Cisco 2504 WCL and 1702i

Similar Messages

• Help required to implement Cisco 2504 WLC and 1042 Access Points

  Hi,
  My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
  We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
  I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
  1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
  2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
  3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
  Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
  Regards,
  Vidya Sagar

  Lets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
  So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
  Make sure the WLC time is correct or use NTP!!!!
  Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
  The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
  Interface gigabit1/0/1
  description WLC2504
  switch port trunk encapsulation dot1q
  switchoort mode trunk
  switch trunk allowed vlans 10,100,116,121
  spanning-tree portfast trunk
  channel-mode group 10 mode on << only for v7.4 if you use lag
  Don't connect all four ports right now, just port one!!!!
  Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
  Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
  Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
  Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
  Here are some links for the WebAuth feature:
  https://supportforums.cisco.com/docs/DOC-13954
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
  Now if you want to use ACS with PEAP, here is some links for that:
  https://supportforums.cisco.com/videos/2499
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
  https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
  Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
  Sent from Cisco Technical Support iPhone App

• Wi-Fi Installation in large property W/Cisco 2504

  Hi,
  I have an interesting job where i am having to fit a wifi network through a large property. I was advised to use the Cisco 2504 WLC and 9 x Cisco AIR-AP1142N access points.
  I know that out of the box the AP's (in standalone versions) have the GUI enabled.
  Not being completley up with CLI etc, is the WLC GUI enabled straight out of the box? if not, is it complicated to get it up and running? I'm pretty good at learning/understanding these things just as long as i have a rough idea of what to do!
  Thanks in advance,
  Josh                  

  Thats great, Thanks steve.
  I have the Controller (although AP's are still on order - out of stock ) but i have one final question before i start to set it up!
  I'm looking at this guide: http://www.cisco.com/en/US/docs/wireless/controller/2500/quick/guide/ctr2504_q_s.html#wp34023 and it talks about Management interface. I presume the management IP address would be the fixed ip of the controller if you like.
  So if i had a network with a DHCP server. The Router/Server was 192.168.2.1 and the DHCP range started from .10, i could set this to be 192.168.2.2 with the router of the management interface to be .2.1. I then could set the VLAN id to be 0 as i don't need a seperate managment lan (it's only for a house afterall, and if i lock it down with passwords it should be fine).
  With the Management Port, i presume that can be the port that connects into the main PoE Switch, similalry the Management DHCP server would be 192.168.2.1?
  Virtual Gateway IP address i guess is irelevant as there will be no mobility group?
  And DHCP bridging, like on any other wifi system/AP would be 'No' as the Router will be dealing with all DHCP requests?
  Thanks again for your fantastic help so far!
  Josh

• OOB Management of Cisco 2504

  Hello,
  I am wondering if this is possible, and how to execute. 
  We have a separate physical network for guest wireless access that we will be using a cisco 2504 controller and AP's. I wanted to manage the WLC from the corporate network, and wanted to have a management interface on our DMZ to allow 443 management from inside our corporate network.
  I tried making the built in management interface on our corporate DMZ network, and another interface for the Guest Network, but I am unsuccessful:
  Management port 1: 192.168.x.x
  Dynamic interface port 2: 10.5.x.x
  Once I enable Dynmaic AP management on the Guest network, I cant ping any devices on that network.
  I also tried making a VLAN for the management network and another vlan for the Guest network and mapping them to the single built in management port, but I have been unsuccessful in that.

  Hi,
  ip http server
  ip http authentication local
  ip http secure-server
  username cisco password cisco.
  HTH,
  Bjornarsb

• 100% Noob - Need Help for basic setup of Cisco 2504 and 1600 AP

  Hello,
  I am completely noob in (cisco) networking.
  I have to setup a basic but secure wireless network.
  I have a cisco 2504 and 2 APs 1600 + a random switch
  I have 4 ports on the controller.
  I want to keep the 1st port on the network for the controller management, plug my internet box on the 3rd port, and my switch on the 4th port. Then the AP will be on the switch.
  I am able to make something working when everythings are plugged on the switch, plugged in the first port (default management port).But this is not what I want.
  First thing, Is that possible ?
  1st port : office network
  2nd port : empty
  3rd port : Internet Box
  4th port : Switch + all APs
  Then, if that is possible, how should i configure the controller to make that work ? I am completely lost in the menus.
  I dont need a perfect configuration, just something simple and working.
  1 SSID, 10 DHCP addresses, block wireless users trying  to go on the office network.
  If anyone could help my doing that, It would be very nice.
  Thank you.

  You basically need two SSIDs one for corporate users and second for guests .check the link with  step by step config and brief details .
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html

• Cisco 2504 Domain Authentication for WIFI Clients

  I got a question.
  I have a 2504 controller, and a bunch of 3600 APs. (which now works, thanks to Scott Fella)
  I want the WIFI users to be able to connect to the WIFI, If their computer is part of the domain. Otherwise, they connect to the guest WIFI.
  How can I go about doing that? I tried searching the forums, but perhaps Im not searching for the right keywords.
  I thought it was LDAP, but I could not find much info on it.
  Thanks....         

  I wouldn't look at LDAP. I would use a radius server and machine authentication. If your a Microsoft shop, then bring up IAS for 2003 or NPS for 2008. These can work as your radius server. To figure out how to configure machine auth, just search Google for NPS wireless machine authentication.
  Here is one link
  http://araihan.wordpress.com/2010/04/30/complete-guide-to-build-a-cisco-wireless-infrastructure-using-cisco-wlc-5500-cisco-1142-ap-and-microsoft-radius-server/
  Sent from Cisco Technical Support iPhone App

• Cisco 2504 Capability Question

  Hello,
  I need to replace a 4402 with a 2504 controller and put a 2504 controller in the DMZ for guest access.  This would be the setup:
  The 4402 would be replaced at a remote site (not hreap) and support a couple of wlans, one of those would not be local and would be anchored back to the 2504 in the DMZ for the guest services.  All of my 5508's also would be hitting the 2504-DMZ to anchor the guest service as well.  Is this still feesable in the 2504 series?  I ask because I saw somewhere (albiet I cant find it again) that said you could not do anchors on the 2504 series?
  Thanks,
  Raun

  Looks like the answer about 2500 series being used as a guest anchor has changed:
  Q.   Can the Cisco 2100/2500 Series Wireless LAN Controller be used as a guest   anchor controller in the unsecured network area?
  A. Yes, starting Cisco Unified Wireless Network Software Release 7.4, the       Cisco 2500 Series Wireless LAN Controller can terminate (up to 15 EoIP tunnels)       guest traffic outside the firewall. The Cisco 2000 Series Wireless LAN       Controller can only originate guest tunnels.
  Reference: http://tiny.cc/d8ejcw

• Cisco 2504 Configuration

  Hello,
  I have a cisco 2504 controller with 10 AP's. I have 3 WLANs. I would like to have one WLAN only broadcast to 2 of my 10 AP's? Is this possible? If so how would I configure the WLan?

  so i followed the configuration sheet that was listed in the article below
  http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_wlan.html#wp1128591
  Underneath the
  Creating Access Point Groups
  i followed it and made the modifications. But i am still able to see the one WLAN under all AP's?

• Cisco 2504

  We've recently converted to Cisco for our wireless deployments and are in the middle of our first customer install.  We purchased a 2504 from a Cisco Partner and it came with v7.2x on it, which as we now know does not work with the AP 1600's. 
  When we attempted to download the software upgrade we were told we needed a service contract to do that.  So we called the Partner we ordered the 2504 from and purchased the service contract for $399 when they said we should have an email from Cisco in aprroximately an hour with the service contract activated. 
  That was about 36 hours ago.   After calling the Partner several times we demanded to speak to a supervisor who them informed us it could take up to two weeks to complete the service contract activation on the device.  I just cancelled our oder with this Partner because that seemed unacceptable based on his reasoning for the length of time - something with their internal PO process.
  We are square in the middle of this install for our customer.  Nevermind we were shipped a device with the software 3 versions old, but we can't get the new software version for a brand new 2504?? 
  Does anyone have any idea 1) how can we get this software version for a brand new device just purchased less than a week ago, and 2) what is the fastest way to get a service contract activated for our customers brand new 2504?? 
  HELP       

  Well I guess it depends on who you get.  Support is support as I see it.  Rule of thumb... customer is always right:)  Its a battle out there between vendors and its easy to hate a vendor of little things.  As a consultant, you do what you can to make the customer happy, or else they find another vendor.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Cisco Phone Control and Presence 8.6.1.1185 with IBM Lotus Notes 8.5.2 (Integrated Sametime Client 8.0.2) - No presence status visible

  Hi community,
  I am trying to integrate Cisco Unified Presence 8.6.1.10000-34 with IBM Lotus Notes 8.5.2 with the integrated Sametime Client version 8.0.2 via the Cisco Plugins 8.6.1.1185.
  Phone control is working fine, whereas the presence status is not shown (= no handset symbol next to the Sametime user). When I look in the preferences of the plugin, I can see that the plugin has connected successfully to the CUCM (8.6.2.20000-2),whereas the connection to the CUPS has not been established.
  The user id as well as the password are all the same on all systems. Here is a description of what I have configured via the ciscocfg.exe tool:
  Feature Control:
  - Enable Phone Status -> checked
  - Enable Dial Using Cisco IP Communicator -> unchecked (not required)
  - Enable Control Desk Phone -> checked
  - Default Mode -> Control Desk Phone
  Control Desk Phone Settings:
  - Voicemail Pilot Number -> left blank (no voicemail)
  - Cisco Unified Communications Manager
       - Servers -> IP address of CUCM
       - Read Only -> unchecked
       - Use as Default CUCM -> checked
       - Synchronize Credentials -> checked
            - Use Sametime Credentials -> checked
  Use Secure Connection: -> not required
  LDAP Phone Attributes: -> not required
  Phone Status Settings:
  - Cisco Unified Presence Servers -> IP address of CUPS
  - Read Only -> unchecked
  - Synchronize Credentials -> checked
       - Use Sametime Credentials -> checked
  - Sametime User ID Mapping
       - Use Business Card Attribute -> MailAddress
       - Remove Domain -> checked
  - Display Off-Hook Status Only -> unchecked
  At the moment I don't see an error in the configuration, but maybe I am wrong. Could anyone please tell me what the error could be?
  Thanks a lot in advance!
  Kind regards,
  Igor

  Hi all,
  here are some additions to my above post:
  Servers and clients used:
  1x CUCM 8.6.2.20000-2
  1x CUPS 8.6.1.10000-34
  1x IBM Lotus Domino Messaging Express Server 8.5.2
  1x Sametime Entry Server 8.5.2 (on top of the Domino server)
  2x IBM Lotus Notes 8.5.2 with integrated Sametime 8.0.2
  2x Cisco Phone Control and Presence with Lotus Sametime (PCAP) 8.6.1.1185
  2x Cisco Unified Personal Communicator 8.5.5.19839
  Setup:
  - CUCM, CUPS and CUPC are working fine, i.e. Desk Phone control via CUPC, as well as availability and presence status are working without issues
  - IBM Lotus Domino server is the LDAP Directory, the Sametime Entry Server is installed on top of the Domino server and uses the Domino Directory
  - User ID and password on CUCM/CUPS match the ShortName field and password in Domino
  - The PCAP plug-in has been manually deployed to both Notes clients with the following configuration:
       - Enable Phone Status -> active
       - Desk Phone Control -> active
       - no credential synchronization for CUCM and CUPS, i.e. every user must fill the user details himself
       - Sametime User ID Mapping is implemented via the LDAP Attribute uid (which is equal to the user id in CUCM)
       - LDAP configuration filled in with details of the Domino server
  Phone Control is working fine, also the connection to the LDAP server (Domino) is fine. However, when I type in the credentials for the CUPS server login, I can see (in Troubleshooting pane) that the user (pparker) is connected to the CUPS server for a short period of time and then gets disconnected. After that no connection is possible to the CUPS server, i.e. status is always disconnected.
  I have collected the Tomcat (EPASSoap00010.log and security00010.log) logs via RTMT and compared them to the logs from the PCAP plugin. The relevant time period is from 15:14 to 15:17. In the Tomcat logs I can see that the authentication is successful (see attached files), however in the log of PCAP plugin I can see the following messages:
  2012/02/03 15:14:35.281 WARNUNG Credential is rejected. Nothing to retry ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.answerChallenge() ::thread=CT_CALLBACK.1 ::loggername=com.cisco.sametime.phonestatus.cup
  2012/02/03 15:14:35.281 WARNUNG #### Connection rejected presence server ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.onPresenceServerConnectionRejected() ::thread=CT_CALLBACK.1 ::loggername=com.cisco.sametime.phonestatus.cup
  2012/02/03 15:14:35.281 WARNUNG Credential is rejected. Nothing to retry ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.answerChallenge() ::thread=CT_CALLBACK.2 ::loggername=com.cisco.sametime.phonestatus.cup
  2012/02/03 15:14:35.281 WARNUNG #### Connection rejected presence server ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.onPresenceServerConnectionRejected() ::thread=CT_CALLBACK.2 ::loggername=com.cisco.sametime.phonestatus.cup
  I don't understand why the connection is rejected although the Sametime Internal ID and CUPS User ID match. Does anyone know what the issue could be?
  All posts are very much appreciated!
  Thanks a lot in advance!
  Kind regards,
  Igor

• Boot camp with Cisco VPN client and smart card

  Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
  Thanks

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• Cisco VPN Client and Mac OS 10.5.1 update

  After upgrading to Leopard (10.5) my Cisco VNP client stopped working. I was able to fix that by downloading the newer VPN Client 4.9.01 (0080) from the Macupdate.com website. Now that I've updated to Mac OS 10.5.1, the VPN Client won't work again!! I went back to the Macupdate website and downloaded what looks like an even newer version - 4.9.01 (0090) - but this is labeled as a BETA and it doesn't work either. Anyone out there seen a newer version, or something that works with 10.5.1?

  b166er wrote:
  Aside from the fact that it's marked beta, I'm wary about the source of MacUpdate's download. They link to http://www.arrange.co.at/download/vpnclient-darwin-4.9.01.0090-universal-k9-BETA .dmg
  Cisco don't ever make the client freely available. The official download is via form on the Cisco web site and you need appropriate credentials. I wouldn't risk installing from any other source.
  The home page at http://www.arrange.co.at/ doesn't exactly inspire confidence.
  Dude has a point... it's risky to mess with something like this from an untrusted source IMHO. Cisco is picky about who they give it out to. I have to get mine through my host provider since they are the ones that are authorized.
  For what it's worth, I'm using 4.9.01 with 10.5.1 and it works well.

• I am unable to browse internet from my cisco 881 router and configuration is below could any one help me in this regard

  HOME#sho run
  Building configuration...
  Current configuration : 5657 bytes
  ! Last configuration change at 10:51:11 UTC Fri May 17 2013 by admin
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname HOME
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 $1$bgx9$VrtQW3Wg182VyYhKAHLbN.
  no aaa new-model
  memory-size iomem 10
  crypto pki trustpoint TP-self-signed-1190003239
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1190003239
  revocation-check none
  rsakeypair TP-self-signed-1190003239
  crypto pki certificate chain TP-self-signed-1190003239
  certificate self-signed 01
    3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31313930 30303332 3339301E 170D3133 30353137 31303333
    35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31393030
    30333233 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100C002 80BBF151 E095E469 AA7DBB18 2A9E3CC2 4AC223F6 ABE0AF49 876C1203
    65D0E246 786F174D E5B7897A 44C5755A 2571E58A 184A6C62 DD992A2A D8A24878
    25A8D3C3 03F5D3C2 522EC8BB 302B0CCD 2945087A 7AF01418 D0056679 6F64DB4A
    BE2D5DA1 106CD03A 83B422A2 3CCBAE88 F2413123 12269390 6949DFE0 411118E7
    8F210203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
    551D1104 16301482 12484F4D 452E7777 772E7961 686F6F2E 636F6D30 1F060355
    1D230418 30168014 3D2D854D 1203F50D 77F4ABC5 B61CEAF6 C922F4DF 301D0603
    551D0E04 1604143D 2D854D12 03F50D77 F4ABC5B6 1CEAF6C9 22F4DF30 0D06092A
    864886F7 0D010104 05000381 8100B24C 48BACACE 87ADEA03 386F2045 CC89624A
    4EB1AD09 062EB2A4 CF4C96CA 0B2CF001 BD2C3804 8DC47FED 6A5B5F0D 3965AC6E
    4FC4682F 707E4132 8F27C083 C7FAE1BD 21D055E6 C79D5DAD 051B6321 D35DB4F2
    044E6BBD DAD08B6A 6ED87C7E 08F4F7E1 4EFDFB6F 867AF6FA 84165CFC D219D56F
    A82EABD4 AD9CFA24 A5088145 E571
          quit
  ip source-route
  ip routing protocol purge interface
  ip dhcp excluded-address 10.10.10.1
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     domain-name www.google.com
     dns-server 192.168.1.1
     lease 0 2
  ip cef
  ip domain name www.yahoo.com
  ip name-server 84.235.6.55
  ip name-server 84.235.57.230
  no ipv6 cef
  multilink bundle-name authenticated
  license udi pid CISCO881-SEC-K9 sn FCZ1516933C
  username admin privilege 15 password 0 cisco
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  ip address dhcp
  ip access-group 101 in
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 10.10.10.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  ip nat enable
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  interface Vlan2
  no ip address
  ip nat inside
  ip virtual-reassembly
  ip default-gateway 192.168.1.1
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 101 interface FastEthernet4 overload
  ip route 0.0.0.0 0.0.0.0 FastEthernet4
  access-list 23 permit 10.10.10.0 0.0.0.7
  access-list 101 permit ip any any
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^C
  Cisco Configuration Professional (Cisco CP) is installed on this device.
  This feature requires the one-time use of the username "cisco" with the
  password "cisco". These default credentials have a privilege level of 15.
  YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
  PUBLICLY-KNOWN CREDENTIALS
  Here are the Cisco IOS commands.
  username <myuser>  privilege 15 secret 0 <mypassword>
  no username cisco
  Replace <myuser> and <mypassword> with the username and password you want
  to use.
  IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
  NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
  For more information about Cisco CP please follow the instructions in the
  QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
  ^C
  banner motd ^Cuthorized ^C
  line con 0
  login local
  no modem enable
  line aux 0
  line vty 0 4
  access-class 23 in
  privilege level 15
  password cisco
  logging synchronous
  login local
  transport input telnet ssh
  scheduler max-task-time 5000
  end

  HOME#ping 4.2.2.2
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  HOME#sh ip int br
  Interface                  IP-Address      OK? Method Status                Protocol
  FastEthernet0              unassigned      YES unset  down                  down
  FastEthernet1              unassigned      YES unset  down                  down
  FastEthernet2              unassigned      YES unset  down                  down
  FastEthernet3              unassigned      YES unset  down                  down
  FastEthernet4              192.168.1.120   YES DHCP   up                    up 
  NVI0                       10.10.10.1      YES unset  up                    up 
  Vlan1                      10.10.10.1      YES NVRAM  down                  down
  Vlan2                      unassigned      YES NVRAM  down                  down
  HOME#
  fast ethernet is connected to my internet connection

• What is the maximum number of PVC's supported by Cisco BPX 8620 and 8680 chassis with BCC-4V 128MB DRAM and 4 MB BRAM?

  We are working on a capacity planning project for one of our customers and we need an estimate on the maximum number of PVCs supported in the following situations:
  a)Cisco BPX 8620 and 8680 chassis with BCC-4V 128MB DRAM and 4 MB BRAM ?
  b)Maximum number of PVC's supported by each of the following STM-1 cards:
  - model BXM-155-4D and 4DX ?
  - model BXM-155-8D and 8DX ?

  a)It depends upon software level. b) 16,000 per card, With release 9.3:
  60K Connections Support on BXM-E—Provides the ability to support a maximum of 60K per card for VSI applications for the BPX 8600, for example, PNNI or MPLS, used on enhanced BXM-E cards.

• Problem with Cisco 861W router and outgoing VPN

  We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
  Here is the Access Point Configuration:
  Current configuration : 2100 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname obap
  enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
  no aaa new-model
  dot11 syslog
  dot11 ssid OLIVER
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 0 XXXXXXXXXXX
  username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm tkip
  ssid OLIVER
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecti
  ng AP with the host router
  no ip address
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.0.2 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  banner login ^CC
  % Password change notice.
  Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
  It is strongly suggested that you create a new username with privilege level
  15 using the following command for console security.
  username <myuser> privilege 15 secret 0 <mypassword>
  no username cisco
  Replace <myuser> and <mypassword> with the username and password you want to
  use. After you change your username/password you can turn off this message
  by configuring  "no banner login" and "no banner exec" in privileged mode.
  ^C
  line con 0
  privilege level 15
  login local
  no activation-character
  line vty 0 4
  login local
  cns dhcp
  end
  obap#
  Here is the Router's Configuration:
  Current configuration : 5908 bytes
  ! No configuration change since last restart
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname obrouter
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
  no aaa new-model
  memory-size iomem 10
  clock timezone PCTime -5
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-1856757619
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1856757619
  revocation-check none
  rsakeypair TP-self-signed-1856757619
  crypto pki certificate chain TP-self-signed-1856757619
  certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
    34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
    35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
    7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
    071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
    B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
    F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
    551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
    0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
    1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
    06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
    DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
    F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
    B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
    505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
          quit
  no ip source-route
  ip dhcp excluded-address 192.168.0.1 192.168.0.99
  ip dhcp pool ccp-pool1
     import all
     network 192.168.0.0 255.255.255.0
     dns-server 216.49.160.10 216.49.160.66
     default-router 192.168.0.1
  ip cef
  no ip bootp server
  ip domain name brushhog.com
  ip name-server 216.49.160.10
  ip name-server 216.49.160.66
  license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
  username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description $ES_WAN$$FW_OUTSIDE$
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  pppoe-client dial-pool-number 1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1412
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1452
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname XXXXXXXXXXXXX
  ppp chap password 7 XXXXXXXXXXXXXXXX
  ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
  no cdp enable
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.0.0 0.0.0.255
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  login local
  no modem enable
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  privilege level 15
  login local
  transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end
  Any help would be appreciated

  Hello,
  i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  Can someone help?
  Thank you.
  Here is my config for internal AP and router.