CISCO 2600 Router Flash Image

Similar Messages

• Cisco 2600 router with 4A/S module can be terminal server

  I have a cisco 2600 router with 4A/S module, can it become the terminal server? If yes, which kind of octal cable should I choose to connect to other cisco routers console ports? Thanks a lot

  The commands mean that R1's console is connected using the first RJ-45 cable and is available on port 2001, R2's console is connected using the second RJ-45 cable and is available on port 2002 and so on. Remember that the ports are numbered as 2000 plus the line number. Hence, the first port is 2001. If you have more than eight devices and have connected a second CAB-OCTAL-ASYNC cable then you need to add a similar configuration line with the port numbers starting from 2009 till 2016.
  In your configuration u configured 9 ports. So please add second cable for another 8 ports.
  To connect to the console of a device, telnet to the terminal server router's loopback address and specify the port number associated to the device. For example, to connect to console of router R1 (from our example) type telnet 192.168.12.1 2001 in the Run dialog box from your PC.
  For further information click the below url
  http://www.cisco.com/public/technotes/smbsa/en/us/internet/config_cisco_router_term_server.html#trouble

• Cisco 2621 Router - Flash Erased

  Hi All,
  I did something stupid. yes it was me, nobody else to blame,I erased the flash memory on my spare 2621 router. I then rebooted the router and now I'm hung in "romomn" mode.
  I have tried the two different recovery modes in order to upload a new IOS onto the router. From Cisco "How to Download a Software Image to a Cisco 2600 through TFTP using the tftpdnld Rommom Command".
  I am using Solar Winds for my TFTP server and the replacement image (c2600-i-mz.122-34a.bin) is in the TFTP root. I configure all the proper parameters, then run "set" to make sure they are correct. When I invoke the "tftpdnld" command I keep getting the message that the "IP_ADDRESS" is illegal. Note: This was a spare router and not in production and had no config file on it that I know about. Iam hooked up through a concole cable using Hyperterminal. The IP address of my tftp server (laptop) is 192.168.10.155. I set 192.168.10.240 (spare IP address on my network) as the IP address of the router in romon mode, didn't know what else to put in since the router doesn't have an IP address set.
  Next I have tried using xmodem to upload the image and keep getting a "time oiut". Yes, I have reset the speed up to 115,200.
  I really need to get this router up and running as soon as possible. This weekend we're changing from BGP to RIP (going from 2 T-1 lines to just 1) and I don't want to change the config on our 3640 until I make sure the new configuration is working on the 2621 first. That way, if things go "south" I cna put the 3640 back into place and be back up and running in minutes.
  Any ideas to help me get out of this mess?
  Thanks,
  Chuck

  Are you just connected to the router via a console cable or do you have a ethernet connection between your laptop and the router e0 interface.
  The reason I ask is I didn't see it in your post. I might have overlooked it.
  Procedures for Recovering Boot and System Images
  If your router experiences difficulties and no longer contains a valid Cisco IOS software image in flash memory, you can recover the Cisco IOS image using one of the following ROM monitor commands:
  •xmodem—Use this if the computer attached to your console has a terminal emulator that has xmodem capability.
  •tftpdnld—Use this if you have a TFTP server directly connected to the Ethernet 0 port.
  You need
  Also, are you entering the complete file

• NEED URGENT HELP ON MY CISCO 2600 ROUTER.

  This machine is giving me hard time. The problem with it is that it keeps on rebooting. I have tried to even load another IOS. But it is not working out. It is bringing this output......========= Dump bp = 2C66478 ======================
  2C66378: 0 0 0 0 0 0 0
  0
  2C66398: 0 0 0 0 0 0 0
  0
  2C663B8: 0 0 0 0 0 0 0
  0
  2C663D8: 0 0 0 0 0 0 0
  0
  2C663F8: 0 0 0 0 0 0 0 FD0110D
  F
  2C66418: AB1234CD FFFFFFFE 0 0 800261A4 2C66478 2C183EC 8000001
  C
  2C66438: 1 175C7D59 70600180 DCBE0B00 C164 0 100 2C664A
  0
  2C66458: 2C668E0 0 0 0 0 0 0 FD0110D
  F
  2C66478: AB1234CD FFFFFFFE 0 0 800261C8 2C668B8 2C6642C 8000020
  C
  2C66498: 1 A35C1E12 15A 8000F9F4 2C67160 0 15A 8000F9F
  4
  2C664B8: 2C677E0 0 15A 8000F9F4 2C67E60 0 15A 8000F9F
  4
  2C664D8: 2C684E0 0 40 8000F9F4 2C68B60 0 40 8000F9F
  4
  2C664F8: 2C691E0 0 0 8000F9F4 2B657E0 0 0 8000F9F
  4
  2C66518: 2B65160 0 0 8000F9F4 2B64AE0 0 0 8000F9F
  4
  2C66538: 2B64460 0 0 8000F9F4 2B63DE0 0 0 8000F9F
  4
  2C66558: 2B63760 0 0 8000F9F4 2B630E0 0 0 8000F9F
  4
  ========= Dump bp->next = 2C668B8 ======================
  2C667B8: 2B73E20 0 0 8000F9F4 2B737A0 0 0 8000F9F
  4
  2C667D8: 2B73120 0 0 8000F9F4 2B72AA0 0 0 8000F9F
  4
  2C667F8: 2B72420 0 0 8000F9F4 2B71DA0 0 0 8000F9F
  4
  2C66818: 2B71720 0 0 8000F9F4 2B710A0 0 0 8000F9F
  4
  2C66838: 2B70A20 0 0 8000F9F4 2B703A0 0 0 8000F9F
  4
  2C66858: 2B6FD20 0 0 8000F9F4 2B6F6A0 0 0 8000F9F
  4
  2C66878: 2B6F020 0 0 8000F9F4 2B6E9A0 0 0 8000F9F
  4
  2C66898: 2B6E320 0 0 0 0 0 0 FD0110D
  F
  2C668B8: AB1234CD FFFFFFFE 0 3000000 80026214 2C670F8 0 300040
  C
  2C668D8: 1 8DB14C70 0 8300FECE 2B050C2 0 0 8300FEC
  E
  2C668F8: 2B057A2 0 0 300FECE 2B05E82 0 0 300FFC
  4
  2C66918: 2B01D8A 0 0 8300FFC4 2B01ECA 0 0 8300FEC
  9
  2C66938: 2CD38C2 0 0 300FFC4 2CCF22A 0 0 300FFC
  4
  2C66958: 2CCF4AA 0 0 8300FFC4 2CCF72A 0 0 8300FFC
  4
  2C66978: 2CCF9AA 0 0 0 0 0 0
  0
  2C66998: 0 0 0 0 0 0 0
  0
  ========== Dump bp->previous = 2C6642C =====================
  2C6632C: 0 0 0 0 0 0 0
  0
  2C6634C: 0 0 0 0 0 0 0
  0
  2C6636C: 0 0 0 0 0 0 0
  0
  2C6638C: 0 0 0 0 0 0 0
  0
  2C663AC: 0 0 0 0 0 0 0
  0
  2C663CC: 0 0 0 0 0 0 0
  0
  2C663EC: 0 0 0 0 0 0 0
  0
  Then it says (Software forced reload.) Pliz help.

  This does not look good. Boot into rommon. Use the "verify flash:c2600*.bin" command to check the integrity of the image.
  If this issue impacts your production environment contact TAC for a quick resolution.
  HTH
  --Leon

• Can a Cisco 2600 router do PPTP,L2TP, and IPSec?

  General question.

  2600 supports L2TP and PPTP with MPPE with an IP PLUS version, and IPsec with a firewall version.

• Ethernet port 0/0 on Cisco 2600 unable to access NM-ESW-16 ports

  Is it possible to config the E0/0 port on the Cisco 2600 router to access the FE ports on the on-board NM-ESW-16? There is only one Ethernet port on the router.

  Thanks for the reply. However, we are unclear how to accomplish this. I tried the no switchport mode command on a FE port on the switch. Afterwards, I tried to assign an IP adddress and mask to the port. The switch responded saying that an IP address cannot be applied to a L2 port. What I need to understand is how to re-assign a L2 port as a L3 port. Thanks for any added help.
  kjjscharff

• Cisco 2600 series router and cable modems

  Hi everyone, I am just about to get started preparing for my CCNA... I am looking to pick up some used Cisco 2600 series routers to set up a home lab. I am wondering if it is possible to connect a cable modem directly to a 2600 series router? If so, do I need a certain type of WIC? I want to go from my cable modem, to a router, to my switch. Thanks in advance!

  Hi,
  Yes you can, using the Ethernet port on the cable modem, you can connect the cable modem to the router 2600, and the 2600 comes with builtin ethernet or fastethernet (according to your platform).
  HTH,
  Mohammed Mahmoud.

• Is it possible to purchase replacement Flash Card that came with the Cisco 1811 Router?

  I am in desperate need of a replacement Flash card that came included with the Cisco 1811 Router. I purchased the router used and it was working perfectly. I worked my way through all the information provided at cisco.com and had it pretty much configured the way I wanted it. Until the flash card got destroyed. A little embarassed to go into details how it was destroyed, let's just say my Grandson gave it a bath.
  It would be great if I could just purchase a replacement somehow with the IOS and SDM on it without purchasing a Cisco Service Agreement, etc. I purchased the router just to further my "Self Education". I have pretty much conquered all the aspects of the Cisco routers, etc. more or less developed for the Home Office user and moved on to bigger and better things. Since I was able to find a Cisco 1811 in good working condition very inexpensively I decided to go for it.
  Help from anyone would sure be appreciated.

  “Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main  This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.”
  - Routers ----> Network Infrastructure Forum http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=E0EEC3D9CB4E5165ED16933737822748.SJ3A?page=Network_Infrastructure_discussion

• Connecting two Cisco 2950 switches to a 2600 router

  Hello,
  I'm trying to have two LANs connected to 2950 switch each, connect to a 2600 router and have the two LANs communicate with each other...i can't seem to get it working...any help...thanks
  LAN 1 192.168.10.1/20
  LAN 2 192.168.12.1/21
  Thanks again

  Alright, these are only basic configs here:
  Router
  hostname Router
  int fastethernet0/0
  description Network 1
  ipaddress 192.168.10.65 255.255.255.192
  int fastethernet0/1
  description Network 2
  ip address 192.168.10.129 255.255.255.192
  end
  Switch 1 (the one connecting to f0/0)
  hostname SwitchNet1
  int f0/1
  description Host 1 Net 1
  no ip address
  no shut
  int f0/2
  description Host 2 Net 1
  no ip address
  no shut
  int f0/3
  description Host 3 Net 1
  no ip address
  no shut
  int f0/4
  description Host 4 Net 1
  no ip address
  no shut
  int range f0/5 - 23
  no description
  no ip address
  shut
  int f0/24
  description UPLINK to Router
  no ip address
  no shut
  int vlan 1
  ip address 192.168.10.66 255.255.255.192
  no shut
  default-gateway 192.168.10.1
  end
  Switch 2 (the one connecting to f0/1)
  hostname SwitchNet2
  int f0/1
  description Host 1 Net 2
  no ip address
  no shut
  int f0/2
  description Host 2 Net 2
  no ip address
  no shut
  int f0/3
  description Host 3 Net 2
  no ip address
  no shut
  int f0/4
  description Host 4 Net 2
  no ip address
  no shut
  int range f0/5 - 23
  no description
  no ip address
  shut
  int f0/24
  description UPLINK to Router
  no ip address
  no shut
  int vlan 1
  ip address 192.168.10.130 255.255.255.192
  no shut
  default-gateway 192.168.10.129
  end
  This config assumes only ports f0/1 - f0/4 will be used on each switch. If that is not the case, you will need to modify the interface configs accordingly. You may want to use descriptions more suited than to your network on the switchports. Also, this config assumes the router is connected to port f0/24 on each switch as well.
  The default-gateway for the hosts and the switches is going to be the router IP address for the subnet they are attached to. The hosts/switches attached to f0/0 use 192.168.10.65 as their gateway. The hosts/switches attached to f0/1 use 192.168.10.129 as their gateway.
  You do not need to configure a port on the switch as the default-gateway. The default-gateway is an IP address the host/switch uses to direct all traffic from itself out past the router. In fact, if you don't need the switch to talk to devices on the other subnet, you don't even need to configure a default-gateway on the switches (but I would anyway).

• I am loosing configuration when I power off my Cisco 857 router

  I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
  Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
  I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
  It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
  I tried it again and it again lost settings. So I found following instruction:
  http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
  I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
  0x2102 not 0x2142 like they think that is password reset mode.
  Here is my output from Hyper Terminal:
  =============================
  Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool   import all   network 10.10.10.0 255.255.255.248   default-router 10.10.10.1   lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config  hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38  encapsulation aal5mux ppp dialer  dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for  one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar  1 01:19:27.786: %SYS-5-RELOAD: Reload requested  by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK]              Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.           cisco Systems, Inc.           170 West Tasman Drive           San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected               ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar  1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized*Mar  1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled*Mar  1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar  1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar  1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar  1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar  1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar  1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar  1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar  1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar  1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar  1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar  1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar  1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar  1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar  1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar  1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar  1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar  1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar  1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
  Please help me as I am stuck and can't go any further....

  Hi David White,
  Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
     write memory
  to save the configuration.  You can then verify that your changes have been saved to the startup config by issuing:
     show startup-config"
  The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
  Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
  Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
  Phillip
  write memory
  is
  copy running-config startup-config"
  Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
  I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
  I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
  Could you please write me step by step guide how can I make changed options stay permanently on router?
  thank you
  Dragan

• Cisco 1760 router stays in rommon modus

  I am having problems with a cisco 1760 router. When I turn the router on I am getting stuck in rommon mode. When I enter the command: "boot flash:c1700-sv8y7-mz.123-11.T3.bin" , the router will boot the ios image. But when i turn the router off and on, it will return to rommon mode. I have tried the following commands in rommon mode:
  rommon 1 > confreg 0x2102
  rommon 2 > reset
  or
  rommon 1 > confreg 0x142
  rommon 2 > reset
  without results. I get the following errors:
  System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 2003 by cisco Systems, Inc.
  Bad checksum on cookie structure, resorting to backup copy
  Correcting primary cookie from backup
  C1700 platform with 131072 Kbytes of main memory
  loadprog: bad file magic number:      0x0
  open: failed to find and/or load the bootloader: "flash:music-on-hold.au"
  loadprog: error - on file open
  boot: cannot load "c1700-sv8y7-mz.123-11.T3.bin"
  System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 2003 by cisco Systems, Inc.
  C1700 platform with 131072 Kbytes of main memory
  loadprog: bad file magic number:      0x0
  boot: cannot load "flash:"
  System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 2003 by cisco Systems, Inc.
  C1700 platform with 131072 Kbytes of main memory
  loadprog: bad file magic number:      0x0
  boot: cannot load "flash:"
  System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 2003 by cisco Systems, Inc.
  C1700 platform with 131072 Kbytes of main memory
  rommon 1 >
  rommon 1 >
  Thanks,
  Pieter

  I would recommend posting in the netpro forums about this.
  http://www.cisco.com/go/netpro
  This site is for the Cisco Small Business Pro routers.
  For your problem though, you might try looking at your boot system command in your running config to make sure that it is accurate.

• Problem with Cisco 861W router and outgoing VPN

  We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
  Here is the Access Point Configuration:
  Current configuration : 2100 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname obap
  enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
  no aaa new-model
  dot11 syslog
  dot11 ssid OLIVER
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 0 XXXXXXXXXXX
  username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm tkip
  ssid OLIVER
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecti
  ng AP with the host router
  no ip address
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.0.2 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  banner login ^CC
  % Password change notice.
  Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
  It is strongly suggested that you create a new username with privilege level
  15 using the following command for console security.
  username <myuser> privilege 15 secret 0 <mypassword>
  no username cisco
  Replace <myuser> and <mypassword> with the username and password you want to
  use. After you change your username/password you can turn off this message
  by configuring  "no banner login" and "no banner exec" in privileged mode.
  ^C
  line con 0
  privilege level 15
  login local
  no activation-character
  line vty 0 4
  login local
  cns dhcp
  end
  obap#
  Here is the Router's Configuration:
  Current configuration : 5908 bytes
  ! No configuration change since last restart
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname obrouter
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
  no aaa new-model
  memory-size iomem 10
  clock timezone PCTime -5
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-1856757619
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1856757619
  revocation-check none
  rsakeypair TP-self-signed-1856757619
  crypto pki certificate chain TP-self-signed-1856757619
  certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
    34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
    35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
    7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
    071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
    B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
    F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
    551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
    0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
    1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
    06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
    DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
    F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
    B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
    505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
          quit
  no ip source-route
  ip dhcp excluded-address 192.168.0.1 192.168.0.99
  ip dhcp pool ccp-pool1
     import all
     network 192.168.0.0 255.255.255.0
     dns-server 216.49.160.10 216.49.160.66
     default-router 192.168.0.1
  ip cef
  no ip bootp server
  ip domain name brushhog.com
  ip name-server 216.49.160.10
  ip name-server 216.49.160.66
  license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
  username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description $ES_WAN$$FW_OUTSIDE$
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  pppoe-client dial-pool-number 1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1412
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1452
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname XXXXXXXXXXXXX
  ppp chap password 7 XXXXXXXXXXXXXXXX
  ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
  no cdp enable
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.0.0 0.0.0.255
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  login local
  no modem enable
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  privilege level 15
  login local
  transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end
  Any help would be appreciated

  Hello,
  i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  Can someone help?
  Thank you.
  Here is my config for internal AP and router.

• Cisco 877W router and external ADSL modem

  Cisco 877W router and external ADSL modem
  In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
  The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
  The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
  If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname xxxxxxxxxxxxxxxxxxxxx
  boot-start-marker
  boot-end-marker
  logging buffered 4096 warnings
  enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  aaa new-model
  aaa group server radius sdm-vpn-server-group-2
  aaa group server radius rad_eap
   server 192.168.253.1 auth-port 1812 acct-port 1813
   server 192.168.253.1 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local
  aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa authorization ipmobile default group rad_pmip
  aaa authorization network sdm_vpn_group_ml_2 local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone PCTime 0
  clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-2834265337
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2834265337
   revocation-check none
   rsakeypair TP-self-signed-2834265337
  crypto pki certificate chain TP-self-signed-2834265337
   certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
  dot11 syslog
  dot11 ssid GuestAP
     vlan 101
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 113B162712001F4A2D2B25
  dot11 ssid LanAP
     vlan 100
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
     mbssid guest-mode
  no ip source-route
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.252.1 192.168.252.8
  ip dhcp excluded-address 192.168.252.15 192.168.252.254
  ip dhcp pool sdm-pool1
     import all
     network 192.168.252.0 255.255.255.0
     domain-name XXX.Local
     dns-server xxx.xxx.xxx.xxx
     default-router 192.168.252.254
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  no ip bootp server
  no ip domain lookup
  ip domain name XXX.Local
  ip name-server xxx.xxx.xxx.xxx
  ip name-server xxx.xxx.xxx.xxx
  ip reflexive-list timeout 120
  vpdn enable
  vpdn-group 1
   request-dialin
    protocol pppoe
  username administrator privilege 15 secret 5 £££££££££££££££££££££
  class-map type inspect match-any IN_to_OUT_CLASS
   match protocol tcp
   match protocol udp
   match protocol icmp
  class-map type inspect match-any OUT_to_IN_CLASS
   match protocol https
   match protocol smtp extended
  class-map type inspect match-any DMZ_to_IN_CLASS
   match protocol http
   match protocol https
   match protocol smtp extended
  policy-map type inspect DMZ_to_IN_POL
   class type inspect DMZ_to_IN_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect IN_to_OUT_POL
   class type inspect IN_to_OUT_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect OUT_to_IN_POL
   class type inspect OUT_to_IN_CLASS
    inspect
   class class-default
    drop log
  zone security INSIDE
  zone security OUTSIDE
  zone security DMZ
  zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
   service-policy type inspect OUT_to_IN_POL
  zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_IN source DMZ destination INSIDE
   service-policy type inspect DMZ_to_IN_POL
  bridge irb
  interface Loopback0
   no ip address
  interface Null0
   no ip unreachables
  interface ATM0
   no ip address
   shutdown
   no atm ilmi-keepalive
   dsl operating-mode auto
  interface FastEthernet0
   description Outside Interface (PPPoE)
  interface FastEthernet1
   description Inside Interface
   switchport access vlan 10
  interface FastEthernet2
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface FastEthernet3
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface Dot11Radio0
   no ip address
   no ip route-cache cef
   no ip route-cache
   encryption vlan 100 mode ciphers aes-ccm tkip
   encryption vlan 101 mode ciphers aes-ccm tkip
   ssid GuestAP
   ssid LanAP
   mbssid
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
   channel 2437
   station-role root
  interface Dot11Radio0.100
   description LanAP
   encapsulation dot1Q 100
   no ip route-cache
   no cdp enable
   bridge-group 10
   bridge-group 10 subscriber-loop-control
   bridge-group 10 spanning-disabled
   bridge-group 10 block-unknown-source
   no bridge-group 10 source-learning
   no bridge-group 10 unicast-flooding
  !interface Dot11Radio0.101
  ! description GuestAP
  ! encapsulation dot1Q 101
  ! no ip route-cache
  ! no cdp enable
  ! bridge-group 1
  ! bridge-group 1 subscriber-loop-control
  ! bridge-group 1 spanning-disabled
  ! bridge-group 1 block-unknown-source
  ! no bridge-group 1 source-learning
  ! no bridge-group 1 unicast-flooding
  interface Vlan1
   description $ES_LAN$
   no ip address
   ip virtual-reassembly
   pppoe enable group global
   pppoe-client dial-pool-number 1
   bridge-group 1
  interface Vlan10
   no ip address
   ip virtual-reassembly
   bridge-group 10
  interface Dialer1
   description $FW_OUTSIDE$
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly
   zone-member security OUTSIDE
   encapsulation ppp
   ip route-cache flow
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname XXXXXXX
   ppp chap password 7 xxxxxxxxxxxxxxxxxxx
   ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
   ppp ipcp dns request
   ppp ipcp wins request
   hold-queue 224 in
  interface Dialer0
   no ip address
  interface BVI10
   description Inside Interface
   ip address 192.168.253.254 255.255.255.0
   ip access-group 101 in
   ip helper-address 192.168.253.1
   ip nat inside
   ip virtual-reassembly
   zone-member security INSIDE
  interface BVI1
   description DMZ Interface
   ip address 192.168.252.254 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   zone-member security DMZ
  ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip http access-class 1
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
  ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
  ip access-list extended DMZ_to_IN_POL
   remark SDM_ACL Category=128
   permit ip any any
  ip access-list extended Inside_Clients_NAT
   remark SDM_ACL Category=2
   permit ip 192.168.253.0 0.0.0.255 any
  logging 192.168.253.10
  access-list 1 remark Auto generated by SDM Management Access feature
  access-list 1 remark SDM_ACL Category=1
  access-list 1 permit 192.168.253.0 0.0.0.255
  access-list 100 remark VTY Access-class list
  access-list 100 remark SDM_ACL Category=1
  access-list 100 permit ip 192.168.253.0 0.0.0.255 any
  access-list 100 deny   ip any any
  access-list 101 remark Auto generated by SDM Management Access feature
  access-list 101 remark SDM_ACL Category=1
  access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
  access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
  access-list 101 deny   tcp any host 192.168.253.254 eq telnet
  access-list 101 deny   tcp any host 192.168.253.254 eq 22
  access-list 101 deny   tcp any host 192.168.253.254 eq www
  access-list 101 deny   tcp any host 192.168.253.254 eq 443
  access-list 101 deny   tcp any host 192.168.253.254 eq cmd
  access-list 101 deny   udp any host 192.168.253.254 eq snmp
  access-list 101 permit ip any any
  access-list 199 permit ip any host 10.1.1.1
  dialer-list 1 protocol ip permit
  no cdp run
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
  radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
  radius-server vsa send accounting
  control-plane
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 10 protocol ieee
  bridge 10 route ip
  banner login C Border Router
  line con 0
   no modem enable
   transport output telnet
  line aux 0
   transport output telnet
  line vty 0 4
   access-class 100 in
   privilege level 15
   length 0
   transport input telnet ssh
  scheduler max-task-time 5000
  scheduler interval 500
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  sntp server xxx.xxx.xxx.xxx
  end

  Hi Jody,
  Apologies delay in replying. I have done the following:
  Made two of the FE ports vlan1,BVI1 (for LAN traffic)
  Left one port as VLAN10 as the pppoe client conected to the externalmodem
  Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
  I have DHCP configured to serve the DMZ  addresses.
  This all works for LAN clients and also works for a client attachedto that physical DMZ port.
  When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
  I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
  If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
  I cannot add another VLAN due to the 2 vlan limit in this image.
  Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
  Think I am about to give upon this.
  Regards,

• Radius-Authentication / Cisco 2600 fails MiscError -1642

  Hi,
  Im trying to configure BM 3.8 SP3ir3, Radius (NMAS 2.3) to
  authenticate a Cisco 2600 against my BM. Under BM 3.7 this
  setup is working fine, but now with 3.8 I get the following
  error:
  Access rejected, Miscellaneous error (-1642)
  Ive configured the LPO with the following sequences:
  NDS acceptable, simple acceptable
  A test with NTRADPING:
  with CHAP disabled, it works fine (LPO sequence is NDS)
  with CHAP enabled, Ive got the error above
  I tried the simple login sequence also (like a posting
  in this newsgroup), but no change.
  Hope you can help me, I need chap-authentication...
  From Radius-Debug:
  This one works (without CHAP):
  [2005-07-28 05:52:43 PM] (->)Cacher:
  NWDSReadObjectInfo(das01.radius.bmanager.informati k.kli_pa),
  succeeded, time:7
  [2005-07-28 05:52:43 PM] 31) [(ip) 172.24.4.2:2642], Received 46 Bytes
  (Access-Request (1))
  [2005-07-28 05:52:43 PM] [(total=31) (p=30) (d=0) (r=0) (acc=0)
  (rej=0)]
  [2005-07-28 05:52:43 PM] <2> Done GetNextMessage [(ip)
  172.24.4.2:2642]: time:2611012
  [2005-07-28 05:52:43 PM] -------- START : (Access-Request (1)) [(ip)
  172.24.4.2:2642]: time:640356694---
  [2005-07-28 05:52:43 PM] CACHE:
  CacheDomainListExist(das01.radius.bmanager.informa tik.kli_pa), using cache
  [2005-07-28 05:52:43 PM] AuthRequestHandler(), Calling
  NewRequestHandler.
  [2005-07-28 05:52:43 PM] CACHE:
  CacheGetEnableCNLogin(das01.radius.bmanager.inform atik.kli_pa), using
  cache
  [2005-07-28 05:52:43 PM]
  (->)CacheGetDNForName:NWDSReadObjectInfo(NAS2-1), succeeded, time:72
  [2005-07-28 05:52:43 PM] CacheFindContext - GetParentDN(userDN)
  (RADIUS.BMANAGER.INFORMATIK.KLI_PA)
  [2005-07-28 05:52:43 PM] CacheFindContext - tmpContext
  (RADIUS.BMANAGER.INFORMATIK.KLI_PA),
  contextName(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
  [2005-07-28 05:52:43 PM] Handling local authentication request.
  [2005-07-28 05:52:43 PM] CACHE:
  CacheReadSecretForNASAddress(das01.radius.bmanager .informatik.kli_pa),
  using cache
  [2005-07-28 05:52:43 PM]
  (->)NDSVerifyAttr:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Dial
  Access Group) succeeded, time:47
  [2005-07-28 05:52:43 PM]
  (->)NWDSCompare:(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA) succeeded,
  time:42
  [2005-07-28 05:52:43 PM]
  (->)NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS Enable
  Attr) succeeded, time:45
  [2005-07-28 05:52:43 PM] User Name: NAS2-1, User DN:
  NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Domain: , Service Tag:
  [2005-07-28 05:52:43 PM] (->)NADMAuthRequest()
  [2005-07-28 05:52:43 PM]
  (->)NADMAuthRequest(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA)
  succeeded, time:961
  [2005-07-28 05:52:43 PM] (->)Authenticate (0 policy, NDS pswd) (for
  NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA), succeeded
  [2005-07-28 05:52:43 PM]
  (->)NDSReadData:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Concurr ent
  Limit) failed, no such attribute (-603), time:50
  [2005-07-28 05:52:43 PM] CACHE:
  CacheGetConcurrentLimit(das01.radius.bmanager.info rmatik.kli_pa),
  using cache
  [2005-07-28 05:52:43 PM]
  User:NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Current Login:0, Login
  Limit:-1, succeeded
  [2005-07-28 05:52:43 PM] (->)Authentication SUCCEEDED
  [2005-07-28 05:52:43 PM] Tag "DIALIN" uses profile
  "DIALIN.RADIUS.BMANAGER.INFORMATIK.KLI_PA"
  [2005-07-28 05:52:43 PM] FDN:
  CN=NAS2-1.OU=RADIUS.OU=BMANAGER.OU=INFORMATIK.O=KLI_PA
  [2005-07-28 05:52:43 PM] PutAttributesInBuffer, calling FilterAttribute
  [2005-07-28 05:52:43 PM] Filter attribute, vendorID: 0, attribute: 6
  [2005-07-28 05:52:43 PM] PutAttributesInBuffer, calling FilterAttribute
  [2005-07-28 05:52:43 PM] Filter attribute, vendorID: 0, attribute: 7
  [2005-07-28 05:52:43 PM] ->Sending Access-Accept (2) [(ip)
  172.24.4.2(2642)] count=32
  [2005-07-28 05:52:43 PM] ->Inserting into RespQ , code(2) id(7).
  [2005-07-28 05:52:43 PM] -------- END : (Access-Request (1)) [(ip)
  172.24.4.2:2642]: time:640358122---
  This one dont work (chap enabled):
  [2005-07-28 05:52:55 PM] 32) [(ip) 172.24.4.2:2647], Received 47 Bytes
  (Access-Request (1))
  [2005-07-28 05:52:55 PM] [(total=32) (p=31) (d=0) (r=0) (acc=0)
  (rej=0)]
  [2005-07-28 05:52:55 PM] <4> Done GetNextMessage [(ip)
  172.24.4.2:2647]: time:2426593
  [2005-07-28 05:52:55 PM] -------- START : (Access-Request (1)) [(ip)
  172.24.4.2:2647]: time:640481075---
  [2005-07-28 05:52:55 PM] CACHE:
  CacheDomainListExist(das01.radius.bmanager.informa tik.kli_pa), using cache
  [2005-07-28 05:52:55 PM] AuthRequestHandler(), Calling
  NewRequestHandler.
  [2005-07-28 05:52:55 PM] CACHE:
  CacheGetEnableCNLogin(das01.radius.bmanager.inform atik.kli_pa), using
  cache
  [2005-07-28 05:52:55 PM]
  (->)CacheGetDNForName:NWDSReadObjectInfo(NAS2-1), succeeded, time:72
  [2005-07-28 05:52:55 PM] CacheFindContext - GetParentDN(userDN)
  (RADIUS.BMANAGER.INFORMATIK.KLI_PA)
  [2005-07-28 05:52:55 PM] CacheFindContext - tmpContext
  (RADIUS.BMANAGER.INFORMATIK.KLI_PA),
  contextName(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
  [2005-07-28 05:52:55 PM] Handling local authentication request.
  [2005-07-28 05:52:55 PM] HandleCHAPRequest(NAS2-1)
  [2005-07-28 05:52:55 PM] CACHE:
  CacheReadSecretForNASAddress(das01.radius.bmanager .informatik.kli_pa),
  using cache
  [2005-07-28 05:52:55 PM] CHAP chapCSize: 16
  [2005-07-28 05:52:55 PM] [CHAP]User Name: NAS2-1, User DN:
  NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Domain: , Service Tag:
  [2005-07-28 05:52:55 PM]
  (->)NDSVerifyAttr:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Dial
  Access Group) succeeded, time:53
  [2005-07-28 05:52:55 PM]
  (->)NWDSCompare:(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA) succeeded,
  time:42
  [2005-07-28 05:52:55 PM]
  (->)NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS Enable
  Attr) succeeded, time:44
  [2005-07-28 05:52:55 PM] (->)NADMAuthRequest()
  [2005-07-28 05:52:59 PM] ->Sending Access-Reject (3) [(ip)
  172.24.4.2(2647)] count=20
  [2005-07-28 05:52:59 PM] ->Inserting into RespQ , code(3) id(8).
  [2005-07-28 05:52:59 PM] -------- END : (Access-Request (1)) [(ip)
  172.24.4.2:2647]: time:640512029---
  I cannt see an error with chap enabled..
  Regards
  Guenther

  I'm having the same problem. radping works with chap and simple passwords
  but gives the -1642 error when I'm authenticating from my cisco vpn router.
  BTW, I had everything working for YEARS with nds passwords and earlier
  versions of bordermanager. BM 3.8 broke it.
  Thanks
  David
  > Hi Jake,
  >
  > yes, its a cisco-issue. For downloading dynamic routes with
  > radius you need the cisco-default-pw called "cisco". Strange
  > and a big security leak....
  >
  > The authentication with ppp-user and chap / simple password
  > works fine now.
  >
  > Regards
  > Guenther
  >
  > Jake Speed schrieb:
  > > Hi,
  > > yes it's woking fine !
  > > Working with a 3640, and 8 Bri/40 Async Interaces. With Chap enabeld,
  > > and simple password used.
  > > Seems to be a problem on the cisco site, so if radping works NW Radius
  > > and the objects are ok.
  > >
  > > by
  > > Jake
  > >
  > > Guenther Rasch wrote:
  > >
  > >> Hi Craig,
  > >>
  > >> I dont know why, but now CHAP works with ntradping.exe
  > >> - Cisco router still doesnt work. Ive configured
  > >> "simple password" in the lp-object...
  > >>
  > >> Does anyone have a working configuration nmas radius /
  > >> cisco nas-router?
  > >>
  > >> Regards
  > >> Guenther
  > >>
  > >> Craig Johnson schrieb:
  > >>
  > >>> In article <Yg0He.13962$[email protected]>,
  > >>> Guenther Rasch wrote:
  > >>>
  > >>>> is it possible in BM 3.8? Which password / login sequence do I need
  to
  > >>>> get CHAP working?
  > >>>>
  > >>>
  > >>> As far as I know, you cannot make CHAP work against an NDS password,
  > >>> in any version of Novell RADIUS.
  > >>> I don't really know about getting the dial access system password
  > >>> working 3.8 (NMAS) RADIUS. I would assume there would be a login
  > >>> policy object rule for it.
  > >>>
  > >>> Craig Johnson
  > >>> Novell Support Connection SysOp
  > >>> *** For a current patch list, tips, handy files and books on
  > >>> BorderManager, go to http://www.craigjconsulting.com ***
  > >>>
  > >>>

• Can I format the CF in a cisco 1800 router and then use it on the ASA 5520?

  Can I format Compact Flash in a cisco 1800 router and then use it on the ASA 5520?

  You don't have to format the card in the router. You can do that on your PC. Just format the CF-card as FAT32 and plug it into the ASA.
  BUT: If you just want to "upgrade" the old card with a different one, then first attach the original card from the ASA to your PC and copy all files (including the hidden ones) to your PC and then copy them back to the new card. That way you also move your licenses to the new card which are stored in hidden files and your private data like keys.