IDS shunning - IDS can't blocking via Cisco Router

Similar Messages

• Setting PPPoE clients speed Via Cisco router

  Hi i have a 7200 cisco router working as NAS (network access server) for PPPoE sessions , the clients connected DSLAMS and the Cisco connected to an AAA external Raduis server.
  i want to set the user speed Via cisco router in a way which can be controlled in the Radius server , and not through the actual speed of the DSLAMS ports
  Thanks alot

  Hello Mohamed,
  there is a feature called controlled subscriber bandwidth that may fit your needs:
  see
  http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_con_sub_bdwth_ps6441_TSD_Products_Configuration_Guide_Chapter.html
  it manipulates the ATM traffic parameters on a per user basis
  these settings can be done on radius AV:
  example:
  The following example shows how to configure RADIUS attributes for a user profile for DBS:
  [email protected] Password = "userpassword1", Service-Type = Outbound
       Service-Type = Outbound,
       Cisco-Avpair = "vpdn:tunnel-id=tunnel33",
       Cisco-Avpair = "vpdn:tunnel-type=l2tp",
       Cisco-Avpair = "vpdn:l2tp-tunnel-password=password2",
       Cisco-Avpair = "vpdn:ip-addresses=172.16.0.0",
       Cisco-Avpair = "atm:peak-cell-rate=155000",
       Cisco-Avpair = "atm:sustainable-cell-rate=155000"
  Hope to help
  Giuseppe

• PXE boot via Cisco router

  We have a need to netboot a PC with Linux via a Cisco router (I.E. PXEboot).
  We have copied the PXE linux.cfg files to the Cisco router's flash, (Cisco 2821, IOS Advanced Security 15-1.2-T1).
  We have setup the router as a TFTP server with defaulted path as tftp-server flash:tftpboot
  From the pc's CMOS, we selected PXE boot.
  With "debug ip packet detail", we can see the DHCP request from the PC.
  We cannot however, get the router to download the Linux files to the PC.
  Manually we tried:
  c:\ tftp 10.0.0.1 get default - no go.
  ANYONE have an idea????
  Thanks
  Frank

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  Hi Ash,
  Thanks for the assistance.
  The laptop is directly connected to the Cisco 2821 routers g0/0 interface.
  The router is configured to be a DHCP server with the Cisco 2821 router IP address on g0/0 set in the DHCP configuration to be the default router. The router’s IP address is excluded from DHCP. (10.0.0.30)
  If the laptop’s bios is set to PXE boot, it seems to receive an IP address from the router I.E. 10.0.0.1– verified by statically assigning another pc IP address 10.0.0.1– the 2nd pc receives an error of IP address conflict. Then set the second pc to obtain its’ IP address via DHCP, and while running debug ip packet detail on the router, I see the router running through the DHCP assignment process and finally assigns the 2nd pc 10.0.0.2.
  So needless to say, I believe the DHCP setup is functioning correctly.
  The problem we have at this point is nailing down the TFTP-server function running on the Cisco 2821 router.
  We were able to create the directory tree on the Cisco 2821 routers flash and then copy the correct files into each directory within flash.
  Using WinXP DOS prompt, tftp does not seem to function.
  With debug ip packet detail running on the router and Wireshark running on the PC, we run from a DOS window c:\tftp 10.0.0.1 GET \default. No matter how we specify the path, end result is an error of some kind.
  We watch debug and wireshark display the communications of the PC and router talking, but cannot seem to get the requested file.
  Perhaps WinXP tftp server is flawed.
  If we load TFTP32 and attempt to send and/or receive a file from flash, works fine.
  The router tftp config is as:
  tftp-server flash:/tftpboot/dsl/pxeboot.cfg
  The actual files name is "default" and is found on the Cisco 2821 flash:/tftpboot/dsl/pxeboot.cfg directory.
  No ACLs on the Cisco router and the router is pretty much right out of the box.
  Firewall is disabled on both PCs.
  Ping to/from the PC/router works fine.
  Thanks again
  Frank

• Problem installing hp 8600 plus to laptop after installing wireless on desktop via cisco router!

  After installing the printer successfully on my desktop wireless through the cisco router I attempted to add my laptop a hp G60-635DX notebook. After installing the printer I got a message that a driver cannot be found! I called cisco and they offered online help for a $ 69.00 contract for 1 year! Looking for cheaper alternative!!!

  Does the Asaro run DHCP?  If so, turn off all access points except the one running DHCP and connect the printer.  Then you can turn on the other APs.
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP

• How access Office LAN via Cisco Router & Switches HELP!!

  Hello everyone!
  For starters I am no Cisco guru but at least find my way around a few things here and there.
  I work as the IT dude for a company with two branches at different geolocations.
  Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
  The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN  [192.168.1/24]
  I have three questions.
  1. How do I access for example the File Server on the Corporate LAN from home?
  2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
  3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
  Thank you very much.

  Hello everyone!
  For starters I am no Cisco guru but at least find my way around a few things here and there.
  I work as the IT dude for a company with two branches at different geolocations.
  Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
  The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN  [192.168.1/24]
  I have three questions.
  1. How do I access for example the File Server on the Corporate LAN from home?
  2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
  3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
  Thank you very much.

• Blocking ads via EA4500 (router level)

  Hi
  I know ads can be blocked via a firefox or chrome plugin but i would prefer to do it at router level on my EA4500. Since the router is not Tomato compatible, is my only option to use the Netproofer app and block the following websites?
  www.atdmt.com 
  www.doubleclick.net 
  doubleclick.net 
  ad.nozonedata.com 
  ads.pointroll.com 
  us.ard.yahoo.com 
  us.a1.yimg.com 
  us.js2.yimg.com 
  ad.doubleclick.net 
  view.atdmt.com 
  a.tribalfusion.com 
  ad.ca.doubleclick.net 
  ads.deviantart.com 
  pagead2.googlesyndication.com 
  ad.nozonedata.com 
  cdn.fastclick.net 
  cdn5.tribalfusion.com 
  media.fastclick.net 
  pixel.quantserve.com 
  tribalfusion.com

  What you can do is to block these specific sites on your router using parental control but you could only block upto 8 websites. So might as well block those sites on the browser level.

• Does cisco router support "tcp reset" mesg when the traffic blocked by access lit ?

  hi ,
  im trying to know if i  blocked a destination with an access list on cisco.
  can i make "tcp-rest " to that connection instead on dropping it ??
  i belive it supported on ASA appliance , but not sure if supported on cisco routers.
  im trying to migrate from linux router to cisco router and apply the same config , one of the challenging task is , i have 
  "reject-with=tcp-reset"
  im wondering if i can do it on cisco router
  waiting ur responce
  regards

  One of the things that keeps me engaged with these forums is that they challenge me and give me opportunities to learn new things. My initial reaction to your question about IPS on IOS router was to say that this is not supported. But I did some research and find that apparently IPS functionality is now supported on some (but not all) of Cisco IOS routers. See this link for additional detail:
  http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html
  HTH
  Rick

• BGP peering via default route

  I read http://blog.ipexpert.com/2010/11/08/bgp-peering-and-default-routes/ and understood that BGP speaker will not initiate BGP connection with the other BGP router if it can reach it via default route only...And BGP peering will not come up at all if both the BGP speakers know each other via default routes only....I could not understand the reason behind this though...Could any expert help me in understanding the underlying reasoning?

  I can't think of a reason why you would want to peer with a router you don't have a route for. If you're relying on a default route for a multi-hop bgp peer session, it could cause the session to be unreliable due to changes in the network down the line from you. An unreliable bgp session would be bad on the router's cpu/memory if the session were to flap.

• I have a iPhone and iPad on one iTunes account, I have recently bought two further I touches fir the kids , should I set them up with their own apple ids and the can I transfer purchases through all devices

  I have a iPhone and iPad on one iTunes account, I have recently bought two further I touches fir the kids , should I set them up with their own apple ids and the can I transfer purchases through all devices,

  Hi jhyiesla,
  Im not sure wether I got you right or not. But my advice/s would be as follows:
  These steps help you get rid of old apps you downloaded years ago and you do not use anymore.(Also frees space on your mac after emptying the trash)
  1) go to iTunes and delete all applications in it. Make sure to move them to trash! Do not empty your trash yet. Its your backup if step 3 doesnt appear.
  2) connect both your devices(one after each other) and make a backup. !!!Dont press the Sync button, press the Back Up Now Button
  3) Then it asks you if you want to backup applications as well. Confirm. (This is how apps get transferred manually)
  4) Then Sync your devices... The first time it might be, that there are some additional apps loaded to your devices you dont want to.. delete them on your Device (not iTunes) and after that you should be good every time you sync again.
  5) now you can empty your trash on your mac.
  Further,
  - You should regularly connect your devices with iTunes to make sure they are backed up. (Even if you have activated iCloud backup, the iTunes backup is more proper i.e.. Apps)
  - If you hate scrolling through a list of apps in iTunes, you can re/install apps directly on iOS not via iTunes. I absolutely never go to the "Applications" section in iTunes. I install and delete apps directly on iOS.
  jl

• TS3899 How can I block an e-mail address on iPhone 5s? My ISP is unable to help. I can block via Outlook on my laptop, but they still come through on my iPhone

  How can I block an e-mail address from sending me spam on my iPhone 5s? My ISP is unable to help. I can block on my laptop via Outlook, but they still come through on my iPhone 5s. Thank you very much.

  You can "Move to Junk" and it should start doing it automatically after a few times:
  http://blog.mailup.com/2013/09/mail-app-in-ios-7-our-first-tests/

• HT1918 I have 2 itunes ids. How can I merge the 2 email addresses. The site will not let me merge 2 existing email accounts

  I have 2 apple itunes ids. How can I merge the accounts into 1 user account? I have tried using both email accounts on a single itunes account but the site will not let me use 2 existing email accounts.
  Thanks

  You can't merge Apple IDs.
  And you also can't change the name of an iTS Apple ID to another one that ends in a me.com.

• Multiple apple IDs, now i can't backup, HELP :(

  okay, so, I got my first apple product when i was like, 13, or something, iPod nano.
  I set it up and everything, but my mom wouldn't let me create an apple ID, so, she created one, and when I purchased songs, it went through her account.
  well, now I'm 22, and I have my own apple ID that two old iPods, an iPod touch, an iPad, and my boyfriends iPhone are all authorized for, plus, at least three authorized computers. and I plan to get my own iPhone at upgrade time next month.
  The problem is, with the iPad, my boyfriend and I purchased it together and registered it under his account but most of the purchases are from mine, so with every update, sync, and purchase we have to enter both our apple IDs, which is annoying enough, but it's worse with my iPod touch. It has my old purchases through my mom's account, my purchases, my boyfriends purchases, and songs his sister bought for him when his whole family shared the same apple ID. I'm trying to update to iOS5, but I can't backup now, because I have to enter my apple ID, my mom's apple ID, my boyfriends apple ID AND his sisters apple ID just to do ANYTHING.
  and now, since the rules for password strength have changed, at one point or another all of these apple IDs have been changed. and now, I don't know my mom's password, so I can't update or even sync because I have to verify her password that I don't even know!
  So my question is, what do I do!?
  And is there any way to make this less roundabout and annoying?

  You cannot merge apple ids, but you can sign out of the apple id and sign in under the other one either on your phone or your mac. On your phone, go to settings, itunes and appstore, tap your apple id, tap sign out, then go back to home screen, then back into itunes an appstore and sign in with the apple id you want to use.

• Hi my name Abukar I had an old apple ID and I had problem with signing it so I decided to make a new apple ID with a new email address, so how can I link with two apple IDs and how can I get back all my previous apps that I purchased before, I cloud stuff

  Hi my name Abukar I had an old apple ID and I had problem with signing it so I decided to make a new apple ID with a new email address, so how can I link with two apple IDs and how can I get back all my previous apps that I purchased before, I cloud stuff

  It is not possible to do that.
  Allan

• How can I connect a Cisco 7940 phone to a trixbox via SIP

  how can I connect a Cisco 7940 phone and CIsco 7970 to a trixbox via SIP

  ...by configuring the trixbox according to the required configuration and changing your firmware on the phones to SIP{
  =============================
  Please remember to rate useful posts, by clicking on the stars below.
  =============================

• Created three new users without Apple IDs and they can't log into either of my Macbook Pro or Mac Mini running Mountain Lion.

  I have created three new users without Apple IDs and they can't log into either of my Macbook Pro or Mac Mini running Mountain Lion.  These accounts are for my kids and originally were setup with parental controls and time constraints.  Thinking this was the problem I removed the time constraints, removed the parental controls, deleted and re-added them, and made them standard users.  I have reinstalled, used disk utility to repair permissions, and made them admins.   Any help is appreciated.

  Users don't need Apple ID's. That's not the issue. Have you tried repairing permissions their accounts?
  http://osxdaily.com/2011/11/15/repair-user-permissions-in-mac-os-x-lion/
  Repairing User Permissions in OS X Lion
  You’ll need to reboot to perform this, and then use the same resetpassword utility that is used to change passwords in Lion, but instead choosing a hidden option.
  When you use the Disk Utility app and Repair Permissions — it doesn’t actually repair the permission settings on folders and files in your Home folder where your documents and personal applications reside.
  In Lion, there is an additional Repair Permissions application utility hidden away. This tool is located inside boot Repair Utilities. Here’s how to access it.
  Restart Lion and hold down the Command and R keys.    You will boot into the Repair Utilities screen. On top, in the Menu Bar click the Utilities item then select Terminal.
  In the Terminal window, type resetpassword and hit Return.
  The Password reset utility launches, but you’re not going to reset the password. Instead, click on the icon for your Mac’s hard drive at the top. From the drop-down below it, select the user account where you are having issues.
  At the bottom of the window, you’ll see an area labeled ‘Reset Home Directory Permissions and ACLs’. Click the Reset button there.
  The reset process takes a couple of minutes. When it’s done, quit the programs you’ve opened and restart your Mac. Notice that ‘Spotlight’ starts re-indexing immediately.