CCTV On 1941 Router
Hi all
got a tricky for me here
i have some public ip's from BT one for my router and another for my DVR for the cameras at works. our old shitty BT home hub used a DMZ for the cameras so we could access them from our phones etc. now i upgraded us to a 1941 adsl joby. and everything is fine except i cant get the cameras to work.
is this some thing in the access list i'm missing??
as you will see from the config i'm still only learning so its quite messy im sure, but please have a look and let me know your views.
Ethnet-HQ(config-if)#do sh run
Building configuration...
Current configuration : 2353 bytes
! Last configuration change at 18:43:00 gmt Wed Nov 20 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Ethnet-HQ
boot-start-marker
boot-end-marker
enable secret 5 $1$..OH$obVwN..K3Jf8blsgWTHps0
no aaa new-model
clock timezone gmt 0
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp pool Ethnet-LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 194.72.0.114 62.6.40.178
ip dhcp pool LAN-NO-VPN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1 255.255.255.0
dns-server 8.8.8.8
lease infinite
ip cef
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group pppoe
license udi pid CISCO1841 sn FCZ122372H9
interface FastEthernet0/0
description Ethnet LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
interface FastEthernet0/1
description Ethnet LAN no VPN
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/38
pppoe-client dial-pool-number 1
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
interface Dialer1
mtu 1458
ip address 217.#.96.137 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname ##########
ppp chap password 0 #########
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat pool BT-Statics 217.#.96.137 217.#.96.141 netmask 255.255.255.248
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 1 permit 192.168.0.1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 217.#.96.136 0.0.0.7
control-plane
banner motd ^C###########
line con 0
password 7 020E055759565F2E5C43
logging synchronous
login
line aux 0
password 7 1101180945425B031427
login
line vty 0 4
exec-timeout 0 0
password 7 060E0E2D1E1E5916151A
login
transport input all
scheduler allocate 20000 1000
end
thanks for taking the time to look and i currently dont use fa0/1 and the VPN config doesnt work (altho would be nice if it did )
Bump
Sent from Cisco Technical Support iPad App
Similar Messages
-
Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: From the Switch I can Ping a device in another VLAN, that device cannot ping back. Some devices can ping devices in other VLANs and the device in the other VLAN can successfully return the Ping. Have a look at the attached diagram.
Router Config:
show run
Building configuration...
Current configuration : 7224 bytes
! Last configuration change at 09:05:48 EDT Wed Aug 6 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname ROUTER
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -8 0
ip cef
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9
object-group network Net_Obj_Group1
description This network group allows all 10.0.0.0 and Email Forwarder server through to the Plt PCs
205.191.0.0 255.255.0.0
10.0.0.0 255.0.0.0
object-group network Net_Obj_Group2
description This Network Group includes the Host IPs allowed through the Plant Router
host 10.194.28.23
host 10.194.28.25
host 10.194.28.26
host 10.194.28.27
host 10.194.28.28
host 10.194.28.29
host 10.194.28.37
host 10.194.28.39
host 10.194.28.40
host 10.194.28.70
host 10.194.28.130
host 10.194.28.131
host 10.194.28.132
host 10.194.28.133
host 10.194.28.134
host 10.194.28.135
host 10.194.28.136
host 10.194.28.137
host 10.194.28.138
host 10.194.28.139
host 10.194.28.140
host 10.194.28.141
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Port Ge0/0 to IT Enterprise network Switch GE1/0/38
ip address 10.194.28.111 255.255.255.0
ip access-group 105 in
ip access-group 106 out
ip nat outside
ip virtual-reassembly in
shutdown
duplex full
speed auto
no mop enabled
interface GigabitEthernet0/1
description Port to Plant PCN-K/L24 Sw1 Port 0/24
no ip address
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1.102
description Port to VLAN 102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.104
description Port to VLAN 104
encapsulation dot1Q 104
ip address 192.168.104.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.105
description Port to VLAN 105
encapsulation dot1Q 105
ip address 192.168.105.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.106
description Port to VLAN 106
encapsulation dot1Q 106
ip address 192.168.106.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.107
description Port to VLAN 107
encapsulation dot1Q 107
ip address 192.168.107.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.111
description Port to VLAN 111
encapsulation dot1Q 111
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.117
description Port to VLAN 117
encapsulation dot1Q 117
ip address 192.168.117.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.121
description Port to VLAN 121
encapsulation dot1Q 121
ip address 192.168.121.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.125
description Port to VLAN 125
encapsulation dot1Q 125
ip address 192.168.125.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.150
description Port to to VLAN 150
encapsulation dot1Q 150
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.999
description Port to VLAN 999
encapsulation dot1Q 999
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source static 192.168.102.201 10.194.28.23
ip nat inside source static 192.168.121.201 10.194.28.25
ip nat inside source static 192.168.106.251 10.194.28.26
ip nat inside source static 192.168.107.245 10.194.28.27
ip nat inside source static 192.168.102.251 10.194.28.28
ip nat inside source static 192.168.150.201 10.194.28.29
ip nat inside source static 192.168.107.179 10.194.28.37
ip nat inside source static 192.168.111.201 10.194.28.39
ip nat inside source static 192.168.105.201 10.194.28.40
ip nat inside source static 192.168.106.21 10.194.28.70
ip nat inside source static 192.168.107.146 10.194.28.130
ip nat inside source static 192.168.107.156 10.194.28.131
ip nat inside source static 192.168.107.161 10.194.28.132
ip nat inside source static 192.168.107.181 10.194.28.133
ip nat inside source static 192.168.107.191 10.194.28.134
ip nat inside source static 192.168.106.202 10.194.28.135
ip nat inside source static 192.168.106.212 10.194.28.136
ip nat inside source static 192.168.117.190 10.194.28.137
ip nat inside source static 192.168.117.100 10.194.28.138
ip nat inside source static 192.168.106.242 10.194.28.139
ip nat inside source static 192.168.125.100 10.194.28.140
ip nat inside source static 192.168.125.99 10.194.28.141
ip nat outside source static 10.194.28.23 10.194.28.23
ip nat outside source static 10.194.28.25 10.194.28.25
ip nat outside source static 10.194.28.26 10.194.28.26
ip nat outside source static 10.194.28.27 10.194.28.27
ip nat outside source static 10.194.28.28 10.194.28.28
ip nat outside source static 10.194.28.29 10.194.28.29
ip nat outside source static 10.194.28.37 10.194.28.37
ip nat outside source static 10.194.28.39 10.194.28.39
ip nat outside source static 10.194.28.40 10.194.28.40
ip nat outside source static 10.194.28.70 10.194.28.70
ip nat outside source static 10.194.28.130 10.194.28.130
ip nat outside source static 10.194.28.131 10.194.28.131
ip nat outside source static 10.194.28.132 10.194.28.132
ip nat outside source static 10.194.28.133 10.194.28.133
ip nat outside source static 10.194.28.134 10.194.28.134
ip nat outside source static 10.194.28.135 10.194.28.135
ip nat outside source static 10.194.28.136 10.194.28.136
ip nat outside source static 10.194.28.137 10.194.28.137
ip nat outside source static 10.194.28.138 10.194.28.138
ip nat outside source static 10.194.28.139 10.194.28.139
ip nat outside source static 10.194.28.140 10.194.28.140
ip nat outside source static 10.194.28.141 10.194.28.141
ip route 0.0.0.0 0.0.0.0 10.194.28.1
access-list 105 permit ip object-group Net_Obj_Group1 object-group Net_Obj_Group2
access-list 106 permit ip object-group Net_Obj_Group2 object-group Net_Obj_Group1
dialer-list 1 protocol ip permit
control-plane
banner login ^CC
Login banner for Plant Router #01^C
banner motd ^CC
MOTD Banner for Plant Router^C
line con 0
password XXXXXXXXX
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXXXXX
logging synchronous
login
transport input all
scheduler allocate 20000 1000
ntp server 10.199.100.92
end
Switch Config:
sh ru
Building configuration...
Current configuration : 6513 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname K24Sw01
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
udld aggressive
crypto pki trustpoint TP-self-signed-593746944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-593746944
revocation-check none
rsakeypair TP-self-signed-593746944
4B58BCE9 44
quit
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0
no ip address
interface GigabitEthernet0/1
description Trunk port for vlans 105, 111, 125 and 999 from K24Sw01 port Ge0/1 to P22Sw01 port Ge0/24
switchport trunk allowed vlan 105,111,125,999
switchport mode trunk
interface GigabitEthernet0/2
description Trunk port for vlans 150 and 999 from K24Sw01 port Ge0/2 to N25Sw01 port Ge0/26
switchport trunk allowed vlan 150,999
switchport mode trunk
interface GigabitEthernet0/3
description Trunk port for vlans 102, 104, 106, 107, 117 and 999 from K24Sw01 port Ge0/3 to K28Sw01 port Ge0/26
switchport trunk allowed vlan 102,104,106,107,117,999
switchport mode trunk
interface GigabitEthernet0/4
description Trunk port for vlans 102, 106, 107 and 999 from K24Sw01 port Ge0/4 to H23Sw01 port Ge0/26
switchport trunk allowed vlan 102,106,107,999
switchport mode trunk
interface GigabitEthernet0/5
description Trunk port for vlans 121, 125 and 999 from K24Sw01 port Ge0/5 to M21Sw01 port Ge0/24
switchport trunk allowed vlan 121,125,999
switchport mode trunk
interface GigabitEthernet0/6
description OPEN
spanning-tree portfast
interface GigabitEthernet0/7
description OPEN
spanning-tree portfast
interface GigabitEthernet0/8
description OPEN
spanning-tree portfast
interface GigabitEthernet0/9
description OPEN
spanning-tree portfast
interface GigabitEthernet0/10
description VLan 102 access port
switchport access vlan 102
spanning-tree portfast
interface GigabitEthernet0/11
description - VLan 104 access port
switchport access vlan 104
spanning-tree portfast
interface GigabitEthernet0/12
description - VLan 105 access port
switchport access vlan 105
spanning-tree portfast
interface GigabitEthernet0/13
description - VLan 106 access port
switchport access vlan 106
spanning-tree portfast
interface GigabitEthernet0/14
description - VLan 107 access port
switchport access vlan 107
spanning-tree portfast
interface GigabitEthernet0/15
description - VLan 111 access port
switchport access vlan 111
spanning-tree portfast
interface GigabitEthernet0/16
description - VLan 117 access port
switchport access vlan 117
spanning-tree portfast
interface GigabitEthernet0/17
description - VLan 121 access port
switchport access vlan 121
spanning-tree portfast
interface GigabitEthernet0/18
description - VLan 125 access port
switchport access vlan 125
spanning-tree portfast
interface GigabitEthernet0/19
description - VLan 150 access port
switchport access vlan 150
spanning-tree portfast
interface GigabitEthernet0/20
description - VLan 999 access port
switchport access vlan 999
spanning-tree portfast
interface GigabitEthernet0/21
description OPEN
spanning-tree portfast
interface GigabitEthernet0/22
description OPEN
spanning-tree portfast
interface GigabitEthernet0/23
description OPEN
spanning-tree portfast
interface GigabitEthernet0/24
description From ROUTER Gw ge0/1
switchport trunk allowed vlan 102,104-107,111,117,121,125,150,999
switchport mode trunk
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface Vlan1
no ip address
no ip route-cache
shutdown
interface Vlan102
ip address 192.168.102.253 255.255.255.0
interface Vlan104
no ip address
no ip route-cache
interface Vlan105
no ip address
no ip route-cache
interface Vlan106
no ip address
no ip route-cache
interface Vlan107
no ip address
no ip route-cache
interface Vlan111
no ip address
no ip route-cache
interface Vlan117
no ip address
no ip route-cache
interface Vlan121
no ip address
no ip route-cache
interface Vlan125
no ip address
no ip route-cache
interface Vlan150
no ip address
no ip route-cache
interface Vlan999
no ip address
no ip route-cache
ip default-gateway 192.168.102.1
ip http server
ip http secure-server
snmp-server engineID local 00000009020000019634C2C0
snmp-server community public RO
snmp-server location
snmp-server contact
banner motd ^CCC ADMIN USE ONLY! ^C
line con 0
session-timeout 10
password xxxxxx
logging synchronous
login
stopbits 1
line vty 0 4
session-timeout 10
password xxxxxxx
login
line vty 5 15
session-timeout 10
password xxxxxxxx
login
ntp server 10.199.100.92
end
K24Sw01#HI Mark,
Here is the my config:
Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface
Router(config)#interface f0/0
Router(config-if)#no shutdown
(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)
Router(config)#interface f0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#interface f0/0.20
Router(config-subif)#encapsulation dot11 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
(Note: In the “encapsulation dot1q 10″ command, 10 is the VLAN ID this interface operates in)
Configure VLAN
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH
Set ports to access mode & assign ports to VLAN
Switch(config)#interface range fa0/1
Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 15
Switch(config-if)#interface range fa0/3
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)#interface range fa0/5
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk
1. Please check all your port are up.
2. Check the config once again.
3. Make sure the swicth and router connection port configured as trunk and it should be up.
This config is working for me,
Regards
Dont forget to rate helpful posts. -
Setup 1941 router with cable modem and 2 vlan?
hello everyone,
i need a little help setting up my new 1941 router with cable modem using 2 vlns.
this is what i have:
1- 1941 router configured as g0/0 wan port facing isp configured as (dhcp). g0/1 is lan facing the switch (192.168.1.1)
dhcp pool (192.168.1.x)
2- sg300-28pp switch.
3- wap371 AP/ 11pcs..
now everything is working perfect except sometimes we have more than 250 to 300 people trying to connect to the wifi, the router will have no enough ip addresses.
i heard that i can setup 2 vlans to solve this problem? and is there any setup that i have to do on switch and Access points?
please i will appreciate any little help
Regardshello Andre Neethling i added network 192.168.0.0 255.255.254.0 to dhcp pool config and it seems that it is working but i am concern that i am going to have problem in the future so please take a look at the running config and let me know if i have everything done right. also we want to order static ip address from the provider for our security camera system and we will not longer receive dhcp ip from them and my router setup is to receive it as dhcp on g0/0 so what i should do about changing the settings on g0/0?
i appreciate your help
Building configuration...
Current configuration : 1163 bytes
! Last configuration change at 00:46:35 UTC Wed Apr 15 2015
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Abdullah
boot-start-marker
boot-end-marker
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp pool Local
import all
network 192.168.0.0 255.255.254.0
default-router 192.168.1.1
multilink bundle-name authenticated
license udi pid CISCO1941/K9 sn FTX1523022E
redundancy
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
control-plane
line con 0
line aux 0
line vty 0 4
login
scheduler allocate 20000 1000
end -
VPN Session Logging on a 1941 Router
Hello... I have a 1941 ISR, configured for local login authentication (i.e., no Radius or TACACS servers). WebVPN is configured on this router and users use Cisco AnyConnect client software exclusively. I would like to log all VPN connection attempts, both successful and unsuccessful. What's the best way to accomplish this?
Hello... I have a 1941 ISR, configured for local login authentication (i.e., no Radius or TACACS servers). WebVPN is configured on this router and users use Cisco AnyConnect client software exclusively. I would like to log all VPN connection attempts, both successful and unsuccessful. What's the best way to accomplish this?
-
We have three vlans, all class C’s, on a switch which is trunked to a router on port fa 0/1.
All vlans route nicely.
I have one device, and no others, in each 192.168.x.x network that I want to reach (Network Address Translation) via the 10.199.110.0 network. No other communications is required to or from the 10.199.110.0 network:
192.168.20.30 (personal computer) <--NAT--> 10.199.110.91
192.168.40.30 (personal computer) <--NAT--> 10.199.110.92
192.168.60.30 (personal computer) <--NAT--> 10.199.110.93
Router config:
interface FastEthernet0/0
ip address 10.199.110.90 255.255.255.0
ip nat outside
duplex full
speed auto
no mop enabled
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.40
encapsulation dot1Q 40
ip address 192.168.40.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.60
encapsulation dot1Q 60
ip address 192.168.60.254 255.255.255.0
ip nat inside
Any questions or ideas?Hi Jon,
We got the problem fixed:
interface FastEthernet0/0
ip address 10.199.110.90 255.255.255.0
ip access-group 101 in
ip access-group 102 out
ip nat outside
duplex full
speed auto
no mop enabled
interface FastEthernet0/1
no ip address
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.40
encapsulation dot1Q 40
ip address 192.168.40.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.60
encapsulation dot1Q 60
ip address 192.168.60.254 255.255.255.0
ip nat inside
ip classless
ip http server
no ip http secure-server
ip nat inside source static 192.168.20.30 10.199.110.91
ip nat inside source static 192.168.40.30 10.199.110.92
ip nat inside source static 192.168.60.30 10.199.110.93
ip nat outside source static 10.199.110.91 10.199.110.91
ip nat outside source static 10.199.110.92 10.199.110.92
ip nat outside source static 10.199.110.93 10.199.110.93
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.91
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.92
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.93
access-list 102 permit ip host 10.199.110.93 10.0.0.0 0.255.255.255
access-list 102 permit ip host 10.199.110.91 10.0.0.0 0.255.255.255
access-list 102 permit ip host 10.199.110.92 10.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
Thanks again
Tom -
Hello,
As I am looking days already to find a good guide or manual... I cannot find how to install a WAN port on int g0/0..
Everything I try is not working. From things I've read I tried also not working sadly.
Is there anyone who has a good manual/tutorial on this?
Or can guide me through in a small step per step guide.
Kind Regards,
SvenHello John,
This works.. But I still don't have any internet connection. Limited acces:
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9 sn FCZ18139130
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 20.30.40.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end
I configured my pc in the range of 20.30.40.50
255.255.255.0
20.30.40.1
Thanks -
IPv6 NAT command not working on Cisco 1941 ISR
Dear All,
I am using a Cisco 1941 router with IPbase image .I am not able to configure NAT-PT on this router.
when I type ipv6 i am not able to see the nat command after that.
Do I need to do something different.
ANy suggestion here will be helpful.
EnstageTESTBED#sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M6a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 15-Apr-14 03:31 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
EnstageTESTBED uptime is 3 days, 23 hours, 20 minutes
System returned to ROM by power-on
System image file is "flash0:c1900-universalk9-mz.SPA.152-4.M6a.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FGL183923D1
2 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 CISCO1941/K9 FGL183923D1
Technology Package License Information for Module:'c1900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security None None None
data None None None
Configuration register is 0x2102
EnstageTESTBED#
Thanks
Loganathan .KMaybe this will help?
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html
Do you wish to nat the ipv6 to an ipv4 address? -
Hi ALL,
I bought a 1941 router and when I access CCP webpage, and it will show 404 error.
Router#sh run
Building configuration...
Current configuration : 3686 bytes
! Last configuration change at 13:50:10 WST Mon Sep 8 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
hostname Router
boot-start-marker
boot system flash0:
boot-end-marker
enable secret 5.
no aaa new-model
clock timezone WST 8 0
ip cef
ip dhcp excluded-address 172.16.1.1 172.16.1.49
ip dhcp excluded-address 172.16.1.101 172.16.1.255
ip name-server
ip name-server
ip accounting-list 0.0.0.1 255.255.255.0
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3153235583
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3153235583
revocation-check none
rsakeypair TP-self-signed-3153235583
crypto pki certificate chain TP-self-signed-3153235583
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313533 32333535 3833301E 170D3134 30393036 30313537
31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353332
33353538 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BE35 AB98FEDE 104699D8 15B321C0 0370CA76 6C698649 3EA4DCB8 C0AA164C
FF890253 520433F0 F858D1BB E1C1B3C8 ACCFADF2 A818A05F 96FD71B1 A72CAC68
6E5933F8 8DE59FB7 0F140911 F0FBC107 AA968117 13252DE0 4362CE8B ADCDB1BC
AEF32B2E AB537AEF EFEE9A15 8D522DF3 BFC1F414 75719E7C FA6B89F5 F436ECEA
39550203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1418DA36 0ECF1B1C 07E1904E 9C4D3922 E3FCD676 FF301D06
03551D0E 04160414 18DA360E CF1B1C07 E1904E9C 4D3922E3 FCD676FF 300D0609
2A864886 F70D0101 05050003 81810040 BE6A13CA 8475AF21 E10CA5BF C4FE63DA
5367E7B8 DDDF72A2 9EFB425C 90794E8B 8F1F5081 242B412C A6F906E3 52940647
536D15F4 9B413B5F 360FA309 ADA17361 E4D10E90 61402B5E 67A747E6 328D1081
AB1BA895 E9742790 89FD8B5A D5435423 053F0F24 F9AB5C4E F482F431 4DE40B79
6DBA709E 3A395581 85D074E2 554C1E
quit
license udi pid CISCO1941/K9 sn
username privilege 15 secret 5
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description DSL interface
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/1
description internal interface
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in max-reassemblies 1024
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 0
ppp pap sent-username password 0
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip access-list extended DSL_ACCESSLIST
permit ip 172.16.1.0 0.0.0.255 any
control-plane
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
line vty 5 15
login
transport input none
scheduler allocate 20000 1000
endhard reset your phone and free up some memory.
-
Port forwarding 1941 and Comcast
I have my 1941 router connected to my Comcast Modem on G0/0. I have a 3560 connected to G0/1. The router is handling my DHCP duties.
I have a HAI Omnipro ii (Security/Home Automation) that I would like to access remotely. It has an IP address of 172.31.101.10 and uses port 4369.
I am at a loss on how to configure remote access to my OmniPro. If I browse to "WhatIsMyIp" it shows it being 98.224.42.53.
But when I configured the router I used the following.
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 172.31.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat source list 101 interface GigabitEthernet0/0 overload
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 67.190.192.1
access-list 101 permit ip any any
access-list 101 permit ip 172.31.101.0 0.0.0.255 any
Can someone point me in the right direction?
Thank you,Hi ,
The IP address which you see in your browser ( f I browse to "WhatIsMyIp" it shows it being 98.224.42.53.) is not going to be static for you all the time , whenever you reboot the router or service restart their modem the IP address assigned to you will be lost .
with below ip address you can do port-forwarding but this will not be permanent this will work for short time until IP address is assigned to you , Use below command on your router
ip nat inside source static tcp 172.31.101.10 4369 98.224.42.53 4369
HTH
Sandy
ip nat inside source static tcp 172.31.101.10 4369 171.68.1.1 80 extendable -
Configuration of Broadband coonection on router
Dear Team,
I am having two ISp in my office one is Hathway leased line and another is TATA broadband.
recently i have purchased cisco 1941 router.in which i have configured the hathway as a primary isp.after all the configuration users can get the
internet through router . i,e from hathway.
now my issue is that,i am having TATA broadband connection,which is configured on Netgear ADSL router with the username and password.dont have static ip for broadband.
now i want to configure this connection on router through ethernet .
so that i ahev given the 192.168.2.2 ip to modem and 192.168.2.1 ip to router fast ethernet port.
also give the default route 0.0.0.0 0.0.0.0 192.168.2.2 200
still i amnot getting the internet through tata,if hathway goes downBelow is the configuration of router:
interface GigabitEthernet0/0
ip address 125.99.113.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/0
description connected to tata ISP on netgear DSL modem
ip address 192.168.2.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static 192.168.1.119 125.99.96.166
ip route 0.0.0.0 0.0.0.0 125.99.113.1
ip route 0.0.0.0 0.0.0.0 192.168.2.2 200
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
my internal network is 192.168.1.0 /24 with the gateway 192.168.1.254
please assist me on the same -
How access Office LAN via Cisco Router & Switches HELP!!
Hello everyone!
For starters I am no Cisco guru but at least find my way around a few things here and there.
I work as the IT dude for a company with two branches at different geolocations.
Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN [192.168.1/24]
I have three questions.
1. How do I access for example the File Server on the Corporate LAN from home?
2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
Thank you very much.Hello everyone!
For starters I am no Cisco guru but at least find my way around a few things here and there.
I work as the IT dude for a company with two branches at different geolocations.
Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN [192.168.1/24]
I have three questions.
1. How do I access for example the File Server on the Corporate LAN from home?
2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
Thank you very much. -
Hello,
I have a 1941 router with a basic license that is used at home. The WAN uses DDNS from the ISP, which the router is configured to update. I am running a simple webserver
I would like to use my iphone to VPN into the home network. Which would serve my purposes better: purchasing a securtiy license for the 1941, or going with an ASA5505? thanksThat's great. Is the problem that you cannot ping just the LAN interface or can you not ping any host on the remote end at all?
You'll at least need to set the mode to "network-extension-mode". You might need firewall rules to allow the traffic. You also might need to set "management-access" to your inside interface. -
VPN Connects but unable to access internal devices
Thank you in advance for any assistance that can be provided.
I am using AnyConnect to create a VPN with an ASA 5505. Once connected, the client needs to access a device behind a 1941 router.
Internally, (not using VPN), all my routing is working correctly. My VPN client can connect and when I put a route on my 1941 router, I am able to ping that particular device. But my VPN client cannot appear to ping anything else, either the devices on the same internal range as the ASA 5505 or anything past the 1941.
VPN Client ASA 5505 Workstation 1941 Router Far Device
192.168.201.20 -----> Outside IP x.x.x.x // Internal 192.168.101.1 192.168.101.56 192.168.101.2 // 192.168.8.1 192.168.8.150
Client connects and get IP from ASA
Cannot ping this Cannot ping this
Can ping internal IP of 1941
*(after creating a static route)
I have been playing around with my configuration extensively to try and make this work. Split-tunneling is enabled and is required.
Here is my current config:
hostnameMYHOST
enable password mUUvr2NINofYuSh2 encrypted
passwd UNDrnIuGV0tAPtz2 encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
switchport access vlan 7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.101.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.0.0
interface Vlan7
no forward interface Vlan1
nameif DMZ
security-level 20
ip address 137.57.183.1 255.255.255.0
ftp mode passive
clock timezone MST -7
dns domain-lookup outside
object-group network obj_any_dmz
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 any
access-list nonat extended permit ip 192.168.201.0 255.255.255.0 any
access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip local pool Internal_Range 192.168.101.125-192.168.101.130 mask 255.255.255.0
ip local pool vpn_pool 192.168.201.20-192.168.201.30 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ) 10 137.57.183.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 192.168.8.0 255.255.255.0 192.168.101.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable 64000
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=MYHOST
keypair ClientX_cert
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 0f817951
308201e7 30820150 a0030201 0202040f 81795130 0d06092a 864886f7 0d010105
05003038 31173015 06035504 03130e41 494d452d 56504e2d 42415455 53311d30
1b06092a 864886f7 0d010902 160e4149 4d452d56 504e2d42 41545553 301e170d
31333036 32373137 32393335 5a170d32 33303632 35313732 3933355a 30383117
30150603 55040313 0e41494d 452d5650 4e2d4241 54555331 1d301b06 092a8648
86f70d01 0902160e 41494d45 2d56504e 2d424154 55533081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 818100c9 ff840bf4 cfb8d394 2c940430
1887f25a 49038aa0 1299cf10 bda2a436 227dcdbf f1c5566b c35c2f19 8b3514d3
4e24f5b1 c8840e8c 60e2b39d bdc0082f 08cce525 97ffefba d42bb087 81b9adb9
db0a8b2f b643e651 d17cd6f8 f67297f2 d785ef46 c3acbb39 615e1ef1 23db072c
783fe112 acd6dc80 dc38e94b 6e56fe94 d59d5d02 03010001 300d0609 2a864886
f70d0101 05050003 8181007e 29e90ea0 e337976e 9006bc02 402fd58a a1d30fe8
b2c1ab49 a1828ee0 488d1d2f 1dc5d150 3ed85f09 54f099b2 064cd622 dc3d3821
fca46c69 62231fd2 6e396cd1 7ef586f9 f41205af c2199174 3c5ee887 42b684c9
7f4d2045 4742adb5 d70c3805 4ad13191 8d802bbc b2bcd8c7 8eec111b 761d89f3
63ebd49d 30dd06f4 e0fa25
quit
crypto isakmp enable outside
crypto isakmp policy 40
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 DMZ
ssh timeout 10
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl trust-point ASDM_TrustPoint1 outside
webvpn
enable outside
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy ClientX_access internal
group-policy ClientX_access attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunneling
default-domain value access.local
address-pools value vpn_pool
ipv6-address-pools none
webvpn
svc mtu 1406
svc rekey time none
svc rekey method ssl
username ClientX password ykAxQ227nzontdIh encrypted privilege 15
username ClientX attributes
vpn-group-policy ClientX_access
service-type admin
tunnel-group ClientX type remote-access
tunnel-group ClientX general-attributes
address-pool Internal_Range
default-group-policy ClientX_access
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy ClientX_access
tunnel-group ClientX_access type remote-access
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:da38065247f7334a5408b7ada3af29ae
: endok, lets go on ... ;-)
Split-Tunneling: The ACL must include all networks you want to reach through the VPN:
access-list split-tunneling standard permit 192.168.101.0 255.255.255.0
access-list split-tunneling standard permit 192.168.8.0 255.255.255.0
NAT: Don't use "any" in the nat-exemption, but specify all traffic that should not be natted:
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 192.168.201.0 255.255.255.0
access-list nonat extended permit ip 192.168.8.0 255.255.255.0 192.168.201.0 255.255.255.0
Routing: The 1941 needs a route for the vpn-pool pointing to the ASA (just in case there is no default route to the ASA)
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Is there a fix for bug CSCsk86712 on Cisco IOS routers?
I have a Cisco 1941 router running IOS version 15.0 (1r) M16. I am trying to open a range of udp ports but I was told by Cisco TAC that the router won't do it because of this bug on the software. Any suggestions would be great.
Hi pratikjac,
I'm sorry to report there are no planned releases to fix this bug. Unfortunately, the only way to open a range of ports is by entering them in manually.
For your reference:
https://tools.cisco.com/bugsearch/bug/CSCsk86712/ -
Logging persistent url not working on 1921
Hi All
I am unable to configure logging persistence on a 1921. Is this due to the internal arrangement of flash memory and the fact it is present as usbflash0:/ and not flash:/?
I understand logging buffered needs to be configured first and I have done that. I am running 15.1(4)M6 and here is what happens when I try and configure this feature:
On a 1921:
Router(config)#logging persistent url ?
% Unrecognized command
Router(config)#logging persistent ?
batch Set batch size for writing to persistent storage
filesize Set size of individual log files
immediate Write log entry to storage immediately (no buffering).
notify Notify when show logging [persistent] is activated.
protected Eliminates manipulation on logging-persistent files.
size Set disk space for writing log messages
threshold Set threshold for logging persistent
url URL to store logging messages
<cr>
On a 1941:
Router(config)#logging persistent url ?
flash0: Filesystem name
flash1: Filesystem name
flash: Filesystem name
Any ideas?Single Sign-on and single sign-off methods are much different in 10g family of OAS than from those in 9iAS.
There are internal redirections involved in 10g family, and 10.1.4 has even a little more different method of login and logout than even 10.1.2.0.2.
You will have to notify your logout page in WWSSO_LS_CONFIGURATION_INFO$ in the orasso schema.
hi
1. i cant find table WWSSO_LS_CONFIGURATION_INFO
only WWSSO_LS_CONFIGURATION_INFO_T and
WWSEC_ENABLE_CONFIG_INFO$
was should i do ?
You will have to notify your logout page in WWSSO_LS_CONFIGURATION_INFO$ in the orasso schema.
2. do i have to create a customised logout page?
Ria
Maybe you are looking for
-
Windows 8.1 Automatic repair
Hi, My laptop was running Windows 8.1 when it seems to have suffered (SSD) disk hardware failure. In the course of troubleshooting, I asked windows to do various things include an autorepair, and a reset. Having realised it was hardware failure, I re
-
Hello all, I need to create a report with an additional column named "Remove" so that each record in the report has a check box beside it. In addition to the check boxes, there is a submit button at the end of the report for submission. The goal is t
-
Zebra ZPL II Commands e.g. ^PW in SIFbA ?
Hello. we're using a smartform for label printing on a Zebra GK420T printer. This works fine. Now we had created a new SIFbA form with same functionality. But the output is not satisfying, because the Zebra printer does not use the right print width.
-
SunDS 6.3 "crashes" when do ldapmodify
Hi, We are using Sun DS 6.3, on Redhat, and we have encountered a problem when doing an ldapmodify to add "uniquemember" attribute values to groups. What happens is that SunDS appears to drop the connection, and, basically, doesn't respond to connect
-
Filter on ObjectID using export-fimconfig ?
How can I do a export-fimconfig and get an object based on ObjectId? The below generates "cannot filter as requested" error, where using AccountName does work. I must be missing something simple. Thanks! PS C:\> export-fimconfig -uri $URI -onlyBaseRe