Cisco VSS1440 unique configuration.

Similar Messages

• Cisco ASA 5505 configuration

  Hi,
  I have configured cisco ASA 5505 but I can't get access to internet using my laptop connected to the ASA. I did not use the console but the graphical interface for the configuration. I changed the inside adress of the ASA and it is 192.168.2.1. From the inside I can't ping the material in outside and from outside I can't ping the laptop connected to the ASA.
  Here is my configuration:
  Result of the command: "show running-config"
  : Saved
  ASA Version 8.2(5)
  hostname xxxxxxxxxxxxxxxxx
  domain-name xxxxxxxxxxxxxxxxxxx
  enable password xxxxxxxxxxxxxx encrypted
  passwd xxxxxxxxxxxxxxxxxxxx encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 192.168.1.48 255.255.255.0
  ftp mode passive
  dns server-group DefaultDNS
  domain-name processia.com
  access-list outside_access_in extended permit ip any any
  access-list icmp_out_in extended permit icmp any any
  access-list inside_access_in extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ipv6 access-list outside_access_ipv6_in permit ip any any
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group inside_access_in in interface inside
  access-group icmp_out_in in interface outside
  access-group outside_access_ipv6_in in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.2.2-192.168.2.129 inside
  dhcpd dns 80.10.246.2 80.10.246.129 interface inside
  dhcpd ping_timeout 5000 interface inside
  dhcpd domain xxxxxxxxxxxxxxxxx interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  policy-map global_policy
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:7e6f35db321b722ca60009b0c0dc706e
  : end
  Thank you for your help

  Hi Sylla,
  The static route you have configured for Internet access needs to be corrected:
  route outside 0.0.0.0 0.0.0.0 192.168.1.48 1
  The next hop address should be your ISP's gateway IP address and not the ASA's outside interface IP. Currently, both are configured for 192.168.1.48.
  -Mike

• Cisco ASA 5505 Configurations. Help... Beyond Frustrated

  Hello All,
  I'm fairly new to Cisco products and Network management in general. At my place of employment, I was hired as an IT Tech- Repair and Building computers, most aspects of Physical networking, and software refresh/upgrades as well as solving compatibility issues among a plethora of other things. I've configured APs, a couple Catalyst switches, a router or two, and that is about the breadth of my Cisco knowledge. I was kind of thrown into a project which is to update the current inventory of computers which all run Windows XP Professional. We are making a capital purchase of 20 Laptops and 40 Desktops all of which will run Windows 7. This means the outdated PIX they were using is now useless. I purchased a Cisco ASA 5505 (Version 8.2(1)) because it is compatible with Windows XP and Windows 7. I have spent several days and sleepless nights trying to figure out how to configure this thing. I was hoping to use SSL for the VPN. I did some basic configurations just to get started but like I said, I have no real experience with Adaptive Security Appliances and I am so frustrated right now. I tried using the Wizard to no avail. I did a write erase using CLI and tried to configure that way but I'm doing something wrong as far as I can tell. The configurations were mostly pulled from here, the Cisco Community, and a couple other web sites.
  I’m connecting the ASA 5505 to a cable modem (gateway 24.39.245.33) and to our Netvanta for VPN purposes. Here are the commands/what I have configured so far:
  hostname AMDASA
  domain-name asa.(mydomain).com
  enable password (encrypted)
  passwd (encrypted)
  interface Ethernet0/0
  description TWCoutside
  switchport access vlan 2
  no shutdown
  write mem
  exit
  interface Ethernet0/1
  description Port1inside
  switchport access vlan 1
  no shutdown
  write mem
  exit
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.0.250 255.255.255.0
  write mem
  exit
  interface Vlan2
  nameif outside
  security-level 0
  ip address 24.39.245.36 255.255.255.240
  write mem
  exit
  object-group icmp-type DefaultICMP
  description Default ICMP Types permitted
  icmp-object echo-reply
  icmp-object unreachable
  icmp-object time-exceeded
  write mem
  exit
  ftp mode passive
  write mem
  clock timezone EST -5
  clock summer-time EDT recurring
  write mem
  exit
  dns server-group DefaultDNS
  domain-name asa.adcmotors.com
  write mem
  exit
  access-list acl_outside extended permit icmp any any object-group DefaultICMP
  access-group acl_outside in interface outside
  access-list acl_inside extended permit icmp any any object-group DefaultICMP
  access-group acl_inside in interface inside
  write mem
  exit
  write mem
  That is the extent of the configurations I made via CLI. I don't know how to set the DNS lookup from a static port and I have no idea what else I'm supposed to do after the above configurations I have done. Is there a place to actually obtain ALL of the configurations needed to VPN in? Is there an easier way to make this thing work? I've seriously grown a patch of gray hair because of this device. Please help me if you can!!!!!!

  Hi our desperate friend .
  First I would suggest to use the Cisco VPN client instead of SSL VPN (AnyConnect). The configuration is a bit simpler and for the SSL VPN you would need to install the client on the ASA and purchase additional license if you plan to have more than 2 clients. The VPN Client usually comes with the ASA. If you dont have it or dont have access to download it from cisco.com go to the person from which you purchased your ASA and ask him how to get it.
  That said, I also think that your ASA lacks of some basic configuration as of now.  If you are planning to use this in replacement for your current PIX. You would need to configure a default route and some basic NAT:
  route outside 0.0.0.0 0.0.0.0 24.39.245.33
  global (outside) 1 interface
  nat (inside) 1 192.168.0.0  255.255.255.0
  Now regarding the VPN Client configuration you would need to something like this:
  Create an isakmp policy:
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha    
  group 2
  lifetime 86400
  Create a couple of ACLs that we will use later:
  access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list split_tun standard permit 192.168.0.0 255.255.255.0
  Create a Pool for the VPN Clients to use:
  ip local pool TestPool 192.168.100.1-192.168.100.20 mask 255.255.255.0
  Create a Group Policy:
  group-policy TEST internal
  group-policy TEST attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split_tun
  Create a group:
  tunnel-group TEST type ipsec-ra
  tunnel-group TEST general-attributes
  address-pool TestPool
  authentication-server-group ABTVPN
  default-group-policy TEST
  tunnel-group TEST ipsec-attributes
  pre-shared-key cisco123
  Create crypto map and do a NAT 0:
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map Outside_dyn_map 10 set transform-set ESP-3DES-SHA
  crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map
  crypto map Outside_map interface outside
  nat (inside) 0 access-l nonat
  Finally create a user that you will use to connect:
  username test password test123
  Then you would need to configure your VPN Client to connect with the ASA.
  Here is a config Example of VPN clients to the ASA. It uses an external server for the authentication but just skip those parts. For the initial config you might want to keep the authentication local.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
  I hope this helps. Feel free to ask if you have any questions. Also it would very usefull if you could upload the current config (show run) of the ASA in case you need to ask something else.
  Have fun.
  Raga

• Cisco Wireless AP configuration as DHCP

  I have 10 Cisco 1242 wireless Ap in my Office. 04 of them will be relocated in a different place where we dont have any DHCP server. I would like to configure those AP's as DHCP provider for their associated clients.
  Is it possible I know but I dont know how to accomplish that.
  Is there anyone who can answer this? If yes please let me know this from which option CLI or Web view I can configure those AP's?
  Regards,
  Sayeed.

  Hi,
  Here is the link which tells us how to accomplish  the task.. But make sure.. the IP addresses will be leased by the AP in the management ip subnet only.. please check the below doc before implementing..
  http://www.cisco.com/en/US/docs/wireless/access_point/12.4_21a_JA1/configuration/guide/scg12421aJA1-chap5-admin.html#wp1090319
  Lemme know if this answered your question!!
  Regards
  Surendra

• Cisco sns-3415 configuration

  Hi Team
  we brought new Cisco sns-3415 ACS configuration somebody please help to configure this on first time. I am simply first time on this device so I look forward first level configuration guide. find below the configuration details.
  SNS-3415-K9
  Small Secure Network Server for ISE  NAC  & ACS Applications
  CON-SNT-SNS3415
  SMARTNET 8X5XNBD Small Secure Network
  CSACS-3415-K9
  ACS application & BASE license for SNS-3415-K9 appliance
  CSACS-5-BASE-LIC
  Cisco Secure ACS 5 Base License
  CSACS-ACCYKIT
  Accessory Kit for Access Control System SW on 3415-appliance
  SFS-250V-10A-ID
  SFS Power Cord - 250V 10A  India
  SNS-4GBSR-1X041RY
  4GB 1600 Mhz Memory Module
  SNS-600GB-HDD
  600 GB Hard Disk Drive
  SNS-650W-PSU
  650W power supply for C-series rack servers + cord (configur
  SNS-CPU-2609-E5
  2.4 GHz E5-2609/80W 4C/10MB Cache/DDR3 1600MHz
  SNS-N2XX-ABPCI01
  Broadcom 5709 Dual Port 10/100/1Gb NIC w/TOE iSCSI
  SNS-RAID-ROM5
  Embedded SW RAID 0/1/10 8 ports SAS/SATA
  SNS-UCS-TPM
  Trusted Platform Module for UCS servers
  Thanks
  Sreejesh S

  check Cisco how to guides for step by step configuration just follow the instruction and you can easily  configure the setup also when you first open the ISE there is an option for express setup (Auto config) but i would suggest for the guide (link given below)
  https://www.cisco.com/en/go/trustsec.
  **********Do rate Helpful posts************************

• Cisco ISE managing configuration

  Is there a built-in mechansim for revision control in Cisco ISE? If not built-in, then what is the other way? I have been trying to look for documentation online but didn't find any.
  Just to explain what I am looking for:
  A way to properly manage all the configuration changes to ISE node.  Changes are  usually identified by a number or letter code, termed the "revision  number". For example, an initial  set of files is "revision 1". When the first change is made, the  resulting set is "revision 2", and so on. Each revision is associated  with a timestamp  and the person making the change. Revisions can be compared, restored, and with some types of files, merged.
  I ask this because "show run" output in ISE CLI does not give all the configuration details. How can we maintain the history of configurations?
  PS: I rate useful posts
  Thanks,
  Kashish

  There is not a way to track which version a specific ISE configuration is on. The ADE-OS configuration, or cli configuration typically is static once the repositories, dns info...etc is all set and done. For the application database you can setup a timer where an automatic backup is generated, from there you can manage what dates a backup is good for.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Cisco ISE log configuration commands enetered on routers

  Hello,
  I am trying to migrate from Cisco ACS to ISE.
  I want to log configuration commands entered on routers.
  I have configured the routers to send accounting radius to ISE but ISE sees the messages as:
  "22003  Missing attribute for authentication
  11014  RADIUS packet contains invalid attribute(s)"
  Can I configure ISE to receive radius accounting messages ?
  Is there another way to configure ISE to log configuration commands ?
  Another way would be to send syslog messages using the archive configuration on routers, but I cannot find the syslog mesages on ISE.
  Regards,
  Bogdan

  You should post your question on the AAA forum
  https://supportforums.cisco.com/community/netpro/security/aaa
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Re: Help on Cisco UC 520 Configuration

  Dear All,
  I am new to UC 520 Call Manager Express and Cisco Unity Express. I would like help in solving the following problems encountered during the config of the latter:
  1. Call Transfer
  - When I transfer a call, I need to know if the other person to whom the call will be transferred is available or not,
  - if possible i should be able to put the current person on hold and call the other person and see if he is available or not before doing the transfer
  - if ever a call is being transferred and the other person is busy or unavailable, the call should be reverted back or forwarded to another number instead of going to voicemail.
  2. Configuring phones for call conferencing.
  Please note the following details:
  Unity Express Version being used: 3.0
  Thanks in advance

  Hi
  1. In order to get transfers working the way you like, ensure you create ephone-dns as 'dual-line' - this allows one call to be on hold whilst a 'transfer' call is made outbound. Also ensure transfer-system full-consult is configured under 'telephony-service' mode. Basically transfers then are two-step - whilst on a call, hit transfer then dial the target extension. If they answer, announce the caller and hit 'transfer' again, or hit 'end call' to go back to the original caller.
  2. You can enable three-party conferences by setting 'max-conferences' under telephony-service. It works the same way as transfer; hit 'Confrn' to start whilst on a call, dial another phone, and then when they answer Confrn again to set up the conference.
  Regards
  Aaron
  Please rate helpful posts..

• Cisco WLC 2125 configuration help

  So in a nutshell, from My computer I can ping all VLANS - everything seems to in workding order.
  when telnet to the HP 5406zl core routing switch I can ping all VLANs and other parts of the network
  But when logged into the Cisco wireless Lan Controller I cant ping VLAN 108 gateway IP (172.24.156.2 ) from the neighbour switch or other services on this VLAN
  for example cant ping the DHCP on this vlan from WLC.
  The neighbour switch can ping IP of the management interface created on the WLC
  WLC cant ping VLAN 108
  WLC can ping all other VLAN 102,104,106
  Not sure where the problem is ??
  Configure Dynamic Interfaces on the WLC for the Guest and Internal Users - DONE
  Create WLANs for the Guest and Internal Users - DONE
  Configure the 5406zl Layer 2/3 Switch Port that Connects to the WLC as Trunk Port allowing the relevant vlans i.e. management vlan, vlan 102 and Vlan 108 - DONE
  Configure the Switch Port that Connects to the AP to VLAN 102 - DONE
  configure virtual interface IP 1.1.1.1 - DONE
  Configure the Router for the WLANs - DONE
  LAP is registered to the WLC - DONE
  WLAN and SSID broadcast - OK

  Not at present it is not, the port on the 5406zl that the WLC is connected was setup as a trunk group and All VLAN tagged.  When I tried this I lost all connectivity to the WLC.  Is there something on the WLC that need changing also?.

• Cisco Standalone AP configuration

  Hi All,
  Ap 1600 radios are automatically disabled if i configure WEP for Shared authentication.What can be the issue..?

  See whether your configurations is done correctly. Below documents may helps you
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080c1e263.shtml
  As you know this is not a good security mechanism & you should not configure it unless client only supporting  WEP
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Cisco 6800 SSO configuration

  Hi All,
  I am trying to find the guide on how to configure the SSO for the two supervisor engines. I am trying to recall if secondary ip addresses were required for the secondary supervisor for the SSO to work. Can someone guide me on this?

  Hi,
  There is no need for any secondary IP address.  When one sup fails, the back up sup will take over all the functionally of the primary sup.
  here is the configs:
  make sure you have the same exact IOS in both sups.
  Router> enable
  Router# configure terminal
  Enter configuration commands, one per line. End with CNTL/Z.
  Router(config)# redundancy
  Router(config-red)# mode sso
  Router(config-red)# end
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/nsfsso.html#wp1119694
  HTH

• Cisco 6506 Netflow configuration

  I configured netflow to capture data received by vlan 950. 
  vlan 950 has an ip 10.198.0.12. But the output is capturing only packets with source ip of this subnet only.
  why is it not showing any traffic received from outside? or sent to outside hosts?

  Hi Rafael,
  you need an Assurance License for that feature to work
  check the below link:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-714720.html
  Thanks-
  Afroz
  [Do rate the useful post]

• Cisco 3640 cant configure voice-ports

  I've an cisco 3640 with a VWIC-2MFT-E1 network module. Can anybody tell me why i cant configure any voice-port? without able to configure voice-port, i cant assign any port for my "dial-peer voice xx pots". Anybody has any solution?
  what im trying to do is sending voice data traffic to 192.168.10.1
  controller E1 1/0
  framing NO-CRC4
  clock source line primary
  channel-group 0 timeslots 1-31
  interface Serial1/0:0
  bandwidth 2048
  ip address 192.168.10.2 255.255.255.252
  ip mtu 300
  encapsulation ppp
  no ip route-cache
  no fair-queue
  no cdp enable
  dial-peer voice 777 pots
  destination-pattern 77T
  no digit-strip
  direct-inward-dial
  forward-digits all

  I've only got this from my controller E1
  Vertigo(config-controller)#?
  Controller configuration commands:
    channel-group     Specify the timeslots to channel-group mapping for an
                      interface
    clock             Specify the clock source for a DS1 link
    default           Set a command to its defaults
    description       Controller specific description
    detect            Enable detection of loopback request
    exit              Exit from controller configuration mode
    framing           Specify the type of Framing on a E1 link
    guard-timer       Guard timer (0-20) for xcsp calls - timer duration and
                      accept/reject on expiry
    help              Description of the interactive help system
    line-termination  Specify the line termination for E1
    linecode          Specify the line encoding method for a E1 link
    loopback          Put the entire E1 line into loopback
    mode              Configure the controller mode
    no                Negate a command or set its defaults
    shutdown          Shut down a E1 link (send Blue Alarm)
    tdm-group         Configure DS0 group for TDM
  Do i need DSP for the voice-ports? Please guide me on what more module i need to get. Thanks!!
  https://supportforums.cisco.com/message/3022639;jsessionid=AF45FBC0DDB8636D70F9B526A367016F.node0

• Cisco Networking Assistant Configuration Archive

  Is there a way to use a back up from one switch, say a 3750G, and restore it to another 3750G?  Also, is there a way of editing the archived configuration so that I could change something small like the IP address?  This would allow me to writhe the configuration once, and then restore it to multiple, identical sswitches.                  

  No, there's not any supported way to do what you're asking with CNA. Its configuration options are pretty limited - modify port configurations on a discovered community member and upgrade software.
  The sort of thing you're looking to do is more of a feature built into Cisco Prime LMS (currently), Prime Infrastructure (2.0 - out next month), or by using Smart Install.

• Cisco Access Point Configuration to support 802.11b & 802.11g protocol

  How do i Configure access point to support both 802.11b & 802.11g clients on a Cisco 1121G series access point(AIR-AP1121G-A-K9)
  Regards
  Hitesh

  Hi Hitesh,
  Check out this excerpt from the 1121g AP Installation guide section on enabling the 802.11b and 802.11g radios.
  In Cisco IOS Release 12.3(4)JA and later, the access point radios are disabled by default, and there is no default SSID. You must create an SSID and enable the radios before the access point will allow wireless associations from other devices. These changes to the default configuration improve the security of newly installed access points. Refer to the "Configuring Basic Security Settings" section for instructions on configuring the SSID.
  In Cisco IOS Release 12.3(2)JA or earlier, the access point radio is enabled by default, and the default SSID is tsunami.
  To enable the radio interfaces, follow these instructions:
  Step 1 Use your web-browser to access your access point.
  Step 2 When the Summary Status page displays, click Network Interfaces > Radio0-802.11B or Radio0-802.11G and the radio status page displays.
  Step 3 Click Settings and the radio settings page displays
  Step 4 Click Enable in the Enable Radio field.
  Step 5 Click Apply.
  Here is a link to the actual document:
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_installation_guide_chapter09186a00804d2b73.html
  Hope this helps!
  Rob
  Please remember to rate helpful posts....