ZBF commands to open OpenVPN port in on Cisco 1812

Hello,
I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:
ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194
ip port-map user-openvpn port udp 1194 description OpenVPN
access-list 103 permit udp any host 10.0.0.5 eq 1194
class-map type inspect match-all sdm-nat-openvpn-1
match access-group 103
policy-map type inspect sdm-pol-NATOutsideToInside-1
! other class types here for SSH & HTTP
class type inspect sdm-nat-openvpn-1
  inspect
class class-default
  drop log
Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?
Thanks for your help.
Best,
John

John,
The answer is, Nothing. You did not do anything wrong. Can you put logs on the Router to verify that maybe something else is being dropped?
Login via Telnet/SSH and do in config mode:
IP inspect log drop-pkt
Do term mon
Then try to initialize the VPN session and check what you get.
Mike Rojas.

Similar Messages

  • Command to open Messager Server 3600

    Hi Experts,
    I want to open a Messager Server Port 3600
    Could anyone provide me the command to open this port at command line, My OS is Windows
    Thanks
    Murtuza

    hi,
    Just like Markus said your SAP server will listen to port 3600.
    To make sure that your port (3600) on SAP server is open, you can type :
    TE:LNET <IP ADDRESS OF YOUR SAP SERVER> 3600
    If you get blank screen then you are connected.
    ardhian
    http://ardhian.kioslinux.com
    http://sapbasis.wordpress.com

  • Apple TV  Do I need to open a port on my router

    Do I need to open a port on my cisco router for my ipad to mirror on the tv.
    I have internet access on the Apple TV and ipad I just can't mirror

    Ports used listed here:
    http://support.apple.com/kb/HT2463
    (If it doesn't load 1st time refresh the page).

  • Tecra M1 - Modem doesn't work (can't open a port)

    I have a problem: After reinstalling WinXP and drivers on my Tecra M1, modem doesn't function. It even can't diagnose itself - there always comes a warning: "Can't open a port (COM). It may be used by another device or application". I installed the latest Toshiba drivers for the modem, but nothing changes. How can I fix it? Looking forward for your advices!
    Best regards.

    Hi
    Did you install the drivers in the right order? Not? So do it!
    Did you install any additional devices or software which could has a bad influence on the modem?
    Check the modem status in the device manger. Can you see any yellow exclamation marks?
    Try to start the modem test within the Operating system.
    Check the Modem function under
    Start -> Control Panel -> Phone and Modem Options -> Modems Tab -> Properties -> Diagnostics
    by pressing the "Query Modem" button.
    If the Modem Information window contain a list of AT commands (including ATI2, ATI3, ATI4 etc.), then the modem is correctly installed. The ATI5 command ends in with the number for the selected Regional settings (for example Germany = 06).
    To change the Regional Setting please use the Toshiba Internal Modem Region Select Utility.

  • Open a port on Cisco 1811

    This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
    Thanks,

    That didn't work. Here is the new running config:
    Building configuration...
    Current configuration : 12519 bytes
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname *Host Name*
    boot-start-marker
    boot-end-marker
    security authentication failure rate 3 log
    security passwords min-length 6
    logging message-counter syslog
    logging buffered 51200
    logging console critical
    enable secret 5 $1$3R6c$adcoV0cvM5hTzxOoPBByc0
    aaa new-model
    aaa authentication login default local
    aaa authentication login ciscocp_vpn_xauth_ml_1 local
    aaa authorization exec default local
    aaa session-id common
    clock timezone PCTime -7
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    crypto pki trustpoint TP-self-signed-1097866965
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1097866965
    revocation-check none
    rsakeypair TP-self-signed-1097866965
    crypto pki certificate chain TP-self-signed-1097866965
    certificate self-signed 01
    30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31303937 38363639 3635301E 170D3131 30393039 31383130
    32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30393738
    36363936 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B1C3 0B9F3231 E9911C7A 7A84E566 F4530769 16830F32 4A61F775 12CDDB5C
    23227963 5A53E5C5 2C0E8945 640DB32C ACD17F1A 2C52EC96 7C274099 5D4BBD26
    6E7C4DA9 32C5162B 0A54D437 64B719B9 36904DDA 7B23FC3C E7763F5E BF651874
    1870462E FA0ABE9C 37918D53 2B5B13A7 4FADFC9E 1D8B0B64 141733A7 8DC61C03
    80E90203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
    551D1104 22302082 1E426F77 5F49736C 616E6453 43414441 2E796F75 72646F6D
    61696E2E 636F6D30 1F060355 1D230418 30168014 0AEF8942 249D4EF1 A18B1BA6
    389822CB 16CB4922 301D0603 551D0E04 1604140A EF894224 9D4EF1A1 8B1BA638
    9822CB16 CB492230 0D06092A 864886F7 0D010104 05000381 81008DC2 DFF3604C
    93BE4175 7078AC30 7391F8AF 4A15E116 C53D523E 12F6B5F4 15CA5635 C12576F7
    0D5D1A2A F330F781 459F3418 7E82FFBD 2679E17C CDF07A4F A257B599 E7CCC9C6
    38617B96 F2E66F0D 6BFBC000 524B377B 969D51BD 48A9BF8F 8C0220D4 BB249435
    08688D18 794CAFB3 1F74F2F9 4E0C0245 AEA8E55A 2AE758A0 36CC
                  quit
    dot11 syslog
    no ip source-route
    ip dhcp excluded-address 10.11.101.1 10.11.101.99
    ip dhcp pool ccp-pool1
       import all
       network 10.11.101.0 255.255.255.0
       default-router 10.11.101.1
    ip cef
    no ip bootp server
    no ip domain lookup
    ip domain name yourdomain.com
    ip inspect log drop-pkt
    no ipv6 cef
    multilink bundle-name authenticated
    username *UserName* privilege 15 secret 5 $1$1O79$nIJGrBD9hCpDqheT3mDsC1
    username VPNuser secret 5 $1$nPz8$Cni5jyIWv9zlKAU3B5no9.
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key *Key* address *External VPN IP Address*
    crypto isakmp client configuration group VPN_Users
    key *Key*
    pool *VPN_pool*
    acl 102
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to*External VPN IP Address*
    set peer *External VPN IP Address*
    set transform-set ESP-3DES-SHA
    match address 103
    archive
    log config
    hidekeys
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    class-map type inspect match-any SDM_BOOTPC
    match access-group name SDM_BOOTPC
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
    match access-group 105
    class-map type inspect match-any SDM_DHCP_CLIENT_PT
    match class-map SDM_BOOTPC
    class-map type inspect match-all CCP_SSLVPN
    match access-group name CCP_IP
    class-map type inspect match-any SDM_AH
    match access-group name SDM_AH
    class-map type inspect match-any SDM_WEBVPN
    match access-group name SDM_WEBVPN
    class-map type inspect match-all SDM_WEBVPN_TRAFFIC
    match class-map SDM_WEBVPN
    match access-group 101
    class-map type inspect match-any sdm-cls-bootps
    match protocol bootps
    class-map type inspect match-any SDM_ESP
    match access-group name SDM_ESP
    class-map type inspect match-any SDM_VPN_TRAFFIC
    match protocol isakmp
    match protocol ipsec-msft
    match class-map SDM_AH
    match class-map SDM_ESP
    class-map type inspect match-all SDM_VPN_PT
    match access-group 104
    match class-map SDM_VPN_TRAFFIC
    class-map type inspect match-any ccp-cls-insp-traffic
    match protocol cuseeme
    match protocol dns
    match protocol ftp
    match protocol h323
    match protocol https
    match protocol icmp
    match protocol imap
    match protocol pop3
    match protocol netshow
    match protocol shell
    match protocol realmedia
    match protocol rtsp
    match protocol smtp extended
    match protocol sql-net
    match protocol streamworks
    match protocol tftp
    match protocol vdolive
    match protocol tcp
    match protocol udp
    class-map type inspect match-all ccp-insp-traffic
    match class-map ccp-cls-insp-traffic
    class-map type inspect match-any ccp-cls-icmp-access
    match protocol icmp
    class-map type inspect match-all VNC_CLASS
    match access-group name VNC
    class-map type inspect match-all ccp-icmp-access
    match class-map ccp-cls-icmp-access
    class-map type inspect match-all ccp-invalid-src
    match access-group 100
    class-map type inspect match-all ccp-protocol-http
    match protocol http
    policy-map type inspect ccp-permit-icmpreply
    class type inspect sdm-cls-bootps
    pass
    class type inspect ccp-icmp-access
    inspect
    class class-default
    pass
    policy-map type inspect VNC_POLICY
    class type inspect VNC_CLASS
    inspect
    policy-map type inspect ccp-sslvpn-pol
    class type inspect CCP_SSLVPN
    pass
    class type inspect sdm-cls-VPNOutsideToInside-1
    inspect
    class class-default
    drop
    policy-map type inspect sdm-pol-VPNOutsideToInside-1
    class type inspect sdm-cls-VPNOutsideToInside-1
    inspect
    class class-default
    drop
    policy-map type inspect ccp-inspect
    class type inspect ccp-invalid-src
    drop log
    class type inspect ccp-protocol-http
    inspect
    class type inspect ccp-insp-traffic
    inspect
    class class-default
    drop
    policy-map type inspect ccp-permit
    class type inspect SDM_VPN_PT
    pass
    class type inspect SDM_WEBVPN_TRAFFIC
    inspect
    class type inspect SDM_DHCP_CLIENT_PT
    pass
    class class-default
    drop
    policy-map type inspect VNC-POLICY
    class type inspect VNC_CLASS
    inspect
    zone security out-zone
    zone security in-zone
    zone security sslvpn-zone
    zone-pair security ccp-zp-self-out source self destination out-zone
    service-policy type inspect ccp-permit-icmpreply
    zone-pair security ccp-zp-in-out source in-zone destination out-zone
    service-policy type inspect ccp-inspect
    zone-pair security ccp-zp-out-self source out-zone destination self
    service-policy type inspect ccp-permit
    zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
    service-policy type inspect ccp-sslvpn-pol
    zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
    service-policy type inspect ccp-sslvpn-pol
    zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
    service-policy type inspect ccp-sslvpn-pol
    zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
    service-policy type inspect ccp-sslvpn-pol
    zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
    service-policy type inspect sdm-pol-VPNOutsideToInside-1
    interface FastEthernet0
    description $ES_WAN$$FW_OUTSIDE$
    ip address dhcp client-id FastEthernet0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat outside
    ip virtual-reassembly
    zone-member security out-zone
    duplex auto
    speed auto
    crypto map SDM_CMAP_1
    interface FastEthernet1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    shutdown
    duplex auto
    speed auto
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
    interface FastEthernet5
    interface FastEthernet6
    interface FastEthernet7
    interface FastEthernet8
    interface FastEthernet9
    interface Virtual-Template1
    ip unnumbered FastEthernet0
    zone-member security sslvpn-zone
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
    ip address 10.11.101.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly
    zone-member security in-zone
    ip tcp adjust-mss 1452
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    ip local pool *VPN_pool* 10.11.101.50 10.11.101.99
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source static tcp 10.11.101.10 5950 interface FastEthernet0 5950
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
    ip access-list extended CCP_IP
    remark CCP_ACL Category=128
    permit ip any any
    ip access-list extended SDM_AH
    remark CCP_ACL Category=1
    permit ahp any any
    ip access-list extended SDM_BOOTPC
    remark CCP_ACL Category=0
    permit udp any any eq bootpc
    ip access-list extended SDM_ESP
    remark CCP_ACL Category=1
    permit esp any any
    ip access-list extended SDM_WEBVPN
    remark CCP_ACL Category=1
    permit tcp any any eq 443
    ip access-list extended VNC
    permit tcp any host 10.11.101.10 eq 5950
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 10.11.101.0 0.0.0.255
    access-list 100 remark CCP_ACL Category=128
    access-list 100 permit ip host 255.255.255.255 any
    access-list 100 permit ip 127.0.0.0 0.255.255.255 any
    access-list 101 remark CCP_ACL Category=128
    access-list 101 permit ip any host 70.65.185.156
    access-list 102 remark CCP_ACL Category=4
    access-list 102 permit ip 10.11.101.0 0.0.0.255 any
    access-list 103 remark CCP_ACL Category=4
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
    access-list 104 remark CCP_ACL Category=128
    access-list 104 permit ip host *External VPN IP Address* any
    access-list 105 remark CCP_ACL Category=0
    access-list 105 permit ip 10.11.100.0 0.0.0.255 10.11.101.0 0.0.0.255
    access-list 106 remark CCP_ACL Category=2
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
    access-list 106 permit ip 10.11.101.0 0.0.0.255 any
    no cdp run
    route-map SDM_RMAP_1 permit 1
    match ip address 106
    control-plane
    banner exec ^C
    % Password expiration warning.
    Cisco Configuration Professional (Cisco CP) is installed on this device
    and it provides the default username "cisco" for one-time use. If you have
    already used the username "cisco" to login to the router and your IOS image
    supports the "one-time" user option, then this username has already expired.
    You will not be able to login to the router with this username after you exit
    this session.
    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.
    username privilege 15 secret 0
    Replace and with the username and password you want to
    use.
    ^C
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    line con 0
    transport output telnet
    line 1
    modem InOut
    stopbits 1
    speed 115200
    flowcontrol hardware
    line aux 0
    transport output telnet
    line vty 0 4
    transport input telnet ssh
    line vty 5 15
    transport input telnet ssh
    scheduler interval 500
    webvpn gateway gateway_1
    ip address *External IP Address*port 443
    http-redirect port 80
    ssl trustpoint TP-self-signed-1097866965
    inservice
    webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179-anyconnect.pkg sequence 1
    webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 2
    webvpn context *VPN_pool*
    secondary-color white
    title-color #CCCC66
    text-color black
    ssl authenticate verify all
    policy group policy_1
       functions svc-enabled
       svc address-pool "*VPN_pool*"
       svc keep-client-installed
    virtual-template 1
    default-group-policy policy_1
    aaa authentication list ciscocp_vpn_xauth_ml_1
    gateway gateway_1
    inservice
    end

  • Opening specific ports for video

    Hi!
    I want to open some ports for one specific host on the inside network. I want the host to be able to call out to any host on the internet. What is the easiest way to do this?
    I have many public IP adresses so the inside host can easily be Natted with one of the public adresses.
    /Lajja1234

    Easiest way,
    Do a one to one translation and open the right ports on the Outside ACL..
    Just like 5 commands and that will do it

  • Cannot open local port whatever

    Hi,
    I've just downloaded AVTransmit2.java and AVReceive2.java from this website's JMF tutorial and am having a little trouble getting both classes to communicate.
    I have two Command Prompt windows open and I'm trying something like
    java AVTransmit2 file:C:\Whatever.au ipaddress(my machine's IP) 4000
    java AVReceive2 ipaddress(my machine's IP)/4000
    Whatever process I run first, the second process then tells me that it cannot open local port 4000, even though this is the port that both processes are meant to communicate on. Should I be using two different machines to communicate?
    Sorry to bug everybody with this problem, it's probably been posted before but some advice would be appreciated.
    Thanks

    Err, well, if they are both acting as servers, that's right. If you are running them on the same machine, then the first one takes port 4000 and the second one can't use it. I would think they would take 2 sets of IP and port, one for it's server port, one for it to connect to the other side...
    however, I wouldn't think that the transmitter app would be using a server port. You should be starting the receiver first.
    Or something else is using that port. Another receiver you started but didn't start, maybe? Some other app? It shouldn't matter what port you use. Try something else (4001, 4002, etc).

  • Open TCP Ports on 9216i

    We are auditing open TCP ports on our network equipment and discovered a number of open TCP ports on our 9216i. Is there any way to tell what the open ports are used for and shut them down if unnecessary? The show tcp command is not available. show tech did not reveal anything.

    There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
    Common to all applications
    * SSH 22 (TCP)
    * TELNET 23 (TCP)
    * HTTP 80 (TCP)
    * SYSLOG 514 (UDP)
    Fabric Manager Server and Performance Manager
    * SNMP_TRAP 2162 (UDP)
    * SNMP picks a random free local port (UDP) - (can be changed in server.properties)
    * Java RMI 9099, 9199 to 9299 (TCP)
    Fabric Manager Client
    * Java RMI 9099, 9199 to 9299 (TCP)
    * SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
    Device Manager
    * SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
    * SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
    You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled.

  • How can i open ftp port(s)?

    Hi,,
    I have attached to my AE a Internet HD - WdMyCloud.
    I've tried connect to my MyCloud outside my network without success (from a imac - ftp and afp)
    What am I doing wrong? When I'm on the same network I do connect through ftp , but when I'm away home I can't .
    Here's a print screen of my Airport Extreme configuration . Someone could help me please?
    https://www.dropbox.com/s/a48jexr3dlokod7/Screen%20Shot.jpg?dl=0

    Port 5900 is for VNC (screen sharing), the WD will not support VNC. Leave that port alone.
    What you want to to is complex to setup securely…
    Enable ssh on the WD.
    Fix the WD's IP local address on the router so that it is always the same (this makes port forwarding stable).
    On your router open a port to use ssh…
    Port 22 is 'privileged' & is often scanned by bots just like port 21, choosing another port will reduce that exposure to an extent (a determined hacker will still know ssh is running on this port).
    Pick port 23895 or something else high (over 1024) that is the external port to use to 'dial in'. The router needs to direct to the internal port 22 on the WDMyCloud.
    To test the connection use ssh in Terminal (do this from inside & outside the WD network)…
    ssh -p 23895 username@external-IP-address
    accept the 'ID' if they match (first time only, unless the IP changes)
    enter password for username
    This allows you to run commands or browse files via Terminal commands etc.
    Type exit & hit return to leave the remote session.
    You can also use apps like Panic's Transmit to mount the share points over ssh or sftp - frankly it's easiest to stop here - Transmit has a 'mount remote disk' feature that basically does the same as Connect to server in Finder. Use ssh or sftp as the settings & it will be secure.
    Mounting remote in Finder
    If you want to mount the disk via AFP in Finder you need to use 'ssh local port forwarding'. The principle is to forward a custom local port through the ssh connection to the AFP port on the WD.
    This will setup the forward…
    ssh -p 23895 username@external-IP-address -L 22548:localhost:548
    Note -L is 'local forward' here it uses local port 22548 on localhost to connect to 548 on the remote end.
    Then you can connect in Finder to localhost.
    afp://username@localhost:22548
    You are connecting to the local port 22548, which is actually a tunnel to the WD's port 548.
    Some things to note.
    You need to disconnect & kill the ssh connection when finished, otherwise the local forwarded port will remain in use, this prevents connections & makes it frustrating.
    Your external IP address may change depending on your ISP & internet service type, whatsmyip.com will help you see changes but only from inside the network. dyndns.com or no-ip.org can help with this issue. Either the WD or the router should be made responsible for updating any dyndns records.
    I haven't mentioned setting up ssh keys, there are many guides on the web. Once keys are setup you can disable password login via ssh on the WD, just be aware that if the keys do not work you get locked out of ssh - potentially catastrophic on these NAS's that have limited access. Transmit will use keys saved in your user account.
    Local forwarding seems complex (it is) but once it works you can save the commands in two scripts, one to connect & mount the disk(s), another to disconnect & kill the ssh connections. It makes life easier. Transmit skips the need for these altogether.
    I suspect that is very scary, sorry it is just complex to setup. Test locally is my advice (use the internal IP when inside), then move onto testing from outside. If you have an iPhone apps like Prompt or iSSH can allow you to test connections via cellular data which is outside the LAN.
    I'll try to clarify if you have questions, but it's very difficult to troubleshoot via forums, so good luck

  • 802.1x - Issue with command: authentication open

    The issue we are running into is that when we initially deployed 802.1x we had the command “authentication open” on all of our switch ports. We ran a CscoWorks job last week Thursday to remove that command from all of our ports. Since that time we have ran into a couple of weird issues where the device was powered up but the switch port would show notconnect when doing a show int status but the speed would show a-1000 and duplex would show a-full. There would be no mac address listed when doing a “show mac add int ‘interface’” and the device would be in the MAB running state. This is happening on devices that are supposed to be doing 802.1x and MAB authentication, if we put the command “authentication open” back onto the port it showed connected and mac address. Now we have over 1000 switches on the network with this command removed and so far have only ran into a couple of these odd ball problem ports so at this time it is not happening widespread but would like to take care of the issue or figure out why this happening before it does.

    On the 2960's we are running 12.2(55)SE5, on the 6500's we are running 15.1(1)SY
    We didn't use any kind of ACL because we start all of our switch ports into a black hole vlan. I have been watching sessions from Cisco Live 2012 and looks like Cisco is now recommending that you don't go closed mode unless absolutely necessary because it is hard to maintain and function.

  • I am having trouble viewing iStore. It appears as if its a Flash issue, as several minutes after logging in to iStore I get a non-flash page of iStore in my iTunes window. I have re-installed everything and tried opening all ports in router....any ideas?

    I am having trouble viewing iStore. It appears as if its a Flash issue, as several minutes after logging in to iStore I get a non-flash page of iStore in my iTunes window. I have re-installed everything and tried opening all ports in router, and used msconfig to bring up each service individually to see if there is an effect.Flash and iTunes have been re-installed  ...any ideas?

    I agree. I don't rely on iCloud as a backup, that is what I have my portable hard drive for. Its 500 GB so I can hold my entire iTunes library several times over on it. I have all my movies on my hard drive, but somehow "The Mist" got deleted off of my hard drive, so I figured "Well, the option to redownload an already purchased movie is available through iCloud, I'll just do that!"
    And permissions and download availability have nothing to do with it, the movie's still there, it still allows me to redownload it. The only problem is when I click download, I get that message.
    And nobody else uses my computer, but I do have multiple accounts authorized on it. Even still though, I am attepmpting to download it through the account I purchased it under. :/

  • Open same port for multiple servers.

    I am sorry if this sounds rudimentary, but I wanted to make sure. I want to open up port 80 to more than one web server. I already have port 80 open on one public IP address and have another one ready to use for another server. My assumption is that I should just be able to create a policy using the additional IP address and use port 80 without any issues. Is that correct to assume? I would also like to know, how one would do this is they only had one public IP address. I believe these should be relatively easy questions for the experts here. Thanks.  

    If you have a netblock from which you can assign multiple IP addresses then, yes - just asign additional access-list entries and static NAT entries.
    If you only had a single (or limited number all in use) public IP address then you would have to use some sort of PAT (port address translation). for instance:
    server 0 is <outside address>:80
    server 1 is <outside address>:81
    server 2 is <outside address>:82
    ..etc. Your remote users would then have to specify the non-default port (80/81/82) when browsing to the site.

  • How can I open the ports with the Airport Extreme?

    I have an Airport Extreme Base Station connected to a cable modem and I want to open the ports for the two Playstation 3's I connected to the Airport Extreme via Cat 6 ethernet cable. The first Playstation 3 will be used to play Call of Duty Modern Warfare 2 and the other Playstation 3 will be used to watch streaming movie from Netflix. Does anyone know if this can be done?

    It is documented on Page 54 of Apple's "Designing
    AirPort Networks Using AirPort Utility Mac OS X v10.5 + Windows" (direct PDF download link).
    The public port and private port would be set the same value.

  • How do I port forward or open a port on the Airport time capsule to hook p a security system?

    I have an airport time capsule and a security system.  The installer doesn't know anything about using routers etc, especially on a mac.  They say I have to port forward or open a port specifically of this device.  I have very few skills when doing this IT type.  Is this hard to do?  Can I do it myself?  He wants to get an IT guy out?  $55 an hour, how long would it take?  Thanks in advance for anyone who can help!

    The method is here.
    AirPort - Port Mapping Basics using AirPort Utility v6.x
    If you need to get someone in, it depends.. The TC can be recalcitrant.. due to your setup of it following the apple guides.. and it depends on the security system and how simple that is.
    There are multiple issues.. for example how do you find your IP address from the web when you have dynamic IP from your ISP.
    Do you intend to setup dynamic DNS? Can the camera /dvr system handle Dynamic DNS?
    I recommend you read very carefully the instructions for what has been installed.. because merely opening the port is only a small part of the issues involved in remote access to the security system.

  • Wireless CCTV - need to open a port

    Hi All;
    I have a wireless monitoring system (CCTV) for my home that can be accessed remotely though my IPhone or IPad when I am away.
    It works great while I am at home on my wireless network but I cannot get access when on a remote Wi-Fi.
    Apple Store here says I need to open a port in my Time Capsule to allow access when I am outside my network.
    Anyone have instructions or can step by step it for me?
    Thanks in Advance.
    Mark

    Thanks for the reply William;
    I actually contacted the manufacturer and they sent me a step by step instruction including, as you suggested the ports that the cameras use.
    Once we get through this Christmas season ... will get it all set up.
    Thanks again
    Mark

Maybe you are looking for

  • Issue in using BIAccelerator with Business Objects WebIntelligence report

    Hi, I am trying to improve performance of Webi Reports on BW queries (with huge data load) with BI Accelerator. When I run one BW query (with millions of records) in Bex 7, am getting data within no time when I used BIA. When I run Webi report on uni

  • Why is the compilation error

    Hi there, Can you pls help why this error is coming? code in post query (previous state it was working): GET_CAUSAL_FACTOR_DESCRIPTION; GET_SUPPLIER_NAME; SETTLEMENT_STATUS_AMOUNTS; New code in Post query: DECLARE cur_itm VARCHAR2(80); cur_block VARC

  • Classic and TV

    Hi. I can connect my 80G classic to the TV for videos and such, no problem. Sound and image perfect. But, I was hoping that I could view my music lists as Coverflow, or a menu, on the TV thru the component cables. I can only view the videos and films

  • Finding the number of Non-Blank Line in a File

    Does anyone know the command or how to find the number of non-blank lines in a text file? I have the program already reading characters, words, and total lines.           BufferedReader FileIn = new BufferedReader( new FileReader( selectedFile ) );  

  • To Switch or Not to?

    This is to all of you who have switched from Tiger to Leopard: Was it a good switch? Martin.