Cisco 1921 replacing Cisco 1811
We're putting a 1921 in a remote data center to replace an 1811, but we can't find out for certain if we need to order new
rack mount ears? It seems like we can use the ears from the 1811 on the 1921, but can't confirm anything.
Does anyone know if this is true?
I managed to get my hands on an 1811 to compare to the 1921. The 1921 is slightly wider, but all the holes match up.
The 1811 uses part#
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
ACS-1800-RM-19 and the 1921 used
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
ACS-1900-RM-19
You are thinking a 1900 switch, they are a full 19" wide so they would fit properly into a rack.
Similar Messages
-
Is it possible to purchase replacement Flash Card that came with the Cisco 1811 Router?
I am in desperate need of a replacement Flash card that came included with the Cisco 1811 Router. I purchased the router used and it was working perfectly. I worked my way through all the information provided at cisco.com and had it pretty much configured the way I wanted it. Until the flash card got destroyed. A little embarassed to go into details how it was destroyed, let's just say my Grandson gave it a bath.
It would be great if I could just purchase a replacement somehow with the IOS and SDM on it without purchasing a Cisco Service Agreement, etc. I purchased the router just to further my "Self Education". I have pretty much conquered all the aspects of the Cisco routers, etc. more or less developed for the Home Office user and moved on to bigger and better things. Since I was able to find a Cisco 1811 in good working condition very inexpensively I decided to go for it.
Help from anyone would sure be appreciated.“Thank you for your question. This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product. Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.”
- Routers ----> Network Infrastructure Forum http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=E0EEC3D9CB4E5165ED16933737822748.SJ3A?page=Network_Infrastructure_discussion -
This is problably a stupid question but how do I open a prot on a cisco 1811? I have a cisco 1811 and a computer that has VNC installed on it. I want to be able to access that computer from out side the network using the external ip address and port 5950. People outside the network will be able to open vnc viewer and type in *external ip address*:5950 and it will be directed to the computer with a static internal ip address of 10.11.101.10. What commands do I use to do this?
Thanks,That didn't work. Here is the new running config:
Building configuration...
Current configuration : 12519 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname *Host Name*
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$3R6c$adcoV0cvM5hTzxOoPBByc0
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1097866965
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1097866965
revocation-check none
rsakeypair TP-self-signed-1097866965
crypto pki certificate chain TP-self-signed-1097866965
certificate self-signed 01
30820256 308201BF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303937 38363639 3635301E 170D3131 30393039 31383130
32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30393738
36363936 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1C3 0B9F3231 E9911C7A 7A84E566 F4530769 16830F32 4A61F775 12CDDB5C
23227963 5A53E5C5 2C0E8945 640DB32C ACD17F1A 2C52EC96 7C274099 5D4BBD26
6E7C4DA9 32C5162B 0A54D437 64B719B9 36904DDA 7B23FC3C E7763F5E BF651874
1870462E FA0ABE9C 37918D53 2B5B13A7 4FADFC9E 1D8B0B64 141733A7 8DC61C03
80E90203 010001A3 7E307C30 0F060355 1D130101 FF040530 030101FF 30290603
551D1104 22302082 1E426F77 5F49736C 616E6453 43414441 2E796F75 72646F6D
61696E2E 636F6D30 1F060355 1D230418 30168014 0AEF8942 249D4EF1 A18B1BA6
389822CB 16CB4922 301D0603 551D0E04 1604140A EF894224 9D4EF1A1 8B1BA638
9822CB16 CB492230 0D06092A 864886F7 0D010104 05000381 81008DC2 DFF3604C
93BE4175 7078AC30 7391F8AF 4A15E116 C53D523E 12F6B5F4 15CA5635 C12576F7
0D5D1A2A F330F781 459F3418 7E82FFBD 2679E17C CDF07A4F A257B599 E7CCC9C6
38617B96 F2E66F0D 6BFBC000 524B377B 969D51BD 48A9BF8F 8C0220D4 BB249435
08688D18 794CAFB3 1F74F2F9 4E0C0245 AEA8E55A 2AE758A0 36CC
quit
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.11.101.1 10.11.101.99
ip dhcp pool ccp-pool1
import all
network 10.11.101.0 255.255.255.0
default-router 10.11.101.1
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
no ipv6 cef
multilink bundle-name authenticated
username *UserName* privilege 15 secret 5 $1$1O79$nIJGrBD9hCpDqheT3mDsC1
username VPNuser secret 5 $1$nPz8$Cni5jyIWv9zlKAU3B5no9.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key *Key* address *External VPN IP Address*
crypto isakmp client configuration group VPN_Users
key *Key*
pool *VPN_pool*
acl 102
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to*External VPN IP Address*
set peer *External VPN IP Address*
set transform-set ESP-3DES-SHA
match address 103
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 105
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any SDM_WEBVPN
match access-group name SDM_WEBVPN
class-map type inspect match-all SDM_WEBVPN_TRAFFIC
match class-map SDM_WEBVPN
match access-group 101
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 104
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all VNC_CLASS
match access-group name VNC
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect VNC_POLICY
class type inspect VNC_CLASS
inspect
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
drop
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT
pass
class type inspect SDM_WEBVPN_TRAFFIC
inspect
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
policy-map type inspect VNC-POLICY
class type inspect VNC_CLASS
inspect
zone security out-zone
zone security in-zone
zone security sslvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security zp-out-zone-sslvpn-zone source out-zone destination sslvpn-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-sslvpn-zone-out-zone source sslvpn-zone destination out-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-in-zone-sslvpn-zone source in-zone destination sslvpn-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security zp-sslvpn-zone-in-zone source sslvpn-zone destination in-zone
service-policy type inspect ccp-sslvpn-pol
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-VPNOutsideToInside-1
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Virtual-Template1
ip unnumbered FastEthernet0
zone-member security sslvpn-zone
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.11.101.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool *VPN_pool* 10.11.101.50 10.11.101.99
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.11.101.10 5950 interface FastEthernet0 5950
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_WEBVPN
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended VNC
permit tcp any host 10.11.101.10 eq 5950
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.11.101.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip any host 70.65.185.156
access-list 102 remark CCP_ACL Category=4
access-list 102 permit ip 10.11.101.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 104 remark CCP_ACL Category=128
access-list 104 permit ip host *External VPN IP Address* any
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip 10.11.100.0 0.0.0.255 10.11.101.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.11.101.0 0.0.0.255 10.11.100.0 0.0.0.255
access-list 106 permit ip 10.11.101.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username privilege 15 secret 0
Replace and with the username and password you want to
use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
scheduler interval 500
webvpn gateway gateway_1
ip address *External IP Address*port 443
http-redirect port 80
ssl trustpoint TP-self-signed-1097866965
inservice
webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179-anyconnect.pkg sequence 1
webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 2
webvpn context *VPN_pool*
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "*VPN_pool*"
svc keep-client-installed
virtual-template 1
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice
end -
I have a cage containing "V" (Windows XP) and "R/S" (Cisco 1811 Router+Switch). V needs to talk (via R/S) to a service on port 6910 of "P", which is outside the cage.
P talks IPSec for port 6910 traffic.
I am handcuffed, I cannot change config of P or config of V. So I need to use R/S to gateway the IPSec. I will be happy if R/S does IPSec for traffic to port 6910 at any address external to the cage.
Is this problem going to have a solution?
Your first question might be "what is the config at P?". I don't know how to answer that directly, but I have provided all info about a Windows secpol that successfully talks to P, which should yield the P config, right?
For more complete problem description including beautiful diagrams and an equivalent security policy on Windows that I'm trying to mimic, please see http://sites.google.com/site/ipsecpuzzleoncisco1800/home
Thanks for any guidance.
John RuckstuhlHi,
Thanks for the reply.
Yes I found that page and carried out the instructions, but still no joy. Here is an update on my learning process:
-I now know that the rommon prompt (which I got to using Ctrl-Break from within hyperterm on window XP connected to the console) is the system that causes the IOS system to boot. When I changed the confreg parameter from the rommon prompt, I neglected to note what my current confreg setting was, so I cant change it back (help here please). At the moment, the confreg setting is 0x142. What should it be to get this router back to the state where I started with it?
-In the flash filespace, I have a number of files, all dated Nov 22 of this year, which Im assuming are what I need to get this back and going the way it was when I first poweed it up. These files are:
c181x-advipservicesk9-mz.124-2.T2.bin
sdmconfig-1811-1812.cfg
sdm.tar
es.tar
common.tar
home.shtml
home.tar
128MB.sdf
At the moment when I power-off and power-on the router, Im prompted with the following question:
Would you like to enter the initial configuration dialog [yes/no]. I anwser no. Im imagining that I need to change the rommon confreg setting to aviod this message and continue with the boot process.
Can someone instruct me as to how this is done?
TIA
Charlie -
Cisco 1811 V.92 modem interface connected to NOKIA 32 PBX
the picture is:
We have a NOKIA 32 PBX device connected to the V.92 modem interface of a cisco 1811 fixed.
We are following the documentation for the configuration of remote management with v.92 analog modem for the configuration.
So far no good result on our aim to be able to connect to the cisco remotely over the modem, we would like to dial in the cisco throught the NOKIA 32 PBX.
Did someone ever try a configuration like that?
thanks
ljsSo far no luck, we are still working on it.
We were wonder if someone ever tried a configuration like that and made it work.
thanks -
Hi!
I´m now setting up a new wireless connection with 1811 and its not possible to get the vlan and the FastEthernet see each other...I already made a kind of bridge and still not workin!!!
Someone know what could happen or where I can find information about this device...I think is out dated but I am not sure....
Thanks and this my first time in this new community and congratulations for it....“Thank you for your question. This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product. Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.”
-
Cannot telnet between machines behind cisco 1811
I have 2 separate exchange servers for 2 separate exchange organizations on
the same private network.
-One has an ip of 192.168.0.2
-Two has an ip of 192.168.0.3
The network is protected by a 1811 router/firewall and each server has their own
public IP.
I can telnet between these machines usign their private ips, but not using their public ips?
Here is the show run (attached):
Thanks for your helpNo problem.
Here it is.
I don't have access to equipment to test at this time. I am just typing it in. Excuse me if there's problems with my syntax as it's 11:40pm over here in US and I am about to call it quit for the day.
int lo0
ip add x.x.x.x y.y.y.y
int vlan1
ip policy route-map test
route-map test permit 10
match ip address 150
set int lo0
route-map test permit 15
match ip address 151
set int lo0
access-list 150 permit tcp host x.y.z.230 host x.y.z.231 eq smtp
access-list 151 permit tcp host x.y.z.231 host x.y.z.230 eq smtp
Let me know if you had any questions.
HTH,
Sundar -
Unable to access satellite offices with Cisco VPN client
There are 4 sites:
Main office - 192.168.0.x/24
Sat office1 - 10.0.0.x/24
Sat Office2 - 10.0.1.x/24
Sat Office3 - 10.0.2.x/24
All 4 offices are connected via MPLS using other Cisco routers from the telcom co. The user VPN endpoint is at the main office. (Cisco 1811)
We can make the VPN connection with the Cisco VPN client and browse the 192 network all day long. We cannot access any of the other subnets over the VPN connection. Browsing the other subnets while physically at the main office is fine. This DID work in the past. Something changed that I cannot pinpoint, any ideas?
Scope for the VPN endusers is 10.100.100.x/24
Cisco VPN Client versions 4.x and 5.x (both affected)
Thanks in advanceKen
It is good to know that it did work in the past and then stopped working. That indicates that something changed. Is it possible that a software upgrade has been done and that the change is behavior is reflecting a different version of IOS? (I suspect that is is possible but not so likely - but we need to ask.)
My guess is either that there was some change in the routing logic or that the access lists which indicate what traffic is to be protected by the VPN used to include remote to remote but has been changed for some reason.
Could you post the configuration of the main office 1811?
Another question that occurs to me is whether the main office 1811 is directly connected to the Internet or does it go through some firewall? If if goes through some firewall is it possible that there has been some change in the firewall rules that is denying the remote to remote traffic?
HTH
Rick -
Connecting 2 routers: T1 Router and Cisco Router
Hi, thanks for reading this.
My company has a T1 line that goes into the provider's Netopia router. I'd like to connect that router to our Cisco 1811 router to take advantage of the firewall, DHCP, VLAN, and NAT features. So, this is what I'm trying to do:
Internet -- T1 Router -- Cisco 1811 -- Servers and Workstations
The Netopia router is a T1 router with 1 WAN port and 8 built-in Ethernet ports. The Cisco 1811 has 2 WAN FE ports and 8 Managed Switch ports.
First of all, I'd like to ask if this is even possible to do. If it is, please tell me how to physically connect the routers (what port to what port, and what kind of cable).
Thank you.I don't know the Netopia routers but what you want to do should be possible. On the physical level you have to connect one of the Netopia ethernet ports to one of the WAN FE ports, probably using an ethernet cross-over cable.
Now comes the fun part: configuration. -
Help with a simple 1811 configuration
I have a very basic level of understanding with Cisco products and I need help with what should be simple and even doable by me.
I have a Cisco 1811 integrated router and am simply trying to use it on my home network. I can configure the router with an enable secret password, password encryption, VTY, aux, and cons logins with no issues. The router has 2 Ethernet interfaces, 0 and 1 and 8 switch ports.
The idea is to bring Comcast ISP service into one of the Ethernet ports and then have three machines on the switch ports able to access the Internet. Also I have an off-the shelf wireless router that I thought I would just plug that into an available switch port and allow a wireless AP as well.
This is so simply, that I can't believe I can't figure it out, but I can't.
I set int F1 to DHCP, performed a 'no shut', and connected the ISP's router and have an up and up indication. I have setup a static network with my three machines on the switch ports and enabled all applicable ports and have up and up indications - however, no traffic flow, even amongst my static Layer 2 switched LAN - not even a 'ping'. By my understanding of Layer 2, this should work right now, whether the ISP service is working or not - WHAT AM I DOING WRONG?
The addressing scheme I have ended up on is 172.16.1.0/28
Obviously without the first hurdle cleared, of why the switched LAN doesn’t work, I haven't got any deeper. Do I need to configure NAT? I don't think I would need to in the scenario right?
All of my experience, and none at the CCNA level, has been with larger Cisco equipment. One thing I noticed on the 1811 was that when trying to create a new VLAN, it appears to work yet does not do anything and the 'sh vlans' output returns nothing, not even the VLAN1 I can see with 'sh ip int brief".
Anyway, if anyone has time to help a newbie out I would appreciate it; I’m lost.
Thanks,
JoshThanks for the help Andrew! You know, I think if this was two separate devices (switch and router) I think I would be up and running, but this integrated stuff is throwing me off, not to mention that the IOS is a much older version (I guess) than what I'm used to.
They were throwing this 1811 in the trash can at work, so I just emptied the trash can. I have no documentation at all but I have since found the 1800 series documentation on Cisco.com and have tried to implement the basic configurations cited; with what seems like success, but still no joy. I did have to recover the password and did so with 0x2142, I bypassed the setup and compared the default configuration with what is listed in the documentation and they DO NOT match; I also tried to go through setup mode with the same indications. Additionally I've also learned that the 1800 series is pre-configured on certain options (DHCP, VLAN), which is new to me - I thought Cisco routers were not configured by default - isn't that kind of the point? (By the way, the below port status may not be correct since I now have all the ports unplugged)
Anyway, here is the 'show run' command, the 'sh ip int brief' command, followed by the 'sh version' command:
Show Run
Casino#sh run
Building configuration...
Current configuration : 2006 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Casino
boot-start-marker
boot-end-marker
enable secret 5 $1$meWw$nsMTp6US7axi/uE0MWULK.
enable password 7 06535E741C1B584C55
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.1.1
ip dhcp pool Casino
import all
network 172.16.1.0 255.255.255.240
default-router 67.165.208.1
dns-server 68.87.89.150
domain-name hsd1.co.comcast.net
no ip domain lookup
ip domain name GinRummy.localhost
ip name-server 68.87.85.102
ip name-server 68.87.69.150
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
multilink bundle-name authenticated
archive
log config
hidekeys
interface Loopback0
ip address 172.16.1.1 255.255.255.240
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp authentication chap
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat pool Casino 172.16.1.2 172.16.1.14 netmask 255.255.255.240
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit 172.16.1.0 0.0.0.15
dialer-list 1 protocol ip permit
control-plane
line con 0
password 7 080E5916584B4442435E5C
login
line aux 0
password 7 013C135C0A59475A70191E
login
line vty 0 4
password 7 09635B51485756475A5954
login
end
Show IP Interface Brief
Casino#sh ip int brief
Interface IP-Address OK? Method Status Prl
FastEthernet0 unassigned YES NVRAM administratively down do
FastEthernet1 unassigned YES DHCP up do
BRI0 unassigned YES NVRAM administratively down do
BRI0:1 unassigned YES unset administratively down do
BRI0:2 unassigned YES unset administratively down do
FastEthernet2 unassigned YES unset up do
FastEthernet3 unassigned YES unset up do
FastEthernet4 unassigned YES unset up do
FastEthernet5 unassigned YES unset up do
FastEthernet6 unassigned YES unset up do
FastEthernet7 unassigned YES unset up do
FastEthernet8 unassigned YES unset up do
FastEthernet9 unassigned YES unset up up
Vlan1 unassigned YES NVRAM up up
Loopback0 172.16.1.1 YES manual up up
Dialer0 unassigned YES manual up up
NVI0
'show version'
Casino#sh ver
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15))
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 24-Jan-08 13:05 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YH12, RELEASE SOFTWARE (fc1)
Casino uptime is 52 minutes
System returned to ROM by reload at 17:09:25 UTC Fri Jul 1 2011
System image file is "flash:c181x-advipservicesk9-mz.124-15.T3.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 1812 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of m.
Processor board ID FHK120622J3, with hardware revision 0000
10 FastEthernet interfaces
1 ISDN Basic Rate interface
31488K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Thanks again for your help,
Josh -
Best practices for NAT/PAT?
Greetings:
My setup is
Cisco 1811 serving as a router/firewall to several windows 2003 servers at an ISP. Ive configured NAT on the router to expose http, https, and smtp ports on each of the servers to a unique public ip address within my x.x.x.230/29 address space.
The WAN port on the 1811 is configured with x.x.x.230/29. On the ServerA I NAT ports 25, 80, and 443 on that same x.x.x.230 address, while managing the 1811 itself using SSH on that same address as well.
On server B (local ip 192.168.0.3), I NAT the x.x.x.231 for ports 25. 80, and 443. On server C (local ip 192.168.0.4), I NAT the x.x.x.232 address for the same ports.
Can anyone offer a critique of this configuration and offer some ideas of the best practices topology-wise for providing routing, vpn and firewall functionality for these servers?
My question arises because now I have a site to site VPN with Server B at the local end and I am unable to connect to the server B smtp port due to the following nat statements. I can confirm that this is the case since by removing the statement I am able to connect.
Here is the NAT section of the show run:
ip nat inside source static tcp 192.168.0.2 443 interface FastEthernet0 443
ip nat inside source static tcp 192.168.0.2 80 interface FastEthernet0 80
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.0.3 25 x.x.x.231 25 extendable
ip nat inside source static tcp 192.168.0.3 80 x.x.x.231 80 extendable
ip nat inside source static tcp 192.168.0.3 443 x.x.x.231 443 extendable
ip nat inside source static tcp 192.168.0.4 25 x.x.x.232 25 extendable
ip nat inside source static tcp 192.168.0.4 80 x.x.x.232 80 extendable
ip nat inside source static tcp 192.168.0.4 443 x.x.x.232 443 extendable
Would appreciate any and all comments on the way it is currently configured ass well as:
-How I might be able to change the config to follow a best-practice arrangement for the router/firewall and these servers.
TIAHi,
Static PAT is the same as static NAT, except it lets you specify the protocol (TCP or UDP) and port for the local and global addresses.
This feature lets you identify the same global address across many different static statements, so long as the port is different for each statement (you CANNOT use the same global address for multiple static NAT statements).
For example, if you want to provide a single address for global users to access FTP, HTTP, and SMTP, but these are all actually different servers on the local network, you can specify static PAT statements for each server that uses the same global IP address, but different ports
And for PAT you cannot use the same pair of local and global address in multiple static statements between the same two interfaces.
Regards
Bjornarsb -
What is the best way to throttle snmp traps? I have an HP NNM (Network Node Manger) server that is currently receiving traps from a number of network devices. Sometimes traps get sent from these devices at a higher rate than the NNM server can handle. When this happens the NNM server is basically so overwhelmed it gets hung.
I have a Cisco 1811 ISR that is acting as my remote tunnel device. The monitored devices (switches, firewalls, routers, etc.) are on the local LAN behind the ISR and all monitoring traffic is sent to the NNM server through the IPSec tunnel.
Is there a way to either batch process snmp traps or throttle/cap the rate that the messages get sent? I would prefer to do this somehow on the ISR as it will keep the number of configurations I have to do way down.
Thanks,
-mikeLuckily you have NNM. As long as you're running NNM 6.4 or later (up to 7.53 that I can testify for), you can configure throttling there. Instead of rehashing it, I point to the post by Prashant over at HP ITRC:
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1289854149785+28353475&threadId=1011198
Note that I don't personally adopt Step 3 in Prashant's post, of blocking individual offending IP addrs specifically in ovtrapd.conf. Without that step, I simply configure ovtrapd.lrf to give whichever IP addr that crosses the "-B -r ##" threshold a temporary "time out". Once that offender's trap rate drops below the configured threshold, NNM unblocks it, until the next violation.
This is not a perfect "throttle", because all traps (interesting ones and noises) from the offending IP are tuned out during the blockade. -
i am currently using cisco vpn client, after connecting i want to reconnect another vpn to microsoft, while connecting it displays error 800, after getting these detail it shows that your cisco router firmware is old ( older than 2000) i am using cisco 1811 ios 12.3.9.
other detail of vpn 800 error "tcp window size is 0"
any help regarding this, thanks in advanceHi,
We require more info in order to understand clearly whats going on. Could you please paste the screen shot of the err message.
Regards,
wilson samuel -
Hi all,
in the past i have WebVPN on my Cisco 1811 running without any Problems. Know i get a new Router Cisco 2811. My Problem is that the: SVC pakage file is not availible annymore on the Cisco page.
What should i use know ? What is the actual file ?
greetssolved ---> Close
-
I just got a new Iphone and i am trying to use the iphone cisco client to connect to my Netgear FVS318 via IPsec. No matter what i do the devices will not connect. After about 15 seconds i get an error message on my iphone that "Server could not be found." i have spent several hours searching on the internet and i can't seem to find any information or anyone who has sucessfuly connected their iphone to a Netgear VPN router. ANy ideas?
As a last resort should i decide to get a new VPN router for the office and home what brand should i look at that will easily connect with the iphone? i assume cisco routers but those are way too expensive. Any input would be great.The Cisco VPN will only connect to a Cisco router, firewall or VPN appliance. Technically standards based, but only cisco has implemented it in the "cisco way" The L2TP and PPTP are more generic configurations, but in all cases the VPN server must be explicitly configured to support your access.
It is possible to buy a Cisco router for a few hundred $ that will support the connection you need. Depends upon what you want to do. I am using a Cisco 1811 at my home, around 1500 list. If you do not have Cisco skills yourself, you will need to hire an engineer to configure it.
Maybe you are looking for
-
How do I compress a pdf with Create PDF so that I can attach it to e-mail?
How do I compress a pdf with Create PDR so that I can attach it to e-mail?
-
Adobe Flash Player Quit Working
I am running Windows Pro 7 (64-bit) and MSIE 9. For some unknown reason, my flash player quit working. No big deal, as I went to Adobe's download page and first obtained their uninstall executable. I used it to completely rid my machine of it's origi
-
How do I get rid of Chinese websites on Safari homepage
I was recently in Asia. Now that I am in the States, I see that my Safari homepage has about six Chinese search engines on it. I don't know how to get rid of them. Any solutions?
-
Tex variable: Cell Function with 2 time characteristics?
Hi BW experts, I have to use cell functions in our query because of cell references in the definition. There are two time characteristics used in the query: <b>0calweek</b> for reporting horizon and <b>zcalweek</b> for week of data loading Also I hav
-
Since installing iTunes 7, I have noticed some of my songs play all the way through, but do not count it as a play. I have a smart playlist based on last played date for easy finding of music I haven't listened to in a while. However, sometimes songs