Securtiy port on Cat 500

The Enterprise 500 switch seems to automatically set MAC port violation feature, and it does not appear possible to disable this via the web interface.
I?m using a laptop that has a MAC address associated with its WiFi interface, which is presented via the Wireless Access Point, When the laptop roams from one Access Point to the next one, the MAC address now appears on the new LAN switch port via the connected second Access Point and due to a securtiy port feature the port port is blocked. is there any way to disable the security port set on the switch?

I'm using the Cisco Network Assistant 4.0, and when I?m not able to untick the security port box is there any mode that set the privilege to allow users changing the setting? when the wireless device roam from an AP to another the port connected to the 2nd AP is blocked due to this security port blocking feature.
Yes, the AP are connected to port configured as smartport AP.
I'm going to test different smart port roles to see if this fixes the problem.
Many thanks

Similar Messages

  • Cat 500 disabled port state

    I have a couple of Cat 500 express routers in a two building network connected with wireless access points. I had a wireless drop to due to a user unplugging the wireless AP and my switch put my port into disale state "due to traffic only passing in one direction" Is this something that i can avoid having to deal with in the future or is it software feature that you have to deal with on the lower end switches?

    ok thanks i will give that a shot and see if that works. I remember though when I first set this site up I had set each of the ports on those two switches to Access Point...i wasnt able to pass traffic and hit another IP?? I had to set the port to Router in order for it work properly....
    SW1---AP1======Bridge=====AP2---SW2
    thats my layout....
    thanks for the help...

  • DMVPN-Why received packet doesn't use UDP port 4500 but 500?

    Hello everyone
    I got a problem with my DMVPN. Spoke is behind a NAT device. x.x.x.x is an public IP address which hub uses. I don't know why it discovered that the hub is also inside a NAT device. And after it sends a packet using port 4500, the received packet from hub was not using port 4500 but 500. I'm confused now. Any advise would be much appreciated.
    *Sep 10 08:56:02 UTC: ISAKMP:(0): beginning Main Mode exchange
    *Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
    *Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing SA payload. message ID = 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
    *Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
    *Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): local preshared key found
    *Sep 10 08:56:02 UTC: ISAKMP : Scanning profiles for xauth ...
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
    *Sep 10 08:56:02 UTC: ISAKMP:      encryption 3DES-CBC
    *Sep 10 08:56:02 UTC: ISAKMP:      hash MD5
    *Sep 10 08:56:02 UTC: ISAKMP:      default group 1
    *Sep 10 08:56:02 UTC: ISAKMP:      auth pre-share
    *Sep 10 08:56:02 UTC: ISAKMP:      life type in seconds
    *Sep 10 08:56:02 UTC: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80 
    *Sep 10 08:56:02 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:life: 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
    *Sep 10 08:56:02 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
    *Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_SA_SETUP
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3 
    *Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_SA_SETUP
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing KE payload. message ID = 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching x.x.x.x
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is Unity
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is DPD
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): speaking to another IOS box!
    *Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
    *Sep 10 08:56:02 UTC: ISAKMP (2746): NAT found, both nodes inside NAT
    *Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
    *Sep 10 08:56:02 UTC: ISAKMP (2746): My hash no match -  this node inside NAT
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4  New State = IKE_I_MM4 
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Send initial contact
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    *Sep 10 08:56:02 UTC: ISAKMP (2746): ID payload 
    next-payload : 8
    type         : 1 
    address      : 192.168.1.101 
    protocol     : 17 
    port         : 0 
    length       : 12
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Total payload length: 12
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4  New State = IKE_I_MM5 
    *Sep 10 08:56:03 UTC: ISAKMP (2746): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_KEY_EXCH
    *Sep 10 08:56:03 UTC: ISAKMP:(2746): phase 1 packet is a duplicate of a previous packet.
    *Sep 10 08:56:03 UTC: ISAKMP:(2746): retransmitting due to retransmit phase 1
    *Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH...
    *Sep 10 08:56:04 UTC: ISAKMP (2746): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
    *Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH
    *Sep 10 08:56:04 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    *Sep 10 08:56:04 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.

    This could be because the port 4500 packet that is being sent is not being received by the peer side or it is ignoring that packet. 
    Since the port 500 packet that you are receiving is a duplicate of the previous packet it is definitely not a reply packet for the port 4500 packet. 
    If you can get the debugs from the other end, then you could see if the peer side is receiving the udp port 4500 packets.
    If not that then this could be a UDP port 4500 block with the ISP.

  • Transaction IDX1: Port SAPQA1, client 500, RFC destination  contain error

    Hi experts
    I am configuring XI for MM-SUS scenario, when I try to send Idocs from R/3 to XI I have this message:
    Transaction IDX1: Port SAPQA1, client 500, RFC destination  contain error
    In XI transaction IDX1 I have maintened a port (MM_QA1) and RFC (MM_RFC) that points to R/3
    In XI transaction IDX2 there is no entries
    Some idea how to solve it?
    Thanks
    Nilson

    Hi,
    >>Could you clarify it for me, In XI side Transaction IDX1 I have a PORT and RFC destination to R/3?
    Yes you are correct..
    You should have done this..
    1) RFC Destination (SM59)
    a) Choose create.
    b) Specify the name of the RFC destination
    c) Select connection type as 3 and save
    d) In the technical settings tab enter the details SAP SID/URL and system number#.
    e) Enter the Gateway host as same details above SID/URL.
    f) Define Gateway service
    g) In the Logon /Security tab, enter the client user & Password details of Destination system.
    h) Test the connection and remote logon.
    2) Create Port (IDX1)
    a) Select create new button
    b) Enter the port name as SAP+SID (The starting char should be SAP)
    c) Enter the destination client.     
    d) Enter the RFC Destination created in SAP R/3 towards other system.
    e) Save
    Thanks
    SaNv...

  • Cisco Cat 500 Express deficiency

    I have heared complaints about the Cisco Cat 500 switch.
    When using the Cat 500 with AP1200 and 7920 IP phones, the phones do not roam from AP to AP.
    Also I have found out that the Cat 500 will not relay dhcp request to a server on a seperate vlan from it's configured ip address.
    With CLI switches, the "ip helper-address under the vlan will acheive this. With the Cat 500, how do u acheive directed broadcast.
    Looks like this switch is not very good. The smartports do not work very well, you will find that choosing "other" as a smartport fixes most connectivity issues.
    Cisco your comments?

    The Cat 500 Express is a Layer 2 switch - like the older model switches, it has a single SVI which is in one VLAN.
    If you have more than one VLAN, then you will probably have a device that routes between them (this won't be a Cat 500 - it would be a Cat 3xxx layer three switch or a router most likely) and this device would be what provides Ip-helper functionality...
    Regards
    Aaron
    Please rate helpful posts...

  • Port forwarding UDP 500 not consistent

    I have a WRT400N setup to port forward UDP 500 (IKE) to a VPN device on my LAN.  It works for a few hours, and then stops forwarding.  If I reboot the WRT400N, it starts forwarding again.  Has anyone seen this behavior?
    Other ports I'm forwarding, such as 443 (HTTPS) work OK all the time.

    Try to re-flash the firmware on your router and see if that works.
    Connect the computer with the Ethernet cable to the router.
    Download the latest firmware from Linksys website and save it on your computer. Open the setup page of the router. Click on Administration tab and go to Firmware upgrade sub tab. Browse the firmware file that you have already downloaded and upgrade it on your router.
    After upgrading the firmware on the router, it is recommended that you should reset the router and reconfigure it. Press and hold the reset button on the router for 30 seconds. Release the reset button and wait for 30 seconds. Power cycle the router and reconfigure it.

  • Anyone else having issues opening port 1701 and 500?

    on a standar actiontec fios router. 
    setting up VPN on a mac server, and port 1701 just wont open. I can open all other ports just fine, except for UDP1701 and 500
    any guidance would be great!  

    TNS_2 wrote:
    Defaulted to selected on my new version I.  I never selected it.  The router was only installed as part of my Quantum TV package.  Only looked to comment about port forwarding.
    p.s.  I reset the router to factory defaults when I got it to make sure no junk from a previous user was present, and then changed the router password and turned off the wireless (I use my own router connected after the Verizon for wireless use).
    Must be something wrong with your I router.  they are not selected on mine which is only a couple of months old Firmware Version:40.21.10.3
    Are you saying that all those rules defined under advanced, network, port forwarding rules are activated?
    How did it decide what device/s on your internal network to forward to?

  • How to change the default SSH port on Cat 6500 WS-SUP720-3B

    I have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running
    entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
    Thanks in advance..

    Hi Neil,
    Normally this is achieved via the "ip ssh port rotary " but unfortunately, this command is not implemented on your platform so ssh will only work on port 22.
    Regards,
    Nicolas

  • Setting up a primary and secondary 5508 using Redundancy Port to share 500 user license in HA

    I will try and keep this short but I am totally lost. Management purchased a HA package from Cisco consisting of 2 5508's with pre installed 500 users license on the Primary WLC and none on the secondary WLC. We have 5508's already so I am familiar with setting them up and so forth. What I am not familiar with is setting them up using HA for failover and license sharing. I've looked and looked and can't find documentation online showing how to set this up. I have found some but nothing that is complete. I have spent 2 days spinning my wheels. Can someone point me to proper way to config these in HA?
    Thanks so much,
    Sent from Cisco Technical Support iPad App

    Here are some links that can help:
    https://supportforums.cisco.com/docs/DOC-32259
    http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml
    http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/lwap/config_lwap_chapter_01101.html
    Video
    https://www.youtube.com/watch?v=4gsf_3S8Rew0
    https://www.youtube.com/watch?v=l7i_nO15Crw
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Cat express 500 and AP´s

    I have 1 1200 AP, 1 Cat express 500, 1 7920 ip phone and a notebook. How do i configure the switch port so that i can have different wireless vlans for voice and for data?
    For the phone to join an ssid it must be an infrastructure one. For the ssid to be infrastructure, the vlan must be native. I can´t choose the native vlan in the cat express 500, only the vlan 1 can be native and that is not my voice vlan!
    With other switches this works just fine......Any suggestions of how to configure it????

    Basically at this stage with the Cat 500, there is no way to assign a port natively to the "Cisco-Voice" VLAN. Basically cisco screwed up completely here, and I believe will fix this in a future software update.
    However as a workaround you can ignore completely the Cisco-Voice VLAN, create a new VLAN (I used VLAN3) and assign this to the port for the 1200AP. Change the smartport role for each "IP phone & Desktop" to "Switch" - this allows a trunk between phone & Cat500 and will allow the phone to communicate on VLAN3 with the AP (if you set phone to VLAN3)
    EDIT - Sorry I just re-read your message and it sounds like you need to set-up the port to the AP as a SWITCH, because you want multiple VLANS on the wireless - sorry not familiar with this AP, but using 'switch' should trunk the VLANs no bother as long as the AP supports it.

  • Cat Express 500 & 2950 RSTP & PVST

    Hi,
    I have a Cat 500 connected to a 2950,
    on a 802.1q trunk.
    The Cat 500, seems to be running RSTP and the 2950, is capabale of only pvst.
    The port seems to go into blocking state in the Cat 500.
    After changing the Cat 500 to run IEEE STP, the problems I was having with ports being blocked disappeared.
    Can anyone suggest what is the best approach when running a Cat 500, connected to a Cat 2950 ?
    Do I need to enable MST on the Cat 500, so that it can interop with 2950 ?
    If I have only thses 2 switches, is the best option just setting both switches to use the same STP mode ?
    Thanks

    YES,
    the best option is to use the same STP type/mode throughout your environment.
    rapid-PVST+ is interoperable with PVST+. when the two exist, the rPVST+ switch reverts to PVST+ unless you are running dual STP instances, one for rPVST+ and one for PVST+.
    again, if you can run the same STP mode, please do.
    please see the following link for much more STP info:
    http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_protocol_home.html

  • Smart View not working in Hyperion 9.3.3 (Getting Host/Port Error (500))

    When i m trying to connect smart view , i Get the following Error Message . Cannot Connect to the Provider . Make sure its running in the specified host/port . Error (500) . I have tried the following at my end . Restarted the IIS and Web Servcies . I need to resolve the issue as soon as possible . Kindly Help .

    Hi this is the Detailed error Message I got when I try to run hfmofficeprivder.aspx
    Exception Details: System.Web.HttpException: The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files'.
    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    Stack Trace:
    [HttpException (0x80004005): The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files'.]
    System.Web.HttpRuntime.SetUpCodegenDirectory(CompilationSection compilationSection) +3474107
    System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags) +226
    [HttpException (0x80004005): The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files'.]
    System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +3426839
    System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +88
    System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +149
    Regards,
    David
    Edited by: David Mallela on May 24, 2012 8:04 PM

  • Cat Express 500 Auto-MDIX

    I am trying to connect a Cat 500 Express to a 2950, using a stright-through cable.
    If I enable auto-mdix on the Cat 500, I have to enable auto speed and duplex settings.
    If I do this, I get a duplex mismatch.
    Can i set the auto-mdix to work, without having to auto-negotiate the speed and duplex settings ?
    On the 2950, the settings are 100/full
    Thanks

    BY default CE-500 is auti-mdix & u need not make any changes on duplex settingz. bcoz i never faced such problem by connecting my CE-500 to 2950, juz a straight cable connecting from CE-500 gigabit to 2950 gigabit. thatz it, i didn't get any duplux mismatch, try to check once again in 2950 that every thing is set auto(duplex & speed)

  • CE-500 and multiple MAC adressess per port?

    Hi,
    I have CE-500. There are users which have IP phones with atached desktop PCs. So their ports have role Desktop+IP phone. Security is set to low, so for each port there can be 3 MAC addresses.
    Some users are running VMWare which creating additional MAC addresses at this port. CE-500 after some time generates error message about attack and dissables that new MAC addresses to access network.
    But I did not find way how to disable MAC address count check.
    I tried to change role of this port but none other than Desktop+IP phone has voice vlan settins.
    Does anyone know how to solve it?

    Why do you want to disable MAC address count?. It is a security feature in this. If you want some more mac addresses, then in crease swirchport port-security maximum .
    Or else, I would suggest you to provide static Mac address allocation to that port.

  • Viewing IP's connected to catalyst 500 24tt ports

    I would like to see what IP is connected to a port on the 500 series switch. The management console shows that a device is connected at 10Mb/half duplex and I would like to know which node it is. I also downloaded and installed network assistant but still can't view this info.
    Any help would be appreciated greatly.
    thank you
    Eric

    Thank you for all the help. This is definitely not a high end model switch.
    There is one problem I am trying to solve:
    I installed two 500 express switches in the same rack in the server room. They are both connected to the same layer 3 switch. But when i try to access the web-based console on one of them, it is dog slow...unusable in fact. This is from any windows machine. When i connect a laptop directly to a port, it works fine. I swapped out uplink cables and swapped ports on the layer 3 switch but this didn't change anything
    So...
    I wanted to know who or what is connected to the port. Is it a printer or a workstation and why are some connected at 10 half of full and another is connected at 100 half. And what are the ramifications of not setting the port to the proper role (printer, workstation, etc) and is this the reason for the web console being unusable.
    So...(long version)
    I need to know the IP's as the Mac's are useless to me. I had the opportunity to use Solar Winds once and that would work perfect for this application.
    Funny thing, though. A linux box I built was able to access the offending switch with no problem. Not sure if it is because of firefox or the tcp stack that linux uses.
    Sorry if too much info and thanks again.
    Eric

Maybe you are looking for

  • Date interval issue

    Hi Experts, I am facing an issue with Date Interval in BO report. We are using BICS connection and the date interval format we are receiving in BO is dd-mm-yyyy hh:mm:ss a : dd-mm-yyyy hh:mm:ss  a eg: 01-01-2013 12:05:06 AM : 12-12-2013 10:06:05 PM I

  • Transparency problems: Objects not printing

    Recently had 2 jobs go bad due to objects with transparency effect applied not printing when export to PDF was created (both from CS3 and 4 and 5). I could not find anything special about the files, and I could not reproduce the problem (unless I cop

  • Calculation Throughput

    Hello, I have a data warehouse database version 10204. I would like to check what is the maximum throughput in peek time. How can i calculate it ? Is it store somewhere in the oracle v$ views ? Thanks

  • Misspelled User Name at App Update Page

    My user name is misspelled and I can't update apps. It is greyed out and only allows me to input my password. How do I correct it?

  • Credit Memo setup in Payables

    Hi, I want to create one payable invoice with Negative amount. But the system isn't allowing me to do so. Could you please help me in letting me know the steps? Whether it should be setup at supplier level? Regards, Bharat.