Nexus 5000 cant access radius
hello,
before two weeks ago we installed radius server in our network.
the other switches in the network are work fine with the radius,
the nexus 5k can reach the server with ping, but cant authenticate the users, only local users can access.
test aaa server radius is also failed with "error authnticating to server.
please take a look in the configuration below.
thanks!
here is the configureation :
logging level radius 5
radius-server retransmit 3
radius-server host 192.168.x.y key 7 "xxxxxxxx" authentication accounting
aaa group server radius myradius
aaa authentication login default group myradius local
nexus5000k# show radius-server groups
total number of groups:2
following RADIUS server groups are configured:
group radius:
server: all configured radius servers
deadtime is 0
group myradius:
server: 192.168.x.y on auth-port 1812, acct-port 1813
deadtime is 0
You can specify that a RADIUS server is to be used only for accounting purposes or only for authentication purposes. By default, RADIUS servers are used for both accounting and authentication. You can also specify the destination UDP port numbers where RADIUS accounting and authentication messages should be sent.
To configure the accounting and authentication attributes for RADIUS servers, perform this task:
www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/sec_radius.html#wp1298572
Similar Messages
-
Nexus 5000 - Securing MGMT Access
Could anyone comment on whether the capability exists to configure an ACL that protects management access, restricting access to certain source subnets? I want to use inband mgmt access (interface vlan feature)but limit the access by IP. ACLs seem to be only configurable on a per port basis or VLAN mapped basis, not on the VLAN Interface or Line VTY. Thanks in advance to anyone who offers a comment!
Hi Adam,
[edit] This is fixed in 4.1(3)N2(1) with defect CSCta26533. It is also available in 4.2(1)N1(1). I just tested this to verify, I was confused earlier as to what version my switches were running.
Here's an exmaple in 4.2(1)N1(1):
Nexus5010(config)# conf t
Nexus5010(config)# ip access-list someACL
Nexus5010(config-acl)# deny ip 192.168.0.0/16 any
Nexus5010(config-acl)# permit ip any any
Nexus5010(config-acl)# int mgmt0
Nexus5010(config-if)# ip access-group someACL in
Nexus5010(config-if)# exit
Nexus5010# sh ip access-lists summary
IPV4 ACL someACL
Total ACEs Configured: 2
Configured on interfaces:
mgmt0 - ingress (Router ACL)
Active on interfaces:
mgmt0 - ingress (Router ACL)
Also, CSCsq20638 will allow you to put an ACL on VTY lines. CSCsq20638 slipped the target release since my first answer, but is now committed to the 5.0 train for the Nexus 7000.
When the Nexus 5000 picks up this enhancement sometime in Q4 of 2010. I can't be specific about a release date since it's under active development, but it should be called 5.0(2)N1(1)
Regarding a VACL, that will work for inband management (SVI / VLAN interface), but not for those managing via MGMT0.
Regards,
John Gill
Message was edited by: johgill -
Nexus 5000 - Odd Ethernet interface behavior (link down inactive)
Hi Guys,
This would sound really trivial but it is very odd behavior.
- We have a server connected to a 2, Nexus 5000s (for resiliancy)
- When there is no config on the ethernet interfaces whatsoever, the ethernet interface is UP / UP, there is minimal amount of traffic on the link etc. E.g.
Ethernet1/16 is up
Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
Description: shipley-p1.its RK14/A13
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
full-duplex, 10 Gb/s, media type is 1/10g
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
Last link flapped 00:00:07
Last clearing of "show interface" counters 05:42:32
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 96 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 8 bps, 0 pps
RX
0 unicast packets 0 multicast packets 0 broadcast packets
0 input packets 0 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
0 unicast packets 163 multicast packets 0 broadcast packets
163 output packets 15883 bytes
0 jumbo packets
0 output errors 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble
0 Tx pause
1 interface resets
- As soon as I configure the link to be an access port, the link goes down, flagging "inactivity" E.g.
sh int e1/16
Ethernet1/16 is down (inactive)
Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
Description: shipley-p1.its RK14/A13
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
auto-duplex, 10 Gb/s, media type is 1/10g
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
Last link flapped 05:38:03
Last clearing of "show interface" counters 05:41:33
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
RX
0 unicast packets 0 multicast packets 0 broadcast packets
0 input packets 0 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
0 unicast packets 146 multicast packets 0 broadcast packets
146 output packets 13083 bytes
0 jumbo packets
0 output errors 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble
0 Tx pause
0 interface resets
- This behavior is seen on both 5Ks
- I've tried using a different set of ports, changed SFPs, and fibre cabling to no avail
- I can't seem to understand this behavior?! In that, why would configuring the port cause the link to go down?
- If anyone has experience this before, or could shed some light on this behavior, it would be appreciated.
sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.2.0
loader: version N/A
kickstart: version 4.2(1)N1(1)
system: version 4.2(1)N1(1)
power-seq: version v1.2
BIOS compile time: 06/19/08
kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
kickstart compile time: 4/29/2010 19:00:00 [04/30/2010 02:38:04]
system image file is: bootflash:/n5000-uk9.4.2.1.N1.1.bin
system compile time: 4/29/2010 19:00:00 [04/30/2010 03:51:47]
thanks
SheldonI had identical issue
Two interfaces on two different FEXes were INACTIVE. I have two Nexus 5596 in vPC and A/A FEXes.
I also use config-sync feature.
Very same configuration was applied to other ports on other FEXes and they were working with no problems.
interface Ethernet119/1/1
inherit port-profile PP-Exchange2003
I checked VLAN status associated with this profile and it was active (of course it was, other ports were ok).
I solved it by removing port profile from this port and re-applied it... voila, port changed state to up!
Very very strange. -
this has got ridiculous now i cant access itunes tore,my ipod says there is no music on it even though i watched it sync nearly 5000 tunes and the program apple mobile device exe eats my cpu at 97% it slows my computer to a crawl should have had the courage of my convictions and stuck to itunes version9 at least that worked.tried resetting netsh winsock,flushing my dns all not worked.this has to be sorted out...and quick
Hi,
I have tried and confimed that you can download the previous version from some web-site about the version 10.5.1.42.
Remove/un-install 10.5.2.11 and restart your computer.
Install the old version 10.5.1.42
and then you can find the "Devices" on the left column and showing synchronizing when you connect the cable.
Good luck -
What are best practices for connecting asa to nexus 5000
just trying to get a feel for the best way to connect redundant asa to redundant nexus 5000
using a vpc vlan is fine, but then running a routing protocol isn't supported, so putting static routes on 5000 works, but it doesn't support ip sla yet so you cant really stop distributing the default if your internet goes down. just looking for what was recommended.you want to test RAC upgrade on NON RAC database. If you ask me that is a risk but it depends on may things
Application configuration - If your application is configured for RAC, FAN etc. you cannot test it on non RAC systems
Cluster upgrade - If your standalone database is RAC one node you can probably test your cluster upgrade there. If you have non RAC database then you will not be able to test cluster upgrade or CRS
Database upgrade - There are differences when you upgrade RAC vs non RAC database which you will not be able to test
I think the best way for you is to convert your standalone database to RAC one node database and test it. that will take you close to multi node RAC -
PFC configuration on Nexus 5000
Hi,
I have a CNA in my server connected to cisco nexus 5000 interfcae. I Want to genearate pause frames for FCOE class of traffic using the default class class-fcoe and cos value 3, the firmware version running is 5.0(3) N1 (1b). Can anyone tell me how can i configure it ?
Thanks,
ManjuSorry for the delayed response, Here is what you asked
Cisco-5020# sh mod
Mod Ports Module-Type Model Status
1 40 40x10GE/Supervisor N5K-C5020P-BF-SUP active *
2 8 4x10GE + 4x1/2/4G FC Module N5K-M1404 ok
Mod Sw Hw World-Wide-Name(s) (WWN)
1 5.0(3)N1(1b) 1.2 --
2 5.0(3)N1(1b) 1.0 20:41:00:0d:ec:b2:15:40 to 20:44:00:0d:ec:b2:15:40
Mod MAC-Address(es) Serial-Num
1 000d.ecb2.1548 to 000d.ecb2.156f JAF1303ACES
2 000d.ecb2.1570 to 000d.ecb2.1577 JAF1245AJLF
Cisco-5020#
Cisco-5020#
Cisco-5020# sh run
!Command: show running-config
!Time: Fri Oct 28 17:40:02 2005
version 5.0(3)N1(1b)
feature fcoe
feature npiv
feature telnet
feature lldp
username admin password 5 $1$v9Tm8Y77$ZSdbOfBxe1.Z9Oz1V9V2B0 role network-admin
no password strength-check
ip domain-lookup
hostname Cisco-5020
logging event link-status default
service unsupported-transceiver
class-map type qos class-fcoe
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos jumbo
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo
snmp-server user admin network-admin auth md5 0x2694501fdfbe5abed9e85d51e4e31038 priv 0x2694501fdfbe5abed9e85d51e4e31038 localizedkey
snmp-server host 138.239.198.184 traps version 2c public udp-port 1163
snmp-server host 138.239.198.184 traps version 2c public udp-port 1164
snmp-server host 138.239.198.200 traps version 2c public udp-port 1163
snmp-server host 138.239.198.200 traps version 2c public udp-port 1164
snmp-server host 138.239.200.118 traps version 2c public udp-port 1163
snmp-server host 138.239.198.200 traps version 2c public udp-port 1163
snmp-server enable traps entity fru
snmp-server community snmpv3 group network-operator
vrf context management
ip route 0.0.0.0/0 10.192.207.254
vlan 1-2,8
vlan 10
fcoe vsan 10
vlan 20
fcoe vsan 20
vlan 30
vlan 35
fcoe vsan 35
vlan 40,50
vlan 52
fcoe vsan 52
vsan database
vsan 20
vsan 52
fcdomain fcid database
vsan 52 wwn 10:00:00:00:c9:b1:e5:3d fcid 0x180000 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:3b fcid 0x180001 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x180002 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:ad fcid 0x180003 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:41 fcid 0x180004 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:b9 fcid 0x180005 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:b5 fcid 0x180006 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d1 fcid 0x180007 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:4d:e1 fcid 0x180008 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:a9 fcid 0x180009 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d5 fcid 0x18000a dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5d fcid 0x18000b dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:9b fcid 0x18000c dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:99 fcid 0x18000d dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5b fcid 0x18000e dynamic
vsan 1 wwn 10:00:00:00:c9:f2:73:b3 fcid 0x050000 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:47 fcid 0x18000f dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a7:93 fcid 0x180010 dynamic
vsan 52 wwn 10:00:00:00:c9:91:f8:19 fcid 0x180011 dynamic
vsan 52 wwn 10:00:00:00:c9:9c:e0:77 fcid 0x180012 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a7:d3 fcid 0x180013 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:bb fcid 0x180014 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:c5 fcid 0x180015 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:91 fcid 0x180016 dynamic
vsan 52 wwn 10:00:00:00:c9:a4:00:91 fcid 0x180017 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:8d fcid 0x180018 dynamic
vsan 52 wwn 20:0f:00:11:0d:7f:a8:00 fcid 0x180019 dynamic
vsan 52 wwn 20:0f:00:11:0d:7f:a8:01 fcid 0x18001a dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:b7 fcid 0x18001b dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a5:27 fcid 0x18001c dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:53 fcid 0x18001d dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c8:37 fcid 0x18001e dynamic
vsan 52 wwn 10:00:00:00:c9:5b:76:e5 fcid 0x18001f dynamic
vsan 20 wwn 10:00:00:00:c9:5b:a3:83 fcid 0xd30000 dynamic
vsan 52 wwn 10:00:00:00:c9:91:00:00 fcid 0x180020 dynamic
vsan 52 wwn 10:00:00:00:00:91:f7:f1 fcid 0x180021 dynamic
vsan 1 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x050001 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:0f fcid 0x180022 dynamic
vsan 52 wwn 10:00:00:00:c9:3c:8e:21 fcid 0x180023 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:11 fcid 0x180024 dynamic
vsan 20 wwn 10:00:00:00:c9:b1:e6:b7 fcid 0xd30001 dynamic
vsan 52 wwn 10:00:f8:19:00:91:f8:19 fcid 0x180025 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:8b fcid 0x180026 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e4:ff fcid 0x180027 dynamic
vsan 52 wwn 10:00:00:00:c9:3c:8e:25 fcid 0x180028 dynamic
vsan 52 wwn 50:06:01:61:44:60:23:4f fcid 0x1800ef dynamic
vsan 52 wwn 10:00:00:00:c9:5b:d6:b9 fcid 0x180029 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:43 fcid 0x18002a dynamic
vsan 52 wwn 20:01:00:00:c9:5b:ab:99 fcid 0x18002b dynamic
vsan 52 wwn 20:02:00:00:c9:5b:ab:99 fcid 0x18002c dynamic
vsan 52 wwn 50:06:01:60:44:60:23:4f fcid 0x1801ef dynamic
vsan 52 wwn 10:00:00:00:c9:9d:1f:bf fcid 0x18002d dynamic
vsan 52 wwn 10:00:00:00:c9:9d:1f:c1 fcid 0x18002e dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d3 fcid 0x18002f dynamic
vsan 20 wwn 10:00:00:00:c9:bb:c8:37 fcid 0xd30002 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:56 fcid 0x180030 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:57 fcid 0x180031 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:ea:81 fcid 0x180032 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:ea:7f fcid 0x180033 dynamic
vsan 20 wwn 10:00:00:00:c9:12:34:56 fcid 0xd30003 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:1b fcid 0x180034 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:1d fcid 0x180035 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c7:8f fcid 0x180036 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:cb:8f fcid 0x180037 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:cb:93 fcid 0x180038 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c7:93 fcid 0x180039 dynamic
vsan 20 wwn 10:00:00:00:c9:12:34:57 fcid 0xd30004 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:c4 fcid 0x18003a dynamic
vsan 52 wwn 10:00:00:00:c9:bb:17:b7 fcid 0x18003b dynamic
vsan 52 wwn 10:00:00:00:c9:a0:ce:2d fcid 0x18003c dynamic
vsan 52 wwn 10:00:00:00:c9:91:f7:f1 fcid 0x18003d dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:c0 fcid 0x18003e dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5f fcid 0x18003f dynamic
vsan 52 wwn 10:00:00:00:c9:e3:06:89 fcid 0x180040 dynamic
vsan 52 wwn 50:06:01:68:44:60:23:4f fcid 0x1802ef dynamic
vsan 1 wwn 50:06:01:61:44:60:23:4f fcid 0x0500ef dynamic
vsan 52 wwn 10:00:00:00:c9:d1:16:24 fcid 0x180041 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:16:25 fcid 0x180042 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:0a:6d fcid 0x180043 dynamic
vsan 20 wwn 10:00:00:00:c9:d1:16:25 fcid 0xd30005 dynamic
vsan 20 wwn 10:00:00:00:c9:d1:16:24 fcid 0xd30006 dynamic
vsan 20 wwn ff:f2:00:00:c9:12:34:78 fcid 0xd30007 dynamic
vsan 20 wwn ff:f2:00:00:c9:d1:16:46 fcid 0xd30008 dynamic
vsan 52 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0x180044 dynamic
vsan 20 wwn ff:f3:00:00:c9:d1:16:46 fcid 0xd30009 dynamic
vsan 52 wwn ff:f0:00:00:c9:d1:0a:8c fcid 0x180045 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:0a:6c fcid 0x180046 dynamic
vsan 20 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0xd3000a dynamic
vsan 20 wwn 10:00:00:00:c9:d1:0a:6d fcid 0xd3000b dynamic
vsan 52 wwn ff:f2:00:00:c9:d1:16:46 fcid 0x180047 dynamic
vsan 20 wwn ff:f3:00:00:c9:12:34:78 fcid 0xd3000c dynamic
vsan 52 wwn ff:f3:00:00:c9:12:34:78 fcid 0x180048 dynamic
vsan 52 wwn 50:06:01:69:44:60:23:4f fcid 0x1803ef dynamic
vsan 52 wwn ff:f3:00:00:c9:d1:16:46 fcid 0x180049 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:5b fcid 0x18004a dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:5a fcid 0x18004b dynamic
vsan 52 wwn ff:f2:00:00:c9:12:34:78 fcid 0x18004c dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ac:f3 fcid 0x18004d dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ad:15 fcid 0x18004e dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ac:f5 fcid 0x18004f dynamic
vsan 52 wwn 20:01:00:00:c9:a5:ac:f3 fcid 0x180050 dynamic
vsan 52 wwn 20:02:00:00:c9:a5:ac:f3 fcid 0x180051 dynamic
vsan 52 wwn ff:f3:00:00:c9:12:34:85 fcid 0x180052 dynamic
vsan 52 wwn 20:00:00:11:0d:77:9c:00 fcid 0x180053 dynamic
vsan 52 wwn 20:01:00:11:0d:77:9d:00 fcid 0x180054 dynamic
interface port-channel3
interface vfc1
no shutdown
interface vfc4
interface vfc9
bind interface Ethernet1/9
no shutdown
interface vfc10
interface vfc11
bind interface Ethernet1/11
no shutdown
interface vfc19
bind interface Ethernet1/19
no shutdown
interface vfc21
bind interface Ethernet1/21
no shutdown
interface vfc22
bind interface Ethernet1/22
switchport trunk allowed vsan 52
no shutdown
interface vfc24
bind interface Ethernet1/24
switchport trunk allowed vsan 52
no shutdown
interface vfc25
bind interface Ethernet1/25
switchport trunk allowed vsan 52
no shutdown
interface vfc26
bind interface Ethernet1/26
switchport trunk allowed vsan 52
no shutdown
interface vfc27
bind interface Ethernet1/27
no shutdown
interface vfc28
bind interface Ethernet1/28
no shutdown
interface vfc29
bind interface Ethernet1/29
no shutdown
interface vfc30
bind interface Ethernet1/30
switchport trunk allowed vsan 52
no shutdown
interface vfc31
bind interface Ethernet1/31
shutdown
interface vfc32
bind interface Ethernet1/32
no shutdown
interface vfc33
bind interface Ethernet1/33
no shutdown
interface vfc34
bind interface Ethernet1/34
no shutdown
interface vfc35
bind interface Ethernet1/35
no shutdown
interface vfc36
bind interface Ethernet1/36
no shutdown
interface vfc37
bind interface Ethernet1/37
no shutdown
interface vfc38
bind interface Ethernet1/38
no shutdown
interface vfc39
bind interface Ethernet1/39
no shutdown
interface vfc40
bind interface Ethernet1/40
no shutdown
vsan database
vsan 52 interface vfc1
vsan 52 interface vfc9
vsan 52 interface vfc11
vsan 52 interface vfc19
vsan 52 interface vfc21
vsan 52 interface vfc22
vsan 52 interface vfc24
vsan 52 interface vfc26
vsan 52 interface vfc27
vsan 52 interface vfc28
vsan 52 interface vfc29
vsan 52 interface vfc30
vsan 52 interface vfc31
vsan 52 interface vfc32
vsan 52 interface vfc33
vsan 52 interface vfc34
vsan 20 interface vfc35
vsan 52 interface vfc36
vsan 52 interface vfc37
vsan 52 interface vfc38
vsan 52 interface vfc39
vsan 52 interface vfc40
vsan 52 interface fc2/1
vsan 52 interface fc2/2
vsan 52 interface fc2/3
vsan 52 interface fc2/4
interface fc2/1
switchport trunk allowed vsan 1
switchport trunk allowed vsan add 52
switchport trunk mode auto
no shutdown
interface fc2/2
switchport trunk mode auto
no shutdown
interface fc2/3
no shutdown
interface fc2/4
no shutdown
interface Ethernet1/1
interface Ethernet1/2
speed 1000
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
switchport mode trunk
interface Ethernet1/8
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/10
interface Ethernet1/11
priority-flow-control mode on
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/12
switchport mode trunk
interface Ethernet1/13
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/14
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/15
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/16
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/17
interface Ethernet1/18
switchport mode trunk
switchport trunk allowed vlan 1,30
interface Ethernet1/19
switchport mode trunk
switchport access vlan 10
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/20
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/21
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/22
interface Ethernet1/23
flowcontrol receive on
flowcontrol send on
interface Ethernet1/24
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/25
switchport mode trunk
switchport trunk allowed vlan 1,8,30,52
interface Ethernet1/26
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,8,30,52
interface Ethernet1/27
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/28
switchport mode trunk
switchport trunk allowed vlan 1,8,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/29
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/30
description line
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,8,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/31
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
interface Ethernet1/32
switchport mode trunk
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/33
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/34
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/35
switchport mode trunk
switchport access vlan 10
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/36
switchport mode trunk
switchport trunk allowed vlan 1,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/37
switchport mode trunk
switchport trunk allowed vlan 1,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/38
switchport mode trunk
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/39
shutdown
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/40
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet2/1
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/2
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/3
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/4
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface mgmt0
ip address 10.192.194.111/20
system default zone default-zone permit
system default zone distribute full
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N1.1b.bin
boot system bootflash:/n5000-uk9.5.0.3.N1.1b.bin
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
zone default-zone permit vsan 20
zone default-zone permit vsan 52
zoneset distribute full vsan 1
zoneset distribute full vsan 20
zoneset distribute full vsan 52
!Full Zone Database Section for vsan 1
zone name bg-qa vsan 1
member pwwn 10:00:00:00:c9:5b:ab:ca
member pwwn 21:00:00:0c:50:c3:70:23
member pwwn 21:00:00:0c:50:c3:70:22
member pwwn 21:00:00:0c:50:c3:70:16
member pwwn 21:00:00:0c:50:c3:70:1e
member pwwn 22:00:00:0c:50:c3:70:26
member pwwn 22:00:00:18:62:06:76:8a
member pwwn 22:00:00:11:c6:17:68:c3
member pwwn 22:00:00:0c:50:c3:70:1d
member pwwn 22:00:00:0c:50:c3:6f:c2
member pwwn 22:00:00:11:c6:17:68:dc
member pwwn 21:00:00:0c:50:c3:6a:d0
member pwwn 21:00:00:0c:50:79:92:90
member pwwn 21:00:00:11:c6:17:69:a0
member pwwn 21:00:00:0c:50:79:93:af
member pwwn 22:00:00:0c:50:48:10:80
member pwwn 22:00:00:11:c6:18:46:c6
member pwwn 22:00:00:0c:50:32:2e:0f
member pwwn 22:00:00:0c:50:48:10:74
member pwwn 22:00:00:11:c6:18:46:f2
member pwwn 21:00:00:00:87:13:cb:d1
member pwwn 21:00:00:0c:50:79:91:0f
member pwwn 10:00:00:00:c9:3c:8e:49
member pwwn 10:00:00:00:c9:5b:ab:c2
member pwwn 10:00:00:00:c9:5b:af:f3
zone name sf_RAM vsan 1
member pwwn 10:00:00:00:c9:5b:af:c9
member pwwn 21:00:00:0c:50:b4:8e:20
zone name anand vsan 1
member pwwn 10:00:00:00:c9:65:69:31
member pwwn 22:00:00:18:62:06:7f:f6
zone name syedzone vsan 1
member fwwn 20:11:00:0d:ec:56:7b:40
member pwwn 50:06:01:60:44:60:23:4f
zone name bg_qa vsan 1
zoneset name TOM vsan 1
member bg-qa
zoneset name bg_dvt vsan 1
member sf_RAM
zoneset name lancer vsan 1
member anand
zoneset name bg-qa vsan 1
zoneset name syed vsan 1
member syedzone
zoneset activate name lancer vsan 1
!Full Zone Database Section for vsan 20
zone name amrita_zone1 vsan 20
member pwwn 10:00:00:00:c9:5b:a3:83
member pwwn 22:00:00:04:cf:89:19:67
member pwwn 22:00:00:0c:50:48:10:80
member pwwn 22:00:00:11:c6:18:46:f2
member pwwn 22:00:00:0c:50:79:93:ae
zone name amr_zset vsan 20
zoneset name amr_zset vsan 20
member amrita_zone1
zoneset activate name amr_zset vsan 20
!Full Zone Database Section for vsan 52
zone name vinod vsan 52
member pwwn 50:06:01:69:44:60:23:4f
member pwwn ff:f3:00:00:c9:12:34:78
member pwwn 10:00:00:00:c9:12:34:5b
member pwwn 10:00:00:00:c9:12:34:57
zone name neha vsan 52
zone name siv1 vsan 52
member pwwn 10:00:00:00:c9:ad:ac:43
member pwwn 50:06:01:61:44:60:23:4f
member pwwn 10:00:00:00:c9:ad:ac:47
zone name neha1 vsan 52
member pwwn 10:00:00:00:c9:5b:ab:ad
member pwwn 50:06:01:60:44:60:23:4f
zone name neha2 vsan 52
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:5b:ab:a9
zone name neha3 vsan 52
member pwwn 10:00:00:00:c9:9d:1f:bf
member pwwn 50:06:01:60:44:60:23:4f
zone name neha4 vsan 52
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:9d:1f:c1
zone name chetan vsan 52
member pwwn 10:00:00:00:c9:f2:73:d3
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:ad:ac:47
zone name siv2 vsan 52
member pwwn 10:00:00:00:c9:d1:0a:6d
member pwwn ff:f2:00:00:c9:d1:0a:8c
member pwwn 22:00:00:0c:50:79:93:af
member pwwn 22:00:00:0c:50:79:92:90
member pwwn 22:00:00:0c:50:79:91:0f
member pwwn 20:01:00:11:0d:77:9d:00
zone name sroy vsan 52
member pwwn 10:00:00:00:c9:b1:ea:7f
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:5b:ab:99
member pwwn 10:00:00:00:c9:bb:cb:8f
member pwwn 10:00:00:00:c9:5b:ab:c4
member pwwn 10:00:00:00:c9:d1:16:25
member pwwn 50:06:01:61:44:60:23:4f
member pwwn 10:00:00:00:c9:a5:ac:f3
zone name manju vsan 52
member pwwn 10:00:00:00:c9:bb:c7:8f
member pwwn 50:06:01:61:44:60:23:4f
zone name ram vsan 52
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:a0:ce:2d
member pwwn 10:00:00:00:c9:bb:17:b7
member pwwn 10:00:00:00:c9:5b:a5:27
member pwwn 10:00:00:00:c9:91:f7:f1
member pwwn 10:00:00:00:c9:b1:e5:5f
zone name jana vsan 52
member pwwn 10:00:00:00:c9:91:f7:f1
member pwwn 50:06:01:60:44:60:23:4f
zone name priya vsan 52
member pwwn 10:00:00:00:c9:e3:06:89
member pwwn 50:06:01:60:44:60:23:4f
zoneset name IBMraptor vsan 52
member vinod
member siv1
member neha1
member neha2
member neha3
member neha4
member chetan
member siv2
member sroy
member manju
member ram
member priya
zoneset name ananda vsan 52
zoneset name vinod vsan 52
zoneset activate name IBMraptor vsan 52
no system default switchport shutdown san
Cisco-5020# sh system internal dcbx info interface ethernet 1/38
Interface info for if_index: 0x1a025000(Eth1/38)
tx_enabled: TRUE
rx_enabled: TRUE
dcbx_enabled: TRUE
DCX Protocol: CIN
Port MAC address: 00:0d:ec:b2:15:6d
DCX Control FSM Variables: seq_no: 0x1, ack_no: 0x0,my_ack_no: 0x0, peer_seq_no:
0x0 oper_version: 0x0, max_version: 0x0 fast_retries 0x0
Lock Status: UNLOCKED
PORT STATE: UP
LLDP Neighbors
No DCX tlvs from the remote peer
6 Features on this intf for Protocol CIN(0)
3 Features on this intf for Protocol CEE(1)
6 Features on this intf for Protocol CIN(0)
Feature type LLS (6)sub_type FCoE Logical Link Status (0)
feature type 6(LLS)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 0
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x1d9
Desired config cfg length: 1 data bytes:00
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PFC (3)
feature type 3(PFC)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 1 data bytes:08
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type App(Fcoe) (5)sub_type FCoE (0)
feature type 5(App(Fcoe))sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 1 data bytes:08
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PriMtu (8)
feature type 8(PriMtu)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 16 data bytes:24 00 24 00 24 00 08 6e 24 00 24 00 24 00 24 00
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PriGrp (2)
feature type 2(PriGrp)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 24 data bytes:32 32 00 00 00 00 00 00 00 0f 00 0f 00 0e 20 64 00 0e 00 0e
00 0e 00 0e
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type LLS (6)sub_type LAN Logical Link Status (1)
feature type 6(LLS)sub_type 1
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0xaf
Desired config cfg length: 1 data bytes:80
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Traffic Counters
DCBX pkt stats:
Total frames out: 20296
Total Entries aged: 27
Total frames in: 0
DCBX frames in: 0
Total frames received in error: 0
Total frames discarded: 0
Total TLVs unrecognized: 0
Cisco-5020#
Cisco-5020#
Cisco-5020#
I am new to this PFC, and first time trying to configure so you can see nothing being configured. -
Hi
I want to distribute TACACS+ from the nexus 7000 to theo tne manuals nexus 5000
via CFS.
When i do the 'sh cfs app' i get this.... tacacs No Physical-fc-ip
However you cannot put in the distribute command for tacacs 'tacacs+ distribute'sl
You also cannot do the following command 'sh cfs app name tacacs'
Obviously there must be different commands ... but i cannot find them
If i cant distribute tacacs how can i make this work
many thanks
SteveI think the command set does not matter.
Because the Nexus takes only the role and does not use per-command authorization (AFAIK), then it will take the role from the shell profile but selecting the command set does not matter because it does not use per command authorization.
I used command sets with CRS-1 and they had no effect. Only the shell profile configuration matters.
What is the situation at your end? do things work fine with/without selecting the command set? or putting empty command set in place?
Rating useful replies is more useful than saying "Thank you" -
SAN Port-Channel between Nexus 5000 and Brocade 5100
I have a Nexus 5000 running in NPV mode connected to a Brocade 5100 FC switch using two FC ports on a native FC module in the Nexus 5000. I would like to configure these two physical links as one logical link using a SAN Port-Channel/ISL-Trunk. An ISL trunking license is already installed on the Brocade 5100. The Nexus 5000 is running NX-OS 4.2(1), the Brocade 5100 Fabric OS 6.20. Does anybody know if this is a supported configuration? If so, how can this be configured on the Nexus 5000 and the Brocade 5100? Thank you in advance for any comments.
Best regards,
FlorianI tried that and I could see the status light on the ports come on but it still showed not connected.
I configured another switch (a 3560) with the same config and the same layout with the fiber and I got the connection up on it. I just cant seem to get it on the 4506, would it be something with the supervisor? Could it be wanting to use the 10gb port instead of the 1gb ports? -
Nexus 5000 command/log accounting
Good afternoon gentlemen
I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
#IOS commands
no logging console
logging buffered 307200 informational
service timestamps log datetime localtime show-timezone
logging trap debugging
login on-failure log
login on-success log
archive
log config
logging enable
logging size 500
hidekeys
notify syslog contenttype plaintext
By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
If you guys have an idea please answear
Regards
ChristianGood afternoon gentlemen
I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
#IOS commands
no logging console
logging buffered 307200 informational
service timestamps log datetime localtime show-timezone
logging trap debugging
login on-failure log
login on-success log
archive
log config
logging enable
logging size 500
hidekeys
notify syslog contenttype plaintext
By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
If you guys have an idea please answear
Regards
Christian -
Asa 5505, the outside cant access to a server in the inside
hi, i have an Asa 5505, a pc in the outside with the ip 10.1.1.6 cant access to a server in the inside 192.168.1.4, pls help...
this is my conf:
ASA Version 8.0(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa804-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list 100 extended permit tcp any host 10.1.1.3 eq www
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
<--- More --->
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 10.1.1.3 192.168.1.4 netmask 255.255.255.255
access-group 100 in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
<--- More --->
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
<--- More --->
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:14e7b74fabc386613ae646b915f60e9e
: end
ciscoasa#Andres
The security level for your inside interface should be 100 ie.
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
After changing that can you
1) ping the outside interface of the ASA from the pc or ping the PC from the ASA
2) I'm assuming you are trying to connect to 10.1.1.3 when you attempt the connection ?
Jon -
Why i cant access asa 8.4 thruogh asdm from outside interface ???
hi all ,
plz help e why i cant access asa asdm from outside interface
my puclic ip on outisde is :
x.x.55.34
i changed portf of asdm to 65000 because i have portforward ,
i tried to connect to my ip thriuogh asdm bu :
x.x.55.34
x.x.55.34:65000
but no luck ,
it succed if i try to connect locally
here is my sh run command :
====================================================
ASA5505#
ASA5505# sh run
: Saved
ASA Version 8.4(2)
hostname ASA5505
enable password qsddsEGCCSH encrypted
passwd 2KFsdsdbNIdI.2KYOU encrypted
names
interface Ethernet0/0
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 2
interface Vlan1
nameif ins
security-level 100
ip address 10.66.12.1 255.255.255.0
interface Vlan2
nameif outside
security-level 50
ip address x.x.55.34 255.255.255.248
boot system disk0:/asa842-k8.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
host 0.0.0.0
object network localsubnet
subnet 10.66.12.0 255.255.255.0
description localsubnet
object network HTTP-Host
host 10.66.12.249
description web server
object network HTTPS-HOST
host 10.66.12.249
description Https
object network RDP-Host
host 10.66.12.122
description RDP host
object network citrix-host
host 10.66.12.249
description citrix
object service rdp
service tcp destination eq 3389
object service https
service tcp destination eq https
object service citrix
service tcp destination eq 2598
object service http
service tcp destination eq www
object network RDP1
host 10.66.12.249
object network HTTPS-Host
host 10.66.12.249
object network CITRIX-Host
host 10.66.12.249
object-group network RDP-REDIRECT
object-group network HTTP-REDIRECT
object-group network HTTPS-REDIRECT
object-group network CITRIX-ICA-HDX-REDIRECTION
object-group network CITRIX-ICA-SESSION-RELIABILITY-REDIRECTION
object-group service CITRIX-ICA-HDX
object-group service CITRIX-SR
object-group service RDP
object-group network MY-insideNET
network-object 10.66.12.0 255.255.255.0
access-list outside_in extended permit tcp any host 10.66.12.249 eq www
access-list outside_in extended permit tcp any host 10.66.12.249 eq https
access-list outside_in extended permit tcp any host 10.66.12.249 eq 2598
access-list outside_in extended permit tcp any host 10.66.12.122 eq 3389
access-list outside_in extended permit tcp any host 10.66.12.249 eq citrix-ica
access-list outside_in extended permit tcp any host x.x.55.34 eq 65000
access-list outside_in extended permit tcp any host x.x.55.34 eq https
access-list outside_in extended permit ip any any
pager lines 24
mtu ins 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
object network localsubnet
nat (ins,outside) dynamic interface
object network HTTP-Host
nat (ins,outside) static interface service tcp www www
object network RDP-Host
nat (ins,outside) static interface service tcp 3389 3389
object network HTTPS-Host
nat (ins,outside) static interface service tcp https https
object network CITRIX-Host
nat (ins,outside) static interface service tcp citrix-ica citrix-ica
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 62.109.55.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable 65000
http 10.66.12.0 255.255.255.0 ins
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
telnet 0.0.0.0 0.0.0.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access outside
dhcpd address 10.66.12.160-10.66.12.180 ins
dhcpd dns 212.112.166.22 212.112.166.18 interface ins
dhcpd enable ins
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username test password P4ttSdddd3SV8TYp encrypted privilege 15
username ADMIN password 5dddd3ThngqY encrypted privilege 15
username drvirus password p03BtCddddryePSDf encrypted privilege 15
username cisco password edssdsdOAQcNEL encrypted privilege 15
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: endFor access over VPN you need:
management-access inside
and don't forget:
ssh inside
http inside
I'm guessing you forgot to grant ASDM (http/https) access to the IP addresses used by the VPN? Can you SSH? If not, that is your problem to solve first. -
Cant access to the integrated web browser RG60SE
Hi. I recently bought a RG60SE router. Following the instructions in the quick manual i tried to configure it, but i cant access to the integrated web based configuration utility. I tried access from three diferent pcs with same results. I tried to access connecting only the router and one PC, without ADSL modem, but not results.
I tried to reset, plug, unplug, power off, power on, the PC and the router, in many combinations, but i have zero results.
Im very frustrated, may be im doing something wrong?
I have a one desktop directly connected to ADSL modem:
IP 192.168.1.2
Mask 255.255.255.248
Gate 192.168.1.1
DNS1 200.105.128.40
DNS2 200.105.128.41
Please, i need help,
ThanksThanks for your answer:
Yes i am using http://192.168.1.1
I have an another router D-link dir-400. When this router is resetted, i can see a d-link wireless signal within my notebook. But i can not see anything about MSI router. -
i cant access firefox, everytime i try i get that windows can't find the file, i tried downloading it again but it still gave me the same message. the problem has nothign to do with my internet because it wonks on internet explorer and everythign is fine, my computer just can't access firefox for some reason. i tried uninstallign ti adn then installing it again, but that didnt work, i tried installing a different version and it still didnt work.
okay the exact message is" Windows cannot find 'C:\Program Files\Mozilla Forefox 4.0 Beta 1\firefox.exe'. make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
Nothing happens after i install is the "Launch Firefox now" checkbox set, the same message comes up.
i usually start firefox from the shortcut i have on my desktop but when this happened i thought that the shortcut is the problem, but i went to the Mozilla firefox folder and tried it from there, but it didnt work. i also tried downloading different versions of firefox but that didnt work either.can you tell me the solution to "windows cant find firefox" error. thanks.
-
I cant access the root share of a windows server after upgrading to mountain lion
Hi Guys,
Since upgrading to mountain lion i cant access the shared drives on our windows server. For example in a windows machine if i go to run the type \\server\ i get all the visible shares available. in my previous version i was able to do the same (obviously i would authenticate with my AD account). now when i try to access those same shares i get the message below:
"The operation cant be completed becuase the original item for "/" cant be found"
I can however connect to the shares directly for example if i connect to server path \\server\data it works ok.
I have verified my account details and they are ok - i have also disconnected and reconnected the connection.
This was working fine before the upgrade. can anyone help??well iv just managed to get to 35 gig free (just deleting iphone backups) and im now able to get past the next screen on bootcamp.
unfortunatly its only allowing me to create a new partition not delete the current.
this is leading me to think the old ones master partition has become damaged and the hard drive dosent know it exists any more.
if this is the case (please tell me im wrong though) what options do i have as i dont want to / have the money to buy another hard drive to back everything up to it with.
thanks again
gareth -
I didn't know about 90 days rule. I associated iphone with my other Apple ID by mistake. Now I cant access my iTunes match. What to do expept waiting for 90 days?
Hi
Try contacting Apple support Contact Apple for support and service - Apple Support
Jim
Maybe you are looking for
-
How to use drop down menu in JTables
Hi, i'm trying to add an drop down menu to my jtable so that people can select a set number of texts from an enum type. How can this be accomplished? My current Code: /** * Bill Huang * Started: Nov 07, 2007 * Dossier package packageSolo; import java
-
How to I get multipage pdf file placed in my document to conform to the document that I set up? I have InDesign cc and the pdf pages are placed outside of my document?
-
I just bought a Panasonic HDTV (Model TC-P50C2) and I watched a lot of video from internet on my laptop (Toshiba Satellite L305D-S5895). I read somewhere that I can connect my laptop to my HDTV. Then I can watch the internet video on the TV. The T
-
Hi, I have lost many musics in the same album which I had purchased on iTunes Music Store. I bought an album named "100 Supreme Classical Masterpieces: Rise of the Masters" about a year ago. It is a collection of classical music. It was a 100 piece o
-
Sapscript - print negative amounts
Hi, we have a sapscript solution for printing the content of amount items; they are defined with NETWR or KWERT data element (CURR 13/15,2). When we print negative values the format is "x,y-", with the less sign after, but now it is asked to have the