Cisco 880G+7 3G connection issue
Hi all ,
There is a problem with 3G all time on 880G router . It seem that i doing someting wrong or cisco modem is not working well
On few modems i cant get 3g data connection , and when that same SIM card i put in phone internet works , but on 880G router dont want.
How to get this to work stable ?
boot system flash flash:c880data-universalk9-mz.154-2.T1.bin
chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
interface Cellular0
description WAN towards MTS
ip address negotiated
ip mtu 1452
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer idle-timeout 2147483
dialer string hspa-R7
dialer-group 1
async mode interactive
dialer-list 1 protocol ip permit
line 3
exec-timeout 0 0
script dialer hspa-R7
login
modem InOut
no exec
transport input all
transport output all
cellular 0 gsm band wcdma-all-bands
cellular 0 gsm profile create 1 gprswap chap mts 064
cellular 0 gsm plmn select auto
#sh cellular 0 network
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = UMTS/WCDMA (Attached)
Packet Session Status = Inactive <-----
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = SRB, Network = MTS
Mobile Country Code (MCC) = 220
Mobile Network Code (MNC) = 3
Location Area Code (LAC) = 40203
Routing Area Code (RAC) = 1
Cell ID = 35420
Primary Scrambling Code = 236
PLMN Selection = Automatic
Registered PLMN = , Abbreviated =
Service Provider = mt:s
#sh cellular 0 connection
Data Transmitted = 0 bytes, Received = 0 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Service option not subscribed
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 6, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 7, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 8, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 9, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 10, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 11, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 12, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 13, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 14, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 15, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 16, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
#sh cellular 0 profile
Profile 1 = INACTIVE* **
PDP Type = IPv4
Access Point Name (APN) = gprswap
Authentication = CHAP
Username: mts
Password: 064
#sh cellular 0 hardware
Modem Firmware Version = T1_0_3_2AP R361 CNSZ
Modem Firmware built = 04/15/11
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) =
International Mobile Equipment Identity (IMEI) = 357115041460655
Integrated Circuit Card ID (ICCID) = 89381030000075802506
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) =
Factory Serial Number (FSN) = CC3022411121011
Modem Status = Online
Current Modem Temperature = 28 deg C, State = Normal
PRI SKU ID = 9900198, SKU Rev. = 1.2
#sh cellular 0 radio
Radio power mode = ON
Current Band = WCDMA 2100, Channel Number = 10663
Current RSSI(RSCP) = -91 dBm
Band Selected = WCDMA All(800/850/900/1900/IMT 2000)
Number of nearby cells = 1
Cell 1
Primary Scrambling Code = 0xEC
RSCP = -90 dBm, ECIO = -11 dBm
Other issue that i want ot check , after reload of router it seems like ip sla dont want to start
config is :
ip sla 1
icmp-echo 8.8.8.8
frequency 20
ip sla schedule 1 life forever start-time now
track 1 ip route 8.8.8.8 255.255.255.255 reachability
ip route 8.8.8.8 255.255.255.255 Cellular0
I need this because after router reload , i need some packets to get cellular int up and so on ...
Any idea?
Please i need urent help
KR
VZ
Thx for document , i solved this .
Still i have another issue with dmvpm because nat over 3g .
9 212.200.65.244 172.29.3.1 UP 00:20:37 DN
0 UNKNOWN 172.29.3.5 NHRP never IX
0 UNKNOWN 172.29.3.8 NHRP never IX
0 UNKNOWN 172.29.3.9 NHRP never IX
0 212.200.65.244 172.29.3.13 UP 00:01:10 DN
172.29.3.21 UP 00:27:48 DN
0 UNKNOWN 172.29.3.25 NHRP never IX
0 UNKNOWN 172.29.3.30 NHRP never IX
0 212.200.65.244 172.29.3.34 UP 00:15:10 DN
1 212.200.65.243 172.29.3.26 UP 00:07:28 DN
As you can see few sites use same (nated ) public ip , so some dmvpn tunnels dont works.
Any solution for this ?
Similar Messages
-
Cisco ASA 5505 VPN connection issue ("Unable to add route")
I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.
Setup:
* Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2)
* PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.
I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.
First I tried with the built-in ASDM IPSec Wizard, instructions found here.
VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself).
Client logs show following error messages:
1 15:53:09.363 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
2 15:53:13.593 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.101
3 15:53:13.593 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100165, Gateway: ac100101.
4 15:54:30.425 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
5 15:54:31.433 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
6 15:54:32.445 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
7 20:50:45.355 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
8 20:50:50.262 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.100
9 20:50:50.262 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100164, Gateway: ac100101.
I've already tried the suggestions from this link, although the problem is different there (as the user can still access the internet, even without split tunneling, which I cannot).
A show run shows the following output (note in the below I have tried a different VPN network: 192.168.3.0/24 instead of 172.16.1.0/24 seen in the Client log)
Result of the command: "sh run"
: Saved
ASA Version 8.2(5)
hostname AsaDWD
enable password kLu0SYBETXUJHVHX encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group DW-VPDN
ip address pppoe setroute
ftp mode passive
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.240
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool DWD-VPN-Pool 192.168.3.5-192.168.3.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group DW-VPDN request dialout pppoe
vpdn group DW-VPDN localname fa******@SKYNET
vpdn group DW-VPDN ppp authentication pap
vpdn username fa******@SKYNET password *****
dhcpd auto_config outside
dhcpd address 192.168.2.5-192.168.2.36 inside
dhcpd domain DOMAIN interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DWD internal
group-policy DWD attributes
vpn-tunnel-protocol IPSec
username test password ******* encrypted privilege 0
username test attributes
vpn-group-policy DWD
tunnel-group DWD type remote-access
tunnel-group DWD general-attributes
address-pool DWD-VPN-Pool
default-group-policy DWD
tunnel-group DWD ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3e6c9478a1ee04ab2e1e1cabbeddc7f4
: end
I've installed everything using the CLI as well (after a factory reset). This however yielded exactl the same issue.
Following commands have been entered:
ip local pool vpnpool 172.16.1.100-172.16.1.199 mask 255.255.255.0
username *** password ****
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp nat-traversal
sysopt connection permit-ipsec
sysopt connection permit-vpn
group-policy dwdvpn internal
group-policy dwdvpn attributes
vpn-tunnel-protocol IPSec
default-domain value DWD
tunnel-group dwdvpn type ipsec-ra
tunnel-group dwdvpn ipsec-attributes
pre-shared-key ****
tunnel-group dwdvpn general-attributes
authentication-server-group LOCAL
default-group-policy dwdvpn
Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.
I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...
The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
Does anyone know what's going on?Yes, I have tried from a different laptop - same results. Using that laptop I can connect to a different IPSec site without issues.
Please find my renewed config below:
DWD-ASA(config)# sh run: Saved:ASA Version 8.2(5) !hostname DWD-ASAenable password ******* encryptedpasswd ****** encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.2.254 255.255.255.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group DWD ip address pppoe setroute !ftp mode passiveaccess-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.224 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500ip local pool vpnpool 192.168.50.10-192.168.50.20 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyhttp server enablehttp 192.168.2.0 255.255.255.0 insidehttp 0.0.0.0 0.0.0.0 outsideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map outside_map interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400telnet timeout 5ssh 0.0.0.0 0.0.0.0 outsidessh timeout 5console timeout 0vpdn group DWD request dialout pppoevpdn group DWD localname *****@SKYNETvpdn group DWD ppp authentication papvpdn username *****@SKYNET password ***** dhcpd auto_config outside!dhcpd address 192.168.2.10-192.168.2.40 insidedhcpd enable inside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn enable outside svc enablegroup-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpngroup-policy dwdipsec internalgroup-policy dwdipsec attributes vpn-tunnel-protocol IPSec default-domain value DWDDOMusername user1 password ***** encrypted privilege 0username user1 attributes vpn-group-policy dwdipsectunnel-group dwdipsec type remote-accesstunnel-group dwdipsec general-attributes address-pool vpnpool default-group-policy dwdipsectunnel-group dwdipsec ipsec-attributes pre-shared-key *****tunnel-group dwdssl type remote-accesstunnel-group dwdssl general-attributes address-pool vpnpool!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options !service-policy global_policy globalprompt hostname context no call-home reporting anonymousCryptochecksum:f5c8dd644aa2a27374a923671da1c834: endDWD-ASA(config)# -
Cisco UC540W DHCP Internet connection Issue.
Hi guys, i would like some help trying to figure this out:
We have an UC540 system in our office, we also have a broadband internet connection through a local ISP, the UC540 internet connection setup is DHCP, but when i connect the ONT cable into the WAN port, it doesnt get any ip address, i tried with other device (D-LINK router) and it works perfectly.
I need your advice to let me know what i am missing. Here is the sh run configutarion, and no CLI changes have been made by the way.
Thanks in advance for the assistance.ISP may have a temporary MAC lock to other router address. So you may need to stay with ISP device turned off some hours or a night before reconnecting Cisco.
-
Connectivity issues between Cisco 2901 and Cisco SG300-52
Hello,
I am having some serious connectivity issues between the hosts in my LAN.
My LAN is based on a Cisco 2901 router and a Cisco SG300-52 port switch.
The issue that has been happening is that connections between hosts on the LAN (remote desktop, extended ping, etc) is very unstable, at some point I can see a 35% lost packets on an extended ping. This happens at any time of the day and from any host.
All hosts are on the same Vlan(default Vlan) and on the same subnet. Some hosts have fixed IP addresses (servers and network equipment) and others obtain their IP address trough a DHCP reservation established on the router (reserved with the MAC address of every host).
I can provide further details if needed, because this issue is very serious and I would really appreciate any insight or support.
Many thanks in advanced.
Sair Amer
EDIT: After doing every test we could think of, we finally found the reason behind this problem.
It turns out that the switch has problems handling communications between clients at different speeds, because most of the hosts connected were working at 100 Mbps but the servers were working at 1000 Mbps (and the communication between host and servers wasn't stable).
After manually setting the speed on all ports to 100 Mbps the problems have stopped.
Many thanks for you help on this issue.Building configuration...
Current configuration : 4123 bytes
! Last configuration change at 12:06:16 PCTime Sat Jul 19 2014 by ccp
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Foninsa
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$BDbJ$HN3VP8nmywrGB55RCxPd30
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime -4 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
no ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.151 192.168.1.255
ip dhcp pool FONINSA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool Laptop-Sporta-Wifi
host 192.168.1.10 255.255.255.0
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-213585710
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-213585710
revocation-check none
rsakeypair TP-self-signed-213585710
crypto pki certificate chain TP-self-signed-213585710
certificate self-signed 01
30820229 30820192
quit
license udi pid CISCO2901/K9 sn
license boot module c2900 technology-package securityk9
username ccp privilege 15 password
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 190.196.21.98 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 21 190.196.21.98 21 extendable
ip nat inside source static tcp 192.168.1.3 80 190.196.21.98 80 extendable
ip nat inside source static udp 192.168.1.8 1194 190.196.21.98 1194 extendable
ip nat inside source static tcp 192.168.1.4 3389 190.196.21.98 3389 extendable
ip nat inside source static tcp 192.168.1.9 3389 190.196.21.98 10000 extendable
ip nat inside source static tcp 192.168.1.3 3389 190.196.21.98 20000 extendable
ip route 0.0.0.0 0.0.0.0 190.196.21.97
access-list 1 permit 192.168.1.0 0.0.0.255
control-plane
line con 0
password $
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 5
access-class 23 in
privilege level 15
password #
transport input telnet ssh
no scheduler allocate
end -
Connectivity Issues Cisco ASA 5515 in Transparent Mode
Hi,
we´re having problems with one transparent mode setup at one customer site. The ASA is equiped with a CX Module, but we´re not using it, so far in the service policy rules it was enabled and matched all traffic, but in "monitor only" mode. There is a global acl that allows any-any-IP.
Firewall-Info:
- ASA Version 9.1(2)
- Interfaces gi0/0 + gi0/2 without any interface errors
The ASA 5515x is configured as a "bump in the wire". In general our setup is working but with beginning of the installation of the firewall the customer faces following connection issues, without the firewall no problems:
- Connections to SAP-Servers behind the MPLS begin to drop, affected all users
- Incoming monitoring sessions (ping/snmp) from central management are facing ping timeouts, connection timeouts
- http downloads are stopping, Customer: it will stop responding and the download will fail.
In general the customer describes it this way: "We do not have the best connection here so once we connected the firewall all the problems are magnified"
I recognized, that we unconfigured the default inspection during initial setup and reconfigured this entry for the cx module. So the the default inspection with all the settings are not present any more... How important are these settings? One phenomen is, that I´ve seen a large numbers of concurrent connections that increased over time. And we already had that situation, that the firewall reached the max-conn count.
Should I try to reconfigure the default inspection, as it ships from factory? And whats the best way to check for problems? What can be the reason for the dropping connections?
I attached a network plan and the firewall config, hopefully, that somebody has an idea. Of course I can provide additional information...
Best Regards
SebastianHi Vibhor,
thanks for your reply. Does this also affect the traffic, even the setting is set to "Monitor Only" ?
Is it recommend to configure the default-inspection rule as a default setting?
Further Question: I´ve read sth. about, that service policy rules must be "reloaded" to take effect, after they have been changed. Is that right and how do I reload them?
Here is an output from sh asp drop, do I have to care about certain values? This values result from two connected users doing some downloads over a 2Mbit connection.
ciscoasa# show asp drop
Frame drop:
Invalid encapsulation (invalid-encap) 10
First TCP packet not SYN (tcp-not-syn) 114
TCP failed 3 way handshake (tcp-3whs-failed) 3
TCP RST/FIN out of order (tcp-rstfin-ooo) 18
Dst MAC L2 Lookup Failed (dst-l2_lookup-fail) 33
L2 Src/Dst same LAN port (l2_same-lan-port) 260
FP L2 rule drop (l2_acl) 2958
Interface is down (interface-down) 9420
No management IP address configured for TFW (tfw-no-mgmt-ip-config) 117
Dropped pending packets in a closed socket (np-socket-closed) 66
Thanks
Sebastian -
Connectivity issues for random phones in CUCM 8.6 on Vmware
I have a client that has problems with around half of there ip phones (6921 & 7945) after a situation with overheating in the serverroom.
The solutions was a 1 Publisher, 1 subscriber setup with each on a separate Vmware server.
The Publisher is connected to the Core Switch which is further connected to 4 distribution switches which again connect to 5 more distribution switches. They have around 200 ip phones connected to these switches that get assigned IP's with DHCP.
The physical disk that the Subscriber was on was destroyed the incident. The Publisher they recovered, but to do this they had to recreate the vm descriptor file and attach it to the flat-file.
So the current situation is that the system is running with only 1 Publisher and no Subscriber.
There is also a license warning in the CCM Admin section, stating a License Overage (2 nodes used, but only 1 licensed.)
The license status is not invalid though, and the license state is "Uploaded". This second node I suppose might be the Subscirber that no longer exists? The phones have more than enough licenses.
When powered up the system seems to run as it should, but only about half the phones have connectivity to and can register with CUCM.
I have tried to reboot some phones remotely by cutting the power on the switch interfaces where they are attached, but that made no difference.
The console log on the phones that are down show TFTP Timeout & File Transfer Error.
The phones that are up and running can be pinged successfully from the CUCM cli, but when pinging the others I get "Destination Host Unreachable".
The strange thing is that it seems completely random as to what phones are up or down. On all switches there are connected phones with both working and non-working connections to CUCM.
To try to pinpoint the fault I chose 2 devices on the same switch and compared the config for each interface, one that has connectivity and is registered, and one that does not have connectivity and is unreachable.
Everything seems to be identical so I can't see what causes this error on the one, but not on the other.
Also when I ping the ip phone with no connectivity to CUCM from any of the switches, the ping is successful.
Anyone know what could be the cause of this behaviour?Hello and thank you for your time.
The phones get there IP’s from a DHCP Server (Not the built in one in CUCM, but an external server). I have tested that the DHCP process works by powering off a phone (one of the phones with connectivity issues), deleting the lease, and then powering the phone back on and seeing the device request and receive a new lease.
There is only one CCM group active and both servers are in this group with the Publisher as highest priority server. All phones are in the same Device Pool attached to this group.
There are a lot of warnings regarding dbReplication & missing node due to the subscriber being gone. Also there is an issue with NTP server (see below). I will post more on this tomorrow morning.
I have also attached the console log from one of the phones that can't register.
NTP Alert:
At Tue Jan 13 21:24:10 BRST 2015 on node 192.168.50.2; the following SyslogSeverityMatchFound events generated: SeverityMatch : Critical MatchedEvent : Jan 13 21:23:49 CUCMPUB user 2 ntpRunningStatus.sh: Primary node NTP server; 192.168.50.6; is currently inaccessible or down. Verify the network between the primary and secondary nodes. Check the status of NTP on both the primary and secondary nodes via CLI 'utils ntp status'. If the network is fine; try restarting NTP using CLI 'utils ntp restart'. AppID : Cisco Syslog Agent ClusterID : NodeID : CUCMPUB TimeStamp : Tue Jan 13 21:23:49 BRST 2015 SeverityMatch : Critical MatchedEvent : Jan 13 21:23:53 CUCMPUB user 2 ntpRunningStatus.sh: The local NTP client is off by more than the acceptable threshold of 3 seconds from its remote NTP system peer. The normal remedy is for NTP Watch Dog to automatically restart NTP. However; an unusual number of automatic NTP restarts have already occurred on this node. No additional automatic NTP restarts will be done until NTP time synchronization stabilizes. This is likely due to an excessive number of VMware Virtual Machine migrations or Storage VMotions. Please consult your VMware Infrastructure Support Team. AppID : Cisco Syslog Agent ClusterID : NodeID : CUCMPUB TimeStamp : Tue Jan 13 21:23:53 BRST 2015 -
Wi-Fi Connection Issue at Startup When NAS configured as Login Item
Hi!
I recently ran into internet connection issue during startup. I managed to find the culprit (it's the firewall) but I believe there should be more behind just blaming the firewall for it.
Before I go any further, it would be best if I try to explain the setup that I have. Also, note that I'm a newbie when it comes to terms like DHCP, IP address, IPv4, IPv6, etc. I think I may have an idea what they do, but I'm not quite sure whether that idea jibes with the real thing. Whatever. Anyways, here's the setup.
For the internet connection at my place, I use a Cisco wifi router and an Airport Extreme Base Station. The Cisco router has been set up to have its own wi-fi network, while the Airport Extreme Base Station is connected to the Cisco router using ethernet. I set up a separate wi-fi network for the Airport Extreme Base Station and almost all of my devices are connected using the Airport Extreme's wi-fi network.
I have 3 external hard drives connected to a USB hub, which in turn is connected to the Airport Extreme base station.
2 Macbooks. One is a white, late 2007 MacBook running Lion. The other is a MacBook Pro running Mountain Lion. I turned the firewall on for both Macbooks.
Initially, there was no problem connecting to the internet and also the 3 external hard drives from the Airport Extreme. I did the wireless connecting to the external hard drives manually after startup (open finder > navigate to airport extreme at the sidebar > click on the hard drives one by one until the eject icon and folders are shown). You can imagine how soon this got annoying for me (yeah, I shutdown my macbooks everytime I finish with them, it's a habit). So I put these external hard drives as a login item at startup (in the system preference setting for accounts) so that I won't have to do this everytime I start my macbooks.
This is where it got interesting.
For my MBPro, during startup the wi-fi icon at the menu bar will show that it was trying to connect and then the '!' symbol is shown. When I go to system preference > network, there was a message about self-assigned IP. I notice that it starts with 169, which is not the usual IP assigned to devices in my home network. This, however, usually did not last long. Soon enough the '!' symbol is gone and the wi-fi connection becomes normal with finder windows popping up showing folders for the external drives. It's a minor annoyance, waiting for the '!' symbol to go away (I think it got something to do with DHCP settings sent from the router and the self-assigned IP address, but again I'm not sure), but at least the MBPro can connect in the end.
For my white MB though, things didn't go well. The '!' remains in the wi-fi icon and there was no internet connection, no matter how long I waited. Even after removing the external drives from login items the problem persists during startup. If I remember correctly sometimes there is a pop-up saying that the computer could not connect to the airport extreme server (this also happens on the MBPro).
I initially tried resetting the wi-fi setup (removing the network from the list of known network in system preference > network, removing the wi-fi network password from keychain access) to no avail (in both macbooks). As mentioned above, I also tried to remove the network hard drives from login item but even after that the connection problem persisted in my white Macbook, while the MBPro initially showed the same symptom before finally managing to connect with the proper IP address.
Finally, after googling through forums some people suggested that turning off the firewall might work. I did so, and voila, it did remedy the situation. Both Macbooks manage to connect to the internet during startup without any fuss, and both even manage to connect to the network drives during startup (I put them in again as login items to see if it would cause further trouble).
So, the firewall was the culprit. But it only started acting up AFTER I put the network drives as login items.
Can anyone explain the cause of this?
Anyways, thanks for reading!Make sure you are using the passkey found on the Homehub and not your email password. You may need to "Forget" the connection on the phone and scan again then enter passkey.
-
Cisco Movi 4.2 Presence issues.
Hi Experts,
I did a search and saw that similar question was asked various times. However, it did not applied in my scenario. I am having a Cisco Telepresence VCS Expressway starter pack running on X6.1 firmware.
I was login to my Movi account and saw "User 1" is online under my favourite list. When I tried connecting to "User 1", I got the error "Call failed - The user could not be found. The user is offline or does not exist" (User 1 was never online).
I logout my Movi accounrt and login again. This time round, "User 1" is offline.
The other time was "User 2" saw "User 3" was in Busy status but "User 3" was never online. User 2's PC was rebooted and re-login into Movi and saw User 3 offline.
Anything that I should do to overcome this?
ThanksHi,
Is there any reason why use "Treat as Authenticated" instead of "Check
Credentials"?, We notice that when set to "Treat As Authenticated", user
can login with any password? Our default zone is set to "Check
credentials". Please advise, thanks.
Best regards
Yeoh Wee Nam, CTS-D
aljaiswa
05-04-12 11:37 AM
Please respond to
"[email protected]"
To
Tandberg SUPPORT/NETe2Asia@NETe2Asia
cc
Subject
- Re: Cisco Movi 4.2 Presence issues.
Home
Re: Cisco Movi 4.2 Presence issues.
created by Alok Jaiswal in TelePresence - View the full discussion
Hi Wee,
I addition to what Magnus has pointed out i would like you to check the
bug "CSCtt34812".
The condition you were saying could be related to bug mentioned where the
MOVI after deregistering doesn't publish its OFFLINE status and shows
online. I can't say much but it would be more clear with logs.
workaround: Change the Default Zone's authentication policy from "Do Not
Check Credentials" to "Treat As Authenticated"
for more details refer to Cisco BUG tool kit and check the release notes
for Cisco Jabber 4.3
http://www.cisco.com/en/US/docs/telepresence/endpoint/movi/release_note/Jabber_Video_Release_Notes_4-3.pdf
The bug would be fixed in combination of x7.x and jabber 4.3
Thanks
Alok
Reply to this message by going to Home
Start a new discussion in TelePresence at Home -
I currently have DSL access with a Westell A90-750015-07 router and a Cisco wireless adapter. I seem to have issues connecting at times to the Internet, especially since we had a recent storm. One night I'm able to get on, the next I can't. And when I am able to go online, it is usually after several tries. My computer is in the bedroom and the router is in the kitchen, which may have something to do with the connection issue because there is not a closer jack.
Usually what I end up doing is turning off the computer, restarting, or shutting down completely, turning off the router and taking the adapter out and turning back on. Usually I could then get back on, but seems a hassle.
Since I got on now, the connection has stayed on, thankfully. Sometimes it goes while I'm on, then will come back on. It's a pain because it's been like this consistently.
I have a networking cable, however, it's been a while since I used it. Verizon's Technical Support helped me the last time. I'm not sure if something needs to be reconfigured since the storm so this does not keep happening. They did something while the cable was plugged in, then I was able to go back to using the wireless adapter to connect. I don't suppose anyone would have instructions. I'm also unsure which one it gets plugged into. I believe it's Ethernet on my HP desktop, but on the router I'm unsure which one it goes into, like E1/Uplink, E2, E3, or E4/Data. I tried earlier with all of them, even turned the router off, then would restart the computer but nothing happened.
Any guidance would be much appreciated.
Solved!
Go to Solution.Ok.
#1 An original or very old style NID with a spark gap and ground wire can even get spiders in it that could cause an issue. Inspect the NID first before thinking of changes or wiring.
http://en.wikipedia.org/wiki/Network_interface_device
http://en.wikipedia.org/wiki/Demarcation_point
Running a good quality wire CAT5, no need for CAT6, directly to the NID for the DSL modem jack may help. That is what I had done with mine. Depending on the number of loads or amount of wire in the house could also cause issues. But if the user's signal quality is not being pulled low due to a wiring issues, it would usually indicate a problem elsewhere. Unless there was noise being picked up on the premises wiring. Wire DSL directly to the NID and install a filter there for all other in house wiring may help. There used to be available what was called a NID Filter, and I am sure you can still get them.
Ideal Connection if house wiring is an issue, or very old, and lengthy. Install a filter / splitter at the NID.
Run CAT5 directly to the NID location, and install a dedicated jack for the DSL modem.
Remove all in house wiring from the NID.
Connect piece of CAT5 from the NID to the filter / splitter input
Connect all existing phone lines to the phone side of the filter output.
Connect the new DSL CAT5 directly to the NID before the filter / splitter, or to the DSL side of the filter / splitter, depending on the device purchased.
This will take all the existing premises wiring out of the picture unless there is a short circuit or excessive load somewhere in the house.
At this point all the single filters could be removed because the DSL is filtered at the NID.
http://www.homephonewiring.com/dsl.html
#2 You can test outbound to Giganews. But giganews has/had a test that will check your inbound connection from their servers to you.
I heard from another user that
Giganews is being watched very closely because of multipart binaries, and pirated material. MP3s and Video Content. 7 years ago you could get 10-20 MP3 albums in a single day, and that was with a 15/5 fios connection. So they started providing an encrypted connection service for an added fee. I have not messed with news groups for a very long time. Now with deep packet inspection, and other enforcement, I would not even think of it. No news I want there. But there may be content that people want? They may even be checking and limiting speed from that domain. Never tested. But let me see. It looks as if reverse trace routes and speed tests are being blocked by Verizon from Giganews to my router.
Reverse Traceroute
Tool news.giganews.com
traceroute to *.*.*.*, 30 hops max, 60 byte packets
1 gw1-g-vlan201.dca.giganews.com (216.196.98.4) 0 ms 0 ms 0 ms
2 te0-0-0-7.mpd22.iad02.atlas.cogentco.com (38.122.67.49) 0 ms 0 ms te0-7-0-9.mpd22.iad02.atlas.cogentco.com (38.122.62.193) 0 ms
3 te0-0-0-4.ccr21.iad02.atlas.cogentco.com (154.54.31.105) 0 ms 0 ms te0-2-0-0.ccr21.iad02.atlas.cogentco.com (154.54.31.101) 0 ms
4 uunet.iad01.atlas.cogentco.com (154.54.13.138) 28 ms verizon.iad01.atlas.cogentco.com (154.54.10.226) 40 ms uunet.iad01.atlas.cogentco.com (154.54.13.138) 28 ms
5 0.ae1.RES-BB-RTR2.verizon-gni.net (152.63.32.157) 41 ms 41 ms 0.ae2.RES-BB-RTR1.verizon-gni.net (152.63.34.22) 13 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * Max number of unresponsive hops reached (firewall or filter?)
#3 Have the provider run a local loop test to see if any problems are indicated. If there are, then they could run the test with everything in the house disconnected, except the new DSL modem connection. If issues are still indicated, then the DSL provider needs to make connections on the local loop. Another user told me that they had issues when it rained, and it was because construction had left a splice box open on a line somewhere.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button. -
Hi all,
I am trying to bring up my first N1KV in a lab environment and I am having some weird connectivity issues. Hope someone can help !!
I've been working together with our VM team and we have the following installed and configured. We have ESX 4.1 installed on an HP DL360 G7 with 4 NIC's and the VMNic's are assigned as follow.
- vmnic0 to vSwitch0 with the following portgroups (Service Console, N1KV-Control, N1KV-Mgmt, N1KV-Packet and VMKernel) and all portgroups are in the same VLAN.
- vmnic1 to vSwitch1 for vMotion traffic
- vmnic2 to vSwitch2 for VM data
- vmnic3 to vSwitch3 for VM data
I have VSM and VEM version 4.2(1)SV1(4) installed on the same ESX host and connected to vCenter with the following port-profile and svs-domain configured. I am using L3 mode for VSM and VEM communication I believe this is what Cisco recommends going forward.
port-profile type ethernet system-uplink
vmware port-group
switchport mode access
switchport access vlan 7
no shutdown
system vlan 7
description ServiceConsole-Contrl-Packet-Mgmt
state enabled
port-profile type ethernet vMotion-uplink
vmware port-group
switchport mode access
switchport access vlan 21
no shutdown
description vMotion uplink
state enabled
port-profile type ethernet W0AA0159-VM-Data-Uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 8,99
channel-group auto mode active
no shutdown
description W0AA0159 VM Data Uplink
state enabled
port-profile type vethernet VM-Data-VLAN8
vmware port-group
switchport mode access
switchport access vlan 8
no shutdown
description VM Data VLAN8 Server Farm
state enabled
port-profile type vethernet VM-Data-VLAN99
vmware port-group
switchport mode access
switchport access vlan 99
no shutdown
description VM Data VLAN99 Web-App Server Farm
state enabled
port-profile type vethernet vMotion
vmware port-group
switchport mode access
switchport access vlan 21
no shutdown
description vMotion
state enabled
port-profile type vethernet System-Console
vmware port-group
switchport mode access
switchport access vlan 7
no shutdown
system vlan 7
description vMotion
state enabled
port-profile type vethernet L3vmkernel
capability l3control
vmware port-group
switchport mode access
switchport access vlan 7
no shutdown
system vlan 7
state enabled
svs-domain
domain id 101
control vlan 1
packet vlan 1
svs mode L3 interface mgmt0
Here is my problem:
When I move vmnic0 to the system-uplink port-profile with N1KV-Control, N1KV-Mgmt, N1KV-Packet map to System-Console port-profile, and VMKernel maps to L3vmkernel port-profile, all seems to work fine at this point. I can see the VEM comes online and all is good. But when I start moving the second vmnic over (either vmnic1, vmnic1 or vmnic3 don't matter) all hosts got disconnected, vCenter shows all hosts disconnected. And the only way to bring the environment back is to log into ESX and run ESX commands to delete and recreate the vmnic's then map them back to vSwitch.
Has anyone ran into this issue before ? Could it be that vmnic is assigned to the vSwitch that you can't move it over to the N1KV ?
Thanks in advance !!! I appreciate any inputs / suggestions !!!
D.Hello,
We need additional information to further investigate this behavior. Please open a TAC service request with following logs after re-creating the issue.
VSM log file ( SSH session output file )
show tech-support svs | no-more
VEM log bundle
SSH into ESXi host and execute " vem-support all " command
Padma -
BTFORN/OPENZONE Connection issue via laptop (ok on...
Hi all, I know there are a few issues about connetcign to the hotspots - But I am able to conenct via the wireless on my iphone via a hotspot, but on my laptop I get the yellow circle with explantaion mark when trying to connect via my laptop (I am away from home for a few weeks) any suggestions, its says I'm connected to the hotspot but not the internet.
Thanks allAlso look at this:
https://supportforums.cisco.com/docs/DOC-17314
Issues with IPSEC-VPN client and Verizon VZ4G LTE network
VERSION 2
Introduction
Core Issue
Resolution
Introduction
This document explains why IPSEC VPN clients don't work on Verizon 4g network.
Core Issue
The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem.
Resolution
Based on suggestions made by Verizons it seems as though the following things need to be attempted:
1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents:
a. IPSEC over NAT-T on IOS devices
b. IPSEC over NAT-T on ASA
2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents:
a. IPSEC over TCP on IOS devices
b. Enabling IPSEC over TCP on ASA
3. Use Anyconnect rather than IPSEC
4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications. -
RV320 Intermittent connectivity issues
We have been having intermittent problems with internet (WAN) connectivity on my wife's small business computer network. Connectivity will be fine for a day or so, and then we will have a period of poor and frequently interrupted connectivity. I have our router (a Cisco RV320K9NA) set to send me notifications about problems, and when our internet connection is disrupted, I receive the following notifications from the router:
Mar 28 07:31:11 2015 routeree1df4 Network Log: NSD FAIL WAN[1]
Mar 28 07:32:11 2015 routeree1df4 Network Log: NSD SUCCESS WAN[1]
Mar 28 07:36:05 2015 routeree1df4 Network Log: NSD FAIL WAN[1]
Mar 28 07:39:08 2015 routeree1df4 Network Log: NSD SUCCESS WAN[1]
Mar 28 07:39:48 2015 routeree1df4 Network Log: NSD FAIL WAN[1]
Mar 28 07:40:58 2015 routeree1df4 Network Log: NSD SUCCESS WAN[1]
The above is a sample, there are many more notifications of this type in the log.
Our network configuration is as follows:
Our internet provider's cable modem is connected to our router, which is connected to a Netgear ProSafe 24 port switch. All of our network devices and computers are connected to the switch.
We have tried many things to fix this problem. Our internet provider (Time Warner) has replaced their cable modem. We have replaced our router. My wife increased the speed of our network connection based on usage data from the internet provider. I have replaced the ethernet cable between the router and the cable modem.
We have not been able to reproduce the connectivity problem when we directly connect a laptop to the cable modem, so the internet provider has decided that the issue must be internal to our network and/or router, washing their hands of the whole problem.
I'm technically proficient, but I'm no networking technician, so I'm looking for help and suggestions to fix this problem. Thanks in advance for any suggestions that you can offer.No, it was wireless. Here is the same test run whilst wired in. I don't understand this though. I wasn't complaining about the speed? I was complaining about the general intermittent connectivity issues we experience, and the regular lack of availability the service provides. Perhaps these are standard tests you have to run beforehand?
The last time I complained about my connectivity issues was in February. If you have access to the ticketing tool, you'll be able to see the nature of my complaint. It was ticket number: VOL051-4263008159178. Something was "done at the exchange" and someone logged onto my HH3 and changed the wireless channel and that "fixed" it. Trouble is, it's been the same ever since. We have a few hours where the connection is stable, then we'll start to get packet losses when trying to connect to sites like Google.co.uk, Bt.com etc etc.
I'm no expert, but this is clearly more than an issue with the wireless channel and some spurious problem at the exchange. This is a continuing nightmare for us which is preventing us from accessing the internet for hours at a time and therefore taking full advantage of the services we pay a lot of money for! -
Wireless Connectivity Issue with 802.11n.
We have a 5508 Controller and sixteen 1142 APs.
Several of our laptops were experiencing connectivity issues over Wireless. Older laptops that do not support 11n are not having any problems.
I disabled 802.11n for both 'a' and 'b/g' in the Controller. Now the newer laptops connect with no issues.
They would in fact connect to the APs while 11n was available, just no Internet Access - (cannot ping DG, etc). Disabling/Enabling the laptop WL adapter would allow brief access (sometimes), but they'd quickly lose Internet Access once again.
Our WLANs are configured for WPA2/AES.
This looks like a 802.11n configuration issue at either the Controller or the Laptops (or both). Both are using the Default settings for 801.11n.
Any recommendations for correcting this? Are there best practice guidelines for configuring 802.11n?
Thanks.
- JayConfigure 802.11n on the WLC
http://www.cisco.com/en/US/customer/products/ps6366/products_tech_note09186a0080a3443f.shtml -
WAP2000 and iPhone connectivity issues?
I have several WAP2000 (Firmware 2.0.0.5), and while they work fine for PC's, iPhones, iPod touches cannot connect to them.
Well, they connect briefly, get an IP address from the router, and immediately drop the connection to re-connect again.
I have tried changing channels, eliminating all but one of the AP's, and so forth.
Has anyone else had issues with this firmware? I see posts where people are saying their iPhones connect up fine. This happens on versions 3.x and 4.x of the iphone O.S. It's not limited to one iphone or ipod touch; we've tried several.
If anyone else is running 2.0.0.5 of the firmware and they are having success with an iphone, can you please tell me your settings?
Thanks in advance!
--GregGreg,
I think I have the same problem but with a Blackberry Storm 2. (I posted in the last two days--Look for WAP2000 and Storm 2) I see the Storm 2 connect successfully to the WAP2000 but then never establish a connection to the Blackberry Enterprise Server (BES)...Necessary to do anything useful with a Blackberry device. A few months aga (Before I had my Storm 2) I had borrowed an iPhone for a week. During that time I tried to use my WiFi but it never seemed to work (ie Established a WiFi link but then couldn't do anything else with it.). Since I didn't have it long and WiFi wasn't the object of my testing I ignored the problem. Now troubleshooting my Storm 2 problem and realizing that other WiFi devices on my network have been experiencing issues (the Storm 2 appears to have been most impacted) it is very likely that the iPhone I borrowed was experiencing the same problem.
You can read my previous post but a quick summary--> When I used a packet analyzer (Wireshark) I saw that my router was issuing ARP address discovery broadcasts to the Storm 2's IP address but the Storm 2 was not responding. I had tested the same setup with a different wireless access point (Linksys WAP54G) and saw the Storm 2 properly respond (and the Storm 2 worked perfectly when connected to the WAP54G). I concluded that the WAP2000 was either not forwarding the ARP broadcast to the Storm 2 or it was not forwarding the Storm 2's response back to the LAN.
I created a work around the now allows my Storm 2 (and multiple other devices) to function successfully on the network. I have a Cisco ASA5505 firewall that has a ststic ARP table and is capable or proxy-arp (ie. It can respond to ARP requests on behalf of devices on the network). I simply created an entry for my Storm 2 and now it functions properly. I also had a laptop and an IP security camera that had intermittent connectivity issues. When I added static ARP entries for these items their problems disappeared as well.
I don't think this is a settings issues so I am hoping Cisco confirms this as a bug and issues a firmware update.
I hope this helps.
--Gerhard Wittreich -
Windows 8 - AnyConnect 3.0.2052 - Connection Issues
Hello,
I have connection issues with AnyConnect 3.0.2052 on Windows 8.
I have a brand new Samsung Ativ Ultrabook here running Windows 8 Professional.
The same AnyConnect client version runs fine on Windows 7, but I can't get it working on the Samsung with Win 8.
After clicking Connect in the client and typing in the username and pw I see the welcome message and accept it, then I get the message
AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
After clicking OK it shows
The VPN client driver has encountered an error. Please restart your computer or device, then try again.
The message history shows "Establishing VPN - Attempting to repair VPN Adapter..."
Restarting the computer doesn't help.
I already tried the registry hack and imported the certificate as described here
http://vipinvgopal.com/cisco-anyconnect-vpn-client-connection-error-in-windows-8/
ICS is not activated.
I run a ISA 570W and I'm not allowed to download other AnyConnect clients from the download center, for whatever reasons...
As I said, other computers are working fine, so I'm sure it's a problem with Windows 8.
Any ideas?
Kind regards,
DominikI installed the latest version of AnyConnect.
However after clicking Connect in the client I now immediately get the error
Connection attempt has failed due to network or PC issue.
I don't even get the dialog for username and pw
I already disabled Avira Professional and explicitly allowed the AnyConnect client in the Windows firewall settings to make connections, but with the same effect.
When I browse the server address in IE or firefox on the same notebook it's working fine and also clients on other notebooks are working with the server.
Maybe you are looking for
-
Creation of Outbound delivery with respect to sales order
Hi Gurus, I am an Abaper. I have a requirement to create outbound delivery with respect to sales order. Currently I have the purchase order details. My coordinator has given me a logic. From the Purchase order, we have to get the Purchase requisiti
-
Help: Custom Web Gallery Themes
I'm currently creating web galleries for clients as I import images into Aperture, and using the "Proof" theme, but it's only available with a white background. I'd prefer a black background, but the only theme I can find is the Stock theme. Can I cr
-
Batch change of times in iPhoto 6 ?
Is there an easy way to adjust the time of a batch of photos (say, all photos +2 hours). I had taken photos in another time zone but forgot to change the camera's time. I could not do this batch change in iPhoto 5, so I was hoping for it in iPhoto 6.
-
I cannot get past a box that says "cannot verify server identity"
-
How to prevent contacts from moving?
Recently my LYNC 2013 settings on my primary PC at work seem to have an issue. During every logon, my contacts "shuffle around" in that they're still all present and viewable but they appear in different contact lists. The problem is compounded by th