/r/Cisco

Photograph via snooOG

Ask questions, create discussions or post news! This subreddit is for all things Cisco related!

New user accounts are moderated.

This subreddit is not affiliated with Cisco Systems.

Related subreddits:

/r/networking
/r/meraki

The Reddit Cisco Ring
- Cisco
- CCNA
- CCDA
- CCNP
- CCDP
- CCIE

Useful Links

Rules

  1. Be respectful to others.
  2. No questions about how to get Cisco software without a service contract.
  3. No posting or discussion of brain dumps.
  4. Stay on topic
  5. No sales or recruitment posts
  6. No homework help
  7. No low effort post

NOTE: The "Reddit Cisco Ring", its associates, subreddits, and creator "mechman991" are not endorsed, sponsored, or officially associated with Cisco Systems Inc. All opinions stated are those of the poster only, and do not reflect the opinion of Cisco Systems Inc., or its affiliates.

/r/Cisco

91,373 Subscribers

1

Cisco ASDM 7.17 Stuck on Validating running configuration

Hi there,

I'm experiencing an issue with the Cisco ASDM client. It's getting stuck on the "Validating Running Configuration" step. I’ve been trying to resolve this for a day now, but nothing changes.

During the validation process, I can see the syslog events working fine, so the system isn't entirely unresponsive.

My colleague can use the ASDM client without any issues.

Do you have any tips on how to fix this?

2 Comments
2024/12/04
08:20 UTC

2

L3/OSPF design

Hello,

I am designing a network for low-bandwidth communication - resilience is in favor over performance.

Customer has their own fibres between sites.

Redundancy based on Layer 3 routing. this is a quite small network, with around 2 core switches, 2 distribution switches, 5 access switches with need for redundant connection to distribution switches, and ~30 access switches that does not have need for redundant links to distribution.

Core is based on 2x L3 switches with virtual stacking.

Access based on a mix of L3 and L2 switches - L3 for switches with need for redundant links to distribution L2 for switches with no need for redundant uplinks.

Now I need advise for OSPF config - do you see any issues in defining this as one single Area 0 with this simple topology and low number of switches (routing loops etc.)? any other limitations or things I need to take into consideration?

Simple topology as as shown in image - all links are L3, unless those notes as L2 (no all access switches are shown in drawing)

2 Comments
2024/12/04
07:19 UTC

3

Cisco 2851 Dial-Up Help

I've got a homelab with a 2851 router with a VIc3 4FXS/DID card and a WIC-1AM-V2 card, I've managed to configure the fxs card to allow dialing from one port to another but I can't figure out how to configure the 1am card to allow me to dial into it to get access to the internet.

I currently can plug two laptops into the fxs card and dial one to the other to get internet access but I'd like to remove the second laptop.

I've got the 1am card in 0/3/0 and my config, so I hope someone here who has more knowledge could point me the right way.

https://pastebin.com/bC6gaEMM

3 Comments
2024/12/03
23:58 UTC

4

SSH not enabling. Keeps asking for rsa keys

I am having a hell of time enabling ssh on a 2960. Ive created the hostname domain name generated keys at 1024 VTY 0 15 is set to transport input ssh but when I do a show ip ssh it says ssh is disabled. Any thoughts?

31 Comments
2024/12/03
23:46 UTC

0

After 3 years as a network engineer, I finally want to take CCNA exam

Hello everyone! This is another CCNA exam preparation post.

I started working as a network engineer back in 2022. Until now I have gained a lot of experience with Cisco, Fortinet, CheckPoint and Alcatel products, even gained some very valuable certifications but not on Cisco.

However, even if I have been certified mainly on Firewalls, I want to get a certification which by aquiring, I will prove to myself that I have properly and officialy studied a plain networking “journey”, and not only from hands on experience, and not clearly related to Firewalls.

From what I have been talked to, it is very possible for me to go straight to CCNP. However I want to do it with no skipping, which means I have to try CCNA for real this time. When I say for real, I mean that when I began to work as a network engineer with no experience, to help me get on track, I read many chapters carefully from Todd Lamle book, I watched the whole David Bombal Udemy 80h class and spending enough valuable time on his labs, watching all Neil Anderson’s Udemy class (which I did not like too much because it was only theory and I doubt it gave all the info required for each topic for the Ccna level), and afterwards very much day to day experience.

So I have a question, to go for the CCNA as someone who wants to refresh everything learned in 3 years “”officialy”” and take the exam, what should I go for? I want to know if for example Neil Anderson or Jeremy material is enough for the CCNA scope theory wise. I intend to study each “chapter” like for example OSPF, keep notes of the theory and lab it until I learn things that I did not know exist. I am just curious if what I will find is enough and not miss important information which may be examed.

Sorry for long post 🙏

3 Comments
2024/12/03
23:27 UTC

0

How much can I earn?

How much someone with no experience can earn with the ccna certification?

3 Comments
2024/12/03
21:40 UTC

0

Looking for an CCNA instructor

Hi all,

Is anyone in here CCNA certified with an Cisco instructor cert?

If so I have questions….

Thanks!

19 Comments
2024/12/03
14:56 UTC

0

IPv6 on Cisco ASA 5545

Hi everyone,

I'm a bit stuck and hoping someone here can help me out. I'm not very experienced with IPv6, but I'm eager to learn. My current IPv6 setup is a bit unusual, and it's giving me some trouble.

My ISP has provided me with a /48 IPv6 subnet, but it’s configured as a static IP address with a gateway—no DHCPv6 or anything similar. I simply assign a static address to the outside interface, set up a route, and it works. I can ping the gateway and reach external IPv6 addresses like Google DNS without any issues.

Now, I'm trying to configure my VLANs to use /64 subnets derived from the /48 subnet assigned to the outside interface. I managed to achieve this using autoconfiguration, and my clients are successfully getting IPv6 addresses. However, the clients can't access any external IPv6 addresses—they can’t reach Google DNS or other IPv6 resources outside the network.

I suspect I need to configure an access list to fix this, but even with the rules I've created so far, it still doesn't work.

I'm working with a Cisco ASA 5506. Could someone help me figure out what I'm missing?

Thanks in advance!

This is my config:

ASA Version 9.14(4)24
!
hostname ASA
domain-name example.com
enable password ***** pbkdf2
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
service-module ips keepalive-timeout 4
service-module ips keepalive-counter 6
service-module cxsc keepalive-timeout 4
service-module cxsc keepalive-counter 6
service-module sfr keepalive-timeout 4
service-module sfr keepalive-counter 6
names
no mac-address auto
!

!
interface GigabitEthernet0/0
 description UPLINK
 nameif OUTSIDE
 security-level 0
 ip address 185.X.X.X 255.255.255.224
 ipv6 address 2a0d:XXXX:XXXX::2/48
 ipv6 address autoconfig
 ipv6 enable
 ipv6 nd suppress-ra
!
interface GigabitEthernet0/1
 description HQ
 nameif VLAN1
 security-level 100
 ip address 10.0.0.254 255.255.255.0
 ipv6 address autoconfig
 ipv6 enable
 ipv6 nd prefix default 86400 86400
 ipv6 nd prefix 2a0d:XXXX:XXXX:96::/64 86400 86400
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/6
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 shutdown
 no nameif
 no security-level
 no ip address
!
interface BVI1
 no nameif
 no security-level
 no ip address
!
boot system disk0:/asa9-14-4-24-smp-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name example.com
object network ANY-subnet
 subnet 0.0.0.0 0.0.0.0
object network VLAN1-subnet
 subnet 10.0.0.0 255.255.255.0
object network VLAN1-ipv6-subnet
 subnet 2a0d:XXXX:XXXX:96::/64
access-list vlan1_out extended permit gre object VLAN1-subnet any
access-list vlan1_out extended permit ip object VLAN1-subnet any
access-list vlan1_out extended permit ip object VLAN1-ipv6-subnet any
access-list vlan1_out extended permit gre object VLAN1-ipv6-subnet any
pager lines 24
logging asdm informational
mtu OUTSIDE 1500
mtu VLAN1 1500
no failover
no failover wait-disable
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-7221.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
!
object network ANY-subnet
 nat (any,OUTSIDE) dynamic interface
access-group vlan1_out in interface VLAN1
ipv6 icmp permit any OUTSIDE
ipv6 icmp permit any VLAN1
ipv6 route OUTSIDE ::/0 2a0d:XXXX:XXXX::1
route OUTSIDE 0.0.0.0 0.0.0.0 185.X.X.X.X 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1
ssh X.X.X.X 255.255.255.255 OUTSIDE
console timeout 0
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 185.255.55.20
ntp server 185.244.27.221 prefer
ntp server 162.159.200.1
dynamic-access-policy-record DfltAccessPolicy
username beheer password ***** pbkdf2 privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 1024
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
  inspect icmp error
  inspect snmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:8997b777f1d0e9e3400c0dba1f303046
: end
5 Comments
2024/12/03
14:33 UTC

1

How to configure a source NAT for my LAN in an IPSec VPN on Cisco ASA

I need to configure an IPSec VPN between my ASA and the client's XYZ firewall. They have requested me to perform a source NAT for my source network. Could you please guide me on how to configure it.

I am capable of configuring an IPSec VPN using both IKEv1 and IKEv2, but unfortunately, I lack the knowledge for NAT

2 Comments
2024/12/03
09:37 UTC

1

Question regarding CSCvx21260 affection

Hi,

I've got a Cisco Nexus 9k that's affected by the 21260 bug if we check the s/n on https://snvui.cisco.com/snv/FN72150.

The thing is, on the field notice (https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72150.html) says that the affected models are Micron_M500IT with firmware MU01 or MC02, but my switch has SHMST064G3FECTLP51 and FW1159.

I've tried to apply the patch but i get some errors, on another cisco nexus 9k i had, i could apply it without any problem (it was a Micron MU01)

So is it affected? What's the "right" thing to check?

1 Comment
2024/12/03
09:12 UTC

0

Cisco 896VAG-LTE with a Ubiquiti EdgeOS IOS

I just got a used Cisco 896VAG-LTE and wanted to configure it, for some reason there is an Ubiquiti EdgeOS IOS installed and I can't find any documentation about this weird third-party IOS. By default it has ssh enabled, which I assume has a random password which could be seen in the EdgeOS Web UI, but I don't even know the credentials of that. Has anyone ever heard of that weird third-party IOS or knows how I either can access it after a factory reset or restore the original one without an Console Cable via rommon? I don't know if this is the right sub for that

0 Comments
2024/12/03
08:46 UTC

3

Studying online courses with cisco, later applying to college for a network/infrastructure and cybersecurity program.

Hello friends.

Next autumn I am planning for going to college for a 3 year program. Until then I will have a decent amount of time over to prepare and study, plan is to get some ccst certifications and maybe even CCNA.
My studyplan looks something like this:

  1. https://learn.microsoft.com/en-us/training/modules/network-fundamentals/1-introductionIntroduction to networking Done
  2. Cisco Networking Basics 22h Done
  3. Computer hardware basics 6h Done
  4. Operating systems basics 12h Started
  5. Networking devices and initial configuration 22h
  6. Network Addressing and Basic Troubleshooting 14h
  7. Network Support and Security 12h
  8. Network Technician Career Path Exam
  9. Cisco Certified Support Technician (CCST) Networking Certification
  10.  Junior cybersecurity analyst career path-->
  11. Introduction to cybersecurity 6h
  12. Networking basics Done
  13. Networking devices and initial configuring Will be done before this step from earlier courses
  14. Endpoint security 27h
  15. Network defense 27h
  16. Cyber threat management 16h
  17. Junior cybersecurity analyst EXAM
  18. CCST cybersecurity certificationCisco CCNA 200-301 – The Complete Guide to Getting Certified https://www.udemy.com/course/ccna-complete/?couponCode=LETSLEARNNOW I bought this yesterday on cybermonday for 12 euros. Today it is 90 :)

So basically, do you guys think this is a decent plan? It will take some time to finish and convert this into lasting knowledge. Do you have any inputs?

6 Comments
2024/12/03
08:30 UTC

0

Cisco 2960-X and fast LACP rate

Quick question.

Do all 2960-X series switches support LACP fast rate, or is it limited to certain models or sub-series?

2 Comments
2024/12/03
08:08 UTC

0

Does it work normally if I hub the C1000 model to the CBS250 model?

Due to the increasing number of wired users

I'm going to use the C1000 by connecting it to the existing CBS250 model as a hub.

When the C1000 is connected, neither the CBS250 nor the C1000 is wired.

Previously, when only the CBS250 model was used, it was used normally.

And if you connect the C1000 to the SG220 model as a hub instead of CBS250, it will be serviced normally.

Is it a compatibility problem between models?

Or is it a setup problem?

9 Comments
2024/12/03
05:39 UTC

0

Cisco doorbuster sale

Good day everyone :)

I missed the 40% off doorbuster after I accidentally slept. Now the promo is 25% off after I wake up. Will there be another huge sale this month of December? I am planning to buy the cml.

3 Comments
2024/12/03
04:50 UTC

2

AnyConnect w/ Azure AD Auth and Cisco ISE for dACL Policies

Hello everyone!

We currently have some Cisco Firepower 2130s w/ FTD deployed that a very small set of users connect to off-site for VPN access. We use Azure AD SAML SSO to authenticate and handle MFA for the VPN connection. Once a user successfully authenticates and passes MFA, they are given pretty unrestricted network access.

Recently, we've gotten more ingrained with Cisco ISE and applying dACLs to on-prem users to restrict access and we're now looking towards restricting the access that VPN users get. I'm hoping that I can have users authenticate with SSO still and then get passed to Cisco ISE to receive policy and ACLs based on whatever criteria or groups that I have available to me.

For example, I have a user in our business office that only needs to access one server. I'd like the process to be where they attempt to connect to the VPN, get the Azure AD auth screen and pass MFA, then get connected to the network but receive a policy from ISE that only allows access to the server that they need access to (among other things like DNS, etc.) Is this possible?

If so, I'm getting stuck on where to start getting this set up. Cisco ISE doesn't currently know about the FTD/FMC and vice versa. I know I would need to get the FTDs and possibly FMC as well put into ISE as network devices. However, when a user connects to AnyConnect, is it the FTD that would ask ISE what policy to apply to the VPN user or the FMC that does that?

Googling gives me bits and pieces of my desired environment but never the full picture. Also, Cisco TAC has been terrible lately when it comes to looking for configuration assistance.

Thank you to anyone who can help point me in the right direction!

13 Comments
2024/12/02
18:56 UTC

0

ENRASI training class, advanced routing

Is there anything I need to do extra to prepare for this upcoming class, I do have my CCNA but honestly it's been some time and at my environment I more or less focus on the switching rather than the routing so how should I best prepare for this class ?

2 Comments
2024/12/02
14:59 UTC

1

CBS 350

We have CBS 350 switches at office. They have strange behavior. When unplugging SFP with optical cable from any port and plugging it into another one: it works. When plugging it back to its previous port it does not work, link is down. I do it in operating mode. Logs are clear, administrative mode of ports are up. After a while, let's say after restarting switch or after month, that port starts to work when plugging it back.. What can be the reason? Who had such situation? Thanks.

3 Comments
2024/12/02
13:43 UTC

2

Cisco ise 'password change for self is allowed only from admin users page or from admin dialog popup'

On the Network Access Users List screen in ISE, you want to change the password for one account.

When you try to make a change, you will see the following statement.

'password change for self is allowed only from admin users page or from admin dialog popup'

Do you know the solution?

4 Comments
2024/12/02
03:41 UTC

1

Does the 8821 allow 3rd party call control?

Id like to add wireless voip phones to my environment, was wondering if someone could tell me if the 8821 handhelds would work with freepbx or not. If not, could you recommend a handheld?

5 Comments
2024/12/01
21:50 UTC

0

Server Connection Issue

Need assistance with getting my pcs and severs to connect in packet tracer. The subnet masks are all matching.Devices and servers can only ping themselves.

2 Comments
2024/12/01
04:17 UTC

8

No voice traffic

Working with a 3850 switch and I've bugged up the voice VLAN somehow. Data/Access is working perfectly, but my 3 voip phones (Polycom 650 with CDP) won't register.

All of my ports are configured similarly:

interface GigabitEthernet1/0/1
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 trust device cisco-phone
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy
!
interface GigabitEthernet1/0/2
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 trust device cisco-phone
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy
!
***** etc EXCEPT PORT 48 (it's plugged into a non-stacked 3850)
!
interface GigabitEthernet1/0/48
 switchport access vlan 10
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
 switchport voice vlan 20
 trust device cisco-phone
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy

VLANs are setup:

VLAN Name                             status    Ports
1    default                          active
10   Data_VLAN                        active    Gi1/0/1, Gi1/0/2, Gi1/0/3, <snip>, Gi1/0/47
20   Voice_VLAN                       active    Gi1/0/1, Gi1/0/2, Gi1/0/3, <snip>, Gi1/0/47

Misc things:

  • IOS 16.12.12
  • LLDP run is in the config
  • endpoints do not show up on CDP Neighbor
  • DHCP is disabled. Small network. Everything is static IP on 192.168.1.x and subnet 255.255.255.0
  • SVI is up/up on sh ip interface brief

I think I'm missing something obvious, but it's not feeling obvious right now. Any thoughts?

31 Comments
2024/12/01
01:50 UTC

2

Protocol Application Invalid

Hey, so I have a Cisco 7940 IP Phone that a work friend gave from her husband. But when i power it on and plug in the wifi the Protocol Application Invalid screen always pops up. None of the settings and other buttons work, When i factory reset it that doesn't work. Anyone know how to fix this! (I do not have CUCM)

1 Comment
2024/11/30
19:44 UTC

2

CSAP openings?

Hey ciscoians, I am interested in checking out the CSAP program (specifically ASR) as a soon to be bachelor graduate. Is there any information as to when applications open or am I just missing where to apply? Any information helps.

1 Comment
2024/11/30
07:15 UTC

5

SDA fabric underlay border issue with default route advertisement

My company is moving user access from a typical Core-Distribution-Access model over to SDA. We have one location where the SDA fabric site is running along side the traditional network deployment, and have moved almost everything over to SDA, with some networks being new (user and voice) and others extended into the SDA fabric site by an L2 border but still routed by the legacy distribution router. We're looking to begin our first full migration of a different location in about two weeks.

I noticed that attempts to reach out to the internet from the underlay do not work; I think I had previously attributed this to the firewall simply not permitting the traffic, and didn't dwell on it too much because it didn't seem to cause any negative impact; DNAC, ISE, DNS, and all other internal services were reachable. Earlier this week, I was doing some troubleshooting and found a much more immediate reason the underlay couldn't reach out to the internet--traffic that follows default in the underlay (though not any of the overlays) is looping between border routers.

The problem seems to arise from what I believe is LAN Automation-deployed config. My understanding is that to facilitate adding fabric sites, DNAC deploys a simple IS-IS config in the underlay, which includes a default-information originate. It deploys this on all routers assigned the border node role at a site. If there's only a single border node, this seems like it wouldn't be a problem--all traffic from the site's underlay would see only the default originated from the single border, follow it for any non-local destination and land on the border, which would then follow whatever default it was getting from upstream.

If more than one border node exists at a site and both are advertising default, this seems to cause a loop in the underlay. We're using EIGRP with VRF-lite to extend the underlay throughout our core so our ABNs are reachable. The default route is redistributed from BGP, so in EIGRP it has an AD of 170. IS-IS has an AD of 115, so when both border nodes at a site are originating default into IS-IS, they see each others' default routes as being better than the one they're learning from the network core routers through EIGRP, so traffic matching default just loops. (In one of our fabric sites, the borders are running IS-IS over their direct connection with each other, while in the other they aren't, but the net effect is the same in both cases; where they are direct IS-IS neighbors, they advertise default directly to each other, and where they aren't, they'll still get each others' defaults reflected back at them through any downstream fabric edges they are both peered with.)

There are two solutions I can think of for this:

  1. I played with altering the AD of IS-IS to be higher than that of EIGRP external today, and while that fixed the issue for the default route, it rendered the fabric site's underlay (apart from the borders themselves) unreachable because the same problem would happen in reverse; both borders redistribute the underlay IS-IS-learned prefixes into EIGRP so the fabric site is reachable, and if both borders are preferring EIGRP over IS-IS, then they'll each prefer the routes redistributed into EIGRP from IS-IS over the ones they're learning directly from IS-IS. I think this solution can still work, but I would need to modify the northbound EIGRP config, maybe adding an aggregate-address statement so only a summary of the fabric site's underlay space is advertised into EIGRP and not the more specifics, so when traffic to something in the underlay (e.g. a fabric edge) lands on a border node, it will forward traffic based on the more specific IS-IS prefix learned from downstream instead of the summary route it's learning through EIGRP upstream from the other border node.

  2. Add in config on the borders' IS-IS to prevent them from installing a default route learned from IS-IS, either through a route-map applied to each interface that denies default (and permits anything else) or maybe a distribute-list in config on the router isis process.

Is this something anyone else has encountered? Do either of the two solutions above seem like they would work, or is there a better way?

11 Comments
2024/11/30
01:35 UTC

5

Does Meraki managed devices disclosure CVE’s to customers?

This question comes from not ever seeing a CVE for a Meraki Product - I assume customers don’t get this level of information unless it’s like a 10/10 CVSS score?

I keep my patching up to date and don’t seem to get caught out with any security findings from any third party pen tests etc.

5 Comments
2024/11/29
22:31 UTC

4

Cisco ISE SDA - AD Domain Guest issues?

Has anyone ever dealt with slow to login Windows 11 issues when using a Domain Guest Account on a CISCO ISE SDA network utilizing Machine 802.1X Authentication? We have seen this when using our AD DG account can take around 10 minute for Windows to load completely.

3 Comments
2024/11/29
19:36 UTC

0

Cisco and vmware

I have an issue I can’t resolve. I’ve set up a VM (VMware Workstation Pro) in NAT mode with the VM assigned IP 10.10.0.102 and gateway 10.10.0.1. The host’s IP is 192.168.100.174, and I’ve also configured port forwarding (host port 22 forwarded to VM port 22 on host IP 192.168.100.174). Additionally, I’m using WireGuard to establish a VPN connection (host-to-LAN) between the host and my home network. My home LAN is 192.168.200.0/24.

At this point, I’m able to SSH from the VM to devices in my home LAN (e.g., a Cisco router at 192.168.200.50). However, the reverse does not work. If I try to SSH into the VM from the 192.168.200.0/24 network, I’m unable to connect. Moreover, I can’t even ping the VM or the physical host on the 192.168.100.0/24 network (host IP: 192.168.100.174).

Why is this happening? How can I fix it?

I’m looking for a technical explanation and possible solutions to this issue.

3 Comments
2024/11/29
19:31 UTC

0

C2960

I have been used the C2960 switches since 2015. I hope Cisco would bring this model back instead of the dreaded C9200, which costs five times as much.

24 Comments
2024/11/29
11:15 UTC

0

CCNA certification discount on Black Friday Sale

Is there a chance that we can avail discount for CCNA certification exam during Black Friday Sale?

1 Comment
2024/11/29
10:44 UTC

Back To Top