Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About esprit1987
Stats
Member since
01-09-2017
12
Posts
5
Helpful
0
Solutions
06-27-2019
08:48 AM
Turns out my advsecurity license wasn't active. I applied "license comment add advsecurity..." and ip inspect commands came to life. I will work through the infor you have given. Many thanks.
... View more
06-27-2019
01:05 AM
Thanks Phil, Looks good, but I cannot apply firewall commands so I'm trying to work out what features I do have and what I don't. If there is no firewall I cannot connect to my corperate network...?
... View more
06-26-2019
04:34 PM
Hi, Hope you can assist. I have setup a 887VA with a Client VPN but before deploying onsite, I was wandering how to make it more secure. Other than ACLs I see no firewall configuration "Ip Inpect Command Un recognized" The datasheet says its supported, am I missing something? My version is below... Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.7(3)M, RELEASE SOFTWARE (fc1)
... View more
Labels:
06-26-2019
04:27 PM
Thanks for your assistance, all working okay. Now to live deplyment...
... View more
06-26-2019
07:50 AM
Hi Both, I think we're nearly there with the config provided, however, I cannot ping across from 10.10.10.0 from the VPN connection because now I am using FE3 as VLAN 50 to the 3750, VLAN1 interface is down. How do I keep this interface UP when nothing is plugged into a VLAN1 port?
... View more
06-25-2019
02:04 PM
Looks positive, much appreciated. I'll give this ago and I will up date with progress...
... View more
06-25-2019
02:00 PM
Thanks for your prompt reply. Thats correct my 3750 is doing the inter VLAN routing. Unfortunatly I couldn't ping anything outside of my VPN or visa versa. I did try creating a VLAN 10 Interface to solve this issue of VLAN1 conflict but no joy. Must me something I'm missing. Here is my 3750 config... version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname SW-5 ! no aaa new-model system mtu routing 1500 ip subnet-zero ip routing ! ! mls qos map cos-dscp 0 8 16 26 32 46 48 56 mls qos srr-queue input bandwidth 90 10 mls qos srr-queue input threshold 1 8 16 mls qos srr-queue input threshold 2 34 66 mls qos srr-queue input buffers 67 33 mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0 mls qos srr-queue input cos-map queue 2 threshold 1 2 mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7 mls qos srr-queue input cos-map queue 2 threshold 3 3 5 mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15 mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue input dscp-map queue 1 threshold 3 32 mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23 mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48 mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56 mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47 mls qos srr-queue output cos-map queue 1 threshold 3 5 mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 2 4 mls qos srr-queue output cos-map queue 4 threshold 2 1 mls qos srr-queue output cos-map queue 4 threshold 3 0 mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47 mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31 mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23 mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39 mls qos srr-queue output dscp-map queue 4 threshold 1 8 mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15 mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7 mls qos queue-set output 1 threshold 1 138 138 92 138 mls qos queue-set output 1 threshold 2 138 138 92 400 mls qos queue-set output 1 threshold 3 36 77 100 318 mls qos queue-set output 1 threshold 4 20 50 67 400 mls qos queue-set output 2 threshold 1 149 149 100 149 mls qos queue-set output 2 threshold 2 118 118 100 235 mls qos queue-set output 2 threshold 3 41 68 100 272 mls qos queue-set output 2 threshold 4 42 72 100 242 mls qos queue-set output 1 buffers 10 10 26 54 mls qos queue-set output 2 buffers 16 6 17 61 mls qos ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0 ip address 192.168.140.1 255.255.255.0 ! interface GigabitEthernet0/1 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/2 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/3 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/4 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/5 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/6 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/7 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/8 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/9 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/10 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/11 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/12 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/13 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/14 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/15 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/16 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/17 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/18 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/19 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/20 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/21 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/22 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/23 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/24 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/25 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/26 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/27 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/28 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/29 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/30 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/31 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/32 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/33 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/34 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/35 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/36 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/37 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/38 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/39 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/40 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/41 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/42 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/43 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/44 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/45 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/46 description Building 5 LAN switchport access vlan 2 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/47 description Building 5 LAN switchport access vlan 2 switchport mode access auto qos voip trust spanning-tree portfast ! interface GigabitEthernet0/48 description P2P LINK BUILDING 4 switchport trunk encapsulation dot1q switchport trunk native vlan 3 switchport mode trunk spanning-tree bpdufilter disable spanning-tree bpduguard disable ! interface GigabitEthernet0/49 switchport trunk encapsulation dot1q ! interface GigabitEthernet0/50 ! interface GigabitEthernet0/51 ! interface GigabitEthernet0/52 ! interface TenGigabitEthernet0/1 switchport trunk encapsulation dot1q ! interface TenGigabitEthernet0/2 description P2P LINK BUILDING 3 switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast ! interface Vlan1 ip address 192.168.153.1 255.255.255.0 ! interface Vlan2 description BUILDING 5 ip address 192.168.150.254 255.255.255.0 ! interface Vlan3 description BUILDING 4 ip address 192.168.151.254 255.255.255.0 ! ip classless ip route 192.168.151.0 255.255.255.0 192.168.151.1 ip route 192.168.153.0 255.255.255.0 192.168.153.254 ip http server ! ! control-plane ! ! line con 0 line vty 0 4 password ******** login length 0 line vty 5 15 login length 0
... View more
06-25-2019
12:19 PM
Hi, Hope you can help. I am installing a 877VA and connecting to 3750 Core and need to access video streams over VPN to 3 internal inter-routed VLANS... VLAN1 = 192.168.153.1\24 VLAN2 = 192.168.150.254\24 VLAN3 = 192.168.151.254\24 I have my 877 working over VPN but i'm stuck on how best access resources on my internal network above? As it stands I can only connect to my test subnet of 10.10.10.0 255.255.255.248. I have included initial config below... version 15.7 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname yourname ! boot-start-marker boot config usbflash0:CVO-BOOT.CFG boot-end-marker ! ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local aaa authentication login vpn_xauth_ml_1 local aaa authentication login sslvpn local aaa authorization network vpn_group_ml_1 local ! ip dhcp excluded-address 10.10.10.4 10.10.10.6 ! ip dhcp pool cvo-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 dns-server 8.8.8.8 8.4.4.8 lease 0 2 ! ! ! ip domain name yourdomain.com ip name-server 8.8.8.8 ip name-server 8.4.4.8 ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! controller VDSL 0 no cdp run ! ! class-map type inspect match-all INTERNAL_DOMAIN_FILTER ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group ****************** key ************ pool vpn_client_pool acl vpn_resources max-users 10 crypto isakmp profile vpn_ike_profile match identity group ************* client authentication list vpn_xauth_ml_1 isakmp authorization list vpn_group_ml_1 client configuration address respond virtual-template 2 ! ! crypto ipsec transform-set vpn_transform esp-3des esp-sha-hmac mode tunnel ! ! crypto ipsec profile vpn_profile set transform-set vpn_transform ! ! ! ! ! ! ! interface ATM0 no ip address no atm ilmi-keepalive ! interface ATM0.1 point-to-point description PrimaryWANDesc_WAN pvc 0/38 pppoe-client dial-pool-number 1 ! ! interface Ethernet0 no ip address shutdown ! interface FastEthernet0 no ip address spanning-tree portfast ! interface FastEthernet1 no ip address spanning-tree portfast ! interface FastEthernet2 no ip address spanning-tree portfast ! interface FastEthernet3 no ip address spanning-tree portfast ! interface Virtual-Template2 type tunnel ip unnumbered Vlan1 tunnel mode ipsec ipv4 tunnel protection ipsec profile vpn_profile ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1412 ! interface Dialer0 no ip address no cdp enable ! interface Dialer1 description PrimaryWANDesc_WAN_0.1 mtu 1492 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside no ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1412 dialer pool 1 dialer idle-timeout 0 dialer-group 1 ppp mtu adaptive ppp authentication chap callin ppp chap hostname ************************ ppp chap password 0 ************************** ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept no cdp enable ! ip local pool vpn_client_pool 10.10.10.4 10.10.10.6 no ip forward-protocol nd no ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip dns server ip nat inside source list 10 interface Dialer1 overload ip route 0.0.0.0 0.0.0.0 Dialer1 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ip access-list extended vpn_resources permit ip 10.10.10.0 0.0.0.255 any ! dialer-list 1 protocol ip permit ipv6 ioam timestamp ! access-list 10 permit 10.10.10.0 0.0.0.255 access-list 10 remark nat-pool access-list 23 permit 10.10.10.0 0.0.0.255 access-list 23 remark vty access-list 23 deny any log ! ! ! ipv6 access-list V6-FILTER permit icmp any any deny ipv6 any any log ! ipv6 access-list ipv6_deny deny ipv6 any any ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! line con 0 logging synchronous no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 ipv6 access-class ipv6_deny in transport input telnet escape-character 3 ! scheduler allocate 20000 1000 ! ! ! ! ! ! end
... View more
Labels:
01-17-2017
01:20 PM
Many thanks Paul,
I shall give this ago once back on the project and I update with my progress.
Thanks again,
Nick
... View more
01-13-2017
08:51 AM
Hi,
Yes that is how I expect it to behave, and that was the case upto around 145 VLANs. Now that is not the case and I have no idea why.
I assign the access port on my edge switch as untagged, the VLAN is allowed on the trunk as tagged. I plug my laptop into the port in the correct IP range and I cannont ping the VLAN gateway.
If I add the same VLAN to a port on the Core L3 Switch, in this case the 2960, the vlan activates and I can now ping the gateway.
If I go back to the edge switch, plug my laptop into the previously configured port it works.
I am very bemused.
... View more
01-10-2017
05:35 AM
Many thanks for the reply.
You will have to excuse my ignorance, but how will enabling MST solve this issue?
I am assuming by having the ability to map multiple VLANs to one spanning tree instance, the VLANs created after my initial spanning tree instances ran out, will activate once mapped under MST...
... View more
01-09-2017
01:29 PM
Hi,
I am having issues with a large number of my VLAN interfaces. Even though interfaces and trunks have been configured and end devices plugged in upstream, they stay in “down” state and I cannot ping their associated gateway. As it stands the only way to activate the new interfaces is to carry out the following
...by adding one of the new VLANs to an access port on the core switch (Catalyst 2960xr), hey presto, the interface is UP and I can ping the gateway! Please see below command string depicting this process...
ABLECORE#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ABLECORE(config)#!
ABLECORE(config)#interface GigabitEthernet1/0/23
ABLECORE(config-if)# switchport access vlan 411
% Access VLAN does not exist. Creating vlan 411
ABLECORE(config-if)# switchport mode access
ABLECORE(config-if)#!
Jan 4 06:40:57.203: %SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 128 STP instances exceeded. No instance created for VLAN411 (port Gi1/0/28).
Jan 4 06:40:57.329: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan411, changed state to up
This problem only started after programming the first 100 or so VLANs (210 in total). I have attached a copy of the sh VLAN and sh run for reference. My edge switching consist of SG and SF-300 small business switches.
I would very much appreciate feedback on this issue.
... View more
Labels:
06-27-2019
Turns out my advsecurity license wasn't active. I applied "license
comment add advsecurity..." and i...
06-27-2019
Thanks Phil,Looks good, but I cannot apply firewall commands so I'm
trying to work out what features...
06-26-2019
Hi, Hope you can assist. I have setup a 887VA with a Client VPN but
before deploying onsite, I was w...
06-26-2019
Hi Both,I think we're nearly there with the config provided, however, I
cannot ping across from 10.1...
06-25-2019
Thanks for your prompt reply. Thats correct my 3750 is doing the inter
VLAN routing. Unfortunatly I ...
06-25-2019
Hi, Hope you can help. I am installing a 877VA and connecting to 3750
Core and need to access video ...
01-17-2017
Many thanks Paul, I shall give this ago once back on the project and I
update with my progress. Than...
01-13-2017
Hi, Yes that is how I expect it to behave, and that was the case upto
around 145 VLANs. Now that is ...
01-10-2017
Many thanks for the reply. You will have to excuse my ignorance, but how
will enabling MST solve thi...
Public Statistics
| Date Registered | 01-09-2017 01:07 PM |
| Date Last Visited | 08-07-2019 12:17 AM |
| Total Messages Posted | 12 |
| Total Helpful Votes Received | 5 |
Helpful Votes Given To
.jpg "VIP Advisor"){kind=icon}
.jpg "Hall of Fame Expert"){kind=icon}
