and configure through Cisco Prime but im not able to read the running och startup config to the Configuration Archive. When i run the job i get the following error:
"fig from device: java.net.SocketTimeoutException: Read timed out"
Current NXOS: 5.2(1)N1(2a)
Before i proceed troubleshooting i just would like an answer if it should be possible to archive configs from Nexus to Cisco Prime Infrastructure?
Cheers! // Mattias AnderssonThanks for the quick reply! Well, i did some more troubleshooting and i noticed that through Ethanalyzer and inspected the telnet packets that Prime tries to set the terminal lenght and width before it shows the running-config but it fails as it is in the default role of priv-0, and therefore gets % Permission denied. So, it times out after 2,5 min.
I added these two lines and worked like a charm!
role name priv-0
rule 12 permit command terminal length *
rule 11 permit command terminal width * -
Cisco Aironet 1130AG WPA2 Configuration
Hi everyone,
First of all, let me introduice myself. I just graduated as an IT-engineer and started working in a company who gives support to their users, but also does installations. One day a week I am permanent located with 1 customer. I give support to users, but also implement new systems. I really love networking, but it's really not my strongest point. Especcialy when it comes to CLI. So I was hoping you could help me.
With this customer they have 4 floors with on each floor a Cisco Aironet 1130AG. At the moment they are using WEP as a protection with a really long key. The users find this annoying, but I am more concerned about the security perspective. So I want to implement WPA2 with a shorter key for the people to remember. On one floor, I also want to add a public network when other people want to connect and just need internet access.
Is it possible you guys could help me change the current set-up and give advices regarding the security and implementation. For me I would be great if all of the Access Points could work togheter and just be 1 wireless network. I don't know if this is possible and how to do it? For the public network I know there also need to be some changes in VLAN's, so I would appreciate the help there for setting up trunks. The firewall is a cisco ASA5505.
At the moment I am running this configuration:
I tried setting up this with the GUI, but it doesn't look like the configuration at the moment is shown in the GUI or maybe I am just looking in the wrong places.
Thanks again for helping me configure this!! Much appreciated!
!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO-AP-V0!enable secret 5 $1$vhoF$wv3N1r1sMiiuhGgQTpx5b0!no aaa new-model!!!dot11 ssid private-v0 authentication open guest-mode!power inline negotiation prestandard source!!username Cisco password 7 14341B180F0B!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 FD0B4EB47C9301A55E6A685157C8 transmit-key encryption mode wep mandatory ! ssid private-v0 ! speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 packet retries 128 drop-packet station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption key 1 size 128bit 7 4A476E1E760D683C46307A755A29 transmit-key encryption mode wep mandatory ! ssid private-v0 ! no dfs band block speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.2.220 255.255.255.0 no ip route-cache!ip default-gateway 192.168.2.1ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagbridge 1 route ip!!!line con 0line vty 0 4 login local!endLook at those:
www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008055c39a.shtml
HTH
Amjad -
Cisco SG300 Network Expansion (Configure 2 Switches)
I’m currently in the process of expanding my network having bought a second Cisco SG300-20 which is now sitting in my lab, my current setup is described below
Internet
^
|
Draytek Router 192.168.1.1
^
|
Cisco SG300-20 192.168.1.2
^
|
VLAN 12 Workstations interface 10.0.12.1
VLAN 13 Management interface 10.0.13.1
VLAN 14 Pubic interface 10.0.14.1
VLAN 15 Private interface 10.0.15.1
VLAN 20 Storage interface 10.0.20.1
I then have a number of servers with multiple nics that run on the various VLANS attached to certain ports in the Cisco Switch
VLAN 12 and 14 have been given access to the internet with routes added to Draytek to 10.0.12.1 / 10.0.14.1
Now what I want to do is to expand the network running a link from my first switch to the new switch. Ive read a number of notes on this forum but confused as to what I need to do.
I want the new switch to have access to all the VLANS configured on the first switch and will set the ports access to the various VLANs for each server that is being connected.
Have read that its best to have any additional switches on the network configured as Layer 2 and leave just one switch to do the routing (is that correct?). So have left the new switch as Layer 2 and given it an IP of 192.168.1.3
So the first question is how do I configure the uplink port from switch 1 (Port Gi2) to Switch 2 (Port Gi1).
Should I run multiple cables and create a LAG between the two switches? Allowing for additional bandwidth (I stream a lot of HD movies across the network to the workstations)
I have attached my running config from switch 1 below.
Any help would be appreciated, unfortunately networks are not my strong point.
prcswitch01#show running-config
config-file-header
prcswitch01
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end XXXXXX
vlan database
vlan 12-15,20
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network Workstations
address low 10.0.12.20 high 10.0.12.100 255.255.255.0
lease infinite
default-router 10.0.12.1
dns-server 10.0.15.200 8.8.8.8
exit
bonjour interface range vlan 1
hostname prcswitch01
username cisco password encrypted XXXXXXX privilege 15
ip ssh server
interface vlan 1
ip address 192.168.1.2 255.255.255.0
no ip address dhcp
interface vlan 12
name Workstations
ip address 10.0.12.1 255.255.255.0
interface vlan 13
name Management
ip address 10.0.13.1 255.255.255.0
interface vlan 14
name Public
ip address 10.0.14.1 255.255.255.0
interface vlan 15
name Private
ip address 10.0.15.1 255.255.255.0
interface vlan 20
name Storage
ip address 10.0.20.1 255.255.255.0
interface gigabitethernet3
switchport mode access
switchport access vlan 12
interface gigabitethernet4
switchport mode access
switchport access vlan 12
interface gigabitethernet5
switchport mode access
switchport access vlan 20
interface gigabitethernet6
switchport mode access
switchport access vlan 20
interface gigabitethernet7
switchport trunk allowed vlan add 13-15
interface gigabitethernet8
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
interface gigabitethernet9
switchport trunk allowed vlan add 13-15
interface gigabitethernet10
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
interface gigabitethernet11
switchport trunk allowed vlan add 13-15
interface gigabitethernet12
switchport trunk allowed vlan add 13,20
switchport trunk native vlan 12
interface gigabitethernet13
switchport mode access
switchport access vlan 12
interface gigabitethernet14
switchport mode access
switchport access vlan 12
interface gigabitethernet15
switchport mode access
switchport access vlan 12
interface gigabitethernet16
switchport mode access
switchport access vlan 12
interface gigabitethernet17
switchport mode access
switchport access vlan 12
interface gigabitethernet18
switchport mode access
switchport access vlan 12
interface gigabitethernet19
switchport mode access
switchport access vlan 12
interface gigabitethernet20
switchport mode access
switchport access vlan 12
exit
ip default-gateway 192.168.1.1
prcswitch01#Hi Aleksandra,
Im still having issues with my setup. The servers I have connected have VLAN tagging enabled
Previously I had my esxi server connected via two nics with ports configured on my Layer 3 switch prcswitch01 as follows
Port 1 Trunk VLAN 13-15
Port 2 Trunk VLAN 13,20
My NAS was configured on a single port on VLAN20
The ESXI server can only have a single gateway which is used by both interfaces
~ # esxcli network ip route ipv4 list
Network Netmask Gateway Interface Source
default 0.0.0.0 10.0.13.1 vmk0 MANUAL
10.0.13.0 255.255.255.0 0.0.0.0 vmk0 MANUAL
10.0.20.0 255.255.255.0 0.0.0.0 vmk1 MANUAL
Traffic was being passed from VLAN13 to VLAN20 to allow connectivity to the NAS on the ESXi server
This no longer seems to be happening on my Layer 2 switch.
I have configured the ports the same as previously setup on the Layer 3 switch.
When I have the esxi server connected I can reach the server on 10.0.13.11 but the server cannot ping the NAS on 10.0.20.196
Hope that makes sense, I’m confused about setting this new switch up. Should I configure it as Layer 3 and setup interfaces for the various VLANS. I was under the impression this would be done by my first switch.
Thanks
Paul -
This is an opportunity to learn and ask more questions about Cisco Trustsec solution. The Trustsec solution is designed to flatten the network regardless of the access method but still provide fully distributed and differentiated access control no matter whether you are coming from wired or WiFi or remote access, the Trustsec solution provides a consistent access control policy.
Ankur Bajaj is a customer support engineer from the AAA team at the Cisco Technical Assistance Center in Richardson, Texas, USA. He has 14 years of total experience. He has worked on a wide range of Cisco Security Technologies such as Cisco ASA, VPN deployments, NAC solution, ACS and ISE deployment. Ankur has CCIE # 22135 in Security.
Mrinal Jaiswal has been with Cisco since 2007 with previous experience as a software developer. He works with AAA and Wireless Technical Assistance. Mrinal holds a CCIE in security #31389, MCSA in 2003 track, MCAD in .net, GNIIT from NIIT.
Beau Wallace is an engineer for the RTP AAA TAC team, supporting multiple solutions including ISE, TrustSec, 802.1x, ACS, NAC, etc. He attended East Carolina University and lives in Raleigh, NC. He holds CCNP, RHCSA, and Security+ Certifications
This Discussion starts Dec 16th through Dec 19th, 2014
Remember to use the rating system to let the exerts know if you have received an adequate response.
The experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Security community, sub-community, AAA, Identity and NAC discussion forum shortly after the event. This event lasts through December 19, 2014. Visit this forum often to view responses to your questions and the questions of other community members.Hi Marvin, first, you would want to ensure the router or switch you use has support for SG-ACLs and enforcement via:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/trustsec_matrix.html
One you know that works, you can configure SG-ACLs with a source or destination on "unknown". This keyword indicates traffic where we cannot discover what SGT should be assigned to that traffic, or in other words, outside the trustsec domain. We use a relatively common command-set on enforcement supporting platforms, take a look at the following link for command syntax:
http://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sgacl_config.html
Let me know if the unknown tag was what you were looking for!
Edits: Spelling. -
Cisco VXC 6215 / cannot configure AutoConnect for VMware View
Hello Experts,
I'm working on Cisco VDI Project for a customer. We're using Cisco VXC 6125 thin clients.
I'm trying to configure AutoConnect=yes for VMware View client , so the clients will autostart when the client boots. but with the yes option, i cannot see the VMware View icon on desktop or in the connection manager ... returning to the default configuration everything is fine " i can see the view client icon on the desktop". I'm doing anything wrong ?
below is my configuration I'm trying to push:
CONNECT=VMWARE_VIEWCLIENT \
Description="VMview" \
Host=x.x.x.x.x \
UseSSL=yes
DomainName=xxxx \
Username= Administrator \
Password= Password \
DesktopSize=1600x900 \
Desktopsize=largewindow
FullScreen=no
Interactive=no
Ping=yes \
LocalCopy=no
DeskColor=#ffffff
Desktop=logo.jpg Layout=Scale Opacity=100
ScreenSaver=180 LockTerminal=no Image=logo.jpg Layout=scaled
Timeserver=197.16.247.11
TimeZone="Asia/Riyadh87" ManualOverride=true \
RemoveAddons= BROWSER \
Thanks in advance,
MohammadHello
i have the same problem, do you get this working? -
Cisco Works "Devices not configured in ACS"
Hi!
I have instaled Cisco Works ver. 4.3.1
I have added using the Device Discovery, my devices. Some of them where not configured already on ACS with the loopback address, that was the one on the discovery configurations. Because of that, i could not manage those devices, althoug i could authenticate on them. I then updated the ACS with the loopback address, and configured the router's to authenticate using the source-interface of the loopback.
The problem is that i keep not being able to manage this devices on the cworks, because the are still as "Devices not configured in ACS".
Can anyone help me here?
Regard's
Miguel AmaralHi,
This happens, when you integrate the ciscoworks with ACS and Router/switches not configured with ACS. Try to reconfigure the device in ACS, try removing and adding it again in common services...Try for a single device and check it out... Try stopping/starting cw services after that // net stop crmdmgtd, net start crmdmgtd. Revert with the results..
Maybe you are looking for
-
MacBook Pro - iMac as second screen
Hi everybody, I was wondering if I could connect my MacBook Pro to a iMac so that I can use the iMac as a second screen? I read something about a firewire cable... Thanks in advance
-
On startup Apple TV tells me that I am NOT connected to a network. Settings says I am.
I have two Apple TV units. Until the last couple of weeks they have both worked fine. No hardware has changed but now they both have the same problem. On startup Apple TV tells me that I am NOT connected to a network. Settings says I am. Both the
-
Elements 6 Freezes with RAW images
I am about at my wits end here. My computer is about 3 years old, but has all the required minimum's necessary to run Elements. I've never had a problem with it until recently when I started shooting in RAW. Elements will show images imported as b
-
In updating my iphone 5 for the new software ios6. An error occurred and now is asking me to restore settings. But I don't want torestore setting causing not all of my recent data has been synced and I don't want to lose my data. How can I undo thi
-
Plotimages property node of XY-Graph
hi guys,,, Could u guys plz figure out my problem? I use Plotimages property node of XY-graph to make the maker as picture attached. At first, I selected Plotimages.front ,so my graph is behind of the maker no1. but my point is I want the graph is o