Cisco VSS1440 unique configuration.
I have a unique predicament, I have been tasked to become the subject matter expert on the VSS1440. Our network is very A-typical.
I need to implement VSS with our two existing 6500s with connections to major network nodes but also individual work stations.
The number of work stations excedes the 512 MEC availability, but we are not worried about redundancy to these individual work stations.
Is there a way i can have the major network nodes connect to the vss with MECs and have the work stations connect to either individual chassis
as a typical link as not to use the limited MECs?
IMHO, this is not the way to test the feature. Just erase the NVRAM configuration and see how does it respond
Regards
Farrukh
Similar Messages
-
Hi,
I have configured cisco ASA 5505 but I can't get access to internet using my laptop connected to the ASA. I did not use the console but the graphical interface for the configuration. I changed the inside adress of the ASA and it is 192.168.2.1. From the inside I can't ping the material in outside and from outside I can't ping the laptop connected to the ASA.
Here is my configuration:
Result of the command: "show running-config"
: Saved
ASA Version 8.2(5)
hostname xxxxxxxxxxxxxxxxx
domain-name xxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxxxxxxxx encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.48 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name processia.com
access-list outside_access_in extended permit ip any any
access-list icmp_out_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ipv6 access-list outside_access_ipv6_in permit ip any any
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group icmp_out_in in interface outside
access-group outside_access_ipv6_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.2.2-192.168.2.129 inside
dhcpd dns 80.10.246.2 80.10.246.129 interface inside
dhcpd ping_timeout 5000 interface inside
dhcpd domain xxxxxxxxxxxxxxxxx interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
policy-map global_policy
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:7e6f35db321b722ca60009b0c0dc706e
: end
Thank you for your helpHi Sylla,
The static route you have configured for Internet access needs to be corrected:
route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.
-Mike -
Cisco ASA 5505 Configurations. Help... Beyond Frustrated
Hello All,
I'm fairly new to Cisco products and Network management in general. At my place of employment, I was hired as an IT Tech- Repair and Building computers, most aspects of Physical networking, and software refresh/upgrades as well as solving compatibility issues among a plethora of other things. I've configured APs, a couple Catalyst switches, a router or two, and that is about the breadth of my Cisco knowledge. I was kind of thrown into a project which is to update the current inventory of computers which all run Windows XP Professional. We are making a capital purchase of 20 Laptops and 40 Desktops all of which will run Windows 7. This means the outdated PIX they were using is now useless. I purchased a Cisco ASA 5505 (Version 8.2(1)) because it is compatible with Windows XP and Windows 7. I have spent several days and sleepless nights trying to figure out how to configure this thing. I was hoping to use SSL for the VPN. I did some basic configurations just to get started but like I said, I have no real experience with Adaptive Security Appliances and I am so frustrated right now. I tried using the Wizard to no avail. I did a write erase using CLI and tried to configure that way but I'm doing something wrong as far as I can tell. The configurations were mostly pulled from here, the Cisco Community, and a couple other web sites.
I’m connecting the ASA 5505 to a cable modem (gateway 24.39.245.33) and to our Netvanta for VPN purposes. Here are the commands/what I have configured so far:
hostname AMDASA
domain-name asa.(mydomain).com
enable password (encrypted)
passwd (encrypted)
interface Ethernet0/0
description TWCoutside
switchport access vlan 2
no shutdown
write mem
exit
interface Ethernet0/1
description Port1inside
switchport access vlan 1
no shutdown
write mem
exit
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.250 255.255.255.0
write mem
exit
interface Vlan2
nameif outside
security-level 0
ip address 24.39.245.36 255.255.255.240
write mem
exit
object-group icmp-type DefaultICMP
description Default ICMP Types permitted
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
write mem
exit
ftp mode passive
write mem
clock timezone EST -5
clock summer-time EDT recurring
write mem
exit
dns server-group DefaultDNS
domain-name asa.adcmotors.com
write mem
exit
access-list acl_outside extended permit icmp any any object-group DefaultICMP
access-group acl_outside in interface outside
access-list acl_inside extended permit icmp any any object-group DefaultICMP
access-group acl_inside in interface inside
write mem
exit
write mem
That is the extent of the configurations I made via CLI. I don't know how to set the DNS lookup from a static port and I have no idea what else I'm supposed to do after the above configurations I have done. Is there a place to actually obtain ALL of the configurations needed to VPN in? Is there an easier way to make this thing work? I've seriously grown a patch of gray hair because of this device. Please help me if you can!!!!!!Hi our desperate friend .
First I would suggest to use the Cisco VPN client instead of SSL VPN (AnyConnect). The configuration is a bit simpler and for the SSL VPN you would need to install the client on the ASA and purchase additional license if you plan to have more than 2 clients. The VPN Client usually comes with the ASA. If you dont have it or dont have access to download it from cisco.com go to the person from which you purchased your ASA and ask him how to get it.
That said, I also think that your ASA lacks of some basic configuration as of now. If you are planning to use this in replacement for your current PIX. You would need to configure a default route and some basic NAT:
route outside 0.0.0.0 0.0.0.0 24.39.245.33
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0
Now regarding the VPN Client configuration you would need to something like this:
Create an isakmp policy:
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
Create a couple of ACLs that we will use later:
access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list split_tun standard permit 192.168.0.0 255.255.255.0
Create a Pool for the VPN Clients to use:
ip local pool TestPool 192.168.100.1-192.168.100.20 mask 255.255.255.0
Create a Group Policy:
group-policy TEST internal
group-policy TEST attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tun
Create a group:
tunnel-group TEST type ipsec-ra
tunnel-group TEST general-attributes
address-pool TestPool
authentication-server-group ABTVPN
default-group-policy TEST
tunnel-group TEST ipsec-attributes
pre-shared-key cisco123
Create crypto map and do a NAT 0:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface outside
nat (inside) 0 access-l nonat
Finally create a user that you will use to connect:
username test password test123
Then you would need to configure your VPN Client to connect with the ASA.
Here is a config Example of VPN clients to the ASA. It uses an external server for the authentication but just skip those parts. For the initial config you might want to keep the authentication local.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
I hope this helps. Feel free to ask if you have any questions. Also it would very usefull if you could upload the current config (show run) of the ASA in case you need to ask something else.
Have fun.
Raga -
Cisco Wireless AP configuration as DHCP
I have 10 Cisco 1242 wireless Ap in my Office. 04 of them will be relocated in a different place where we dont have any DHCP server. I would like to configure those AP's as DHCP provider for their associated clients.
Is it possible I know but I dont know how to accomplish that.
Is there anyone who can answer this? If yes please let me know this from which option CLI or Web view I can configure those AP's?
Regards,
Sayeed.Hi,
Here is the link which tells us how to accomplish the task.. But make sure.. the IP addresses will be leased by the AP in the management ip subnet only.. please check the below doc before implementing..
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_21a_JA1/configuration/guide/scg12421aJA1-chap5-admin.html#wp1090319
Lemme know if this answered your question!!
Regards
Surendra -
Hi Team
we brought new Cisco sns-3415 ACS configuration somebody please help to configure this on first time. I am simply first time on this device so I look forward first level configuration guide. find below the configuration details.
SNS-3415-K9
Small Secure Network Server for ISE NAC & ACS Applications
CON-SNT-SNS3415
SMARTNET 8X5XNBD Small Secure Network
CSACS-3415-K9
ACS application & BASE license for SNS-3415-K9 appliance
CSACS-5-BASE-LIC
Cisco Secure ACS 5 Base License
CSACS-ACCYKIT
Accessory Kit for Access Control System SW on 3415-appliance
SFS-250V-10A-ID
SFS Power Cord - 250V 10A India
SNS-4GBSR-1X041RY
4GB 1600 Mhz Memory Module
SNS-600GB-HDD
600 GB Hard Disk Drive
SNS-650W-PSU
650W power supply for C-series rack servers + cord (configur
SNS-CPU-2609-E5
2.4 GHz E5-2609/80W 4C/10MB Cache/DDR3 1600MHz
SNS-N2XX-ABPCI01
Broadcom 5709 Dual Port 10/100/1Gb NIC w/TOE iSCSI
SNS-RAID-ROM5
Embedded SW RAID 0/1/10 8 ports SAS/SATA
SNS-UCS-TPM
Trusted Platform Module for UCS servers
Thanks
Sreejesh Scheck Cisco how to guides for step by step configuration just follow the instruction and you can easily configure the setup also when you first open the ISE there is an option for express setup (Auto config) but i would suggest for the guide (link given below)
https://www.cisco.com/en/go/trustsec.
**********Do rate Helpful posts************************ -
Cisco ISE managing configuration
Is there a built-in mechansim for revision control in Cisco ISE? If not built-in, then what is the other way? I have been trying to look for documentation online but didn't find any.
Just to explain what I am looking for:
A way to properly manage all the configuration changes to ISE node. Changes are usually identified by a number or letter code, termed the "revision number". For example, an initial set of files is "revision 1". When the first change is made, the resulting set is "revision 2", and so on. Each revision is associated with a timestamp and the person making the change. Revisions can be compared, restored, and with some types of files, merged.
I ask this because "show run" output in ISE CLI does not give all the configuration details. How can we maintain the history of configurations?
PS: I rate useful posts
Thanks,
KashishThere is not a way to track which version a specific ISE configuration is on. The ADE-OS configuration, or cli configuration typically is static once the repositories, dns info...etc is all set and done. For the application database you can setup a timer where an automatic backup is generated, from there you can manage what dates a backup is good for.
Thanks,
Tarik Admani
*Please rate helpful posts* -
Cisco ISE log configuration commands enetered on routers
Hello,
I am trying to migrate from Cisco ACS to ISE.
I want to log configuration commands entered on routers.
I have configured the routers to send accounting radius to ISE but ISE sees the messages as:
"22003 Missing attribute for authentication
11014 RADIUS packet contains invalid attribute(s)"
Can I configure ISE to receive radius accounting messages ?
Is there another way to configure ISE to log configuration commands ?
Another way would be to send syslog messages using the archive configuration on routers, but I cannot find the syslog mesages on ISE.
Regards,
BogdanYou should post your question on the AAA forum
https://supportforums.cisco.com/community/netpro/security/aaa
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Re: Help on Cisco UC 520 Configuration
Dear All,
I am new to UC 520 Call Manager Express and Cisco Unity Express. I would like help in solving the following problems encountered during the config of the latter:
1. Call Transfer
- When I transfer a call, I need to know if the other person to whom the call will be transferred is available or not,
- if possible i should be able to put the current person on hold and call the other person and see if he is available or not before doing the transfer
- if ever a call is being transferred and the other person is busy or unavailable, the call should be reverted back or forwarded to another number instead of going to voicemail.
2. Configuring phones for call conferencing.
Please note the following details:
Unity Express Version being used: 3.0
Thanks in advanceHi
1. In order to get transfers working the way you like, ensure you create ephone-dns as 'dual-line' - this allows one call to be on hold whilst a 'transfer' call is made outbound. Also ensure transfer-system full-consult is configured under 'telephony-service' mode. Basically transfers then are two-step - whilst on a call, hit transfer then dial the target extension. If they answer, announce the caller and hit 'transfer' again, or hit 'end call' to go back to the original caller.
2. You can enable three-party conferences by setting 'max-conferences' under telephony-service. It works the same way as transfer; hit 'Confrn' to start whilst on a call, dial another phone, and then when they answer Confrn again to set up the conference.
Regards
Aaron
Please rate helpful posts.. -
Cisco WLC 2125 configuration help
So in a nutshell, from My computer I can ping all VLANS - everything seems to in workding order.
when telnet to the HP 5406zl core routing switch I can ping all VLANs and other parts of the network
But when logged into the Cisco wireless Lan Controller I cant ping VLAN 108 gateway IP (172.24.156.2 ) from the neighbour switch or other services on this VLAN
for example cant ping the DHCP on this vlan from WLC.
The neighbour switch can ping IP of the management interface created on the WLC
WLC cant ping VLAN 108
WLC can ping all other VLAN 102,104,106
Not sure where the problem is ??
Configure Dynamic Interfaces on the WLC for the Guest and Internal Users - DONE
Create WLANs for the Guest and Internal Users - DONE
Configure the 5406zl Layer 2/3 Switch Port that Connects to the WLC as Trunk Port allowing the relevant vlans i.e. management vlan, vlan 102 and Vlan 108 - DONE
Configure the Switch Port that Connects to the AP to VLAN 102 - DONE
configure virtual interface IP 1.1.1.1 - DONE
Configure the Router for the WLANs - DONE
LAP is registered to the WLC - DONE
WLAN and SSID broadcast - OKNot at present it is not, the port on the 5406zl that the WLC is connected was setup as a trunk group and All VLAN tagged. When I tried this I lost all connectivity to the WLC. Is there something on the WLC that need changing also?.
-
Cisco Standalone AP configuration
Hi All,
Ap 1600 radios are automatically disabled if i configure WEP for Shared authentication.What can be the issue..?See whether your configurations is done correctly. Below documents may helps you
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080c1e263.shtml
As you know this is not a good security mechanism & you should not configure it unless client only supporting WEP
HTH
Rasika
**** Pls rate all useful responses **** -
Hi All,
I am trying to find the guide on how to configure the SSO for the two supervisor engines. I am trying to recall if secondary ip addresses were required for the secondary supervisor for the SSO to work. Can someone guide me on this?Hi,
There is no need for any secondary IP address. When one sup fails, the back up sup will take over all the functionally of the primary sup.
here is the configs:
make sure you have the same exact IOS in both sups.
Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# redundancy
Router(config-red)# mode sso
Router(config-red)# end
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/nsfsso.html#wp1119694
HTH -
Cisco 6506 Netflow configuration
I configured netflow to capture data received by vlan 950.
vlan 950 has an ip 10.198.0.12. But the output is capturing only packets with source ip of this subnet only.
why is it not showing any traffic received from outside? or sent to outside hosts?Hi Rafael,
you need an Assurance License for that feature to work
check the below link:
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-714720.html
Thanks-
Afroz
[Do rate the useful post] -
Cisco 3640 cant configure voice-ports
I've an cisco 3640 with a VWIC-2MFT-E1 network module. Can anybody tell me why i cant configure any voice-port? without able to configure voice-port, i cant assign any port for my "dial-peer voice xx pots". Anybody has any solution?
what im trying to do is sending voice data traffic to 192.168.10.1
controller E1 1/0
framing NO-CRC4
clock source line primary
channel-group 0 timeslots 1-31
interface Serial1/0:0
bandwidth 2048
ip address 192.168.10.2 255.255.255.252
ip mtu 300
encapsulation ppp
no ip route-cache
no fair-queue
no cdp enable
dial-peer voice 777 pots
destination-pattern 77T
no digit-strip
direct-inward-dial
forward-digits allI've only got this from my controller E1
Vertigo(config-controller)#?
Controller configuration commands:
channel-group Specify the timeslots to channel-group mapping for an
interface
clock Specify the clock source for a DS1 link
default Set a command to its defaults
description Controller specific description
detect Enable detection of loopback request
exit Exit from controller configuration mode
framing Specify the type of Framing on a E1 link
guard-timer Guard timer (0-20) for xcsp calls - timer duration and
accept/reject on expiry
help Description of the interactive help system
line-termination Specify the line termination for E1
linecode Specify the line encoding method for a E1 link
loopback Put the entire E1 line into loopback
mode Configure the controller mode
no Negate a command or set its defaults
shutdown Shut down a E1 link (send Blue Alarm)
tdm-group Configure DS0 group for TDM
Do i need DSP for the voice-ports? Please guide me on what more module i need to get. Thanks!!
https://supportforums.cisco.com/message/3022639;jsessionid=AF45FBC0DDB8636D70F9B526A367016F.node0 -
Cisco Networking Assistant Configuration Archive
Is there a way to use a back up from one switch, say a 3750G, and restore it to another 3750G? Also, is there a way of editing the archived configuration so that I could change something small like the IP address? This would allow me to writhe the configuration once, and then restore it to multiple, identical sswitches.
No, there's not any supported way to do what you're asking with CNA. Its configuration options are pretty limited - modify port configurations on a discovered community member and upgrade software.
The sort of thing you're looking to do is more of a feature built into Cisco Prime LMS (currently), Prime Infrastructure (2.0 - out next month), or by using Smart Install. -
Cisco Access Point Configuration to support 802.11b & 802.11g protocol
How do i Configure access point to support both 802.11b & 802.11g clients on a Cisco 1121G series access point(AIR-AP1121G-A-K9)
Regards
HiteshHi Hitesh,
Check out this excerpt from the 1121g AP Installation guide section on enabling the 802.11b and 802.11g radios.
In Cisco IOS Release 12.3(4)JA and later, the access point radios are disabled by default, and there is no default SSID. You must create an SSID and enable the radios before the access point will allow wireless associations from other devices. These changes to the default configuration improve the security of newly installed access points. Refer to the "Configuring Basic Security Settings" section for instructions on configuring the SSID.
In Cisco IOS Release 12.3(2)JA or earlier, the access point radio is enabled by default, and the default SSID is tsunami.
To enable the radio interfaces, follow these instructions:
Step 1 Use your web-browser to access your access point.
Step 2 When the Summary Status page displays, click Network Interfaces > Radio0-802.11B or Radio0-802.11G and the radio status page displays.
Step 3 Click Settings and the radio settings page displays
Step 4 Click Enable in the Enable Radio field.
Step 5 Click Apply.
Here is a link to the actual document:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_installation_guide_chapter09186a00804d2b73.html
Hope this helps!
Rob
Please remember to rate helpful posts....
Maybe you are looking for
-
Use 1 itunes library for multiple user accounts
Is there a way to use 1 library for multi-user accounts on mac osx? I have 4 iphones and was previously using the main account only. I'm getting tired of having everyones contact lists downloaded into my main phone. I can't seem to figure out how to
-
Use data from a frame to another
Hi, I would like use the data from my first frame in DataPanelCli in my second frame StruCliBox. BUT when I writte text in my first frame, and I use the button structcli in the ButtonPanelCli, it is always blank in my second frame. What have I to do.
-
Export from 10.2.0.4, import into 10.2.0.1
Hi all, I'm very new to oracle so forgive if there are any part of infomation that I left out. My test system: Windows Server 2003 Standard 32bit Oracle 10g: version 10.2.0.1 For 2 days, I have been trying to restore a database into 10.2.0.1 but keep
-
Sorry Server redirect to HTML file hosted on ACE
Is there any possibility to have the ACE return a simple HTML file when all servers in the serverfarm fails and the backup serverfarm gets traffic?
-
Hi, this is going to be the most idiotic thing ever attempted by anyone.. Last night I was going restore my laptop to it's factory setting, but for some reason I wanted to experiment and I installed the UNIX File System, I think it was. The computer