Cisco 5512 setup

Similar Messages

• ISE cannot push the profile to the cisco network setup assistant?

  We have tried a few android devices with version 4.2+ but still got the error message ‘Unable to download profile.(Have you logged into the guest portal?)’ as shown at the bottom picture.
  In fact, we are connecting the devices to an open SSID which performs MAC filtering, then redirect to CWA and login with AD credentials,
  then redirect to Google play store and can successfully download the network setup assistant.
  Could you please advise the possible reasons that would cause this error message and make ISE cannot push the profile to the cisco network setup assistant?

  Here's a snipit from the Android spw.log.  I see that there is an error trying to verify the hostname.  Is it possible that this is caused by a non-trusted certificate?  I'm using the self-signed cert built into ISE.  I have an entry in the public DNS for guest.domain.com that resolves to the IP of my ISE server accessible from the guest subnet.  I'm allowing all traffic from the guest VLAN to the ISE vlan on the firewall and all traffic to/from the ISE server in the provisioning ACL I have applied by ISE on the WLC during native supplicant provisioning.  I know that guests can communicate with the ISE server since regular guest portal redirection works, just not the network setup assistant.  I've renamed the domain to domain.com in this snipit.
  2014.07.20 23:44:48 INFO:verion :4.4.4 SDK Level : 19
  2014.07.20 23:44:48 INFO:State :START
  2014.07.20 23:44:48 INFO:Starting Discovery
  2014.07.20 23:44:48 INFO:Starting ISEDiscoveryAsynchTask
  2014.07.20 23:44:48 INFO:DHCP Stringipaddr 192.168.30.110 gateway 192.168.30.1 netmask 255.255.255.0 dns1 208.67.222.222 dns2 208.67.220.220 DHCP server 192.168.30.1 lease 3600 seconds
  2014.07.20 23:44:48 INFO:DHCP ipaddress192.168.30.110
  2014.07.20 23:44:48 INFO:DHCP gateway192.168.30.1
  2014.07.20 23:44:48 INFO:Discoverng ISE http return code :200
  2014.07.20 23:44:48 INFO:ISEServer =guest.domain.com
  2014.07.20 23:44:48 INFO:session =0516a8c000001932f37acc53
  2014.07.20 23:44:48 INFO:Discovered using gateway :18786496
  2014.07.20 23:44:48 INFO:Discovered ise server = guest.domain.com
  2014.07.20 23:44:48 INFO:Discovered client mac = 5C-0A-5B-FC-37-0F
  2014.07.20 23:44:48 INFO:Server:Key=guest.domain.com:0516a8c000001932f37acc53
  2014.07.20 23:44:48 INFO:Downloading config fromguest.domain.com
  2014.07.20 23:44:48 INFO:checkServerTrusted call
  2014.07.20 23:44:48 INFO:checkServerTrusted call
  2014.07.20 23:44:48 ERROR:DownloadprofileAsynchTask
  2014.07.20 23:44:48 ERROR:java.io.IOException: Hostname 'guest.domain.com' was not verified
  2014.07.20 23:44:48 ERROR:Hostname 'guest.domain.com' was not verified
  2014.07.20 23:44:48 INFO:Internal system error.
  On the ISE side, here is the snippet of logs during the same time as when the android network setup assistant was run.
  2014-07-20 23:41:38,586 INFO   [DefaultQuartzScheduler_Worker-6][] cisco.cpm.infrastructure.utils.NodeGroupFWUtil -:::::- Applied Firewall rules for node group.
  2014-07-20 23:42:35,251 INFO   [AbandonedTransactionReaper][] com.cisco.epm.db.AbandonedTransactionReaper -:::::- In AbandonedTransactionReaper :  MaxActive : 20
  0 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 2
  2014-07-20 23:42:39,394 INFO   [AbandonedTransactionReaper][] com.cisco.epm.db.AbandonedTransactionReaper -::::PDPInitialization:- In AbandonedTransactionReaper
  :  MaxActive : 200 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 0
  2014-07-20 23:42:49,765 INFO   [DataSourceListener Thread][] api.services.persistance.dao.DistributionDAO -:::::- In DAO getRepository method for HostConfig Type
  : ACTIVE
  2014-07-20 23:42:56,805 INFO   [PDP-Heartbeats-0][] com.cisco.cpm.clustering.MnTClient -::::pdpha:- Removing session 0516a8c00000196f2a95cc53
  2014-07-20 23:42:56,806 WARN   [PDP-Heartbeats-0][] cpm.nsf.session.impl.SystemStateManager -::::pdpha:- Session 0516a8c00000196f2a95cc53 not found at complete
  2014-07-20 23:43:35,441 INFO   [portal-http-844314][] cisco.epm.license.flexlm.FlexlmFileHandler -:::::- Is License Valid for seId [1] = true
  2014-07-20 23:43:35,441 INFO   [portal-http-844314][] com.cisco.epm.license.LicensingManager -:::::- License is valid [true] for SeriveType [1]
  2014-07-20 23:43:35,750 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
  ble to determine language. Defaulting to English
  2014-07-20 23:43:35,768 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
  ble to determine language. Defaulting to English
  2014-07-20 23:43:35,768 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- initializing page definit
  ion
  2014-07-20 23:43:35,769 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- Created guest theme page
  def
  2014-07-20 23:44:18,090 WARN   [portal-http-844315][] cisco.cpm.guestportal.actions.SelfProvisioningAction -:test:0516a8c000001932f37acc53::guest:- ***BYOD Regi
  stration Data***
  macAddress: 5C:0A:5B:FC:37:0F
  portalUser: test
  authStoreName: Internal Users
  authStoreGuid: 78954c30-e0f0-11e3-af67-005056bf4689
  2014-07-20 23:44:18,113 INFO   [portal-http-844315][] com.cisco.epm.jms.AQMessgeHandler -:test:0516a8c000001932f37acc53::guest:- Publishing message for event [T
  xnCommit / commit] and message class[class com.cisco.epm.pap.api.transaction.Transaction]
  2014-07-20 23:44:18,167 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- --- GuestPortalUtils
  : Unable to determine language. Defaulting to English
  2014-07-20 23:44:18,168 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- initializing page de
  finition
  2014-07-20 23:44:18,169 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.CoAExecutorService -:test:0516a8c000001932f37acc53::guest:- Issue CoA reauth i
  n 2000 milliseconds for sessionName 0516a8c000001932f37acc53
  2014-07-20 23:44:18,171 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- --- GuestPortalUtils
  : Unable to determine language. Defaulting to English
  2014-07-20 23:44:18,172 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- initializing page de
  finition
  2014-07-20 23:44:18,173 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- Created guest theme
  page def
  2014-07-20 23:44:20,171 INFO   [pool-19-thread-4][] cisco.cpm.guestportal.utils.CoAReauthTask -:test:0516a8c000001932f37acc53::guest:- Running CoAReauthTask for
   _sessionName 0516a8c000001932f37acc53
  2014-07-20 23:44:20,194 INFO   [pool-19-thread-4][] cisco.cpm.guestportal.utils.CoAReauthTask -:test:0516a8c000001932f37acc53::guest:- Issue Local CoA for sessi
  on 0516a8c000001932f37acc53
  2014-07-20 23:44:50,768 INFO   [ContainerBackgroundProcessor[StandardEngine[Catalina]]][] cpm.admin.infra.action.SessionCounterListener -:::::- sessionDestroyed
  - deducted one session from counter - Session ID - 0FFE9C73C9209D4EE2534558CB8F723B - Session Count - 0
  2014-07-20 23:46:58,502 INFO   [portal-http-844315][] cisco.epm.license.flexlm.FlexlmFileHandler -:::::- Is License Valid for seId [1] = true
  2014-07-20 23:46:58,502 INFO   [portal-http-844315][] com.cisco.epm.license.LicensingManager -:::::- License is valid [true] for SeriveType [1]
  2014-07-20 23:46:58,693 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
  ble to determine language. Defaulting to English
  2014-07-20 23:46:58,702 INFO   [portal-http-844315][] cisco.cpm.provisioning.cache.FlowStateCacheManager -::0516a8c000001932f37acc53::guest:- Deleted old flow st
  ate session with device id 5C-0A-5B-FC-37-0F

• Cisco Network Setup Assistant Unable to install the certificate on Android KitKat

  Greetings,
  I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached. 
  Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
  I have ran the application several times, it keeps returning to this same message.
  After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
  I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. 

  Greetings,
  I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached. 
  Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
  I have ran the application several times, it keeps returning to this same message.
  After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
  I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. 

• Cisco Network Setup Assistant with WIndows8

                     Hi, I'm trying to provisioning on Windows 8(Surface pro)
  When the Cisco Network setup Assistant is on, it asks 'network password' while the ssid is wpa2-enterprise.
  and I configured as it is on NSP.
  Is it a bug ??

  Hi,
  What version of ise are you on, also what is the windows native supplicant provisioning version? See if the release notes for 1.2 meet your current design.
  http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp378491
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Cisco 857 setup

  This post needs to go across a few forums but I will start here first.
  I have an 857W router which I want to replace my home ADSL router with.
  I can setup the ADSL / routing no problem but I am struggling to find a good resource on setting up the wireless.
  Can anyone guide me to some basic setup guides to securing the wireless on this box.
  Thanks

  You can find some good all round examples:-
  http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/enetintr.html

• EA3500 Cisco Connect Setup problem?

  So i recently resetted my Linksys EA3500 and i lost the CD so i download the Cisco Connect for the EA3500.I connected my EA3500 using the ethernet cable to my laptop,run the setup,and then on 25% it said that no wireless routers were found.I already connected it using an ethernet cable i dont understand why it is still not found.What should i do?

  Hi geraldicg , make sure that the wireless switch on your computer is turned on. I recommend that you try another laptop (if available). If no luck, configure the router manually by accessing 192.168.1.1 or myrouter.local. Check this out: 
  Title: Accessing your Linksys Smart Wi-Fi Account through a web browser  

• Cisco Connect setup stuck at 90% Linksys E900

  Hi,
  Today evening i had to restart my routers settings and I also formatted (don't know if it's a good word in english, i mean recovering operating system) my disk and now i can't install Cisco Connection Again on my laptop (win8). The setup process is always stuck at 90% (after few or more minutes there's message that configurating failed...),  what's wierd is that i can explore the internet and use settings of router in web browser ( http://192.168.1.1 ) when setup is stuck. After getting "FAIL message" i cant use internet anymore.
  I beg for your help! ;<
  Thanks in advance.

  Do you want to use the Cisco Connect software? If not, then you can always go for manual troubleshooting. Linksys designe cisco connect as a tool to help manage the router. If you need to use it, I suggest that you download the software from the linksys website and start all over again. Before you run the software, reset the router first for 10 seconds, reboot the router and once it's ready run cisco connect.
  Just make sure that you do not have any firewalls enabled or antivirus software that may interfere with the setup process. Again if you don't need the software jsut go with manual troubleshooting. You always have different options.

• Cisco vlan setup w a windows 2003 dhcp server help

  Can anyone give me some tips or point me to some documentation on setting up a catalyst 4500 series w vlans and a windows 2003 server w associated dhcp scopes? Just for curiosity, what is a good vlan design for a college. I was thinking a student, a staff, a faculty, and a guest and or mgmt vlan. Also, on the guest vlan how would I setup an outbound acl to only allow port 80 traffic? Thanks in advance.

  Hi
  Try to limit the number of users per vlan to no more than a class C subnet if you can. We use half a class C /25 network in our offices.
  If you can break up the vlans to match the different type of users then that would be a good start. It means you can further down the line apply different security policies to the different vlans which in your situation you may well want to do. Don't worry if for example you need to use 2 or 3 vlans for students it's not a problem.
  Attached is a link for 4500 configuration. You need to look at the following chapters primarily
  1) Configuring VLAN's VTP & VMPS.
  2) Configuring Layer 3 interfaces. Look at the section on logical layer 3 SVI's.
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/conf.html
  On the guest vlan you would need something like (assuming guest vlan subnet range is 192.168.1.0/24
  access-list 120 permit tcp 192.168.1.0 255.255.255.0 any eq www
  access-list 120 deny ip 192.168.1.0 255.255.255.0 any
  and apply it on the inbound vlan interface. ie. if your vlan for guest users is vlan 20
  switch(config)# vlan 20
  switch(config-if)# ip access-group 120 in
  As for the W2003 server, not done much with windows. You will need DHCP manager which should be under admin tools. Make sure you exclude the addresses for each subnet that you allocate to the 4500 layer 3 interfaces ie
  switch(config)# vlan 20
  switch(config-t)# ip address 192.168.1.1 255.255.255.0
  In your DHCP scope 192.168.1.1 will be the default gateway for your clients and you should exclude this from the scope.
  Hope this is enough to get you started
  Jon

• Cisco Error: Setup failed to launch installation engine

  When launching the CSA installation, I am getting an error that says "Setup failed to launch installation engine. Access denied." This agent kit has been deployed to hundreds of servers with no problems. Has anyone see this problem before or know of a solution?

  Check your access rights and the version of Installshield on the server. I've seen a conlict with newer versions (1/3/2003 or newer) of Ikernel.exe left over from other installations.

• Cisco dsl setup

  Can anyone tell me how I would set up dsl on my soho router, The config I have seen has the atm0 setup and also a dialler interface setup, Is this the way it must be done , cant you just set it up on the atm interface ?

  Carl,
  How are you connecting to your ISP, PPPoE, PPPoA or neither? There are different ways to configure you Soho 97. The dialer interface is used mostly for authentication purposes as is the case with some connection methods, again dependent upon what protocol you are using with your ISP.
  HTH ~ Joel

• Cisco 1801 setup

  Hey folks,
  I have blown the dust of my Cisco 1801 and looke the books out to put a decent router on my network now I am running my own server however I have hit a few bumps but totally stick now. Any help?
  DHCP is disabled and I can't remember the subnet.
  Connected with the console cable but finding my admin password isn't accepted
  Running the password recovery but unable to access ROMMON using special command > break
  I should get this but the ATA monitor libray just loads and I get stuck on the password screen.
  *** System received an abort due to Break Key ***
  signal= 0x3, code= 0x500, context= 0x813ac158
  PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030
  rommon 1 >
  From what I gather (still green behind the ears) the ROMMON command has been disabled.
  Any way to get into my Cisco or do I need to reload the IOS on the flash card?
  Here is my event log/putty output
  Event log
  2012-11-09 19:59:47          Opening serial device COM6
  2012-11-09 19:59:47          Configuring baud rate 9600
  2012-11-09 19:59:47          Configuring 8 data bits
  2012-11-09 19:59:47          Configuring 1 data bits
  2012-11-09 19:59:47          Configuring no parity
  2012-11-09 19:59:47          Configuring no flow control
  2012-11-09 19:59:52          Starting serial break at user request
  2012-11-09 19:59:52          Starting serial break at user request
  Putty Output
  System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  C1800 platform with 131072 Kbytes of main memory with parity disabled
  Upgrade ROMMON initialized
  boot: unsupported boot device "c180x-adventerprisek9-mz.124-6.T2.bin"
  System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  C1800 platform with 131072 Kbytes of main memory with parity disabled
  Upgrade ROMMON initialized
  program load complete, entry point: 0x80012000, size: 0xc0c0
  Initializing ATA monitor library.......
  program load complete, entry point: 0x80012000, size: 0xc0c0
  Initializing ATA monitor library.......
  program load complete, entry point: 0x80012000, size: 0x11b8f98
  Self decompressing the image : ########################################################################################################################################################################################################################################################################################################################################################### [OK]
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C180X Software (C180X-ADVENTERPRISEK9-M), Version 12.4(6)T5, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2006 by Cisco Systems, Inc.
  Compiled Fri 06-Oct-06 17:18 by kellythw
  Image text-base: 0x80012124, data-base: 0x820F0000
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 1801 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of memory.
  Processor board ID FCZ113812MC, with hardware revision 0000
  9 FastEthernet interfaces
  1 ISDN Basic Rate interface
  1 ATM interface
  63488K bytes of ATA CompactFlash (Read/Write)
  Installed image archive

  Cheers folks, removing the USB to seriel cable and going direct from the com port on my server has solved it.Now I am to load a new IOS to the flash card?
  My putty output in case it helps others
  Password reset
  monitor: command "boot" aborted due to user interrupt
  rommon 1 > confreg 0x42
  You must reset or power cycle for new config to take effect
  rommon 2 > reset
  After password reset
  System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  C1800 platform with 131072 Kbytes of main memory with parity disabled
  Upgrade ROMMON initialized
  boot: unsupported boot device "c180x-adventerprisek9-mz.124-6.T2.bin"
  System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  C1800 platform with 131072 Kbytes of main memory with parity disabled
  Upgrade ROMMON initialized
  boot: cannot open "flash:"
  boot: cannot determine first file name on device "flash:"
  System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  C1800 platform with 131072 Kbytes of main memory with parity disabled
  Upgrade ROMMON initialized
  boot: cannot open "flash:"
  boot: cannot determine first file name on device "flash:"
  System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  C1800 platform with 131072 Kbytes of main memory with parity disabled
  Upgrade ROMMON initialized
  rommon 1 >

• Cisco 5512-x v9.1 help

  Hi Guys,
  I need some help/advise on the configuration below. As I want to configuration port forwarding to separate devices internally to serve external parties. I have only one WAN IP which already assigned to the firewall outside interface...
  External User ---->ASA------>Server, NAS
  Pls help i having difficulties to make it working..

  Hi Eddy,
  Thanks for reply. I tried the above command but it's not working...do i have to add any acl?  
  interface GigabitEthernet0/0
   nameif outside
   security-level 0
   pppoe client vpdn group gcmjp
   ip address pppoe setroute (1.1.1.1)
  interface GigabitEthernet0/1
   nameif inside
   security-level 100
   ip address 192.168.2.1 255.255.255.0 
  interface GigabitEthernet0/2
   nameif WiFi
   security-level 50
   ip address 192.168.3.1 255.255.255.0 
  interface GigabitEthernet0/3
   nameif Phoneline
   security-level 90
   ip address 192.168.4.1 255.255.255.0 
  interface GigabitEthernet0/4
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/5
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   management-only
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0 
  boot system disk0:/asa912-smp-k8.bin
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network JP_LAN
   subnet 192.168.2.0 255.255.255.0
  object network SG_LAN
   subnet 192.168.1.0 255.255.255.0
  object network Synology1
   host 192.168.2.155
  object network Synology2
   host 192.168.2.243
  object network BackupServer
   host 192.168.2.11
  object network JP
   subnet 192.168.2.0 255.255.255.0
  object network WiFi
   subnet 192.168.3.0 255.255.255.0
  object network NAS5006
   host 192.168.2.155
  object network Server3389
   host 192.168.2.11
  object service RDP3389
   service tcp source eq 3389 destination eq 3389 
  object service NAS5003
   service tcp source eq 5003 destination eq 5003 
  object-group service RDP tcp
   port-object eq 3389 
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu WiFi 1500
  mtu Phoneline 1500
  mtu management 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-713.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static JP_LAN JP_LAN destination static SG_LAN SG_LAN no-proxy-arp route-lookup
  nat (inside,outside) source dynamic JP_LAN interface
  nat (WiFi,outside) source dynamic WiFi interface
  object network Synology1
   nat (inside,outside) static interface service tcp 5003 5003 
  route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication http console LOCAL 
  aaa authentication ssh console LOCAL 
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 0.0.0.0 0.0.0.0 outside

• Cisco 1130AG setup

  I am trying to install an 1100 series AP, it gets a IP addres from DHCP. when I try to get to that IP address from the web to configure the AP, it will not connect. What am I doing wrong?

  nevermind i have the wrong AP,
  thanks!
  -James

• Cisco lan setup

  Hi all, When setting up a proper 3 layer model, i.e core,distribution,access what do they normally do, would you put the vlans on the distribution and have them routed there, or routed at the core ?

  The Core Layer :
  The core layer provides an optimized and reliable transport structure by forwarding traffic at very high speeds. In other words, the core layer switches packets as fast as possible. Devices at the core layer should not be burdened with any processes that stand in the way of switching packets at top speed. This includes the following:
  Access-list checking
  Data encryption
  Address translation
  The Distribution Layer :
  The distribution layer is located between the access and core layers and helps differentiate the core from the rest of the network. The purpose of this layer is to provide boundary definition using access lists and other filters to limit what gets into the core. Therefore, this layer defines policy for the network. A policy is an approach to handling certain kinds of traffic, including the following:
  Routing updates
  Route summaries
  VLAN traffic
  Address aggregation
  Use these policies to secure networks and to preserve resources by preventing unnecessary traffic.
  If a network has two or more routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), information between the different routing domains is shared, or redistributed, at the distribution layer.
  The Access Layer :
  The access layer supplies traffic to the network and performs network entry control. End users access network resources by way of the access layer. Acting as the front door to a network, the access layer employs access lists designed to prevent unauthorized users from gaining entry. The access layer can also give remote sites access to the network by way of a wide-area technology, such as Frame Relay, ISDN, or leased lines.
  HTH,
  Thanks
  Raj

• Cisco ASA 5512, IP NVR port forwarding

  Hi,
  i have Cisco 5512 ASA with version 8.6(1)2. i have one IP NVR for ip cameras.
  please help me how to configure port forwarding in cisco asa in CLI?
  I have static IP on ASA 94.56.178. 222 and NVR IP 10.192.192.100
  thank you so much.

  ASA#
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   94.56.178.222   255.255.255.255 identity
  Phase: 2
  Type: ACCESS-LIST
  Subtype:
  Result: DROP
  Config:
  Implicit Rule
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0x7fffa2969000, priority=0, domain=permit, deny=true
          hits=11524, user_data=0x9, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
          src ip/id=0.0.0.0, mask=0.0.0.0, port=0
          dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
          input_ifc=OUTSIDE, output_ifc=any
  Result:
  input-interface: OUTSIDE
  input-status: up
  input-line-status: up
  output-interface: NP Identity Ifc
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule
  please advise