Cisco 7925G&7921 SRST issue
We are having the said issue with all the branches after we have migrated the cucm 6.1 to 8.6, wireless phones register to VGW with SRST mode about 2 times a day, we have to manual kill it on the WLC in order to force them to register on the cucm8.6, it is really a pain, has someone ever encourred such issue before? everything was alright before the migration, now only wireless phones having this issue
Action taken
rebooted wlc and AP but changes
please advice
thanks very much
Hi Brian,
it turns out that even with the phone set to use the IP address of the CUCM for directory service the phone still needs a DNS entry - very strange - once I added that the search function started working.
Thanks,
Richard
Similar Messages
-
Problem with Cisco 7925g freezing
Hi Guys,
I need some help with the following problem involving our Cisco 7925g VOIP Phones.
The symptoms of our problem
The 7925g phone functions perfectly with good voice quality, no one direction calls and no really roaming problems whilst it is active and operating in normal mode
After an undefined period of time (anything from 20 minutes to 5 hours) the phone’s screen goes black and freezes.
The phones power button does not function at this stage and requires the battery to be removed and before the phone will restart. No matter how long you wait, have even left the phone alone for a few days, the phone will not restart without removing the battery.
We are experience identical symptoms on all our 7925g phones and at all our Branches, while the branch have same Access Controllers and Access Points they do have differently configuration Wireless Service Security and Authentication Settings.
We have even tested a 7925g phone on a completely open SSID with no encrpytion and the phone still experiences the same problems.
We presume from the symptoms and the diagstonics log obtained from one of the phones, that the problems seems to caused by the memory being full. Any ideas if we are on the right track?
Log
Dec 3 17:33:49 ksabphone189 SEP-kernel: MEM_WARNING.slab: skbuff_head_cache: ref 141, steady 9, ulim 1, llim 0
Dec 3 17:37:50 ksabphone189 SEP-kernel: MEM_WARNING.slab: size-256: ref 295, steady 17, ulim 2, llim 0
Dec 3 17:45:52 ksabphone189 SEP-kernel: MEM_WARNING.slab: skbuff_head_cache: ref 275, steady 9, ulim 2, llim 0
Dec 3 17:45:52 ksabphone189 SEP-kernel: MEM_WARNING.slab: size-256: ref 437, steady 17, ulim 3, llim 0
Dec 3 17:53:58 ksabphone189 SEP-kernel: MEM_WARNING.slab: size-256: ref 585, steady 17, ulim 4, llim 0
Dec 3 17:58:02 ksabphone189 SEP-kernel: MEM_WARNING.slab: skbuff_head_cache: ref 410, steady 9, ulim 3, llim 0
Dec 3 18:02:32 ksabphone189 SEP-GUI: #Reset from watchdog
We also use the Cisco 7921g on this wireless infrastruture and this model seems to be working perfectly.
We have also updated the firmware of the 7925g to the latest version 1.4.3
Access Controller:
Model: H3C WX5002
Software Version: 2308P11 (Latest Release)
Access Points: WA2612-AGN and WA2220-AG
We have logged a support case with the H3C Support Technicians as well, but since all other devices include the Cisco 7921g phone work perfectly, they are battling to find a solution for us.
Any help in this regard will be greatly appreciated, as currently I have run out of ideas.
Many Thanks,
BrettI have thousands of 7925g on that code and we aren't having any issues.
Sent from Cisco Technical Support iPhone App -
CISCO C2901-CME-SRST/K9 CONFUSED- LICENCE
HAI WE ARE ORDERING FOR CME ON ISR G2 PART NO
CISCO C2901-CME-SRST/K9 COMING WITH BUNDLE 25 CME-SRST LICENSE.
IS IT MEANS WE CAN RUN ANY 25 PHONES /USERS WITH OUT ADDING ANY PHONE LICENCE LIKE SW-CCME-UL-8942= OR SW-CCME-UL-6921 .
WE DONT WANT SRST FEATURE ONLY CME.Hi.
Yes .
25 CME-SRST means that you are authorised to add up to 25 IP phones on CUCME or SRST without any additional license.
HTH
Regards
Carlo -
Cisco 7925G Wireless Part code for US?
Hi,
What part code should be used for US, Is it CP-7925G-A-K9= or CP-7925G-W-K9=?
Are there any regulatories or compatibility issues around this?
Thanks,
NirmalHi Nirmal,
CP-7925G-W-K9 is what I have used with my partner when ordering 7925's. The W is for "rest of world" and the A is for "FCC" which from my understanding complies with the American Federal Communications Comission.
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/ps9900/data_sheet_c78-504890.html
Hope this helps.
Thanks,
Tony
Please rate helpful posts! -
Cisco ASA 5505 performance issues on downloads - data into the ASA from the Internet
I have having serious issues with performance on my ASA 5505s that I am testing with 9.2.3 code.
I stripped the config and removed as much stuff as I could - no VPN etc. and I am ONLY getting about 30-40Mbps downloads from sites but 95Mbps uploads???? Anyone else seeing these problems? If I remove the firewall my PC can hit 300/300Mbps to the same sites using the same switch and cable.
I installed 1Gb of mem on the ASA 5505 but it made no difference. The ASA has a UL IP Security license but I am only using and inside and outside address for these tests, no other ports configured.
Is anyone else seeing this performance problem with the 9.2.3 code? I went to this from 8.2.5 to try to resolve QOS failure bugs that I found in the 8.2.5 code. I did not expect to have a performance hit though and it is only on downloads TO the ASA from the Internet from all speed test sites that I try. Uploading speeds seem fine. No access-lists on my interfaces either...barebones config.
My FIOS and switch interfaces are fine...no errors on any interfaces and the same switch interface hits 300/300Mbps when my laptop is directly attached.
Anyone have a barebones config on their ASA 5505 that flies...I will try it on mine and see if some command somewhere (hidden) is causing the issue. I even cleared the config and started with a clean slate just in case I was missing some command from the older configs that may have impacted performance.After changing the switch with a high end switch my performance increased but I am still not happy with the throughput out of my ASA. I have about 50+ ASAs 5505s and a dozen 5510s. Most remote sites have 5505s. All my sites right now have 8.2.5-51 and I wanted to put 9.2.3 out there to solve issues I have uncovered on the 8.2.5 code with regards to QOS issues.
I get much better results using the Cisco 3750X attached to the FIOS (right around 300/300 with my laptop directly attached to the 3750x bypassing the ASA - my FIOS circuit rating is also 300/300). Going through the ASA to the same test site I get download speeds of 35 to 75. Changes randomly which really bothers me. My uploads speeds are ALWAYS faster then my download speeds. Example - best download I would ever get is 75Mb and my upload would usually hit 95Mb during the same test period.
I may have to live with it but the inconsistency is what really bothers me.
Here is the config I am currently using. Nothing going on during testing since only a single PC is attached. VPN tunnel to the main site can be up or down...doesn't seem to make any difference. PC does to site directly from outside interface of ASA...split tunneling. Even when I removed tunnels and tested with just the ASA as a firewall to the Internet I was still seeing the same inconsistencies.
Anything obviously missing - new command or anything? Xlates causing issues? -
Cisco ASA 5505 Failover issue..
Hi,
I am having two firewalls (cisco ASA 5505) which is configured as active/standby Mode.It was running smoothly for more than an year,but last week the secondary firewall got failed and It made my whole network down.then I just removed the connectivity of the secondary firewall and run only the primary one.when I login by console i found out that the failover has been disabled .So again I connected to the Network and enabled the firewall.After a couple of days same issue happen.This time I take down the Secondary firewall erased the Flash.Reloaded the IOS image.Configured the failover and connected to the primary for the replication of configs.It found out the Active Mate.Replicated the configs and got synced...But after sync the same thing happened,The whole network gone down .I juz done the same thing removed the secondary firewall.Network came up.I feel there is some thing with failover thing ,but couldnt fin out :( .And the firewalls are in Router Mode.Please find the logs...
Secondary Firewall While Sync..
cisco-asa(config)# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 06:01:10 GMT Apr 29 2015
This host: Secondary - Sync Config
Active time: 55 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.246): No Link (Waiting)
Interface inside (10.11.0.20): No Link (Waiting)
Interface mgmt (10.11.200.21): No Link (Waiting)
slot 1: empty
Other host: Primary - Active
Active time: 177303 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.247): Unknown (Waiting)
Interface inside (10.11.0.21): Unknown (Waiting)
Interface mgmt (10.11.200.22): Unknown (Waiting)
slot 1: empty
=======================================================================================
Secondary Firewall Just after Sync ,Active (primary Firewall got rebootted)
cisco-asa# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate Unknown
Last Failover at: 06:06:12 GMT Apr 29 2015
This host: Secondary - Active
Active time: 44 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.246): Normal (Waiting)
Interface inside (10.11.0.20): No Link (Waiting)
Interface mgmt (10.11.200.21): No Link (Waiting)
slot 1: empty
Other host: Primary - Not Detected
Active time: 0 (sec)
slot 0: empty
Interface outside (27.251.167.247): Unknown (Waiting)
Interface inside (10.11.0.21): Unknown (Waiting)
Interface mgmt (10.11.200.22): Unknown (Waiting)
slot 1: empty
==========================================================================================
After Active firewall got rebootted failover off,whole network gone down.
cisco-asa# sh failover
Failover Off
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
===========================================================================================
Primary Firewall after rebootting
cisco-asa# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: e0/7 Vlan3 (Failed - No Switchover)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate Unknown
Last Failover at: 06:17:29 GMT Apr 29 2015
This host: Primary - Active
Active time: 24707 (sec)
slot 0: ASA5505 hw/sw rev (1.0/8.2(5)) status (Up Sys)
Interface outside (27.251.167.246): Normal (Waiting)
Interface inside (10.11.0.20): Normal (Waiting)
Interface mgmt (10.11.200.21): Normal (Waiting)
slot 1: empty
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: empty
Interface outside (27.251.167.247): Unknown (Waiting)
Interface inside (10.11.0.21): Unknown (Waiting)
Interface mgmt (10.11.200.22): Unknown (Waiting)
slot 1: empty
cisco-asa# sh failover history
==========================================================================
From State To State Reason
==========================================================================
06:16:43 GMT Apr 29 2015
Not Detected Negotiation No Error
06:17:29 GMT Apr 29 2015
Negotiation Just Active No Active unit found
06:17:29 GMT Apr 29 2015
Just Active Active Drain No Active unit found
06:17:29 GMT Apr 29 2015
Active Drain Active Applying Config No Active unit found
06:17:29 GMT Apr 29 2015
Active Applying Config Active Config Applied No Active unit found
06:17:29 GMT Apr 29 2015
Active Config Applied Active No Active unit found
==========================================================================
cisco-asa#
cisco-asa# sh failover state
State Last Failure Reason Date/Time
This host - Primary
Active None
Other host - Secondary
Failed Comm Failure 06:17:43 GMT Apr 29 2015
====Configuration State===
====Communication State===
==================================================================================
Secondary Firewall
cisc-asa# sh failover h
==========================================================================
From State To State Reason
==========================================================================
06:16:32 GMT Apr 29 2015
Not Detected Negotiation No Error
06:17:05 GMT Apr 29 2015
Negotiation Disabled Set by the config command
==========================================================================
cisco-asa# sh failover
Failover Off
Failover unit Secondary
Failover LAN Interface: e0/7 Vlan3 (down)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
ecs-pune-fw-01# sh failover h
==========================================================================
From State To State Reason
==========================================================================
06:16:32 GMT Apr 29 2015
Not Detected Negotiation No Error
06:17:05 GMT Apr 29 2015
Negotiation Disabled Set by the config command
==========================================================================
cisco-asa# sh failover state
State Last Failure Reason Date/Time
This host - Secondary
Disabled None
Other host - Primary
Not Detected None
====Configuration State===
====Communication State===
Thanks... -
Hi All Cisco NAC Experts, I am currently experiencing a Cisco NAC NAC3315-SVR hang issue.
The issue was already happened for few time on the same server and the symptom when NAC server hung includes no response to ICMP ping, no response to SSH request, no response for access request to CAS management page via https, HA pair was detected down from its HA neighbor and triggered failover to secondary CAS.
The CAS server was recovered after manually power cycle the hardware.
After went through the attachment CAS logs, I found all the services and logging service were stopped when the issue happening but unfortunately there is no any suspicious activity was logged down before or during the issue happening.
I have also tried to search on Cisco Bug Toolkit but no similar case was found, I believe it was not caused by software bug due to the software version 4.8.1 is running in my company for years and only one CAS server having the issue.
That will be great if any one can help me out for the same.
Thanks,
EricHi Bro
This could be a problem with the certificate in that Cisco NAC appliance itself. My suggestion is to redo the certificate generation between the CAS CAM and CA Server. If this still doesn’t work, it could also be due to overload/broadcast storm on the LAN portion. This can be verified via Wireshark.
If all else fail, then a hardware swap would seem like the next best thing. -
Cisco ACE20 Load balancing issues
Dear All,
I have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20.
When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to https://intranet/abc/wps/portal/subscription , whenever we click on this link, the request is directed to https://intranet/abc/wps/portal i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open https://intranet/ef/quickplace it forwards the requests to https://intranet/ef/quickplace/Main.nsf?opendocument....., but this redirection fails and again the request is thrown to homepage i.e https://intranet/abc/wps/portal
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
below is the ACE details. Kindly provide the your inputs to resolve this issue. will rate all the suggestions
Hardware Product Number: ACE20-MOD-K9
Card Index: 207
Hardware Rev: 2.3
Feature Bits: 0000 0002
Slot No. : 7
Type: ACE
Software
loader: Version 12.2[120]
system: Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/a
uto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin
installed license: ACE-SEC-LIC-K9Dear all,
Please suggest on this issue.
BS -
Cisco 881 Zone Firewall issues
I'm having issues with an 881 that I have configured as a zone based firewall.
I have allowed HTTP(s) and DNS on the DMZ but my user is saying he cannot access the internet.
On the corporate side the user complains that some websites fail, such as Linked in.
I have been using CCP to configure the device. What am I doing wrong?
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.03.15 11:49:00 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 22210 bytes
! Last configuration change at 15:30:21 UTC Tue Mar 12 2013 by SpecIS
! NVRAM config last updated at 14:12:39 UTC Thu Mar 7 2013 by specis
! NVRAM config last updated at 14:12:39 UTC Thu Mar 7 2013 by specis
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname -Rt
boot-start-marker
boot-end-marker
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5
enable password 7
aaa new-model
aaa authentication login local_auth local
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3066996233
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3066996233
revocation-check none
rsakeypair TP-self-signed-3066996233
crypto pki certificate chain TP-self-signed-3066996233
certificate self-signed 01
quit
no ip source-route
no ip gratuitous-arps
ip dhcp excluded-address 10.0.2.2
ip dhcp excluded-address 10.0.2.1
ip dhcp pool Trusted
import all
network 10.0.2.0 255.255.255.0
default-router 10.0.2.1
domain-name spectra.local
dns-server 10.0.2.2 10.0.1.6
option 150 ip 10.1.1.10 10.1.1.20
ip dhcp pool Guest
import all
network 192.168.112.0 255.255.255.0
default-router 192.168.112.1
dns-server 4.2.2.2 4.2.2.3
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server 10.0.2.2
ip name-server 4.2.2.2
login block-for 5 attempts 3 within 2
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
parameter-map type inspect global
log dropped-packets enable
log summary flows 256 time-interval 30
parameter-map type regex ccp-regex-nonascii
pattern [^\x00-\x80]
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
license udi pid CISCO881-SEC-K9 sn FCZ1703C01Y
archive
log config
logging enable
username S privilege 15 secret 4
username ed privilege 15 password 7
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect http match-any ccp-app-nonascii
match req-resp header regex ccp-regex-nonascii
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any TFTP
match protocol tftp
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 105
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-all ccp-cls-ccp-permit-outside-in-1
match access-group name Any-From-HO
class-map type inspect match-any Skinny
match protocol skinny
class-map type inspect match-all ccp-cls-ccp-permit-outside-in-2
match class-map Skinny
match access-group name Hostcom-Skinny
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect match-any Pings
match protocol icmp
class-map type inspect match-any Ping-
match class-map Pings
class-map type inspect match-all ccp-cls-ccp-inspect-2
match class-map Ping-
match access-group name Ping-
class-map type inspect match-any DNS
match protocol dns
class-map type inspect match-all ccp-cls-ccp-inspect-3
match class-map DNS
match access-group name Any-any
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-all ccp-cls-ccp-inspect-1
match access-group name Any/Any
class-map type inspect match-any https
match protocol https
class-map type inspect match-all ccp-cls-ccp-inspect-4
match class-map https
match access-group name any-any
class-map type inspect match-any UDP
match protocol udp
match protocol tcp
class-map type inspect match-all ccp-cls-ccp-inspect-5
match class-map UDP
match access-group name InsideOut
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect pop3 match-any ccp-app-pop3
match invalid-command
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect match-all ccp-cls-ccp-permit-2
match class-map Pings
match access-group name RespondtoSomePings
class-map type inspect match-any RemoteMgt
match protocol ssh
match protocol https
class-map type inspect match-all ccp-cls-ccp-permit-1
match class-map RemoteMgt
match access-group name Spectra-RemoteMgt
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 103
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method post
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-any ccp-dmz-protocols
match protocol http
match protocol dns
match protocol https
class-map type inspect match-any WebBrowsing
match protocol http
match protocol https
class-map type inspect match-any DNS2
match protocol dns
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
match request port-misuse tunneling
match req-resp protocol-violation
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-1
match class-map WebBrowsing
match access-group name DMZ-Out
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-2
match class-map DNS2
match access-group name DMZtoAny
class-map type inspect match-all ccp-protocol-smtp
match protocol smtp
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
reset
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
reset
policy-map type inspect ccp-inspect
class type inspect ccp-cls-ccp-inspect-2
inspect
class type inspect ccp-cls-ccp-inspect-1
inspect
class type inspect ccp-cls-ccp-inspect-5
pass log
class type inspect TFTP
inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-cls-ccp-inspect-4
inspect
class type inspect ccp-protocol-http
inspect
class type inspect ccp-protocol-smtp
inspect
class type inspect ccp-cls-ccp-inspect-3
inspect
class type inspect ccp-protocol-imap
inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
drop log
class type inspect ccp-protocol-im
drop log
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop log
policy-map type inspect ccp-permit-outside-in
class type inspect ccp-cls-ccp-permit-outside-in-2
inspect
class type inspect ccp-cls-ccp-permit-outside-in-1
pass
class class-default
drop log
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
reset
class type inspect http ccp-app-httpmethods
log
reset
class type inspect http ccp-app-nonascii
log
reset
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT
pass
class type inspect ccp-cls-ccp-permit-2
inspect
class type inspect ccp-cls-ccp-permit-1
pass
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop log
policy-map type inspect ccp-permit-dmzservice
class type inspect ccp-cls-ccp-permit-dmzservice-1
inspect
class type inspect ccp-cls-ccp-permit-dmzservice-2
inspect
class class-default
drop
zone security in-zone
zone security out-zone
zone security dmz-zone
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-out-in source out-zone destination in-zone
service-policy type inspect ccp-permit-outside-in
zone-pair security Spec-zp-dmz-out source dmz-zone destination out-zone
service-policy type inspect ccp-permit-dmzservice
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 5
lifetime 28800
crypto isakmp key Y address x.x.x.x
crypto isakmp key o1 address x.x.x.x
crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to x.x.x.x
set peer x.x.x.x
set transform-set ESP-AES256-SHA
match address 100
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to x.x.x.x
set peer x.x.x.x
set security-association lifetime kilobytes 128000
set security-association lifetime seconds 28800
set transform-set ESP-AES256-SHA
match address 102
interface FastEthernet0
description B
switchport access vlan 2
no ip address
spanning-tree portfast
interface FastEthernet1
description Docker
switchport access vlan 2
no ip address
spanning-tree portfast
interface FastEthernet2
description Phone
switchport access vlan 2
no ip address
spanning-tree portfast
interface FastEthernet3
description Guest
switchport access vlan 3
no ip address
spanning-tree portfast
interface FastEthernet4
description External $FW_OUTSIDE$
bandwidth inherit
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip verify unicast source reachable-via rx allow-default 104
duplex auto
speed auto
pppoe-client dial-pool-number 1
hold-queue 224 in
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip tcp adjust-mss 1452
shutdown
interface Vlan2
description Trusted Network$FW_INSIDE$
ip address 10.0.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1440
interface Vlan3
description Guest Network$FW_DMZ$
ip address 192.168.112.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security dmz-zone
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
ip directed-broadcast
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip verify unicast reverse-path
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication chap pap callout
ppp chap hostname
ppp chap password 7
ppp pap sent-username password 7
no cdp enable
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
ip directed-broadcast
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip verify unicast reverse-path
zone-member security out-zone
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 7
ppp pap sent-username password 7
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map SDM_CMAP_1
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip access-list standard SSH-Management
permit x.x.x.x log
permit 10.0.2.0 0.0.0.255 log
permit 10.0.1.0 0.0.0.255 log
ip access-list extended Any-From-HO
remark CCP_ACL Category=128
permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 10.0.2.0 0.0.0.255
ip access-list extended Any-any
remark CCP_ACL Category=128
permit ip any any
ip access-list extended Any/Any
remark CCP_ACL Category=128
permit ip host 10.0.2.0 host 10.0.1.0
ip access-list extended DMZ-Out
remark CCP_ACL Category=128
permit ip 192.168.112.0 0.0.0.255 any
ip access-list extended DMZtoAny
remark CCP_ACL Category=128
permit ip 192.168.112.0 0.0.0.255 any
ip access-list extended Hostcom-Skinny
remark CCP_ACL Category=128
permit ip 10.1.1.0 0.0.0.255 10.0.2.0 0.0.0.255
ip access-list extended InsideOut
remark CCP_ACL Category=128
permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
ip access-list extended Ping-Hostcom
remark CCP_ACL Category=128
permit ip host 10.0.2.2 any
ip access-list extended RespondtoSomePings
remark CCP_ACL Category=128
permit ip 10.0.1.0 0.0.0.255 any
permit ip host x.x.x.x any
permit ip host 37.0.96.2 any
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_HTTPS
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark CCP_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark CCP_ACL Category=1
permit tcp any any eq 22
ip access-list extended RemoteMgt
remark CCP_ACL Category=128
permit ip host x.x.x.x any
permit ip 10.0.1.0 0.0.0.255 any
ip access-list extended any-any
remark CCP_ACL Category=128
permit ip any any
logging trap debugging
logging facility local2
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.2.0 0.0.0.255
access-list 1 permit 192.168.112.0 0.0.0.255
access-list 23 remark HTTPS Access
access-list 23 permit 10.0.2.1
access-list 23 permit x.x.x.x
access-list 23 permit 10.0.2.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.0.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.0.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 192.168.112.0 0.0.0.255 any
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 103 remark CCP_ACL Category=128
access-list 103 permit ip host 255.255.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 104 permit udp any any eq bootpc
access-list 105 remark CCP_ACL Category=128
access-list 105 permit ip host x.x.x.x any
access-list 105 permit ip host x.x.x.x any
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP permit 1
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^C
Authorised Access Only
If your not supposed to be here. Close the connection
^C
banner motd ^C
Access Is Restricted To Personel ONLY^C
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
access-class SSH-Management in
privilege level 15
logging synchronous
login authentication local_auth
transport input telnet ssh
scheduler interval 500
endHello Martin,
Please apply the following changes and let us know:
ip access-list extend DMZtoAny
1 permit udp 192.168.12.0 0.0.0.255 any eq 53
no permit ip 192.168.112.0 0.0.0.255 any
Ip access-list extended DMZ-Out
1 permit tcp 192.168.12.0 0.0.0.255 any eq 80
2 permit tcp 192.168.12.0 0.0.0.255 any eq 443
no permit ip 192.168.112.0 0.0.0.255 any
Change that, try and if it does not work post the configuration with the changes applied,
Regards,
Remember to rate all of the helfpul posts, that is as important as a thanks
Julio -
Hello Cisco,
hopefully someone with more expertise with the Cisco 891-W router can help me figure out my configuration issues? Right now I have the wired part of the 891-W working fine with my cable modem on VLAN1. But it's another story with my VLAN4 (wireless side). I've been working on this all week and am hoping some fresh eyes can catch what's wrong with my config. Currently, my laptop will see the SSID of the Wi-Fi (891W-WiFi) but when I try to connect I get an 169.254.180.251 IP? Not sure if it's the DHCP or some kind of bridging with the AP module with the correct VLAN settings with my configuration? I'll post my config below for both the router and AP. Thank you to anyone that can give me some insight!
I've attached the configs just in case this post was too messy to read with all the configurations.
891W_Router#sh run
Building configuration...
Current configuration : 4826 bytes
! Last configuration change at 21:49:24 UTC Fri Apr 24 2015
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
hostname 891W_Router
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
no logging on
enable secret 5 $1$3JJJ$6wL98gGvGJQ0ot1xChXJt1
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1853469223
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1853469223
revocation-check none
ip source-route
ip dhcp excluded-address 192.168.99.1
ip dhcp excluded-address 192.168.100.1
ip dhcp pool Vlan4
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8
ip dhcp pool Vlan1
network 192.168.99.0 255.255.255.0
default-router 192.168.99.1
dns-server 192.168.0.1
ip cef
no ip domain lookup
ip name-server 209.18.47.61
ip name-server 209.18.47.62
ip inspect log drop-pkt
no ipv6 cef
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
license udi pid CISCO891W-AGN-A-K9 sn FTX15130301
username dvd privilege 15 secret 5 $1$qHnY$pMyIf18Av.AS2ne0cxXle/
username cisco password 7 01100F175804
bridge irb
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
no ip address
duplex auto
speed auto
interface GigabitEthernet0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 10.10.10.10 255.255.255.255
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 4
switchport mode trunk
interface Vlan1
description Internal LAN
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan4
description Wi-Fi Users
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
encapsulation slip
interface GMPLS8
no ip address
no fair-queue
no keepalive
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0 overload
ip nat inside source list 2 interface Wlan-GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
logging esm config
access-list 1 permit 192.168.99.0 0.0.0.255
access-list 2 permit 192.168.100.0 0.0.0.255
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
exec-timeout 0 0
password 7 020D0A5409040A2243401A160912
logging synchronous
login
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
password 7 130E191D090E013C3F3D
login
transport input all
end
AP Configuration:
891W_Router#
891W_Router#service-module wlan-ap 0 session
Trying 10.10.10.10, 2002 ... Open
Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt
ap#sh run
Building configuration...
Current configuration : 1976 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname ap
enable secret 5 $1$bW7h$C2mBp2TNgGbgkgj2fQHDa.
no aaa new-model
dot11 syslog
dot11 ssid 891W-WIFi
dot11 ssid 891W-WiFi
vlan 4
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 cisco891
username cisco privilege 15 secret 5 $1$yIzh$7/j0K1xcYbT99mP4hX3ZU/
username dvd password 0 kmob
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 4 mode ciphers aes-ccm tkip
ssid 891W-WiFi
antenna gain 0
station-role root
interface Dot11Radio0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface
connecting AP with the host router
no ip address
no ip route-cache
interface GigabitEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp
no ip route-cache
ip default-gateway 192.168.100.1
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
endHi,
Leo is right and it should come as part of the kit when you order "800-IL-PM-4"
Full Kit should include:
Internal PoE module
48v PoE power cube
Power cord for the power cube
(2) standoffs with two notches
(1) standoff with one notch
(3) screws
http://www.cisco.com/c/en/us/td/docs/routers/access/800/860-880-890/hardware/installation/memory/880FRU.html#wp45561
If for some reason you did not get it or it fails and you need a new one you can use part number "ADP-80LB". I dont think Cisco will sell you this as a standalone item so you may have to look on Ebay, PChub or google to find a place that sells it.
Good luck! -
Cisco Catalyst Supervisor communication issue?
Hey all,
I had a slight issue regarding two supervisor engines on a Cisco Catalyst 4500 device where the keepalives between the two sups lost communication for roughly 50~ seconds. This triggered an SNMP alert but it looks like they regained connectivity before a switchover was initiated. Has anyone ever experienced anything like this before?You obviously need to configure the ports etc. but the switch should recognise the module as long as you have an IOS that supports it.
There is nothing extra to do, you just slot the module in.
If you are connecting all your distribution switches to the 6500 then if you don't need a vlan/IP subnet in multiple buildings then you should use L3 connections to the 6500.
Note also that you may want to consider at some time in the future a second supervisor or another chassis as this 6500 with one supervisor is a single point of failure ie. if it goes then there is no communication between buildings.
Jon -
Hi,
I have the following escenario and I'm having some issues getting calls to most of the offices; the strange part it that the calls work for about 4 out of the 18 locations and they're all configured the same; here is the equipment I'm using:
Cisco 827--------PIX-------Cable modem
The 827 has a 4 port voice module and this is what happens when we try to call other locations which in most cases have 2620 or 2621 routers with voice cards as well:
1 San Antonio 001, rings once, dialtone, additional digits do not break dialtone, times out with dead air
2 Portland 002, rings once, dialtone, additional digits do not break dialtone, times out with dead air
5 San Diego 005, rings once, dialtone, additional digits do not break dialtone, times out with dead air
6 Phoenix 006, rings once, dialtone, additional digits do not break dialtone, times out with dead air
7 San Jose 007, rings once, dialtone, additional digits do not break dialtone, times out with dead air
8 Denver 008, rings once, dialtone, additional digits do not break dialtone, times out with dead air
9 Dallas 009, rings once, dialtone, additional digits do not break dialtone, times out with dead air
10 Chicago 010, rings once, dialtone, additional digits do not break dialtone, times out with dead air
11 Boston 011, rings once, dialtone, additional digits do not break dialtone, times out with dead air
12 Houston 012, rings once, dialtone, additional digits do not break dialtone, times out with dead air
13 Garden Grove 013, rings once, dialtone, additional digits do not break dialtone, times out with dead air
14 Seattle 014, rings once, dialtone, additional digits do not break dialtone, times out with dead air
26 Minneapolis 026, rings once, dialtone, additional digits do not break dialtone, times out with dead air
3 Glendale 003, Dead air, times out with a busy
18 Hartford 018, Works
19 Charlotte 019, Works
21 Cleveland 021, Works
22 South Beloit 022, Works
This setup worked long time ago when the router was on the outside with no firewall; and again with the current set up, it works for 4 of the locations and I'd like to know if somebody over there has a similar scenario and would like to share any information.
Thanks very muchI think its some config problems in the PIX .
Add commands the following commands in PIX.
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801fc74a.shtml -
Cisco NSS4000 NTFS Permissions Issue
Hi guys,
I have a Cisco NSS4000 4-Bay Gigabit Network Storage System with a RAID5 array and a 2.75TB volume. I have also created a CIFS share, configured the NAS on the domain and given all users full access to the share. My issue is that the subfolders under inside the volume don’t inherit the NTFS permissions from the parent folders. No matter how many times I check the “Allow inheritable permissions from the parent…” option, it always seems to get unchecked. As a result of that, any new files the users create will only be editable by the person who created it, until I manually change the permissions. I don’t see any errors reported on my DC or the NAS logs.
Any help or guidance would be highly appreciated.Nathan Guinle wrote:
What extra software do I need to install?
you don't need any extra software to be able to read NTFS drives, you only need it to be able to write to them but that's not what you are trying to do.
You asked, "where exactly are you trying to move the files?"
I am trying to move them anywhere on my mac.
I created an empty folder in my documents to be exact.
I have tried moving files/folders one at a time but I keep getting that permissions error thing.
This is just crazy..... I can't believe I can't move my files from my windows to my mac....!!
How do other people (switchers) do this?
other people don't have this problem.
what you see is not normal. NTFS drives are readable by OS X and you should normally be able to copy anything you want from that drive. something is wrong with your drive but since it's NTFS there is not much you can do from OS X. try hooking up the drive to windows and repairing it from windows with [chkdisk|http://support.microsoft.com/kb/315265]. -
Cisco Aironet 1200 LAP Issues - LAP to Autonomous Mode
Greetings! After purchasing 4 of the Cisco Aironet 1200 G Series WAPs, I'm now running into a slight issue with them.
I received these last week with the understanding that if I didn't have the Cisco controller device, I could convert them from being the Lightweight Access Point, back to Autonomous mode with an IOS.
With this, I checked the documentation that came with the device and found the "Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode" or http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&needs_authentication=yes&CommCmd=MB%3Fcmd%3Dadd_discussion%26mode%3Dshow%26needs_authentication%3Dyes%26location%3D.ee7c7c3.
From there, I followed the instructions listed under Converting a Lightweight Access Point Back to Autonomous Mode. Before the rename of the file, I checked the device and found AIR-LAP1242G-A-K9 for the Model No.
One of the Cisco Certified admins here was able to obtain the latest build for the IOS for the device or c1240-k9w7-tar.123-8.JEB1.tar. Per the instructions, I renamed the file to coincide with the model of the device.
I followed the instructions from there, and it looked as if everything was going well. However, after the upgrade, I'm running into an issue with the following:
File "flash:/c1200-k9w7-mx.123-8.JEB1/c1200-k9w7-mx.123-8.JEB1" uncompressed and installed, entry point: 0x3000
executing...
At this point, the device just locks up. All lights are lit green on the device. According do the documentation, it should reboot and from there, I should be able to access the web interface by IP.
I've tried to perform the upgrade again using the same IOS build, but the same thing happens with the lock up.
At this point, I'm assuming the issue is with the build of the IOS that I have and I may have to look at getting an older build. However, before doing so, I thought I would post something here to see if anyone had an idea.
I may have needed to refine my searching of the forums, but wasn't able to find anything in relation to my issue. If there is something out there, I do apologize for the post and will happily refer to any current information.
If you need any further information in relation to this, please let me know. Any assistance is greatly appreciated. Thank you!Hi Jeffrey,
Reverting the Access Point Back to Autonomous Mode
Have a look at Step 3
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
Using a TFTP Server to Return to a Previous Release
Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5 Disconnect power from the access point.
Step 6 Press and hold MODE while you reconnect power to the access point.
Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
From this doc;
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
Hope this helps!
Rob -
Cisco 5760 - Anchor config issue
Hi,
I am having an issue where the 5760 Anchor WLC has 4 Subnets but half of the VLANS need to go to a seperate gateway and the other half to another gateway.
Below image is what the network looks like:
The router (Content Filtering) is the Gateway for 4 x SSID’s/VLANs
The Firewall is the Gateway for the Management VLAN
The issue here is that we have 2 separate Gateways and there is no way to define separate gateways for each VLAN on the 5760 WLC
We have an default IP route 0.0.0.0 0.0.0.0 10.1.1.254 which is pointing to the Firewall. The firewall is not the gateway for the other 4 x SSID/VLANs that exist on the Anchor so we do not want all traffic going to the Firewall, only management traffic.
Is there a way to set different gateways for different subnets/VLANs on the 5760 WLC? Keeping in mind that there is an default route pointing to the Firewall.
Also does the 5760 WLC acts as a Layer 3 device?
ThanksAll types of deployments listed below for the Anchor configuration.
Case solution :
Wireless WebAuth and Guest Anchor Solutions
The following sections show a WebAuthentication (WebAuth) configuration and Guest Anchor examples on the CT5760.
Note For a complete webauth configuration, please download the webauth bundle from the following URL: http://software.cisco.com/download/release.html?mdfid=284397235&softwareid=282791507&
release=3.2.2&relind=AVAILABLE&rellifecycle=&reltype=latest .The readme file has all the GUI and CLI configuration for webauth.
Configure Parameter-Map Section in Global Configuration
The parameter map connection configuration mode commands allow you to define a connection- type parameter map. After you create the connection parameter map, you can configure TCP, IP, and other settings for the map.
! First section is to define our global values and the internal Virtual Address.
! This should be common across all WCM nodes.
PARAMETER-MAP TYPE WEBAUTH GLOBAL?
VIRTUAL-IP IPV4 192.0.2.1
PARAMETER-MAP TYPE WEBAUTH WEBPARALOCAL?
TYPE WEBAUTH?
BANNER TEXT ^C WEBAUTHX^C
REDIRECT ON-SUCCESS HTTP://9.12.128.50/WEBAUTH/LOGINSUCCESS.HTML
REDIRECT PORTAL IPV4 9.12.128.50
Configure Customized WebAuth Tar Packages
Transfer each file to flash:
copy tftp://10.1.10.100/WebAuth/webauth/ webauth_consent.html flash:webauth_consent.html
copy tftp://10.1.10.100/WebAuth/ webauth_success.html flash: webauth_success.html
copy tftp://10.1.10.100/WebAuth/ webauth_failure.html flash: webauth_failure.html
copy tftp://10.1.10.100/WebAuth/ webauth_expired.html flash: webauth_expired.html
Configure Parameter Pap with Custom Pages
parameter-map type webauth webparalocal
type webauth
custom-page login device flash:webauth_consent.html
custom-page success device flash:webauth_success.html
custom-page failure device flash: webauth_failure.html
custom-page login expired device flash:webauth_expired.html
Configure Parameter Map with Type Consent and Email Options
parameter-map type webauth webparalocal
type consent
consent email
custom-page login device flash:webauth_consent.html
custom-page success device flash:webauth_success.html
custom-page failure device flash:webauth_failure.html
custom-page login expired device flash:webauth_expired.html
Configure Local WebAuth Authentication
username guest password guest123
aaa new model
dot1x system-auth-control
aaa authentication login EXT_AUTH local
aaa authorization network EXT_AUTH local
aaa authorization network default local
or
aaa authentication login default local
aaa authorization network default local
Configure External Radius for WebAuth
aaa new model
dot1x system-auth-control
aaa server radius dynamic-author ?
client 10.10.200.60 server-key cisco ?server-key cisco ?
auth-type any
radius server cisco
address ipv4 10.10.200.60 auth-port 1812 acct-port 1813
key cisco
aaa group server radius cisco server name cisco
aaa authentication login EXT_AUTH group cisco
or
aaa authentication login default group cisco
Configure WLAN with WebAuth
wlan Guest-WbAuth 3 Guest-WbAuth
client vlan 100
mobility anchor 192.168.5.1
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth authentication-list EXT_AUTH
security web-auth parameter-map webparalocal
no shutdown
Configure HTTP Server in Global Configuration
!--- These are needed to enable Web Services in the Cisco IOS® software.
ip http server
ip http secure-server
ip http active-session-modules none
Other Configurations to be Checked or Enabled
!--- These are some global housekeeping Cisco IOS® software commands:
ip device tracking
ip dhcp snooping
SNMP Configuration
From the CT5760 console, configure the SNMP strings.
snmp---s er v er co mmuni t y p ub l i c r o
snmp---s er v er co mmuni t y p r i v a t e r w
IPv6 Configuration
IPv6 is supported on the data path. Wireless clients will be able to get an IPv6 address.
Enable IPv6 Snooping - CT5760
There are slight differences in configurations on a CT5760 when configuring IPv6. To enable IPv6 on a CT5760, the following step must be completed.
ipv6 nd raguard attach-policy testgaurd
Trusted-port
Device-role router
interface TenGigabitEthernet1/0/1
description Uplink to Core Switch
switchport trunk native vlan 200
switchport mode trunk
ipv6 nd raguard attach-policy testgaurd
ip dhcp snooping trust
Enable IPv6 on Interface - CT5760
Based on interfaces that need IPv6 configurations and the type of address needed, respective configurations are enabled as follows. IPv6 configurations are enabled on VLAN200.
vlan configuration 100 200
ipv6 nd suppress
ipv6 snooping
interface Vlan100
description Client VLAN
ip address 10.10.100.5 255.255.255.0
ip helper-address 10.10.100.1 2001:DB8:0:10::1/64
ipv6 address FEC0:20:21::1/64
ipv6 enable
Maybe you are looking for
-
Gets hung up on importing iphoto library
when i try to import my iphoto library aperture gets hung up and the photos do not appear in the aperture library
-
Need Tutorial for Simple Voice Recording
I'm running for public office, and a local newspaper invited me to submit a statement along with a MP3 audio file. I asked a question on another forum about software that can be used to make MP3 files on a Leopard platform, and I was told to use Gara
-
i am using 8i application server. my browsers (netscape and ie) display a .png image ok when it is located on my pc's drive. but when i put it on the server and try to get it thru oas, the image doesn't display. Do I need to do something special to g
-
How to keep track of views of a particular mysql entry
I have a dynamic website through php and mysql. How do I get my website to keep track of the amount of views each entry got (and for the amount of views to be recorded in my mysql table? Is there an easy way to do this with dreamweaver?
-
IOException because of getRuntime().exec
I am trying: line 29: String[] execArg = new String[] {"D:\\", "dir"}; line 30: Process p = Runtime.getRuntime().exec(execArg); and getting: java.io.IOException: CreateProcess: D:\ dir error=3 at java.lang.Win32Process.create(Native Method)