Nexus 5000 cant access radius

Similar Messages

• Nexus 5000 - Securing MGMT Access

  Could anyone comment on whether the capability exists to configure an ACL that protects management access, restricting access to certain source subnets? I want to use inband mgmt access (interface vlan feature)but limit the access by IP. ACLs seem to be only configurable on a per port basis or VLAN mapped basis, not on the VLAN Interface or Line VTY. Thanks in advance to anyone who offers a comment!

  Hi Adam,
  [edit] This is fixed in 4.1(3)N2(1) with defect CSCta26533.  It is also available in 4.2(1)N1(1).  I just tested this to verify, I was confused earlier as to what version my switches were running.
  Here's an exmaple in 4.2(1)N1(1):
  Nexus5010(config)# conf t
  Nexus5010(config)# ip access-list someACL
  Nexus5010(config-acl)# deny ip 192.168.0.0/16 any                      
  Nexus5010(config-acl)# permit ip any any
  Nexus5010(config-acl)# int mgmt0
  Nexus5010(config-if)# ip access-group someACL in
  Nexus5010(config-if)# exit
  Nexus5010# sh ip access-lists summary
  IPV4 ACL someACL
          Total ACEs Configured: 2
          Configured on interfaces:
                  mgmt0 - ingress (Router ACL)
          Active on interfaces:
                  mgmt0 - ingress (Router ACL)
  Also, CSCsq20638 will allow you to put an ACL on VTY lines.  CSCsq20638 slipped the target release since my first answer, but is now committed to the 5.0 train for the Nexus 7000.
  When the Nexus 5000 picks up this enhancement sometime in Q4 of 2010.  I can't be specific about a release date since it's under active development, but it should be called 5.0(2)N1(1)
  Regarding a VACL, that will work for inband management (SVI / VLAN interface), but not for those managing via MGMT0.
  Regards,
  John Gill
  Message was edited by: johgill

• Nexus 5000 - Odd Ethernet interface behavior (link down inactive)

  Hi Guys,
  This would sound really trivial but it is very odd behavior.
  - We have a server connected to a 2, Nexus 5000s (for resiliancy)
  - When there is no config on the ethernet interfaces whatsoever, the ethernet interface is UP / UP, there is minimal amount of traffic on the link etc. E.g.
  Ethernet1/16 is up
    Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
    Description: shipley-p1.its RK14/A13
    MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    full-duplex, 10 Gb/s, media type is 1/10g
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 00:00:07
    Last clearing of "show interface" counters 05:42:32
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 96 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 8 bps, 0 pps
    RX
      0 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      0 unicast packets  163 multicast packets  0 broadcast packets
      163 output packets  15883 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble
      0 Tx pause
    1 interface resets
  - As soon as I configure the link to be an access port, the link goes down, flagging "inactivity" E.g.
  sh int e1/16
  Ethernet1/16 is down (inactive)
    Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
    Description: shipley-p1.its RK14/A13
    MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    auto-duplex, 10 Gb/s, media type is 1/10g
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 05:38:03
    Last clearing of "show interface" counters 05:41:33
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 0 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
    RX
      0 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      0 unicast packets  146 multicast packets  0 broadcast packets
      146 output packets  13083 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble
      0 Tx pause
    0 interface resets
  - This behavior is seen on both 5Ks
  - I've tried using a different set of ports, changed SFPs, and fibre cabling to no avail
  - I can't seem to understand this behavior?!  In that, why would configuring the port cause the link to go down?
  - If anyone has experience this before, or could shed some light on this behavior, it would be appreciated.
  sh ver
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    BIOS:      version 1.2.0
    loader:    version N/A
    kickstart: version 4.2(1)N1(1)
    system:    version 4.2(1)N1(1)
    power-seq: version v1.2
    BIOS compile time:       06/19/08
    kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
    kickstart compile time:  4/29/2010 19:00:00 [04/30/2010 02:38:04]
    system image file is:    bootflash:/n5000-uk9.4.2.1.N1.1.bin
    system compile time:     4/29/2010 19:00:00 [04/30/2010 03:51:47]
  thanks
  Sheldon

  I had identical issue
  Two interfaces on two different FEXes were INACTIVE. I have two Nexus 5596 in vPC and A/A FEXes.
  I also use config-sync feature.
  Very same configuration was applied to other ports on other FEXes and they were working with no problems.
  interface Ethernet119/1/1
    inherit port-profile PP-Exchange2003
  I checked VLAN status associated with this profile and it was active (of course it was, other ports were ok).
  I solved it by removing port profile from this port and re-applied it... voila, port changed state to up!
  Very very strange.

• Since i up graded to itunes 10.5.2 i cannot access itunes store fully ,i have apple mobile device exe eating my cpu at 97% and now i tried to sync my ipod and it said that i needed to restore my ipod ,this i did and now i cant access my ipod library

  this has got ridiculous now i cant access itunes tore,my ipod says there is no music on it even though i watched it sync nearly 5000 tunes and the program apple mobile device exe eats my cpu at 97% it slows my computer to a crawl should have had the courage of my convictions and stuck to itunes version9 at least that worked.tried resetting netsh winsock,flushing my dns all not worked.this has to be sorted out...and quick

  Hi,
  I have tried and confimed that you can download the previous version from some web-site about the version 10.5.1.42.
  Remove/un-install 10.5.2.11 and restart your computer.
  Install the old version 10.5.1.42
  and then you can find the "Devices" on the left column and showing synchronizing when you connect the cable.
  Good luck

• What are best practices for connecting asa to nexus 5000

  just trying to get a feel for the best way to connect redundant asa to redundant nexus 5000
  using a vpc vlan is fine, but then running a routing protocol isn't supported, so putting static routes on 5000 works, but it doesn't support ip sla yet so you cant really stop distributing the default if your internet goes down. just looking for what was recommended.

  you want to test RAC upgrade on NON RAC database. If you ask me that is a risk but it depends on may things
  Application configuration - If your application is configured for RAC, FAN etc. you cannot test it on non RAC systems
  Cluster upgrade - If your standalone database is RAC one node you can probably test your cluster upgrade there. If you have non RAC database then you will not be able to test cluster upgrade or CRS
  Database upgrade - There are differences when you upgrade RAC vs non RAC database which you will not be able to test
  I think the best way for you is to convert your standalone database to RAC one node database and test it. that will take you close to multi node RAC

• PFC configuration on Nexus 5000

  Hi,
  I have a CNA in my server connected to cisco nexus 5000 interfcae. I Want to genearate pause frames for FCOE class of traffic using the default class class-fcoe and cos value 3, the firmware version running is 5.0(3) N1 (1b). Can anyone tell me how can i configure it ?
  Thanks,
  Manju

  Sorry for the delayed response, Here is what you asked
  Cisco-5020# sh mod
  Mod Ports  Module-Type                      Model                  Status
  1    40     40x10GE/Supervisor               N5K-C5020P-BF-SUP      active *
  2    8      4x10GE + 4x1/2/4G FC Module      N5K-M1404              ok
  Mod  Sw              Hw      World-Wide-Name(s) (WWN)
  1    5.0(3)N1(1b)    1.2     --
  2    5.0(3)N1(1b)    1.0     20:41:00:0d:ec:b2:15:40 to 20:44:00:0d:ec:b2:15:40
  Mod  MAC-Address(es)                         Serial-Num
  1    000d.ecb2.1548 to 000d.ecb2.156f         JAF1303ACES
  2    000d.ecb2.1570 to 000d.ecb2.1577         JAF1245AJLF
  Cisco-5020#
  Cisco-5020#
  Cisco-5020# sh run
  !Command: show running-config
  !Time: Fri Oct 28 17:40:02 2005
  version 5.0(3)N1(1b)
  feature fcoe
  feature npiv
  feature telnet
  feature lldp
  username admin password 5 $1$v9Tm8Y77$ZSdbOfBxe1.Z9Oz1V9V2B0  role network-admin
  no password strength-check
  ip domain-lookup
  hostname Cisco-5020
  logging event link-status default
  service unsupported-transceiver
  class-map type qos class-fcoe
  class-map type queuing class-all-flood
    match qos-group 2
  class-map type queuing class-ip-multicast
    match qos-group 2
  class-map type network-qos class-all-flood
    match qos-group 2
  class-map type network-qos class-ip-multicast
    match qos-group 2
  policy-map type network-qos jumbo
    class type network-qos class-fcoe
      pause no-drop
      mtu 2158
    class type network-qos class-default
      mtu 9216
  system qos
    service-policy type network-qos jumbo
  snmp-server user admin network-admin auth md5 0x2694501fdfbe5abed9e85d51e4e31038 priv 0x2694501fdfbe5abed9e85d51e4e31038 localizedkey
  snmp-server host 138.239.198.184 traps version 2c public  udp-port 1163
  snmp-server host 138.239.198.184 traps version 2c public  udp-port 1164
  snmp-server host 138.239.198.200 traps version 2c public  udp-port 1163
  snmp-server host 138.239.198.200 traps version 2c public  udp-port 1164
  snmp-server host 138.239.200.118 traps version 2c public  udp-port 1163
  snmp-server host 138.239.198.200 traps version 2c public  udp-port 1163
  snmp-server enable traps entity fru
  snmp-server community snmpv3 group network-operator
  vrf context management
    ip route 0.0.0.0/0 10.192.207.254
  vlan 1-2,8
  vlan 10
    fcoe vsan 10
  vlan 20
    fcoe vsan 20
  vlan 30
  vlan 35
    fcoe vsan 35
  vlan 40,50
  vlan 52
    fcoe vsan 52
  vsan database
    vsan 20
    vsan 52
  fcdomain fcid database
    vsan 52 wwn 10:00:00:00:c9:b1:e5:3d fcid 0x180000 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:3b fcid 0x180001 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x180002 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:ad fcid 0x180003 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:41 fcid 0x180004 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:b9 fcid 0x180005 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:b5 fcid 0x180006 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:d1 fcid 0x180007 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:4d:e1 fcid 0x180008 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:a9 fcid 0x180009 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:d5 fcid 0x18000a dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:5d fcid 0x18000b dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:9b fcid 0x18000c dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:99 fcid 0x18000d dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:5b fcid 0x18000e dynamic
    vsan 1 wwn 10:00:00:00:c9:f2:73:b3 fcid 0x050000 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:47 fcid 0x18000f dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a7:93 fcid 0x180010 dynamic
    vsan 52 wwn 10:00:00:00:c9:91:f8:19 fcid 0x180011 dynamic
    vsan 52 wwn 10:00:00:00:c9:9c:e0:77 fcid 0x180012 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a7:d3 fcid 0x180013 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:bb fcid 0x180014 dynamic
    vsan 52 wwn 10:00:00:00:c9:97:3b:c5 fcid 0x180015 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:91 fcid 0x180016 dynamic
    vsan 52 wwn 10:00:00:00:c9:a4:00:91 fcid 0x180017 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:8d fcid 0x180018 dynamic
    vsan 52 wwn 20:0f:00:11:0d:7f:a8:00 fcid 0x180019 dynamic
    vsan 52 wwn 20:0f:00:11:0d:7f:a8:01 fcid 0x18001a dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:b7 fcid 0x18001b dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a5:27 fcid 0x18001c dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:53 fcid 0x18001d dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:c8:37 fcid 0x18001e dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:76:e5 fcid 0x18001f dynamic
    vsan 20 wwn 10:00:00:00:c9:5b:a3:83 fcid 0xd30000 dynamic
    vsan 52 wwn 10:00:00:00:c9:91:00:00 fcid 0x180020 dynamic
    vsan 52 wwn 10:00:00:00:00:91:f7:f1 fcid 0x180021 dynamic
    vsan 1 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x050001 dynamic
    vsan 52 wwn 10:00:00:00:c9:97:3b:0f fcid 0x180022 dynamic
    vsan 52 wwn 10:00:00:00:c9:3c:8e:21 fcid 0x180023 dynamic
    vsan 52 wwn 10:00:00:00:c9:97:3b:11 fcid 0x180024 dynamic
    vsan 20 wwn 10:00:00:00:c9:b1:e6:b7 fcid 0xd30001 dynamic
    vsan 52 wwn 10:00:f8:19:00:91:f8:19 fcid 0x180025 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:8b fcid 0x180026 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e4:ff fcid 0x180027 dynamic
    vsan 52 wwn 10:00:00:00:c9:3c:8e:25 fcid 0x180028 dynamic
    vsan 52 wwn 50:06:01:61:44:60:23:4f fcid 0x1800ef dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:d6:b9 fcid 0x180029 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:43 fcid 0x18002a dynamic
    vsan 52 wwn 20:01:00:00:c9:5b:ab:99 fcid 0x18002b dynamic
    vsan 52 wwn 20:02:00:00:c9:5b:ab:99 fcid 0x18002c dynamic
    vsan 52 wwn 50:06:01:60:44:60:23:4f fcid 0x1801ef dynamic
    vsan 52 wwn 10:00:00:00:c9:9d:1f:bf fcid 0x18002d dynamic
    vsan 52 wwn 10:00:00:00:c9:9d:1f:c1 fcid 0x18002e dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:d3 fcid 0x18002f dynamic
    vsan 20 wwn 10:00:00:00:c9:bb:c8:37 fcid 0xd30002 dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:56 fcid 0x180030 dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:57 fcid 0x180031 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:ea:81 fcid 0x180032 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:ea:7f fcid 0x180033 dynamic
    vsan 20 wwn 10:00:00:00:c9:12:34:56 fcid 0xd30003 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:1b fcid 0x180034 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:1d fcid 0x180035 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:c7:8f fcid 0x180036 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:cb:8f fcid 0x180037 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:cb:93 fcid 0x180038 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:c7:93 fcid 0x180039 dynamic
    vsan 20 wwn 10:00:00:00:c9:12:34:57 fcid 0xd30004 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:c4 fcid 0x18003a dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:17:b7 fcid 0x18003b dynamic
    vsan 52 wwn 10:00:00:00:c9:a0:ce:2d fcid 0x18003c dynamic
    vsan 52 wwn 10:00:00:00:c9:91:f7:f1 fcid 0x18003d dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:c0 fcid 0x18003e dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:5f fcid 0x18003f dynamic
    vsan 52 wwn 10:00:00:00:c9:e3:06:89 fcid 0x180040 dynamic
    vsan 52 wwn 50:06:01:68:44:60:23:4f fcid 0x1802ef dynamic
    vsan 1 wwn 50:06:01:61:44:60:23:4f fcid 0x0500ef dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:16:24 fcid 0x180041 dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:16:25 fcid 0x180042 dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:0a:6d fcid 0x180043 dynamic
    vsan 20 wwn 10:00:00:00:c9:d1:16:25 fcid 0xd30005 dynamic
    vsan 20 wwn 10:00:00:00:c9:d1:16:24 fcid 0xd30006 dynamic
    vsan 20 wwn ff:f2:00:00:c9:12:34:78 fcid 0xd30007 dynamic
    vsan 20 wwn ff:f2:00:00:c9:d1:16:46 fcid 0xd30008 dynamic
    vsan 52 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0x180044 dynamic
    vsan 20 wwn ff:f3:00:00:c9:d1:16:46 fcid 0xd30009 dynamic
    vsan 52 wwn ff:f0:00:00:c9:d1:0a:8c fcid 0x180045 dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:0a:6c fcid 0x180046 dynamic
    vsan 20 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0xd3000a dynamic
    vsan 20 wwn 10:00:00:00:c9:d1:0a:6d fcid 0xd3000b dynamic
    vsan 52 wwn ff:f2:00:00:c9:d1:16:46 fcid 0x180047 dynamic
    vsan 20 wwn ff:f3:00:00:c9:12:34:78 fcid 0xd3000c dynamic
    vsan 52 wwn ff:f3:00:00:c9:12:34:78 fcid 0x180048 dynamic
    vsan 52 wwn 50:06:01:69:44:60:23:4f fcid 0x1803ef dynamic
    vsan 52 wwn ff:f3:00:00:c9:d1:16:46 fcid 0x180049 dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:5b fcid 0x18004a dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:5a fcid 0x18004b dynamic
    vsan 52 wwn ff:f2:00:00:c9:12:34:78 fcid 0x18004c dynamic
    vsan 52 wwn 10:00:00:00:c9:a5:ac:f3 fcid 0x18004d dynamic
    vsan 52 wwn 10:00:00:00:c9:a5:ad:15 fcid 0x18004e dynamic
    vsan 52 wwn 10:00:00:00:c9:a5:ac:f5 fcid 0x18004f dynamic
    vsan 52 wwn 20:01:00:00:c9:a5:ac:f3 fcid 0x180050 dynamic
    vsan 52 wwn 20:02:00:00:c9:a5:ac:f3 fcid 0x180051 dynamic
    vsan 52 wwn ff:f3:00:00:c9:12:34:85 fcid 0x180052 dynamic
    vsan 52 wwn 20:00:00:11:0d:77:9c:00 fcid 0x180053 dynamic
    vsan 52 wwn 20:01:00:11:0d:77:9d:00 fcid 0x180054 dynamic
  interface port-channel3
  interface vfc1
    no shutdown
  interface vfc4
  interface vfc9
    bind interface Ethernet1/9
    no shutdown
  interface vfc10
  interface vfc11
    bind interface Ethernet1/11
    no shutdown
  interface vfc19
    bind interface Ethernet1/19
    no shutdown
  interface vfc21
    bind interface Ethernet1/21
    no shutdown
  interface vfc22
    bind interface Ethernet1/22
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc24
    bind interface Ethernet1/24
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc25
    bind interface Ethernet1/25
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc26
    bind interface Ethernet1/26
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc27
    bind interface Ethernet1/27
    no shutdown
  interface vfc28
    bind interface Ethernet1/28
    no shutdown
  interface vfc29
    bind interface Ethernet1/29
    no shutdown
  interface vfc30
    bind interface Ethernet1/30
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc31
    bind interface Ethernet1/31
    shutdown
  interface vfc32
    bind interface Ethernet1/32
    no shutdown
  interface vfc33
    bind interface Ethernet1/33
    no shutdown
  interface vfc34
    bind interface Ethernet1/34
    no shutdown
  interface vfc35
    bind interface Ethernet1/35
    no shutdown
  interface vfc36
    bind interface Ethernet1/36
    no shutdown
  interface vfc37
    bind interface Ethernet1/37
    no shutdown
  interface vfc38
    bind interface Ethernet1/38
    no shutdown
  interface vfc39
    bind interface Ethernet1/39
    no shutdown
  interface vfc40
    bind interface Ethernet1/40
    no shutdown
  vsan database
    vsan 52 interface vfc1
    vsan 52 interface vfc9
    vsan 52 interface vfc11
    vsan 52 interface vfc19
    vsan 52 interface vfc21
    vsan 52 interface vfc22
    vsan 52 interface vfc24
    vsan 52 interface vfc26
    vsan 52 interface vfc27
    vsan 52 interface vfc28
    vsan 52 interface vfc29
    vsan 52 interface vfc30
    vsan 52 interface vfc31
    vsan 52 interface vfc32
    vsan 52 interface vfc33
    vsan 52 interface vfc34
    vsan 20 interface vfc35
    vsan 52 interface vfc36
    vsan 52 interface vfc37
    vsan 52 interface vfc38
    vsan 52 interface vfc39
    vsan 52 interface vfc40
    vsan 52 interface fc2/1
    vsan 52 interface fc2/2
    vsan 52 interface fc2/3
    vsan 52 interface fc2/4
  interface fc2/1
    switchport trunk allowed vsan 1
    switchport trunk allowed vsan add 52
    switchport trunk mode auto
    no shutdown
  interface fc2/2
    switchport trunk mode auto
    no shutdown
  interface fc2/3
    no shutdown
  interface fc2/4
    no shutdown
  interface Ethernet1/1
  interface Ethernet1/2
    speed 1000
  interface Ethernet1/3
  interface Ethernet1/4
  interface Ethernet1/5
  interface Ethernet1/6
  interface Ethernet1/7
    switchport mode trunk
  interface Ethernet1/8
  interface Ethernet1/9
    switchport mode trunk
    switchport trunk allowed vlan 1,10,20,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/10
  interface Ethernet1/11
    priority-flow-control mode on
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/12
    switchport mode trunk
  interface Ethernet1/13
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/14
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/15
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/16
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/17
  interface Ethernet1/18
    switchport mode trunk
    switchport trunk allowed vlan 1,30
  interface Ethernet1/19
    switchport mode trunk
    switchport access vlan 10
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/20
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/21
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/22
  interface Ethernet1/23
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/24
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/25
    switchport mode trunk
    switchport trunk allowed vlan 1,8,30,52
  interface Ethernet1/26
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,8,30,52
  interface Ethernet1/27
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/28
    switchport mode trunk
    switchport trunk allowed vlan 1,8,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/29
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/30
    description line
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,8,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/31
    switchport mode trunk
    switchport trunk allowed vlan 1,10,20,52
  interface Ethernet1/32
    switchport mode trunk
    switchport trunk allowed vlan 1,10,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/33
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/34
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/35
    switchport mode trunk
    switchport access vlan 10
    switchport trunk allowed vlan 1,10,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/36
    switchport mode trunk
    switchport trunk allowed vlan 1,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/37
    switchport mode trunk
    switchport trunk allowed vlan 1,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/38
    switchport mode trunk
    switchport trunk allowed vlan 1,10,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/39
    shutdown
    switchport mode trunk
    switchport trunk allowed vlan 1,10,20,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/40
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/1
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/2
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/3
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/4
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface mgmt0
    ip address 10.192.194.111/20
  system default zone default-zone permit
  system default zone distribute full
  line console
  line vty
  boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N1.1b.bin
  boot system bootflash:/n5000-uk9.5.0.3.N1.1b.bin
  interface fc2/1
  interface fc2/2
  interface fc2/3
  interface fc2/4
  zone default-zone permit vsan 20
  zone default-zone permit vsan 52
  zoneset distribute full vsan 1
  zoneset distribute full vsan 20
  zoneset distribute full vsan 52
  !Full Zone Database Section for vsan 1
  zone name bg-qa vsan 1
      member pwwn 10:00:00:00:c9:5b:ab:ca
      member pwwn 21:00:00:0c:50:c3:70:23
      member pwwn 21:00:00:0c:50:c3:70:22
      member pwwn 21:00:00:0c:50:c3:70:16
      member pwwn 21:00:00:0c:50:c3:70:1e
      member pwwn 22:00:00:0c:50:c3:70:26
      member pwwn 22:00:00:18:62:06:76:8a
      member pwwn 22:00:00:11:c6:17:68:c3
      member pwwn 22:00:00:0c:50:c3:70:1d
      member pwwn 22:00:00:0c:50:c3:6f:c2
      member pwwn 22:00:00:11:c6:17:68:dc
      member pwwn 21:00:00:0c:50:c3:6a:d0
      member pwwn 21:00:00:0c:50:79:92:90
      member pwwn 21:00:00:11:c6:17:69:a0
      member pwwn 21:00:00:0c:50:79:93:af
      member pwwn 22:00:00:0c:50:48:10:80
      member pwwn 22:00:00:11:c6:18:46:c6
      member pwwn 22:00:00:0c:50:32:2e:0f
      member pwwn 22:00:00:0c:50:48:10:74
      member pwwn 22:00:00:11:c6:18:46:f2
      member pwwn 21:00:00:00:87:13:cb:d1
      member pwwn 21:00:00:0c:50:79:91:0f
      member pwwn 10:00:00:00:c9:3c:8e:49
      member pwwn 10:00:00:00:c9:5b:ab:c2
      member pwwn 10:00:00:00:c9:5b:af:f3
  zone name sf_RAM vsan 1
      member pwwn 10:00:00:00:c9:5b:af:c9
      member pwwn 21:00:00:0c:50:b4:8e:20
  zone name anand vsan 1
      member pwwn 10:00:00:00:c9:65:69:31
      member pwwn 22:00:00:18:62:06:7f:f6
  zone name syedzone vsan 1
      member fwwn 20:11:00:0d:ec:56:7b:40
      member pwwn 50:06:01:60:44:60:23:4f
  zone name bg_qa vsan 1
  zoneset name TOM vsan 1
      member bg-qa
  zoneset name bg_dvt vsan 1
      member sf_RAM
  zoneset name lancer vsan 1
      member anand
  zoneset name bg-qa vsan 1
  zoneset name syed vsan 1
      member syedzone
  zoneset activate name lancer vsan 1
  !Full Zone Database Section for vsan 20
  zone name amrita_zone1 vsan 20
      member pwwn 10:00:00:00:c9:5b:a3:83
      member pwwn 22:00:00:04:cf:89:19:67
      member pwwn 22:00:00:0c:50:48:10:80
      member pwwn 22:00:00:11:c6:18:46:f2
      member pwwn 22:00:00:0c:50:79:93:ae
  zone name amr_zset vsan 20
  zoneset name amr_zset vsan 20
      member amrita_zone1
  zoneset activate name amr_zset vsan 20
  !Full Zone Database Section for vsan 52
  zone name vinod vsan 52
      member pwwn 50:06:01:69:44:60:23:4f
      member pwwn ff:f3:00:00:c9:12:34:78
      member pwwn 10:00:00:00:c9:12:34:5b
      member pwwn 10:00:00:00:c9:12:34:57
  zone name neha vsan 52
  zone name siv1 vsan 52
      member pwwn 10:00:00:00:c9:ad:ac:43
      member pwwn 50:06:01:61:44:60:23:4f
      member pwwn 10:00:00:00:c9:ad:ac:47
  zone name neha1 vsan 52
      member pwwn 10:00:00:00:c9:5b:ab:ad
      member pwwn 50:06:01:60:44:60:23:4f
  zone name neha2 vsan 52
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:5b:ab:a9
  zone name neha3 vsan 52
      member pwwn 10:00:00:00:c9:9d:1f:bf
      member pwwn 50:06:01:60:44:60:23:4f
  zone name neha4 vsan 52
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:9d:1f:c1
  zone name chetan vsan 52
      member pwwn 10:00:00:00:c9:f2:73:d3
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:ad:ac:47
  zone name siv2 vsan 52
      member pwwn 10:00:00:00:c9:d1:0a:6d
      member pwwn ff:f2:00:00:c9:d1:0a:8c
      member pwwn 22:00:00:0c:50:79:93:af
      member pwwn 22:00:00:0c:50:79:92:90
      member pwwn 22:00:00:0c:50:79:91:0f
      member pwwn 20:01:00:11:0d:77:9d:00
  zone name sroy vsan 52
      member pwwn 10:00:00:00:c9:b1:ea:7f
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:5b:ab:99
      member pwwn 10:00:00:00:c9:bb:cb:8f
      member pwwn 10:00:00:00:c9:5b:ab:c4
      member pwwn 10:00:00:00:c9:d1:16:25
      member pwwn 50:06:01:61:44:60:23:4f
      member pwwn 10:00:00:00:c9:a5:ac:f3
  zone name manju vsan 52
      member pwwn 10:00:00:00:c9:bb:c7:8f
      member pwwn 50:06:01:61:44:60:23:4f
  zone name ram vsan 52
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:a0:ce:2d
      member pwwn 10:00:00:00:c9:bb:17:b7
      member pwwn 10:00:00:00:c9:5b:a5:27
      member pwwn 10:00:00:00:c9:91:f7:f1
      member pwwn 10:00:00:00:c9:b1:e5:5f
  zone name jana vsan 52
      member pwwn 10:00:00:00:c9:91:f7:f1
      member pwwn 50:06:01:60:44:60:23:4f
  zone name priya vsan 52
      member pwwn 10:00:00:00:c9:e3:06:89
      member pwwn 50:06:01:60:44:60:23:4f
  zoneset name IBMraptor vsan 52
      member vinod
      member siv1
      member neha1
      member neha2
      member neha3
      member neha4
      member chetan
      member siv2
      member sroy
      member manju
      member ram
      member priya
  zoneset name ananda vsan 52
  zoneset name vinod vsan 52
  zoneset activate name IBMraptor vsan 52
  no system default switchport shutdown san
  Cisco-5020# sh system internal dcbx info interface ethernet 1/38
  Interface info for if_index: 0x1a025000(Eth1/38)
  tx_enabled: TRUE
  rx_enabled: TRUE
  dcbx_enabled: TRUE
  DCX Protocol: CIN
  Port MAC address:  00:0d:ec:b2:15:6d
  DCX Control FSM Variables: seq_no: 0x1, ack_no: 0x0,my_ack_no: 0x0, peer_seq_no:
  0x0 oper_version: 0x0,  max_version: 0x0 fast_retries 0x0
  Lock Status: UNLOCKED
  PORT STATE: UP
  LLDP Neighbors
  No DCX tlvs from the remote peer
  6 Features on this intf for Protocol CIN(0)
  3 Features on this intf for Protocol CEE(1)
  6 Features on this intf for Protocol CIN(0)
  Feature type LLS (6)sub_type FCoE Logical Link Status (0)
  feature type 6(LLS)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 0
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x1d9
  Desired config cfg length: 1 data bytes:00
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type PFC (3)
  feature type 3(PFC)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 1 data bytes:08
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type App(Fcoe) (5)sub_type FCoE (0)
  feature type 5(App(Fcoe))sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 1 data bytes:08
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type PriMtu (8)
  feature type 8(PriMtu)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 16 data bytes:24    00    24    00    24    00    08    6e    24    00    24    00    24    00    24    00
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type PriGrp (2)
  feature type 2(PriGrp)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 24 data bytes:32    32    00    00    00    00    00    00    00    0f    00    0f    00    0e    20    64    00    0e    00    0e
     00    0e    00    0e
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type LLS (6)sub_type LAN Logical Link Status (1)
  feature type 6(LLS)sub_type 1
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0xaf
  Desired config cfg length: 1 data bytes:80
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Traffic Counters
  DCBX pkt stats:
      Total frames out: 20296
      Total Entries aged: 27
      Total frames in: 0
      DCBX frames in: 0
      Total frames received in error: 0
      Total frames discarded: 0
      Total TLVs unrecognized: 0
  Cisco-5020#
  Cisco-5020#
  Cisco-5020#
  I am new to this PFC, and first time trying to configure so you can see nothing being configured.

• Tacacs cfs on the Nexus 5000

  Hi
  I want to distribute TACACS+ from the nexus 7000 to theo tne manuals  nexus 5000
  via CFS.
  When i do the 'sh cfs app' i get this....   tacacs         No        Physical-fc-ip
  However you cannot put in the distribute command for tacacs 'tacacs+ distribute'sl
  You also cannot do the following command   'sh cfs app name tacacs'
  Obviously there must be different commands ... but i cannot find them
  If i cant distribute tacacs how can i make this work
  many thanks
  Steve

  I think the command set does not matter.
  Because the Nexus takes only the role and does not use per-command authorization (AFAIK), then it will take the role from the shell profile but selecting the command set does not matter because it does not use per command authorization.
  I used command sets with CRS-1 and they had no effect. Only the shell profile configuration matters.
  What is the situation at your end? do things work fine with/without selecting the command set? or putting empty command set in place?
  Rating useful replies is more useful than saying "Thank you"

• SAN Port-Channel between Nexus 5000 and Brocade 5100

  I have a Nexus 5000 running in NPV mode connected to a Brocade 5100 FC switch using two FC ports on a native FC module in the Nexus 5000. I would like to configure these two physical links as one logical link using a SAN Port-Channel/ISL-Trunk. An ISL trunking license is already installed on the Brocade 5100. The Nexus 5000 is running NX-OS 4.2(1), the Brocade 5100 Fabric OS 6.20. Does anybody know if this is a supported configuration? If so, how can this be configured on the Nexus 5000 and the Brocade 5100? Thank you in advance for any comments.
  Best regards,
  Florian

  I tried that and I could see the status light on the ports come on but it still showed not connected.
  I configured another switch (a 3560) with the same config and the same layout with the fiber and I got the connection up on it. I just cant seem to get it on the 4506, would it be something with the supervisor? Could it be wanting to use the 10gb port instead of the 1gb ports?

• Nexus 5000 command/log accounting

  Good afternoon gentlemen
  I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
  #IOS commands
  no logging console
  logging buffered 307200 informational
  service timestamps log datetime localtime show-timezone
  logging trap debugging
  login on-failure log
  login on-success log
  archive
     log config
        logging enable
        logging size 500
        hidekeys
        notify syslog contenttype plaintext
  By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
  If you guys have an idea please answear
  Regards
  Christian

  Good afternoon gentlemen
  I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
  #IOS commands
  no logging console
  logging buffered 307200 informational
  service timestamps log datetime localtime show-timezone
  logging trap debugging
  login on-failure log
  login on-success log
  archive
     log config
        logging enable
        logging size 500
        hidekeys
        notify syslog contenttype plaintext
  By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
  If you guys have an idea please answear
  Regards
  Christian

• Asa 5505, the outside cant access to a server in the inside

  hi, i have an Asa 5505, a pc in the outside with the ip 10.1.1.6 cant access to a server in the inside 192.168.1.4, pls help...
  this is my conf:
  ASA Version 8.0(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 0
  ip address 192.168.1.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 10.1.1.2 255.255.255.0
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  boot system disk0:/asa804-k8.bin
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list 100 extended permit tcp any host 10.1.1.3 eq www
  pager lines 24
  logging enable
  logging asdm debugging
  mtu inside 1500
  <--- More --->
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-613.bin
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) 10.1.1.3 192.168.1.4 netmask 255.255.255.255
  access-group 100 in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  <--- More --->
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.1.2-192.168.1.254 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  <--- More --->
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:14e7b74fabc386613ae646b915f60e9e
  : end
  ciscoasa#

  Andres
  The security level for your inside interface should be 100 ie.
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  After changing that can you
  1) ping the outside interface of the ASA from the pc or ping the PC from the ASA
  2) I'm assuming you are trying to connect to 10.1.1.3 when you attempt the connection ?
  Jon

• Why i cant access asa 8.4 thruogh asdm from outside interface ???

  hi all ,
  plz help e why i cant access asa asdm from outside interface
  my puclic ip on outisde is :
  x.x.55.34
  i changed  portf of asdm to 65000 because i have portforward  ,
  i tried to connect to my ip thriuogh asdm bu :
  x.x.55.34
  x.x.55.34:65000
  but no luck ,
  it succed if i try to connect locally
  here is my sh run command :
  ====================================================
  ASA5505#
  ASA5505# sh run
  : Saved
  ASA Version 8.4(2)
  hostname ASA5505
  enable password qsddsEGCCSH encrypted
  passwd 2KFsdsdbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  switchport access vlan 2
  interface Vlan1
  nameif ins
  security-level 100
  ip address 10.66.12.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 50
  ip address x.x.55.34 255.255.255.248
  boot system disk0:/asa842-k8.bin
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-0.0.0.0
  host 0.0.0.0
  object network localsubnet
  subnet 10.66.12.0 255.255.255.0
  description localsubnet
  object network HTTP-Host
  host 10.66.12.249
  description web server
  object network HTTPS-HOST
  host 10.66.12.249
  description Https
  object network RDP-Host
  host 10.66.12.122
  description RDP host
  object network citrix-host
  host 10.66.12.249
  description citrix
  object service rdp
  service tcp destination eq 3389
  object service https
  service tcp destination eq https
  object service citrix
  service tcp destination eq 2598
  object service http
  service tcp destination eq www
  object network RDP1
  host 10.66.12.249
  object network HTTPS-Host
  host 10.66.12.249
  object network CITRIX-Host
  host 10.66.12.249
  object-group network RDP-REDIRECT
  object-group network HTTP-REDIRECT
  object-group network HTTPS-REDIRECT
  object-group network CITRIX-ICA-HDX-REDIRECTION
  object-group network CITRIX-ICA-SESSION-RELIABILITY-REDIRECTION
  object-group service CITRIX-ICA-HDX
  object-group service CITRIX-SR
  object-group service RDP
  object-group network MY-insideNET
  network-object 10.66.12.0 255.255.255.0
  access-list outside_in extended permit tcp any host 10.66.12.249 eq www
  access-list outside_in extended permit tcp any host 10.66.12.249 eq https
  access-list outside_in extended permit tcp any host 10.66.12.249 eq 2598
  access-list outside_in extended permit tcp any host 10.66.12.122 eq 3389
  access-list outside_in extended permit tcp any host 10.66.12.249 eq citrix-ica
  access-list outside_in extended permit tcp any host x.x.55.34 eq 65000
  access-list outside_in extended permit tcp any host x.x.55.34 eq https
  access-list outside_in extended permit ip any any
  pager lines 24
  mtu ins 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp timeout 14400
  object network localsubnet
  nat (ins,outside) dynamic interface
  object network HTTP-Host
  nat (ins,outside) static interface service tcp www www
  object network RDP-Host
  nat (ins,outside) static interface service tcp 3389 3389
  object network HTTPS-Host
  nat (ins,outside) static interface service tcp https https
  object network CITRIX-Host
  nat (ins,outside) static interface service tcp citrix-ica citrix-ica
  access-group outside_in in interface outside
  route outside 0.0.0.0 0.0.0.0 62.109.55.33 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  http server enable 65000
  http 10.66.12.0 255.255.255.0 ins
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
      308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
      0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
      30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
      13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
      0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
      20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
      65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
      65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
      30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
      30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
      496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
      74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
      68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
      3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
      63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
      0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
      a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
      9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
      7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
      15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
      63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
      18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
      4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
      81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
      db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
      7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
      ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
      45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
      2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
      1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
      03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
      69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
      02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
      6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
      c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
      69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
      1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
      551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
      1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
      2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
      4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
      b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
      6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
      481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
      b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
      5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
      6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
      6c2527b9 deb78458 c61f381e a4c4cb66
    quit
  telnet 0.0.0.0 0.0.0.0 outside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  management-access outside
  dhcpd address 10.66.12.160-10.66.12.180 ins
  dhcpd dns 212.112.166.22 212.112.166.18 interface ins
  dhcpd enable ins
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username test password P4ttSdddd3SV8TYp encrypted privilege 15
  username ADMIN password 5dddd3ThngqY encrypted privilege 15
  username drvirus password p03BtCddddryePSDf encrypted privilege 15
  username cisco password edssdsdOAQcNEL encrypted privilege 15
  prompt hostname context
  call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DD
  CEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
  : end

  For access over VPN you need:
  management-access inside
  and don't forget:
  ssh inside
  http inside
  I'm guessing you forgot to grant ASDM (http/https) access to the IP addresses used by the VPN?  Can you SSH?  If not, that is your problem to solve first.

• Cant access to the integrated web browser RG60SE

  Hi. I recently bought a RG60SE router. Following the instructions in the quick manual i tried to configure it, but i cant access to the integrated web based configuration utility. I tried access from three diferent pcs with same results. I tried to access connecting only the router and one PC, without ADSL modem, but not results.
  I tried to reset, plug, unplug, power off, power on, the PC and the router, in many combinations, but i have zero results.
  Im very frustrated, may be im doing something wrong?
  I have a one desktop directly connected to ADSL modem:
  IP       192.168.1.2
  Mask   255.255.255.248
  Gate   192.168.1.1
  DNS1  200.105.128.40
  DNS2  200.105.128.41
  Please, i need help,
  Thanks

  Thanks for your answer:
  Yes i am using http://192.168.1.1
  I have an another router D-link dir-400. When this router is resetted, i can see a d-link wireless signal within my notebook. But i can not see anything about MSI router.

• I cant access firefox, everytime i try i get that windows can't find the file, i tried redownloading it but it still gave me the same message?

  i cant access firefox, everytime i try i get that windows can't find the file, i tried downloading it again but it still gave me the same message. the problem has nothign to do with my internet because it wonks on internet explorer and everythign is fine, my computer just can't access firefox for some reason. i tried uninstallign ti adn then installing it again, but that didnt work, i tried installing a different version and it still didnt work.
  okay the exact message is" Windows cannot find 'C:\Program Files\Mozilla Forefox 4.0 Beta 1\firefox.exe'. make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
  Nothing happens after i install is the "Launch Firefox now" checkbox set, the same message comes up.
  i usually start firefox from the shortcut i have on my desktop but when this happened i thought that the shortcut is the problem, but i went to the Mozilla firefox folder and tried it from there, but it didnt work. i also tried downloading different versions of firefox but that didnt work either.

  can you tell me the solution to "windows cant find firefox" error. thanks.

• I cant access the root share of a windows server after upgrading to mountain lion

  Hi Guys,
  Since upgrading to mountain lion i cant access the shared drives on our windows server. For example in a windows machine if i go to run the type \\server\ i get all the visible shares available. in my previous version i was able to do the same (obviously i would authenticate with my AD account). now when i try to access those same shares i get the message below:
  "The operation cant be completed becuase the original item for "/" cant be found"
  I can however connect to the shares directly for example if i connect to server path \\server\data it works ok.
  I have verified my account details and they are ok - i have also disconnected and reconnected the connection.
  This was working fine before the upgrade. can anyone help??

  well iv just managed to get to 35 gig free (just deleting iphone backups) and im now able to get past the next screen on bootcamp.
  unfortunatly its only allowing me to create a new partition not delete the current.
  this is leading me to think the old ones master partition has become damaged and the hard drive dosent know it exists any more.
  if this is the case (please tell me im wrong though) what options do i have as i dont want to / have the money to buy another hard drive to back everything up to it with.
  thanks again
  gareth

• I associated with my other Apple ID by mistake. Now I cant access my iTunes match. What to do?

  I didn't know about 90 days rule. I associated iphone with my other Apple ID by mistake. Now I cant access my iTunes match. What to do expept waiting for 90 days?

  Hi
  Try contacting Apple support Contact Apple for support and service - Apple Support
  Jim