Cisco Lightweight AP - Belkim WeMo Connectivity

Similar Messages

• Hi, I need your help.. I'm telecommunication technician, in my job we have CISCO 10008 routers, there's connected to DC Power b

  Hi, I need your help..
  I'm telecommunication technician, in my job we have CISCO 10008 routers, there's connected to DC Power by DC PEM sources. There's powered by  -52Vdc, but there's a problem, sometimes occurs failures, ESR-HH-GE cards suddenly crashes, the FAIL led is on and that's yellow color, but it doesn't works. We replace cards for this cases, and the service is OK, but this occurs again in the same slot or different slots, each 2 or 3 months aprox., or maybe one. Thanks for your help.

  Duplicate posts.   
  Go here:  http://supportforums.cisco.com/discussion/12185941/hi-i-need-your-help-im-telecommunication-technician-my-job-we-have-cisco-10008

• Cisco desktop agent fail to connect to CCX7.0

  Hello,
  Please we occure a problem that the Cisco desktop agent fail to connect to CCX 7.0 extension Agent ID not found.
  regards

  We're currently seeing the same issue with only two Agents.  When you look at the Agent's call log, it shows a reason code of Ring No Answer.  This would lead me to believe that UCCX is attempting to pass calls to the Agents, but the phone never rings.  Anyone else seeing this?
  We're running UCCX 8.0.2 and CAD ver 8.0.2.300.

• Cisco Jabber 9.2.1 connect LDAP fail

  Hi all,
  I am using CUCM 9.1 and CUP 9.1
  Here is my UC service settings
  Product type          : Enhanced Directory
  Port                    : 389
  Protocol          : TCP
  Connecction Type: Ldap
  Serivce profile has been created and assigned to the end-user
  If I use CUPC8.5 and 8.6, it can connect to LDAP successfully
  However, if using Cisco Jabber 9.2.1 (window), it cannot connect to AD
  in "Show Connection service", it shows
  Status : Unknown
  Reason : Unknown
  Is there any missing configuration for Jabber 9.2.1
  Thanks in advance
  Sam

  Have you configured the jabber-config.xml file?? That configuration you have is not for Jabber, if you haven't, review the configuration guide for details.
  Sent from Cisco Technical Support iPad App

• Cisco ASA 5505 - 2 PPPoE connection

  Hi,
  Please I would be very pleased if someone could give me a hand in this matter.
  I have a Cisco ASA 5505 9.0(2), 2 dial-up connection (ADSL) with fix IP from the same ISP. I have 2 Linksys router (each dial-up has a router) as well. Both Linksys are connected directly to ASA configured in bridge mode.
  I set up one dial-up on interface called “outside” with PPPoE configuration which is, in fact, up and running. I’m able to get my fix public IP.
  My problem come from when I try to set up the second dial-up on interface called “outside-other”. I configure properly all PPPoE parameters however I’m not able to get my second fix public IP. Somehow, it’s not able to establish a connection with the ISP. (PPPoE session has not been established yet)
  This could be useful information: the PPPoE Username is the same in both dial-up connection (given by my ISP).
  I hope someone can shed light on this issue.
  Thanks in advance,
  Apologies for my lack of awareness.
  Antonio

  Hi,
  This is my schema:
  connection A ( interface outside) --> DSL --> Router Linksys mode bridge --> Cisco ASA , up and running with IP fix.
  connection B ( interface outside-other) --> DSL --> Router Linksys mode bridge --> Cisco ASA, down : Status PADR_SENT
  I tried to use two different VPDN_groups for the two connections A and B. However, B is still not working. Just one of them is able to get IP from ISP, connection A.
  When I set up the Linksys router (connection B) in PPPoE, the connection works and get an IP fix from ISP.
  What I want to do is set up a VPN on connection B so I need to configure this second dial-up on Cisco ASA. I cannot use connection A due to security reasons.
  Thanks

• How to Configure an Cisco 5505 for PPTP VPN connectivity

  I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
  *Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.

  Hi,
  Below is the link to the admin guide for the RV042.  Chapter 9 covers the configuration of site to site VPN’s and begins on page 123. 
  http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
  If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
  Thank you,
  Jason Nickle

• Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

  Hii frnds,
  here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
  Below is the out put from the router
  r1#sh run
  Building configuration...
  Current configuration : 3488 bytes
  ! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
  ! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
  version 15.1
  service config
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname r1
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
  aaa new-model
  aaa authentication login local-console local
  aaa authentication login userauth local
  aaa authorization network groupauth local
  aaa session-id common
  dot11 syslog
  ip source-route
  ip cef
  ip domain name r1.com
  multilink bundle-name authenticated
  license udi pid CISCO1841 sn FHK145171DM
  username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
  username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group ra-vpn
  key xxxxxx
  domain r1.com
  pool vpn-pool
  acl 150
  save-password
    include-local-lan
  max-users 10
  crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
  crypto dynamic-map RA 1
  set transform-set my-vpn
  reverse-route
  crypto map ra-vpn client authentication list userauth
  crypto map ra-vpn isakmp authorization list groupauth
  crypto map ra-vpn client configuration address respond
  crypto map ra-vpn 1 ipsec-isakmp dynamic RA
  interface Loopback0
  ip address 10.2.2.2 255.255.255.255
  interface FastEthernet0/0
  bandwidth 8000000
  ip address 117.239.xx.xx 255.255.255.240
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map ra-vpn
  interface FastEthernet0/1
  description $ES_LAN$
  ip address 192.168.10.252 255.255.255.0 secondary
  ip address 10.10.10.1 255.255.252.0 secondary
  ip address 172.16.0.1 255.255.252.0 secondary
  ip address 10.10.7.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpn-pool 172.18.1.1   172.18.1.100
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip dns server
  ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
  ip nat inside source list 100 pool INTERNETPOOL overload
  ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
  access-list 100 permit ip 10.10.7.0 0.0.0.255 any
  access-list 100 permit ip 10.10.10.0 0.0.1.255 any
  access-list 100 permit ip 172.16.0.0 0.0.3.255 any
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
  access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
  access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
  control-plane
  line con 0
  login authentication local-console
  line aux 0
  line vty 0 4
  login authentication local-console
  transport input telnet ssh
  scheduler allocate 20000 1000
  end
  r1>sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
        10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
  C        10.2.2.2/32 is directly connected, Loopback0
  C        10.10.7.0/24 is directly connected, FastEthernet0/1
  L        10.10.7.1/32 is directly connected, FastEthernet0/1
  C        10.10.8.0/22 is directly connected, FastEthernet0/1
  L        10.10.10.1/32 is directly connected, FastEthernet0/1
        117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
  L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        172.16.0.0/22 is directly connected, FastEthernet0/1
  L        172.16.0.1/32 is directly connected, FastEthernet0/1
        172.18.0.0/32 is subnetted, 1 subnets
  S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
        192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.10.0/24 is directly connected, FastEthernet0/1
  L        192.168.10.252/32 is directly connected, FastEthernet0/1
  r1#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
  IPv6 Crypto ISAKMP SA
  r1 #sh crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: giet-vpn, local addr 117.239.xx.xx
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
     current_peer 49.206.59.86 port 50083
       PERMIT, flags={}
      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0x550E70F9(1427009785)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x5668C75(90606709)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550169/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550E70F9(1427009785)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550170/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:

  hi  Maximilian Schojohann..
  First i would like to Thank you for showing  interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF "  Router cpu processer goes to 99% and hangs...
  In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
  so plz give me an alternate solution ....thanks in advance....

• Cisco 2504 OEAP NAT directly connect AP's no ip

  I setup my 2504 to work with OEAP.  When I enabled NAT on the management interface the one AP I have directly connected to the WLC is no longer getting an IP address.  Any idea why this is?

  First, it is not recommended to have an AP directly connected to the WLC, you really need to connect it to an upstream switch and let it connect that way.
  My first thought would be that you need to take a look a the below link that talk about how the NAT ip commands work.
  http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/command/reference/cli70MR1commands.html#wp14087790
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Cisco ip phone 7960 cannot connect to call manager express

  The 7960 ip phone seems not to connect to the call manager express
  router and i have already put the firmware and configured the tftp
  server,the rest of the phones the 7911`s are all working ok,i have tried
  to reset the phone but it doesnt respond to the # key so as to reset to
  factory defaults.
  I have tried all the options of resetting it but to no avail.
  could someone give me some techie tips on this ? could it be a hardware issue ?? please assist.

  Go to the phone and check if the TFTP server is correct (should be the CME IP address). Also check the DHCP address.
  Resetting 7900 Series IP Phones to Factory Defaults:
  http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a00800941bb.shtml
  Check the bug:
  CSCed93627: Not able to reset 7970 back to factory defaults

• How can I get my Cisco wireless router to wirelessly connect to my Verizon Fios Actiontec router?

  I have Verizon Fios for internet, tv and phone. The Verizon Actiontec router is connected with a ethernet cable into my desktop and the internet is up and running. Now I bought a Cisco Linksys WRT54GL Wireless-G Broadband Router, and I wanted to connect it to another desktop two floors up. I set up the Cisco router according to the instructions, but I'm not able to connect to the internet. It shows that my computer was able to get a Local Network connection, but internet connection keeps failing.... I tried changing the IP address. But I'm confused about the whole thing. Is the Default gateway number suppose to be the same for both routers? Is it possible that the Actiontec router isnt giving off a strong enough wireless signal? I'm open for suggestions! Thanks

  Mac or Windows machine?
  Is the WRT connected directly to the upstairs computer? I don't think you can use the WRT that way?
  Have you had a look here?:http://homecommunity.cisco.com/t5/Wireless-Routers/General-Linksys-Router-FAQs/td-p/4286
  I THINK you would have to have a WETxx (Ethernet Adapter)  instead?
   If it connects to the Internet even breifly then I suppose that means your connected but it may be losing the signal and failng. You would porbably have ot get a WAP(Access Point) and use it as a repeater.
   I'm a bit rusty on the names so I hope i got them right, hope it helps.....

• Cisco ASA 8.2 55xx connect 2 inside interfaces together

  Hi all,
  I have some problem with my Cisco ASA 8.2 5510. I have to know how shoud i connect 2 inside interfaces together. I am writing what i have.
  I have 5 network connection on Cisco ASA.
  1. Interface Ethernet 0/0 - outside 200.200.200.200 255.255.255.240
  2. Interface Ethernet 0/1 - 1_firm 10.0.1.1 255.255.255.0
  3. Interface Ethernet 0/2 - 2_firm 192.168.1.1 255.255.255.0
  4. Interface Ethernet 0/3 - DMZ-Server 10.10.10.1 255.255.255.0 (Just one Server)
  5. Management -  no need
  I have to connect 2 Interfaces, (1_firm) with Interface (2_firm). I've tried
  "route 1_firm 192.168.1.0 255.255.255.0 10.0.1.1" ,
  but i resiving following error "Cannot add route,connected route exists".
  But i have no route configuration. What i have cheking? Or maked i some wrong?
  Thank you for your help

  Hi Jennifer,
  Thanks for your answer.
  Sec. Level 90 .
  Can you write me correct NAT and exeption configuration? That is my conf.
  This is my test Firewall system
  ciscoasa(config)# sh run
  : Saved
  ASA Version 8.0(2)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  names
  interface Ethernet0/0
  nameif outisde
  security-level 0
  ip address 200.100.100.200 255.255.255.240
  interface Ethernet0/1
  nameif vpm
  security-level 90
  ip address 192.168.1.1 255.255.255.0
  interface Ethernet0/2
  nameif wundplan
  security-level 90
  ip address 10.0.1.1 255.255.255.0
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  passwd 2KFQnbNIdI.2KYOU encrypted
  boot config disk0:/.private/startup-config
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list wundplan_access_in extended permit ip 10.0.1.0 255.255.255.0 any
  access-list vpm_access_in extended permit ip 192.168.1.0 255.255.255.0 any
  access-list outisde_access_in extended permit ip any 200.100.100.192 255.255.255.240
  access-list wundplan_nonat extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu outisde 1500
  mtu vpm 1500
  mtu wundplan 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-625-53.bin
  no asdm history enable
  arp timeout 14400
  global (outisde) 101 interface
  global (wundplan) 1 10.0.1.0 netmask 255.255.0.0
  access-group outisde_access_in in interface outisde
  access-group vpm_access_in in interface vpm
  access-group wundplan_access_in in interface wundplan
  route outisde 0.0.0.0 0.0.0.0 200.100.100.199 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 10.0.1.0 255.255.255.0 wundplan
  http 192.168.1.0 255.255.255.0 vpm
  http 10.0.0.0 255.255.255.0 wundplan
  http 192.168.0.0 255.255.255.0 vpm
  http redirect wundplan 80
  http redirect vpm 80
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  no crypto isakmp nat-traversal
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:5cd35a1417360a176153562a9c67e266
  : end
  Thynk you very mach.

• Cisco 1811W stopped allowing wireless connection of domain laptops

  I have a Cisco 1811W that after several years in service suddenly stopped allowing any wireless connection to laptops on the domain. It allows hard wired connections and devices that are just using the wireless hot spot like iPads and Iphones but not devices on the domain. These same laptops connect wirelessly without issue at our other facilities which use the same hardware.
  Here is the config file...
  Here is the config file of the router in question...
  router#show run
  Building configuration...
  Current configuration : 11776 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec localtime show-timezone year
  service password-encryption
  hostname xxx
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  logging buffered 4096
  no logging console
  enable secret 5 xxxx
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  crypto pki trustpoint TP-self-signed-1083484987
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1083484987
  revocation-check none
  rsakeypair TP-self-signed-xxxx
  dot11 syslog
  dot11 ssid xxxx
  vlan 44
  authentication open
  authentication key-management wpa
  wpa-psk ascii 7
  dot11 ssid xxxx
  vlan 144
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii 7
  ip source-route
  no ip dhcp use vrf connected
  ip dhcp excluded-address xxx.xxx.xxx.xxx
  ip dhcp excluded-address xxx.xxx.xxx.xxx
  ip dhcp excluded-address xxx.xxx.xxx.xxx
  ip dhcp pool xxx-LAN
  networkxxx.xxx.xxx.xxx 255.255.255.0
  domain-name xxxx
  dns-server xxx.xxx.xxx.xxx
  default-router xxx.xxx.xxx.xxx
  lease 0 2
  ip dhcp pool VLAN44
  network xxx.xxx.xxx.xxx 255.255.255.0
  default-router xxx.xxx.xxx.xxx
  domain-name xxxx
  dns-server xxx.xxx.xxx.xxx
  lease 4
  ip dhcp pool VLAN144
  network xxx.xxx.xxx.xxx 255.255.255.0
  default-router xxx.xxx.xxx.xxx
  domain-name xxxx
  dns-server 12.127.16.67 12.127.16.68
  lease 4
  ip cef
  ip domain name xxxx
  ip name-server xxx.xxx.xxx.xxx
  ip name-server xxx.xxx.xxx.xxx
  ip inspect tcp reassembly queue length 24
  ip inspect name IPFW tcp timeout 3600
  ip inspect name IPFW udp timeout 15
  ip inspect name IPFW ftp
  ip inspect name IPFW realaudio
  ip inspect name IPFW smtp
  ip inspect name IPFW h323
  ip inspect name IPFW ftps
  ip inspect name IPFW http
  ip inspect name IPFW https
  ip inspect name IPFW icmp
  ip inspect name IPFW imap
  ip inspect name IPFW imaps
  ip inspect name IPFW irc
  ip inspect name IPFW ircs
  ip inspect name IPFW ntp
  ip inspect name IPFW pop3
  ip inspect name IPFW pop3s
  ip inspect name IPFW radius
  ip inspect name IPFW sip
  ip inspect name IPFW sip-tls
  ip inspect name IPFW ssh
  ip inspect name IPFW telnet
  ip inspect name IPFW telnets
  ip inspect name IPFW vdolive
  ip inspect name IPFW webster
  ip inspect name IPFW dns
  no ipv6 cef
  multilink bundle-name authenticated
  password encryption aes
  file prompt quiet
  username admin password n
  username laneadmin password n
  crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 2
  crypto isakmp policy 2
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key 5122662533fedcbabcdef address 12.97.225.232
  crypto isakmp key 5122662533fedcbabcdef address 12.97.224.120
  crypto isakmp key 5122662533fedcbabcdef address 12.97.225.152
  crypto isakmp key 5122662533fedcbabcdef address 12.97.230.154
  crypto isakmp key 5122662533fedcbabcdef address 12.97.225.226
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES256-SHA-LZO esp-aes 256 esp-sha-hmac comp-lzs
  crypto ipsec df-bit clear
  crypto ipsec profile SITE-to-SITE-DMVPN-Profile
  set transform-set ESP-AES256-SHA
  crypto ipsec client ezvpn ezvpn-client
  connect auto
  mode client
  xauth userid mode interactive
  archive
  log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
  path scp://cisco:wrs-.o#d8Au8M@fs00/$h-$t
  write-memory
  ip ssh version 2
  bridge irb
  interface Loopback0
  ip address 1.1.1.5 255.255.255.252
  interface Tunnel0
  ip address xxx.xxx.xxx.xxx 255.255.255.0
  no ip redirects
  ip nhrp map xxx.xxx.xxx.xxx 12.97.230.154
  ip nhrp map multicast 12.97.230.154
  ip nhrp map xxx.xxx.xxx.xxx 12.97.225.226
  ip nhrp map multicast 12.97.225.226
  ip nhrp network-id 1
  ip nhrp nhs xxx.xxx.xxx.xxx
  ip nhrp nhs xxx.xxx.xxx.xxx
  tunnel source 12.97.225.234
  tunnel mode gre multipoint
  tunnel protection ipsec profile SITE-to-SITE-DMVPN-Profile
  interface Dot11Radio0
  no ip address
  no dot11 extension aironet
  encryption vlan 44 mode ciphers tkip
  encryption vlan 144 mode ciphers tkip
  ssid XXXX
  ssid XXX-guest
  speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
  channel 2437
  station-role root
  no cdp enable
  interface Dot11Radio0.44
  encapsulation dot1Q 44
  bridge-group 44
  bridge-group 44 subscriber-loop-control
  bridge-group 44 spanning-disabled
  bridge-group 44 block-unknown-source
  no bridge-group 44 source-learning
  no bridge-group 44 unicast-flooding
  interface Dot11Radio0.144
  encapsulation dot1Q 144
  bridge-group 144
  bridge-group 144 subscriber-loop-control
  bridge-group 144 spanning-disabled
  bridge-group 144 block-unknown-source
  no bridge-group 144 source-learning
  no bridge-group 144 unicast-flooding
  interface Dot11Radio1
  no ip address
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  station-role root
  interface FastEthernet0
  description 604 AT&T static IP
  ip address 12.97.225.234 255.255.255.248
  ip access-group IPFW-ACL-outside-A in
  no ip redirects
  no ip proxy-arp
  ip nat outside
  ip inspect IPFW out
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet1
  no ip address
  shutdown
  duplex auto
  speed auto
  interface FastEthernet2
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet3
  description phone system
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet4
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet5
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet6
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet7
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet8
  switchport access vlan 4
  spanning-tree portfast
  interface FastEthernet9
  description switchport uplink
  switchport access vlan 4
  interface Vlan1
  no ip address
  interface Vlan4
  ip address xxx.xxx.xxx.xxx 255.255.255.0
  no ip redirects
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1200
  ip policy route-map NONAT-LAN
  interface Vlan5
  no ip address
  interface Vlan10
  no ip address
  interface Vlan44
  description nnn private WLAN
  no ip address
  ip nat inside
  ip virtual-reassembly
  ip policy route-map NONAT-LAN
  bridge-group 44
  bridge-group 44 spanning-disabled
  interface Vlan144
  description nnn Guest WLAN
  no ip address
  ip nat inside
  ip virtual-reassembly
  ip policy route-map NONAT-LAN
  bridge-group 144
  bridge-group 144 spanning-disabled
  interface Async1
  no ip address
  encapsulation slip
  interface BVI44
  description Bridge to nnn private WLAN
  ip address xxx.xxx.xxx.xxx 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface BVI144
  description Bridge to nnn Guest WLAN
  ip address xxx.xxx.xxx.xxx 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  router eigrp 1
  network xxx.xxx.xxx.xxx
  network xxx.xxx.xxx.xxx
  no auto-summary
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 12.97.225.233
  no ip http server
  no ip http secure-server
  ip nat inside source list NAT-ACL interface FastEthernet0 overload
  ip nat inside source static tcp xxx.xxx.xxx.xxx 22 interface FastEthernet0 22222
  ip nat inside source route-map NO-NAT interface FastEthernet0 overload
  ip access-list standard VTY-ACL
  permit 192.168.0.0 0.0.63.255
  ip access-list extended IPFW-ACL-outside
  permit udp any any eq isakmp
  permit udp any eq isakmp any
  permit esp any any
  permit tcp any host 12.97.225.234 eq 23232
  permit icmp any any administratively-prohibited
  permit icmp any any echo-reply
  permit icmp any any packet-too-big
  permit icmp any any time-exceeded
  permit icmp any any traceroute
  deny ip any any
  ip access-list extended IPFW-ACL-outside-A
  permit tcp any host 12.97.225.234 eq 22222
  permit udp any any eq isakmp
  permit udp any eq isakmp any
  permit esp any any
  permit tcp any host 12.97.225.234 eq 23232
  permit icmp any any administratively-prohibited
  permit icmp any any echo-reply
  permit icmp any any packet-too-big
  permit icmp any any time-exceeded
  permit icmp any any traceroute
  deny ip any any
  ip access-list extended NAT-ACL
  deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
  deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
  deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
  deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 any
  deny ip 192.168.44.0 0.0.0.255 192.168.1.0 0.0.0.255
  deny ip 192.168.44.0 0.0.0.255 192.168.2.0 0.0.0.255
  deny ip 192.168.44.0 0.0.0.255 192.168.3.0 0.0.0.255
  deny ip 192.168.44.0 0.0.0.255 192.168.0.0 0.0.0.255
  deny ip 192.168.44.0 0.0.0.255 192.168.5.0 0.0.0.255
  permit ip 192.168.44.0 0.0.0.255 any
  deny ip 192.168.144.0 0.0.0.255 192.168.1.0 0.0.0.255
  deny ip 192.168.144.0 0.0.0.255 192.168.2.0 0.0.0.255
  deny ip 192.168.144.0 0.0.0.255 192.168.3.0 0.0.0.255
  deny ip 192.168.144.0 0.0.0.255 192.168.0.0 0.0.0.255
  deny ip 192.168.144.0 0.0.0.255 192.168.5.0 0.0.0.255
  permit ip 192.168.144.0 0.0.0.255 any
  ip access-list extended NONAT-LAN-RETURNING-ACL
  permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255
  permit ip 192.168.44.0 0.0.0.255 192.168.3.0 0.0.0.255
  permit ip 192.168.44.0 0.0.0.255 192.168.5.0 0.0.0.255
  permit ip 192.168.44.0 0.0.0.255 192.168.2.0 0.0.0.255
  permit ip 192.168.44.0 0.0.0.255 192.168.0.0 0.0.0.255
  permit ip 192.168.144.0 0.0.0.255 192.168.3.0 0.0.0.255
  permit ip 192.168.144.0 0.0.0.255 192.168.5.0 0.0.0.255
  permit ip 192.168.144.0 0.0.0.255 192.168.2.0 0.0.0.255
  permit ip 192.168.144.0 0.0.0.255 192.168.0.0 0.0.0.255
  ip access-list extended VTY-ACL-A
  deny ip 192.168.160.0 0.0.0.255 any
  permit ip 192.168.44.0 0.0.0.255 any
  permit ip 192.168.144.0 0.0.0.255 any
  permit ip 192.168.0.0 0.0.0.255 any
  permit ip 192.168.1.0 0.0.0.255 any
  permit ip 192.168.2.0 0.0.0.255 any
  permit ip 192.168.3.0 0.0.0.255 any
  permit ip 192.168.4.0 0.0.0.255 any
  permit ip 192.168.5.0 0.0.0.255 any
  permit tcp any any eq 22
  deny ip any any
  logging trap notifications
  logging source-interface Vlan5
  logging 192.168.0.225
  route-map NONAT-LAN permit 10
  match ip address NONAT-LAN-RETURNING-ACL
  set interface Loopback0
  route-map NO-NAT permit 10
  match ip address NAT-ACL
  snmp-server community XXXsnmppub RO
  control-plane
  bridge 44 route ip
  bridge 144 route ip
  banner login ^C
  Unauthorized access is prohibited and will be monitored and prosecuted.
  If you are not explicitly authorized to access this device, you must
  disconnect now.
  ^C
  banner motd ^C
  Unauthorized access is prohibited and will be monitored and prosecuted.
  If you are not explicitly authorized to access this device, you must
  disconnect now.
  ^C
  line con 0
  line 1
  modem InOut
  stopbits 1
  speed 115200
  flowcontrol hardware
  line aux 0
  line vty 0 4
  access-class VTY-ACL-A in
  password 7 nnn
  transport input ssh
  line vty 5 15
  webvpn gateway webgateway
  ssl trustpoint TP-self-signed-1083484987
  no inservice
  webvpn gateway sslvpn.xxx
  hostname www.nnn
  ssl trustpoint TP-self-signed-1083484987
  inservice
  end
  router#

  It was a two fold problem.  There is another stronger Wi-Fi signal that exists at the facility from another entity on a different domain that the two laptops were trying to associate to in lieu of the network signal from our 1811.  This could only be seen while watching the Intel wireless Proset app NOT the Windows wireless management app.  Then by deleting all other old Wi-Fi networks listed in the Intel Proset app except ours it connected.  Also set devices to never connect to the other signal.  This was not an issue when I brought the laptop to another faciIity without a competing Wi-Fi signal becuase they would connect using the strongest and ONLY Wi-Fi network signal which was ours.

• Cisco Persistent Chat error when connecting to DB server

  When we want to configure it and check the connection it says, is in menu Messaging --> external setup --> external databases (in IM Presence Administrator). We use a postgresql server on linux and can connect to the db via other clients as test. What can be wrong? We did not enable ssl for this connection, you cannot even select ssl, is grayed out!
  Verify external database server connectivity (database connection check)
  The following Cisco Unified IM and Presence Service node to external database server connections failed:
  xxxxx.xxxx.xxx >> pchat (Persistent Chat)
  With message:
  One or more parameters are invalid. Please check them once again.
  If the 'Enable SSL' field is unchecked and the External Database chosen in the 'Database Name' field is SSL enabled, please check the 'Enable SSL' field and choose the certificate that corresponds to the chosen External Database and save your changes.
  If the 'Enable SSL' field is checked on the External Database Settings page then the following steps could help resolve the connectivity issue:
  Please try refreshing the page after 60 secs of saving the changes.
  Please verify if the Certificate chosen in the 'Certificate Name' field is valid and corresponds to the chosen External Database in the 'Database Name' field.
  If the problem persists, please restart the Cisco XCP Config Manager Service.

  Hi,
  As mentioned in the following configuration article, for earlier versions of SQL Server where MARS was not an option, the way to configure is to have server-side cursors configured.
  (check out the tabulated column next to MARS_Connection for details)
  http://www.easysoft.com/products/data_access/odbc-sql-server-driver/manual/configuration.html
  To use server-side queries in the connection URL, pls go through this link
  http://www.oracle.com/technology/products/jdev/howtos/bc4j/bc_psqlserverwalkthrough.html
  But please note that server-side cursors does have a performance overhead.
  Let me know if you need more information.
  HTH,
  Lakshmi.

• Cisco 878 router for ADSL connectivity

  Hi All,
  I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
  Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
  controller in 878 rtr. I think i m missing something somewhere.
  Below is the config that i have done
  controller DSL 0
  mode atm
  loopback digital
  dsl-mode shdsl symmetric annex A
  line-rate auto
  line-term cpe
  line-mode 2-wire line-one
  ip cef
  ip dhcp excluded-address 192.168.10.1 192.168.10.10
  ip dhcp pool INSIDE-Pool
     import all
     network 192.168.10.0 255.255.255.0
     default-router 192.168.10.1
     dns-server 212.77.192.59 212.77.192.60
     lease 8
  interface ATM0
  description (Outside Public Interface)
  no shutdown
  no ip address
  load-interval 30
  no atm ilmi-keepalive
  pvc 8/35             
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip proxy-arp
  no ip unreachables
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip route-cache flow
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp authentication chap callin
  ppp chap hostname p4411XXXX
  ppp chap password qatarXXXX
  ppp pap sent-username p44114032 password 0 qatarXXXX
  no sh
  ip route 0.0.0.0 0.0.0.0 Dialer0
  no ip http server
  ip nat inside source list 101 interface Dialer0 overload
  access-list 1 permit any
  access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
  access-list 101 permit ip 192.168.0.0 0.0.255.255 any
  dialer-list 1 protocol ip permit

  i have an adsl line
  i try to configure the router 878
  but no connection ,, kann u tel me how do u have resolve the probleme please
  this is the running config
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname cisco2
  boot-start-marker
  boot-end-marker
  no logging buffered
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  resource policy
  clock timezone EST -5
  clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
  ip subnet-zero
  ip cef
  ip name-server 212.217.0.1
  ip name-server 212.217.0.12
  ip name-server 212.217.1.1
  ip ddns update method sdm_ddns1
   DDNS both
  vpdn enable
  vpdn-group pppoe
  crypto pki trustpoint TP-self-signed-201735762
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-201735762
   revocation-check none
   rsakeypair TP-self-signed-201735762
  crypto pki certificate chain TP-self-signed-201735762
   certificate self-signed 01
    3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
    375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
    37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
    C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
    FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
    05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
    02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
    11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
    FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
    D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
    007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
    1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
    E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
    819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
    quit
  username xxxxx privilege 15 password 0 xxxxx
  controller DSL 0
   mode atm
   line-term co
   line-mode 4-wire standard
   dsl-mode shdsl symmetric annex B
   ignore-error-duration  15
   line-rate 4608
  interface BRI0
   no ip address
   encapsulation hdlc
   shutdown
  interface ATM0
   no ip address
   ip nat outside
   ip virtual-reassembly
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   pvc 8/35
    pppoe-client dial-pool-number 1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Vlan1
   description lan
   ip address 192.168.1.5 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly
   ip route-cache flow
   ip tcp adjust-mss 1412
  interface Dialer1
   ip ddns update hostname xxxx.dyndns.org
   ip ddns update sdm_ddns1
   ip address negotiated
   ip mtu 1452
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   no cdp enable
   ppp authentication chap pap callin
   ppp chap hostname xxxxx
   ppp chap password 0 xxxxx
   ppp pap sent-username xxxxx password 0 xxxxx
  interface Dialer0
   no ip address
  ip classless
  ip http server
  ip http access-class 24
  ip http authentication local
  ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip access-list extended to-sip-servers
   remark --- traffic to any sip server
   permit udp 192.168.1.0 0.0.0.255 any eq 5060
  access-list 1 permit 0.0.0.0 255.255.255.0
  access-list 1 permit 192.168.1.0 0.0.0.255
  dialer-list 1 protocol ip permit
  snmp-server community public RO
  no cdp run
  control-plane
  banner motd ^CINE welcome
  banner ^C
  line con 0
   no modem enable
  line aux 0
  line vty 0 4
   password cisco
  scheduler max-task-time 5000
  end

• Cisco 3725 Router for Internet Connectivity

  Hi,
  We have en existing Internet connection using our Cisco 3725 router (ISP A). The router does the NAT and here's the existing default route:
  S* 0.0.0.0/0 [1/0] via 1.2.3.153
  This router has a "16 Port 10BaseT/100BaseTX EtherSwitch".
  Now we have a new Internet connection (ISP B). What I did was to configure two ports on the Etherswitch and added route maps:
  interface FastEthernet1/0
  description "ISP B to provider"
  no switchport
  ip address 4.5.6.66 255.255.255.252
  interface FastEthernet1/1
  description "ISP B to my network"
  no switchport
  ip address 4.5.7.225 255.255.255.248
  ip policy route-map ISPBInternetTraffic
  access-list 101 permit ip 4.5.7.224 0.0.0.7 any
  route-map ISPBInternetTraffic permit 101
  match ip address 101
  set interface FastEthernet1/0
  set ip default next-hop 4.5.6.65
  What I want to happen is that when the router sees the traffic coming from the public IPs of ISP B (4.5.7.224 /29) it will direct that to go out ISP B on F1/0.
  1. Is my configuration correct?
  2. Any suggestions, recommendations?
  3. Can I do load balancing or load sharing between the two ISPs?
  Best,
  Tony

  Hi Tony,
  Your question has already been answered here: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd276a5