TCP reset packet issue on Cisco 6509 switch
Hi,
We are connecting a malware prevention appliance to a SPAN port on cisco switch 6509 which uses IOS firmware.
When the Malware appliance send TCP RST packet to the switch, it does not accept it.
Please help with what additional config to be done on the switch or the span sport so that the packet is received by the switch.
Hello, Wasim.
No sure if 6500 supports the feature, but 3750 does:
monitor session destination int f0/1 ingress vlan 100
This last part allows SPAN port to send traffic into VLAN 100 (more details here -
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swspan.html#wp1260596)
Similar Messages
-
ThinkPad USB 3.0 dock network port has problems with our Cisco 6509 switch
We purchased a ThinkPad USB 3.0 dock for and X1 carbon and the main issue we are having is the network port does not seem to work with our Cisco 6509 switch. I tried updating the firmware on the dock but it still hasn't fixed the issue. I was wondering if anyone else had run into this problem with any other networks out there.
I'm seeing the same issue with a ThinkPad W520. When I connect my ethernet cable directly to the laptop, my internet speeds are on par with my service provider of 18 Mbps. When I move that cable to the dock, I will only see 1.5 Mbps. I have two displays attached to the dock and I'm running Windows 7. I've updated the dock firmware and have installed the latest system drivers. Is there anything else to try?
-
MTU Size Issue on Cisco 3560 Switch
Could anybody tell me how to change MTU Size on a Cisco 3560 Switch.i mean to say whether it is to be changed on FastEthernet Interfaces or on VLAN 1 or on Global Configuration Mode and with which Command to change it.
I am using MPLS on my Routers and the MTU size i have set on my Router Interfaces is 1524.
When i do a normal ping from Customer's one site to another (where my Traffic has to pass through this Switch VLAN)i get a reply , but when a Ping with a Byte Size of 1500 or more the Packets get completely dropped.
I think due to MTU Mistach bet. Switch and Router the Packets r getting droped,that is why i was trying to change it.
could the Packets get dropped because of this reason.Please suggest. -
Dot1x Issue on Cisco 2950 Switch
Hi,
I have a Cisco 2950 switch running with c2950-i6q4l2-mz.121-22.EA6.bin image.When i configure a Dot1x Port Control Auto on each interface the utilization on the Cisco 2950 goes high.The moment i remove Dot1x Port Control Auto command on every interface utilization comes to normal.
Please let me know if any idea on this why the switch is behavior like this....
Thanks & Regds,
LalitMost likely you are hitting a bug although I did not find anything in the bug toolkit that could resemblance this.
What process is stealing all your cpu? Please do a `show proc cpu` for me. I would start by grabbing the EA13 release and try the same with that to see if you experience the same issues. -
Centralized Forwarding Card was down on cisco 6509 switch
Hi,
i received an alert for CFC down on cisco switch(module 1). When logged in and check from module 1, its showing status showing as OK.
Please suggest to how to check and reslove the issue.
Thnks,
RajaHi,
What about "sho vlan id ..." command?, that would show you the ports configured on a specifi vlan, example:
Switch#sh vlan id 20
VLAN Name Status Ports
20 VLAN0020 active Fa0/2, Fa0/8, Fa0/10, Fa0/13
Fa0/14
Regards,
Aref -
Reset module command in cisco -6509
Hi Team,
We need to reset/reload one of the module of our core switch i.e.WS-C6509-E. Moreover, we have tried the command reset 4 (module no.) but it's not working. Please provide us the command to reset the module.Hello Saurabh,
it should be
hw-module module 4 reset
given in SWitch# privileged mode
Switch#hw-module module 4 ?
boot Specify boot options for the module through Power Management Bus control register
reset Reset specified component
simulate Simulate options for the module
some specific service modules like CSM or other can require different approach
This is good for normal linecards
Hope to help
Giuseppe -
NTP Issue on cisco 3560 switch
Hi all
Here is my ntp configuration
clock timezone GMT 4
clock summer-time UAE recurring
ntp server 192.168.10.254 version 2 prefer
end
sh ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
reference time is 00000000.00000000 (04:00:00.000 GMT Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
-SW1#sh ntp associations
address ref clock st when poll reach delay offset disp
~192.168.10.254 0.0.0.0 16 - 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
-SW1#
Please help me what i have did wrong
regards
rajaYou are still not answering the question.
Is the appliance, with IP Address 192.168.10.254, synchronized with a valid SNTP/NTP address or not.
Even if you enable NTP Master (which I personally don't recommend) and your appliance is NOT synchronized to a valid NTP source, then the appliance 192.168.10.254 can potentially broadcast the WRONG time to all the appliance. Since you've forced all downstream appliances to synchronize with a source that has the wrong NTP data (using the command "ntp master") all your network equipment will be sporting the wrong time. -
Tcp Reset question - IPS Sensor 4255
I have this sensor doing tcp resets, the question I have is if I add a network to the "never block addresses" will the sensor still send tcp resets even though the network is in the never block? if so how do I tell the sensor to not block certain ip addresses..
Thanks in advance
PhilYou can configure sensors to send TCP reset packets to try to reset a network connection between an attacker host and its intended target host. In some installations when the interface is operating in promiscuous mode, the sensor may not be able to send the TCP reset packets over the same sensing interface on which the attack was detected. In such cases, you can associate the sensing interface with an alternate TCP reset interface and any TCP resets that would otherwise be sent on the sensing interface when it is operating in promiscuous mode, are instead sent out on the associated alternate TCP reset interface.
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_guide_chapter09186a008055fc77.html -
I have my man-port on vlan 2 this is our MGT vlan we do not use vlan 1, tcpreset is not work. Below is the step I did to set it up
1 vlan 1 is up but no ip address on this due to vlan 2 is MGT IP
2 I have the man-port on vlan 2
intrusion-detection module 9 management-port access-vlan 2
3 I ran the tcpdump and noting came back go a pars error.
can anyone shed light on my problems I'm not sure I have everything config right.
ThanksNot sure what you are asking.
Sounds like you may be confusing the management port with TCP Reset event action for signatures.
The TCP Reset packets as event actions for signatures will not be sent out of the management port. They are sent out a TCP Reset port.
The TCP Reset port is not user configurable or even viewable in Native IOS.
The configuration you need to worry about is not the management-port but instead the data-ports of the IDSM-2. The data-ports need to be properly configured to monitor the traffic you want to execute the TCP Resets on, -
Hi,
I have been trying to figure out how to get TCP reset working in IDSM-2.
Switch config,
monitor session 2 destination intrusion-detection-module 9 data-port 1
monitor session 2 source remote vlan 99
Custom testattack signature,
Log shows the signature has been triggered,
On the attacker, I ran a wireshark capture, but did not see any attempt to reset the TCP session.
Any idea what did I mis-configure ?
From what I have read, for native IOS, I don't have to configure anything for the TCP reset interface System0/1.
Regards.Hi,
IDSM2 has a separate tcp-reset interface - System0/1 .In IDSM2, there is no need to explicitly configure the TCP Reset interface. The TCP Reset interface is automatically added to all necessary VLANs by the switch.
Once a signature is configured to perform the reset action, and if this is triggered, the reset will be sent out the reset port with the appropriate vlan tag attached. From the switch this is then sent to the appropriate vlan.
Thanks and Regards,
Thulasi Shankar -
Configuring HSRP in Cisco 6509
We have 2 nos Cisco 6509 switches with MSFC II . VLAN's are configured in both the 6509's and now we need to have the HSRP for redudancy.
Dear Anand,
It is really helpfull info for me also.I am having same set up But my one 6509 again connect to tw0 3725 routers where i am using HSRP.Please fine set up below
Customer end Router --- > Ethernet1------> 6509-A ---->3725 Router-1 (Standby 3725 Rou-2 )---> Remote Location
Customer end Router --- > Ethernet2------> 6509-A ---->3725 Router-1 (Standby 3725 Rou-2 ) ---> Remote Location
My Problem is that i need full redundancy between customer router and 3725 routers also.
If i cross connect 3725 Routers on both 6509 then how existing HSRP of 3725 will work.
TIA
Regards
SAM -
Packet loss when pinging from/to a cisco 3560e switch
I see Packet loss when pinging from/to a cisco 3560e switch. CPU utilization is normal.
Switches are running with IOS c3560e-universalk9-mz.122-35.SE5.bin.
Packet loss is observed for all the devices irrespective of directly connected or remote devices.
If i do self pinging, there are no packet loss.
I don't see any error on interface.
Can anyone please help me in resolving this issue.TCB Local Address Foreign Address (state)
03737C48 10.47.0.229.60053 10.41.81.55.49 CLOSEWAIT
039ACDC4 10.47.0.229.61929 10.41.35.250.49 CLOSEWAIT
03B316C0 10.47.0.229.27544 10.41.81.55.49 CLOSEWAIT
038228F0 10.47.0.229.16506 10.41.35.250.49 CLOSEWAIT
039C3D04 10.47.0.229.15207 10.41.81.55.49 CLOSEWAIT
039A9BD0 10.47.0.229.52983 10.41.81.55.49 CLOSEWAIT
0394152C 10.47.0.229.22425 161.61.35.250.49 CLOSEWAIT
037D811C 10.47.0.229.21117 10.41.81.55.49 CLOSEWAIT
039C12BC 10.47.0.229.37437 10.41.81.55.49 CLOSEWAIT
03933B84 10.47.0.229.34085 161.61.35.250.49 TIMEWAIT
03B32340 10.47.0.229.45729 10.41.81.55.49 CLOSEWAIT
038247D0 10.47.0.229.32816 10.41.81.55.49 CLOSEWAIT
039A92D8 10.47.0.229.38680 161.61.35.250.49 CLOSEWAIT
037370F0 10.47.0.229.13212 10.41.81.55.49 CLOSEWAIT
037D85F0 10.47.0.229.38728 10.41.81.55.49 CLOSEWAIT
03B2B284 10.47.0.229.23428 10.41.81.55.49 CLOSEWAIT
03B2ADB0 10.47.0.229.56836 10.41.81.55.49 CLOSEWAIT
0394BFF0 10.47.0.229.23257 161.61.35.250.49 CLOSEWAIT
036604DC 10.47.0.229.44437 10.41.81.55.49 CLOSEWAIT
0394C700 10.47.0.229.22 192.37.184.211.61639 ESTAB
039B9A68 10.47.0.229.20543 10.41.81.55.49 CLOSEWAIT
03739B28 10.47.0.229.15392 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
0392EA48 10.47.0.229.13862 10.41.81.55.49 CLOSEWAIT
0365E23C 10.47.0.229.27856 10.41.81.55.49 CLOSEWAIT
03817C0C 10.47.0.229.64929 10.41.81.55.49 CLOSEWAIT
039357C8 10.47.0.229.22088 10.41.81.55.49 CLOSEWAIT
037375C4 10.47.0.229.21832 10.41.81.55.49 CLOSEWAIT
039C20E8 10.47.0.229.18169 10.41.81.55.49 CLOSEWAIT
03716D08 10.47.0.229.61993 10.41.81.55.49 CLOSEWAIT
039A74E4 10.47.0.229.62948 10.41.81.55.49 CLOSEWAIT
03655480 10.47.0.229.14052 10.41.81.55.49 CLOSEWAIT
039407F0 10.47.0.229.49643 161.61.35.250.49 CLOSEWAIT
039A53AC 10.47.0.229.13233 10.41.81.55.49 CLOSEWAIT
03739FFC 10.47.0.229.16605 10.41.81.55.49 CLOSEWAIT
039B82B8 10.47.0.229.16458 10.41.35.250.49 CLOSEWAIT
039BEBA4 10.47.0.229.64377 10.41.81.55.49 CLOSEWAIT
03741980 10.47.0.229.13866 10.41.81.55.49 CLOSEWAIT
03B3ABF8 10.47.0.229.19365 10.41.81.55.49 CLOSEWAIT
039B5810 10.47.0.229.24768 10.41.81.55.49 CLOSEWAIT
03956E48 10.47.0.229.55980 161.61.35.250.49 CLOSEWAIT
03946820 10.47.0.229.65053 161.61.35.250.49 CLOSEWAIT
037DBE94 10.47.0.229.15283 10.41.81.55.49 CLOSEWAIT
039A4854 10.47.0.229.48562 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
03B33320 10.47.0.229.29803 10.41.81.55.49 CLOSEWAIT
03B3B79C 10.47.0.229.12142 10.41.81.55.49 CLOSEWAIT
03713C9C 10.47.0.229.63799 10.41.81.55.49 CLOSEWAIT
039BBECC 10.47.0.229.14763 10.41.81.55.49 CLOSEWAIT
03656E40 10.47.0.229.16357 10.41.81.55.49 CLOSEWAIT
0362A73C 10.47.0.229.62450 10.41.81.55.49 CLOSEWAIT
039B878C 10.47.0.229.64402 161.61.35.250.49 CLOSEWAIT
03826CFC 10.47.0.229.16108 10.41.81.55.49 CLOSEWAIT
03B2CA34 10.47.0.229.17634 10.41.81.55.49 CLOSEWAIT
03AD78D0 10.47.0.229.15249 161.61.35.250.49 CLOSEWAIT
03AD967C 10.47.0.229.20389 161.61.35.250.49 CLOSEWAIT
03B2C560 10.47.0.229.37079 10.41.81.55.49 CLOSEWAIT
039C5128 10.47.0.229.24711 10.41.81.55.49 CLOSEWAIT
03822F74 10.47.0.229.54866 10.41.81.55.49 CLOSEWAIT
0372C5FC 10.47.0.229.13298 10.41.81.55.49 CLOSEWAIT
0372D278 10.47.0.229.12407 10.41.81.55.49 CLOSEWAIT
039A33D0 10.47.0.229.36573 10.41.81.55.49 CLOSEWAIT
039BCEF8 10.47.0.229.53853 10.41.81.55.49 CLOSEWAIT
039C02D8 10.47.0.229.53725 10.41.81.55.49 CLOSEWAIT
039B5CE4 10.47.0.229.58027 10.41.81.55.49 CLOSEWAIT
0381866C 10.47.0.229.17100 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
039BB374 10.47.0.229.53148 10.41.81.55.49 CLOSEWAIT
03AD3634 10.47.0.229.19716 161.61.35.250.49 CLOSEWAIT
0362DAA4 10.47.0.229.19479 10.41.81.55.49 CLOSEWAIT
0365AE60 10.47.0.229.62209 10.41.81.55.49 CLOSEWAIT
0362D5D0 10.47.0.229.41327 10.41.81.55.49 CLOSEWAIT
037D7C48 10.47.0.229.58283 10.41.81.55.49 CLOSEWAIT
03955474 10.47.0.229.33810 161.61.35.250.49 CLOSEWAIT
0373B15C 10.47.0.229.23331 10.41.81.55.49 CLOSEWAIT
036628D0 10.47.0.229.46856 10.41.81.55.49 CLOSEWAIT
03819584 10.47.0.229.19861 10.41.81.55.49 CLOSEWAIT
0394D000 10.47.0.229.64732 10.41.35.250.49 CLOSEWAIT
0394B760 10.47.0.229.19967 161.61.35.250.49 CLOSEWAIT
039B6BD4 10.47.0.229.40096 10.41.81.55.49 CLOSEWAIT
03AD7150 10.47.0.229.65184 10.41.35.250.49 CLOSEWAIT
039BC3A0 10.47.0.229.64702 10.41.81.55.49 CLOSEWAIT
03B3A724 10.47.0.229.60399 10.41.81.55.49 CLOSEWAIT
037145E0 10.47.0.229.43951 10.41.81.55.49 CLOSEWAIT
03955EDC 10.47.0.229.29015 161.61.35.250.49 TIMEWAIT
0365FB34 10.47.0.229.13961 10.41.81.55.49 CLOSEWAIT
03828D54 10.47.0.229.12743 10.41.81.55.49 CLOSEWAIT
037DB40C 10.47.0.229.23708 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
039AF814 10.47.0.229.15100 10.41.81.55.49 CLOSEWAIT
0392E344 10.47.0.229.23399 10.41.35.250.49 CLOSEWAIT
0393DC3C 10.47.0.229.15393 161.61.35.250.49 CLOSEWAIT
03AD85D0 10.47.0.229.40932 161.61.35.250.49 TIMEWAIT
039574CC 10.47.0.229.25935 10.41.35.250.49 CLOSEWAIT
03738B74 10.47.0.229.58656 10.41.81.55.49 CLOSEWAIT
039AD91C 10.47.0.229.56760 10.41.81.55.49 CLOSEWAIT
03B3BC70 10.47.0.229.15058 10.41.81.55.49 CLOSEWAIT
03B2DC54 10.47.0.229.51131 161.61.35.250.49 CLOSEWAIT
03B393F0 10.47.0.229.11957 10.41.35.250.49 CLOSEWAIT
039B2610 10.47.0.229.33728 10.41.81.55.49 CLOSEWAIT
03B311EC 10.47.0.229.18047 10.41.81.55.49 CLOSEWAIT
039A8E04 10.47.0.229.52022 161.61.35.250.49 CLOSEWAIT
0365D460 10.47.0.229.12241 10.41.81.55.49 CLOSEWAIT
03B33E78 10.47.0.229.47640 10.41.81.55.49 CLOSEWAIT
0372C128 10.47.0.229.60323 10.41.81.55.49 CLOSEWAIT
03661CD8 10.47.0.229.39923 10.41.81.55.49 CLOSEWAIT
0393C73C 10.47.0.229.41864 10.41.35.250.49 CLOSEWAIT
03829584 10.47.0.229.56673 161.61.35.55.49 CLOSEWAIT
0362AC10 10.47.0.229.31952 10.41.81.55.49 CLOSEWAIT
039BF078 10.47.0.229.22636 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
0365CF8C 10.47.0.229.14476 10.41.81.55.49 CLOSEWAIT
039B443C 10.47.0.229.59226 10.41.81.55.49 CLOSEWAIT
0393E794 10.47.0.229.56282 10.41.35.250.49 CLOSEWAIT
03657740 10.47.0.229.25769 10.41.81.55.49 CLOSEWAIT
03B2F6E8 10.47.0.229.19328 10.41.81.55.49 CLOSEWAIT
0373AC88 10.47.0.229.25766 10.41.81.55.49 CLOSEWAIT
039B213C 10.47.0.229.28882 10.41.81.55.49 CLOSEWAIT
039C07AC 10.47.0.229.38201 10.41.81.55.49 CLOSEWAIT
03AD8DD0 10.47.0.229.23002 10.41.35.250.49 CLOSEWAIT
03739048 10.47.0.229.29572 10.41.35.250.49 CLOSEWAIT
039BA464 10.47.0.229.32273 10.41.81.55.49 CLOSEWAIT
03B31E6C 10.47.0.229.32521 10.41.81.55.49 CLOSEWAIT
0365EBE0 10.47.0.229.41319 10.41.81.55.49 CLOSEWAIT
03938804 10.47.0.229.62841 10.41.35.250.49 CLOSEWAIT
039A1AF8 10.47.0.229.12758 10.41.81.55.49 CLOSEWAIT
039B7DE4 10.47.0.229.20921 10.41.81.55.49 CLOSEWAIT
036549F8 10.47.0.229.51903 10.41.81.55.49 CLOSEWAIT
03714CC8 10.47.0.229.45145 10.41.81.55.49 CLOSEWAIT
037425F8 10.47.0.229.56492 10.41.81.55.49 CLOSEWAIT
03B39D74 10.47.0.229.18174 10.41.81.55.49 CLOSEWAIT -
TCP RESET - CISCO IPS 4240 in IDS Mode - Block Teamviewer
I would like to block teamviewer in my network. we are using CISCO IPS 4240 in IDS Mode. I found that there are signatures for teamviewer in latest Signatures.
We have only configured promiscuous interface, I read that we can issue TCP resets thru promiscuous interface as well (recommended is dedicated tcp reset interface).
However in my case, I found that Signatures for teamviewer is not getting fired even after getting successful teamviewer connections.
I am a beginner is IPS, Any inputs will be valuable for me.We're talking about sigs 15002-0, -1, -2 here. They are by default shipped disabled and retired, so you'll want to enable and activate them.
For these, the signature settings are not hidden and what they look for is pretty clearly documented in the sig description.
-0 looks for some specific DNS requests on TeamViewer's startup. TCP resets will have no effect on this.
-1 looks for specific traffic to tcp port 5938 which would indicate Teamviewer's direct-connection method
-2 looks for traffic indicating use over http when teamviewer is configured to use a proxy
TCP resets are a best effort response, they aren't going to be a 100% effective stop -
LLQ priority issue after upgrading to Sup32 on Cisco 6509
Hi,
I have 1x Cisco 6509 with Sup2 and MSFC2 and it is running on IOS (c6k222-jk9sv-mz.122-17d.SXB11).
I have following policy map :
Policy Map VOIP
Class IPPHONE
priority percent 75
and the following command on each interface:
service-policy output VOIP
those configuration are working fine on SUP2 with MSFC2 but last week I tried to upgrade the SUP2 to SUP32 on the switch and upgrade the IOS to the latest version (s3223-adventerprisek9-mz.122-33.SXJ4)
but when I try to put service-policy output VOIP on each physical interface I am getting the following error:
"Priority command is not supported in output direction for this interface"
and when I try to add service-policy output VOIP on a VLAN interface I am getting following error:
MQC features are not supported in output direction for this interface.
Please let me know if I need to change something after upgrading to SUP32.
ThanksHi
Hi
Sup32 uses PFC3B for Hardware forwarding and implemenation of features like qos, acl, netflow etc
PFC QoS does not support these policy map class commands:
•bandwidth
•priority
•queue-limit
•random-detect
•set qos-group
•service-policy
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html
Thanks
Raju -
Does cisco router support "tcp reset" mesg when the traffic blocked by access lit ?
hi ,
im trying to know if i blocked a destination with an access list on cisco.
can i make "tcp-rest " to that connection instead on dropping it ??
i belive it supported on ASA appliance , but not sure if supported on cisco routers.
im trying to migrate from linux router to cisco router and apply the same config , one of the challenging task is , i have
"reject-with=tcp-reset"
im wondering if i can do it on cisco router
waiting ur responce
regardsOne of the things that keeps me engaged with these forums is that they challenge me and give me opportunities to learn new things. My initial reaction to your question about IPS on IOS router was to say that this is not supported. But I did some research and find that apparently IPS functionality is now supported on some (but not all) of Cisco IOS routers. See this link for additional detail:
http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html
HTH
Rick
Maybe you are looking for
-
Exact space occupied by a table with LOB column
Hi Gurus, I need to check the exact amount of space used (in bytes or MB) by a table which is having a BLOB column. I tried the following query but it is not giving the proper usage. select segment_name , sum(bytes) from dba_extents where segment_typ
-
I have the problem that other have had, PDFs changing to Firefox icons
All my PDFs had changed to Firefox icons and when trying to open them only the Firefox browser page appeared and I could not locate my files. Uninstalling Firefox worked fine, my files returned. One person mentioned imported profiles from an old comp
-
Utomatic creation of PR or PO??
HI What triggers the automatic creation of PR or PO in case of third party sales?
-
I used to use it everyday befor the change. I just cannot figure out how to simply search through the thread topics for Flex only. I thought changes would make it easier, this is amazingly difficult.
-
Forms Migration 9i to 10g.............ORA-06508
Hi All, i have a form to call report using RP2RRO library, now i am migrating forms 9i to 10g form compiled successfully but when i click button "Run Report" it is giving error FRM-40735 ON-ERROR trigger raised unhandled excption ORA-06508. Same prob