Cisco router 8803G telnet commands
Hello all
i have a Cisco Router 8803G and i would like some help with following commands to be runned by telnet:
1) erase an admin user
2) change the passwork of an admin user
thx in advance
you can see a list of users with the following command:
sh run | include username
Go to config mode and do a
no username USER_YOU_WANT_TO_DELETE
The password can be changed with the same command
username USER_YOU_WANT_TO_CHANGE secret NEWPASSWORD
or in case you don't use hashed passwords:
username USER_YOU_WANT_TO_CHANGE password NEWPASSWORD
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Similar Messages
-
Configure a Cisco router with telnet Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.From this forum description:
Note: If your questions pertain to specific Cisco technology or solution, please post them in the proper community by leveraging the Community Directory so that folks who have expertise within those areas can engage and collaborate to it.
You should consider to delete your question here and recreate in in more appropriate forum. You can wish for quick response then ...
Edit: Thread has been moved by moderator, the notice no longer apply. -
Not able to telnet or ssh to outside interface of ASA and Cisco Router
Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YKHello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards, -
Site-Site VPN PIX501 and CISCO Router
Hello Experts,
I'm having a test lab at home, I configure a site-to-site vpn using Cisco PIX501 and CISCO2691 router, for the configurations i just some links on the internet because my background on VPN configuration is not too well, for the routers configuration i follow this link:
www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
and for the pIX configuration I just use the VPN wizard of pix. Done all the confgurations but ping is unsuccessful. Hope you can help me with this, don't know what needs to be done here (Troubleshooting).
Attached here is my router's configuration, topology as well as the pix configuration. Hope you can help me w/ this. Thanks in advance.YES! IT FINALLY WORKS NOW! Here's the updated running-config
: Saved
PIX Version 7.2(2)
hostname PIX
domain-name aida.com
enable password 2KFQnbNIdI.2KYOU encrypted
names
name 172.21.1.0 network2 description n2
interface Ethernet0
speed 100
duplex full
nameif OUTSIDE
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name aida.com
access-list TO_ENCRYPT_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
pager lines 24
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 0 access-list nonat
nat (INSIDE) 1 192.168.1.0 255.255.255.0
route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username mark password MwHKvxGV7kdXuSQG encrypted
http server enable
http 192.168.1.3 255.255.255.255 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map MYMAP 10 match address TO_ENCRYPT_TRAFFIC
crypto map MYMAP 10 set peer 2.2.2.2
crypto map MYMAP 10 set transform-set MYSET
crypto map MYMAP interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
prompt hostname context
Cryptochecksum:8491323562e3f1a86ccd4334cd1d37f6
: end
ROUTER:
R9#sh run
Building configuration...
Current configuration : 3313 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R9
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authorization config-commands
aaa authorization exec default local
aaa session-id common
resource policy
memory-size iomem 5
ip cef
no ip domain lookup
ip domain name aida.com
ip ssh version 2
crypto pki trustpoint TP-self-signed-998521732
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-998521732
revocation-check none
rsakeypair TP-self-signed-998521732
crypto pki certificate chain TP-self-signed-998521732
A75B9F04 E17B5692 35947CAC 0783AD36 A3894A64 FB6CE1AB 1E3069D3
A818A71C 00D968FE 3AA7463D BA3B4DE8 035033D5 0CA458F3 635005C3 FB543661
9EE305FF 63
quit
username mark privilege 15 secret 5 $1$BTWy$PNE9BFeWm1SiRa/PiO9Ak/
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 1.1.1.1 255.255.255.252
crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
crypto map MYMAP 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set MYSET
match address TO_ENCRYPT_TRAFFIC
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map MYMAP
interface FastEthernet0/1
ip address 172.21.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 2.2.2.1
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list NAT_IP interface FastEthernet0/0 overload
ip access-list extended NAT_IP
deny ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 172.21.1.0 0.0.0.255 any
ip access-list extended TO_ENCRYPT_TRAFFIC
permit ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
transport input ssh
end -
Configure a Cisco router with Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.Hello Eben,
Peter has suggested to use SSH because of the fact that telnet data is sent in clear text, so someone with the right tools could easily find your password and your device could/would be compromised. It is security best practice. SSH is encrypted.
Technically speaking you do not need to change the hostname / domain name. But majority of Cisco documentation follow this method.
In case you are interested on how to do this without change... see below.
Router(config)#
Router(config)#crypto key generate rsa modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa modulus 1024 label CISCO
The name for the keys will be: CISCO
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Router(config)#
*Jul 11 13:27:51.431: %SSH-5-ENABLED: SSH 1.99 has been enabled
Router(config)#
The normal cases just as shown in Cisco documentation, the parser (without a label on the crypto key) would force us to change the hostname, create a domain name. I think the domain name is there to put a label on the keys.
Router(config)#crypto key generate rsa general-keys modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hos
Router(config)#hostname ISR
lexnetISR(config)#crypto key generate rsa general-keys modulus 1024
% Please define a domain-name first.
ISR(config)#ip domain name net.com
ISR(config)#exit
ISR(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: ISR.net.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] -
Help with Remote access VPN on Cisco router 3925 via Dialer Interface
Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
ThanksHi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM up up
Dialer1 210.245.54.49 YES IPCP up up
Dialer2 101.99.7.73 YES IPCP up up
NVI0 192.168.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Virtual-Access3 unassigned YES unset up up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much ! -
Connecting to NME-IPS results in connecting to cisco router itself
Suddenly, without any clear reason, I cannot access the NME-IPS in my router.
Instead it connects to the router console.
The IP address is also pingable.
Output:
gateway#service-module IDS-Sensor 1/0 status
Service Module is Cisco IDS-Sensor1/0
Service Module supports session via TTY line 66
Service Module is in Steady state
Service Module heartbeat-reset is enabled
Getting status from the Service Module, please wait..
Cisco Systems Intrusion Prevention System Network Module
Software version: 7.0(6)E4
Model: NME-IPS
Memory: 443504 KB
Mgmt IP addr: 192.168.11.99
Mgmt web ports: 443
Mgmt TLS enabled: true
gateway#service-module IDS-Sensor 1/0 session
Trying 192.168.11.99, 2066 ... Open
C
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
User Access Verification
Username:If IME is not connecting, is it giving you some sort of error?
Do you have ASDM launcher loaded? if so, does it also fail to connect?
When you launch IME are you prompted for a password, is that failing on the password entry or does it simply fail to connect to the device?
I have not been able to access my NME via https either, I get a Java error, but I pretty much always use Cisco IME to access my NME module so I have not chased down the Java issue. -
Need help with Telnet command in JSP
Here is the code I have been working on but it will not display the buffer to the page..
String [] cmd1 = {"cmd.exe","/c","telnet hqsun1.xx.xxxxx.com"};
Process n;
String T = "" ;
n = Runtime.getRuntime().exec(cmd1);
BufferedReader in1 =
new BufferedReader(new InputStreamReader(
n.getInputStream()));
while((T=in1.readLine()) != null)
out.println(T+"");
Maybe someone has done this before? I am trying to acomplish a telnet net session to the screen with some exicuted commands, because this tool is going to be used to help determine system status when the help desk needs to check on something.
ThanksI don't want to be discouraging, but I'm not quite sure you've thought the problem through. You say that you'd like to create a web page capable of providing various pieces of information to the help desk, and you suggest ping and the output of various canned telnet commands as examples.
What is preventing the help desk from just executing those commands at the command prompt?
I realize that the people working the help desk are (ahem) there for a reason, but it is really much faster for me to just simply type "ping www.mpalfrey.com" at the prompt, then it is for me to fire up the web browser and wait for a response that way. You will likewise find that it is a lot more convenient to perform diagnosis on remote machines directly from the command prompt.
Uh, it's kind of like giving someone a screwdriver, then saying, "oh wait a second" and making them wear an oven mitt in order to use the screwdriver.
But, if you really want to do it this way, the best thing to do is create a wrapper class that directly calls the system command and captures the output to a stringbuffer. Then your JSP page simply has to clone that wrapper via a new() command and trigger it if you go the singleton route. The code would look something like this...
<%@ import page="com.mpalfrey.shellcommands.ping" %>
<%
myPing foo = new myPing( request.getParameter( "victim" ) );
foo.trigger();
%>
Ping results:
<%=foo.results()%>JSP can do a lot of wonderful things, but that doesn't mean you have to do it that way. :) -
How to arrive Password expiration situation in Cisco Router
Hi,
i have to test something on cisco router so i have to achieve this following scenario :-
I am trying to login using ssh username & passoword. so i need to expire this username & password on router.
Anybody tell me how to get this situation in my cisco router.
Thanks,
PranayPranay,
Here is a guide on configuring the SSH username and password on your Cisco device:
http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html
You will need to setup the VTY lines, as well as setup a password in order for this to work.
Judging from the screen shot, you will need to run the commands listed in Global Configuration mode. (configure terminal)
Example:
Router#config t
Router(config)# username Pranay priviledge 15 secret 0 yourpassword
I hope this helps. Please let me know if you need further assistance.
Wes -
Curious message during activation of snmp traps in cisco router 2800
I activated snmp traps in cisco router 2800 (I didn't specify a set of them, so all of them were activated). The thing is, when i configure "snmp-server enable traps", appears a message in the next line :
" %Cannot enable both sham-link state-change interface traps.
%New sham link interface trap not enabled "
Anyway, traps are activated and are completely functional.
I would like to know, why this message appears... and also what is the difference between informs and traps, because I can activate both of the in a router to be sent to the network admin pc.
Thanks in advance.Hi Marcelo,
the snmp-server enable traps command enables just all types of traps that the IOS version supports.
The message apperes because of this two, which are mutually exclusive:
R1(config)#snmp-server enable traps ospf cisco-specific state-change shamlink interfaceR1(config)#snmp-server enable traps ospf cisco-specific state-change shamlink interface-old% Cannot enable both sham-link state-change interface traps.% Deprecated sham link interface trap not enabled.
It's recommended to only enable the traps you really need.
Informs were introduced with SNMPv2, and they have the same format and purpose as traps.
The main difference is that traps are send in a hit-or-miss fashion whereas informs expect an acknowledge and will be re-send if unacknowledged.
Hope that helps
Rolf -
How to create custom GUI interface for Cisco router?
Hello,
I am working on a Cisco solution and I have my router configured for the solution I need. However, if a non-cisco person needs to use my solution then I think he will need a GUI interface which will have few "buttons" which when clicked will run some Cisco commands on Cisco router to make it work. Is there a way to design such GUI interface which is compatible with Cisco routers? I know Cisco has SDM, but that is too involved and detailed, which is useful only for people who know atleast a little bit about Cisco. Here I am looking at crowd who will have 0 knowledge of Cisco.
Please let me know if something like this can be done. If yes, how and how easily?
Thank you.There are lots of ways to do this - you can use SNMP or even HTTP to push or pull commands from Cisco devices. How easy it is to create a GUI depends on your programming skills. I would guess a simple web page triggering backend scripts would be the easiest way to do this.
-
Encapsulation dot1q is not working?, 2600 Cisco router
I am trying to config a 2620 Cisco router to perform subintreface (F0/0.1) for Vlan Trunk Protocol, however when I try to configure the encapsulation dot1q, I continue to receive error massage with ^ symbol below the 'c' See below, the platform version is a 12.3(26) which should be acceptable to perform an (encapsulation dot1q). The Ethernet is a fast-Ethernet 10/100 port. I also try the ISL, I receive the same massage.
Can anyone suggest what could be the problem!!
Thank you all!!!!!
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
Router(config-subif)#encapsulation dot1q 1
^ % Invalid input detected at '^' marker. Router(config-subif)#
==================================================================================================== Router#show version
Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 15:23 by dchih ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Router uptime is 5 minutes System returned to ROM by power-on System image file is "flash:c2600-i-mz.123-26.bin" cisco 2620 (MPC860) processor (revision 0x600) with 28672K/4096K bytes of memory . Processor board ID JAD05440GAN (1508240486) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 1 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Router#
==================================================================================================
Router#sh flash
System flash directory:
File Length Name/status
1 7754580 c2600-i-mz.123-26.bin [7754644 bytes used, 633960 available, 8388604 total]
8192K bytes of processor board System flash (Read/Write)
Router#jesse rodriguez wrote:I am connected through the console, Here are the output.Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Router(config)# Router(config)#int f0/0 Router(config-if)#no ip address Router(config-if)#no shutdown Router(config-if)# *Mar 1 00:01:36.891: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t o up Router(config-if)# Router(config-if)#int f0/0.1Router(config-subif)#enc ? % Unrecognized commandRouter(config-subif)#en? % Unrecognized command Router(config-subif)#en ? % Unrecognized command Router(config-subif)#enJesse
It's possible your feature set it not good enough to run trunking.
Trunking apparently requires a minimum of the IP PLUS feature set according to this document
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml
table 2 shows a minimum IOS of 12.0(1)T and IPPLUS/IPPLUS on the 2620 - so your IOS revision is OK, but maybe your feature set is not.
You can figure which feature set you have by going here
http://tools.cisco.com/ITDIT/CFN/Dispatch?act=rlsSelect&task=search&searchby=image
and entering your image name (assuming it's not been stuffed with) which you can find by doing "show flash" or "dir"
If you don;t have the right feature set, then you're out of luck unless you can upgrade/change the IOS image the router is booting with.
Cheers. -
Ipv6 router vs router ... commands
Hi
I was just wondering whats the difference between the commands:
ipv6 router ospf 1 vs router ospfv3 1
it noticed that if you have used either one you cant use the other command even if it is in the same process.ex ipv6 router ospf 1. If i use router ospfv3 1 it will give an error prompt.
ThanksHi,
the ipv6 router ospf <pid> command creates a process for IPv6 only.
With the router ospfv3 <pid> command, support for Address Families was introduced (similar to AFs used by BGP, EIGRP and IS-IS), so you can run IPv4 and IPv6 under the same process.
There is an interesting Cisco Live Session where this relatively new feature was presented too: BRKRST-2337 - OSPF Deployment in Modern Networks
Cisco White Paper: OSPFv3 Support for Address Families
HTH
Rolf -
Management of integrated AP in Cisco Router 887
Hello!
I have a Cisco Router 887 here, with an integrated AP. This AP is a separate device in the router, with its own software, config, etc.
My problem I can't get the remote management of this AP to work (I'd prefer CLI, which means via SSH).
The router has a separate interface to communicate/manage with the AP:
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan100
arp timeout 0
interface Vlan100
ip address 172.22.2.1 255.255.255.0
After this initial configuration, I can login to the AP *via the router* by issuing this command:
wlan service-module wlan-ap 0 session
When I'm on the router via console, this works! But when I'm on the router via SSH, it won't work:
router#connect 172.22.2.1 2002
Trying 172.22.2.1, 2002 ...
% Connections to that host not permitted from this terminal
I'd like to configure the access to work via an SSH-session also!
My line-configs are as follows:
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class VTY.TRUSTED in
exec-timeout 120 0
transport input ssh
I tried to remove the access-class and allow every protocol (transport input all), but it didn't change it. How can I make this access to work? How can I find out what is preventing it?
*Note: The rest of this posting covers technically a different problem! I would be very happy if i had at least an answer to one of the given problems!
After failing to achieve this, I tried to tackle the problem differently. This time by configuring an IP-Adress on the AP itself, to SSH directly to it. But I also couldn't get this to work!
There is an internal data-connection between router and the integrated AP:
router:
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
AP:
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
interface BVI100
ip address 172.22.2.5 255.255.255.0
bridge 100 route ip
The problem here is: I can't get the IP from BVI100 to work correctly in VLAN100. That is, I can't reach it anywhere from VLAN100. This happens in spite of the fact that the SSID (config not shown, it's a Dot11Radio0.100 subinterface with the corresponding bridge-group 100 attached) works perfectly fine.
In my tests I found if I configure the IP in BVI1 (Vlan1), it's reachable. Just in this case the VLAN 1 is not the VLAN I'd like the management IP to be.
Is there some additional bridge-group config missing? I wouldn't know which, as I see no difference to bridge-group 1, where it would work. The only difference is that VLAN 1 is bridged natively via the internal data-link, whereas VLAN 100 is tagged. As I said, WLAN over these SSIDs/VLANs works as expected.
Thanks,
FlorianOK thanks, I will look into that.
Do you perhaps also have an idea why I can't connect via the internal console port, if I have connected to the router previously via VTY?
router#wlan service-module wlan-ap 0 session
router#connect 172.22.2.1 2002
Trying 172.22.2.1, 2002 ...
% Connections to that host not permitted from this terminal
Thanks,
Florian -
Wireless non-cisco router with aironet 1242 repeater.
Hello everyone. I'm a newbie here. I just started learning about cisco devices. Sorry if my question seems stupid.
I have a problem. A friend gave me an AP aironet 1242 and he wants to use it as a repeater for his wireless non cisco router.
Is this possible? And if it is how can i do it with simple steps.
Thanks in advance!Thanks for the quick response Scott. I 've read this quide before i post.
The problem is that i can't connect with serial to the ap. So i can't use commands.
I can connect with ethernet and see the ap interface. When i go and make the radio0 work as a repeater it shows interface down. What i want is simple steps of how to configure it from the interface.
Sorry again.
Maybe you are looking for
-
Deleting derivation rule for the existing characteristic in operating conce
Hi all My customer has two characteristics" Billing Doc(VBELN)" and" Warranty status" in the development and testing client and not in the production now. Option 1 : Is to delete them but as the data is already posted for the same in the test and
-
What does AM do with Attribute Assertions
Hi, I am sending Auth statement and atribute statement assertion to AM. AM is accepting the Auth assertion and creating the session, but I am not sure what it does it with Attribute assertion? I want to pass these attributes to next AM. How can I do
-
My ipods wifi button is greyed out and will not connect to any wifi
My ipod touch 4g is not connecting to wifi anywhere. My wifi button is greyed out and I have done everything that I can think of to fix it and nothing has worked. I habe restored it many times. I have reset my network settings and all of my settings
-
Oracle 10g ok but after restart can't login.
to all friends i am using RHLE 4 ( AS) successfully i installed oracle 10g configured working properly(user as oracle) i can login to oracle through http://localhost.localdomain:1158/em successfully i login through mozilla.i created table i can inser
-
How to stop a person from creating an order for a particular region?
Hi All, Suppose there are three regions viz : 1.Asia 2.Middle East 3.Europe Now what I want that when a agent /end user is creating an order for a particular person for a specific region, he gets an error message that "Orders cannot be created for th