Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About DAVID THORNTON
Stats
Member since
03-13-2012
18
Posts
0
Helpful
0
Solutions
05-07-2015
02:16 AM
Hi I need to create a ASA asdm user who can do read only but also manage an acl from the ASDM interface i.e. role based users with a mainly read only setup but also ideally to be able to just enable/disable (manipulate) acl entries i think this is doable using command privilege levels but so far have not managed to do it can anyone help please? thanks dave
... View more
Labels:
02-03-2015
06:18 AM
trythis ... http://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/cloud_web_security_ordering_guide.pdf
... View more
02-03-2015
06:07 AM
i have same problem for a C891 ISR router all i can find so far is this:- BUT no part numbers or prices etc THANKS for any help Ordering Q. What products are required for Cisco ISR Web Security with Cisco ScanSafe? A. There are three components required: ● Cisco ISR G2 platform as listed in Table 1 ● Security SEC K9 license bundle for Cisco ISR ● Cisco ScanSafe Web Security service subscription <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<??????????????????????? Q. How is the Cisco ScanSafe service priced? A. The Cisco ScanSafe Web Security service, as a subscription, is priced per user, per month. The price per month varies on pricing bands based on the number of users and the subscription term (12, 24, or 36 months). The number of users is the total number of users across the entire organization, not per site. The pricing calculation is as follows: (Number of users) * (Number of months) * (Cost per month) = Total for subscription Q. How is the user count calculated? A. The user count is the total number of Internet users within the global organization as a whole. A user is defined as an identity that exists within authentication directories. Licensing is not defined per device. There is no per site license subscription.
... View more
08-20-2014
07:36 AM
Hello http inspection working; but https gets me to the page i am trying to hide.. i can block http://xxx.whatever.com/somewhere_i_want_to_hide/page.html using the documents referenced above owever; if i prepend the url with https:// this bypasses the http inspection on the ASA (V9) now i understand "deep packet" inspection is not possible due to encryption under SSL but why cant the ASA block the access to the page seeing as the top level url is not actually anything but clear text? this is my code snippet that works ok to block the http with "webservices" in it i need to do the same for https:// {blah-webservices-blah} regex blockex1 ".*webservices.*\.svc" class-map inspection_default match default-inspection-traffic class-map type inspect http match-any block-url-class match request uri regex blockex1 ! policy-map type inspect http block-url-policy parameters class block-url-class drop-connection log policy-map global_policy description inspect and block specific http URI requests class inspection_default . . inspect http block-url-policy ! service-policy global_policy global thanks dave
... View more
05-09-2014
05:41 AM
What is required to replace ACS with ISE in simple terms? I am looking to basically authenticate wired and wireless access against the local/AD) user database via Cisco kit I am thinking all I need is the BASE (perpetual) license rather than the advanced/wireless licenses Is there a limit to how many devices or users the base can deal with in its simplest form. I would also like to be able to push out a splash screen for wireless users during authentication. Can this be done just with the ISE Base License alone for a wireless solution (via WLC with LWAPS or Autonomous APs) thanks dave
... View more
Labels:
Created by
DAVID THORNTON
in Wireless and Mobility
in Wireless and Mobility
08-09-2013
07:18 AM
08-09-2013
07:18 AM
stop the press! I have it working :-) I will double check that i have this all ok now and post the reasons back here. dave
... View more
Created by
DAVID THORNTON
in Wireless and Mobility
in Wireless and Mobility
08-09-2013
07:01 AM
08-09-2013
07:01 AM
thank you both for helping me and for the pointers. I have a config (attached) I have this update to the case:- laptop and iphone on same wireless LAN (interface3) wireless LANcalled clients34 With the command config mdns snooping DISable i can see the Airserver from the iPAD and it works (WITHIN) the wireless WLAN i.e. both on same WLAN and IP subnet if i issue config mdns snooping ENable the Airserver disappears and wont work it comes back as soon as i disable the mdns snooping this is consistently reproducible any ideas welcomed it never works between WLANs (so far!) dave here is the config config location expiry tags 5 config interface address management 10.99.98.40 255.255.255.128 10.99.98.1 config interface dhcp management primary 10.99.98.3 config interface port management 1 config interface vlan management 10 config interface address virtual 1.1.1.1 config interface address dynamic-interface clients33 10.10.33.6 255.255.255.0 10.10.33.1 config interface create clients33 33 config interface dhcp dynamic-interface clients33 primary 10.99.98.3 config interface port clients33 2 config interface vlan clients33 33 config interface address dynamic-interface clients34 10.10.34.6 255.255.255.0 10.10.34.1 config interface create clients34 34 config interface dhcp dynamic-interface clients34 primary 10.99.98.3 config interface port clients34 2 config interface vlan clients34 34 config 802.11b 11gsupport enable config 802.11b cac voice sip bandwidth 64 sample-interval 20 config 802.11b cac voice sip codec g711 sample-interval 20 config 802.11b cleanair alarm device enable 802.11-nonstd config 802.11b cleanair alarm device enable jammer config 802.11b cleanair alarm device enable 802.11-inv config sysname Apple config logging traceinfo disable debugging config logging syslog level debugging config logging syslog level 7 config logging syslog host 10.99.98.36 config database size 2048 config country US config advanced probe limit 2 500 config advanced probe-limit 2 500 config advanced 802.11a channel add 36 config advanced 802.11a channel add 40 config advanced 802.11a channel add 44 config advanced 802.11a channel add 48 config advanced 802.11a channel add 52 config advanced 802.11a channel add 56 config advanced 802.11a channel add 60 config advanced 802.11a channel add 64 config advanced 802.11a channel add 149 config advanced 802.11a channel add 153 config advanced 802.11a channel add 157 config advanced 802.11a channel add 161 config advanced 802.11b channel add 1 config advanced 802.11b channel add 6 config advanced 802.11b channel add 11 config mdns service query enable AFP config mdns service create AFP _afpovertcp._tcp.local. query enable config mdns service query enable AirPrint config mdns service create AirPrint _ipp._tcp.local. query enable config mdns service query enable AirTunes config mdns service create AirTunes _raop._tcp.local. query enable config mdns service query enable AppleRemoteDesktop config mdns service create AppleRemoteDesktop _net-assistant._udp.local. query enable config mdns service query enable AppleTV config mdns service create AppleTV _airplay._tcp.local. query enable config mdns service query enable HP_Photosmart_Printer_1 config mdns service create HP_Photosmart_Printer_1 _universal._sub._ipp._tcp.local. query enable config mdns service query enable HP_Photosmart_Printer_2 config mdns service create HP_Photosmart_Printer_2 _cups._sub._ipp._tcp.local. query enable config mdns service query enable Printer config mdns service create Printer _printer._tcp.local. query enable config mdns profile service add default-mdns-profile AirPrint config mdns profile service add default-mdns-profile AppleTV config mdns profile service add default-mdns-profile HP_Photosmart_Printer_1 config mdns profile service add default-mdns-profile HP_Photosmart_Printer_2 config mdns profile service add default-mdns-profile Printer config mdns profile create default-mdns-profile config mdns snooping enable config mobility group domain MOBGROUP config network rf-network-name RFGROUP config network telnet enable config network broadcast enable config network multicast igmp snooping enable config network multicast l2mcast disable service-port config network multicast l2mcast disable virtual config network multicast mld snooping enable config network multicast global enable config dhcp address-pool scope33 10.10.33.2 10.10.33.254 config dhcp default-router scope33 10.10.33.1 config dhcp create-scope scope33 config dhcp network scope33 10.10.33.0 255.255.255.0 config dhcp address-pool "scope 34" 10.10.34.2 10.10.34.254 config dhcp default-router "scope 34" 10.10.34.1 config dhcp create-scope "scope 34" config dhcp dns-servers "scope 34" 8.8.8.8 config dhcp network "scope 34" 10.10.34.0 255.255.255.0 config dhcp lease scope33 86400 config dhcp enable scope33 config dhcp lease "scope 34" 86400 config license boot base config license agent max-sessions 9 config 802.11a cac voice sip bandwidth 64 sample-interval 20 config 802.11a cac voice sip codec g711 sample-interval 20 config 802.11a cleanair alarm device enable 802.11-nonstd config 802.11a cleanair alarm device enable jammer config 802.11a cleanair alarm device enable 802.11-inv config nmsp notification interval rssi rfid 2 config certificate generate webauth config wlan mfp client enable 1 config wlan mfp client enable 3 config wlan mfp client enable 4 config wlan dhcp_server 1 10.99.98.3 required config wlan security ft over-the-ds disable 1 config wlan security wpa wpa1 ciphers aes enable 1 config wlan security wpa wpa1 ciphers tkip enable 1 config wlan security wpa wpa1 enable 1 config wlan security wpa wpa2 ciphers aes disable 1 config wlan security wpa wpa2 disable 1 config wlan security wpa akm psk set-key hex encrypt 1 a1f6e0bbf14d724dc3f66873d6f810a6 786fcab479dd2b3ab7fe1e79eb569f3bcd8bec22 48 db307698ce2f6146a19f3b40cb7a52b39b8062c5d6f8f0f37d60dc98cde78d6a1e8aea0014292f6192cd1a06a447fccd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1 config wlan security wpa akm psk enable 1 config wlan security wpa akm 802.1x disable 1 config wlan security wpa enable 1 config wlan security web-auth server-precedence 1 local radius ldap config wlan security wapi akm psk set-key hex encrypt 1 a1f6e0bbf14d724dc3f66873d6f810a6 786fcab479dd2b3ab7fe1e79eb569f3bcd8bec22 48 db307698ce2f6146a19f3b40cb7a52b39b8062c5d6f8f0f37d60dc98cde78d6a1e8aea0014292f6192cd1a06a447fccd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1 config wlan dhcp_server 3 10.99.98.3 required config wlan security ft over-the-ds disable 3 config wlan security wpa wpa1 ciphers aes enable 3 config wlan security wpa wpa1 enable 3 config wlan security wpa wpa2 ciphers aes disable 3 config wlan security wpa wpa2 disable 3 config wlan security wpa akm psk set-key hex encrypt 1 42a623f34bd4ac9f6c4d8415be540e52 aa8f5add9351816443d374a3fa1cd76ee34ec325 48 83269c2ab1bfffb0717cf80763bf2be8e30af9de5d784f132deef8aba1ef463d37eda9fcca7b3edac4f16806799bddb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 3 config wlan security wpa akm psk enable 3 config wlan security wpa akm 802.1x disable 3 config wlan security wpa enable 3 config wlan security web-auth server-precedence 3 local radius ldap config wlan security wapi akm psk set-key hex encrypt 1 42a623f34bd4ac9f6c4d8415be540e52 aa8f5add9351816443d374a3fa1cd76ee34ec325 48 83269c2ab1bfffb0717cf80763bf2be8e30af9de5d784f132deef8aba1ef463d37eda9fcca7b3edac4f16806799bddb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 3 config wlan dhcp_server 4 10.99.98.3 required config wlan security ft over-the-ds disable 4 config wlan security wpa wpa1 ciphers aes enable 4 config wlan security wpa wpa1 enable 4 config wlan security wpa wpa2 ciphers aes disable 4 config wlan security wpa wpa2 disable 4 config wlan security wpa akm psk set-key hex encrypt 1 5032332e8e93f8a77f2d0e2f97d411e4 37dee84d8d542d677ead99c9a06b559c3c6c39e7 48 d5576ca89f5c5201557c2a30274ac2034f0881e1502f22d0fb59b2ea05c338c9e09c57844efaa2d20967d8931c7b795c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 4 config wlan security wpa akm psk enable 4 config wlan security wpa akm 802.1x disable 4 config wlan security wpa enable 4 config wlan security web-auth server-precedence 4 local radius ldap config wlan security wapi akm psk set-key hex encrypt 1 5032332e8e93f8a77f2d0e2f97d411e4 37dee84d8d542d677ead99c9a06b559c3c6c39e7 48 d5576ca89f5c5201557c2a30274ac2034f0881e1502f22d0fb59b2ea05c338c9e09c57844efaa2d20967d8931c7b795c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 4 config wlan nasid Cisco_88:af:84 1 config wlan broadcast-ssid enable 1 config wlan interface 1 management config wlan nasid Cisco_88:af:84 3 config wlan broadcast-ssid enable 3 config wlan interface 3 clients34 config wlan nasid Cisco_88:af:84 4 config wlan broadcast-ssid enable 4 config wlan interface 4 clients33 config wlan create 1 wall wall config wlan session-timeout 1 1800 config wlan create 3 clients34 clients34 config wlan session-timeout 3 1800 config wlan create 4 clients33 clients33 config wlan session-timeout 4 1800 config wlan exclusionlist 1 60 config wlan exclusionlist 3 60 config wlan exclusionlist 4 60 config wlan wmm allow 1 config wlan wmm allow 3 config wlan mdns disable 3 config wlan wmm allow 4 config wlan enable 1 config wlan enable 3 config wlan enable 4 config ap packet-dump truncate 0 config ap packet-dump buffer-size 2048 config ap packet-dump capture-time 10 config mgmtuser add encrypt admin 1 321719832e36efcfeefd2273c587a40e 5b6894ae997a61fda287052deb92ad880db51682 16 87acec2a7c4ebbed6eee748deb8b111c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write config mgmtuser add encrypt l8admin 1 f2fbd280a591024db06b5e26e3aea6f0 0a6c6ee6cd7de16f828232164d3edeefdce05f4a 16 ba42eb8ce58babcf06c6e402e96353d60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write config rfid timeout 1200 config rfid status enable config rfid mobility pango disable transfer upload path / transfer upload datatype config transfer upload serverip 172.29.254.1 transfer upload filename Daves_WLC.txt transfer download path / transfer download serverip 172.29.254.1 transfer download filename Daves_WLC.txt
... View more
Created by
DAVID THORNTON
in Wireless and Mobility
in Wireless and Mobility
08-08-2013
07:55 AM
08-08-2013
07:55 AM
I have WLC 2504 running 7.4.100.0 with a single 1242AG AP single wireless SSID on the WLC an Apple AIRSERVER and an IPAD which should be able to do mirroring to show ipad screen on the pc they have IPs in same subnet and have base connectivity it just wont work! the ipad never sees the airplay server option come up BUT if i move these 2 systems to a cisco autonomous AP. or another commodity wireless LAN and have the 2 systems (pc/ipad) in same subnet it works if i have the pc on wired and the ipad (wireless obviously) this work on the autonomous or commodity AP fine so there is something "different" about using the WLC/LWAP right? i have tried with and without the various multicast options enabled etc please can anyone advise or help? many thanks dave
... View more
Labels:
evaluation of ISE using a 2940 switch o...
in Wireless Security and Network Management
04-15-2013
05:47 AM
04-15-2013
05:47 AM
Hi George the 2940 is cabable of doing 802.1x I am not sure exactly how to set this up with ISE at this time. I am looking for some documents that explain this so i can use my 2940 to test/familiarise myself with ISE. /dave
... View more
Created by
DAVID THORNTON
in VPN and AnyConnect
in VPN and AnyConnect
02-23-2013
09:38 AM
02-23-2013
09:38 AM
Hello I am a little confused by what I am seeing I had a Asa5510 V8.3.2 It had the default two ssl license allowing two VPN sessions for remote access We added an anyconnect essentials We are able to connect with two anyconnect clients but the third attempt alway fails The asa error says Session could not be established Session limit of 2 reached It's as if the anyconnect is trying to use SSL I have not tried reloading the asa yet Would that help.? Licenses appear ok Anyconnect I enabled Total VPN peer 250 Ssl VPN peer 2 Thanks for any pointers Dave Sent from Cisco Technical Support iPad App
... View more
Created by
DAVID THORNTON
in Switching
in Switching
11-09-2012
12:31 AM
11-09-2012
12:31 AM
Sent from Cisco Technical Support iPad App Hi Hashes fine Tried USB Tried tFTP Copy from USB to flash On 5 switches , two upgraded three wont. .... They will recover back to v12 ok No pattern I can see It seems random But there must be some difference in the kit ????
... View more
Created by
DAVID THORNTON
in Switching
in Switching
11-07-2012
11:47 PM
11-07-2012
11:47 PM
Sent from Cisco Technical Support iPad App Thanks for the tips But .... Same file works on Two of the five devices ...... Used same FTP I don't see how it could be corrupted ? Will check hashes
... View more
Created by
DAVID THORNTON
in Switching
in Switching
11-07-2012
02:32 PM
11-07-2012
02:32 PM
Hi and thanks for the reply I see the following ... Sent from Cisco Technical Support iPad App switch: set IP_ADDR 172.19.100.80/255.255.0.0 switch: set DEFAULT_ROUTER 172.19.1.128 switch: copy tftp://172.19.6.56/c3750e-universalk9-mz.150-2.SE.bin flash:/c3750e-universalk9-mz.150-2.SE.bin ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ Then… ................. File "tftp://172.19.6.56/c3750e-universalk9-mz.150-2.SE.bin" successfully copied to "flash:/c3750e-universalk9-mz.150-2.SE.bin" switch: boot flash:/c3750e-universalk9-mz.150-2.SE.bin Loading "flash:/c3750e-universalk9-mz.150-2.SE.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Then.. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ File "flash:/c3750e-universalk9-mz.150-2.SE.bin" uncompressed and installed, entry point: 0x3000 executing... Boot process failed... switch: Thank you for any help
... View more
Created by
DAVID THORNTON
in Switching
in Switching
11-07-2012
01:57 PM
11-07-2012
01:57 PM
Sent from Cisco Technical Support iPad App Hello Trying to get the 10Gbps service module to be recognised requires V15 according to cisco docs Upgrading from V12.2 55 (or .58) fails on some switches I have tried Process fails and I finish up at the switch: prompt I can recover.... The switch can be regressed back to v12.2.55 or .58 But I can't get all of them up to v15 I have tried 5 to date Same methods producing different results 2 worked 3 failed Can anyone help throw any light on this Anyone had similar problems please? Thanks
... View more
Labels:
Created by
DAVID THORNTON
in Voice Systems
in Voice Systems
06-01-2012
09:39 AM
06-01-2012
09:39 AM
Darren I will forward debugs but I am off for a week do there may be a delay Thanks for input Please lookout for the update in ten days or so Many thanks Dave Level 8 Solutions - Building Better Networks www.L8Solutions.co.uk Sent from my iPhone
... View more
05-07-2015
HiI need to create a ASA asdm user who can do read only but also manage
an acl from the ASDM interfa...
02-03-2015
trythis ...
http://www.cisco.com/c/dam/en/us/products/collateral/security/cloud-web-security/cloud_w...
02-03-2015
i have same problem for a C891 ISR routerall i can find so far is this:-
BUT no part numbers or pric...
08-20-2014
Hellohttp inspection working; but https gets me to the page i am trying
to hide..i can
blockhttp://x...
05-09-2014
What is required to replace ACS with ISE in simple terms?I am looking to
basically authenticate wire...
08-09-2013
stop the press!I have it working :-)I will double check that i have this
all ok now and post the rea...
08-09-2013
thank you both for helping me and for the pointers.I have a config
(attached)I have this update to t...
08-08-2013
I have WLC 2504 running 7.4.100.0 with a single 1242AG AP single
wireless SSID on the WLC an Apple A...
04-15-2013
Hi Georgethe 2940 is cabable of doing 802.1xI am not sure exactly how to
set this up with ISE at thi...
02-23-2013
HelloI am a little confused by what I am seeingI had a Asa5510V8.3.2It
had the default two ssl licen...
Created by
DAVID THORNTON
in Switching
11-09-2012
11-09-2012
Sent from Cisco Technical Support iPad AppHiHashes fineTried USBTried
tFTPCopy from USB to flashOn 5...
Created by
DAVID THORNTON
in Switching
11-07-2012
11-07-2012
Sent from Cisco Technical Support iPad AppThanks for the tipsBut
....Same file works on Two of the f...
Created by
DAVID THORNTON
in Switching
11-07-2012
11-07-2012
Hi and thanks for the replyI see the following ...Sent from Cisco
Technical Support iPad Appswitch: ...
Created by
DAVID THORNTON
in Switching
11-07-2012
11-07-2012
Sent from Cisco Technical Support iPad AppHelloTrying to get the 10Gbps
service module to be recogni...
Created by
DAVID THORNTON
in Voice Systems
06-01-2012
06-01-2012
DarrenI will forward debugs but I am off for a week do there may be a
delay Thanks for inputPlease l...
Public Statistics
| Date Registered | 03-13-2012 02:34 AM |
| Date Last Visited | 08-18-2017 04:00 AM |
| Total Messages Posted | 18 |
