831 Router with virtual AUX; no prompt
I have 80 branch offices in which have 831 routers with US Robotics modems connected via console port for out-of-band dialin. My problem is my service provider can dialin and make configuration changes with no problem however I am unable to.
I have used both Procomm Plus and HyperTerminal programs. I have set to 8-n-1 @ 9600, Flow Control = None and Emulation is set to "Auto Detect". I can connect to each branch, but I never receive a prompt after hitting the "Enter" key.
What am I missing in my PC setup?
Router Config:
line con 0
exec-timeout 120 0
password 7
login
modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
password 7
login
transport preferred none
transport output all
From this link it looks like your router is set up correctly. Have you tried setting your emulation type to VT100? Can you ask your ISP what they use for their modem settings? Can you telnet to these routers and then reverse telnet to the modem and manually dial out?
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a6d12.html
Let us know how you make out.
Similar Messages
-
Problem with Cisco 831 router NAT translation or routing
Hello,
I’ve reviewed several post on this forum, very useful, and I think this 831 router config should allow for NAT'ng port 8080 to the ‘inside’ ip address, per this statement below. but my efforts have not been successful, no responses get back to outside client (xx.24.40). clients on inside can communicate outbound fine. The iis server at .10.3 is definitely up and running on port 8080. I know this is probably a duplicate of other posts but if anyone can pinpoint my error I would really appreciate it!!
ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
Here is some debug ip nat output when attemping to connect on port 8080, do not get response back from server to external client (xx.24.40)….
Feb 03 13:22:49 10.10.10.1 297472: *Mar 2 00:09:31.894: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21674]
Feb 03 13:22:49 10.10.10.1 297473: *Mar 2 00:09:31.894: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21674]
Feb 03 13:22:52 10.10.10.1 297474: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21678]
Feb 03 13:22:52 10.10.10.1 297475: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21678]
Feb 03 13:22:52 10.10.10.1 297476: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21679]
Feb 03 13:22:52 10.10.10.1 297477: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21679]
Feb 03 13:22:58 10.10.10.1 297478: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21684]
Feb 03 13:22:58 10.10.10.1 297479: *Mar 2 00:09:40.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21684]
Feb 03 13:22:58 10.10.10.1 297480: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21685]
Feb 03 13:22:58 10.10.10.1 297481: *Mar 2 00:09:40.910: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21685]
Feb 03 13:23:10 10.10.10.1 297482: *Mar 2 00:09:52.922: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21698]
Feb 03 13:23:10 10.10.10.1 297483: *Mar 2 00:09:52.922: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21698]
Feb 03 13:23:13 10.10.10.1 297484: *Mar 2 00:09:55.930: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21702]
Feb 03 13:23:13 10.10.10.1 297485: *Mar 2 00:09:55.930: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21702]
Feb 03 13:23:19 10.10.10.1 297486: *Mar 2 00:10:01.934: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21709]
Feb 03 13:23:19 10.10.10.1 297487: *Mar 2 00:10:01.934: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21709]
Feb 03 13:23:58 10.10.10.1 297489: *Mar 2 00:10:41.306: NAT: expiring xx.xx.254.128 (10.10.10.3) tcp 8080 (8080)
538-R1023-C830#sh running-config full
Building configuration...
Current configuration : 4329 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 538-R1023-C830
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no logging console
no aaa new-model
resource policy
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.1.18.152
lease 0 2
ip cef
ip domain list sd.cox.net
ip domain name sd.cox.net
no ip ips deny-action ips-interface
no ftp-server write-enable
crypto pki trustpoint TP-self-signed-75609932
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-75609932
revocation-check none
rsakeypair TP-self-signed-75609932
crypto pki certificate chain TP-self-signed-75609932
certificate self-signed 01
<snip>
interface Ethernet0
description inside
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Ethernet1
description outside
ip address dhcp
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
interface Ethernet2
no ip address
shutdown
interface FastEthernet1
no ip address
duplex auto
speed auto
interface FastEthernet2
no ip address
duplex auto
speed auto
interface FastEthernet3
no ip address
duplex auto
speed auto
interface FastEthernet4
no ip address
duplex auto
speed auto
no ip classless
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
logging trap debugging
logging 10.10.10.3
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip any any
control-plane
banner login ^C
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
endHi Alain,
yes, the client i was testing with is on the same subnet as public router ip. Good thought on the firewall, I will disable any firewall on iis machine (my laptop) and re-test. will reply with those results on Monday. ultimately i'm needing to test nat for port 9100 to a printer, I'll add that and test as well, firewall shouldn't be a factor with printer.
thank you.
Grant -
RA VPN into ASA5505 behind C871 Router with one public IP address
Hello,
I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
The public IP address is assigned to the outside interface of the C871. The C871 forwards incoming traffic UDP 500, 4500, and esp to the outside interface of the ASA that has a private IP address. The PC1 can establish a secure tunnel to the ASA. However, it is not able to ping or access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand removing C871 and just use ASA makes VPN much simpler and easier, but I like to understand why it is not working with the current setup and learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname router
boot-start-marker
boot-end-marker
enable password 7 xxxx
aaa new-model
aaa session-id common
clock timezone UTC -8
clock summer-time PDT recurring
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp pool dhcp-vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
ip cef
ip domain name xxxx.local
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
username xxxx password 7 xxxx
ip ssh version 2
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN Interface
ip address 1.1.1.2 255.255.255.252
ip access-group wna-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface Vlan1
no ip address
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description router-asa
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-pat interface FastEthernet4 overload
ip nat inside source static 10.10.10.1 interface FastEthernet4
ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
ip nat inside source static esp 10.10.10.2 interface FastEthernet4
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.10.10.0 255.255.255.252 10.10.10.2
ip route 192.168.2.0 255.255.255.0 10.10.10.2
ip access-list standard ssh
permit 0.0.0.0 255.255.255.0 log
permit any log
ip access-list extended nat-pat
deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended wan-in
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.255.0.0 0.0.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 0.0.0.0 any
deny icmp any any fragments log
permit tcp any any established
permit icmp any any net-unreachable
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny ip any any log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class ssh in
exec-timeout 5 0
logging synchronous
transport input ssh
scheduler max-task-time 5000
end
ASA:
ASA Version 9.1(2)
hostname asa
domain-name xxxx.local
enable password xxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxx encrypted
names
ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
interface Ethernet0/0
switchport trunk allowed vlan 2,10
switchport mode trunk
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
ftp mode passive
clock timezone UTC -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name xxxx.local
object network vlan2-mapped
subnet 192.168.2.0 255.255.255.0
object network vlan2-real
subnet 192.168.2.0 255.255.255.0
object network vpn-192.168.100.0
subnet 192.168.100.0 255.255.255.224
object network lan-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
object network vlan2-real
nat (inside,outside) static vlan2-mapped
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh 10.10.10.1 255.255.255.255 outside
ssh timeout 20
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy vpn internal
group-policy vpn attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split
default-domain value xxxx.local
username xxxx password xxxx encrypted privilege 15
tunnel-group vpn type remote-access
tunnel-group vpn general-attributes
address-pool vpn-pool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ikev1 pre-shared-key xxxx
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
: endHi,
I think, that you want control all outbound traffic from the LAN to the outside by ASA.
I suggest some modifications as shown below.
C871:
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.2 255.255.255.0
no ip nat inside
no ip proxy-arp
ip virtual-reassembly
ip access-list extended nat-pat
no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
no permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ASA 5505:
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
Try them out and response.
Best regards,
MB -
DSL w/831 router configuration questions
Hi all -
- DSL service with 1 static IP address
- DSL modem configured for "bridge mode"
- 831 router
There are some things I don't understand about all this.
#1: In order to make all this work, I need to have the PPPoE stuff configured on the router, yes?
#2: Do I need to have the "interface Dialer1" configured? And if not, can I put the DSL login info in the "interface Ethernet1" section?
#3: Do I need to explicitly set up NAT? I want my internal clients to get IPs on the 10.10.10.0 network and they need to have full Internet access.
#4: I think I don't understand how the routing should be set up.
#5: Any other helpful hints, I'll gladly take!!
Here's my config:
!This is the running config of the router: 10.10.10.1
!version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging buffered 52000 debugging
enable secret xxxx
username user password xxxx
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 205.152.xx.xx 205.152.xx.xx
lease 0 2
no ip domain lookup
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
no crypto isakmp enable
interface Ethernet0
description Inside network$ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
interface Ethernet1
description Outside network, DSL connection
ip address 72.151.yy.yy 255.255.255.0
ip nat outside
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
interface FastEthernet1
no ip address
duplex auto
speed auto
interface FastEthernet2
no ip address
duplex auto
speed auto
interface FastEthernet3
no ip address
duplex auto
speed auto
interface FastEthernet4
no ip address
duplex auto
speed auto
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username [email protected] password xxxx
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1 permanent
ip http server
no ip http secure-server
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
control-plane
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
scheduler max-task-time 5000
endI've mostly the same config, but eth1 with no ip address and modem NOT in bridge mode! Try this ...
-
Setup 1941 router with cable modem and 2 vlan?
hello everyone,
i need a little help setting up my new 1941 router with cable modem using 2 vlns.
this is what i have:
1- 1941 router configured as g0/0 wan port facing isp configured as (dhcp). g0/1 is lan facing the switch (192.168.1.1)
dhcp pool (192.168.1.x)
2- sg300-28pp switch.
3- wap371 AP/ 11pcs..
now everything is working perfect except sometimes we have more than 250 to 300 people trying to connect to the wifi, the router will have no enough ip addresses.
i heard that i can setup 2 vlans to solve this problem? and is there any setup that i have to do on switch and Access points?
please i will appreciate any little help
Regardshello Andre Neethling i added network 192.168.0.0 255.255.254.0 to dhcp pool config and it seems that it is working but i am concern that i am going to have problem in the future so please take a look at the running config and let me know if i have everything done right. also we want to order static ip address from the provider for our security camera system and we will not longer receive dhcp ip from them and my router setup is to receive it as dhcp on g0/0 so what i should do about changing the settings on g0/0?
i appreciate your help
Building configuration...
Current configuration : 1163 bytes
! Last configuration change at 00:46:35 UTC Wed Apr 15 2015
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Abdullah
boot-start-marker
boot-end-marker
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp pool Local
import all
network 192.168.0.0 255.255.254.0
default-router 192.168.1.1
multilink bundle-name authenticated
license udi pid CISCO1941/K9 sn FTX1523022E
redundancy
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
control-plane
line con 0
line aux 0
line vty 0 4
login
scheduler allocate 20000 1000
end -
How To Use Your Own Router with Out Loosing Verizon's FIOS Services
How to use your own router with Verizon’s FIOS Service
First, you need a basic understanding of how FIOS works but unfortunately there are two types of FIOS systems out there. All of the systems utilize a fiber optic cable to bring TV, phone and internet to your location over one optic cable. In addition these systems provide interactivity including widgets, remote DVR, movies on demand and so forth via an IP (Internet Protocol) signal. Your STB (Set Tip Box) requires both a video and IP signal. The IP signal is necessary for all of the aforementioned interactivity. The fiber cable terminates at the Optical Network Terminal or ONT for short. The ONT converts the optics into a digital signal that can be utilized by ones equipment. From the ONT your video, phone and internet are provided to the location. This is where things can differ as the internet signal can be provided via a coaxial (MoCA or Multimedia over Coax Alliance) or RJ45 Cat5 (Ethernet) cable. It is important to identify and understand the differences of these two setups. In my case I have my internet entering via Ethernet cable, which in my humble opinion makes things a heck of a lot easier.
How does one tell the difference? In most cases it’s rather simple; just look at the Verizon’s router WAN (Wide Area Network) Port. Does it have a RJ45 (Ethernet) or Coax (TV cable Cord) going to it? If the router’s WAN port doesn’t have a coaxial connector then one will need to convert the MoCA signal into a usable Ethernet signal that routers understand. The easiest way is to use Verizon’s router as a bridge. In this method the Verizon’s router simply converts the signal and passes it along to your own router. The challenge is to try to maintain the interactivity that FIOS TV provides. Because of this one needs to supply the IP routed signal back to the FIOS router. There are multiple methods for doing this and I would recommend investigates which one make the most sense.
In my particular case the IP signal was provided by Ethernet. Again there are various ways of installing one’s own router. The hardest is to utilize Verizon’s router as a bridge. This setup requires configuring Verizon’s router as a bridge and also creating a VLAN (Virtual Local Area Networks). In addition one needs to set up their own router so it will work with the various routing tables and networks. For me this is too complex for the average person and it can be difficult to trouble shoot if something goes wrong. Please consider that Verizon will not support utilizing third party routers.
The easier method is to request an Ethernet signal (if you don’t already have one) from their ONT. I would highly recommend getting your hands on a NIM or Network Interface Module. This device is used to convert Ethernet to Coaxial so it can be fed back to your STBs. These can be purchased online and Verizon technicians can be a valuable resource with these sorts of acquisition. At the very least they can point you to the right direction. Once you have a NIM the rest is rather simple.
Log into the current Verizon Router.
Located the router’s MAC address and copy it down.
Go to the port forwarding section and copy down the Applied Rules.
Example:
Network Computer/Device: 192.168.1.100:63145
Application & Ports Forward: Application UDP Any -> 6347
Note: There may be up to three entries for each one of your Set Top Boxes.
Look at your current device list, typically found on the home screen. Copy down your STB MAC and IP address.
Example:
IP-STB1
Connection Type: Ethernet
* IP Address: 192.168.1.100
IP Address Allocation: DHCP
*MAC Address: 07:73:fFe:ad:8b:3f
* Things you will need to write down
Go to the network section and look for the main Ethernet connection. Select this and then select more setting, typically found at the bottom. Release the current lease.
Remove the Verizon router
Install your router
Connect the NIM by plugging in an Ethernet from one of the routers LAN (Local Area Network) ports to your NIM. Then connect the coax cable, the same cable that was used by Verizon router.
Set you DHCP routing IP pool to accommodate Verizon’s STB IP’s (note their IP’s start at 192.168.1.100)
Go to DHCP section and reserve the STB IP’s by inserting the IP’s and MAC addresses. This shall ensure that nothing else utilizes the same IPs as the STBs thereby preventing IP address conflict.
Add the port forwards from Step 5 above.
Clone Verizon’s Mac Address utilizing the info from step 2
Finish setting up the router in typical fashion.
Unplug and re-plugin your STB’s and test functionality. It’s best to try using a widget or Movie on demand function.
Note: if the new router can net get an internet signal contact Verizon’s support and have them release the IP and reset the ONT.
EVERYTHING should be working at this point.3 Go to the port forwarding section and copy down the Applied Rules.
Example:
Network Computer/Device: 192.168.1.100:63145
Application & Ports Forward: Application UDP Any -> 6347
Note: There may be up to three entries for each one of your Set Top Boxes.G
Your display obviously is not like mine as mine does not dosplay the port associated with the ip address
whatever, the STB's start at 192.168.1.100 and icement by 1 for each
the port addr's will be 63145 alo incrementing by 1
there is 1 entry for each in my pf list
however each ip addr also has a port entry starting at 35000 also incrementing by 1 for each ip addr
For some unknow reason these are duplicated e.g I appear to have 11 entries exaactly the same for each stb and as the fios services rules have no action switc there is nowhere to delete the extraneous garbage.
Why do you clone the mac addr?? -
Cisco 831 Router to Configure VPN Access
Hello,
I need assistance in configuring a VPN in a Cisco 831 Router. I do not have any experience in configuring routers and VPN's, and would appreciate if any one could help out.
I would like to connect three Laptops to the Cisco 831 via Cisco VPN Client. Three laptops must have 10.42.6.x Address assigned by the router on the VPN Connection. They will also need access to the internal network which is 192.168.x.x private network. The Cisco has a Static IP on the Internal Interface and External Interface. I have tried several different ways of doing this, however I must be doing something wrong in my config.
Any help or suggestions would be appreciated.Hi Robert
You can refer the below link in finding out the exact config to start with.
do make sure that your Cisco 831 box with the current IOS code installed in it supports the required feature to run the same..
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor16
regds -
Difficulty with Virtual Named hosts on Web Ser
I am having a difficult time with creating Several Virtual Named Hosts with Apache2. I am trying not to use the Apache Manual modifications to the config file, sothat I can stil manage cia Server Admin. I am running OSX 10.5.2 and have several domains registered . Additionally I have a DNS Server running on the Xserver the primary zone is yadayadayada.com with zone as follows;
yadayadayada.com. Primary Zone
www.yadayadayada.com. ALIAS yadayada.com.
machineyada Machine 74.11.11.11
HomePage Service machineyada.yadayadayada.com:80
I have reverse Zones, and a Secondary zones setup for my DSL Service provider and my Domain host. I have two DSL Lines setup using a Cisco router , the cisco router provides DHCP , and multiplexes the two DSL lines to share bandwidth.
the web is setup as follows;
Domain_Name Address Port
* 80
yadayadayada.com. * 80
yadayadayada1.com * 80
I dont have Realms setup and all other Web config parameters are set as default
my name servers are registered , and have propagated verified by a nslookup. I have them setup to point to the same phydical server using the multiplexed ip adresses i.e.
ns1.yadayadayada.com 74.11.11.11
ns2.yadayadayada.com 74.11.11.12
when I browse to either www.yadayadayada.com or www.yadayadayada1.com I get the default website, when the default web is deactivated i receive server not available .
According to the documentation once you have a unique domain name and a Zone for that domain you should be able to host multiple Named Virtual hosts, however after explicitly following the "Vague" directions I am still not able to get the configuration to return the correct sites. does anyone have any experiance with Virtual Named hosts, or must i resort to the Apache Docs ?
Thanks for the assistance in advance.Obfuscating the domain name often leads to confusion - for example are errors introduced via typos in the obfuscation?
Given the information that you've posted, your DNS isn't setup correctly.
You're trying to access 'www.yadaydayada.com', but you don't have any 'www' record in your 'yadayadayada.com' zone file. However, since you seem to get a response from the web server clearly you have some kind of additional DNS setup that you're not posting here.
In any case, as far as Apache is concerned, there is no relationship between 'yadayadayada.com' and 'www.yadayadayada.com'. They are two completely different hostnames and I wouldn't expect Apache to serve yadayadayada.com's web site when you're trying to access 'www.yadayadayada.com'. You'll need to either assign a server alias for the other domain, or add an additional Virtual host for 'www.yadayadayada.com' (and make sure the DNS points to the right place, of course). -
Solaris as a guest OS with Virtual PC running Mac OS X as a host OS
Trying to instal Solaris as a guest OS - 5 times with Connectix Virtual PC 6 (Mac OS X - host OS) and once with MS Virtual PC 7. No success !
Everything's going well (Solaris detected video card and monitor) text based instal and GUI-based(finished instal CD1), until you need to reboot, to continue to proceed next.
After reboot message: X-window X11 cannot to be found but Install Lancher(GUI) is starting and ... unspectualy crushed.
Sort of message press return to reboot. rebooting.
loging with text:
root and password.
The question: How to re-start Install Lancher?
xinit : not found
startx: not found
Trying with VESA video card with minimum video effect - ZERO NOTHING !!!
THE QUESTION: HOW TO RE-START INSTALL LANCHER ? HELP will be appreciated
P.S. I have Mac Mini with Mac OS X Tiger There is no problem to install any Linux OS with Virtual PC 6 or even VP 7
I think Sun have to do something to make Solaris x86 as a guest OS run on
Virtual PCph0enix2002:
sys-unconfig [ENTER]
select XOrg when and entere other various config parameters when prompted
Please be more specific What is "entere other various config parameters when prompted" ?
What is your host system ? Mac OS X or MS Windows?
What is your version Virtual PC ?
How to re-start install lancher? I stuck whith first CD installed and must continue with second install CD 2 and all other stuff
[img] http://www.pix05.com/f/solaris_picture_12997.gif
How to re-start install lancher ? -
Cisco 3925 router with an ATM E3 card that never goes down!
Hi all,
We a Cisco 3925 router with an ATM E3 card (NM-1A-T3/E3) configured as below with 1 PVC. we see that the ATM subinterface we created for the PVC never goes down! not even when the WAN link is down! The problem with this is we are tracking the line protocol of the ATM sub interface to have VRRP failover to standby router. But because of this issue only BGP goes down whenever the WAN is down & line-protocol of the Subinterface remains up, the failover never happens & site is down. We can configure VRRP to track reachability of a BGP route as workaround but I would like an explanation or troubleshooting steps to check whats the trouble with current setup?
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.1(2)T4.1, MAINTENANCE INTERIM SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 30-Aug-11 08:44 by prod_rel_team
card type e3 1
interface ATM1/0
description Link to PE
mtu 1500
bandwidth 34010
no ip address
no ip proxy-arp
logging event subif-link-status
no atm ilmi-keepalive
no atm enable-ilmi-trap
end
interface ATM1/0.101 point-to-point
description PVC to MPLS PE
mtu 1500
bandwidth 2500
ip address a.b.c.d 255.255.255.252
no ip proxy-arp
ip flow monitor FMforIP4in sampler ata1to100 input
ip flow monitor FMforIP4out sampler ata1to100 output
ip nat outside
ip virtual-reassembly in
no atm enable-ilmi-trap
snmp trap link-status
pvc 1/101
vbr-nrt 8192 8192 1
vc-hold-queue 2048
oam-pvc manage
oam retry 3 5 1
oam ais-rdi 15 3
encapsulation aal5snap
protocol ip inarp
queue-depth 5 3
service-policy out Edge_Queueing
end
Thanks a lot in advance!Your router has some configuration on it already and it would help us give you better advice if we knew what is already in the configuration. So would you post the output of show running-config (if there is sensitive information like addresses and passwords you can mask them out.
Changing the configuration register was a good start. I have a couple questions/observations that may help you get started. I notice what appears to be the same public IP address on Gig0/0 and on multilink. Did you get that address from your ISP? If so what kind of connection do you have to the ISP?
In your description you tell us that Gig0/0 is connected to a small switch, which I assume is for the LAN of your network. But that also is the interface where the public address is configured. So I am confused whether this interface is for LAN or for connecting to the ISP. Can you clarify this?
HTH
Rick -
Disappearing IPsec routes with RRI
Hi all,
I am trying to set up a pair of 1941 routers in a HA configuration to act as L2L VPN gateways. The active router of the pair should distribute routes to the remote destinations using OSPF to internal routers. The VPN part is working fine and the routers are correctly advertising routes to internal hosts, however my problem is that when an IPsec sessions disconnect, the routes disappear and therefore internal hosts cannot reestablish a connection. If the remote end establishes a connection, the routes appear again and connectivity is restored.
My setup is as follows:
(ASA) --> (pvpn01 & pvpn02 HA pair) --> (internet) --> (remote peer)
Relevant sections from my config:
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 10.26.100.246
retransmit-timeout 300 10000
path-retransmit 10
assoc-retransmit 10
remote-port 5000
remote-ip 10.26.100.247
track 1 interface GigabitEthernet0/1 line-protocol
track 2 interface GigabitEthernet0/0 line-protocol
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 600
crypto isakmp key xxxxxx address 79.171.99.80
crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac
crypto map outsidemap 10000 ipsec-isakmp
set peer 79.171.99.80
set security-association lifetime seconds 600
set transform-set aes-sha
match address vpn_ospftest_acl
reverse-route static
interface GigabitEthernet0/0
ip address 10.26.100.246 255.255.255.0
no ip proxy-arp
ip verify unicast reverse-path
ip ospf message-digest-key 1 md5 xxxxxxx
duplex auto
speed auto
interface GigabitEthernet0/1
description outside
ip address 91.216.255.246 255.255.255.240
no ip proxy-arp
ip verify unicast reverse-path
standby delay minimum 120 reload 120
standby 1 ip 91.216.255.248
standby 1 preempt
standby 1 authentication md5 key-string xxxxxxx
standby 1 name pvpn_external
standby 1 track 2 decrement 10
ip ospf message-digest-key 1 md5 xxxxxxx
duplex auto
speed auto
crypto map outsidemap redundancy pvpn_external stateful
router ospf 1
router-id 91.216.255.246
no compatible rfc1583
log-adjacency-changes detail
area 0 authentication message-digest
redistribute static subnets route-map rmap_ospf_redistribute
network 10.26.100.0 0.0.0.255 area 0
network 91.216.255.240 0.0.0.15 area 0
ip route 0.0.0.0 0.0.0.0 91.216.255.241
ip route 10.26.0.0 255.255.0.0 10.26.100.1
ip access-list standard acl_osfp_redistribute
permit 192.168.66.0 0.0.0.255
ip access-list extended vpn_ospftest_acl
permit ip 10.26.0.0 0.0.255.255 192.168.66.0 0.0.0.255
route-map rmap_ospf_redistribute permit 10000
match ip address acl_ospf_redistribute
The other router in the pair has exactly the same config except with different interface IPs. The remote end is configured to talk to the HA address
91.216.255.248.
The VPN routers are both running IOS version 15.0(1r)M9.
When I initially boot the routers, the route for 192.168.66.0/24 appears in 'show crypto route', and is advertised to neighboring routers. If I ping an address on that network an SA is established and stays active as long as there is traffic flowing.
pvpn02#show crypto route
VPN Routing Table: Shows RRI and VTI created routes
Codes: RRI - Reverse-Route, VTI- Virtual Tunnel Interface
S - Static Map ACLs
Routes created in table GLOBAL DEFAULT
192.168.66.0/255.255.255.0 [1/0] via 79.171.99.80 tag 0
on GigabitEthernet0/1 RRI S
If I then stop traffic flowing over the tunnel and wait until the IPsec SA lifetime is expired, the route is deleted from the system routing table and therefore not distributed by OSPF. The result is that internal hosts cannot reestablish the tunnel as the other routers have no route to the 192.168.66.0/24 network.
Is this a bug, or is there another way to get the RRI routes to persist on the active router? My understanding of the docs suggests that this should work.
I've attached a log from the active router. It is taken with 'debug crypto ipsec' enabled.
Thanks in advance,
DavidHi David,
it sounds like you are hitting a bug, possibly this one:
CSCtr87413 RRI static Route disappear after receiving delete notify and DPD failure
Note that 15.0(1r)M9 is not your IOS version, the "r" means this is the bootstrap version.
Also notet that the bug mentioned above affects 15.0 as well as 15.1 but is only fixed in 15.1(4)M3 and later (and supposedly, 15.2 is not affected).
hth
Herbert -
I am trying to connect a Windows 7 / 64 bit to an Epson printer on my Mac. The printer is hooked into the Mac via USB; the Mac is networked to a Linksys wireless router with an ethernet cable, as is the Windows box. I installed the current Bonjour printer services software on the Windows machine, and separately installed the driver software for the Epson printer on the WIndows machine. Running the bonjour wizard, I get an alert saying 'I don't have sufficient access to my computer to connect to the selected printer'.
The printer has 'sharing' turned on from the Mac end; this works with a Powerbook via the wireless connection. Sharing is also turned on in the Windows printer control panel for this printer (under properties). The Mac is a G5 running 10.5.8. When I try to print a page from the Windows machine it gets hung in the print queue.
Any advice how to proceed would be appreciated!
thx,I am trying to connect a Windows 7 / 64 bit to an Epson printer on my Mac. The printer is hooked into the Mac via USB; the Mac is networked to a Linksys wireless router with an ethernet cable, as is the Windows box. I installed the current Bonjour printer services software on the Windows machine, and separately installed the driver software for the Epson printer on the WIndows machine. Running the bonjour wizard, I get an alert saying 'I don't have sufficient access to my computer to connect to the selected printer'.
The printer has 'sharing' turned on from the Mac end; this works with a Powerbook via the wireless connection. Sharing is also turned on in the Windows printer control panel for this printer (under properties). The Mac is a G5 running 10.5.8. When I try to print a page from the Windows machine it gets hung in the print queue.
Any advice how to proceed would be appreciated!
thx, -
My wife and i have an iPhone 5 6.1.2 firmware.. We both are having horrible wifi signals. We have done everything we can.. What update will fix this? I get full bars on my iPad 2 through my whole house.. Be standing right beside the router with iPhones and it cuts in and out.. Drops from 3 wifi bars to 1
I am having the same problem with brand new Ipad Mini at my house.
It connects to the WiFi fine - but will not pull an IP address in DHCP mode, or if I set all the IP info statically - it still will not get any network access.
This doesn't look like a WiFi issue, as it does connect and is seen by the WiFi Access Point. All the normal WiFi fix stuff doesn't help.
- Using a Dlink DAP-2553 which is less than 2 months old.
Other devices connect fine, including Ipad 2.
This same Mini worked fine at another house and also connected to a mobile hotspot fine....so seems to be some weird IP issue with maybe this Access Point or maybe the older Router that I have (older Netgear)?
I am actually a network engineer and still have not been able to find a solution. Both the Ipad Mini and the Dlink WAP have the latest firmware loaded.
Wondering if anyone has found a solution to this problem. -
Having trouble setting up a linksys WRT54GS router with v...
Having trouble setting up a linksys WRT54GS router with verizon DSL using a westell 6100F modem. the modem works fine by its self but the router will not connect to the internet when installed like the cd tells you to.
online help and phone help has been less than helpful, anyone have any Ideas?Ok I found " Installing the liksys wireless router with a westell 6100 modem" in the verizon troubleshooting guides. printed the instructions so I would'nt forget. step 1 open your web browser and enter http://192.168.1.1 in the address field. PROBLEM it comes up with a login screen that I don't know how to sign into. tried the obvious stuff. cannot get past the login screen. I knew this sounded to easy to be true. anyone have any ideas?
-
How to extend a wifi network of third party router with TC 4th generation?
After searching the communities for a while, I did not find a definitive answer on the following question:
- I recently bought a 4th generation Time Capsule 2TB (MD0322/A), that I also want to use as an extension for our existing wifi network.
- This wifi network is maintained by a Sitecom Wireless 300N XR Gigabit Router. Router is set to work over 2.4 GHz (B+G+N) because of several non-N-wifi devices in the network. The channel in use is currently 11.
- This router provides so called WDS functionality, i.e. the ability for other wifi access points to act as a seamless extension of the basic wifi network (using the same SSID).
- The security settings in the router are WPA2 Mixed, with a password in plain ASCII.
- There seems to be no way to set different security levels for WDS-connections versus normal AP (access point) connections. If WDS is enabled, the security settings of the AP-mode are extended to the WDS connection.
I have set the Sitecom router to enable WDS, and added the MAC-address of the TC in the configuration of this router.
When configuring the Time Capsule, with Airport Utility 5.5.3, I can select the option to use TC to extend an existing network, and I can select the network of choice using the WPA personal or WPA/WPA personal security. However, the TC does not succeed in extending the network, and reports this back. If I manually configure the TC and select the network of choice, Airport Utility reports back that the selected network cannot be extended.
I have read several times in other posts that Time Capsule can only connect to third party routers via WDS using WEP-authentication, but these posts were quite old. I was wondering if this is still the case, or that Apple has updated this functionality in newer versions of TC, and thus there could exist a trick to connect to a WDS using WPA.
I really would appreciate suggestions
Bram Bosgilles13 wrote:
I have a mac and pc (win7) both are connected thru a network with wifi and allready two access pt.
Airport can not be used to extend a WiFi created by a non-Apple box.
You need to turn off the radio in the router (shut down the existing WiFi). Purchase TWO Airport Express units. Connect one to the router with an Ethernet cable. Configure that one as your primary WiFi network and then use the second Express as the extender.
You need to locate the second Express where it receives a decent WiFi signal. Too far away and it has nothing to extend. Too close and it doesn't buy you anything. Before you plug in the second Express, check to see where the primary WiFi disappears completely. My personal WAG is that you want to locate the second Express 2/3 the distance to that point.
If you use Airport Utility to configure the units, it's a snap. In fact, if you configure the primary first and the extender second, AU will default to exactly the settings that you want.
By the way, I refereed to the Express because it's less expensive than the Extreme and you didn't indicate any need for the Extreme features.
Maybe you are looking for
-
Unable to load applet on one machine, but runs fine on others
Hi there I have created and deployed, successfully, a JavaFX applet which I tested on my development machine and a separate machine and all is fine. The Applet with its associated HTML, JNLP and JAR file reside on a webserver, and my testing was stil
-
Error in executing WAD web template
Hi All, I am executing the query/WAD template. I can run the query/template but it does not give me data at the output. I need to execute WAD template which are not giving data at the output. Currently the template is getting executed but it is showi
-
8.1.7 Installer load failure
- Server name - Filename : Win817Client.zip - Date: 2/25/02 11:45 - Broswer: Internet Explore (5) - OS: Win 2000 - none AutoRun window pops-up, but when I click on the install/deinstall button, hour glass shows momentarily but never get LOADING splas
-
Photoshop CC 2014 in Creative Cloud reported as CS6?
Macbook Pro OSX 10.9.4 All CC progs uninstalled and reinstalled and CC cleaner used. All programs working fine but CC still reports PS CC2014 as CS6 not as it is, PS6 long gone from the computer. Is there a file missed somewhere?
-
I have a firefox sync account, however every time I go to the Tools --> Options --> Sync tab nothing is there but the "Set Up Firefox Sync" option. I have reset this multiple times on multiple PCs (and received the "Device Connected" message with the