Adding lan pool to cisco router

dear all ,
i work as a network engineer in a company and need a help.
i work in head office and we also have a branch office , we are configuring a DR site so first we kept all the servers in HO for testing but our clients need to assign a branch office lan ip and the same gateway on a DR server in head office ,later we l move to DR
HO
ip:192.168.100.XXX
subnet: 255.255.255.0
gateway:1192.168.100.1
branch
ip:192.168.102.XXX
subnet:255.255.255.0
gateway:192.168.102.1
so, i tried to asign a IP     192.168.102.250
                                   subnet: 255.255.255.000
                                     gateway:192.168.102.1
this is what the clients need but after a assign i am not able to ping any HO lan ip from this machine but i am able to ping this machine from other machines in HO
i think we need to add branch office lan pool in HO router is it rite or what should i do..
here is my HO router configuration
interface FastEthernet4.1004
interface FastEthernet4.1175
encapsulation dot1Q 1175
ip address 94.77.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly in
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!f
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
interface Vlan1
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet4.1175 overload
ip route 0.0.0.0 0.0.0.0 94.77.XXX.XXX
access-list 10 permit 192.168.100.0 0.0.0.255
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
login local
transport input all
end

Hi,
Sounds like ip routing problem here. How are HO and branch offices connected? Network topology would be helpful.
Hope it will help.
Best regards,
Abzal

Similar Messages

Remote access VPN with Cisco Router - Can not get the Internal Lan .

Dear Sir ,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Below is the IP address of the device.
Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
IP address:10.10.10.1
Mask:255.255.255.0 F0/0
IP Address :20.20.20.1
Mask :255.255.255.0
F0/1
IP address :192.168.1.3
Mask:255.255.255.0
F0/0
IP address :20.20.20.2
Mask :255.255.255.0
F0/1
IP address :192.168.1.1
Mask:255.255.255.0
I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
Need your help to fix the problem.
Router R2 Configuration :!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip tcp synwait-time 5
interface FastEthernet0/0
ip address 20.20.20.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
end
Router R1 Configuration :
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login USERAUTH local
aaa authorization network NETAUTHORIZE local
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
username vpnuser password 0 strongpassword
ip tcp synwait-time 5
crypto keyring vpnclientskey
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group remotevpn
key cisco123
dns 192.168.1.2
wins 192.168.1.2
domain mycompany.com
pool vpnpool
acl VPN-ACL
crypto isakmp profile remoteclients
description remote access vpn clients
keyring vpnclientskey
match identity group remotevpn
client authentication list USERAUTH
isakmp authorization list NETAUTHORIZE
client configuration address respond
crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set TRSET
set isakmp-profile remoteclients
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
interface FastEthernet0/0
ip address 20.20.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPNMAP
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip forward-protocol nd
ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
no ip http server
no ip http secure-server
ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
ip access-list extended NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
end

Dear All,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Waiting for your responce .
--Milon

Cant ping behind cisco router (site2site vpn)

Dears;
After configure site to site vpn between cisco router and fortigate firewall,
site A : 10.0.0.0/24     behind fortigate
site B: 10.10.10.0/24 behind cisco router
the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
my cisco router configuration is
Current configuration : 2947 bytes
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
boot-start-marker
boot-end-marker
enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
no aaa new-model
memory-size iomem 10
clock timezone cairo 2 0
crypto pki token default removal timeout 0
ip source-route
ip dhcp excluded-address 192.168.16.1
ip dhcp excluded-address 10.10.10.1 10.10.10.10
ip dhcp pool GUEST
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool LAN
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8 8.8.4.4
ip cef
controller VDSL 0
ip ssh version 2
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 5
crypto isakmp key 6 *********** address 4.x.x.x no-xauth
crypto ipsec transform-set myset esp-aes esp-sha256-hmac
crypto map kon-map 10 ipsec-isakmp
set peer 4.x.x.x
set transform-set myset
set pfs group5
match address 105
interface Ethernet0
no ip address
no fair-queue
interface ATM0
no ip address
ip mtu 1452
ip tcp adjust-mss 1452
no atm ilmi-keepalive
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan2
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username
crypto map kon-map
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 100 deny   ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.16.0 0.0.0.255 any
access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
banner motd ^C^C
end
when ping from cisco router
konsuler#ping 10.0.0.27 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Success rate is 0 percent (0/5)
help please

Thank you karsten
I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
-counters in
# sh crypto ipsec sa
increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
r#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer1
Uptime: 00:03:12
Session status: UP-ACTIVE
Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
      Phase1_id: 4.x.x.x
      Desc: (none)
IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
          Capabilities:(none) connid:2001 lifetime:22:39:59
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
        Active SAs: 2, origin: crypto map
        Inbound: #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
        Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407

Not able to telnet or ssh to outside interface of ASA and Cisco Router

Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YK

Hello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards,

Site-to-Site VPN between Cisco ASA 5505 (8.4) and Cisco Router (IOS 15.2)

Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: end

Thanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
      Desc: (none)
      Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
        Active SAs: 0, origin: crypto map
        Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
        Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help.

Help with Remote access VPN on Cisco router 3925 via Dialer Interface

Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
        quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
Thanks

Hi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0         192.168.1.1     YES NVRAM up                    up
GigabitEthernet0/1         unassigned      YES NVRAM up                    up
GigabitEthernet0/2         unassigned      YES NVRAM up                    up
Dialer1                    210.245.54.49   YES IPCP   up                    up
Dialer2                    101.99.7.73     YES IPCP   up                    up
NVI0                       192.168.1.1     YES unset up                    up
Virtual-Access1            unassigned      YES unset up                    up
Virtual-Access2            unassigned      YES unset up                    up
Virtual-Access3            unassigned      YES unset up                    up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much !

Cisco Router - Bandwidth Guarantee

Hi Cisco Community,
In my office I have 2 Mbp/s (Down) internet speed and 2 Mbp/s (Up).
My LAN network is 192.168.10.0/24
My Laptop IP is: 192.168.10.9/24
** I need a cisco router configuration to guarantee 99.99% All Traffic
[TCP&UDP 1-65535] from my Laptop to 1 Mbp/s (Down) and 1 Mbps (Up)
I need to do this because, sometimes I need to watch some videos or download files and others employes are eating the Bandwidth.
The Point is Guarantee my speeds, it doesn't matter if others users are downloading or watching... I need the rate guarantee of 1 Mbp/s Up and 1 Mbp/s Down.
My router is Cisco 800
Thanks
Manuel

Still waiting...................

How to setup Guest Network Name in Cisco Router

Hello everyone!
The first. Sorry my english =)
I want tald you how to change guest network name in cisco (what have different name)
What we need.
1. Cisco Connect for Mac OSX (i use snow leopard and Cisco Connect for E3000)
2. Terminal
Okay. Let's go.
1. Install Cisco Connect for OSX
2. After setup - slighty setup your cisco router (give something name and password), then, when cisco connect say you "You now connected the internet" and going to main screen - exit from cisco connect
3. Open Terminal (Or you can use Finder (go to Application, show package content Cisco Connect))
4. Go to /Application/Cisco Connect.app/Contents/Resources/lcid/<your setup language, for english - go 1033>/
5. Edit resource_strings.pus (vi resource_strings.pus)
6. Change "-guest" in string <LocalizableString RcFileId='10019' BaseTextHash='0xA65E286D' BaseText='-guest'/> for something what you want. For example, i changed for ' Guest Network'
7. Save
8. Open Cisco Setup
9. Go to router configuration and change desired name. I changed to 'Grizlly Bear'
10. After setup name - go to Guest Setting and Enable. As you can si, your guest network name set as 'Grizlly Bear Guest Network'
11.Exit Cisco Setup
12. Go to web interface setup
13. Setup Wifi manual and change SSID for diferent names. I change 5Gh to 'Grizlly Bear Hi-Speed Network' and 2.4GHz to 'Grizlly Bear Main Network'
14. Setup your hostname for all services (fileserver, media server, etc)
Woala!
We have three diferent names network!
Questions?

In order to enable Guest networking, the AirPort Extreme must be configured as your "main" Internet router. In this configuration, Connection Sharing = Share a Public IP address. The Extreme would be connected directly to the Internet modem and NOT downstream of another router with NAT enabled.
In this configuration, the Guest network would provide access ONLY to the Internet and NOT to your LAN.

Blocking MAC-Address on Cisco Router

Can anyone tell me how to block a particular mac-address on cisco router 2900 series? There are few pc's in the network which i dont want to get them into the network anyhow. Can anyone help me out with this?
Regards,
Abhishek

With your problem-description
There are few pc's in the network which i dont want to get them into the network anyhow
the strategy of using the router to block them is the wrong way because the PCs are already on the network and the blocking has to be done at the entry-points which are the switches.
But if you want to stop them leaving your network on the router by filtering the MAC, you could also use modified QoS-mechanisms:
class-map match-any UNWANTED-PCs
match source-address mac AAAA.BBBB.CCCC
match source-address mac DDDD.EEEE.FFFF
policy-map IN-POLICY
class UNWANTED-PCs
drop
int GigabitEthernet0/0
description LAN-Interface
service-policy input IN-POLICY
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Setting up an HP printer through a cisco router

A friend has just bought a new ibook converting over from the PC world and is trying to set up his HP Deskjet 9300 printer to work with a cisco router. The printer works when set up directly to his G4 ibook but not through the router. We have set the IP addressess so we are getting the router wlan light to flash but the lan light does not come on. I think the problem may be what we have entered in the info fields but but cannot find any information to set me straight. I will be heading over this evening to try to help him again so if anyone has some info that will help it will be appreciated - Thanks in advance

Printing to a network ethernet printer (which has an IP address) from a Mac running OS 10.3.x
http://www.ifelix.co.uk/tech/3005.html

Trouble connecting Cisco router with cable modem for Internet purposes

So I am requesting help from the Cisco community on this issue as the cable company states there equipment is working fine. At all my facilities I have a guest Internet service setup through a local Internet provide to provide Internet services to the residents and guests. I have the cable modem usually a Motorola SBG6580 or a SMC 8014 (both provided by cable company) connected to my router on a FE or GE interface. I am using static IPs and using the cable modem just as a modem (bridge mode). Over the past several months these connections have just stopped working. I have not made any drastic changes to my router configs; however, the cable company has updated the firmware on these modems. I am wondering if that could affected how the modem and router talk. I was told by the cable company that the modem sees the Cisco router but that the port is inactive. My router shows the port is active and traffic passing. Does anyone have any ideas that could point where the problem lies? I will post a basic config to one that currently does not work. I am using a VRF to route a certain group out, using NAT. Please let me know if I need to post additional info. Any help would be greatly appreciated.
Cisco CISCO2911/K9
Version 15.2(3)T1
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1204RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-3.T.bin
boot-end-marker
card type t1 0 0
logging buffered 64000
aaa new-model
aaa session-id common
clock timezone cst -6 0
clock summer-time CDT recurring
no ipv6 cef
no ip source-route
ip vrf 5
rd 5:1
ip multicast-routing
1
ip dhcp pool Guest
vrf 5
network 10.51.XXX.0 255.255.255.0
default-router 10.51.XXX.XXX
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
multilink bundle-name authenticated
application
global
service alternate default
license udi pid CISCO2911/K9 sn FTX1508AHTM
hw-module pvdm 0/0
redundancy
ip tcp synwait-time 10
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding 5
ip address 10.51.xx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/2
description Guest Intenet access
ip vrf forwarding 5
ip address 24.242.182.182 255.255.255.252   <--Cable company IP, Modem IP is 24.242.182.181
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 9 interface GigabitEthernet0/2 vrf 5 overload
ip route vrf 5 0.0.0.0 0.0.0.0 24.242.182.181
access-list 9 permit 10.51.204.0 0.0.0.255

Ok, mysteriously this location just started working yesterday, but I still am dealing with seven others and I really would like to know what is going on. I will give you everything you may need and let me know.
Config:
version 15.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1112RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-1.T.bin
boot-end-marker
aaa new-model
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
no ip source-route
ip vrf GuestVRF
rd 5:1
ip multicast-routing
ip dhcp pool Guest
vrf GuestVRF
network 10.51.112.0 255.255.255.0
default-router 10.51.112.1
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
application
global
service alternate default
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding GuestVRF
ip address 10.51.112.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
description Guest Internet (Time Warner Connection)
ip vrf forwarding GuestVRF
ip address 97.77.116.234 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
ip nat inside source list 5 interface GigabitEthernet0/1 vrf GuestVRF overload
ip route vrf GuestVRF 0.0.0.0 0.0.0.0 97.77.116.233
access-list 5 permit 10.51.112.0 0.0.0.255
control-plane
end
router#sh ip arp vrf GuestVRF
router#Internet 97.77.116.233           2   f80b.bee7.e09f ARPA   GigabitEthernet0/1
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 97.77.116.234           -   8843.e13c.8d99 ARPA   GigabitEthernet0/1
router#ping vrf GuestVRF 97.77.116.233
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 97.77.116.233, timeout is 2 seconds:
Success rate is 0 percent (0/5)
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:10
Input queue: 76/75/15/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
     81 packets input, 4860 bytes, 0 no buffer
     Received 81 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 12 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     16 packets output, 1193 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:42
Input queue: 76/75/67/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 1000 bits/sec, 2 packets/sec
     408 packets input, 24480 bytes, 0 no buffer
     Received 408 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 61 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     72 packets output, 5669 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
I am receiving packets in and out of the interface but I cannot ping the modem through the VRF.
router#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
udp 97.77.116.234:3169 10.51.112.39:3169 209.18.47.62:53    209.18.47.62:53
udp 97.77.116.234:8534 10.51.112.39:8534 209.18.47.61:53    209.18.47.61:53
udp 97.77.116.234:12244 10.51.112.39:12244 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:14002 10.51.112.39:14002 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:23623 10.51.112.39:23623 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:24489 10.51.112.39:24489 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:24550 10.51.112.39:24550 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:27458 10.51.112.39:27458 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:28603 10.51.112.39:28603 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:37404 10.51.112.39:37404 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:53942 10.51.112.39:53942 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:58125 10.51.112.39:58125 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:64797 10.51.112.39:64797 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:62342 10.51.112.52:62342 209.18.47.62:53   209.18.47.62:53
tcp 97.77.116.234:36559 10.51.112.69:36559 199.167.177.46:1227 199.167.177.46:1227
tcp 97.77.116.234:48895 10.51.112.69:48895 54.195.253.126:5223 54.195.253.126:5223
tcp 97.77.116.234:58385 10.51.112.69:58385 54.195.243.137:5223 54.195.243.137:5223
Pro Inside global      Inside local       Outside local      Outside global
tcp 97.77.116.234:58658 10.51.112.71:58658 31.13.66.165:443 31.13.66.165:443
udp 97.77.116.234:3066 10.51.112.72:3066 209.18.47.62:53    209.18.47.62:53
udp 97.77.116.234:3884 10.51.112.72:3884 209.18.47.61:53    209.18.47.61:53
udp 97.77.116.234:6656 10.51.112.72:6656 209.18.47.61:53    209.18.47.61:53
udp 97.77.116.234:11194 10.51.112.72:11194 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:11774 10.51.112.72:11774 209.18.47.62:53   209.18.47.62:53
Let me know if you need anything else. I need to figure this out and I just don't get it because the other site wasn't working a few days ago and all of a sudden it is working again but others are still not.

Cisco Router 2901,voice bundle 4FXO

Need Cisco Part no. for Cisco Router 2901,voice bundle 4FXO
email me [email protected]

Flavio,
It looks like you are missing the "ccm-manager mgcp" command in the global configuration mode.
To enable the gateway to communicate with Cisco CallManager through the Media Gateway Control Protocol (MGCP) and to supply redundant control agent services, use the ccm-manager mgcp command in global configuration mode.
http://www.cisco.com/en/US/docs/ios/12_3t/voice/command/reference/vrht_c4_ps5207_TSD_Products_Command_Reference_Chapter.html#wp1072910
Do a mgcp / no mgcp once its added. Make sure that the domain name on cucm is the same as it appears in the 'show ccm-manager' output on the gateway. If the issue persists, please post show tech as requested earlier.
HTH
Manish

Can I connect a device to get added LAN ports for my Airport Extreme?

Can I connect an added device to my styetem to get added LAN ports for my Airport Extreme Router system?
Mark Edwards

Connect a Gigabit Ethernet switch to any of the 3 Ethenret ports on the AirPort Extreme to add as many ports as you need.
Switches come in 5-port, 8-port, 16-port, etc versions.
Your local computer/electronics superstore will have what you need.

Cisco router interface threshold

Hello,
I have a question about getting threshold information out of a specific interface. I have a customer with DSL on a cisco 887 router.
This customer has 2 different pvc's on the ATM0 interface, 2 dialer's (1 for voice, one for data) 2 vlan's (1 for voice, one for data).
What I would like is that the cisco router wil send me a message that only the voice dialer or voice vlan has exceeded it's threshold limit.
I can configure this with the "rmon alarm" command, but then it isn't specific for the voice dialer, it gives me info on both the dialers.
I also tried it with SNMP traps, but this isn't "real-time"
Does anyone know if there is a different solution to solve this?

Sorry, small mistake :-)
Heres my configuration:
event manager applet int-rate-test
event interface name Dialer1 parameter receive_rate_bps entry-op gt entry-val 110000 entry-type rate exit-op lt exit-val 50000 exit-type rate average-factor 1 poll-interval 1
snmp-server community G***** RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps envmon
snmp-server enable traps c3g
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps mac-notification
snmp-server enable traps energywise
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bfd
snmp-server enable traps memory bufferpeak
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps cpu threshold
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps firewall serverstatus
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host *.*.*.30 G****
interface Dialer1
description tbv Internet KPN-lijn
ip address negotiated
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname test-vdsl-inet
ppp chap password 7 051F031C3501580D0A095A1B050910
ppp pap sent-username test-vdsl-inet password 7 111D1C16035F1D081726662D263621
no cdp enable
When I download something from the internet it only shows the interface bandwidth usage stats every 5min. I'm not getting any event messages to my Zenoss server that a threshold has been reached or anything like that.
I have attached a file with the results.

Vlans and cisco router

I have a netgear managed switch and a cisco 1750 router. I would like to set up 2 vlans. the first one is a wan, with a residential cable model connected to it. the other vlan is for my private lan. I will then have the cisco router connected to one port on the switch set up as a trunk. I'm no pro, but from what I've read so far, it should work that way, right? the part I need help with is setting up the cisco router as a gateway and dns proxy, accepting the dynamic ip, gateway, and dns addresses from the cable modem.
I did see this http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Getting%20Started%20with%20LANs&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddcef50
router in a stick *write that down* so my setup should work if I can figure out the router configuration. a good online tutorial or something would be helpful for this. I have plenty of cisco books, but maybe something for dummies would help me get started, before digging into the tough stuff.

In order to set up inter vlan routing or a "router on a stick" with a netgear switch you will need a router that supports IEEE 802.1q VLAN Support.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/8021q.htm#28767
On the router interface that is "trunked" to the switch you will need to have a configuration that looks like the what I have below.
Router(config)#interface FastEthernet0/1.1
Router(config-subif)#encapsulation dot1Q 1 native
Router(config-subif)#ip address 10.xx.xx.16 255.255.255.xxx
Router(config-subif)#interface FastEthernet0/1.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 10.xx.xx.130 255.255.255.xxx
The sub-interface 1."2" corresponds to the vlan id on the trunk. In this case the .2 is vlan 2.
I have attahced a link that exlains the intricate details on inter vlan routing below:
http://www.cisco.com/warp/public/473/50.shtml
Lastly you may want to check the Cisco IOS feature Navigator. I was looking at it and I did not see that the 1750 has IEEE 802.1q VLAN Support. It looks like the 1751 is the first platform in the 1700 series that does.

Adding lan pool to cisco router

Similar Messages

Maybe you are looking for