Security switches
Hello, does anyone know if there is a place or site Cisco.com that has scripts or guides of changes minimuun or configurations that you need to implement on Catalyst 6500 to improve their security.
some of it seems basic, but you can try it.
Tags: Cisco Security
Similar Questions
-
HP ZBook 15 G3: BSOD when connecting to the HP Elite Thunderbolt 3 docking station
I recently (yesterday, 16/08/16) began to experience the dreaded Blue Screen of Death, whenever my laptop is connected to my HP Elite Thunderbolt 3 Dock.
The machine is a HP ZBook 15 G3. It was connected to the docking station for more than a month without this problem. I don't know why at the time because I don't remember any updates or new software before that happens.
The dock is connected to 2 x monitors via HDMI cables and an ethernet cable. I connect a mouse and wireless keyboard to a USB3 port on the laptop.
If the dock is connected to the laptop at the start, he reached the login screen front of BSOD. If I start without it connected, it will be BSOD a few seconds after connecting the dock. He never to the point where the monitors display anything. It can be started with the dock connected in Safe Mode, as it seems to disable job.
I've updated all the drivers and BIOS (including download the Softpaq Download Manager), but there has been no change. I have also updated the NVIDIA drivers to the latest version without change.
What should I do next to solve the problem?
Did you analyze the dump files, they said?
I would also like to update these:
Intel's Thunderbolt sure Connect utility (15.3.40.275)
Thunderbolt from Intel for the Dock Thunderbolt from HP (16.1.7.0.8) Firmware update
ASMedia eXtensible Host Controller Driver (1.16.35.1)
ASMedia ASM1042A Firmware Update for HP Thunderbolt 3 Dock (131025.10.11.23)More BIOS if you're not on 1.09 or 1.10, some people say that they have problems with 1.10, so maybe try downgrade to 1.09.
You can also try experimenting with the 'Thunderbolt security level' setting in the bios security switching No. If it is authorized by the user, or vice versa.
-
HP Pavilion g6-1371sa cannot connect wireless Internet
Hello
Just bought a new laptop for my son, but cannot make it work wireless (he connects very well with an ethernet cable). Have been well than all the assistants of troubleshooting, but with no joy.
Relevant information;
- Network adapter updated - Ralink RT5390 - to the latest version (3.2.12.0) but made no difference
- The mac Get command does not show all physical addresses are connected (unless the ethernet cable is installed). IP config command also suggests that the wireless network adapter is not connected. Device Manager seems however...
- Have any other windows 7 (dell) laptop computers, access to the Linksys wireless router (using 802.11 g) without any problem.
Help appreciated...
Apologies for wasting peoples - my fault! The problem is with the security of the router, I have a list of MAC address filters that allows specified devices to connect. When I connected to the Internet, I entered the mac address that was then appear as connected but it was actually the address of the Ethernet adapter. When I added the other address (as displayed when you enter the Getmac command) then the Internet was born in life. What was slightly confused me was that address before that point showed as disconnected and only after that the connection has been established has made this change (of direction really).
Lesson to learn - security switch router up to created this first connection?
-
Why I see 2 other computers on my network?
I noticed in my network that there are 2 other computers and mine, in a "working group", but I'm an end user and I'm not part of a working group. This is a very recent appearance. I couldn't find a way to determine why I see other computers in this working group, and I can't find information on the activation or deactivation of "working group" on my system. I connect via the wireless router for my Internet service provider, and it's a bit confusing to me.
I had problems with slow browsers and I noticed in the performance monitoring that is spiking my CPU (dual core AMD 2 gig), and my use of memory (2 GB) is 50% or more almost constantly, but I can't see anything using resources in 'programs' or 'services '. I tried to eliminate all junk startup and uninstall all the frivolous programs. Of course, I'm still under a bunch of stuff, but I suspect that something is not right.
All the comments about the browser of fortification and slow CPU and if so or not, this could have something to do with the working group that I see?
Hello
If your wireless connection is not secure, it could be neighbors connecting to your Internet connection.
-------------------
Of the weaker for wireless security, more strong capacity is.No security
Switch Off SSID (even has No Security. SSID can be sniffed easily even if it is turned off)
MAC Filtering___ (Band Aid if nothing else is available, MAC number can be easily Spoofed).
WEP64___ (Easy, "Break" by knowledgeable people).
WEP128___ (a little more difficult to activate, but "Piraté" too).
-------------------
The three above are not considered safe.
Safe starts here at WPA.
-------------------WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2___ (not functionally breakable).Note 1: WPA - AES the current interpretation level entry of WPA2.
Documentation of your devices (router wireless and computer wireless card) must indicate the type of security that is available with your wireless hardware.
All devices MUST be set to the same level of security using the same password.
Therefore, security must be set according to what is the best possible one of the wireless devices.I.e. even if most of your system may be able to be configured to the maximum with WPA2, but a device is able to be configured for maximum of the WEP Protocol, to the whole system must be configured to WEP.
If you need more security and a device (such as a wireless card that can only do WEP) is now better security for the entire network, replace with a better device.
Wireless Security - http://www.ezlan.net/Wireless_Security.html
-
How can I block others access to my wireless router?
I have performance slow and even lose connections. I have Comcast and they have suggested that it is 'noisy' of what they see on their end. The technology said that he receives many complaints from users of wireless router.
Hello
Quote: "How can I block others access to my wireless router?
By setting up the wireless router security encryption.
Of the weaker for wireless security, more strong capacity is.
No security
Switch Off SSID (even has No Security. SSID can be sniffed easily even if it is turned off)
MAC Filtering___ (Band Aid if nothing else is available, MAC number can be easily Spoofed).
WEP64___ (Easy, "Break" by knowledgeable people).
WEP128___ (a little more difficult to activate, but "Piraté" too).-------------------
The three above are not considered safe.
Safe starts here at WPA.
-------------------WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2___ (not functionally breakable).
Note 1: WPA - AES the current interpretation level entry of WPA2.
Note 2: If you use WinXP SP3 bellows and not updated, you need to download
the WPA2 Microsoft's fix.Documentation of your devices (router wireless and computer wireless card) must indicate the type of security that is available with your wireless hardware.
All devices MUST be set to the same level of security using the same password.
Therefore, security must be set according to what is the best possible one of the wireless devices.I.e. even if most of your system may be able to be configured to the maximum with WPA2, but a device is able to be configured for maximum of the WEP Protocol, to the whole system must be configured to WEP.
If you need more security and a device (such as a wireless card that can only do WEP) is now better security for the entire network, replace with a better device.
-
Cannot find my wireless router
IM so confused, im of the problems with my wireless router, when I connected my nintendo wii, that it worked fine, so I decided to make a secure connection by giving a password and other then on the pc finds the router, I made a password for wireless connection and then my wii wouldn't connect , and when I returned to the pc change back I couldn't find the router anywhere all that I can see is my ethernet, theres nothing no wireless adapter. but on my laptop, I can see my wireless connection, but I can't connect to the internet on this subject. IM desperate I don't much about computers know pls if use small words haha, btw, after what happened, I installed windows 7 on the pc to see if it would fix itself, but no luck.
Hello
The type of encryption and password must be exactly the same and fully compatible with all wireless devices that use the wireless router.
So first connect to the router using lead wire and disable security.
Then read this and restore security.
Of the weaker for wireless security, more strong capacity is.
No security
Switch Off SSID (even has No Security. SSID can be sniffed easily even if it is turned off)
MAC Filtering___ (Band Aid if nothing else is available, MAC number can be easily Spoofed).
WEP64___ (Easy, "Break" by knowledgeable people).
WEP128___ (a little more difficult to activate, but "Piraté" too).
-------------------
The solutions above are not considered safe.
Safe starts here at WPA.
-------------------
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2___ (not functionally breakable).Note 1: WPA - AES the current interpretation level entry of WPA2.
Note 2: If you use WinXP SP3 bellows and not updated, you need to download the fix from Microsoft WPA2. http://support.Microsoft.com/kb/893357
Documentation of your devices (router wireless and computer wireless card) must indicate the type of security that is available with your wireless hardware.
All devices MUST be set to the same level of security using the same password.
Therefore, security must be set according to what is the best possible one of the wireless devices.
I.e. even if most of your system may be able to be configured to the maximum with WPA2, but a device is able to be configured for maximum of the WEP Protocol, to the whole system must be configured to WEP.
If you need more security and a device (such as a wireless card that can only do WEP) is now better security for the entire network, replace with a better device.
Definition of wireless security - http://www.ezlan.net/Wireless_Security.html
Jack MVP-networking. EZLAN.NET
-
ISE Server - query of multiple networks
Hi guys
We intend to deploy a Cisco ISE server to handle NAC for 300 users (Windows, WYSE, phones Avaya and HP printers). DHCP is running on the domain controller and the ISE interface Layer 2 visibility of all of the network segment management.
We received an additional amount for a dedicated/completely separate switch VLAN which provides unlimited Internet access. It would be connected to a third-party router connected to the Internet, allowing connections directly on the internet. Indeed, it is a completely separate network of a single VLAN and Internet access.
Is it not possible to manage the security of the ports for that VLAN from the ISE Server? If so, the server ISE would need an additional NIC configured in the VIRTUAL Internet LAN subnet?
Basically, I wonder if a single ISE server can be used to manage 2 totally independent networks. The Internet would not use AD authentication and access would have to grant manually on a case by case basis.
Thank you very much
M
Just to clarify, ISE has NO need to be Layer2-adjacent to clients to work. Only if you use specific profiles of the probes is this useful ever. Has no use when you perform the validation of the mac addresses or 802. 1 x.
As for your question, yes ISE can manage the addresses of mac validation by the ex. say requiring access to your 'Internet' VLAN and your internal VLANS at the same time. However, it is not made with the 'port security' switch feature, but rather by entering the mac addresses that need access to your server to ISE and using the "group" you put them in ISE, in ads a condition when the permission access to ISE.
-
Hello
I want to configure security switch-switch link. (manual mode) on a Cisco 3850 IP basis.
But under "sap... mode-list" is the only entry: No.-encap "»
I need to gcm - encrypt, but this option is not displayed.
SW version: 03.06.00E
SW Image: cat3k_caa-universalk9
License level: Ipbase
Model: WS-C3850-24 t
What could be the problem?
Best regards
3850 material is able to effect, but it is not yet implemented in the software:
It's the 3850 Q & A:
Q. what service modules for the Cisco Catalyst 3850?A. There is no service for the Cisco Catalyst 3850 module. Features supported by the service module of 3750-X (including Flexible NetFlow and effect *) are natively supported by the Cisco Catalyst 3850.* Software support effect could be added later as part of a software update. -
Disorders of slow internet with Asus G73JH wireless (Atheros AR9825) card/adapter
Hi, I'm the owner of a new computer laptop asus stealth bomber with windows 7 installed. I feel very slow download speed (50 KB/s - 100 kb/s). My wireless adapter is an Atheros AR9825 came with the laptop. I also tested my ping is the path up to 375. On the other hand, my laptop computer sony Vaio downloads usually at a speed of 1 Mbps. I checked and I'm on the same network it. I use a wireless connection and mistaken by my router and the modem. I have comcast with increase in power and a cisco/linksys wireless N Router and a modem. Any help is appreciated. I also tried the troubleshooter from the wireless network and unplugged then replugged but nothing seems to help. Also, I have the trial of trend Antivirus installed and also took down windows firewall. I also have the latest drivers installed.
Hello
Watch Windows Advanced Power Management and make sure that the wireless adapter is configured for maximum performance.
http://www.ezlan.NET/Win7/adv_power-sav.jpg
Try to connect to the wireless router and change the operation of the radio channel. Ch.1, or 11 are good choices. But you can try them all one at a time and choose the best.
If you don't use WEP security, switch to WPA or WPA2. A lot of maps N work well with WEP.
Jack - Microsoft MVP, Windows networking. WWW.EZLAN.NET
-
Insert the statement with &; in the chain
Hello
When you use the insert in varchar2 column having below value, it's the slightest mistake out.
But, if I remove & symbol... It's inclusion.
suggestions to insert any string
"Networking - Cisco SMARTnet-6600 | Security & Switch Service Cont-6620 | Not used-0000"
Thank youuse
SET DEFINE OFF
before the insert statement.
Concerning
Arun -
SG300 security problem for the Switch
I think it's a security risk to have a port configured as anything other than access if it's only to be "dumb" connected hosts (printers, workstations, etc.). So, I usually only assign the VLAN management as the PVID of a trunk port that goes to a server or another switch / virtual machine host and a port configured in the access mode with him VLAN management implemented because its PVID (unidentified), and then a PC can be connected directly to access the web management interface.
My concern is that no matter what VLAN I assign a port to, both when trunk or access, I can connect a PC and navigate to any IP VLAN (*. 254) and press canvas logical interface of the switch. What a security risk? How can I configure the switch so that the only way to access the management interface is via a host that is directly connected to a port that has the management VLAN, as is PVID?
That sounds about right. But something can be done about it.
Let's say that there are management VLAN 10. Also, there is a production 5 VLAN - 20, 30, 40, 50, 60. It is a place that allows traffic to pass from one VLAN to the other router.
Someone of VLAN 50 will be able to access the 10 VLAN (VLAN management).
By implementing a firewall on the router we can restrict access to certain hosts or networks to VLAN 10. For example, VLAN 20 is admin VLAN (your computer is connected to this VLAN), so we load the firewall to reject all traffic to VLAN 10 unless it comes from VLAN 20.
At this point, there will be no access to the page web of the switch to anyone else than you.
-
The security design: DMZ ports on internal switch - bad idea?
Hi all
I'm looking for a compelling - or he said is not serious - why a customer should not creator of DMZ VLAN on a cat internal-6509.
Basic topology is a 6509 in a controller area and 2 x ASA - 5510 to active / standby. They finally agreed to start using the DMZ for different services, but because they have no other switch on the domain controller, they are happy to have these DMZ on VLANS separated on the 6509.
Is this a security risk? (They do NOT use the 6509 as an 'outside' switch so it's something that I guess)
How the risk can be mitigated?
How their environments could be compromised?
Any suggestion is appreciated. Thanks in advance,
Mike
I don't see a problem with this setup as:
(1) External / DMZ is LAYER2 ONLY! Use a safety device to manage all Layer 3 (Firewall, FWSM, etc...)
(2) you turn off the proxy arp on ALL layer 3 interfaces on the switch.
(3) you don't give anyone access the switch unless they know what they do (understand the implications of having mixed traffic on the switch)
(4) configure you a vlan fake, make sure that everyone knows what it is (put a name in it and it document) and make the vlan by default for your switchports.
(5) you turn off the trunk negotiation (all ports must be configured "switchport mode trunk" or switchport mode access and also "switchport nonegotiate". If you use 802. 1 q (or isl - ugh), explicitly set the VLANs that are allowed to pass "trunk allowed vlan switchport x, y.
(6) use VTP transparent and not trunk VLAN external to other switches, unless you know what you're doing.
The most important is probably #3. A layer interface moved 3 or IVR and game over, you filled just Internet to your internal network. I can't emphasize enough that, if this is possible and safe if done correctly, it is VERY dangerous if you don't know what you're doing. Some consider too high of a risk to take and to believe in the physical separation to eliminate the risk. I agree, however, I understand that not all of us can afford to purchase several 6500 s.
Another thing to consider, did you think to use VRF-Lite?
-
Impact security to disable the content switch SSL closure alert?
HI: I have a few problems troubleshooting of applications at the level of the SSL layer. Based on a few known bugs of IE with Cisco solutions for the content switch with SSL accelerator, we intend to disable the
where to pass the content of the feature sends not SSL closure alert.
Wondering if anyone out there have ideas if this (disable SSL closure alert to the server) will have an impact or if there are security holes?
Thank you
Ravi
For the CSM = "close-Protocol No" tells the SSL module not
for sending the SSL close notify alert all by closing the connection.
One of the ramifications of this could be that IE browser client might
not to negotiate the resumption of the SSL session for later ssl
connection...
This does not impair the functionality, could result in gradient
performance from the SSL module should establish more new sessions
instead of the resumed session.
-
Hello
I am trying to write a Perl script that can modify the security policy of a group of distributed in a distributed virtual switch ports. I can access the values of security policy by using the following:
$port_group_view-> config - > defaultPortConfig-> securityPolicy - > allowPromiscuous-> value
$port_group_view-> config - > defaultPortConfig-> securityPolicy - > forgedTransmits-> value
$port_group_view-> config - > defaultPortConfig-> securityPolicy - > macChanges-> value
I try to use the method ReconfigureDVPortgroup_Task() of the managed object DistributedVirtualPortGroup. While creating a new instance of DVPortgroupConfigSpec, within the data spec config defaultPortConfig property object there is property of security policy and I couldn't find any other property pointing me to that I can update the security policy. I discovered that it is accessible via defaultPortConfig, stretching from VMwareDVSPortSetting where securityPolicy is a property of VMwareDVSPortSetting.
What is the way to update? I am bit confused about terminology Extends and extended by and how it relates to the other.
Concerning
Akmal
It is in DVPortgroupConfigSpec, but you will need to use the extended VMwareDVSPortSetting object.
My $dvpg_spec = new DVPortgroupConfigSpec();
$dvpg_spec-> {defaultPortConfig} = new VMwareDVSPortSetting();
$dvpg_spec-> {defaultPortConfig} {securityPolicy} = new DVSSecurityPolicy();
$dvpg_spec-> {defaultPortConfig} {securityPolicy} {allowPromiscuous} = new BoolPolicy (value-online 1, inherited-0 online);
$dvpg_spec-> {defaultPortConfig} {securityPolicy} {forgedTransmits} = new BoolPolicy (value-online 1, inherited-0 online);
$dvpg_spec-> {defaultPortConfig} {securityPolicy} {macChanges} = new BoolPolicy (value-online 1, inherited-0 online);
You could probably simplify this by getting the config spec VGA and change it before using it in the ReconfigureDVPorgroup_Task() method.
-
Virtual script for security of Distributed Switch settings
Hello
Is there a script I can use to list the security settings of the distributed virtual switches (dvS)?
output should be like:
Enable Promiscuous: false
Allow the change of MAC address: true
Allow to forged allows transmission: trueThe following PowerCLI script lists the security settings of the distributed virtual switches (dvS):
Get-View -ViewType VmwareDistributedVirtualSwitch -Property Name,Config.DefaultPortConfig | ` Select-Object -Property Name, @{N="Allow Promiscuous";E={$_.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value}}, @{N="Allow MAC Address Change";E={$_.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value}}, @{N="Allow Forged Transmits";E={$_.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value}}
Best regards, Robert
Maybe you are looking for
-
How can I put my menu bar and the return address bar at the top?
I closed my menu bar and bar address, etc.. Now, I can get them back I even tried to reinstall Firefox and that has not worked. In front by clicking on the top of the page does not work, either. Help! This has happened Just once or twice Is when I te
-
How can I watch the movies purchased and downloaded?
I have no internet but have configured my ATV off site. AirPlay works very well with my music and photos, but does not work with movies, I bought & downloaded on my computer and the iPhone. I get an error msg I missed something?
-
Enumerator device Ethernet NI 64-bit install error
I get the following error when you try to run my Installer on a 64-bit Win7 machine. The computer has no net work connection.
-
OfficeJet 6600 Gets the message of Network Installation fails when you try to install
Hello I have the worst time setting up my new printer wireless Officejet 6600. I work with a wireless-N router that was purchased less than a year ago. I have other wireless products that work well with the internet, so I do not see there is a connec
-
problem with is msn email to continue to work on the touchpad
My emails from my msn account sync fine when I first add the account to the touchpad email client. After I close the program and go back to it though it stops syncing new emails. The refresh icon constantly is revolving as well. I tried setting up th