Cisco 871 and throughput with QOS
Considering an 871 to carry out CBWFQ on circa 4Mbits of bandwidth allocated by a provider.
Will the platform handle that sort of throughput? Any experiences?
Thanks Paresh,
Had never encountered that guide before - certainly useful.
I still wonder whether anyone has experience of the throughput that can be achieved with QOS features enabled such as a CBWFQ applied to 4Mbps. I doubt such a figure will exist in the literature, it would probably have to be a field measurement. Has anyone got any such field measurements - especially with the 871 but also with any other SMB platform.
regards
Similar Messages
-
Cisco 871 and 881 routers PCI Compliant?
do you know if the Cisco 871 and 881 routers are PCI complaint for 2015 and if not, are they able to be updated to be PCI Compliant?
thanks,
I am a Franchisee for a pizza chain and they are stating the routers will not be compliant with the new credit card PCI standards.Any router can be PCI complaint as long you follow the PCI guide to harden the router and apply the correct filters.For example; one of the PCI requirement is to disable telnet access to the router and only use SSH. So, this can easily be accomplished if you have the right IOS with security installed.
HTH -
Cisco SG300 and LLDP with Yealink Phones.
I am currently trying to setup a Cisco SG300 switch with a hosted VoIP solution using the SG300's at the customer's premise. The Yealink phones I am not able to get them to pull an IP address and believe the problem is related to LLDP. We also use Polycom phones and they work just fine. Here is the configuration that I am currently using ( I have tried several different configurations and none of them work with the Yealinks. Any help would be greatly appreciated.
DLC#show run
config-file-header
DLC
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2,88
exit
voice vlan id 88
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname DLC
interface vlan 2
name Data
interface vlan 88
name FlexVoice
interface gigabitethernet1
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet2
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet3
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet4
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet5
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet6
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet7
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet8
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet9
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet10
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet11
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet12
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet13
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet14
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet15
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet16
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet17
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet18
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet19
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet20
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet21
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet22
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet23
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet24
switchport trunk allowed vlan add 88
switchport trunk native vlan 2
no macro auto smartport
interface gigabitethernet27
switchport mode access
switchport access untagged vlan 2
no macro auto smartport
interface gigabitethernet28
switchport mode access
switchport access untagged vlan 88
no macro auto smartport
exit
DLC#Here is the latest configuration that I tried, Polycom phone worked, Yealink didn't.
co-test#show run
config-file-header
co-test
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2,88,881
exit
voice vlan id 88
voice vlan state oui-enabled
voice vlan cos 6 remark
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 0004f2 Polycom
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 001565 Yealink
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname co-test
interface vlan 2
name data
interface vlan 88
name flexvoice
ip address 172.16.88.2 255.255.255.0
no ip address dhcp
interface gigabitethernet1
voice vlan enable
interface gigabitethernet2
voice vlan enable
interface gigabitethernet3
voice vlan enable
interface gigabitethernet4
voice vlan enable
interface gigabitethernet5
voice vlan enable
interface gigabitethernet6
voice vlan enable
interface gigabitethernet7
voice vlan enable
interface gigabitethernet8
voice vlan enable
interface gigabitethernet9
voice vlan enable
interface gigabitethernet10
voice vlan enable
interface gigabitethernet11
voice vlan enable
interface gigabitethernet12
voice vlan enable
interface gigabitethernet13
voice vlan enable
interface gigabitethernet14
voice vlan enable
interface gigabitethernet15
voice vlan enable
interface gigabitethernet16
voice vlan enable
interface gigabitethernet17
voice vlan enable
interface gigabitethernet18
voice vlan enable
interface gigabitethernet19
voice vlan enable
interface gigabitethernet20
voice vlan enable
interface gigabitethernet21
voice vlan enable
interface gigabitethernet22
voice vlan enable
interface gigabitethernet23
voice vlan enable
interface gigabitethernet24
voice vlan enable
interface gigabitethernet27
switchport mode access
switchport access vlan 2
no macro auto smartport
interface gigabitethernet28
switchport mode access
switchport access vlan 88
no macro auto smartport
exit
co-test# -
Does Cisco 7600 Support QPPB with QoS?
Hi,
The BGP routes can successful marks an IP precedence values by QPPB. But the QoS seems is not working when match the IP precedence.
Any help is much appreciated!
class-map match-all Prec-3
match access-group 20
match precedence 5
class-map match-all allow
match access-group 20
policy-map Meter
class Prec-3
class allow
interface GigabitEthernet9/0/0
ip address 20.20.20.1 255.255.255.0
media-type rj45
speed 1000
no negotiation auto
bgp-policy destination ip-prec-map
interface GigabitEthernet9/0/1
ip address 10.10.10.1 255.255.255.0
media-type rj45
speed 1000
no negotiation auto
service-policy output Meter
router bgp 100
table-map QPPB
bgp log-neighbor-changes
network 200.200.200.0
neighbor 10.10.10.2 remote-as 200
ip forward-protocol nd
ip as-path access-list 100 permit 200$
access-list 20 permit 200.200.200.1
route-map QPPB permit 10
match as-path 100
set ip precedence critical
Router# show ip bgp
BGP table version is 3, local router ID is 20.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 100.100.100.0/24 10.10.10.2 0 0 200 i
*> 200.200.200.0 0.0.0.0 0 32768 i
Router#show ip route 100.100.100.0
Routing entry for 100.100.100.0/24
Known via "bgp 100", distance 20, metric 0
Tag 200, precedence critical (5), type external
Last update from 10.10.10.2 1d06h ago
Routing Descriptor Blocks:
* 10.10.10.2, from 10.10.10.2, 1d06h ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 200
MPLS label: none
Router#show policy-map interface
GigabitEthernet9/0/1
Service-policy output: Meter
Counters last updated 00:00:01 ago
Class-map: Prec-3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: access-group 20
Match: precedence 5
Class-map: allow (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: access-group 20
Class-map: class-default (match-any)
3908 packets, 261198 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Router#Command Accounting is a TACACS+ feature so not for ISE....yet.
However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory. The notify syslog is what sends it via syslog.
conf t
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
end
wr mem
Remember, syslog is clear text :-) log away from user traffic when possible. Or use TLS based syslog when possible.
I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Please rate post you consider useful.
-James -
Cisco 6807 and 6800ia Swtich QOS for Cisco ip phones
Does anyone have an example of configuring a 6800ia switch port connected to a 6807VSS parent for cisco ip phones qos. Normally we'd use auto qos voip but auto qos is not supported on 6800IA switches.
Cant find any cisco documentation of what the IA switches port config should look like for a cisco ip phone.
Any help would be appreciated.
Thanks,
DaveI'd leave QoS alone.
-
VPN between ASA 5500 and Cisco 871
Hello.
I recently bought a Cisco 871 and an ASA 5500 device. I would like to configure a VPN connection (LAN-to-LAN), and I would like some help about the ports that need to be opened into both firewalls, ASA and 871.
Thank you.Thank you. The routers where not syncronized.
I have installed on my CA server also an NTP server and everything works now.
I have one more question: how can I connect the CA server to separate zone on my ASA device? Let's say a DMZ zone?
I have 2 public IPs and I want to use one (let's say PRIMARY_IP) for the VPN tunnels, and the other one (let's call it SECONDARY_IP) for the CA server...In other words I want the SECONDARY_IP to be ?assigned? to the CA server; if someone wants to make requests for NTP, or SCEP, or ...let's say TFTP to the SECONDARY_IP, those requests to be forwarded behind the ASA, to the CA.
Can you help me? -
Re-Paired Cisco DMM and Cisco Show & Share
Hi ...
guys ... do anyone have experience to re-paired Cisco DMM and Cisco Show & Share ? I do re-paired it, but it doesn't success. First i pair Cisco Show and Share with Cisco DMS it success, but when i pair Cisco DMM with Cisco Show and Share it doesn't success (the proccess took so long about 30 minute i do ctrl C and it says failed to install certificate from Cisco Show and Share).
Anyone have idea ?
BRAvoid Pairing Failures
•Pairing fails when you complete these steps in the wrong order. You must use AAI on your Cisco Cisco Show and Share appliance before you use AAI on your Cisco DMM appliance. Do not reverse this order or try to use AAI simultaneously on both appliances.
•Do not use the POP option on the pairing menu. Doing so may cause Cisco Show and Share to fail. If you accidently choose the POP option, you will need to re-pair the Cisco Show and Share and DMM appliances.
Pair Your Appliances
Procedure
Step 1 From the appliance that runs Cisco Show and Share 5.2:
a. Log in as admin to the Appliance Administration Interface (AAI).
b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
c. Choose DMM.
Warning Do not choose any other option than DMM.
d. Enter the fully-qualified domain name (FQDN) for your Cisco DMM appliance.
This is the DNS name. Do not enter an IP address.
e. Press Enter.
Your Cisco Show and Share appliance receives and successfully imports a digital certificate from your Cisco DMM appliance.
Step 2 From the appliance that runs Cisco Digital Media Manager 5.2:
a. Log in as admin to the Appliance Administration Interface (AAI).
b. Choose APPLIANCE_CONTROL > PAIR APPLIANCE.
c. Choose SHOW_AND_SHARE.
Warning Do not choose any other option than SHOW_AND_SHARE.
d. Enter the fully-qualified domain name (FQDN) for your Cisco Show and Share appliance.
This is the DNS name. Do not enter an IP address.
e. Press Enter.
Your Cisco DMM appliance receives and successfully imports a digital certificate from your Cisco Show and Share appliance.
See Cisco Link :
http://www.cisco.com/en/US/docs/video/digital_media_systems/5_x/5_2/dms/aai/administration/guide/pair.html -
Configuration Issue with my Cisco 871 Router
Hi all,
I am a newbie to the Cisco IOS.
I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
Below is my current config:
Hoggers#show config
Using 4414 out of 131072 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Hoggers
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 **********************.
no aaa new-model
crypto pki trustpoint TP-self-signed-568493463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-568493463
revocation-check none
rsakeypair TP-self-signed-568493463
crypto pki certificate chain TP-self-signed-568493463
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.90
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip dhcp pool LANPOOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 41.212.3.2 41.212.3.253
ip domain name yourdomain.com
ip name-server 41.212.3.2
ip name-server 41.212.3.253
archive
log config
hidekeys
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Wan to Outside World
ip address 41.212.79.108 255.255.255.0
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.212.79.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
scheduler max-task-time 5000
end
I'll appreciate any light you can shed on what am missing.2 wireless routers can not communicate wirelessly with each other.
You need to connect cable between 2 routers and use the second wireless router as access point.
Follow this link to connect Linksys router to another router.
Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address. -
Can I do a BorderManager 3.8 S2S VPN with a BM3.8 server as the master and a
Cisco 871 as the slave at the other end?Hi,
Mark Moorhead wrote:
>
> Can I do a BorderManager 3.8 S2S VPN with a BM3.8 server as the master and a
> Cisco 871 as the slave at the other end?
I don't see a reason why not. Basically all Ciscos that support VPN I've
tried so far worked just fine.
CU,
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de -
Ask the Expert: ISE 1.2: Configuration and Deployment with Cisco expert Craig Hyps
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to deploy and configure Cisco Identity Services Engine (ISE) Version 1.2 and to understand the features and enhanced troubleshooting options available in this version, with Cisco expert Craig Hyps.
October 27, 2014 through November 7, 2014.
The Cisco Identity Services Engine (ISE) helps IT professionals meet enterprise mobility challenges and secure the evolving network across the entire attack continuum. Cisco ISE is a security policy management platform that identifies users and devices using RADIUS, 802.1X, MAB, and Web Authentication methods and automates secure access controls such as ACLs, VLAN assignment, and Security Group Tags (SGTs) to enforce role-based access to networks and network resources. Cisco ISE delivers superior user and device visibility through profiling, posture and mobile device management (MDM) compliance validation, and it shares vital contextual data with integrated ecosystem partner solutions using Cisco Platform Exchange Grid (pxGrid) technology to accelerate the identification, mitigation, and remediation of threats.
Craig Hyps is a senior Technical Marketing Engineer for Cisco's Security Business Group with over 25 years networking and security experience. Craig is defining Cisco's next generation Identity Services Engine, ISE, and concurrently serves as the Product Owner for ISE Performance and Scale focused on the requirements of the largest ISE deployments.
Previously Craig has held senior positions as a customer Consulting Engineer, Systems Engineer and product trainer. He joined Cisco in 1997 and has extensive experience with Cisco's security portfolio. Craig holds a Bachelor's degree from Dartmouth College and certifications that include CISSP, CCSP, and CCSI.
Remember to use the rating system to let Craig know if you have received an adequate response.
Because of the volume expected during this event, Ali might not be able to answer each question. Remember that you can continue the conversation on the Security community, sub-community shortly after the event. This event lasts through November 7, 2014. Visit this forum often to view responses to your questions and the questions of other community members.
(Comments are now closed)1. Without more specifics it is hard to determine actual issue. It may be possible that if configured in same subnet that asymmetric traffic caused connections to fail. A key enhancement in ISE 1.3 is to make sure traffic received on a given interface is sent out same interface.
2. Common use cases for using different interfaces include separation of management traffic from user traffic such as web portal access or to support dedicated profiling interfaces. For example, you may want employees to use a different interface for sponsor portal access. For profiling, you may want to use a specific interface for HTTP SPAN traffic or possibly configure IP Anycast to simplify reception and redundancy of DHCP IP Helper traffic. Another use case is simple NIC redundancy.
a. Management traffic is restricted to eth0, but standalone node will also have PSN persona so above use cases can apply for interfaces eth1-eth3.
b. For dedicated PAN / MnT nodes it usually does not make sense to configure multiple interfaces although ISE 1.3 does add support for SNMP on multiple interfaces if needed to separate out. It may also be possible to support NIC redundancy but I need to do some more testing to verify.
For PSNs, NIC redundancy for RADIUS as well as the other use cases for separate profiling and portal services apply.
Regarding Supplicant Provisioning issue, the flows are the same whether wireless or wired. The same identity stores are supported as well. The key difference is that wireless users are directed to a specific auth method based on WLAN configuration and Cisco wired switches allow multiple auth methods to be supported on same port.
If RADIUS Proxy is required to forward requests to a foreign RADIUS server, then decision must be made based on basic RADIUS attributes or things like NDG. ISE does not terminate the authentication requests and that is handled by foreign server. ISE does support advanced relay functions such as attribute manipulation, but recommend review with requirements with local Cisco or partner security SE if trying to implement provisioning for users authenticated via proxy. Proxy is handled at Authentication Policy level. CWA and Guest Flow is handled in Authorization Policy. If need to authenticate a CWA user via external RADIUS, then need to use RADIUS Token Server, not RADIUS Proxy.
A typical flow for a wired user without 802.1X configured would be to hit default policy for CWA. Based on successful CWA auth, CoA is triggered and user can then match a policy rule based on guest flow and CWA user identity (AD or non-AD) and returned an authorization for NSP.
Regarding AD multi-domain support...
Under ISE 1.2, if need to authenticate users across different forests or domains, then mutual trusts must exist, or you can use multiple LDAP server definitions if the EAP protocol supports LDAP. RADIUS Proxy is another option to have some users authenticated to different AD domains via foreign RADIUS server.
Under ISE 1.3, we have completely re-architected our AD connector and support multiple AD Forests and Domains with or without mutual trusts.
When you mention the use of RADIUS proxy, it is not clear whether you are referring to ISE as the proxy or another RADIUS server proxying to ISE. If you had multiple ISE deployments, then a separate RADIUS Server like ACS could proxy requests to different ISE 1.2 deployments, each with their own separate AD domain connection. If ISE is the proxy, then you could have some requests being authenticated against locally joined AD domain while others are sent to a foreign RADIUS server which may have one or more AD domain connections.
In summary, if the key requirement is ability to join multiple AD domains without mutual trust, then very likely ISE 1.3 is the solution. Your configuration seems to be a bit involved and I do not want to provide design guidance on a paper napkin, so recommend consult with local ATP Security SE to review overall requirements, topology, AD structure, and RADIUS servers that require integration.
Regards,
Craig -
Yesterday, my ability to receive gmail,facebook,safari,etc. ceased to perform The wifi connections shows that it is connected but I cannot get through the internet . I use a Cisco router and it is working fine with another computer and also a printer. I contacted the internet provider and they show the ipad at the router but not out through the internet. Also, yesterday my wife eliminated some programs(games,etc) from the ipad. Anway, I am thinking I am missing some setting that is not turned on as everything seems to be working fine.
Any suggestions?Settings > General > Reset > Reset Network Settings
-
Cisco Telepresence and Meeting Place Integration with Third Party Call Pros
Dear colleages:
i want to ask if Cisco Telepresence can integrate with 3rd party call processing systems.
as my project has already existing Nortel Communication Server 1000,
which supports:
Operating System: VXWorks and Linux
Network Signaling Protocols: H.323v4, MCDN, SIP, LDAP, QSig, QSS, in band and DPNSS
Trunking Support:
IP:IP Virtual Trunks using IP Peer Networking over H.323 or SIP
Digital: DTI, ISDN-PRI, ISDN-BRI
Analog: Loop and Ground Start CO, FX, WATS, two or four wire E&M, four wire DX, DID, TIE, RAN Paging.
and i want to build Video Converence system over the WAN.
please to tell me if that integration is possible and what is the design components that is required for such project to be handled from A- to Z.
Regards,I have been told that i need to use SIP protocol API instead of TAPI to have a TRUE VOIP Windows solution.
Could you guys please tell me the difference between SIP API and TAPI?
And could you please suggest a way which API (SPI or TAPI) the OnCast solution is based on (http://www.litescape.com/oncastsoftware.html) - we have to develop something similar.
Thank you for your replies,
Alexey -
Strange behavior with Cisco AP and Intel 3945 wireles card
Hi,
I have an interesting problem with an Intel 3945 A/G card, and my cisco APs.
1. Given:
Cisco 1100 and 1200 AP running IOS 12.3.8-JEA
Two laptop, one with Intel 2200 MPCI Card, the other with Intel 3945 MPCI Card
Microsoft AD with IAS radius server
a. 1 SSID with Simple EAP-TLS configuration Enterprise WPA/TKIP, no vlans, broadcast SSID. both card associate correctly and operate normally.
b. 2 SSID, 1 with simple EAP-TLS configuration Enterprise WPA/TKIP (broadcast), and 2nd SSID Open/No encryption/No authentication (not broadcasted), both cards associate correctly and operate normally.
c. 2 SSID, 1 with simple EAP-TLS configuration Enterprise WPA/TKIP (broadcast), and 2nd SSID WPS-PSK (not broadcasted), both cards operate normally.
Now it gets interesting:
c. 2 SSID, 1 with EAP-TLS/WPA Enterprise on its own VLAN 102, 2nd SSID Open/No Encryption/No authentication on a separate VLAN 105, VLAN 1 is used for admin and radius backhaul to IAS.
If both SSID are broadcasted via mbssid guest-mode both Intel cards work as expected
If neither SSID are broadcasted, both Intel cards work as expected
If either SSID is broadcasted via normal guest-mode command, the Intel 2200 associates and works correctly, but the Intel 3945 refuses to assocate to the AP.
Has anyone heard of side-effect?
AlanI'm seeing a similar issue with the 3945 right now. However in my example the following is the case;
APs are 1200 series IOS upgraded running 802.11b interfaces only. There are multiple SSIDs NONE of which are broadcasting.
We've got a few different client types. The Cisco CB21ABG cards are fine, as are the Intel 2200 and 7920 phones. It's only the 3945 that has a problem and it's running Intel's 10.5.1.68 driver which is the latest. I'm considering downgrading it to an older driver.
Anybody got a definate fix for this Intel card??? -
EAP-TLS problems with Cisco AP541N and Server 2008 NPS
Hi,
I want to use EAP-TLS with my shiny new certificates issued by my new Windows CA, and what happens? Nothing works.
I don't have a clue what I should do. I try to establish a EAP-TLS connection using my Windows CE mobile device, but my cisco AP541N logs this:
Oct 18 15:42:58
info
hostapd
wlan0: STA 00:17:23:xx:xx:xx IEEE 802.1X: Supplicant used different EAP type: 3 (Nak)
Oct 18 15:42:58
warn
hostapd
wlan0: STA 00:17:23:xx:xx:xx IEEE 802.1X: authentication failed - identity 'XXXXXX' EAP type: 13 (TLS)
Oct 18 15:42:58
info
hostapd
The wireless client with MAC address 00:17:23:xx:xx:xx had an authentication failure.
NPS logs this:
Name der Verbindungsanforderungsrichtlinie: Sichere Drahtlosverbindungen 2
Netzwerkrichtlinienname: XXXXXX
Authentifizierungsanbieter: Windows
Authentifizierungsserver: XXXXX
Authentifizierungstyp: EAP
EAP-Typ: -
Kontositzungs-ID: -
Protokollierungsergebnisse: Die Kontoinformationen wurden in die lokale Protokolldatei geschrieben.
Ursachencode: 22
Ursache: Der Client konnte nicht authentifiziert werden, da der angegebene EAP (Extensible Authentication-Protokoll)-Typ vom Server nicht verarbeitet werden kann.
I'm sorry it's german, but the gist is: The server can't process the authentication with the specified EAP type, which should be EAP-TLS.
I think the NAK answer in my cisco AP logs is the problem. Well, not the problem, since it is the standard procedure in the EAP request / challenge, I think, but somebody messes up with it.
Did anybody encounter something like this before? Or just knows what to do?
Thanks in advance
LenniJoe:
Having NPS, you have the options to configure PEAP-MSCHAPv2 or EAP-TLS.
EAP-TLS: mandates a certificate on the server as well as a certificate on every single machine for authentication purposes.
PEAP-MSCHAPv2: mandates a certificate on the server only. Users connecting to the wireless network must trust the certificate (or, user devices can be configured to escape this trust and connect even if the server cert is not trusted).
for PEAP-MSCHAPv2, Your options are:
- Buy a certificate for the server from a trusted party (Verisign for example [which was bought later by Symantec]). This way all devices will - by default - trust the server's cert.
- Install local CA. Install a cert on the server and then push the root CA cert for your CA to all client device so they trust this issuer.
- If both up options are not valid for you, what you can do is to configure every single client to ignore the untrusted cert and proceed with the connectoin. (This is a security concern though. not recommended unless really needed).
You must get a cert on the server and all clients must trust that certificate's issuer. Otherwise you'll not be able to user PEAP.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
VOIP home lab with cisco 2620 and VIC-2FXO port
Hi all,
I m considering building a home lab for studying CCVP, the lab would be based on the follow components :
- CUCM 8.X (already installed)
- A couple of soft phones running in VMWARE with IP Blue and CIPC (they are already in place and registered with the CUCM)
- Cisco router 2620 with NM-2V and VIC-2FXO-M2 (for europe, I'm in France)
so here are my questions :
1/ it looks like the NM-2V comes with integrated DSP, so I should not need more DSP, I have got one PSTN analogic line only so I can make only one call at a time, please confirm
2/ my analog line comes via my home internet provider dsl box, i have already tried to connect an analog phone and it works, please confirm the router will be able to receive and place calls
thanks for your help, I m looking forward to begin my voice lab1. Yes, the NM-2V has built-in DSP resources for up to four calls (max voice port density with two 1st generation VICs). You cannot add further DSP chips to the NM-1V/2V, nor would you need to for what it does. You have one PSTN phone line, thus you can only make one call at a time. If you had a second line you could use the other FXO port for a second concurrent call.
2. If the phone line works then it will work with the router to make and receive calls. As Gregory said, just configure dial peers for what you need to do.
Here is some info on the NM-2V:
http://www.cisco.com/en/US/products/hw/modules/ps2617/products_tech_note09186a0080094ac0.shtml
Maybe you are looking for
-
Performing backup of SQL via backup interface
Hello all, First of all , let me tell you that i don't have much knowledge regarding SQL so, excuse me in advance for any stupid questions. Here is my situation: I have SQL 2005 Standolne server. On the server there are two interfaces(NICs) one is so
-
How to get the pop up of Down Payment Clearing while posting an Invoice using MIRO tcode
Hi, I am having a requirement where I need to display the Down Payment Clearing pop up. Scenario: While posting an Invoice, user have to check whether he had done any downpayment for the Purchase Order, if so, then there will be a Information display
-
Reading XML file from application server and put into internal table-4.6C
Dear All, Is there any way of reading XML file from application server to SAP? I am using 4.6C. Function module SCMS_STRING_TO_XSTRING function module is not available. Please suggest. Thanks and regards, Atanu
-
Help needed in compiling a .SCR file to VI and C program
Hi all! I am a student using evaluation version of NI Vision assistant 8.6. I have a script file that i want to convert to VI. As you know we cannot do it on a evaluation version. I neither can afford the package right now. Please help me convert the
-
How do I resize an image in Lightroom?
Hi everyone, was wondering if someone can help me as am trying to resize and image in lightroom and cannot find where to do it.. please help. thanks alexandra