Cisco modem/router DCP2325 Passwords
I recently purchased a new laptop computer and since I already had a wireless router I thought that I could get on line easy but, it seems the password I had written down does not work. I called my cable co. Charter to see if they could correct it. Well Charter changed it to something only God knows. Now neither Charter nor myself can make my laptop access the web without directly plugging into the router. What good is a wireless router that no one knows the password too? This is my question. Or perhaps someone could tell me how I go about changing a password that I do not know and neither does my ISP. Since last Thursday I have called Cisco, Called Linsys, Called Charter, Called Cisco, Called Charter, Called Linsyc, Called Charter and it is a vicious circle of enemies of my laptop. Saturday I started emailing since no one works on Sat. that could help. Today I received the same thing about Cisco in two different emails. Neither of which supplied an answer. I have threatened I have not yet cursed them but If I knew how to put a curse on someone it would be Cisco Routers. Can anyone in this discussion group help me set the default back to null on my DCP2325 Router/modem so I can have access to the web on my laptop, or at least tell me where to tie on to this router to use for my boat anchor. Since its not wireless after all. Thanks
Jerry,
According to the User Guide the default IP address is 192.168.0.1
There is no username or password by default. You should be able to type that IP address in the address bar of your web browser and log in.
If that works, browse to Wireless-> Security and change the wireless password. (Pre-shared Key)
If you are unable to log into the web interface you can reset the device to factory defaults by holding the reboot button on the back of the unit for more than ten seconds with it powered on. Check with your ISP before resetting the device as this may affect your ability to access the internet.
You can locate the User Guide for your device at the following link:
http://www.cisco.com/web/consumer/support/userguides2/4024320-new.pdf
Hope this helps, I understand it can be frustrating to find support for some devices. Tom is correct, these devices should be supported by the ISP.
Marty
Similar Messages
-
Connecting an Airport TC to a Cisco Modem/Router
I have just moved and now have 5 people under one roof. So Im trying to figure out whats the best scenario. Our house will have up to 10 devices (Laptops, phones, Xbox, AppleTV.) all running on the same ISP at any given time. I have a Cisco DCP3825 modem/router acting as a modem & router, using IPV4 with WLAN @ WPA2 personal - AES. and DHCP is on. Its running on N only, at 2.4GHz. Then I have it connected to my AirPort TC in Bridge Mode via Ethernet cable in the WAN port. I am connecting in DHCP mode with 2 DNS servers. I created both a 2.4 and 5GHz channel in WPA2 Personal. I use my TC for Time Machine and didnt want to have to fight for bandwidth while backing up. Since the modem can output its own network, I figured I would make my own and use it just for my Time Machine backups, syncing with my iPhone and general use on my MacBook Pro.
Is this the best set up for the scenario tho. I guess my other options are to put the modem into bridge and Only use the AirPort TC. Or, I can make my AirPort TC extend the modem/routers current network. Keep in mind they are connected via Ethernet and sitting beside eachother on the desk.
Any suggestions and opinions are greatly appreciated. I just want to have the best range and signal quality possible while dealing with so many devices on it at once, all while trying to use Time Machine and AppleTV.I have it connected to my AirPort TC in Bridge Mode via Ethernet cable in the WAN port. I am connecting in DHCP mode with 2 DNS servers. I created both a 2.4 and 5GHz channel in WPA2 Personal. I use my TC for Time Machine and didnt want to have to fight for bandwidth while backing up. Since the modem can output its own network, I figured I would make my own and use it just for my Time Machine backups, syncing with my iPhone and general use on my MacBook Pro.
Is this the best set up for the scenario tho.
Yes, IMHO you are getting the best out of the equipment.. there is no need to run the TC in router mode.. no advantages really.
You can of course use a long ethernet or EOP (homeplug) adapters and move the TC to some point in a different room to get coverage.
If you have issues with people using more than their fair share.. buy a router with excellent QoS and bandwidth limiting and quota.. ie a cheap router and load gargoyle firmware on it. -
Cisco 1921 Router default password invalid
Hi All,
I am facing a weird issue where after resetting the Cisco router 1921, i am trying to login using default username "cisco" and password "cisco"
and i am getting password invalid error.
I have hard resetted the router using the the key in the back.
Can someone help me in resolving this error. Its frustrating when you cant even login to a new router
Thanks!!Some devices are configured with onetime password. If you log on with these credentials and save the configuration, the default password is erased. If you don't have set a new password, you'll end up with an inaccessible box. This avoids production devices with the default manufacture password and being exposed.
You need to do a password recovery procedure.
1) connect via console to the device
2)power on the device
3)hit ctrl+break until you are in rommon mode
Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash.
This step bypasses the startup configuration where the passwords are stored.
Type reset at the rommon 2> prompt.
The router reboots, but ignores the saved configuration.
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
Type enable at the Router> prompt.
You are in enable mode and should see the Router# prompt.
As it's a new router without previous configuration it's not really required to restore the previous saved configuration. But if you would do: copy start run
Warning: Do not enter copy running-config startup-config or write. These commands erase your startup configuration.
Type configure terminal.
The hostname(config)# prompt appears.
Type enable secret in order to change the enable secret password. For example:
hostname(config)#enable secret YourPassword
Restore the previous conf-reg value:
hostname(config)#config-register 0x2102
If you did a copy start run, you must also configure a new user:
Username youruser secret yourpassword
And of course: save your configuration
Don't forget to rate useful posts ;)
Sent from Cisco Technical Support iPad App -
What are the ideal settings for my TC with Shaw's Cisco DPC3825 router/modem
My old 2nd Gen Time Capsule crapped out and now I am about to set up my new 2TB TC. My provider is Shaw Communications and they have upgraded me to their Broadband 100 Mbps service. This came with a new modem/router combo made by Cisco and is model DPC3825. Before I start plugging things in I'd like to know what are the ideal settings such that I gain the most of the BB100 service. Should I be setting the Cisco modem/router to Bridge mode or the TC? Should I have Shaw disable anything? Any insight is greatly appreciated.
Unless you specifically need to have the TC perform as the main router for your network, life will be a lot easier if you configure the TC to operate in Bridge Mode.
Whether the Cisco modem/router or gateway can possibly be configured to act as a simple bridge mode modem is one thing to consider.
Whether Shaw would support you in the event of any connection difficulties with the modem/router configured this way is another.
Since Shaw is your provider, it might make sense to talk with them about best practice as far as configuring the DPC3825.
Once you have that information in hand, you will then have the answer on how best to configure the TC.....which will very likely be in Bridge Mode. -
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
C7280 All-in-One connected wirelessly to a modem-router needs a password when powered-up.
Do you have any examples of wirelessly connecting an HP Photosmart C7280-All-in-One to a network run by a NetComm NB6Plus4W modem-router? The modem-router also attaches a Windows XP desktop computer using an ethernet cable and a Windows XP laptop computer wirelessly using the default SSID (wireless) and password (a1b2c3d4e5).
The wireless connection between the modem-router and the laptop comes up automatically when the modem-router and laptop are powered-up.
The wireless connection between the modem-router and the HP Photosmart does not establish automatically. When I power-up the HP Photosmart I then have to use the setup button on the Photosmart and manually type in to the Photosmart the password (a1b2c3d4e5). The SSID displays as wireless, it does not have to be retyped.
Do you know if there is any NetComm or HP configuration which will cause automatic setup of the HP Photosmart to occur when it is powered-up?
What I am complaining about is having to manually type in the HP's password to the HP whenever the HP is powered-up.
This question was solved.
View Solution.The information that i gave was based on the info you provided, and only told you what steps would work. Troubleshooting process does involve guesswork as the issue that you're facing could be caused due to many reasons, and doing each and every step is a process of eliminating all the possible causes and narrowing it down to one particular cause. If you don't like what I have to offer, then feel free to not follow it. Lets see how fast you can get it to work on your own.
Make it easier for other people to find solutions, by marking my answer with \'Accept as Solution\' if it solves your problem.
Click on the BLUE KUDOS button on the left to say "Thanks"
I am an ex-HP Employee. -
Hello
I have a Cisco RV180w in my office which is great but I am struggling to connect from my Netgear D6200 using VPN PPTP. If I have to replace my D6200 modem/router is there a good Cisco model available?Thanks Leo I will have a look at them.
It just needs to have ADSL in and a strong wireless capability. -
No service password recovery command on cisco 2801 router
HI,
we have a cisco 2801 router in class which has a disabled pasword recovery. We tried almost everything, we cannot get into ROMmon and the break sequence dosent work in any program (hyper terminal, putty, teraterm pro). We dont have any idea how to solve this problem.
Here is the log from hyperterminal:
System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2004 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c2801 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled
Readonly ROMMON initialized
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program load complete, entry point: 0x8000f000, size: 0xc100
Initializing ATA monitor library.......
program load complete, entry point: 0x8000f000, size: 0xc100
Initializing ATA monitor library.......
program load complete, entry point: 0x8000f000, size: 0xd49718
Self decompressing the image : #################################################
######## [OK]
--- TRIED BREAK SEQUENCE HERE but nothing happens ---
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
0X003AA110 public buffer pools
0X00211000 public particle pools
0X0013 0X00035000 Card in slot 1
0X000021B8 Onboard USB
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Allocating additional 7692663 bytes to IO Memory.
PMem allocated: 117440512 bytes; IOMem allocated: 16777216 bytes
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 12.4(1c), RELEASE SO
FTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 26-Oct-05 08:42 by evmiller
Image text-base: 0x6007ECA0, data-base: 0x61480000
--- TRIED BREAK SEQUENCE HERE but nothing happens too ---
Port Statistics for unclassified packets is not turned on.
Cisco 2801 (revision 6.0) with 114688K/16384K bytes of memory.
Processor board ID FCZ102422KK
2 FastEthernet interfaces
2 Low-speed serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Press RETURN to get started!
Thanks for help!I usually suffer from the same issue, but what works for me everytime is the other method that simulates break sequence. Can't find the documentation for it but this is how it goes:
Set the serial connection as follows in Putty:
Baud rate 1200
1 stop bit
8 data bits
no parity
no flow control
Turn off your router, then turn it back on and immediately press the spacebar for about 10-15 seconds. All you'll see is giberish. After that reset your console connection settings to the usual 9600 baud rate, and you'll find yourself in rommon mode. -
I am loosing configuration when I power off my Cisco 857 router
I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
I tried it again and it again lost settings. So I found following instruction:
http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
0x2102 not 0x2142 like they think that is password reset mode.
Here is my output from Hyper Terminal:
=============================
Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar 1 01:19:27.786: %SYS-5-RELOAD: Reload requested by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK] Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar 1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized*Mar 1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled*Mar 1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar 1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar 1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar 1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar 1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar 1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar 1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar 1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar 1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar 1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar 1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar 1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar 1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar 1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar 1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar 1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar 1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar 1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar 1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar 1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar 1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
Please help me as I am stuck and can't go any further....Hi David White,
Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
write memory
to save the configuration. You can then verify that your changes have been saved to the startup config by issuing:
show startup-config"
The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
Phillip
write memory
is
copy running-config startup-config"
Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
Could you please write me step by step guide how can I make changed options stay permanently on router?
thank you
Dragan -
Cisco 877 router - Cisco IP phone won't register with SIP provider
Hi all,
I'm having a problem with a Cisco SPA504G phone not registering with the SIP carrier over the Internet. We've recently rolled out a Cisco 877 router onto a new NBN business connection and can't get the pre-configured IP phone to register.
When we tested the phone with the NBN-provided Netgear router, it worked fine, as it did with the previous Cisco 1841 router we were using on a different link.
The way it's setup is using VLANs to define the internal subnets, which are then assigned to the physical interfaces (since the 887 doesn't allow IP assignments to the interfaces directly).
VLAN 100 is the internal network and has a SBS2011 server – assigned to F0 – IP range is 192.168.1.0
VLAN 200 is the guest network and has Internet access only – assigned to F1 – IP range is 10.1.1.0
VLAN 500 is the WAN network and connects to the NBN upstream box – assigned to F3 – external IP address assigned by DHCP
I've been playing around with access lists, nat rules, basically everything in my limited Cisco knowledge to try and figure this out, but to no avail. I have even configured what I believe is unrestricted access to IP, UDP and TCP outbound and inbound to all VLANs and still can't get it to register.
Tried isolating the issue by creating a new VLAN and assigning it to the spare interface and basically allowing everything in and out, but still no luck.
The problem has to be something on the router – probably some small line of config I haven’t removed or added.
I am going to pull my hair out soon, so would really appreciate some assistance from the Cisco gurus out there.
My client has just purchased about 10 of these handsets from their provider so I need to fix this ASAP. The guy who provided them wasn't very helpful, and basically said I'm on my own once we tested using the NBN-provided Netgear router.
Happy to post my config as well.
Please help!!!!Current configuration : 4912 bytes
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router1
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
no ip source-route
ip dhcp excluded-address 10.1.1.1
ip dhcp pool GUEST
network 10.1.1.0 255.255.255.0
dns-server 10.1.1.1 203.50.2.71 139.130.4.4
default-router 10.1.1.1
ip cef
no ip domain lookup
ip domain name network.local
ip name-server 192.168.1.123
ip name-server 203.23.53.12
ip name-server 197.12.32.86
ip name-server 8.8.8.8
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGL171220XY
username admin privilege 15 secret 5 $1$aNsm$N1BCQYkoi8gnURyvloYEX/
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 10
pvc 8/35
interface FastEthernet0
description NAC - Internal network
switchport access vlan 100
no ip address
interface FastEthernet1
description NAC - Guest network
switchport access vlan 200
no ip address
interface FastEthernet2
no ip address
shutdown
interface FastEthernet3
description **** WAN Port ****
switchport access vlan 500
no ip address
interface Vlan1
no ip address
bridge-group 10
hold-queue 100 out
interface Vlan100
description NAC - Internal Vlan
ip address 192.168.1.1 255.255.255.0
ip access-group IN-100 in
ip access-group OUT-100 out
ip nat inside
ip virtual-reassembly in
interface Vlan200
description NAC - Guest Vlan
ip address 10.1.1.1 255.255.255.0
ip access-group IN-200 in
ip access-group OUT-200 out
ip nat inside
ip virtual-reassembly in
interface Vlan500
description **** WAN Vlan ****
ip address dhcp
ip nat outside
no ip virtual-reassembly in
no ip forward-protocol nd
ip http server
ip http access-class 23
ip http secure-server
ip dns server
ip nat inside source list NAT-100 interface Vlan500 overload
ip nat inside source list NAT-200 interface Vlan500 overload
ip nat inside source static tcp 192.168.1.123 25 interface Vlan500 25
ip nat inside source static tcp 192.168.1.123 443 interface Vlan500 443
ip nat inside source static tcp 192.168.1.123 3389 interface Vlan500 3399
ip nat inside source static tcp 192.168.1.123 80 interface Vlan500 80
ip nat inside source static tcp 192.168.1.123 4125 interface Vlan500 4125
ip nat inside source static tcp 192.168.1.124 3389 interface Vlan500 3390
ip nat inside source static tcp 192.168.1.123 987 interface Vlan500 987
ip nat inside source static tcp 192.168.1.123 1723 interface Vlan500 1723
ip route 0.0.0.0 0.0.0.0 55.234.52.43
ip access-list extended IN-100
permit udp any any range bootps bootpc
deny ip 10.1.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended IN-200
permit udp any any range bootps bootpc
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended NAT-100
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended NAT-200
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended OUT-100
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
ip access-list extended OUT-200
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any 10.1.1.0 0.0.0.255
access-list 23 permit 59.23.164.52
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.1.1.0 0.0.0.255
access-list 23 permit 120.146.0.0 0.0.255.255
access-list 23 permit 149.185.12.0 0.0.0.255
access-list 23 permit 110.44.28.0 0.0.0.255
access-list 23 permit 110.44.26.0 0.0.0.255
access-list 23 permit 103.25.212.0 0.0.0.255
access-list 23 permit any
bridge 10 protocol ieee
banner motd ^C
* Authorized personnel only! *
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
password password01
login local
transport input all
end -
Problem with Cisco 861W router and outgoing VPN
We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 216.49.160.10 216.49.160.66
default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciatedHello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router. -
Cisco 878 router for ADSL connectivity
Hi All,
I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
controller in 878 rtr. I think i m missing something somewhere.
Below is the config that i have done
controller DSL 0
mode atm
loopback digital
dsl-mode shdsl symmetric annex A
line-rate auto
line-term cpe
line-mode 2-wire line-one
ip cef
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp pool INSIDE-Pool
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 212.77.192.59 212.77.192.60
lease 8
interface ATM0
description (Outside Public Interface)
no shutdown
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
ip address negotiated
no ip redirects
no ip proxy-arp
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname p4411XXXX
ppp chap password qatarXXXX
ppp pap sent-username p44114032 password 0 qatarXXXX
no sh
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip nat inside source list 101 interface Dialer0 overload
access-list 1 permit any
access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permiti have an adsl line
i try to configure the router 878
but no connection ,, kann u tel me how do u have resolve the probleme please
this is the running config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname cisco2
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip cef
ip name-server 212.217.0.1
ip name-server 212.217.0.12
ip name-server 212.217.1.1
ip ddns update method sdm_ddns1
DDNS both
vpdn enable
vpdn-group pppoe
crypto pki trustpoint TP-self-signed-201735762
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-201735762
revocation-check none
rsakeypair TP-self-signed-201735762
crypto pki certificate chain TP-self-signed-201735762
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
quit
username xxxxx privilege 15 password 0 xxxxx
controller DSL 0
mode atm
line-term co
line-mode 4-wire standard
dsl-mode shdsl symmetric annex B
ignore-error-duration 15
line-rate 4608
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
description lan
ip address 192.168.1.5 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
interface Dialer1
ip ddns update hostname xxxx.dyndns.org
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp pap sent-username xxxxx password 0 xxxxx
interface Dialer0
no ip address
ip classless
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip access-list extended to-sip-servers
remark --- traffic to any sip server
permit udp 192.168.1.0 0.0.0.255 any eq 5060
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
control-plane
banner motd ^CINE welcome
banner ^C
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
scheduler max-task-time 5000
end -
Link an 871 router/switch wirelessly to an ISP-provided DSL modem//router?
Hi, Upstairs we have a 20-Mbps ISP-provided DSL wireless modem/router, and one floor lower, in basement, I would like to install a refurbished 871 Cisco router, without adding a separate Internet connection. I would like the 871 to connect wirelessly to the DSL router. To the 871 I would wirelessly connect 2 workstations, one of which will host 3-4 virtual machines. The 2 main reasons for this weird arrangement are so my virtual machines and virtual switch do not interfere with upstairs devices connected to the DSL router, and so I can practice Cisco router//switch configuration downstairs where I reside, without added expense of a separate Internet connection. Would I need a separate repeater between the two routers? Humbly requesting any other feedback.
JeffTo have all routers using the same Network Name and wireless password, you would have to configure them for a roaming network. This would require that the Extreme and Express connect individually back to the Pirelli router via an Ethernet connection.
-
877 using fe as WAN (ISP provider modem/router) - VPN won't come up!
Hi,
Due some changes with our ISP, the atm interface on the 877 router won't support stable connections anymore. The fix I'm having to do is to use our ISP provided modem/router, and have the 877 use an fe port as a WAN port and instigate the VPN from there.
I've had issues with getting the WAN port to work correctly that I got fixed here:
https://supportforums.cisco.com/message/4090973
Now I've got to get this bit going then I'm all good!
Basic set up is:
Remote firewall <-> internet <-> local ISP (modem/router) <-> Cisco 877 <-> laptop/switch etc
172.20.0.0/16 192.168.1.254 192.168.1.139 172.30.99.1 172.30.99.0/24
Current config is:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname ITTEST
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T6.bin
boot-end-marker
logging message-counter syslog
logging buffered 10240
enable secret
enable password
no aaa new-model
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
dot11 syslog
no ip source-route
ip dhcp excluded-address 172.30.99.1 172.30.99.100
ip dhcp pool dhcppool
import all
network 172.30.99.0 255.255.255.0
default-router 172.30.99.1
dns-server 172.30.99.1 172.20.0.120 172.20.0.121
domain-name gratte.com
update arp
ip cef
ip domain name gratte.com
ip name-server 192.168.1.254
ip name-server 172.20.0.120
ip name-server 172.20.0.121
no ipv6 cef
multilink bundle-name authenticated
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <presharedkey> address xxx.xxx.xxx.xxx no-xauth
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
archive
log config
hidekeys
interface Tunnel0
description --- IPSec Tunnel to KX ---
ip address 172.30.99.10 255.255.255.252
ip ospf mtu-ignore
load-interval 30
tunnel source Vlan1
tunnel destination xxx.xxx.xxx.xxx
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
interface FastEthernet0
description DATA
spanning-tree portfast
interface FastEthernet1
description VOICE
switchport access vlan 100
switchport voice vlan 100
spanning-tree portfast
interface FastEthernet2
shutdown
interface FastEthernet3
switchport access vlan 666
no cdp enable
spanning-tree portfast
interface Vlan1
ip address 172.30.99.1 255.255.255.252
ip nat inside
ip virtual-reassembly
interface Vlan666
ip address 192.168.1.139 255.255.255.0
ip nat outside
ip virtual-reassembly
interface Dialer0
no ip address
ip default-gateway 192.168.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 10.20.0.0 255.255.0.0 Tunnel0
ip route 10.21.0.0 255.255.0.0 Tunnel0
ip route 64.156.192.220 255.255.255.255 Tunnel0
ip route 64.156.192.245 255.255.255.255 Tunnel0
ip route 74.50.50.16 255.255.255.255 Tunnel0
ip route 74.50.63.14 255.255.255.255 Tunnel0
ip route 172.16.0.0 255.240.0.0 Tunnel0
ip route 172.30.99.0 255.255.255.0 Vlan1
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 100 interface Vlan666 overload
access-list 100 permit ip 172.30.99.0 0.0.0.255 any
access-list 199 permit icmp any any
snmp-server community public RO
snmp-server community blobby RW
control-plane
line con 0
password
login
no modem enable
line aux 0
line vty 0 4
password
login
scheduler max-task-time 5000
ntp server 72.8.140.222
ntp server 172.20.0.120
ntp server 172.20.0.121
end
Hope someone can help!And pretty much an hour to the time of when it dropped out, it's kicked back in:
02:00:40: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:40: %CRYPTO-4-IKMP_NO_SA: IKE message from has no SA and is not an initialization offer
02:00:42: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:45: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:45: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:50: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:50: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:55: ISAKMP (0): received packet from dport 500 sport 500 Global (N) NEW SA
02:00:57: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
02:00:57: IPSEC(lifetime_expiry): SA lifetime threshold reached, expiring in 68 seconds
02:00:57: ISAKMP: set new node 0 to QM_IDLE
02:00:57: SA has outstanding requests (local 132.76.193.228 port 500, remote 132.76.193.200 port 500)
02:00:57: ISAKMP:(2002): sitting IDLE. Starting QM immediately (QM_IDLE )
02:00:57: ISAKMP:(2002):beginning Quick Mode exchange, M-ID of 1560671909
02:00:57: ISAKMP:(2002):QM Initiator gets spi
02:00:57: ISAKMP:(2002): sending packet to my_port 500 peer_port 500 (I) QM_IDLE
02:00:57: ISAKMP:(2002):Sending an IKE IPv4 Packet.
02:00:57: ISAKMP:(2002):Node 1560671909, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
02:00:57: ISAKMP:(2002):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
02:00:58: ISAKMP (2002): received packet from dport 500 sport 500 Global (I) QM_IDLE
02:00:58: ISAKMP: set new node 1105416027 to QM_IDLE
02:00:58: ISAKMP:(2002): processing HASH payload. message ID = 1105416027
02:00:58: ISAKMP:(2002): processing SA payload. message ID = 1105416027
02:00:58: ISAKMP:(2002):Checking IPSec proposal 1
02:00:58: ISAKMP: transform 1, ESP_3DES
02:00:58: ISAKMP: attributes in transform:
02:00:58: ISAKMP: SA life type in seconds
02:00:58: ISAKMP: SA life duration (basic) of 3600
02:00:58: ISAKMP: encaps is 1 (Tunnel)
02:00:58: ISAKMP: key length is 192
02:00:58: ISAKMP: authenticator is HMAC-SHA
02:00:58: ISAKMP:(2002):atts are acceptable.
02:00:58: ISAKMP:(2002):Checking IPSec proposal 1
02:00:58: ISAKMP: transform 2, ESP_3DES
02:00:58: ISAKMP: attributes in transform:
02:00:58: ISAKMP: SA life type in seconds
02:00:58: ISAKMP: SA life duration (basic) of 3600
02:00:58: ISAKMP: encaps is 1 (Tunnel)
02:00:58: ISAKMP: authenticator is HMAC-SHA
02:00:58: ISAKMP:(2002):atts are acceptable.
02:00:58: IPSEC(validate_proposal_request): proposal part #1
02:00:58: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 192, flags= 0x0
02:00:58: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
02:00:58: ISAKMP:(2002): processing NONCE payload. message ID = 1105416027
02:00:58: ISAKMP:(2002): processing ID payload. message ID = 1105416027
02:00:58: ISAKMP:(2002): processing ID payload. message ID = 1105416027
02:00:58: ISAKMP:(2002):QM Responder gets spi
02:00:58: ISAKMP:(2002):Node 1105416027, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
02:00:58: ISAKMP:(2002):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
02:00:58: ISAKMP:(2002): Creating IPSec SAs
02:00:58: inbound SA from to 172.30.99.1 (f/i) 0/ 0
(proxy 0.0.0.0 to 0.0.0.0)
02:00:58: has spi 0x48E03F51 and conn_id 0
02:00:58: lifetime of 3600 seconds
02:00:58: outbound SA from 172.30.99.1 to (f/i) 0/0
(proxy 0.0.0.0 to 0.0.0.0)
02:00:58: has spi 0xD4AF8B3C and conn_id 0
02:00:58: lifetime of 3600 seconds
02:00:58: ISAKMP:(2002): sending packet to my_port 500 peer_port 500 (I) QM_IDLE
02:00:58: ISAKMP:(2002):Sending an IKE IPv4 Packet.
02:00:58: ISAKMP:(2002):Node 1105416027, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI
02:00:58: ISAKMP:(2002):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2
02:00:58: IPSEC(key_engine): got a queue event with 1 KMI message(s)
02:00:58: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
02:00:58: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer
02:00:58: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.30.99.1, sa_proto= 50,
sa_spi= 0x48E03F51(1222655825),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 5
sa_lifetime(k/sec)= (4450631/3600)
02:00:58: IPSEC(create_sa): sa created,
(sa) sa_dest= , sa_proto= 50,
sa_spi= 0xD4AF8B3C(3568274236),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 6
sa_lifetime(k/sec)= (4450631/3600)
02:00:58: ISAKMP (2002): received packet from dport 500 sport 500 Global (I) QM_IDLE
02:00:58: ISAKMP:(2002):deleting node 1105416027 error FALSE reason "QM done (await)"
02:00:58: ISAKMP:(2002):Node 1105416027, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
02:00:58: ISAKMP:(2002):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
02:00:58: IPSEC(key_engine): got a queue event with 1 KMI message(s)
02:00:58: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
02:00:58: IPSEC(key_engine_enable_outbound): enable SA with spi 3568274236/50
02:00:58: IPSEC(update_current_outbound_sa): updated peer current outbound sa to SPI D4AF8B3C
02:00:59: ISAKMP (2002): received packet from dport 500 sport 500 Global (I) QM_IDLE
02:00:59: ISAKMP: set new node -1124267365 to QM_IDLE
02:00:59: ISAKMP:(2002): processing HASH payload. message ID = -1124267365
02:00:59: ISAKMP:(2002): processing DELETE payload. message ID = -1124267365
02:00:59: ISAKMP:(2002):peer does not do paranoid keepalives.
02:00:59: ISAKMP:(2002):deleting node -1124267365 error FALSE reason "Informational (in) state 1"
02:00:59: IPSEC(key_engine): got a queue event with 1 KMI message(s)
02:00:59: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
02:00:59: IPSEC(key_engine_delete_sas): delete SA with spi 0xBDD33AB1 proto 50 for
02:00:59: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 172.30.99.1, sa_proto= 50,
sa_spi= 0x539777E6(1402435558),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 3
sa_lifetime(k/sec)= (4412467/3600),
(identity) local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
02:00:59: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= , sa_proto= 50,
sa_spi= 0xBDD33AB1(3184736945),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 4
sa_lifetime(k/sec)= (4412467/3600),
(identity) local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
02:01:00: ISAKMP (2002): received packet from dport 500 sport 500 Global (I) QM_IDLE
02:01:00: ISAKMP: set new node -2105526428 to QM_IDLE
02:01:00: ISAKMP:(2002): processing HASH payload. message ID = -2105526428
02:01:00: ISAKMP:(2002): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = -2105526428, sa = 844CC060
02:01:00: ISAKMP:(2002):deleting node -2105526428 error FALSE reason "Informational (in) state 1"
02:01:00: ISAKMP:(2002):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
02:01:00: ISAKMP:(2002):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
02:01:00: ISAKMP:(2002):DPD/R_U_THERE received from peer , sequence 0x22D
02:01:00: ISAKMP: set new node 971443288 to QM_IDLE
02:01:00: ISAKMP:(2002):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 2220478360, message ID = 971443288
02:01:00: ISAKMP:(2002): seq. no 0x22D
02:01:00: ISAKMP:(2002): sending packet to my_port 500 peer_port 500 (I) QM_IDLE
02:01:00: ISAKMP:(2002):Sending an IKE IPv4 Packet.
02:01:00: ISAKMP:(2002):purging node 971443288
02:01:00: ISAKMP:(2002):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
02:01:00: ISAKMP:(2002):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
02:01:02: ISAKMP (2002): received packet from dport 500 sport 500 Global (I) QM_IDLE
02:01:02: ISAKMP:(2002): processing HASH payload. message ID = 1560671909
02:01:02: ISAKMP:(2002): processing SA payload. message ID = 1560671909
02:01:02: ISAKMP:(2002):Checking IPSec proposal 1
02:01:02: ISAKMP: transform 1, ESP_3DES
02:01:02: ISAKMP: attributes in transform:
02:01:02: ISAKMP: encaps is 1 (Tunnel)
02:01:02: ISAKMP: SA life type in seconds
02:01:02: ISAKMP: SA life duration (basic) of 3600
02:01:02: ISAKMP: SA life type in kilobytes
02:01:02: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
02:01:02: ISAKMP: authenticator is HMAC-SHA
02:01:02: ISAKMP:(2002):atts are acceptable.
02:01:02: IPSEC(validate_proposal_request): proposal part #1
02:01:02: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
02:01:02: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
02:01:02: ISAKMP:(2002): processing NONCE payload. message ID = 1560671909
02:01:02: ISAKMP:(2002): processing ID payload. message ID = 1560671909
02:01:02: ISAKMP:(2002): processing ID payload. message ID = 1560671909
02:01:02: ISAKMP:(2002): Creating IPSec SAs
02:01:02: inbound SA from to 172.30.99.1 (f/i) 0/ 0
(proxy 0.0.0.0 to 0.0.0.0)
02:01:02: has spi 0x84F77E7D and conn_id 0
02:01:02: lifetime of 3600 seconds
02:01:02: lifetime of 4608000 kilobytes
02:01:02: outbound SA from 172.30.99.1 to (f/i) 0/0
(proxy 0.0.0.0 to 0.0.0.0)
02:01:02: has spi 0xCA486707 and conn_id 0
02:01:02: lifetime of 3600 seconds
02:01:02: lifetime of 4608000 kilobytes
02:01:02: ISAKMP:(2002): sending packet to my_port 500 peer_port 500 (I) QM_IDLE
02:01:02: ISAKMP:(2002):Sending an IKE IPv4 Packet.
02:01:02: ISAKMP:(2002):deleting node 1560671909 error FALSE reason "No Error"
02:01:02: ISAKMP:(2002):Node 1560671909, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
02:01:02: ISAKMP:(2002):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
02:01:02: IPSEC(key_engine): got a queue event with 1 KMI message(s)
02:01:02: Crypto mapdb : proxy_match
src addr : 0.0.0.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
02:01:02: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer
02:01:02: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.30.99.1, sa_proto= 50,
sa_spi= 0x84F77E7D(2230812285),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 7
sa_lifetime(k/sec)= (4550947/3600)
02:01:02: IPSEC(create_sa): sa created,
(sa) sa_dest= , sa_proto= 50,
sa_spi= 0xCA486707(3393742599),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 8
sa_lifetime(k/sec)= (4550947/3600)
02:01:02: IPSEC(update_current_outbound_sa): updated peer current outbound sa to SPI CA486707
02:01:02: IPSEC(check_delete_duplicate_sa_bundle): found duplicated fresh SA bundle, aging it out. min_spi=48E03F51
02:01:02: IPSEC(early_age_out_sibling): sibling outbound SPI D4AF8B3C expiring in 30 seconds due to it's a duplicate SA bundle.
02:01:03: ISAKMP (2002): received packet from dport 500 sport 500 Global (I) QM_IDLE
02:01:03: ISAKMP: set new node 2041302203 to QM_IDLE
02:01:03: ISAKMP:(2002): processing HASH payload. message ID = 2041302203
02:01:03: ISAKMP:(2002): processing DELETE payload. message ID = 2041302203
02:01:03: ISAKMP:(2002):peer does not do paranoid keepalives.
02:01:03: ISAKMP:(2002):deleting node 2041302203 error FALSE reason "Informational (in) state 1"
02:01:03: IPSEC(key_engine): got a queue event with 1 KMI message(s)
02:01:03: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
02:01:03: IPSEC(key_engine_delete_sas): delete SA with spi 0xD4AF8B3C proto 50 for
02:01:03: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 172.30.99.1, sa_proto= 50,
sa_spi= 0x48E03F51(1222655825),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 5
sa_lifetime(k/sec)= (4450631/3600),
(identity) local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
02:01:03: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= , sa_proto= 50,
sa_spi= 0xD4AF8B3C(3568274236),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 6
sa_lifetime(k/sec)= (4450631/3600),
(identity) local= 172.30.99.1, remote= ,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
02:01:48: ISAKMP:(2002):purging node 1105416027
02:01:49: ISAKMP:(2002):purging node -1124267365
02:01:50: ISAKMP:(2002):purging node -2105526428
02:01:52: ISAKMP:(2002):purging node 1560671909
02:01:53: ISAKMP:(2002):purging node 2041302203 -
Is a Happy Marriage Possible? New Airport Extreme & ADSL Modem/Router
Is a Happy Marriage Possible? New Airport Extreme & ADSL Modem/Router
1. I’m writing from a rural town in Southern Nepal, very close to India. I’m planning to create a new WI-FI network at a small monastery here. Ideally, we will have two parallel wireless networks: the first network produced by an ADSL router/modem and a second network produced by another router in “repeater” mode.
2. Earlier, someone suggested that, when I post a question, I should provide as many details as possible about the situation here. Forgive me if there is “too much information”. I have to make a trip to the US to buy new networking equipment, so I very much want to get this right. Once I return here, I’ll be pretty much stuck with whatever I get in the US.
3. The future routers will live next to each other in an office and could be linked by a cable (if this is the best route to go). We do not wish to “expand” the network (in the sense of making a larger WI-FI network), but rather wish to simply have two networks, hence one ADSL router/modem and one router with the “repeater” function (out-of-the-box without any jerry rigging). Both WI-FI signals need to travel approximately 100 (largely unobstructed) feet.
4. If my dreams come true, the second router would be an Apple Airport Extreme (AX). An Apple router would be ideal because my experience with Apple routers is happy: they are easy to set up, reliable, and secure. Moreover, we use Apple computers and iOS devices here (and the new AX has the “ac” thing which will be preferable as we replace old machines with new ones).
5. Yet, from reading posts and having my prior questions answered on this website, it may be that with an ADSL modem/router, all the ease and happiness of the Apple ecosystem is lost: while Apple routers seem to connect with each other easily, problems appear to arise when users try to inter-marry our non-Apple products with Apples.
6. Our current, super-crappy 2wire 2701hg-t (ADSL modem/router) covers the 100-foot distance without a problem when it is working and there is Ethernet flowing to us. Frequently, our connection is very bad, and I may be unfairly judging the 2wire 2701hg-t. But, based on user reviews on the America Amazon.com, the 2wire 2701hg-t is pretty terrible: first it is simply old and second, among other problems, it seems to have a poor quality power supply unit. I do observe that it frequently seems to be recycling from scratch as if it had turned off and restarted. In any case, we are replacing it since it may be about 4 or 5 years old.
7. In previous posts on this forum, “LaPastenague” responded to some of my earlier questions about AX and ADSL. Among other things, he pointed out that (1) line-attenuation may be contributing to our poor connection and (2) we must choose a modem/router that is suitable for “long lines.” I’ve looked at our current modem/router statistics page; however, there are no statistics for line-attenuation or noise. (As you will see below, my strategy is to get the “better” modem/router that is suitable for long lines.)
8. Concerning our ADSL service, these are the facts I’ve gleaned from looking at the current router’s configuration pages:
Connection Type: PPPoE
Currently, the router is configured to use WPA-PSK security.
Connection Speed: Incoming: 1024 kbps & Outgoing: 509 kbps
(The following information may be unimportant at this time.)
Broadband Link Diagnostics:
DSL Synchronization: UP
G.DMT Signal: UP
PVC Connection: UP
PPPoE Service: UP
PPP Authentication: UP
IP Connection: UP
DNS Communication: UP
9. The ISP (Nepal Telecom) doesn’t supply a modem/router; however, they do have a list of (at times ancient) hardware and hardware vendors:
http://www.ntc.net.np/internet/adsl/adsl_vendersConf.php
10. Concerning what equipment is available here, what I have observed is that generally the ADSL modem/routers for sale locally, and in the far-away capital Kathmandu, and in nearby India are often also available in the United States, but they are the cheaper, older models. I will have to buy the new equipment in the US this year. At a different institution nearby, they are using the TP-Link modem/router td-w89016 which they purchased locally, I believe.
11. Based in part on LaPastenague’s earlier advice, I want to buy the TP-LINK TD-W8980 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router (2.4GHz 300Mbps+5Ghz 300Mbps, IPv6 Compatible). This appears to be the most popular ADSL device on Amazon now.
Will this modem/router work EASILY with the Airport Extreme in the manner I’ve described? That is, connecting the two with a cable and creating two WI-FI networks.
12. Also, is it generally correct that the best way to connect them is with an Ethernet cable: https://discussions.apple.com/message/23759755#23759755
13. In fact, does connecting them with a cable help alleviate some of the problems that can occur between the Apple device and the ADSL modem/router?
14. If this will work, what “mode” will the AX device be in (again, in order to have two separate networks with separate passwords)? I have heard of the “repeater”, “roaming” , and “bridge” modes.
15. Are there two levels of passwords which need to be considered? Of course, there is the network and network passwords which we create here and which will be different. But, does the Apple also have to have the ISP password like the principle ADSL modem/router?
16. To set this up, what information do I need from the ISP (e.g., passwords, IPs…)?
I think there are a lot of good reasons to use an AX router. Of course, if it is just going to be very cumbersome then, we would be loosing one of the best parts of using Apple products. So, whoever feels knowledgeable enough to reply to this post, please be sincere if you think it is better to avoid the Apple. Apple can rest assured that I will buy other things from them!
In that case, I’d likely buy a second TP-Link device to create a second network:
TL-Wa801NP [AP Mode Multi-SSID Mode AP Client Mode Repeater Mode (WDS / Universal) AP+ Bridge mode (point-to-point / point to Multi-point)].
Thank you in advance. Long live Apple!
Message was edited by: Jess1911I am not sure if there are different interfaces but my 2wire does an excellent job with line info.
I get into this from browser.. using main IP.. in my case 10.0.0.138/MDC
In your case it should be whatever the IP of the 2wire is, followed by /mdc
Give it a try.
As you can see it shows vendor and loads of info about the line.
I rate it the best domestic modem for line info.
A good modem actually albeit a lousy router.
MDC is the diagnostics and Management Console.
3. The future routers will live next to each other in an office and could be linked by a cable (if this is the best route to go). We do not wish to “expand” the network (in the sense of making a larger WI-FI network), but rather wish to simply have two networks, hence one ADSL router/modem and one router with the “repeater” function (out-of-the-box without any jerry rigging). Both WI-FI signals need to travel approximately 100 (largely unobstructed) feet.
You are not repeating.. you are simply setting up two routers which are interconnected, so one is dependent on the other.. ie one is your adsl modem router and that will take the main router function. Your second router is really not working as a router, but as wireless access point (and switch if you plug things in).
That is perfectly fine. You are not roaming in this case since both routers are running different wireless names and networks.. but they are actually using same IP range.. all devices are on the one IP network with two different wireless access points.
4. If my dreams come true, the second router would be an Apple Airport Extreme (AX).
Apple router is fine for this. Easy to configure out of the box.
5. Yet, from reading posts and having my prior questions answered on this website, it may be that with an ADSL modem/router, all the ease and happiness of the Apple ecosystem is lost: while Apple routers seem to connect with each other easily, problems appear to arise when users try to inter-marry our non-Apple products with Apples.
The problem arises when you try and interconnect using wireless extend or repeater.. you are not using wireless to extend, you are using ethernet. Wired has no issues.
11. Based in part on LaPastenague’s earlier advice, I want to buy the TP-LINK TD-W8980 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router (2.4GHz 300Mbps+5Ghz 300Mbps, IPv6 Compatible). This appears to be the most popular ADSL device on Amazon now.
Will this modem/router work EASILY with the Airport Extreme in the manner I’ve described? That is, connecting the two with a cable and creating two WI-FI networks.
It is a good choice.. It should be fine considering how poor your line is.. this modem is proving to have a couple of bugs.. it does not handle torrents well but I would suggest your system is not being used for that purpose. It has some port forwarding issues. Again you are probably not going to overload it.
12. Also, is it generally correct that the best way to connect them is with an Ethernet cable: https://discussions.apple.com/message/23759755#23759755
Absolutely best.. only decent method.
14. If this will work, what “mode” will the AX device be in (again, in order to have two separate networks with separate passwords)? I have heard of the “repeater”, “roaming” , and “bridge” modes.
Bridge. Although if it gives issues there is another method, although rather complex to setup.. not something to worry about now.
15. Are there two levels of passwords which need to be considered? Of course, there is the network and network passwords which we create here and which will be different. But, does the Apple also have to have the ISP password like the principle ADSL modem/router?
Only the adsl modem has the ISP authentication.. it is the box that does the link. The TC just piggy backs.
The passwords on the TC are for its Admin, wireless and disk access.
16. To set this up, what information do I need from the ISP (e.g., passwords, IPs…)?
For ADSL you must have the PPPoE authentication username and password.
So, whoever feels knowledgeable enough to reply to this post, please be sincere if you think it is better to avoid the Apple.
hmmm.. I am biased because I see the issues not all the good stories..
The latest airport and Time Capsule seem to have a few pretty severe bugs.. if they happen to hit you, they are extremely hard to fix if you are in the middle of Nepal. And Apple service centre is a long long way away.
I cannot answer your question from the point of view of a person on the ground in remote area. If the economics of the purchase works for you, great. Go for it.
In terms of wireless coverage.. the Asus AC models or Netgear R7000 kill the Apple. Sorry but it is just fact.
See reviews here.
http://www.smallnetbuilder.com/lanwan/router-charts/bar/113-5-ghz-dn-c
That is average.. if you look at the apple router in the worst location by changing the filters, it comes out worse again.
I cannot post the URL to our local forum here.. (apple doesn't allow it). But in testing with apple clients the asus still beat Apple router soundly.
Pure wireless range is not the only consideration.. but in a mixed environment and since the wireless on the 8980N is not too bad.. then buy Apple router for apple client devices makes good sense.
Maybe the older Gen5.. or two of them.. would do a better job.. with a bit more tested and known hardware.
One thing you do need to check.
Routers from every other brand allow you to select country. Any country from anywhere in the world. Apple routers do not.
If you buy an airport in North America it is coded to North America and offers just a few countries.. USA, Canada I suppose.. what else is North America??
You cannot change it to Nepal.
To get the one for Nepal you must buy the model that covers, South Asia I guess.. I am not sure which it is.
See what the license information is for wifi in Nepal as it might be very different to US and therefore illegal for you to run it in Nepal.
If only the whole world would just bow to America.. we could all follow the FCC regs..
http://en.wikipedia.org/wiki/List_of_WLAN_channels
This only applies to the Apple.. the TP-Link etc allows you to choose Nepal or correct country regulations for wifi.
Buying modems has one tricky bit.. that the actual adsl ATM channel is different in different parts of the world. No modem is usually impossible to setup but some can be difficult if it is pre-configured for US.. this is easy to overcome generally as you can download a firmware for another locality, so you can have local settings.
Maybe you are looking for
-
Hi, Can you drill down from a chart in the Graphic Builder to report in the Report Builder. If yes can someone please help? Thanks
-
Soap handler configuration weblogic v9.2
All the doc. on soap handlers for weblogic version 9x i could find describes using annotations. This works fine when you have the source but not in the case where i only have a "black box" web service in a WAR file. I want to configure a soap handler
-
How to get mail, firstname, lastname of user in OID by java?
Hi all, I'm trying to get mail, firstname, lastname of user in OID, but I don't know how to work Please help me!!! Thanks!!! PS:I can get the userId by this code try InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx(server, server_port, "cn=orc
-
My blackberry 9360 mouse point not working
hi im trying to use my mouse on the phone but it freezes what do u think i should do
-
Which is executed first? af:setPropertyListener and af:commandButton's actionListener
I have two test apps. First app: It has jsf pages. And I have a few fields and a button on the page.The backing bean for my page has a method prepareToBeUpdateOrderRelease(ActionEvent ae). My button looks like this: <af:command