Cisco Newbie
Dear All
I have two small networks running on seperate subnets, we have been given a Cisco C2600 and I am trying to get both networks to work together.
The only problem is our main network has a gateway already inplace that we must use for internet/etc.
The following is the current config file.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname router
ip subnet-zero
no ip domain-lookup
interface FastEthernet0/0
ip address 192.168.0.5 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 193.xxx.xxx.19 255.255.255.0
duplex auto
speed auto
interface Serial0/0
no ip address
shutdown
interface Serial0/1
no ip address
shutdown
ip default-gateway 193.xxx.xxx.1
ip classless
no ip http server
ip pim bidir-enable
route-map f0/1 permit 10
route-map private permit 10
next ip default next-hop 193.xxx.xxx.1
line con 0
line aux 0
line vty 0 4
For network residing on f0/1 we have to use the gateway 193.xxx.xxx.1 this is for all internet traffic and we have no choice but to use this gateway.
If I set both networks to the router set IP's as there natural gateway, we get full connectivity between subnets.
Is there anyway to forward all traffic from interface f0/0 to pass over f0/1 to our primary gateway of 193.xxx.xxx.1
I hope this makes sense as a newbie this is a big adventure for me.
Set all machines on each network to use the router's address on that network, then set a default route to the 193.xxx.xxx.1 gateway like this:
ip route 0.0.0.0 0.0.0.0 193.xxx.xxx.1
This will route all traffic to the main gateway, except that which is destined for either of the two connected networks.
What about packets from a PC on the F0/1 network that should go to the main gatway? Well, the PC will send them to the .19 address, and the router will send them straight back out again to the .1 address. It will also send a "redirect" signal to the PC to say, "any more packets like that one, send them straight to the .1 address without going through me first."
I see one other potential problem with the F0/0 network: its address is 192.168.0.0/24, which is not normall routable on the Internet. I suppose the main gateway is doing address translation. If so, that is OK.
Your main gateway will need a route to send all 192.168.0.0/24 to 193.xxx.xxx.19, otherwise packets from the internet cannot get back to the F0/0 network.
Kevin Dorrell
Luxembourg
Similar Messages
-
Cisco 867VAE-K9. Is it compatible with the NBN in Australia?
Hello All,
Just a quick question for a cisco newbie.
I'm having trouble using a 867VAE-K9 to connect to the NBN in Australia.
Is it compatible?
Appreciate any help.
Regards,
LeonardI'm having trouble using a 867VAE-K9 to connect to the NBN in Australia.
I've got NBN and I'm using an 881 and with Internode.
The NBN port directly connects to my GigabitEthernet port marked "WAN".
Bear in mind that the 860-series router is "rated" to push up to 12.80 Mbps (one-way traffic and no encryption). -
Hey guys,
Bare with me, as I am Cisco newbie and not too familiar with their setups.
I essentially want to be able to use the web interface of the router to configure VPNs, port forwards, etc. and not use CLIs.
Just got a Cisco 891FW Router for a client and want to pre-setup everything, but I couldn't seem to get into the web interface of the router. After finding out (correct me if I am wrong) that it is disabled by default, so you will have to use console to configure it.
So with the cable console I was provided, I used putty and got into that interface (this is where I lack experience in use). Referring to this guide (http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf005.pdf), I tried to enable the Web GUI of the router.
So the commands I ran are:
Router(config)# ip http server
Router(config)# ip http authentication aaa
Router(config)# aaa authentication login default local
I connected a ethernet cable from one of the LAN ports to my laptop and it got an IP address (192.168.15.100). I opened my web browser and put in http://<router name>, and nothing; even tried 192.168.15.1 as I figured that would be the web interface since I got a .15 address.
Did I miss a step or am I following the wrong guide? I am not too familiar with Cisco routers (beside you basic home/small business ones with the WebGUI enabled by default) so if you guys can show me a guide specific to my model, or give me a step-by-step on how to enable the web interface that would be appreciated.
Thanks for any helpHi,
I'm a little rusty as I always use the CLI and only ever disable the web interface :), but your config looks a little weird.
Try this:
(config)#ip http server
(config)#ip http authentication local
(config)#username jbenoza privilege 15 secret 0 cisco
(config)#wri
Enter the IP address of the router (which will be the default gateway of the DHCP address you were provided) in the web browser and this will allow you to connect.
If you still experience issues, please post the output of a show run as there may be further configurations necessary. -
Pix501: allow all incoming smtp to one host and all smtp out from one host only
I have a pix501 and I have a mail server. What I would like to do is ensure that smtp traffic from the web only goes to my mail server and that my mail server is the only machine on my local network that can send to the internet on port 25. This is to secure the possibility of bots on my childrens PCs spamming other users. The mail server has been relay secured for selected PCs only.
To the pix501; I think the following is what I need, but would like somebody to confirm or correct me:
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list inbound permit tcp any host x.x.x.x eq smtp
access-list outbound permit tcp host x.x.x.x ant eq smtp
access-group inbound in interface outside
access-group outbound in interface inside
Most important:
1. Have I got the access-lists right? Does pix501 support host x.x.x.x (ip of local webserver 192.168.x.x)
2. Are the access lists the right way around?
3. Is the access-group setup right?
4. Is there anything else that needs doing/
Any help appreciated.
Note: I am a Cisco newbie and trying to learn,Thanks for that information.
I thought about this some more, after seeing your response, and I was wondering; if I only want to restrict smtp outbound traffic, but allow all other traffic, would the following work, as I dont have to allow each specific port/ip address:
access-list outbound permit tcp host 192.168.1.3 any eq smtp
access-list outbound permit tcp host 192.168.1.36 any eq smtp
access-list outbound deny tcp any any eq smtp
access-list outbound permit udp any any
access-list outbound permit tcp any any
I realise that this would open all sorts of other security risks, but at least trojans/worms will not be able to spam from PCs other than those listed as per the first 2 lines ( which is my major concern at the moment). As I learn more about the traffic on my network I can block more undesirable ports.
Sorry to be a pain, but this could be useful to other and the more complete the setup, the easier it will be for them. -
Setting port for Voice + Data
Hi,
I have a 3850 stack (core & access - server or user) and a couple 3750 switches ("user" access) I'm setting up to support a VOIP install. The 3750s are trunked to the 3850 stack. All are at current recommended or greater IOS.
Currently I'm trying to determine if the settings I plan on using for ports is correct. I still have routing to button down but I need the ports proper first. I'm a IOS/Cisco newb so please be patient.
Pertinent info:
There are 3 VLANs, VLAN1 - management, VLAN2 - Data, and VLAN10 - voice. VLAN10 will be marked as the voice VLAN on the switch.
The "user" access devices I will connect to a port are either a PC, a Yealink phone, or a Yealink phone+PC. PC traffic arrives untagged. Yealinks will send a untagged DHCP request, receive a DHCP data, reissue a DHCP request with a VLAN10 tag, and all future communication will be vlan10 tagged.
Here's what I have put together so far for the "user" access ports. Command is for one port (I'll use interface range when I actually do this):
config t
: #--clear all settings on port
default interface G1/0/1
: #-- enter interface setup
interface G1/0/1
description VoiceData
: #-- set port to trunk mode
switchport mode trunk
: #-- set port to 802.1q which allows tagged traffic (phone)
switchport trunk encapsulation dot1q
: #--we only allow tagged 10, all else is untagged & switch tagged to vlan 2.
switchport trunk allow vlan 10
switchport trunk native vlan 2
: #--speed port init with portfast
spanning-tree portfast
end
Am I on the right track? Other commands I should include? Will the switch prioritize the VLAN 10 traffic automatically since I have VLAN10 set as voice or do I need to issue a switchport voice vlan 10 command for the port?
TIAThanks Charles, that appears to be working. Until I get this fully working I'm not going to split management & data, so vlan1 & 10 is all for now.
I'm now trying to get connectivity to the server (VMWare VM). I don't seem to be able to get any communication when it is set to static in the vlan10 subnet (10.10.1.1/24). With the NIC in vlan1 subnet (dhcp) it works perfectly. I tried smartport desktop, smartport trunk, the settings above (both of them) and nothing seems to work. The server will need to talk in both subnets/vlans.
Server cannot ping out and the switch cannot ping it. Initially I thought it was a routing issue. Settings look good though (core switch):
ip address 10.1.4.254 255.255.0.0
interface Vlan1
description Mgmt+Data
ip address 10.1.4.254 255.255.0.0
ip helper-address 10.1.1.13
interface Vlan10
description Voice
ip address 10.10.1.254 255.255.255.0
ip helper-address 10.10.1.1
ip default-gateway 10.1.4.3
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.4.3
I did some dhcp debugging for a phone and it communicates with the vlan1 dhcp server but when it then tries to talk to 10.10.1.1 (VM server) there's no response.
I then figured I had a NIC problem, but with it working perfectly fine with the vlan1 subnet setup my OS appears good.
All this leads me to believe I don't have the port set up properly.
Ideas? -
Viewing Broadcast Bandwidth as Percentage
Hi,
I am a Cisco newbie and wanted some advise on how to monitor broadcast bandwidth on my Cisco 2960 switches.
I understand I can use storm control to set thresholds on how much bandwidth is being used by broadcasts.
Is there a way to view broadcast bandwidth as a percent of total available bandwidth without enabling storm control?
I am thinking about expanding my DHCP scope to a /22 and wanted to compare the boradcast bandwidth generated between a /22 and /23 network without having storm control enabled.
ThanksDeclare two variables and store the previous and current rows count values.
With this you can calculate the difference and percentage values -
Forgive me if this is a stupid question but I am a Cisco newbie!
I am managing a Cisco 881 with Adv Ip Services ( CISCO881-SEC-K9)
It has IOS 15.0(1) M8 on it. I see that there is a new IOS version 15.2M&T that (I think is applicable), and I have read the upgrade procedures for upgrade via USB and TFT.
If I install it will my licence for Adv Ip Services be preserved or overwritten. And if the latter, do I need to export it and reapply it? If so, what is the process?
Thanks very much
GavinHi Alain
Thanks for your reply. My understanding is that it contains some fixes for security vulnerabilities which is my reason for looking at upgrade.
Regards
Gavin -
Cisco AnyConnect Secure Mobility Client - Newbie Totally Lost
We currently have an ASA 5505 Firewall with VPN services configured. The system is running ASA Version 9.0.0 and ADSDM 7.0.2. I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC. When I try to connect to my VPN service I ge the following message:
Security Warning: Untrusted VPN Server Certificate! AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
Certifiate does not match the server name
Certificate is from an untrusted source.
Certificate is not identified for this purpose.
Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message? If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?You can simply accept the self-signed certificate the first time you are presented with that message and direct AnyConnect to always trust such certificates.
If you don't want to do that, you need to make your clients automatically trust this certificate from your ASA. You can do that several ways. You mentioned using a 3rd party vendor - that ends up being the method of using a vendor in the trusted root Certificate Authority (CA) list. If you don't use one of the 3rd party ones, you will need to push out the trust via some software deployment method - e.g. a GPO for Windows clients in a managed AD setup or via pre-deploying with yet another 3rd party tool like LANdesk.
If you don't have an internal CA or AD-managed infrastructure for your clients then just telling users to click "always trust" is the path of least resistance (although the least secure). -
Newbie: Cisco 851w and nat
Hello,
I am a network administrator and recently decided to upgrade my existing network infrastucture at my small office by purchasing a
Cisco 851w router.
I have 14 computers that need internet connection sharing and an Ubuntu 6.06 box running e-mail services, web and dns hosting for
my domain (master zone, running bind9).
Using SDM express I configured the network in 15 minutes, and also NAT for the Linux server. Everything is fine, except one
thing: when I access my domain (let`s say mydomain.ro) from my local network I don`t get my webpage or a response from the mail
server, but instead my SDM express login window. From an outside network I can access my mail and web page using mail.mydomain.ro
and www.mydomain.ro. Internally I get a response from the router.
This is how I configured the network with SDM express:
192.168.0.1 as my routers ip address and network address, dhcp enabled, router`s name is router and domain "domain.ro". At the
dhcp section I typed my ISP`s dns server. The linux box has the ip 192.168.0.10 and runs bind9 for the "domain.ro" as the master
server. I added the following NAT with SDM: 53 tcp and udp from WAN ip (81.xxx.xxx.xxx) to 192.168.0.10, 22 tcp, 25 tcp, 80 tcp,
etc. WAN IP is the ip from my ISP (81.xxx.xxx.xxx).
Can I fix this using SDM, and how? It`s not an option to type 192.168.0.10 as incoming mail server instead of mail.domain.ro. I don`t know how to use CLI, I bought this router just to be able to run away from my old 486 iptables machine. :D
Thanks for you time!You are absolutly right in that you are not the only one with this problem.
Check this post and the link provided by Sundar out.
http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=968333ACF23358AC6443CE3DC4C19CD9.SJ3B?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddccf83
And hopefully you will find a working solution. -
Newbie ... Information about Cisco Wireless
Hi,
where can I learn more about Cisco Wireless? I have GNS3 and Cisco Pakettracer but
there is no simulation for wireless. Can someone tell me what I have to do to learn more
about Cisco Wireless.
Are there maybe some good books to learn from how to configure and troubleshot a
Cisco Wireless environment (LAN).
I hope someone here can help me.
Sorry for my bad english, because I am from germany.
BR
HajoHi Hajo,
Welcome to the Cisco wireless forum..
Do not worry about bad English as long as we got your message.
I would suggest you to find an Cisco AP (old model) & WLC (4402 or 2106 ) with a PoE Cisco switch from ebay for cheaper cost. Then you can play with those & learn Cisco wireless.
Without a controller you can learn how to configure Cisco AP (standlone mode or Autonomous) & if you have more than 1 AP then you can configure those as bridge, etc.
Read some of my blog posts (autonomous related) & gradually move onto controller based (or Unified Wireless). It will be a nice journey for you.
Cisco configuration guides, Technotes & Config examples would be a definite assets for you. Try to use them as well.
HTH
Rasika
**** Pls rate all useful responses **** -
Need help to Configure Cisco ACE 4710 Cluster Deployment
Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
rserver ebsapp2 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
serverfarm ebsppsvrfarm
class class-default
compress default-method deflate
sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
loadbalance vip inservice
loadbalance policy ebsapp-vip-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal- -
Cisco ASA 5510 Backup Interface configuration
Hi Experts,
I am a newbie with Cisco Firewalls, pls help.
We have a BSNL Leased Line of 2MBPS with few Static IP's of Which 2 IP's are configured in Firewall 1 For the Outside Interface and one for publishing the DMZ server. Most of the times due to some reasons or the other the BSNL line is going down. so now I need to configure one another TATA Broadband 1MBPS Dialup Line as a Backup for the BSNL Line so as to provide a uninterupted Internet to our users.
Pls guide me the Steps
Thank in Advance.
Anish NHi Anish,
Check the below mentioned link for configuration.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml -
Cisco ASA 5505 VPN with iPhone
Hello Everyone. I am a newbie to the Cisco appliances, so please bear with me. I am trying to configure this unit to allow iPhone VPN access to our network to sync LOTUS DOMINO (Not Exchange) user's Email, Contacts, and Calendar. We have a Sonicwall NSA 2400 that is our main router, so the ASA will only be used for VPN access, not routing. It will be in the DMZ providing VPN access for the iPhones. With the VPN connected, we need to limit access to only those services required by the iphone to sync information. The Software version on the Cisco is 7.2(4). If there is anyone that could help me out, I would greatly appreciate it. Please remember I am new to this, so please be patient. Where do I begin? I hope to hear from anyone soon.
Hi,
I cannot help you with the Cisco side of the equation, but do you know about Lotus Traveler? It's free from IBM and essentially adds ActiveSync support to your Domino email environment. The iPhone is configured with an Exchange ActiveSync account and pointed to the Lotus Traveler server (which sits in your DMZ and only needs port 80/443 access). It gives you full push email/contacts/calendar (Blackberry-like) functionality.
Like I said, it's a free add-on from IBM Lotus for all licensed Domino users. -
Configuration Issue with my Cisco 871 Router
Hi all,
I am a newbie to the Cisco IOS.
I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
Below is my current config:
Hoggers#show config
Using 4414 out of 131072 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Hoggers
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 **********************.
no aaa new-model
crypto pki trustpoint TP-self-signed-568493463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-568493463
revocation-check none
rsakeypair TP-self-signed-568493463
crypto pki certificate chain TP-self-signed-568493463
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.90
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip dhcp pool LANPOOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 41.212.3.2 41.212.3.253
ip domain name yourdomain.com
ip name-server 41.212.3.2
ip name-server 41.212.3.253
archive
log config
hidekeys
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Wan to Outside World
ip address 41.212.79.108 255.255.255.0
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.212.79.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
scheduler max-task-time 5000
end
I'll appreciate any light you can shed on what am missing.2 wireless routers can not communicate wirelessly with each other.
You need to connect cable between 2 routers and use the second wireless router as access point.
Follow this link to connect Linksys router to another router.
Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address. -
Uploading Cfg file to Cisco 831
Really new here to Cisco. Our netwok administrator was let go and I am running the show now but am having a problem with uploading a config file to our Cisco 831 which is acting as a firewall to a T1 line. I am so newbie to Cisco so bear with me please! Our router was reset to defaults(yea, I know) and of course the config file was lost on the router but... I did find these files saved on one of our file servers. in a folder TFTP-Root
c831-k9o3y6-mz.123-2.XC2.bin
startup-config
cisco831-config
I can see the files were backed up and on this server there is a TFTP server that has been ran. Here are my questions.
1. To get the router back to where it was with these files, which ones do I need to upload?
2. Do I need to upload a boot file and config file or just one or the other?
3. I did try to upload the startup-config file using telnet and got as far as the TFTP program trying to load it to the Cisco but an error came up about the security range for the TFTP didnt include 10.10.10.1??? The wierd thing is the TFTP server is 192.168.1.10 and the Cisco is 192.168.1.252. I can ping the Cisco but I cannot figure out why the Cisco is sending to the TFTP server that its IP is 10.10.10.1.
I appreciate any help since right now our office netork has no email till I reset this.
Thanks
JimJim
I do not think it is a stupid question. When you post to a public forum like this, all kinds of people will see what you post. It is wise to want to protect yourself.
I would suggest that as a starting point that you replace any passwords with "" (or some silimar string which shows us what passwords were configured but disguises the actual password).
I would suggest that you disguise any IP addresses that are in public address space (I believe that addresses in private space do not need to be disguised). Some people post configs with the address blanked out but I find this is sometimes counter-productive. I would suggest that you change the first octet of any public address in your config, and be careful that the first octet still shows whether this was class A, class B or class C address space. If you disguise the first octet then if the second, third, and fourth octet are the same as your config we will not have any real idea where you are, but there are valuable indications of what subnetting is being done, and perhaps other things that may be helpful.
I believe that it is probably sufficient to disguise any passwords and disguise any public IP addresses. If you look through your config and find other things that concern you (perhaps there are comments on interfaces about what they connect to that you do not want to become public) feel free to remove or to alter/disguise them.
And if you are really nervous about posting config details on the forum, you can email them to me privately. My email address is available through my forum profile. Some other forum contributors also make their email addresses available through their forum profile.
HTH
Rick
Maybe you are looking for
-
Remote client copy performance
Hello experts, I need an opinion on following possibilities that could speed up remote client copy: Increasing maximum number of processes for parallel processing in dialog mode? Increasing the update processes? Decreasing the undo retention from def
-
Case #0184201928 - I want an anwser from ADOBE that gives a solution
Case #0184201928 Tuesday, April 9, 2013 8.52 AM Australia eastern standard time Opened Thursday, April 4, 2013 3:21:24 PM PDT Status Open - Pending Adobe Response Product Creative Cloud Indiv 1.0 Support contract Adobe Support Program Subject not ab
-
MOV files from Ipad not playing correctly in 2010 Windows PPT presentation
I inserted .mov files taken from Ipad 2 into a.ppt on my work PC. I saved these files to the folder containing all of the videos I am showing in the ppt-- the same folder where the .ppt is located as well. Then I inserted them as I do all videos (I
-
Reinstalling wired desk top to Home Hub 4
My wired desk top computer has been disconnected for 4 weeks. How do I reinstall broadband to my computer?
-
i'm looking for simple example of alv with class (this is OO) and with events thanks