Hello,   post the full configuration of the switch. Do you have ip routing enabled and a default route pointing to firewall ? ... View more

Hello,   can you post the output of 'route print' from your Windows PC with the VPN connected and the 'Use default gateway on remote network' box checked, and with that box unchecked ?   Looking at your NAT, try and add the line in bold to the VPN pool network object:   ASA(config)#object network NETWORK_OBJ_10.10.10.0_26 ASA(config-network-object)# subnet 10.10.10.0 255.255.255.192 ASA(config-network-object)# nat (outside,outside) after-auto source dynamic NETWORK_OBJ_10.10.10.0_26 interface   ... View more

Hello,   it depends on what you are running on the router, but with a simple NAT overload configuration, you should be able to get around 500Mbps...   I have found the interesting read below, you might want to have a look:   https://blog.dchidell.com/2016/03/20/cisco-897-tinkering/ ... View more

Hello,   as far as I recall, you can configure ISE to send email notifications. I think the setting is under:   Administration > Settings > Alarm settings ... View more

Hello,   try and change the LMI type on the interfaces (this needs to be done on all interfaces). You have three options, try all three...   int s0/1/0 ip add 10.1.1.1 255.255.255.252 en frame-relay no frame-relay inverse-arp frame-relay lmi-type {ansi | cisco | q933a} frame-relay map ip 10.1.1.2 103 broadcast frame-relay map ip 10.1.1.1 103 no shut     ... View more

Hello,   if you want the script only to be triggered when certain users log in, you need to change the script. The example below has two tags for 2 users, if you have more users, add additional event tags and and additional 'or' operator for the correlation.   Also, add actions 4.0 and 5.0 to the script, otherwise you might have a problem with running out of TTY lines...   event manager applet CFG_CHANGE event tag 1 syslog occurs 1 pattern "SYS-5-CONFIG_I: Configured from console by user_1" event tag 2 syslog occurs 1 pattern "SYS-5-CONFIG_I: Configured from console by user_2" trigger correlate event 1 or event 2 action 1.0 cli command "enable" action 2.0 cli command "show archive config differences nvram:startup-config system:running-config" action 3.0 mail to "user@company.com" from "user@company.com" server "x.x.x.x" subject "Configuration has been changed:" body "$_cli_result" action 4.0 cli command "end" action 5.0 cli command "exit" ... View more

Hello,   the script will run every time a user goes into config mode and adds a line. 'Conf t' by itself will not generate a syslog message that makes the script run, adding a line in e.g. interface configuration mode such as 'ip address 192.168.1.1 255.255.255.0' will.   CPU and memory usage shouldn't be a problem. How often do 3rd party users make these changes ? ... View more

Hello,   you could also use the 'archive' function on the devices and run an EEM script that notifies you by email when a change to the configuration has been made.   EEM script to track configuration changes:   1. enable 2. configure terminal 3. archive 4. log config 5. logging enable 6. logging size entries 7. hidekeys 8. notify syslog 9. end   Each time the configuration is changed, it will generate a syslog message similar to this: *Apr 19 09:52:28.129: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface GigabitEthernet0/0   You could use that to run an EEM script. The show archive command will show the difference between the startup and the running config and notify you by email.   event manager applet CFG_CHANGE event syslog occurs 1 pattern "PARSER-5-CFGLOG_LOGGEDCMD" action 1.0 cli command "enable" action 2.0 cli command "show archive config differences nvram:startup-config system:running-config" action 3.0 mail to "user@company.com" from "user@company.com" server "x.x.x.x" subject "Configuration has been changed:" body "$_cli_result" ... View more

Hello,   what is the SPAN session for ? Can you post a screenshot of what you say are missing CLI lines on your phones ? ... View more

Hello,   2960#conf t 2960(config)#int vlan 1 2960(config-int)#shut 2960(config-int)#exit 2960(config)#interface Vlan 99 2960(config-int)#ip address x.x.x.x y.y.y.y ... View more

Hello,   typcally you would configure the card as below. You need to find out from your ISP (who is your ISP ?) what VLAN tag you are required to configure:   controller VDSL 0/0/0 operating mode vdsl2 firmware filename flash:vdsl.bin-xxxxxxxx ! interface Ethernet0/0/0 no ip address ! interface Ethernet0/0/0.x encapsulation dot1Q x pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer1 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp load-interval 30 dialer pool 1 dialer-group 1 ppp authentication pap chap callin ppp chap hostname hostname ppp chap password password ppp pap sent-username username password password ... View more

Hello,   what does your BGP configuration look like, can you post it ? How many BGP routes are you receiving (full routing table) ? ... View more

Hello,   which IOS version are you running on your 4321 routers ? It could be that you are hitting the bug below:   ISR 4331 + NIM-1MFT-T1/E1 + Frame-relay circuit does not come up CSCvc08339 Description Symptom: Same circuit works fine on 1841 router , issue is seen when the same circuit is connected on ISR4331 , controller flaps , PVC status in deleted state , tried changing the cable length configurations. Conditions: Issue is seen on ISR 4331 router , frame-relay circuits does not come up Workaround: No work around   Known Fixed Releases: (12) Everest-16.5.1 Everest-16.4.2 Denali-16.3.3 Denali-11.3.3 16.5.1 16.5(0.122) 16.4.2 16.4(1.1) 16.3.3 16.3(1.85) 15.5(3)S5 11.3(3) ... View more

Hello,   not sure if you have already resolved this, but below is what I have come up with:   vlan access-map FILTER_10 10 match ip address 101 action forward vlan access-map FILTER_10 20 match ip address 102 action drop vlan access-map FILTER_10 30 action forward ! vlan filter FILTER_10 vlan-list 10 ! access-list 101 permit ip host 192.168.1.5 host 192.168.1.9 eq 443 access-list 101 permit ip host 192.168.1.9 host 192.168.1.5 eq 443 access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255 ... View more