Cisco Newbie

Similar Messages

• Cisco 867VAE-K9. Is it compatible with the NBN in Australia?

  Hello All,
  Just a quick question for a cisco newbie.
  I'm having trouble using a 867VAE-K9 to connect to the NBN in Australia.
  Is it compatible?
  Appreciate any help.
  Regards,
  Leonard

  I'm having trouble using a 867VAE-K9 to connect to the NBN in Australia.
  I've got NBN and I'm using an 881 and with Internode.
  The NBN port directly connects to my GigabitEthernet port marked "WAN".  
  Bear in mind that the 860-series router is "rated" to push up to 12.80 Mbps (one-way traffic and no encryption).

• Cisco 891FW Router - Web Gui

  Hey guys,
  Bare with me, as I am Cisco newbie and not too familiar with their setups.
  I essentially want to be able to use the web interface of the router to configure VPNs, port forwards, etc. and not use CLIs.
  Just got a Cisco 891FW Router for a client and want to pre-setup everything, but I couldn't seem to get into the web interface of the router. After finding out (correct me if I am wrong) that it is disabled by default, so you will have to use console to configure it.
  So with the cable console I was provided, I used putty and got into that interface (this is where I lack experience in use). Referring to this guide (http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf005.pdf), I tried to enable the Web GUI of the router. 
  So the commands I ran are:
  Router(config)# ip http server
  Router(config)# ip http authentication aaa
  Router(config)# aaa authentication login default local
  I connected a ethernet cable from one of the LAN ports to my laptop and it got an IP address (192.168.15.100). I opened my web browser and put in http://<router name>, and nothing; even tried 192.168.15.1 as I figured that would be the web interface since I got a .15 address.
  Did I miss a step or am I following the wrong guide? I am not too familiar with Cisco routers (beside you basic home/small business ones with the WebGUI enabled by default) so if you guys can show me a guide specific to my model, or give me a step-by-step on how to enable the web interface that would be appreciated.
  Thanks for any help

  Hi,
  I'm a little rusty as I always use the CLI and only ever disable the web interface :), but your config looks a little weird.
  Try this:
  (config)#ip http server
  (config)#ip http authentication local
  (config)#username jbenoza privilege 15 secret 0 cisco
  (config)#wri
  Enter the IP address of the router (which will be the default gateway of the DHCP address you were provided) in the web browser and this will allow you to connect.
  If you still experience issues, please post the output of a show run as there may be further configurations necessary.

• Pix501: allow all incoming smtp to one host and all smtp out from one host only

  I have a pix501 and I have a mail server. What I would like to do is ensure that smtp traffic from the web only goes to my mail server and that my mail server is the only machine on my local network that can send to the internet on port 25. This is to secure the possibility of bots on my childrens PCs spamming other users. The mail server has been relay secured for selected PCs only.
  To the pix501; I think the following is what I need, but would like somebody to confirm or correct me:
  interface ethernet0 auto
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  access-list inbound permit tcp any host x.x.x.x eq smtp
  access-list outbound permit tcp host x.x.x.x ant eq smtp
  access-group inbound in interface outside
  access-group outbound in interface inside
  Most important:
  1. Have I got the access-lists right? Does pix501 support host x.x.x.x (ip of local webserver 192.168.x.x)
  2. Are the access lists the right way around?
  3. Is the access-group setup right?
  4. Is there anything else that needs doing/
  Any help appreciated.
  Note: I am a Cisco newbie and trying to learn,

  Thanks for that information.
  I thought about this some more, after seeing your response, and I was wondering; if I only want to restrict smtp outbound traffic, but allow all other traffic, would the following work, as I dont have to allow each specific port/ip address:
  access-list outbound permit tcp host 192.168.1.3 any eq smtp
  access-list outbound permit tcp host 192.168.1.36 any eq smtp
  access-list outbound deny tcp any any eq smtp
  access-list outbound permit udp any any
  access-list outbound permit tcp any any
  I realise that this would open all sorts of other security risks, but at least trojans/worms will not be able to spam from PCs other than those listed as per the first 2 lines ( which is my major concern at the moment). As I learn more about the traffic on my network I can block more undesirable ports.
  Sorry to be a pain, but this could be useful to other and the more complete the setup, the easier it will be for them.

• Setting port for Voice + Data

  Hi,
  I have a 3850 stack (core & access - server or user) and a couple 3750 switches ("user" access) I'm setting up to support a VOIP install.  The 3750s are trunked to the 3850 stack.  All are at current recommended or greater IOS.
  Currently I'm trying to determine if the settings I plan on using for ports is correct.  I still have routing to button down but I need the ports proper first.  I'm a IOS/Cisco newb so please be patient.
  Pertinent info:
  There are 3 VLANs, VLAN1 - management, VLAN2 - Data, and VLAN10 - voice.  VLAN10 will be marked as the voice VLAN on the switch.
  The "user" access devices I will connect to a port are either a PC, a Yealink phone, or a Yealink phone+PC.  PC traffic arrives untagged.  Yealinks will send a untagged DHCP request, receive a DHCP data, reissue a DHCP request with a VLAN10 tag, and all future communication will be vlan10 tagged.
  Here's what I have put together so far for the "user" access ports.  Command is for one port (I'll use interface range when I actually do this):
  config t
  : #--clear all settings on port
  default interface G1/0/1
  : #-- enter interface setup
  interface G1/0/1
  description VoiceData
  : #-- set port to trunk mode
  switchport mode trunk
  : #-- set port to 802.1q which allows tagged traffic (phone)
  switchport trunk encapsulation dot1q
  : #--we only allow tagged 10, all else is untagged & switch tagged to vlan 2.
  switchport trunk allow vlan 10
  switchport trunk native vlan 2
  : #--speed port init with portfast
  spanning-tree portfast
  end
  Am I on the right track?  Other commands I should include?  Will the switch prioritize the VLAN 10 traffic automatically since I have VLAN10 set as voice or do I need to issue a switchport voice vlan 10 command for the port?
  TIA

  Thanks Charles, that appears to be working.  Until I get this fully working I'm not going to split management & data, so vlan1 & 10 is all for now.
  I'm now trying to get connectivity to the server (VMWare VM).  I don't seem to be able to get any communication when it is set to static in the vlan10 subnet (10.10.1.1/24).  With the NIC in vlan1 subnet (dhcp) it works perfectly.  I tried smartport desktop, smartport trunk, the settings above (both of them) and nothing seems to work.  The server will need to talk in both subnets/vlans.
  Server cannot ping out and the switch cannot ping it.  Initially I thought it was a routing issue.  Settings look good though (core switch):
  ip address 10.1.4.254 255.255.0.0
  interface Vlan1
   description Mgmt+Data
   ip address 10.1.4.254 255.255.0.0
   ip helper-address 10.1.1.13
  interface Vlan10
   description Voice
   ip address 10.10.1.254 255.255.255.0
   ip helper-address 10.10.1.1
  ip default-gateway 10.1.4.3
  ip http server
  ip http secure-server
  ip route 0.0.0.0 0.0.0.0 10.1.4.3
  I did some dhcp debugging for a phone and it communicates with the vlan1 dhcp server but when it then tries to talk to 10.10.1.1 (VM server) there's no response. 
  I then figured I had a NIC problem, but with it working perfectly fine with the vlan1 subnet setup my OS appears good. 
  All this leads me to believe I don't have the port set up properly.
  Ideas?

• Viewing Broadcast Bandwidth as Percentage

  Hi,
  I am a Cisco newbie and wanted some advise on how to monitor broadcast bandwidth on my Cisco 2960 switches.
  I understand I can use storm control to set thresholds on how much bandwidth is being used by broadcasts.
  Is there a way to view broadcast bandwidth as a percent of total available bandwidth without enabling storm control?
  I am thinking about expanding my DHCP scope to a /22 and wanted to compare the boradcast bandwidth generated between a /22 and /23 network without having storm control enabled.
  Thanks

  Declare two variables and store the previous and current rows count values.
  With this you can calculate the difference and percentage values

• Upgrading an 881

  Forgive me if this is a stupid question but I am a Cisco newbie!
  I am managing a Cisco 881 with Adv Ip Services ( CISCO881-SEC-K9)
  It has IOS 15.0(1) M8 on it. I see that there is a new IOS version 15.2M&T that (I think is applicable), and I have read the upgrade procedures for upgrade via USB and TFT.
  If I install it will my licence for Adv Ip Services be preserved or overwritten. And if the latter, do I need to export it and reapply it? If so, what is the process?
  Thanks very much
  Gavin

  Hi Alain
  Thanks for your reply. My understanding is that it contains some fixes for security vulnerabilities which is my reason for looking at upgrade.
  Regards
  Gavin

• Cisco AnyConnect Secure Mobility Client - Newbie Totally Lost

  We currently have an ASA 5505 Firewall with VPN services configured.  The system is running ASA Version 9.0.0 and ADSDM 7.0.2.  I installed the "Cisco AnyConnect Sercure Mobility Client" Version 3.1.01065 on my Windows 7 Ultimate PC.  When I try to connect to my VPN service I ge the following message:
  Security Warning: Untrusted VPN Server Certificate!  AnyConnect cannot verify the VPN server: XXX.XXX.XX.XX
  Certifiate does not match the server name
  Certificate is from an untrusted source.
  Certificate is not identified for this purpose.
  Without purchasing a certificate from a 3rd Party vendor, is it possible to register a "Self" generated Certificate to get rid of this message?  If so are there any "Detailed" (e.g., simplified or not in Cisco-eeze language) instructions on how to setup the Firewall to "push" the certificate to the VPN client so the message doesn't come up for the user?

  You can simply accept the self-signed certificate the first time you are presented with that message and direct AnyConnect to always trust such certificates.
  If you don't want to do that, you need to make your clients automatically trust this certificate from your ASA. You can do that several ways. You mentioned using a 3rd party vendor - that ends up being the method of using a vendor in the trusted root Certificate Authority (CA) list. If you don't use one of the 3rd party ones, you will need to push out the trust via some software deployment method - e.g. a GPO for Windows clients in a managed AD setup or via pre-deploying with yet another 3rd party tool like LANdesk.
  If you don't have an internal CA or AD-managed infrastructure for your clients then just telling users to click "always trust" is the path of least resistance (although the least secure).

• Newbie: Cisco 851w and nat

  Hello,
  I am a network administrator and recently decided to upgrade my existing network infrastucture at my small office by purchasing a
  Cisco 851w router.
  I have 14 computers that need internet connection sharing and an Ubuntu 6.06 box running e-mail services, web and dns hosting for
  my domain (master zone, running bind9).
  Using SDM express I configured the network in 15 minutes, and also NAT for the Linux server. Everything is fine, except one
  thing: when I access my domain (let`s say mydomain.ro) from my local network I don`t get my webpage or a response from the mail
  server, but instead my SDM express login window. From an outside network I can access my mail and web page using mail.mydomain.ro
  and www.mydomain.ro. Internally I get a response from the router.
  This is how I configured the network with SDM express:
  192.168.0.1 as my routers ip address and network address, dhcp enabled, router`s name is router and domain "domain.ro". At the
  dhcp section I typed my ISP`s dns server. The linux box has the ip 192.168.0.10 and runs bind9 for the "domain.ro" as the master
  server. I added the following NAT with SDM: 53 tcp and udp from WAN ip (81.xxx.xxx.xxx) to 192.168.0.10, 22 tcp, 25 tcp, 80 tcp,
  etc. WAN IP is the ip from my ISP (81.xxx.xxx.xxx).
  Can I fix this using SDM, and how? It`s not an option to type 192.168.0.10 as incoming mail server instead of mail.domain.ro. I don`t know how to use CLI, I bought this router just to be able to run away from my old 486 iptables machine. :D
  Thanks for you time!

  You are absolutly right in that you are not the only one with this problem.
  Check this post and the link provided by Sundar out.
  http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=968333ACF23358AC6443CE3DC4C19CD9.SJ3B?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddccf83
  And hopefully you will find a working solution.

• Newbie ... Information about Cisco Wireless

  Hi,
  where can I learn more about Cisco Wireless? I have GNS3 and Cisco Pakettracer but
  there is no simulation for wireless. Can someone tell me what I have to do to learn more
  about Cisco Wireless.
  Are there maybe some good books to learn from how to configure and troubleshot a
  Cisco Wireless environment (LAN).
  I hope someone here can help me.
  Sorry for my bad english, because I am from germany.
  BR
  Hajo

  Hi Hajo,
  Welcome to the Cisco wireless forum..
  Do not worry about bad English as long as we got your message.
  I would suggest you to find an Cisco AP (old model) & WLC (4402 or 2106 ) with a PoE Cisco switch from ebay for cheaper cost.  Then you can play with those & learn Cisco wireless.
  Without a controller you can learn how to configure Cisco AP (standlone mode or Autonomous) & if you have more than 1 AP then you can  configure those as bridge, etc.
  Read some of my blog posts (autonomous related) & gradually move onto controller based (or Unified Wireless). It will be a nice journey for you.
  Cisco configuration guides, Technotes & Config examples would be a definite assets for you. Try to use them as well.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Need help to Configure Cisco ACE 4710 Cluster Deployment

  Dear Experts,
  I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between  two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
  http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
  This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
  This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
  My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
  Thanks....!
  -Amal-

  Dear Kanwal,
  I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
  Following detail required for configuring Oracle EBS Apps tier on HA:
  LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
  Suggested IP and Name for LBR:
  IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
  ebiz.xxxx.lk [on port 80 for http protocol accessibility]
  This LBR IP & name must be resolve and respond on DNS network
  Server Farm detail for LBR Setup
  Following detail will be use for configuring the LBR:
  LBR IP and Name :
  IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
  ebiz.xxxx.lk [on port 80 for http protocol accessibility]
  This LBR IP & name must be resolve and respond on DNS network
  Server Farm Detail for LBR setup:
  Server 1 (EBS App1 Node, ap1ebs):
  IP : 172.25.45.19
  Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
  Protocol: http
  Port: 8000
  Server 2 (EBS App2 Node, ap2ebs):
  IP : 172.25.45.20
  Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
  Protocol: http
  Port: 8000
  Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
  Following are my latest config :
  probe http Get-Method
    description Check to url access /OA_HTML/OAInfo.jsp
    interval 10
    faildetect 2
    passdetect interval 30
    request method get url /OA_HTML/OAInfo.jsp
    expect status 200 200
  probe udp http-8000-iRDMI
    description IRDMI (HTTP - 8000)
    port 8000
  probe http http-probe
    description HTTP Probes
    interval 10
    faildetect 2
    passdetect interval 30
    passdetect count 2
    request method get url /index.html
    expect status 200 200
  probe https https-probe
    description HTTPS traffic
    interval 10
    faildetect 2
    passdetect interval 30
    passdetect count 2
    ssl version all
    request method get url /index.html
  probe icmp icmp-probe
    description ICMP PROBE FOR TO CHECK ICMP SERVICE
  rserver host ebsapp1
    description ebsapp1.xxxx.lk
    ip address 172.25.45.19
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    probe http-probe
    inservice
  rserver host ebsapp2
    description ebsapp2.xxxx.lk
    ip address 172.25.45.20
    conn-limit max 4000000 min 4000000
    probe icmp-probe
    probe http-probe
    inservice
  serverfarm host ebsppsvrfarm
    description ebsapp server farm
    failaction purge
    predictor response app-req-to-resp samples 4
    probe http-probe
    probe icmp-probe
    inband-health check log 5 reset 500
    retcode 404 404 check log 1 reset 3
    rserver ebsapp1 80
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      inservice
    rserver ebsapp2 80
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      inservice
  sticky http-cookie jsessionid HTTP-COOKIE
    cookie insert browser-expire
    replicate sticky
    serverfarm ebsppsvrfarm
  class-map type http loadbalance match-any default-compression-exclusion-mime-type
    description DM generated classmap for default LB compression exclusion mime types.
    2 match http url .*gif
    3 match http url .*css
    4 match http url .*js
    5 match http url .*class
    6 match http url .*jar
    7 match http url .*cab
    8 match http url .*txt
    9 match http url .*ps
    10 match http url .*vbs
    11 match http url .*xsl
    12 match http url .*xml
    13 match http url .*pdf
    14 match http url .*swf
    15 match http url .*jpg
    16 match http url .*jpeg
    17 match http url .*jpe
    18 match http url .*png
  class-map match-all ebsapp-vip
    2 match virtual-address 172.25.45.21 tcp eq www
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match ebsapp-vip-l7slb
    class default-compression-exclusion-mime-type
      serverfarm ebsppsvrfarm
    class class-default
      compress default-method deflate
      sticky-serverfarm HTTP-COOKIE
  policy-map multi-match int455
    class ebsapp-vip
      loadbalance vip inservice
      loadbalance policy ebsapp-vip-l7slb
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 455
  interface vlan 455
    ip address 172.25.45.36 255.255.255.0
    peer ip address 172.25.45.35 255.255.255.0
    access-group input ALL
    nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
    service-policy input remote_mgmt_allow_policy
    service-policy input int455
    no shutdown
  ft interface vlan 999
    ip address 10.1.1.1 255.255.255.0
    peer ip address 10.1.1.2 255.255.255.0
    no shutdown
  ft peer 1
    heartbeat interval 300
    heartbeat count 10
    ft-interface vlan 999
  ft group 1
    peer 1
    no preempt
    priority 110
    associate-context Admin
    inservice
  ip route 0.0.0.0 0.0.0.0 172.25.45.1
  Hope you will reply me soon
  Thanks....!
  -Amal-

• Cisco ASA 5510 Backup Interface configuration

  Hi Experts,
  I am a newbie with Cisco Firewalls, pls help.
  We have a BSNL Leased Line of 2MBPS with few Static IP's of Which 2 IP's are configured in Firewall 1 For the Outside Interface and one for publishing the DMZ server. Most of the times due to some reasons or the other the BSNL line is going down. so now I need to configure one another TATA Broadband 1MBPS Dialup Line as a Backup for the BSNL Line so as to provide a uninterupted Internet to our users.
  Pls guide me the Steps
  Thank in Advance.
  Anish N

  Hi Anish,
  Check the below mentioned link for configuration.
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

• Cisco ASA 5505 VPN with iPhone

  Hello Everyone. I am a newbie to the Cisco appliances, so please bear with me. I am trying to configure this unit to allow iPhone VPN access to our network to sync LOTUS DOMINO (Not Exchange) user's Email, Contacts, and Calendar. We have a Sonicwall NSA 2400 that is our main router, so the ASA will only be used for VPN access, not routing. It will be in the DMZ providing VPN access for the iPhones. With the VPN connected, we need to limit access to only those services required by the iphone to sync information. The Software version on the Cisco is 7.2(4). If there is anyone that could help me out, I would greatly appreciate it. Please remember I am new to this, so please be patient. Where do I begin? I hope to hear from anyone soon.

  Hi,
  I cannot help you with the Cisco side of the equation, but do you know about Lotus Traveler? It's free from IBM and essentially adds ActiveSync support to your Domino email environment. The iPhone is configured with an Exchange ActiveSync account and pointed to the Lotus Traveler server (which sits in your DMZ and only needs port 80/443 access). It gives you full push email/contacts/calendar (Blackberry-like) functionality.
  Like I said, it's a free add-on from IBM Lotus for all licensed Domino users.

• Configuration Issue with my Cisco 871 Router

  Hi all,
  I am a newbie to the Cisco IOS.
  I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
  With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
  Below is my current config:
  Hoggers#show config
  Using 4414 out of 131072 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Hoggers
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 **********************.
  no aaa new-model
  crypto pki trustpoint TP-self-signed-568493463
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-568493463
  revocation-check none
  rsakeypair TP-self-signed-568493463
  crypto pki certificate chain TP-self-signed-568493463
  certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
  dot11 syslog
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1
  ip dhcp excluded-address 192.168.1.2
  ip dhcp excluded-address 192.168.1.3
  ip dhcp excluded-address 192.168.1.4
  ip dhcp excluded-address 192.168.1.5
  ip dhcp excluded-address 192.168.1.6
  ip dhcp excluded-address 192.168.1.7
  ip dhcp excluded-address 192.168.1.8
  ip dhcp excluded-address 192.168.1.9
  ip dhcp excluded-address 192.168.1.10
  ip dhcp excluded-address 192.168.1.100
  ip dhcp excluded-address 192.168.1.90
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     lease 0 2
  ip dhcp pool LANPOOL
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 41.212.3.2 41.212.3.253
  ip domain name yourdomain.com
  ip name-server 41.212.3.2
  ip name-server 41.212.3.253
  archive
  log config
    hidekeys
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description Wan to Outside World
  ip address 41.212.79.108 255.255.255.0
  duplex auto
  speed auto
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.1.1 255.255.255.0
  ip tcp adjust-mss 1452
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 41.212.79.1
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
  access-list 23 permit 10.10.10.0 0.0.0.7
  no cdp run
  control-plane
  scheduler max-task-time 5000
  end
  I'll appreciate any light you can shed on what am missing.

  2 wireless routers can not communicate wirelessly with each other.
  You need to connect cable between 2 routers and use the second wireless router as access point.
  Follow this link to connect Linksys router to another router.
  Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address.

• Uploading Cfg file to Cisco 831

  Really new here to Cisco. Our netwok administrator was let go and I am running the show now but am having a problem with uploading a config file to our Cisco 831 which is acting as a firewall to a T1 line. I am so newbie to Cisco so bear with me please! Our router was reset to defaults(yea, I know) and of course the config file was lost on the router but... I did find these files saved on one of our file servers. in a folder TFTP-Root
  c831-k9o3y6-mz.123-2.XC2.bin
  startup-config
  cisco831-config
  I can see the files were backed up and on this server there is a TFTP server that has been ran. Here are my questions.
  1. To get the router back to where it was with these files, which ones do I need to upload?
  2. Do I need to upload a boot file and config file or just one or the other?
  3. I did try to upload the startup-config file using telnet and got as far as the TFTP program trying to load it to the Cisco but an error came up about the security range for the TFTP didnt include 10.10.10.1??? The wierd thing is the TFTP server is 192.168.1.10 and the Cisco is 192.168.1.252. I can ping the Cisco but I cannot figure out why the Cisco is sending to the TFTP server that its IP is 10.10.10.1.
  I appreciate any help since right now our office netork has no email till I reset this.
  Thanks
  Jim

  Jim
  I do not think it is a stupid question. When you post to a public forum like this, all kinds of people will see what you post. It is wise to want to protect yourself.
  I would suggest that as a starting point that you replace any passwords with "" (or some silimar string which shows us what passwords were configured but disguises the actual password).
  I would suggest that you disguise any IP addresses that are in public address space (I believe that addresses in private space do not need to be disguised). Some people post configs with the address blanked out but I find this is sometimes counter-productive. I would suggest that you change the first octet of any public address in your config, and be careful that the first octet still shows whether this was class A, class B or class C address space. If you disguise the first octet then if the second, third, and fourth octet are the same as your config we will not have any real idea where you are, but there are valuable indications of what subnetting is being done, and perhaps other things that may be helpful.
  I believe that it is probably sufficient to disguise any passwords and disguise any public IP addresses. If you look through your config and find other things that concern you (perhaps there are comments on interfaces about what they connect to that you do not want to become public) feel free to remove or to alter/disguise them.
  And if you are really nervous about posting config details on the forum, you can email them to me privately. My email address is available through my forum profile. Some other forum contributors also make their email addresses available through their forum profile.
  HTH
  Rick