Cisco router with freeradius
I have cisco Router 7206VXR and freeradius server , what I need is to change the user sevice in cisco router when changing it on freeradius.so if a user has1Mbps speed on freeradius the following commands will be applied to the user virtual interface on cisco router:
rate-limit output 1048000 196608 393216 conform-action transmit exceed-action drop
what I need is to change this command Automatically when changing the user service on freeradius so that the command become :
rate-limit output 2096000 393216 786432 conform-action transmit exceed-action drop (for 2Mbps)
I tried the following configuration but it didnt work:
aaa authorization network <name> group <radius>
aaa server radius dynamic-author
client <freeradius ip address> server-key xxxxx
any suggessions?
Thanks in advance
Framed-IP-Netmask has influence only on NAS side and
it'll insert the correct route into the routing table
(see the enclosed part), but it'll have NO effect
on the client side - meaning that the end-user should
do all addressing by himself.
Routing table for PPP user with one /28 subnet:
U 192.168.1.128/28 [1/0] via 192.168.100.129
C 192.168.1.129/32 is directly connected, Virtual-Access35
/Igor
Similar Messages
-
Wireless non-cisco router with aironet 1242 repeater.
Hello everyone. I'm a newbie here. I just started learning about cisco devices. Sorry if my question seems stupid.
I have a problem. A friend gave me an AP aironet 1242 and he wants to use it as a repeater for his wireless non cisco router.
Is this possible? And if it is how can i do it with simple steps.
Thanks in advance!Thanks for the quick response Scott. I 've read this quide before i post.
The problem is that i can't connect with serial to the ap. So i can't use commands.
I can connect with ethernet and see the ap interface. When i go and make the radio0 work as a repeater it shows interface down. What i want is simple steps of how to configure it from the interface.
Sorry again. -
Trouble connecting Cisco router with cable modem for Internet purposes
So I am requesting help from the Cisco community on this issue as the cable company states there equipment is working fine. At all my facilities I have a guest Internet service setup through a local Internet provide to provide Internet services to the residents and guests. I have the cable modem usually a Motorola SBG6580 or a SMC 8014 (both provided by cable company) connected to my router on a FE or GE interface. I am using static IPs and using the cable modem just as a modem (bridge mode). Over the past several months these connections have just stopped working. I have not made any drastic changes to my router configs; however, the cable company has updated the firmware on these modems. I am wondering if that could affected how the modem and router talk. I was told by the cable company that the modem sees the Cisco router but that the port is inactive. My router shows the port is active and traffic passing. Does anyone have any ideas that could point where the problem lies? I will post a basic config to one that currently does not work. I am using a VRF to route a certain group out, using NAT. Please let me know if I need to post additional info. Any help would be greatly appreciated.
Cisco CISCO2911/K9
Version 15.2(3)T1
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1204RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-3.T.bin
boot-end-marker
card type t1 0 0
logging buffered 64000
aaa new-model
aaa session-id common
clock timezone cst -6 0
clock summer-time CDT recurring
no ipv6 cef
no ip source-route
ip vrf 5
rd 5:1
ip multicast-routing
1
ip dhcp pool Guest
vrf 5
network 10.51.XXX.0 255.255.255.0
default-router 10.51.XXX.XXX
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
multilink bundle-name authenticated
application
global
service alternate default
license udi pid CISCO2911/K9 sn FTX1508AHTM
hw-module pvdm 0/0
redundancy
ip tcp synwait-time 10
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding 5
ip address 10.51.xx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/2
description Guest Intenet access
ip vrf forwarding 5
ip address 24.242.182.182 255.255.255.252 <--Cable company IP, Modem IP is 24.242.182.181
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 9 interface GigabitEthernet0/2 vrf 5 overload
ip route vrf 5 0.0.0.0 0.0.0.0 24.242.182.181
access-list 9 permit 10.51.204.0 0.0.0.255Ok, mysteriously this location just started working yesterday, but I still am dealing with seven others and I really would like to know what is going on. I will give you everything you may need and let me know.
Config:
version 15.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname 1112RTR01
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-1.T.bin
boot-end-marker
aaa new-model
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
no ipv6 cef
no ip source-route
ip vrf GuestVRF
rd 5:1
ip multicast-routing
ip dhcp pool Guest
vrf GuestVRF
network 10.51.112.0 255.255.255.0
default-router 10.51.112.1
dns-server 209.18.47.61 209.18.47.62
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
application
global
service alternate default
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding GuestVRF
ip address 10.51.112.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface GigabitEthernet0/1
description Guest Internet (Time Warner Connection)
ip vrf forwarding GuestVRF
ip address 97.77.116.234 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
ip forward-protocol nd
ip nat inside source list 5 interface GigabitEthernet0/1 vrf GuestVRF overload
ip route vrf GuestVRF 0.0.0.0 0.0.0.0 97.77.116.233
access-list 5 permit 10.51.112.0 0.0.0.255
control-plane
end
router#sh ip arp vrf GuestVRF
router#Internet 97.77.116.233 2 f80b.bee7.e09f ARPA GigabitEthernet0/1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 97.77.116.234 - 8843.e13c.8d99 ARPA GigabitEthernet0/1
router#ping vrf GuestVRF 97.77.116.233
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 97.77.116.233, timeout is 2 seconds:
Success rate is 0 percent (0/5)
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:10
Input queue: 76/75/15/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
81 packets input, 4860 bytes, 0 no buffer
Received 81 broadcasts (0 IP multicasts)
0 runts, 0 giants, 12 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
16 packets output, 1193 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:42
Input queue: 76/75/67/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 1000 bits/sec, 2 packets/sec
408 packets input, 24480 bytes, 0 no buffer
Received 408 broadcasts (0 IP multicasts)
0 runts, 0 giants, 61 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
72 packets output, 5669 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
I am receiving packets in and out of the interface but I cannot ping the modem through the VRF.
router#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 97.77.116.234:3169 10.51.112.39:3169 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:8534 10.51.112.39:8534 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:12244 10.51.112.39:12244 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:14002 10.51.112.39:14002 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:23623 10.51.112.39:23623 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:24489 10.51.112.39:24489 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:24550 10.51.112.39:24550 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:27458 10.51.112.39:27458 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:28603 10.51.112.39:28603 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:37404 10.51.112.39:37404 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:53942 10.51.112.39:53942 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:58125 10.51.112.39:58125 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:64797 10.51.112.39:64797 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:62342 10.51.112.52:62342 209.18.47.62:53 209.18.47.62:53
tcp 97.77.116.234:36559 10.51.112.69:36559 199.167.177.46:1227 199.167.177.46:1227
tcp 97.77.116.234:48895 10.51.112.69:48895 54.195.253.126:5223 54.195.253.126:5223
tcp 97.77.116.234:58385 10.51.112.69:58385 54.195.243.137:5223 54.195.243.137:5223
Pro Inside global Inside local Outside local Outside global
tcp 97.77.116.234:58658 10.51.112.71:58658 31.13.66.165:443 31.13.66.165:443
udp 97.77.116.234:3066 10.51.112.72:3066 209.18.47.62:53 209.18.47.62:53
udp 97.77.116.234:3884 10.51.112.72:3884 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:6656 10.51.112.72:6656 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:11194 10.51.112.72:11194 209.18.47.61:53 209.18.47.61:53
udp 97.77.116.234:11774 10.51.112.72:11774 209.18.47.62:53 209.18.47.62:53
Let me know if you need anything else. I need to figure this out and I just don't get it because the other site wasn't working a few days ago and all of a sudden it is working again but others are still not. -
Does anyone configure cisco router with MGCP to link Call agent Clarent ?
hi,
We require to configure As5300 with MGCP to link Clarent call agent. Does anyone have cisco router configuration ?
thanks.
best regards.
fred.Below is the sample configuration for the 5300 to Call-Agent. This is also dependant on which package is configured on the call-agent so we can configure it accordingly. Hope this helps.
version 12.3
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AS5300-5
boot system tftp c5300-is-mz.123-2.T1 171.68.191.135
logging buffered 100000 debugging
enable password xxxx
backhaul-session-manager
set bh5300-vsc1 client nft
group bhgrp1 set bh5300-vsc1
session group bhgrp1 172.16.20.35 7007 172.16.20.28 7007 0
isdn switch-type primary-ni
isdn voice-call-failure 0
no scripting tcl init
no scripting tcl encdir
voice call carrier capacity active
voice class codec 1
codec preference 1 g723r63
codec preference 2 g711ulaw
no voice hpi capture buffer
no voice hpi capture destination
dial-control-mib retain-timer 240
dial-control-mib max-size 600
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24 service mgcp
controller T1 1
framing esf
clock source line secondary 1
linecode b8zs
ds0-group 0 timeslots 1-24 type none service mgcp
controller T1 2
framing esf
clock source line secondary 2
linecode b8zs
controller T1 3
framing esf
clock source line secondary 3
linecode b8zs
interface Ethernet0
no ip address
no ip mroute-cache
shutdown
interface Serial0
no ip address
no ip mroute-cache
shutdown
clockrate 2015232
no fair-queue
interface Serial1
no ip address
no ip mroute-cache
shutdown
clockrate 2015232
no fair-queue
interface Serial2
no ip address
no ip mroute-cache
shutdown
clockrate 2015232
no fair-queue
interface Serial3
no ip address
no ip mroute-cache
shutdown
clockrate 2015232
no fair-queue
interface Serial0:23
no ip address
isdn switch-type primary-ni
isdn bind-l3 backhaul bh5300-vsc1
no cdp enable
interface FastEthernet0
ip address 172.16.20.28 255.255.255.192
no ip mroute-cache
duplex full
speed auto
no cdp enable
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.20.1
no ip http server
radius-server host 172.21.59.165 auth-port 1645 acct-port 1646
radius-server key xxxxxxxx
radius-server vsa send accounting
voice-port 0:23
voice-port 1:0
mgcp
mgcp call-agent 172.16.20.35 2427 service-type mgcp version 0.1
mgcp quarantine mode loop
mgcp package-capability dtmf-package
mgcp package-capability rtp-package
mgcp package-capability as-package
mgcp default-package gm-package
mgcp profile default
timeout tsmax 100
no max1 lookup
dial-peer cor custom -
Configure a Cisco router with Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.Hello Eben,
Peter has suggested to use SSH because of the fact that telnet data is sent in clear text, so someone with the right tools could easily find your password and your device could/would be compromised. It is security best practice. SSH is encrypted.
Technically speaking you do not need to change the hostname / domain name. But majority of Cisco documentation follow this method.
In case you are interested on how to do this without change... see below.
Router(config)#
Router(config)#crypto key generate rsa modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa modulus 1024 label CISCO
The name for the keys will be: CISCO
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Router(config)#
*Jul 11 13:27:51.431: %SSH-5-ENABLED: SSH 1.99 has been enabled
Router(config)#
The normal cases just as shown in Cisco documentation, the parser (without a label on the crypto key) would force us to change the hostname, create a domain name. I think the domain name is there to put a label on the keys.
Router(config)#crypto key generate rsa general-keys modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hos
Router(config)#hostname ISR
lexnetISR(config)#crypto key generate rsa general-keys modulus 1024
% Please define a domain-name first.
ISR(config)#ip domain name net.com
ISR(config)#exit
ISR(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: ISR.net.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK] -
Configure a Cisco router with telnet Username and Password.
Hello Guys,
Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
Regards,
Eben.From this forum description:
Note: If your questions pertain to specific Cisco technology or solution, please post them in the proper community by leveraging the Community Directory so that folks who have expertise within those areas can engage and collaborate to it.
You should consider to delete your question here and recreate in in more appropriate forum. You can wish for quick response then ...
Edit: Thread has been moved by moderator, the notice no longer apply. -
Cisco Router with IKEV2 support
Hi, Does anyone know a router ios for c3600, c7200, c2600 that support ikev2? (command crypto ikev2 )
Thanks karsten. Do u have the IKEv2 configuration (command line) for IOS router. Following are the phase 1 and phase 2 requirements.
Phase 1
Authentication method : preshared
Encryption Algorithm : AES-256
Hash : MD5
DH : Group 2
Lifetime : 1440 minutes
Mode : Main mode
Phase 2
Encapsulation : ESP
Encryption Algorithm : 3DES
Hash : SHA-1
PFS : No PFS
Lifetime : 3600 seconds -
I cant connect to my cisco router with a computer using wireless...
When ever i try and connect to my wireless router is says, "This network is marked as Hidden and is either out of range or this computers settings dont match the router".
This is driving me crazy i just want to use my internet...
Please help me, ye i know how to get into my router setting using the default gateway i just need to know what to change...Log on to your router and go to wireless. Enable ssid. If it is showing Linksys, change it to something else. Now click on Wireless security and write down all the settings. Make sure they match the ones in your computer under wireless connections.
Greetings from Northern Ontario, Canada -
Connectivity IBM 2210 router with Cisco
Customer have existing IBM 2210 routers, and they just bought Cisco router for their expanded network. So they need to integrate Cisco router with their old IBM routers by connecting SDLC-to-SDLC between 3746 and 3174.
The diagram is like follow:
3174 -sdlc- IBM2210 --ethernet-- Cisco -sdlc- 3746
Is this connection possible? Can be done by using DLSw or other way?
Since I've never handled IBM router before.
Thanks a lot,
ChrisProviding the IBM router can handle DLSW to SDLC, then it should work with DLSW. The Cisco router does convert from SDLC to DLSW, although this is not part of the DLSW standard, but it is transparant to the other end what media the end device is on.
-
Not able to telnet or ssh to outside interface of ASA and Cisco Router
Dear All
Please help me with following question, I have set up testing lab, but still not work.
it is Hub and spoke site to site vpn case, connection between hub and spoke is metro-E, so we are using private ip for outside interface at each site.
Hub -- Juniper SRX
Spoke One - Cisco ASA with version 9.1(5)
spoke two - Cisco router with version 12.3
site to site vpn has been successful established. Customer would like to telnet/ssh to spoke's outside ip from Hub(using Hub's outside interface as source for telnet/ssh), or vise versa. Reason for setting up like this is they wants to be able to make configuration change even when site to site vpn is down. Sound like a easy job to do, I tried for a long time, search this forum and google too, but still not work.
Now I can successfully telnet/ssh to Hub SRX's outside interface from spoke (ASA has no telnet/ssh client, tested using Cisco router).
Anyone has ever done it before, please help to share your exp. Does Cisco ASA or router even support it?
When I tested it, of cause site to site vpn still up and running.
Thanks
YKHello YK,
On this case on the ASA, you should have the following:
CConfiguring Management Access Over a VPN Tunnel
If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec LAN-to-LAN, and the AnyConnect SSL VPN client.
To specify an interface as a mangement-only interface, enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when entering the security appliance from another interface.
You can define only one management-access interface
Also make sure you have the pertinent configuration for SSH, telnet, ASDM and SNMP(if required), for a quick test you can enable on your lab Test:
SSH
- ssh 0 0 outside
- aaa authentication ssh console LOCAL
- Make sure you have a default RSA key, or create a new one either ways, with this command:
*crypto key generate rsa modulus 2048
Telnet
- telnet 0 0 outside
- aaa authentication telnet console LOCAL
Afterwards, if this works you can define the subnets that should be permitted.
On the router:
!--- Step 1: Configure the hostname if you have not previously done so.
hostname Router
!--- aaa new-model causes the local username and password on the router
!--- to be used in the absence of other AAA statements.
aaa new-model
username cisco password 0 cisco
!--- Step 2: Configure the router's DNS domain.
ip domain-name yourdomain.com
!--- Step 3: Generate an SSH key to be used with SSH.
crypto key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 3
!--- Step 4: By default the vtys' transport is Telnet. In this case,
!--- Telnet and SSH is supported with transport input all
line vty 0 4
transport input All
*!--- Instead of aaa new-model, the login local command may be used.
no aaa new-model
line vty 0 4
login local
Let me know how it works out!
Please don't forget to Rate and mark as correct the helpful Post!
David Castro,
Regards, -
L2tpv3 dialing from cisco router
I have requirement where customer wants ip dialing to LNS from cisco router with the help of l2tpv3.
Could anyone tell me how to configure this.
regards
shivlu jainHello Shivlu,
in one of our routers the backup link is configured in this way
pseudowire-class netvision-l2tp
encapsulation l2tpv2
interface Virtual-PPP1
description NETVISION DIALER
ip address negotiated
ip nat outside
ip virtual-reassembly
no cdp enable
ppp pap sent-username password 0 41003827
pseudowire x.x.x.x 2 pw-class netvision-l2tp
crypto map VPN_MAP
where x.x.x.x is a public ip address
ip route x.x.x.x 255.255.255.255 g0/1
completes this solution where this g0/1
sh run int gi0/1
Building configuration...
Current configuration : 157 bytes
interface GigabitEthernet0/1
description CONNECTION TO CABLE MODEM
ip address dhcp
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
end
and it receives a private ip address from DHCP on a cable modem access network.
but it uses l2tpv2 not L2tpv3 and I've always seen l2tpv2 in this context.
Hope to help
Giuseppe -
Airport Time capsule behind cisco router download speed
My airport time capsule is connected to the internet in bridge mode via a cisco router.
The cisco router provides a 99Mbps download speed. However, when I " bridge" my time capsule in between (wired) the speed slows down to 9 Mbps.
I have already tried to assign a static DHCP IP to my time capsules MAC address and disabled DMZ for that specific IP address, but am failing to get the speed up to par.
Any suggestions?I have used Time capsule 1.5 year behind a copperjet modem on ADSL, no problems.
Changed provider and am connected by cable with new cisco modem including router.
So the set up looks like:
internet>cisco modem/router>airport time capsule>macbook pro
The cisco modem without airport time capsule is working ok: when logged in speed is 99 Mbps as it should be (wired and wireless)
Connecting cisco router with UTP cable to time capsule and time capsule with UTP to macbook slows down speed to 9 Mbps
(time capsule in bridgemode)
Specs:
Macbook pro OSX yosemite
Airport Time capsule 2TB 2013 (v 7.7.3)
Cisco modem/router:EPC3928 -
Low cost router with DHCP option 66
I am trying to find the lowest cost Cisco router with option 66. I use the router in conjunction with spa50x phones and need to be able to have them config at boot up.
I was using the srp521. It was suggested to use the isa550, but that just got an EOL. Do any of the RV routers support it, I did not find it on a rv110 and I know its not on the rv042. It seems to me that this is a functionality that should be on a router aimed at a small business.
SageDear Sage,
Thank you for reaching the Small Business Support Community.
Unfortunately none of the Small Business routers were intended to provide DHCP option 66 for IP Phones configuration via TFTF server. I suggest you to look for a enterprise device for that matter, like an ASA for example, and you can also inquire about a low cost option from their community support forum.
My job role in Cisco, among several, is to identify business opportunities and product enhancements for the Small Business products so I am definitely going to suggest this option 66 feature for future firmware releases.
Please do not hesitate to reach me back if there is anything I may assist you with in the meantime.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
Remote access VPN with Cisco Router - Can not get the Internal Lan .
Dear Sir ,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Below is the IP address of the device.
Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
IP address:10.10.10.1
Mask:255.255.255.0 F0/0
IP Address :20.20.20.1
Mask :255.255.255.0
F0/1
IP address :192.168.1.3
Mask:255.255.255.0
F0/0
IP address :20.20.20.2
Mask :255.255.255.0
F0/1
IP address :192.168.1.1
Mask:255.255.255.0
I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
Need your help to fix the problem.
Router R2 Configuration :!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip tcp synwait-time 5
interface FastEthernet0/0
ip address 20.20.20.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
end
Router R1 Configuration :
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login USERAUTH local
aaa authorization network NETAUTHORIZE local
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
username vpnuser password 0 strongpassword
ip tcp synwait-time 5
crypto keyring vpnclientskey
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group remotevpn
key cisco123
dns 192.168.1.2
wins 192.168.1.2
domain mycompany.com
pool vpnpool
acl VPN-ACL
crypto isakmp profile remoteclients
description remote access vpn clients
keyring vpnclientskey
match identity group remotevpn
client authentication list USERAUTH
isakmp authorization list NETAUTHORIZE
client configuration address respond
crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set TRSET
set isakmp-profile remoteclients
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
interface FastEthernet0/0
ip address 20.20.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPNMAP
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip forward-protocol nd
ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
no ip http server
no ip http secure-server
ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
ip access-list extended NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
endDear All,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Waiting for your responce .
--Milon -
How do I make airport time capsule work with Linksys cisco router?
Hi all.
I bought an airport time capsule 3T and want to connect it to the internet, using a macbook with OS X 10.9.2. Currently I am using a Linksys Cisco router model WAG54G2.
I followed the steps of the setup airport guide: Connected the WAN port of the airport with an ethernet port on the router, plugged in the power cable, filled in the internet username and password. In Airport Utility I can see the airport and the internet icon, both with green dots most of the time. But it seems to disconnect every minute or so, green dots turning orange and the status light on the airport flashing orange. The internet light on the linksys also goes on and off. When the internet is on, it is quite slow.
Advice is welcome!
KeesNo guarantees here. AirPort Utility 6.3.1 is a big drop down from the 5.x versions in Leopard and Snow Leopard.
Hold in the reset button on the back of the Time Capsule for 9-10 seconds and release
Allow a full minute for the TC to restart to a slow, blinking amber light
Click the AirPort icon at the top of the screen and wait a few seconds for a listing of New AirPort Base Station to appear. Just below that, click on Time Capsule.
The example below shows an AirPort Express. You will see Time Capsule.
As soon as you click on the Time Capsule, AirPort Setup will open up automatically and take a minute to analyze the network....and probably suggest that the Time Capule will be configured to "extend"....which is wrong.
Click the Other Options button at the lower left
Click Add to an existing network
Next to Connect To.....select the wireless network name from the drop down list....if it appears. Otherwise type in the exact name of the wireless network.
Click Next
Confirm any settings again and wait to see if AirPort Utility 6.3.1 will allow the Time Capsule to join the wireless network.
You have about a 1 in 5 chance that this will occur.
Post back on your results.
Maybe you are looking for
-
Hi friends some of the employees has retire/separate in may 2008 but in september their provident fund is coming wage type are /3F3 Er PF contribution =65 /3F4 Er Pension contribution = -65 same scenario is coming for some employees. please advis
-
Add'l Partitions to Dual-Boot Win 8/Arch Linux
I'm hoping to get a dual-boot arrangement going on my refurbished Asus Q200E Netbook that Santa brought! Here's what the hard drive looks like now: Asus tells me the following: sda1: System Files to start sda2: Recovery sda3: OS automatically created
-
SCSM/SCOM - add resolution details to SCSM incident when SCOM alert closes
When I set up the process with SCOM/SCSM integration I noticed that when SCOM sends back the message to SCSM that the alert is "closed" and SCSM Resolves the ticket, it doesn't tag the resolution description and resolution category. So basically wh
-
HELP!!! WITH ELE. 12 RE SHARING PHOTO MAIL
While using Elements 10 I could send photos from my organizer using photo mail with Adobe email. Since installing Elements 12 I have requested several times to have a code needed to setup this procedure for 12. Why have I not received the email wit
-
I have a 7200 printer installed in my network, however my new HP laptop can not find it. CD will not work with windows 7, download from HP site did not help. have also tried using IP address to find the printer to no avail ?