Command to put management Vlan of IDSM-2 in non-default Vlan

Similar Messages

• Linux server(how to save command out put to another file. )

  hi all,
  i have Q ?
  how to save command out put to another file.
  Ex: #ps -ef
  that particular cmd output i need to save another file.
  is it possible ...if possible ..please let me know
  And how to save command history in Linux.

  df -h >> /oracle/output.log
  /oracle -- mount point name
  Regards
  Asif Kabir

• Rpass - Secure, simple, and pluggable command-line password management

  WARNING: this program requires a python version greater than or equal to 3.
  EDIT: Fixed a bunch of bugs that made this unusable, please update!
  EDIT: Added a default configuration file.
  Hi there!
  rpass is a command-line password manager that encrypts any and all credentials you would like to store using gpg's algorithms.
  Gnome and Mac OS both have a universal credential solution, but to my knowledge there is no such generic linux application. Gnome's keyring code is long and personally, I don't trust it as much as the simple system I have in place in rpass - it is transparent and easy to understand, and any possible security holes would be blatantly visible.
  rpass can be used directly from the commandline, typing your master password (gpg passphrase) in every time, but it really shines when gpg-agent and xclip are installed. gpg-agent saves your passphrase for an interval of time, so you only have to authenticate yourself occaisonally, and the powerful search capabilities of rpass (regex-enabled) allow simple and quick account selection.
  Furthermore, with xclip installed passwords NEVER have to be printed onscreen - the first matching entry's password is automatically copied to the clipboard if a search is done with rpass. You can even run rpass from applications like 'dmenu', and although there will be no visible output, if you enter a search term after rpass you will have the password you wanted copied to your clipboard.
  Finally, it can also be easily integrated in other applications -- I use it for my email (mutt) and any script I write that requires a password.
  AUR Link: http://aur.archlinux.org/packages.php?ID=44788
  More detailed documentation and explanation can be found at: https://github.com/rscare/rpass/blob/ma … E.asciidoc (scroll down)
  or with
  $ man rpass
  after installation.
  git repository: git://github.com/rscare/rpass.git
  Please comment on the software and the documentation. Thank you very much for taking the time to try my software.
  Last edited by RedScare (2010-12-27 07:04:44)

  I'm very interested in this. However... on the initial run, pressing enter causes a crash:
  $ rpass
  Need to first create gpg key pair.
  Choose a secure passphrase -- this is going to be your master password.
  Rerun program after key creation.
  WARNING: DO NOT pick a sign-only key type.
  Press [ENTER] when ready.
  Traceback (most recent call last):
  File "/usr/bin/rpass_py_interface", line 80, in <module>
  input("Press [ENTER] when ready.")
  File "<string>", line 0
  ^
  SyntaxError: unexpected EOF while parsing
  I got around this by entering junk and I made my key. After rerunning rpass with the key generated:
  $ rpass
  Traceback (most recent call last):
  File "/usr/bin/rpass_py_interface", line 84, in <module>
  if not(IsRunning(gpg-agent)):
  File "/usr/lib/python2.7/site-packages/rpass.py", line 24, in IsRunning
  plist = [re.match(ppatt, p.strip()).groups()[0] for p in str(proc.communicate()[0], encoding=utf-8).split(n)[1:-1]]
  TypeError: str() takes at most 1 argument (2 given)
  Looks like rpass expects the gpg-agent to be running when it starts.
  edit: rather, it expects the gpg-agent to be running with the key loaded. gpg-agent was already loaded thanks to keychain but without my newly created key known to it.
  Last edited by falconindy (2010-12-26 03:42:28)

• Management and Default VLAN

  Hi All
  I need advice.
  At my former office, we used to have another vlan e.g. vlan 10 for management vlan purpose so that we do not use default VLAN 1 to access the switches which i think is good for security purpose.
  Now how can I convince my present company that it is the best way to go as they have only vlan 1 for management purposes but then use another vlan say vlan 189 for all unused port which alas, they do not keep to, so invariably, we have ports in vlan 1 and 99 and every where
  Is there a doc whereby I can show them why it is best to have a different management vlan from default vlan.?
  Thanks

  Hi, here is a link that gives a little explanation on Precautions for the use of default management vlan.
  Refer to "Precautions for the Use of VLAN 1" section.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp38986

• Bridging FWSM VLAN via IDSM

  I have briged the FWSM VLANs ( named DMZ,DMZ-BRIDGE) via the IDSM. However, on the 'show failover' on FWSM the server VLAN shows as 'No Link/Unknown'. Is it because there is no IP assigned. Is it the right status/configuration. Do I need to assign an IP to the bridged VLAN. Please assist.
  This host: Primary - Active
  Interface DMZ-BRIDGE (0.0.0.0): No Link (Not-Monitored)
  Other host: Secondary - Standby Ready
  Interface DMZ-BRIDGE (0.0.0.0): Unknown (Not-Monitored)

  In most of the data centers IDSM could be a bottleneck due to its 600Mbps(Promiscuous) & 500Mbps(inline) limitation.
  If its placed inline and has no capacity to process new packets then like any other inline device it will start dropping packets.
  In your case you need to know the throughput needed between segments.
  If you are not sure then dont use IDSM in inline mode.
  In promiscouous mode, using VACL you can define traffic to be examined by Sensor using ACLs.
  Although IPS exist at the WAN/Internet Layer, its still desirable to have IPS/IDS at service layer to protect resources from getting compromised.
  When we say bridging vlans using IDSM then we mean IDSM in inline mode. In case of ACE if you want to use IDSM inline then you will bridge server vlan interface of ACE & Actual Server Vlans.
  Vlan X (client vlan) ACE (Server Vlan)Vlan Y IDSM (Real Server Vlan) Vlan Z
  In the above example you will bridge vlan Y & Z.Since you are bridging the two vlans, Same IP address space will be used in the two Vlans.
  Syed

• Wlc management port can't trunk other than native vlan

  Hello,
  Ihave installed my first WLC 5508 with this topology :
  WLC Connected trought distrubtion SFP 1Gb port to Core Switch port configured as Trunk port permetting 3 Wireless VLAN :
  - Management WLC, Wireless Voice and Wireless Data Vlan (native Vlan is management WLAN).
  - I have created 2 dynamic interface on WLC regarding my Wireless VLAN :
  10.7.1.0/24 : Defaut Management Virtual Interface when installing WLC +
  10.7.6.0/24 : Voice Virtual Interface and
  10.7.2.0/24 : Wireless Data Virtual Interface trought GUI.
  DHCP configured on each dynamic interface is the L3 vlan interface for equal VLAN subent for CORE SWITCH contining IP DHCP Pool.
  WLC Management Inerface IP adress is : 10.7.1.10/24
  I Have  create 2 WLAN with SSID named Data  ID 1 & Voice ID2.
  I have create and AP Groupe named APGRP1 containing the AP registered on WLC and using both SSID WLAN.
  Both AP are connected to Switch acess port configured as access port to native management WLC VLAN.
  I have create 3 IP DHCP pool on Core switch with related L3 Interfaces for Inter VLAN routing.
  Problem: when I try to connect from laptop to Data SSID  I get IP Address from management WLC VLAN a non DATA VLAN.
  the same case from Wireless IP Phone configured with Voice SSID.
  What can I modifie that permet to both device to get IP address from the correct VLAN?
  Thnks

  Hi Adil,
  Q1 >> AP access port on the switch must be configured on an Access port mode or trunk mode?
  ANS - The  LWAPP/ CAPWAP APs connected to the switchport should be a Access port not trunk.
  Q2>> if the first case, setting the port on, the same VLAN like WLC Management VLAN will support other WLAN Vlans (voice and data)?
  ANS - Yes it does support, since the traffic which involes the WLAN will be inside the LWAPP/CAPWAP logical tunnel.
  Q3>> I will verify the interface mapping between WLAN and Dynamic Interfaces and i will tell you.
  ANS - I will be waiting for your response!!
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Is there any configuration to put Manager Override in No Receipt button

  Hi,
  Is there any configuration to put Manager Override in No Receipt button in Return option in POS or it has to be a code change?
  Thanks

  There are mainly 2 changes for any manager override.
  1. you have to add function access role for which manager override is required.
  2. Flow change it to take it to security override station.
  Regards
  Saurabh
  [email protected]

• Non vpc vlan

  Hi,
  I have two nexus 7009 in vpc domain.  But some vlans i have which is not vpc vlan and I configured separate two link between two nexus devices as normal port-channel for non vpc vlans.
  as soon as I configured non vpc port-channel and allowed non-vpc vlan into it.  my vlan is showing down in secondary peer switch and hsrp also not foming for non vpc vlan.
  Please help me is there any specific command for non vpc port-channle and non vpc vlan?
  Please help me

  I believe absolutly possible. specifically coz peer-switch and spt pseudo-info are specific and local to cisco fabric services running as part of  vpc technology. Personally me has lab with vpc-domain compounded of 2 N5Ks. They are peer-switches with spt-pseudoinfo and they have MST running on non VPC links independantly from vpc.

• Change Default VLAN on SRW2008P

  I have an SRW2008P switch I am trying to connect to my Layer3 network, which is all CIsco 3560 IOS.  i think the default vlan for cisco is 100 but the default vlan for linksys is 1.  I have port 8 on the SRW2008P connected to my cisco network and have it set as trunk on both sides.  I have the vlan 100 set as untagged on the SRW2008P.  Also, I have my user/mgt vlan 19 set as a tagged interface on the SRW2008P.  Now, when I set the Management VLAN on the SRW2008P to 19, I am not able to communicate with the switch at all from my 3560, no ping, http, etc.   My only idea is that the default vlan on the SRW2008P needs to be 100, not 1, is there a way to change that?  Am I missing some other step? 

  As per Linksys documentation, the default or native VLAN cannot be changed.
  I would prefer setting up one of the ports on the SRW2008P as TRUNK. Create VLAN 100, member ports to VLAN100 including the TRUNK port and check if that would work.
  Hope this helps!

• What steps are needed to untag default vlan to gigabit port on SRW208P

  We have VLAN 1 disabled on our standard Cisco Catalyst switches and use VLAN 11 as our default.  We have recently added VLAN 221 for voice while implementing a new Cisco UC system.  I can't seem to disable VLAN1, however, I have made the default VLAN 11 and Voice VLAN 221.  In VLAN Management, I can untag VLAN 11 (PVID) on all ports but the Gigabit port connecting to the Cisco 6506.  That port always tags VLAN 11 & 221 and untag (PVID) VLAN 1. 
  I have tried making changes to the switch while connected to the switch and when I make the setting, the switch loses connection to the 6506.  If I make the appropriate changes to GI(1) while connected to GI(2), that change takes effect, however, when I move the patch cable to GI(1), the port configuration changes and VLAN 11 becomes tagged and VLAN1 becomes untagged. 
  What is needed to stop this from happening? 

  Hi, I do not support the UC500 model so I can only give information to the switch. The older ESW, SX300 and SX500 series were designed to plug and play to the UC300/500 series for basically zero configuration.
  To my knowledge (which I can be very wrong!!!!!) The UC500 uses vlan 1 data, vlan 100 by default and it usually doesn't deviate this.
  You may disable the smart port and auto voice vlan features, yes. However, this means you need to manually configure your ports or use the telephony OUI features.
  I can outline how to disable the smart port and avoid using auto voice vlan, however, it would be most prudent for you to call the UC500 support to 100% ensure there is not a better way to manage via way of the UC platform.
  If you could please call the SBSC and verify there is nothing better to be done then I would be happy to further assist
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  -Tom

• 802.1x default VLAN

  Hi,
  I am trying to set up 802.1x on a Catalyst 4006 with a Supervisor III module with IOS 12.1(12c)EW1. I am using Cisco Secure ACS 3.0(2) Build 5 for my Radius server. I'm using the Windows 2000 802.1x hotfix for my 802.1x client software. My goal is as follows:
  If USER1 gets authenticated, authorize them to access VLAN 10.
  If USER2 gets authenticated, authorize them to access VLAN 20.
  If someone tries to logon to the network without the 802.1x Client, authorize them to access VLAN 30.
  I have been able to get USER1, and USER2 onto their correct VLANs, but I have been unable to setup a default VLAN for unauthenticated/unauthorized users to be able to access. The only thing I have been able to do is Force Authorization on to VLAN 30 for all users, but then I am unable to assign USER1 or USER2 to their correct VLANS because when I turn on Force Authorization, the switch ignores the client requests for authorization, it just automatically throws them onto VLAN 30.
  The reason I would like to do this is so that we can assign known users onto the VLANS we want them to access, and we want to throw unknown users onto VLAN 30. We want to allow unknown users access to the internet because we have outside venders teaching classes on our campus, and we can't be guarenteed that they will have 802.1x on their laptops, but they will still need to access the internet to teach their classes.
  If more information is needed (how we have the switch configured now) or I have not been very clear in what I need, let me know. Any help would be greatly appreciated.
  Jeremy Zanitsch

  From you question I understand that you want a procedure to authenticate unknown user, may be the following URLs could give you some ideas.
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dea7.html#xtocid2932211
  http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/deacs_wp.htm

• DSEE11g non-default replication manager

  How to specify the non-default replication manager when creating replication agreement using dsconf
  eg.
  #dsconf create-repl-agmt -h host1 -p 1389 dc=example,dc=com host2:1389
  how to specify the non-default replication manager of host2 and password when creating agreement.
  Thanks,

  897640 wrote:
  How to specify the non-default replication manager when creating replication agreement using dsconf
  eg.
  #dsconf create-repl-agmt -h host1 -p 1389 dc=example,dc=com host2:1389
  how to specify the non-default replication manager of host2 and password when creating agreement.
  Thanks,These instructions should get you what you need:
  http://download.oracle.com/docs/cd/E19316-01/820-2763/gdzlf/index.html

• Connect additional switch to existing switch, receiving vlan mismatch, also want to configure same VLAN's

  Hello! I have a network in with a i have a switch stack configured for voice and data. Particularly, both are configured to pass over the same port.
  I want to add a temporary switch (different model) to the network and configure it the same way. In particular, I want to see that I can set up the voice/data VLAN's on this new switch and test to confirm all is working. I need an uplink though back to the original switches so that this new switch can get a proper connection. 
  When I connect the new switch in, I can't seem to get an IP and the CLI keeps showing a "Native VLAN mismatch error" and shows the hostname of the original switch. 
  So my questions are:
  How can I add this temporary switch to the existing switch to get a connection, not as another stacked switch?
  How can I configure the voice/data VLAN's on the switch so as to be able to test the voice/data traffic over the same port? 

  Hi! Yes I did change the native vlan for that particular port on "Sw2" (New switch) to match "Sw1" (existing switch). The Sw2 port shows native vlan inactive though.
  Below is an output from them on that port. 
  (SW1)
  Name: Gi3/0/5
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 100 (VLAN0100)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: 10 (VLAN0010)
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: none
  Trunking VLANs Enabled: ALL
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none
  SW2
  Name: Gi3/0/5
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 100 (Inactive)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: 10 (Voice)
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: none
  Trunking VLANs Enabled: ALL
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none

• I download to my laptop and burn a disc. But when I put that disc on my home computer none of song info. show up. What I am missing.

  I use a wifi connection to download to my laptop, burn a playlist. But when I go to put the disc on my home computer none of the song information shows up. I have to put in all the info. myself. I'm I missing a setting. Thanks.
  Heavy Eddie

  Yes, that is correct..
  I think it is good to start over fresh and please use all names that are short, no spaces and pure alphanumeric. NOT names Apple will recommend in the airport utility setup wizard.. they are simply wrong.
  Much less issues by sticking with network standards..
  Passwords also met the same criteria only can be 8-20 characters or even more if you are totally paranoid.. We all should be partly paranoid.
  But names can be 2-8 characters and work just as well.

• Default Vlan (Vlan 1) is down

  I create Vlan 1, but see Vlan 1 is down.
  #sh int vlan 1
  Vlan1 is down, line protocol is down.
  can someone explain the reason.
  Thanks.

  In order for your VLAN1 to show up/up one of the following two conditions should hold:
  1) There should be one active (physically up) access port in VLAN 1.
  2) VLAN1 should be carried in an active trunk on the switch (normally it is).
  This is because of a feature called autostate which brings up the logical interface (vlan interface) up only when there is a physical device on that VLAN.