Cisco Lightweight AP - Belkim WeMo Connectivity
Hello ... has anyone had any success Connecting Belkin WeMo Devices (Light Switch) to a Cisco Lightweight Access Point Infrastructure?
I have a Cisco WLC 5508 w/ Software v7.4.121 and Cisco 1262's AP's. I am using WPA2 Personal on the WLAN I am trying to get my Belkin WeMo Light Switch be able to associate to the WLAN and communicate to Tablets/Smartphones (iOS and Android) that support the Belkin Wemo App.
I get to the point of setup that the Belkin Wemo Device associates to the WLAN however I cannot communicate to it via my Smartphone and/or Tablet via the APP. I can however ping the WeMo Device on the network.
P2P Blocking Action is disabled on the WLAN.
Hello Rasika,
As requested listed below is the show wlan information.
(Cisco Controller) show>wlan 5
WLAN Identifier.................................. 5
Profile Name..................................... Guest
Network Name (SSID).............................. Guest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 23
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... WLC5508-U1
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ guest
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
--More-- or (q)uit
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
--More-- or (q)uit
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
--More-- or (q)uit
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Similar Messages
-
Hi, I need your help..
I'm telecommunication technician, in my job we have CISCO 10008 routers, there's connected to DC Power by DC PEM sources. There's powered by -52Vdc, but there's a problem, sometimes occurs failures, ESR-HH-GE cards suddenly crashes, the FAIL led is on and that's yellow color, but it doesn't works. We replace cards for this cases, and the service is OK, but this occurs again in the same slot or different slots, each 2 or 3 months aprox., or maybe one. Thanks for your help.Duplicate posts.
Go here: http://supportforums.cisco.com/discussion/12185941/hi-i-need-your-help-im-telecommunication-technician-my-job-we-have-cisco-10008 -
Cisco desktop agent fail to connect to CCX7.0
Hello,
Please we occure a problem that the Cisco desktop agent fail to connect to CCX 7.0 extension Agent ID not found.
regardsWe're currently seeing the same issue with only two Agents. When you look at the Agent's call log, it shows a reason code of Ring No Answer. This would lead me to believe that UCCX is attempting to pass calls to the Agents, but the phone never rings. Anyone else seeing this?
We're running UCCX 8.0.2 and CAD ver 8.0.2.300. -
Cisco Jabber 9.2.1 connect LDAP fail
Hi all,
I am using CUCM 9.1 and CUP 9.1
Here is my UC service settings
Product type : Enhanced Directory
Port : 389
Protocol : TCP
Connecction Type: Ldap
Serivce profile has been created and assigned to the end-user
If I use CUPC8.5 and 8.6, it can connect to LDAP successfully
However, if using Cisco Jabber 9.2.1 (window), it cannot connect to AD
in "Show Connection service", it shows
Status : Unknown
Reason : Unknown
Is there any missing configuration for Jabber 9.2.1
Thanks in advance
SamHave you configured the jabber-config.xml file?? That configuration you have is not for Jabber, if you haven't, review the configuration guide for details.
Sent from Cisco Technical Support iPad App -
Cisco ASA 5505 - 2 PPPoE connection
Hi,
Please I would be very pleased if someone could give me a hand in this matter.
I have a Cisco ASA 5505 9.0(2), 2 dial-up connection (ADSL) with fix IP from the same ISP. I have 2 Linksys router (each dial-up has a router) as well. Both Linksys are connected directly to ASA configured in bridge mode.
I set up one dial-up on interface called “outside” with PPPoE configuration which is, in fact, up and running. I’m able to get my fix public IP.
My problem come from when I try to set up the second dial-up on interface called “outside-other”. I configure properly all PPPoE parameters however I’m not able to get my second fix public IP. Somehow, it’s not able to establish a connection with the ISP. (PPPoE session has not been established yet)
This could be useful information: the PPPoE Username is the same in both dial-up connection (given by my ISP).
I hope someone can shed light on this issue.
Thanks in advance,
Apologies for my lack of awareness.
AntonioHi,
This is my schema:
connection A ( interface outside) --> DSL --> Router Linksys mode bridge --> Cisco ASA , up and running with IP fix.
connection B ( interface outside-other) --> DSL --> Router Linksys mode bridge --> Cisco ASA, down : Status PADR_SENT
I tried to use two different VPDN_groups for the two connections A and B. However, B is still not working. Just one of them is able to get IP from ISP, connection A.
When I set up the Linksys router (connection B) in PPPoE, the connection works and get an IP fix from ISP.
What I want to do is set up a VPN on connection B so I need to configure this second dial-up on Cisco ASA. I cannot use connection A due to security reasons.
Thanks -
How to Configure an Cisco 5505 for PPTP VPN connectivity
I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
*Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.Hi,
Below is the link to the admin guide for the RV042. Chapter 9 covers the configuration of site to site VPN’s and begins on page 123.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
Thank you,
Jason Nickle -
Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1 172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 117.239.xx.xx
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.2/32 is directly connected, Loopback0
C 10.10.7.0/24 is directly connected, FastEthernet0/1
L 10.10.7.1/32 is directly connected, FastEthernet0/1
C 10.10.8.0/22 is directly connected, FastEthernet0/1
L 10.10.10.1/32 is directly connected, FastEthernet0/1
117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 117.239.xx.xx/28 is directly connected, FastEthernet0/0
L 117.239.xx.xx/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/22 is directly connected, FastEthernet0/1
L 172.16.0.1/32 is directly connected, FastEthernet0/1
172.18.0.0/32 is subnetted, 1 subnets
S 172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
117.239.xx.xx 49.206.59.86 QM_IDLE 1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: giet-vpn, local addr 117.239.xx.xx
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
current_peer 49.206.59.86 port 50083
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x550E70F9(1427009785)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5668C75(90606709)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550169/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550E70F9(1427009785)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550170/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance.... -
Cisco 2504 OEAP NAT directly connect AP's no ip
I setup my 2504 to work with OEAP. When I enabled NAT on the management interface the one AP I have directly connected to the WLC is no longer getting an IP address. Any idea why this is?
First, it is not recommended to have an AP directly connected to the WLC, you really need to connect it to an upstream switch and let it connect that way.
My first thought would be that you need to take a look a the below link that talk about how the NAT ip commands work.
http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/command/reference/cli70MR1commands.html#wp14087790
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Cisco ip phone 7960 cannot connect to call manager express
The 7960 ip phone seems not to connect to the call manager express
router and i have already put the firmware and configured the tftp
server,the rest of the phones the 7911`s are all working ok,i have tried
to reset the phone but it doesnt respond to the # key so as to reset to
factory defaults.
I have tried all the options of resetting it but to no avail.
could someone give me some techie tips on this ? could it be a hardware issue ?? please assist.Go to the phone and check if the TFTP server is correct (should be the CME IP address). Also check the DHCP address.
Resetting 7900 Series IP Phones to Factory Defaults:
http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a00800941bb.shtml
Check the bug:
CSCed93627: Not able to reset 7970 back to factory defaults -
I have Verizon Fios for internet, tv and phone. The Verizon Actiontec router is connected with a ethernet cable into my desktop and the internet is up and running. Now I bought a Cisco Linksys WRT54GL Wireless-G Broadband Router, and I wanted to connect it to another desktop two floors up. I set up the Cisco router according to the instructions, but I'm not able to connect to the internet. It shows that my computer was able to get a Local Network connection, but internet connection keeps failing.... I tried changing the IP address. But I'm confused about the whole thing. Is the Default gateway number suppose to be the same for both routers? Is it possible that the Actiontec router isnt giving off a strong enough wireless signal? I'm open for suggestions! Thanks
Mac or Windows machine?
Is the WRT connected directly to the upstairs computer? I don't think you can use the WRT that way?
Have you had a look here?:http://homecommunity.cisco.com/t5/Wireless-Routers/General-Linksys-Router-FAQs/td-p/4286
I THINK you would have to have a WETxx (Ethernet Adapter) instead?
If it connects to the Internet even breifly then I suppose that means your connected but it may be losing the signal and failng. You would porbably have ot get a WAP(Access Point) and use it as a repeater.
I'm a bit rusty on the names so I hope i got them right, hope it helps..... -
Cisco ASA 8.2 55xx connect 2 inside interfaces together
Hi all,
I have some problem with my Cisco ASA 8.2 5510. I have to know how shoud i connect 2 inside interfaces together. I am writing what i have.
I have 5 network connection on Cisco ASA.
1. Interface Ethernet 0/0 - outside 200.200.200.200 255.255.255.240
2. Interface Ethernet 0/1 - 1_firm 10.0.1.1 255.255.255.0
3. Interface Ethernet 0/2 - 2_firm 192.168.1.1 255.255.255.0
4. Interface Ethernet 0/3 - DMZ-Server 10.10.10.1 255.255.255.0 (Just one Server)
5. Management - no need
I have to connect 2 Interfaces, (1_firm) with Interface (2_firm). I've tried
"route 1_firm 192.168.1.0 255.255.255.0 10.0.1.1" ,
but i resiving following error "Cannot add route,connected route exists".
But i have no route configuration. What i have cheking? Or maked i some wrong?
Thank you for your helpHi Jennifer,
Thanks for your answer.
Sec. Level 90 .
Can you write me correct NAT and exeption configuration? That is my conf.
This is my test Firewall system
ciscoasa(config)# sh run
: Saved
ASA Version 8.0(2)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface Ethernet0/0
nameif outisde
security-level 0
ip address 200.100.100.200 255.255.255.240
interface Ethernet0/1
nameif vpm
security-level 90
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/2
nameif wundplan
security-level 90
ip address 10.0.1.1 255.255.255.0
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/4
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/5
shutdown
no nameif
no security-level
no ip address
passwd 2KFQnbNIdI.2KYOU encrypted
boot config disk0:/.private/startup-config
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list wundplan_access_in extended permit ip 10.0.1.0 255.255.255.0 any
access-list vpm_access_in extended permit ip 192.168.1.0 255.255.255.0 any
access-list outisde_access_in extended permit ip any 200.100.100.192 255.255.255.240
access-list wundplan_nonat extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outisde 1500
mtu vpm 1500
mtu wundplan 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
global (outisde) 101 interface
global (wundplan) 1 10.0.1.0 netmask 255.255.0.0
access-group outisde_access_in in interface outisde
access-group vpm_access_in in interface vpm
access-group wundplan_access_in in interface wundplan
route outisde 0.0.0.0 0.0.0.0 200.100.100.199 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.0.1.0 255.255.255.0 wundplan
http 192.168.1.0 255.255.255.0 vpm
http 10.0.0.0 255.255.255.0 wundplan
http 192.168.0.0 255.255.255.0 vpm
http redirect wundplan 80
http redirect vpm 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:5cd35a1417360a176153562a9c67e266
: end
Thynk you very mach. -
Cisco 1811W stopped allowing wireless connection of domain laptops
I have a Cisco 1811W that after several years in service suddenly stopped allowing any wireless connection to laptops on the domain. It allows hard wired connections and devices that are just using the wireless hot spot like iPads and Iphones but not devices on the domain. These same laptops connect wirelessly without issue at our other facilities which use the same hardware.
Here is the config file...
Here is the config file of the router in question...
router#show run
Building configuration...
Current configuration : 11776 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year
service password-encryption
hostname xxx
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 4096
no logging console
enable secret 5 xxxx
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
crypto pki trustpoint TP-self-signed-1083484987
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1083484987
revocation-check none
rsakeypair TP-self-signed-xxxx
dot11 syslog
dot11 ssid xxxx
vlan 44
authentication open
authentication key-management wpa
wpa-psk ascii 7
dot11 ssid xxxx
vlan 144
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address xxx.xxx.xxx.xxx
ip dhcp excluded-address xxx.xxx.xxx.xxx
ip dhcp excluded-address xxx.xxx.xxx.xxx
ip dhcp pool xxx-LAN
networkxxx.xxx.xxx.xxx 255.255.255.0
domain-name xxxx
dns-server xxx.xxx.xxx.xxx
default-router xxx.xxx.xxx.xxx
lease 0 2
ip dhcp pool VLAN44
network xxx.xxx.xxx.xxx 255.255.255.0
default-router xxx.xxx.xxx.xxx
domain-name xxxx
dns-server xxx.xxx.xxx.xxx
lease 4
ip dhcp pool VLAN144
network xxx.xxx.xxx.xxx 255.255.255.0
default-router xxx.xxx.xxx.xxx
domain-name xxxx
dns-server 12.127.16.67 12.127.16.68
lease 4
ip cef
ip domain name xxxx
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip inspect tcp reassembly queue length 24
ip inspect name IPFW tcp timeout 3600
ip inspect name IPFW udp timeout 15
ip inspect name IPFW ftp
ip inspect name IPFW realaudio
ip inspect name IPFW smtp
ip inspect name IPFW h323
ip inspect name IPFW ftps
ip inspect name IPFW http
ip inspect name IPFW https
ip inspect name IPFW icmp
ip inspect name IPFW imap
ip inspect name IPFW imaps
ip inspect name IPFW irc
ip inspect name IPFW ircs
ip inspect name IPFW ntp
ip inspect name IPFW pop3
ip inspect name IPFW pop3s
ip inspect name IPFW radius
ip inspect name IPFW sip
ip inspect name IPFW sip-tls
ip inspect name IPFW ssh
ip inspect name IPFW telnet
ip inspect name IPFW telnets
ip inspect name IPFW vdolive
ip inspect name IPFW webster
ip inspect name IPFW dns
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
file prompt quiet
username admin password n
username laneadmin password n
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 5122662533fedcbabcdef address 12.97.225.232
crypto isakmp key 5122662533fedcbabcdef address 12.97.224.120
crypto isakmp key 5122662533fedcbabcdef address 12.97.225.152
crypto isakmp key 5122662533fedcbabcdef address 12.97.230.154
crypto isakmp key 5122662533fedcbabcdef address 12.97.225.226
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES256-SHA-LZO esp-aes 256 esp-sha-hmac comp-lzs
crypto ipsec df-bit clear
crypto ipsec profile SITE-to-SITE-DMVPN-Profile
set transform-set ESP-AES256-SHA
crypto ipsec client ezvpn ezvpn-client
connect auto
mode client
xauth userid mode interactive
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
path scp://cisco:wrs-.o#d8Au8M@fs00/$h-$t
write-memory
ip ssh version 2
bridge irb
interface Loopback0
ip address 1.1.1.5 255.255.255.252
interface Tunnel0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
ip nhrp map xxx.xxx.xxx.xxx 12.97.230.154
ip nhrp map multicast 12.97.230.154
ip nhrp map xxx.xxx.xxx.xxx 12.97.225.226
ip nhrp map multicast 12.97.225.226
ip nhrp network-id 1
ip nhrp nhs xxx.xxx.xxx.xxx
ip nhrp nhs xxx.xxx.xxx.xxx
tunnel source 12.97.225.234
tunnel mode gre multipoint
tunnel protection ipsec profile SITE-to-SITE-DMVPN-Profile
interface Dot11Radio0
no ip address
no dot11 extension aironet
encryption vlan 44 mode ciphers tkip
encryption vlan 144 mode ciphers tkip
ssid XXXX
ssid XXX-guest
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
no cdp enable
interface Dot11Radio0.44
encapsulation dot1Q 44
bridge-group 44
bridge-group 44 subscriber-loop-control
bridge-group 44 spanning-disabled
bridge-group 44 block-unknown-source
no bridge-group 44 source-learning
no bridge-group 44 unicast-flooding
interface Dot11Radio0.144
encapsulation dot1Q 144
bridge-group 144
bridge-group 144 subscriber-loop-control
bridge-group 144 spanning-disabled
bridge-group 144 block-unknown-source
no bridge-group 144 source-learning
no bridge-group 144 unicast-flooding
interface Dot11Radio1
no ip address
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
interface FastEthernet0
description 604 AT&T static IP
ip address 12.97.225.234 255.255.255.248
ip access-group IPFW-ACL-outside-A in
no ip redirects
no ip proxy-arp
ip nat outside
ip inspect IPFW out
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet2
switchport access vlan 4
spanning-tree portfast
interface FastEthernet3
description phone system
switchport access vlan 4
spanning-tree portfast
interface FastEthernet4
switchport access vlan 4
spanning-tree portfast
interface FastEthernet5
switchport access vlan 4
spanning-tree portfast
interface FastEthernet6
switchport access vlan 4
spanning-tree portfast
interface FastEthernet7
switchport access vlan 4
spanning-tree portfast
interface FastEthernet8
switchport access vlan 4
spanning-tree portfast
interface FastEthernet9
description switchport uplink
switchport access vlan 4
interface Vlan1
no ip address
interface Vlan4
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1200
ip policy route-map NONAT-LAN
interface Vlan5
no ip address
interface Vlan10
no ip address
interface Vlan44
description nnn private WLAN
no ip address
ip nat inside
ip virtual-reassembly
ip policy route-map NONAT-LAN
bridge-group 44
bridge-group 44 spanning-disabled
interface Vlan144
description nnn Guest WLAN
no ip address
ip nat inside
ip virtual-reassembly
ip policy route-map NONAT-LAN
bridge-group 144
bridge-group 144 spanning-disabled
interface Async1
no ip address
encapsulation slip
interface BVI44
description Bridge to nnn private WLAN
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly
interface BVI144
description Bridge to nnn Guest WLAN
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly
router eigrp 1
network xxx.xxx.xxx.xxx
network xxx.xxx.xxx.xxx
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 12.97.225.233
no ip http server
no ip http secure-server
ip nat inside source list NAT-ACL interface FastEthernet0 overload
ip nat inside source static tcp xxx.xxx.xxx.xxx 22 interface FastEthernet0 22222
ip nat inside source route-map NO-NAT interface FastEthernet0 overload
ip access-list standard VTY-ACL
permit 192.168.0.0 0.0.63.255
ip access-list extended IPFW-ACL-outside
permit udp any any eq isakmp
permit udp any eq isakmp any
permit esp any any
permit tcp any host 12.97.225.234 eq 23232
permit icmp any any administratively-prohibited
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
deny ip any any
ip access-list extended IPFW-ACL-outside-A
permit tcp any host 12.97.225.234 eq 22222
permit udp any any eq isakmp
permit udp any eq isakmp any
permit esp any any
permit tcp any host 12.97.225.234 eq 23232
permit icmp any any administratively-prohibited
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
deny ip any any
ip access-list extended NAT-ACL
deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 any
deny ip 192.168.44.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.44.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.44.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.44.0 0.0.0.255 192.168.0.0 0.0.0.255
deny ip 192.168.44.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.44.0 0.0.0.255 any
deny ip 192.168.144.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.144.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.144.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.144.0 0.0.0.255 192.168.0.0 0.0.0.255
deny ip 192.168.144.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.144.0 0.0.0.255 any
ip access-list extended NONAT-LAN-RETURNING-ACL
permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.44.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.44.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.44.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.44.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.144.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.144.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.144.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.144.0 0.0.0.255 192.168.0.0 0.0.0.255
ip access-list extended VTY-ACL-A
deny ip 192.168.160.0 0.0.0.255 any
permit ip 192.168.44.0 0.0.0.255 any
permit ip 192.168.144.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit tcp any any eq 22
deny ip any any
logging trap notifications
logging source-interface Vlan5
logging 192.168.0.225
route-map NONAT-LAN permit 10
match ip address NONAT-LAN-RETURNING-ACL
set interface Loopback0
route-map NO-NAT permit 10
match ip address NAT-ACL
snmp-server community XXXsnmppub RO
control-plane
bridge 44 route ip
bridge 144 route ip
banner login ^C
Unauthorized access is prohibited and will be monitored and prosecuted.
If you are not explicitly authorized to access this device, you must
disconnect now.
^C
banner motd ^C
Unauthorized access is prohibited and will be monitored and prosecuted.
If you are not explicitly authorized to access this device, you must
disconnect now.
^C
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class VTY-ACL-A in
password 7 nnn
transport input ssh
line vty 5 15
webvpn gateway webgateway
ssl trustpoint TP-self-signed-1083484987
no inservice
webvpn gateway sslvpn.xxx
hostname www.nnn
ssl trustpoint TP-self-signed-1083484987
inservice
end
router#It was a two fold problem. There is another stronger Wi-Fi signal that exists at the facility from another entity on a different domain that the two laptops were trying to associate to in lieu of the network signal from our 1811. This could only be seen while watching the Intel wireless Proset app NOT the Windows wireless management app. Then by deleting all other old Wi-Fi networks listed in the Intel Proset app except ours it connected. Also set devices to never connect to the other signal. This was not an issue when I brought the laptop to another faciIity without a competing Wi-Fi signal becuase they would connect using the strongest and ONLY Wi-Fi network signal which was ours.
-
Cisco Persistent Chat error when connecting to DB server
When we want to configure it and check the connection it says, is in menu Messaging --> external setup --> external databases (in IM Presence Administrator). We use a postgresql server on linux and can connect to the db via other clients as test. What can be wrong? We did not enable ssl for this connection, you cannot even select ssl, is grayed out!
Verify external database server connectivity (database connection check)
The following Cisco Unified IM and Presence Service node to external database server connections failed:
xxxxx.xxxx.xxx >> pchat (Persistent Chat)
With message:
One or more parameters are invalid. Please check them once again.
If the 'Enable SSL' field is unchecked and the External Database chosen in the 'Database Name' field is SSL enabled, please check the 'Enable SSL' field and choose the certificate that corresponds to the chosen External Database and save your changes.
If the 'Enable SSL' field is checked on the External Database Settings page then the following steps could help resolve the connectivity issue:
Please try refreshing the page after 60 secs of saving the changes.
Please verify if the Certificate chosen in the 'Certificate Name' field is valid and corresponds to the chosen External Database in the 'Database Name' field.
If the problem persists, please restart the Cisco XCP Config Manager Service.Hi,
As mentioned in the following configuration article, for earlier versions of SQL Server where MARS was not an option, the way to configure is to have server-side cursors configured.
(check out the tabulated column next to MARS_Connection for details)
http://www.easysoft.com/products/data_access/odbc-sql-server-driver/manual/configuration.html
To use server-side queries in the connection URL, pls go through this link
http://www.oracle.com/technology/products/jdev/howtos/bc4j/bc_psqlserverwalkthrough.html
But please note that server-side cursors does have a performance overhead.
Let me know if you need more information.
HTH,
Lakshmi. -
Cisco 878 router for ADSL connectivity
Hi All,
I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
controller in 878 rtr. I think i m missing something somewhere.
Below is the config that i have done
controller DSL 0
mode atm
loopback digital
dsl-mode shdsl symmetric annex A
line-rate auto
line-term cpe
line-mode 2-wire line-one
ip cef
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp pool INSIDE-Pool
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 212.77.192.59 212.77.192.60
lease 8
interface ATM0
description (Outside Public Interface)
no shutdown
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
ip address negotiated
no ip redirects
no ip proxy-arp
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname p4411XXXX
ppp chap password qatarXXXX
ppp pap sent-username p44114032 password 0 qatarXXXX
no sh
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip nat inside source list 101 interface Dialer0 overload
access-list 1 permit any
access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permiti have an adsl line
i try to configure the router 878
but no connection ,, kann u tel me how do u have resolve the probleme please
this is the running config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname cisco2
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip cef
ip name-server 212.217.0.1
ip name-server 212.217.0.12
ip name-server 212.217.1.1
ip ddns update method sdm_ddns1
DDNS both
vpdn enable
vpdn-group pppoe
crypto pki trustpoint TP-self-signed-201735762
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-201735762
revocation-check none
rsakeypair TP-self-signed-201735762
crypto pki certificate chain TP-self-signed-201735762
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
quit
username xxxxx privilege 15 password 0 xxxxx
controller DSL 0
mode atm
line-term co
line-mode 4-wire standard
dsl-mode shdsl symmetric annex B
ignore-error-duration 15
line-rate 4608
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
description lan
ip address 192.168.1.5 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
interface Dialer1
ip ddns update hostname xxxx.dyndns.org
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp pap sent-username xxxxx password 0 xxxxx
interface Dialer0
no ip address
ip classless
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip access-list extended to-sip-servers
remark --- traffic to any sip server
permit udp 192.168.1.0 0.0.0.255 any eq 5060
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
control-plane
banner motd ^CINE welcome
banner ^C
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
scheduler max-task-time 5000
end -
Cisco 3725 Router for Internet Connectivity
Hi,
We have en existing Internet connection using our Cisco 3725 router (ISP A). The router does the NAT and here's the existing default route:
S* 0.0.0.0/0 [1/0] via 1.2.3.153
This router has a "16 Port 10BaseT/100BaseTX EtherSwitch".
Now we have a new Internet connection (ISP B). What I did was to configure two ports on the Etherswitch and added route maps:
interface FastEthernet1/0
description "ISP B to provider"
no switchport
ip address 4.5.6.66 255.255.255.252
interface FastEthernet1/1
description "ISP B to my network"
no switchport
ip address 4.5.7.225 255.255.255.248
ip policy route-map ISPBInternetTraffic
access-list 101 permit ip 4.5.7.224 0.0.0.7 any
route-map ISPBInternetTraffic permit 101
match ip address 101
set interface FastEthernet1/0
set ip default next-hop 4.5.6.65
What I want to happen is that when the router sees the traffic coming from the public IPs of ISP B (4.5.7.224 /29) it will direct that to go out ISP B on F1/0.
1. Is my configuration correct?
2. Any suggestions, recommendations?
3. Can I do load balancing or load sharing between the two ISPs?
Best,
TonyHi Tony,
Your question has already been answered here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd276a5
Maybe you are looking for
-
Some iTunes TV shows not playing on Apple TV (1st Gen)
I purchased several seasons of a show a couple of years ago. I used to have no problem syncing or streaming all of the seasons onto ATV. Recently, I can only stream or sync some of the shows. I can transfer the content that won't play on ATV to my iP
-
Can't open powerpoint files in keynote since Mountain Lion upgrade
Not having much luck and not sure which forum to post in as this could be a Mountain Lion issue, an iWork issue, but is also an iWork and/or IOS6 issue! Until last week I had Lion on iMac and IOS5 on iPad. I was able to log on to my work network serv
-
Hi Everyone, I have a requirement where in i have to download data to an excel sheet with some formatting like, few fields need to centrally aligned, few fields to be bold and coloured.Is it possible to have such formatting done thru ABAP.Is there a
-
Strange Error when starting tomcat 5.5.7
Hello, on WinXP SP2 I am using JavaStudio Enterprise 8, with J2SE 1.5 update 9. I am trying to run the tomcat-servlet-example. The project compile properly, but when i run the project i get the error below. Since i have no clue how to overtake this,
-
Our Web Pages Do Not Render Correctly in Dreamweaver
Afternoon All We've been using Dreamweaver on our company website for several years now. We've recently redesigned the site, and Dreamweaver doesn't render our pages properly. We have a page background image, and a center designed site with a backgro