Cisco 3845 of storm-control
Hello
First of all, sorry for my English. I was attacked in one of my public ip address. I was wondering how to solve this problem, I found when I was attacked, and numer of pps in my interface goes up to 800 kpps. I was looking for an I found the function 'control of the storm '. I have a Cisco 3845, can you tell me what I can do to avoid attacks.
Hello
So I suggest that you attached a fw between your router and the internet or apply an IOS security.
Basic stuff to assign:
No finger service
no service button
no service udp-small-servers
no service tcp-small-servers
horodateurs service debug datetime localtime show-timezone msec
Log service timestamps datetime localtime show-timezone msec
encryption password service
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
not run cdp
no ip bootp Server
no ip address of the http server
no ip finger
no ip source route
no ip free-arps
block connection-for 10 tries 2-5
all the ints FastEthernet/concert
-------------------------
no ip redirection
no ip proxy-arp
no ip unreachable
no ip directed broadcast to the
no response to mask ip
No mop enabled
all serial interfaces
-------------------------
no ip redirection
no ip proxy-arp
no ip unreachable
no ip directed broadcast to the
no response to mask ip
and then maybe use a simple CBAC inspection
----------------------------------------------------------------
R1
inspect the TCP IP ios_fw name
inspect the name ios_fw UDP IP
inspect the name ios_fw ICMP IP
allowed access list 100 deny ip any one
int fax / x (interface WAN face)
inspect the ios_fw over IP
IP access-group 100 to
RES
Paul
Tags: Cisco Network
Similar Questions
-
Need help the NM-CIDS upgrade on Cisco 3845 router.
Can someone tell me all the files I need to improve my 5,0000 E3 to E4 6,0000 ID? I think I should be able to do with the material that I currently have. I do not have the resources to upgrade the router or the module NM-CIDS. I want to update the E4 because it seems that Cisco is no longer put signatures for E3. Documentation, I read that I should at least the Image of the system, the Service Pack, the recovery Image and update engine files. I see several different times with a GOAL in the file names naming convention. I'm not sure what I will need the names of specific files.
A screenshot of version see is lower.
See the version
Application partition:Cisco Intrusion Prevention System, Version 5,0000 E3
Host:
Domain keys key1.0
Definition of signature:
Update of the signing S479.0 2010-03-19
Virus update V1.4 2007-03-02
OS version: 2.4.30 - IDS-smp-bigphys
Platform: NM-CIDS
Serial number: FOC11014468
License expires: August 14, 2010 UTC
Sensor time is 17 days.
Using 509292544 bytes of available memory (79% of use) 403263488
system uses 17.7 M off 29,0 M bytes of disk space available (61% of use)
the application data uses 34.1 M off 174.7 M bytes of disk space available (21% of use)
start using 39.1 M off 75.9 M bytes of disk space available (54% of use)
Application log using 532,3 M off bytes of 2.8 G of disk space available (20% of use)MainApp N-2008_JUN_06_02_35 (release) 2008-06 - 06T 03: 23:18 - 0500 Running
AnalysisEngine NO-2008_OCT_16_22_05 (release) 2008-10-16 T 22: 30:37 - 0500 Running
CLI-N-2008_JUN_06_02_35 (release) 2008-06 - 06T 03: 23:18 - 0500Upgrade history:
* IPS - GIS - S478 - req - E3 18:12:38 UTC Monday, March 22, 2010
IPS-GIS-S479-req - E3.pkg 14:00:57 UTC Friday, March 26, 2010Version 1.1 - 5, 0000 E3 recovery partition
You only need the IPS - K9 - 6.0 - 6 - E4.pkg file.
Put it on an FTP server and jump on the sensor CLI and run this command:
upgrade ftp: / / (user name) @(ipaddress of your ftp server)//(directory, if any)/IPS-K9-6.0-6-E4.pkg)
-Bob
-
Hello
I 2911 Cisco router with security license and want to allow or block specific (like Facebook) areas for some users. Is it possible to authenticate users to Active Directory sort and create firewall rules that will block the traffic for them?
I know that the best option is to install (or use cloud) server proxy but I would like to know if I can do it this way.
Thank you.
I'm afraid that you can't do in native mode in the router. You can use the connector of cloud. You could do this with an ASA though.
-
MAB with Cisco Phone - authorization failed
Hello everyone,
I use MAB to authenticate customers and Cisco IP phones against a NPS Microsoft Radius server. Everything works perfectly, except for 1 phone Cisco. The phone is successfully authentication but authorization fails. The switch port has the following configuration.
switchport access vlan 500
switchport mode access
switchport nonegotiate
switchport voice vlan 92
no logging event link-status
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event server dead action authorize voice
authentication host-mode multi-domain
authentication port-control auto
authentication periodic
authentication timer reauthenticate 10800
authentication timer inactivity 1800
mab
no snmp trap link-status
mls qos trust device cisco-phone
mls qos trust cos
macro description mab
auto qos voip cisco-phone
storm-control broadcast level 5.00
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
I get the following RADIUS logging of the client authentication process.
May 7 15:24:53.349: RADIUS: 4D 8F 05 AB 00 00 01 37 00 01 02 00 0A 19 0A 84 00 00 00 00 00 00 00 00 00 00 00 00 01 CE 47 DF 2A A4 B3 70 00 00 00 00 00 00 5F 79 [ M7G*p_y]
May 7 15:24:53.349: RADIUS: Vendor, Cisco [26] 34
May 7 15:24:53.349: RADIUS: Cisco AVpair [1] 28 "device-traffic-class=voice"
May 7 15:24:53.358: RADIUS(00002749): Received from id 1645/128
May 7 15:24:53.366: %MAB-5-SUCCESS: Authentication successful for client (442b.03a2.f9e8) on Interface Gi1/0/39 AuditSessionID 0A194B0400002706ED82EB13
May 7 15:24:53.374: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (442b.03a2.f9e8) on Interface Gi1/0/39 AuditSessionID 0A194B0400002706ED82EB13
SER-02-SW01#clear authentication
May 7 15:24:53.383: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (442b.03a2.f9e8) on Interface Gi1/0/39 AuditSessionID 0A194B0400002706ED82EB13
I checked online and blogs and forums suggest to check the use of the downloadable access list, but they are not used in the switch. As mentioned, all Cisco IP phones works perfectly, except this one. I have already removed the Active Directory object and created a new object from scratch, but the same result. I also tried another port in the switch, yet an authorization failure.
Currently, I don't know where to look further, then maybe some of you can help me!
Thanks for the update of René. I have suggested for deactivation and reactivation of the dot1x in the world to see where it got stuck somewhere. However, it seems the thought is not okay. Would appreciate if you mark it resolved so that someone else can take advantages out of it.
Your welcome
Good day!
Jatin kone
-Does the rate of useful messages-
-
PC8132F to Cisco Catalyst 3600
Nice day
I hope someone can help me here, I'll have questions, get a channel on port with 802. 1 q, working between a stack of 2 devices of the switches 8132F and a single Cisco Catalyst 3600, this switch series switch cannot be removed due to regulations graduates by a Government Department that works to and I need to put an effective link between the switch and our new 8132F switches (this was easy until the network was fully Cisco) but for the life of me I can't not operate. When I connect the ports (well I connect only 1 because I'm testing only at this stage, in the end, it will be two)
Here's the configs for two switches
Cisco:
Interface Port-Channel 4
Description box EtherChannel to Dell Core
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-4
switchport mode trunk
broadcast storm control 60.00
interface GigabitEthernet1/3
Description box to Dell Core EtherChannel * PORT 01 *.
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-4
switchport mode trunk
broadcast storm control 60.00
spanning tree portfast trunk
spanning tree guard root
channel-group mode 4 on
!
interface GigabitEthernet1/4
Description box to Dell Core EtherChannel * 02 PORT *.
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-4
switchport mode trunk
broadcast storm control 60.00
spanning tree portfast trunk
spanning tree guard root
channel-group mode 4 on
!
Dell:
interface port-channel 24
Description "2 Port EtherChannel link Cisco 3600"
switchport mode trunk
switchport trunk allowed vlan 1-4
dvlan-tunnel mode
port-channel min-links 1
output
!
interface Te1/0/24
Description "2 Port EtherChannel link Cisco 3600"
active in mode channel-group 24
Storm-control broadcasts 60
switchport mode trunk
switchport trunk allowed vlan 1-4
dvlan-tunnel mode
output
!
interface Te2/0/24
Description "2 Port EtherChannel link Cisco 3600"
active in mode channel-group 24
Storm-control broadcasts 60
switchport mode trunk
switchport trunk allowed vlan 1-4
dvlan-tunnel mode
outputAny help would be appreciated more
Concerning
Justin
jpsimmonds, I sent an email and look forward to your response.
-
Connection Cisco SG300-10-Core Cisco 6513 for ShoreTel phones
I have a new ShoreTel phone system will soon. Configure a dhcp, including option 156 scope which is required for ShoreTel to obtain the configuration on ShoreTel phones and in order to get on the vlan correct voice on the phone. I also created a new vlan 112 for the vlan voice. When I plug directly into the Cisco 6513 Core switch, the phone starts fine, it gets its configuration and on the VLAN correct 112.
We have a training room in which there will be a lot of users. I ordered 6 Cisco small business 10port SG-300 POE switches for this training room. I plugged the switch in a cable coming off the 6513 which is just an access port and in the vlan voice I created for phones shoretel VOIP:
interface FastEthernet10/11
switchport
switchport mode access
switchport voice vlan 112
priority queue queue-limit 20
WRR-queue random - detect min-threshold 1 30 40 50 60 70 80 90 100
WRR-queue random - detect min-threshold 2 30 40 50 60 70 80 90 100
WRR-queue random detection threshold min 3 30 40 50 60 70 80 90 100
WRR-queue random detection max-threshold 1 70 80 90 100 100 100 100 100
WRR-queue random detection max-threshold 2 70 80 90 100 100 100 100 100
WRR-queue random detection threshold 3 70 80 90 100 100 100 100 100 max
WRR-queue cos-map 1-3-1
WRR-queue cos-1 6 4 map
WRR-queue cos-map 2 6 0
WRR-queue cos-map 2 8 2
WRR-queue cos-map 3 1 7
WRR-queue cos-map 3 8 3 6
MLS qos trust dscp
Storm-control broadcasts 20 h 00
spanning tree portfastWhen I plug a phone directly into this cable the phone works very well. When I plug a cheap cisco POE switch in I can get 3 phones works very well, but due to the amount of energy needed for this cheap a cisco switch it will give only 3 phones power.
The real problem here is plug into small business cisco SG300-10port POE managed switch. I thought I could just connect the switch to the port configured above right out of the box and plug in phones without a problem. When I plug the switch and start plugging in ShoreTel phones, they do not start coming in and upward and actually had a few phones upward but then finally there is no tone and also later, they appear on the screen as a service not available.
I have to configure a trunk port on a port on the SG300 and the Cisco 6513 for this to work? Also I will need to VLAN configuration manually on the SG300. Looks like that when I just plugged it in to the above configured the port on the SG300 it automatically create the vlan 112.
Any help would be appreciated
Thank you
Dave
Deleted
-
Cisco SG300-10 Cisco 6513 and Shoretel phones
I have a new ShoreTel phone system will soon. Configure a dhcp, including option 156 scope which is required for ShoreTel to obtain the configuration on ShoreTel phones and in order to get on the vlan correct voice on the phone. I also created a new vlan 112 for the vlan voice. When I plug directly into the Cisco 6513 Core switch, the phone starts fine, it gets its configuration and on the VLAN correct 112.
We have a training room in which there will be a lot of users. I ordered 6 Cisco small business 10port SG-300 POE switches for this training room. I plugged the switch in a cable coming off the 6513 which is just an access port and in the vlan voice I created for phones shoretel VOIP:
interface FastEthernet10/11
switchport
switchport mode access
switchport voice vlan 112
priority queue queue-limit 20
WRR-queue random - detect min-threshold 1 30 40 50 60 70 80 90 100
WRR-queue random - detect min-threshold 2 30 40 50 60 70 80 90 100
WRR-queue random detection threshold min 3 30 40 50 60 70 80 90 100
WRR-queue random detection max-threshold 1 70 80 90 100 100 100 100 100
WRR-queue random detection max-threshold 2 70 80 90 100 100 100 100 100
WRR-queue random detection threshold 3 70 80 90 100 100 100 100 100 max
WRR-queue cos-map 1-3-1
WRR-queue cos-1 6 4 map
WRR-queue cos-map 2 6 0
WRR-queue cos-map 2 8 2
WRR-queue cos-map 3 1 7
WRR-queue cos-map 3 8 3 6
MLS qos trust dscp
Storm-control broadcasts 20 h 00
spanning tree portfastWhen I plug a phone directly into this cable the phone works very well. When I plug a cheap cisco POE switch in I can get 3 phones works very well, but due to the amount of energy needed for this cheap a cisco switch it will give only 3 phones power.
The real problem here is plug into small business cisco SG300-10port POE managed switch. I thought I could just connect the switch to the port configured above right out of the box and plug in phones without a problem. When I plug the switch and start plugging in ShoreTel phones, they do not start coming in and upward and actually had a few phones upward but then finally there is no tone and also later, they appear on the screen as a service not available.
I have to configure a trunk port on a port on the SG300 and the Cisco 6513 for this to work? Also I will need to VLAN configuration manually on the SG300. Looks like that when I just plugged it in to the above configured the port on the SG300 it automatically create the vlan 112.
Any help would be appreciated
Thank you
Dave
Double post.
Go HERE.
-
RADIUS does not not on Cisco ACS SE v4.1 (1)
Hello
I have a CiscoSecure ACS version 4.1 (1) build 23.
I can't configure the Cisco ACS for granular control of access router. I have a Netopia Router that is configured to use RADIUS to authenticate remotely for a telnet connection. The router sends the request to access the Cisco ACS SE RADIUS and a sniff on the side of the ACS shows the application of GBA, but I see no response from the ACS. RADIUS authentication to work with a Windows 2003 server.
I configured an AAA client and a user of the ACS and use the default group. I use IETF RADIUS. Should what attributes I configure. In Windows, I use Service Type framed and Framed-Protocol PPP. This does not work with the Cisco ACS SE. Nothing shows up in the newspapers. It shouldn't be so difficult, but for some reason I can't make it work.
Thanks for any help.
Jutta Kullmann
Jutta,
Good to know it works very well. Please mark this thread as solved so other can benefit from.
Kind regards
~ JG
-
The SSID on Cisco WLC support no.
Hi all
Can you please help me to provide details on the following Cisco wireless controller?
1. no support SSID on Cisco WLC
2. is it possible to limit the SSID on the access point (for example, I have 10 SSID configured on the controller, I want 10 first access points using SSID (SSID 1-5) and rest of the AP SSID 6-10)
Thank you
Jamal
Hi Jamal,.
Just to add to the great info of Robert (+ 5 points Robert)
The feature you're looking for is called WLAN substitute in versions 4.x WLC.
Allowing substitution WLAN
By default, all defined WLAN transmission on the controller access points. However, you can use WLAN editable to select WLAN is transmitted and who are not on a per access point basis. For example, you can use WLAN to control override goes where in the guest WLAN network or you can use it to disable a specific WLAN in a certain area of the network.
This doc.
http://www.Cisco.com/en/us/docs/wireless/controller/4.0/Configuration/Guide/c40wlan.html#wp1114777
Once you create a new WLAN, WLAN > page edition for the new WLAN. In this page, you can set various parameters specific to this general policy, RADIUS servers, political security WLAN key, and 802.1 x settings.
* Check Admin status under general strategies to activate the WLAN. If you want AP broadcast the SSID in beacon frames, check the SSID broadcast.
Note: You can configure up to 16 WLAN on the controller. The Cisco WLAN Solution can control up to sixteen WLAN for Lightweight APs. Each WLAN has an ID separated from WLAN (1 to 16), a WLAN SSID (name of the WLAN) separate and can be assigned to single security policies. Lightweight APs broadcast all Cisco WIFI WLAN SSID Solution assets and apply the policies that you set for each WLAN.
The good doc.
In versions 5.x, you will use AP groups, because in versions 5.x WLC, WLAN substitute has been replaced by the "Groups of AP" feature;
Creation of groups access Point
After all the access points have joined the controller, you can create up to 150 groups of access point and assign up to 16 local wireless networks in each group. Each access point announces that the WLAN enabled that belong to his group of access point. The access point no announcement not disabled WLAN in its access point group or WLAN that belong to another group.
http://www.Cisco.com/en/us/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1128591
To learn more about George video AP discover excellent groups
http://www.my80211.com/Cisco-Labs/2009/3/22/Cisco-AP-group-nugget.html
I hope this helps!
Rob
-
How to control an LCD by RS - 232?
Hello
There is a list that displays the control commands Cisco LCD 40 '' and 52 '' (page 14-34) in the user guide. Where can I find the same information for a Cisco 32 '' and other brands, for example, I have a 3200 L ÉLO touchscreen.
Cisco displays can be controlled via:
* the TV (small TV icon - screen attached) controller
* Advanced Task (attached form)
in regards to the ELO, you will need to contact ELO to see if you
can get control rs - 232 codes, if they are available.
Once you get the codes you need, you can simply add
a task advanced to control the ELO or any other Non
Cisco appears if they can use RS232 to control.
T.
-
Setting up SSH on a 3845 router?
Hello everyone!
Just curious, how you set up SSH on a router cisco 3845? Specifically, how to generate RSA keys?
It seems to be missing the subcommand "generate" to crypto. When I type the encryption key the only sub-commands are lock and unlock. I am familiar with this and do not want to disturb too much as it is a production company.
I'm under c3845-spservicesk9 - mz.124 - 11.T2.bin so I should have the possibility, Yes? Any guidance would be appreciated. I really prefer is not to use telnet.
you have k9 image, it should support crypto commands, are you sure you were in the configuration mode?
try again.., here is a link to configure ssh in IOS.
http://www.Cisco.com/en/us/Tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
way to do this is to open telnet sessions to the router, in one sitting, be in the activation mode and the leash the open session. On the other telnet session works with the SSH configuration application. When you are done does not save the config, leave the session and open a new session using ssh to ensure that you can connect and the connection to the router via ssh... If for any reason fails, you still have the other open telnet session to cancel the ssh change or correct them.
also to ensure that telnet sessions do not timeout so that work with configs allow you more time by entering exec-time 60<-- one="" hour="" for="" your="" vty="">
line vty 0 4
exec-timeout 60
You can also do full ssh implementation via the console port as well.
Concerning
All helpful PLS rate messages if this can help
-
We have been asked by the Cisco TAC to enable control flow on all our servers. Is there a way to enable flow control on our 4 ESX servers or virtual machine for themselves? We tried for this search, but we found nothing to vSphere 4. Flow control is already enabled on the switches.
It is probably already enabled on your Teddy bear driver:
Ben
-
Hello
I did simple EEM applet for the shutdown of the port to which cases of storm of device control.
It's look like this:
Event Manager applet shut-storm
control of storm events
1.0 cli python action local bootflash:shut - storm.py
and the script is
Cisco import CLI
Cisco import cli
import sys
import datetime
time of import
import re
whitelist =]
Ethernet1/1"."
'Ethernet1/2']
shlog = CLI ('sh logg last 100 | I ETHPORT-5-STORM_CONTROL_ABOVE_THRESHOLD: last 3', False) .get_output)
= Pat re.compile (r'(\d {4} \w{3} \d{2} \d\d:\d\d:\d\d) \S+ \%ETHPORT-5-STORM_CONTROL_ABOVE_THRESHOLD: the traffic in the port (Eth\S + |)) (([Pp] o\S +)')
now = datetime.datetime.now)
Delta = datetime.timedelta (second = 180)
for l in shlog:
mobj = pat.match (l)
If mobj:
port = mobj.group (2)
logTimeStr = mobj.group (1)
time.strptime = logTimeObj (logTimeStr, "%Y %b %d % H: % m: %S") ")
logTime = datetime.datetime(*logTimeObj[:6])
If now logTime<>
If port not on the white list:
CLI ("conf t")
CLI ("interface %s" % port)
CLI ("shutdown")
But the python script is a bit complecs because it is located and must find some interfece triggered the newspaper.
Is it possible to use event parameters? And how?
I know that they are:
SW1 # sh event handler det events history
Time of the event event Event Type slot ID policies
32 09/30/2013 15:40:51 storm_control active (1) shut-storm
interface = ' Ethernet1/16', cause = 'storm-control ".
You should be able to:
bootflash:shut local python CLI - storm.py $interface $cause
However, the appeal of scripts Python applets EEM on Nexus is not officially supported, so your mileage may vary.
-
802.1 x (dot1x) with IP phone / workstation using several authentication domains (MDA)
Scenario:
Workstation (behind the phone)
8.5 (2) software IP Phone 7911
ACS 4.1 with AD on the same server
Cisco switch WS-C3750E-24PD with c3750e-universalk9 - mz.122 - 53.SE1.bin
Guide used:
http://www.Cisco.com/en/us/Tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml
To accomplish:
Computer and authentication of the IP phone with 802. 1 x. The phone using EAP - MD5 and the workstation with PEAP-MSCHAP version 2.
Tried and worked:
Workstation using EAP - MD5 (with ACS username) and use PEAP (with AD user name) and it also acceded to the vlan correct according to the username.
The journal of the ACS, authentication failed:
Message-Type-name of user - Group-Name-Caller ID - network access profile name - Code failure-authentic -.
Authentic has no EAP type - CP 7911 G-SEP00254594D6BA--00-25-45-94-D6-BA VOZ - (default) - not configured
Configuration of the Switch:
Group AAA dot1x default authentication RADIUS
Group AAA authorization network default RADIUS
RADIUS-server host 10.32.250.250 auth-port 1645 acct-port 1646 borders 7 095F4B07110445425B54
interface GigabitEthernet1/0/3
switchport mode access
switchport nonegotiate
switchport voice vlan 200
multi-domain of host-mode authentication
Auto control of the port of authentication
periodic authentication
MLS qos trust device cisco-phone
MLS qos based on vlan
dot1x EAP both
dot1x quiet-time 20
dot1x timeout server-timeout 100
dot1x tx-delay 100
broadcast storm control 15.00
multicast storm-control level 10.00
spanning tree portfast
spanning tree guard root
Summary of ACS Configuration:
Configured the AAA
2 group - voice and data, each with their VLAN respective and the ACS configuration parameters (attribute / value (AV))
Added the user name and password for IP phones
Mapped the announcement to the DataSet
A certificate and installed in the workstation
Set up the configuration of global authentication, where I ticked the boxes PEAP and EAP - MD5
So, as I said, it only authenticates the workstation w / IP phone. When I add the IP phone it does not authenticate any of them.
Someone at - it one day?
Hello
First of all, you can try a different sw for phone (for example 8.4.2S). I have a similar problem with the 8.5 software and phones 7945/7965. Secondary, you must attribute av-pair confiigure side ACS for the correct placement of the voice phone to vlan.
Concerning
Stanislav
-
Subject of the vlan voice SRW224G4P
Hello
I have configured the SRW as vlan, use vlan for voice 212, 348 for data and communicate with cisco IP Phone.
database of VLAN
VLAN, 210-216 345-348
output
ID of the vlan voice 212!
!
interface fastethernet1
activate the storm control
Storm-control broadcast level 10
Storm-control include multicast
maximum port security by 10 points
port security mode max-addresses
port security throw trap 60
spanning tree portfast
switchport trunk allowed vlan add 212
switchport trunk vlan native 348
macro description ip_phone_desktop
! next order is internal.
macro auto smartport dynamic_type ip_phone_desktop
!but when I show vlan voice,.
It shows:
=====================================
1ASW01 #show voice vlan
Manage the VLAN voice State is automatically triggered
Operational status of VoIP VLAN is enabled in auto
Best Local Voice VLAN ID is 212
Best Local VPT is 5 (default)
Best Local DSCP is (by default) 46
Concerted VLAN voice is received from the 34:62:88:73:05:c9 switch
Concerted VLAN voice priority is 0 (static source active)
Concerted Voice VLAN ID is 216
Agreed VPT is 5
Agreed DSCP is 46
Voice VLAN agreed last change is 3 May 13 05:06:31=====================================
I don't know why the vlan 216 became the vlan voice?
I tried changed the build-in macro settings,
auto macro of the built-in parameters ip_phone $native_vlan 348
auto macro of the built-in parameters ip_phone_desktop $native_vlan 348but the system could not change the value of $voice_vlan.
How to fix?
Hi Skywings,
So I think the above output is after the change, right? If this is true, it seems that something was wrong during the configuration process. Process of VLAN automatic voice has two main phases where one is related to communication between the switches and other Cisco infrastructure devices and synchronization of voice VLAN ID. The second phase is related to the identification of the end device as phone. What I see in your case that the first phase has failed somehow the voice VLAN ID is different from locally configured. Can you share with me your race and also start-up config more CDP neighbors? You can use private message.
Kind regards
Aleksandra
Maybe you are looking for
-
I need to reset Firefox, but the help icon (first stage) does not appear in the Menu.
I try to reset Firefox (for Linux/Ubuntu 12.04 LTS), who has gone a bit wobbly... but following the procedure, the first thing is to select 'Help' ('question mark icon) and proceed from there. Unfortunately, there is no aid icon displayed in the choi
-
Satellite M105: How install the drivers Toshiba on WinXp Pro?
Hello, comrades I have a problem.I installed Windows XP prof edition. And now I wanted to install the drivers and the software tohiba.Recovery disk does not run under WinXpProf.I googled this question here. Someone wrote that I use toshiba assist to
-
70 video driver has 4-000HUX 9.18.10.3165 TS140
I'm trying to install the video driver on my Windows Server 2012 Essentials TS140 ThinkServer but continue to get an error that the computer does not less meet the requirements. Out of the box, I installed a Seagate 2 TB hard drive. The message does
-
My cursor flashes approximately every 6 seconds, as I downloaded the latest round of windows updates.
-
Update hangs on XP SP3 (KB2183461)
How to debug the issue? I have the KB2183461 - IE.log and WindowsUpdate.log. (I had problems before installing, specifically the installation of iTunes crashes too. I don't know if they are related.) Thank you.