Cisco switch/router authentication

Similar Messages

• What's "SAVE" configuration command for Cisco switch/ router?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
  but so long, any other command that easy to remenber?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
  any other command that easy to remenber?
  yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

• From where can i download cisco "CCT Routing & Switching" free ebook

  plz tell me that from where can i download cisco "CCT Routing & Switching" free ebook.thanks

  If you mean this book:
  http://www.amazon.com/Routing-Switching-Secrets-Successful-Certified/dp/148615980X
  If it not free.  Looks like it may have been freely distributed at one time, but is not anymore.
  Based on the Amazon reviews, the book is not very valuable.
  You are better off using resources from http://learningnetwork.cisco.com.

• SSLVPN with iPhone Anyconnect and Cisco IOS Router, Certificate Authentication failed

  Hello,
  i have a problem regarding the authentication with a certificate from the iPhone Anyconnect 2.5 Client to a 1802 Cisco Router.
  Cisco 1802 Router:
  Cisco IOS Software, C180X Software (C180X-ADVENTERPRISEK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
  First i configured SSLVPN with username and password, in this configuration the Anyconnect Client of my iPhone works.
  then i enrolled a certificate from my Windows 2008 R2 CA to the Router with the Attributes: Server Authentication and IPSEC
  and i enrolled a certificate for my iPhone with Client Authentication and IPSEC
  after a bunch of time ( i realy could not find a really good documentation on how to do this) i got it done, in the webvpn context configuration i made this changes here:
  no aaa authentication list default
  authentication certificate
  ca trustpoint CA
  as the "SSL VPN Configuration Guide, Cisco IOS Release 15.1M&T" says: if i want only certificate authentication i had to user the "authentication certificate" command and thats it.
  as i look into the debugs it seems to me that the Router accepts the certificate of the iPhone, but then i receive a window on the iphone that wants an additional username and password authentication, and no matter what i enter there's always the same dialog coming back..
  any ideas what the problem could be???
  here is the configuration:
  webvpn gateway WEBVPN_GW_OFFICE2
  ip interface Dialer0 port 1444
  ssl trustpoint CA
  inservice
  webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 1
  webvpn install svc flash:/webvpn/anyconnect-win-3.0.4235-k9.pkg sequence 2
  webvpn install svc flash:/webvpn/anyconnect-dart-win-2.5.3055-k9.pkg sequence 3
  webvpn context WEBVPN_CONTEXT2
  secondary-color white
  title-color #669999
  text-color black
  ssl authenticate verify all
  policy group WEBVPN_POLICY2
     functions svc-enabled
     mask-urls
     svc address-pool "SSLVPN_OFFICE1"
     svc default-domain "domain.internal"
     svc keep-client-installed
     svc split include 192.168.0.0 255.255.0.0
     svc dns-server primary 192.168.53.33
     svc dns-server secondary 192.168.53.35
  virtual-template 3
  default-group-policy WEBVPN_POLICY2
  gateway WEBVPN_GW_OFFICE2
  authentication certificate
  ca trustpoint CA
  inservice
  here is the debug:
  OfficeRouter1# PASSING appctx is [0x89FAFFCC]
  Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.607: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x15A07AB8, len: 469,
        offset: 0, domain: 0)
  Nov 19 22:39:53.607: WV: http request: / with no cookie
  Nov 19 22:39:53.607: WV: validated_tp : CA cert_username :  matched_ctx :
  Nov 19 22:39:53.607: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:39:53.607: WV: Trustpoint match successful
  Nov 19 22:39:53.607: WV: Extracted username:  pass: ?
  Nov 19 22:39:53.607: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=661 bytes=661 tcb=0x8811FE60
  Nov 19 22:39:53.607: WV: Appl. processing Failed : 2
  Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
  BueroRouter1# PASSING appctx is [0x89FAEEC4]
  Nov 19 22:40:24.028: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.032: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.132: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.132: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x160C4038, len: 469,
        offset: 0, domain: 0)
  Nov 19 22:40:24.132: WV: http request: / with no cookie
  Nov 19 22:40:24.132: WV: validated_tp : CA cert_username :  matched_ctx :
  Nov 19 22:40:24.132: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:40:24.132: WV: Trustpoint match successful
  Nov 19 22:40:24.132: WV: Extracted username:  pass: ?
  Nov 19 22:40:24.132: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=661 bytes=661 tcb=0x88D11EEC
  Nov 19 22:40:24.136: WV: Appl. processing Failed : 2
  Nov 19 22:40:24.136: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.764: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.880: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.892: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x1616FD38, len: 610,
        offset: 0, domain: 0)
  Nov 19 22:40:39.892: WV: http request: /webvpn.html with domain cookie
  Nov 19 22:40:39.892: WV: validated_tp :  cert_username :  matched_ctx :
  Nov 19 22:40:39.892: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:40:39.892: WV: Trustpoint match successful
  Nov 19 22:40:39.892: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=607 bytes=607 tcb=0x88D11EEC
  Nov 19 22:40:39.892: WV: Appl. processing Failed : 2
  Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event

  http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml
  HI,
  Refer to
  AnyConnect VPN Client FAQ
  Q. Is it possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router?
  A. No. It is not possible to connect  the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router.  AnyConnect on iPad/iPhone can connect only to an ASA that runs version  8.0(3).1 or later. Cisco IOS is not supported by the AnyConnect VPN  Client for Apple iOS. For more information, refer to the Security Appliances and Software Supported section of the Release Notes for Cisco AnyConnect Secure Mobility Client 2.4, Apple iOS 4.2 and 4.3.

• Can Cisco switch WS-C3650- 24TS-S with ip based services do the ospf routing?

  Can Cisco switch WS-C3650- 24TS-S with ip based services do the Ospf routing?
  Is it necessary to have IP Services features? 

  Yes, IP Base supports OSPF.
  This is web page to check all features:
  http://tools.cisco.com/ITDIT/CFN/jsp/SearchBySoftware.jsp

• Linksys router with cisco switch

  Hello everyone,
  Just wondering if i can connect a cisco switch to my linksys router. Any info will be helpful. Thanks.

  Well, you should be more specific what info you need.
  Your question is answered with: yes, you connect a cisco switch to a linksys router. You can connect pretty much any ethernet switch or hub to a linksys router.
  Beyond that I don't know what you want to know and thus cannot really give you more info.

• I am loosing configuration when I power off my Cisco 857 router

  I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
  Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
  I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
  It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
  I tried it again and it again lost settings. So I found following instruction:
  http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
  I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
  0x2102 not 0x2142 like they think that is password reset mode.
  Here is my output from Hyper Terminal:
  =============================
  Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool   import all   network 10.10.10.0 255.255.255.248   default-router 10.10.10.1   lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config  hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38  encapsulation aal5mux ppp dialer  dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for  one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar  1 01:19:27.786: %SYS-5-RELOAD: Reload requested  by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK]              Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.           cisco Systems, Inc.           170 West Tasman Drive           San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected               ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar  1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized*Mar  1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled*Mar  1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar  1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar  1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar  1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar  1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar  1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar  1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar  1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar  1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar  1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar  1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar  1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar  1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar  1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar  1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar  1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar  1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar  1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
  Please help me as I am stuck and can't go any further....

  Hi David White,
  Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
     write memory
  to save the configuration.  You can then verify that your changes have been saved to the startup config by issuing:
     show startup-config"
  The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
  Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
  Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
  Phillip
  write memory
  is
  copy running-config startup-config"
  Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
  I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
  I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
  Could you please write me step by step guide how can I make changed options stay permanently on router?
  thank you
  Dragan

• Problem with Cisco 861W router and outgoing VPN

  We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
  Here is the Access Point Configuration:
  Current configuration : 2100 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname obap
  enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
  no aaa new-model
  dot11 syslog
  dot11 ssid OLIVER
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 0 XXXXXXXXXXX
  username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm tkip
  ssid OLIVER
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecti
  ng AP with the host router
  no ip address
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.0.2 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  banner login ^CC
  % Password change notice.
  Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
  It is strongly suggested that you create a new username with privilege level
  15 using the following command for console security.
  username <myuser> privilege 15 secret 0 <mypassword>
  no username cisco
  Replace <myuser> and <mypassword> with the username and password you want to
  use. After you change your username/password you can turn off this message
  by configuring  "no banner login" and "no banner exec" in privileged mode.
  ^C
  line con 0
  privilege level 15
  login local
  no activation-character
  line vty 0 4
  login local
  cns dhcp
  end
  obap#
  Here is the Router's Configuration:
  Current configuration : 5908 bytes
  ! No configuration change since last restart
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname obrouter
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
  no aaa new-model
  memory-size iomem 10
  clock timezone PCTime -5
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-1856757619
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1856757619
  revocation-check none
  rsakeypair TP-self-signed-1856757619
  crypto pki certificate chain TP-self-signed-1856757619
  certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
    34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
    35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
    7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
    071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
    B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
    F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
    551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
    0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
    1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
    06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
    DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
    F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
    B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
    505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
          quit
  no ip source-route
  ip dhcp excluded-address 192.168.0.1 192.168.0.99
  ip dhcp pool ccp-pool1
     import all
     network 192.168.0.0 255.255.255.0
     dns-server 216.49.160.10 216.49.160.66
     default-router 192.168.0.1
  ip cef
  no ip bootp server
  ip domain name brushhog.com
  ip name-server 216.49.160.10
  ip name-server 216.49.160.66
  license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
  username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description $ES_WAN$$FW_OUTSIDE$
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  pppoe-client dial-pool-number 1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1412
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1452
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname XXXXXXXXXXXXX
  ppp chap password 7 XXXXXXXXXXXXXXXX
  ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
  no cdp enable
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.0.0 0.0.0.255
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  login local
  no modem enable
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  privilege level 15
  login local
  transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end
  Any help would be appreciated

  Hello,
  i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  Can someone help?
  Thank you.
  Here is my config for internal AP and router.

• RADIUS and Cisco 2611 router

  Greetings. First, let me start by saying I am an idiot, I know I am an idiot, and I apologize for wasting everyone's time. I have actually RTFM, many RTFMs, in fact, and I still have not found a resolution.
  Second, I am trying to set up a RADIUS server in my test network. I have installed ClearBox RADIUS on a Windows 2000 system. I have the following configuration on my Cisco 2611 router:
  Using 2297 out of 29688 bytes
  ! Last configuration change at 17:20:27 PDT Tue May 20 2008
  ! NVRAM config last updated at 17:20:29 PDT Tue May 20 2008
  version 12.1
  no service single-slot-reload-enable
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname Tester
  logging buffered 10000 debugging
  aaa new-model
  aaa group server radius RadiusServers
  server 172.26.0.2 auth-port 1812 acct-port 1813
  aaa authentication login default group RadiusServers local
  aaa authentication login localauth local
  aaa authentication ppp default if-needed group radius local
  aaa authorization exec default group radius local
  aaa authorization network default group radius local
  aaa accounting delay-start
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa processes 6
  enable secret xxx
  username test password xxx
  clock timezone PST -8
  clock summer-time PDT recurring
  ip subnet-zero
  no ip domain-lookup
  no ip bootp server
  interface Loopback0
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/0
  description To Main Network
  ip address X.X.X.X 255.255.255.128
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  full-duplex
  no cdp enable
  interface Ethernet0/1
  description To Internal Network
  ip address 172.26.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  load-interval 30
  full-duplex
  no cdp enable
  ip nat pool test X.X.X.X X.X.X.X netmask 255.255.255.128
  ip nat inside source list 3 pool test overload
  ip nat inside destination list 3 pool test
  ip classless
  ip route 0.0.0.0 0.0.0.0 X.X.X.X
  no ip http server
  ip radius source-interface Ethernet0/1
  access-list 3 permit 172.26.0.0 0.0.0.255
  no cdp run
  snmp-server community public RO 15
  radius-server host 172.26.0.2 auth-port 1812 acct-port 1813 key secret
  radius-server retransmit 3
  radius-server key secret
  line con 0
  password xxx
  logging synchronous
  line aux 0
  line vty 0 4
  access-class 10 in
  password 7 1234567890
  logging synchronous
  ntp clock-period 17208108
  ntp server 192.43.244.18
  end
  My RADIUS server is up and responding to requests, but my router does not appear to be forwarding authentication requests to it. In fact, when I log into the router using HyperTerm, it times out, and I end up authenticating locally.
  I really don't care whether my Cisco equipment authenticates against the RADIUS server, but I do need to get it set up to authenticate my users so I can track their time online. What have I missed in my router configuration? Why isn't it forwarding user authentication requests to the RADIUS server.
  Thank you for any assistance you may be able to provide.

  I have found that if I am in the middle of composing a response, and I open the thread in another browser window (to refer to it), when I go to submit my response, it doesn't get posted. Perhaps you are running into the same thing.
  The command I shared:
  aaa authentication enable default group radius local
  ... was erroneous. The keyword should have been "enable", as you have discovered.
  Therefore use:
  aaa authentication enable default group radius enable
  When I view a Wireshark trace I see the following:
  AVP: l=18 t=User-Password(2): Decrypted: "user-PWD\000\000\000\000\000\000\000\000"
  Like you, I see the user password appended with the group of \000 grouping's.
  Note the word "Decrypted" which confirms that the password entered in Wireshark is a match with that entered on the AAA client (for what that's worth).
  I'm not sure if I suggested that this would confirm that the server and client were using the same shared secret. If I did, I miss-spoke. I think we would have to gauge the server's response to the attributes we see passed by the client.
  The Wireshark decryption is much more dramatic with TACACS+ because the whole payload is encrypted.
  My issue with your PPPoE is that I saw no "interface" on the router that is configured to perform such authentication. I do seem to recall a global authentication command with the PPP keyword perhaps. I have not attempted to do this, and am not sure whether the interfaces in your router will support this method. Perhaps someone else will weigh in with an opinion.
  However, there are other mainstream authentication methods that I think you should investigate as well.
  You could implement 802.1x on a switch so that a host has to authenticate before it can gain Layer 3 access to the LAN. Depending on the platform, you can download VLAN assignments and ACLs.
  I believe the router also supports 802.1x, but that may determine whether a host can get "through" the router. I have not had cause to investigate 802.1x on the router. I may do so in the future to authorize access to IPsec tunnels.
  The router is also likely to support Authentication Proxy. This feature intercepts a user's attempt to browse resources on the other side of the router. User specific ACLs can be downloaded to the router (from RADIUS) to control what resources a user can access.
  I think you should:
  1. Resolve the issue(s) with AAA logins on the router. It'll establish a baseline of functionality, and give you some short term joy.
  2. Investigate whether PPPoE support exists on your router's interfaces.
  3. Read up on 802.x and Authentication Proxy (docs on Cisco web site).
  4. Decide which methods appeals to you.
  5. Dive in.
  I'd lose the self-deprecation. I don't think it will serve you well. If you're treated badly, move to a newsgroup where the participants display a higher level of emotional maturity. I don't think you will have an issue on the Cisco forums. Others would probably step in.
  I'm going to be absent for several days, so if you don't receive any response, it will be for said reason.
  Good luck.

• Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: Can Ping a device in another VLAN, that device cannot ping back

  Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: From the Switch I can Ping a device in another VLAN, that device cannot ping back. Some devices can ping devices in other VLANs and the device in the other VLAN can successfully return the Ping. Have a look at the attached diagram.
  Router Config:
  show run
  Building configuration...
  Current configuration : 7224 bytes
  ! Last configuration change at 09:05:48 EDT Wed Aug 6 2014
  version 15.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname ROUTER
  boot-start-marker
  boot-end-marker
  no aaa new-model
  clock timezone EDT -8 0
  ip cef
  ip name-server 8.8.8.8
  no ipv6 cef
  multilink bundle-name authenticated
  license udi pid CISCO1941/K9
  object-group network Net_Obj_Group1 
   description This network group allows all 10.0.0.0 and Email Forwarder server through to the Plt PCs
   205.191.0.0 255.255.0.0
   10.0.0.0 255.0.0.0
  object-group network Net_Obj_Group2 
   description This Network Group includes the Host IPs allowed through the Plant Router
   host 10.194.28.23
   host 10.194.28.25
   host 10.194.28.26
   host 10.194.28.27
   host 10.194.28.28
   host 10.194.28.29
   host 10.194.28.37
   host 10.194.28.39
   host 10.194.28.40
   host 10.194.28.70
   host 10.194.28.130
   host 10.194.28.131
   host 10.194.28.132
   host 10.194.28.133
   host 10.194.28.134
   host 10.194.28.135
   host 10.194.28.136
   host 10.194.28.137
   host 10.194.28.138
   host 10.194.28.139
   host 10.194.28.140
   host 10.194.28.141
  interface Embedded-Service-Engine0/0
   no ip address
   shutdown
  interface GigabitEthernet0/0
   description Port Ge0/0 to IT Enterprise network Switch GE1/0/38
   ip address 10.194.28.111 255.255.255.0
   ip access-group 105 in
   ip access-group 106 out
   ip nat outside
   ip virtual-reassembly in
   shutdown
   duplex full
   speed auto
   no mop enabled
  interface GigabitEthernet0/1
   description Port to Plant PCN-K/L24 Sw1 Port 0/24
   no ip address
   duplex auto
   speed auto
   no mop enabled
  interface GigabitEthernet0/1.102
   description Port to VLAN 102
   encapsulation dot1Q 102
   ip address 192.168.102.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.104
   description Port to VLAN 104
   encapsulation dot1Q 104
   ip address 192.168.104.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.105
   description Port to VLAN 105
   encapsulation dot1Q 105
   ip address 192.168.105.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.106
   description Port to VLAN 106
   encapsulation dot1Q 106
   ip address 192.168.106.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.107
   description Port to VLAN 107
   encapsulation dot1Q 107
   ip address 192.168.107.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.111
   description Port to VLAN 111
   encapsulation dot1Q 111
   ip address 192.168.111.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.117
   description Port to VLAN 117
   encapsulation dot1Q 117
   ip address 192.168.117.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.121
   description Port to VLAN 121
   encapsulation dot1Q 121
   ip address 192.168.121.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.125
   description Port to VLAN 125
   encapsulation dot1Q 125
   ip address 192.168.125.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.150
   description Port to to VLAN 150
   encapsulation dot1Q 150
   ip address 192.168.150.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface GigabitEthernet0/1.999
   description Port to VLAN 999
   encapsulation dot1Q 999
   ip address 192.168.0.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip nat inside source static 192.168.102.201 10.194.28.23
  ip nat inside source static 192.168.121.201 10.194.28.25
  ip nat inside source static 192.168.106.251 10.194.28.26
  ip nat inside source static 192.168.107.245 10.194.28.27
  ip nat inside source static 192.168.102.251 10.194.28.28
  ip nat inside source static 192.168.150.201 10.194.28.29
  ip nat inside source static 192.168.107.179 10.194.28.37
  ip nat inside source static 192.168.111.201 10.194.28.39
  ip nat inside source static 192.168.105.201 10.194.28.40
  ip nat inside source static 192.168.106.21 10.194.28.70
  ip nat inside source static 192.168.107.146 10.194.28.130
  ip nat inside source static 192.168.107.156 10.194.28.131
  ip nat inside source static 192.168.107.161 10.194.28.132
  ip nat inside source static 192.168.107.181 10.194.28.133
  ip nat inside source static 192.168.107.191 10.194.28.134
  ip nat inside source static 192.168.106.202 10.194.28.135
  ip nat inside source static 192.168.106.212 10.194.28.136
  ip nat inside source static 192.168.117.190 10.194.28.137
  ip nat inside source static 192.168.117.100 10.194.28.138
  ip nat inside source static 192.168.106.242 10.194.28.139
  ip nat inside source static 192.168.125.100 10.194.28.140
  ip nat inside source static 192.168.125.99 10.194.28.141
  ip nat outside source static 10.194.28.23 10.194.28.23
  ip nat outside source static 10.194.28.25 10.194.28.25
  ip nat outside source static 10.194.28.26 10.194.28.26
  ip nat outside source static 10.194.28.27 10.194.28.27
  ip nat outside source static 10.194.28.28 10.194.28.28
  ip nat outside source static 10.194.28.29 10.194.28.29
  ip nat outside source static 10.194.28.37 10.194.28.37
  ip nat outside source static 10.194.28.39 10.194.28.39
  ip nat outside source static 10.194.28.40 10.194.28.40
  ip nat outside source static 10.194.28.70 10.194.28.70
  ip nat outside source static 10.194.28.130 10.194.28.130
  ip nat outside source static 10.194.28.131 10.194.28.131
  ip nat outside source static 10.194.28.132 10.194.28.132
  ip nat outside source static 10.194.28.133 10.194.28.133
  ip nat outside source static 10.194.28.134 10.194.28.134
  ip nat outside source static 10.194.28.135 10.194.28.135
  ip nat outside source static 10.194.28.136 10.194.28.136
  ip nat outside source static 10.194.28.137 10.194.28.137
  ip nat outside source static 10.194.28.138 10.194.28.138
  ip nat outside source static 10.194.28.139 10.194.28.139
  ip nat outside source static 10.194.28.140 10.194.28.140
  ip nat outside source static 10.194.28.141 10.194.28.141
  ip route 0.0.0.0 0.0.0.0 10.194.28.1
  access-list 105 permit ip object-group Net_Obj_Group1 object-group Net_Obj_Group2
  access-list 106 permit ip object-group Net_Obj_Group2 object-group Net_Obj_Group1
  dialer-list 1 protocol ip permit
  control-plane
  banner login ^CC
  Login banner for Plant Router #01^C
  banner motd ^CC
  MOTD Banner for Plant Router^C
  line con 0
   password XXXXXXXXX
   logging synchronous
   login
  line aux 0
  line 2
   no activation-character
   no exec
   transport preferred none
   transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
   stopbits 1
  line vty 0 4
   password XXXXXXXXX
   logging synchronous
   login
   transport input all
  scheduler allocate 20000 1000
  ntp server 10.199.100.92
  end
  Switch Config:
  sh ru
  Building configuration...
  Current configuration : 6513 bytes
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log datetime localtime show-timezone
  service password-encryption
  hostname K24Sw01
  boot-start-marker
  boot-end-marker
  no aaa new-model
  clock timezone EDT -5
  clock summer-time EDT recurring
  udld aggressive
  crypto pki trustpoint TP-self-signed-593746944
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-593746944
   revocation-check none
   rsakeypair TP-self-signed-593746944
    4B58BCE9 44
    quit
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface FastEthernet0
   no ip address
  interface GigabitEthernet0/1
   description Trunk port for vlans 105, 111, 125 and 999 from K24Sw01 port Ge0/1 to P22Sw01 port Ge0/24
   switchport trunk allowed vlan 105,111,125,999
   switchport mode trunk
  interface GigabitEthernet0/2
   description Trunk port for vlans 150 and 999 from K24Sw01 port Ge0/2 to N25Sw01 port Ge0/26
   switchport trunk allowed vlan 150,999
   switchport mode trunk
  interface GigabitEthernet0/3
   description Trunk port for vlans 102, 104, 106, 107, 117 and 999 from K24Sw01 port Ge0/3 to K28Sw01 port Ge0/26
   switchport trunk allowed vlan 102,104,106,107,117,999
   switchport mode trunk
  interface GigabitEthernet0/4
   description Trunk port for vlans 102, 106, 107 and 999 from K24Sw01 port Ge0/4 to H23Sw01 port Ge0/26
   switchport trunk allowed vlan 102,106,107,999
   switchport mode trunk
  interface GigabitEthernet0/5
   description Trunk port for vlans 121, 125 and 999 from K24Sw01 port Ge0/5 to M21Sw01 port Ge0/24
   switchport trunk allowed vlan 121,125,999
   switchport mode trunk
  interface GigabitEthernet0/6
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/7
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/8
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/9
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/10
   description VLan 102 access port
   switchport access vlan 102
   spanning-tree portfast
  interface GigabitEthernet0/11
   description - VLan 104 access port
   switchport access vlan 104
   spanning-tree portfast
  interface GigabitEthernet0/12
   description - VLan 105 access port
   switchport access vlan 105
   spanning-tree portfast
  interface GigabitEthernet0/13
   description - VLan 106 access port
   switchport access vlan 106
   spanning-tree portfast
  interface GigabitEthernet0/14
   description - VLan 107 access port
   switchport access vlan 107
   spanning-tree portfast
  interface GigabitEthernet0/15
   description - VLan 111 access port
   switchport access vlan 111
   spanning-tree portfast
  interface GigabitEthernet0/16
   description - VLan 117 access port
   switchport access vlan 117
   spanning-tree portfast
  interface GigabitEthernet0/17
   description - VLan 121 access port
   switchport access vlan 121
   spanning-tree portfast
  interface GigabitEthernet0/18
   description - VLan 125 access port
   switchport access vlan 125
   spanning-tree portfast
  interface GigabitEthernet0/19
   description - VLan 150 access port
   switchport access vlan 150
   spanning-tree portfast
  interface GigabitEthernet0/20
   description - VLan 999 access port
   switchport access vlan 999
   spanning-tree portfast
  interface GigabitEthernet0/21
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/22
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/23
   description OPEN
   spanning-tree portfast
  interface GigabitEthernet0/24
   description From ROUTER Gw ge0/1
   switchport trunk allowed vlan 102,104-107,111,117,121,125,150,999
   switchport mode trunk
  interface GigabitEthernet0/25
  interface GigabitEthernet0/26
  interface Vlan1
   no ip address
   no ip route-cache
   shutdown
  interface Vlan102
   ip address 192.168.102.253 255.255.255.0
  interface Vlan104
   no ip address
   no ip route-cache
  interface Vlan105
   no ip address
   no ip route-cache
  interface Vlan106
   no ip address
   no ip route-cache
  interface Vlan107
   no ip address
   no ip route-cache
  interface Vlan111
   no ip address
   no ip route-cache
  interface Vlan117
   no ip address
   no ip route-cache
  interface Vlan121
   no ip address
   no ip route-cache
  interface Vlan125
   no ip address
   no ip route-cache
  interface Vlan150
   no ip address
   no ip route-cache
  interface Vlan999
   no ip address
   no ip route-cache
  ip default-gateway 192.168.102.1
  ip http server
  ip http secure-server
  snmp-server engineID local 00000009020000019634C2C0
  snmp-server community public RO
  snmp-server location 
  snmp-server contact 
  banner motd ^CCC ADMIN USE ONLY! ^C
  line con 0
   session-timeout 10 
   password xxxxxx
   logging synchronous
   login
   stopbits 1
  line vty 0 4
   session-timeout 10 
   password xxxxxxx
   login
  line vty 5 15
   session-timeout 10 
   password xxxxxxxx
   login
  ntp server 10.199.100.92
  end
  K24Sw01#

  HI Mark,
  Here is the my config:
  Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface
  Router(config)#interface f0/0
  Router(config-if)#no shutdown
  (Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)
  Router(config)#interface f0/0.10
  Router(config-subif)#encapsulation dot1q 10
  Router(config-subif)#ip address 192.168.10.1 255.255.255.0
  Router(config-subif)#interface f0/0.20
  Router(config-subif)#encapsulation dot11 20
  Router(config-subif)#ip address 192.168.20.1 255.255.255.0
  (Note: In the “encapsulation dot1q 10″ command, 10 is the VLAN ID this interface operates in)
  Configure VLAN
  Switch(config)#vlan 10
  Switch(config-vlan)#name SALES
  Switch(config-vlan)#vlan 20
  Switch(config-vlan)#name TECH
  Set ports to access mode & assign ports to VLAN
  Switch(config)#interface range fa0/1
  Switch(config-if)#no shutdown
  Switch(config-if)# switchport mode access
  Switch(config-if)# switchport access vlan 15
  Switch(config-if)#interface range fa0/3
  Switch(config-if)#no shutdown
  Switch(config-if)#switchport mode access
  Switch(config-if)# switchport access vlan 20
  Switch(config-if)#interface range fa0/5
  Switch(config-if)#no shutdown
  Switch(config-if)#switchport mode trunk
  1. Please check all your port are up.
  2. Check the config once again.
  3. Make sure the swicth and router connection port configured as trunk and it should be up.
  This config is working for me,
  Regards
  Dont forget to rate helpful posts.

• Configuration Issue with my Cisco 871 Router

  Hi all,
  I am a newbie to the Cisco IOS.
  I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
  With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
  Below is my current config:
  Hoggers#show config
  Using 4414 out of 131072 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Hoggers
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 **********************.
  no aaa new-model
  crypto pki trustpoint TP-self-signed-568493463
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-568493463
  revocation-check none
  rsakeypair TP-self-signed-568493463
  crypto pki certificate chain TP-self-signed-568493463
  certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
  dot11 syslog
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1
  ip dhcp excluded-address 192.168.1.2
  ip dhcp excluded-address 192.168.1.3
  ip dhcp excluded-address 192.168.1.4
  ip dhcp excluded-address 192.168.1.5
  ip dhcp excluded-address 192.168.1.6
  ip dhcp excluded-address 192.168.1.7
  ip dhcp excluded-address 192.168.1.8
  ip dhcp excluded-address 192.168.1.9
  ip dhcp excluded-address 192.168.1.10
  ip dhcp excluded-address 192.168.1.100
  ip dhcp excluded-address 192.168.1.90
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     lease 0 2
  ip dhcp pool LANPOOL
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 41.212.3.2 41.212.3.253
  ip domain name yourdomain.com
  ip name-server 41.212.3.2
  ip name-server 41.212.3.253
  archive
  log config
    hidekeys
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description Wan to Outside World
  ip address 41.212.79.108 255.255.255.0
  duplex auto
  speed auto
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.1.1 255.255.255.0
  ip tcp adjust-mss 1452
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 41.212.79.1
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
  access-list 23 permit 10.10.10.0 0.0.0.7
  no cdp run
  control-plane
  scheduler max-task-time 5000
  end
  I'll appreciate any light you can shed on what am missing.

  2 wireless routers can not communicate wirelessly with each other.
  You need to connect cable between 2 routers and use the second wireless router as access point.
  Follow this link to connect Linksys router to another router.
  Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address.

• Switch/Router can only use PAP to communicate with IAS

  I was securing my switches to allow users to login using radius and notice that I have to set the IAS server to PAP for the Cisco equipment to authenticate. Is there an alternative to this since PAP is clear text.
  [ PC ]__SSH__[Switch]___PAP___[ IAS ]

  When using SSH to the switch for switch based authentication you need to
  enable PAP on the Radius policy.
  Telnet/SSH work on PAP only.
  Regards,
  ~JG
  Do rate helpful posts

• Transfer of VLANs through Cisco SOHO router 78 G.SHDSL

  Hi,
  I have one switch with more VLANs. I need to transfer these Vlans to secondary site through routers Cisco SOHO router 78 G.SHDSL. This situatioin is in attachment.
  I'm not sure if this is possible, because this router has only common ethernet ports.
  Probably I would need trunk ports on this router.
  Could you please help me to specify, which device could replace  Cisco SOHO router 78?
  Thank you.
  Best regards,
                           Vladislav

  My guess is that either ifIndex.2 or .3 corresponds to your SHDSL interface.  You should walk ifDescr to confirm.

• NPS Discarding RADIUS request from Cisco switch (802.1x)

  Last few weeks I've been busy to get the following to work:
  - Cisco 2960 switch as the suppliant
  - Another Cisco 2960 as the authenticator switch
  - The supplicant is only able to send MS-EAP MS-ChapV2 requests
  - The NPS server is Windows 2008 R2 (and also tested on 2012 R2)
  This is called "NEAT" by Cisco; which does seem to work with Cisco ISE (http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681-config-neat-cise-00.html)
  but I'd like to get it to work with Windows NPS.
  Within NPS I've setup the following Connection Request policy:
  - NAS Port Type: Ethernet
  I'm using the following Network Policy:
  - User Group: DOMAIN\Switches (the useraccount used by the switch is part of this group)
  - NAS Port Type: Ethernet
  - Autehntcation Type: EAP
  Now the request sent by the switch is discarded. The actual error is the following (excluded irrelevant information):
  User:
  Account Name: Rotterdam-Switch-8-1
  Account Domain: DOMAIN
  Authentication Details:
  Connection Request Policy Name: Secure Wired Connections
  Network Policy Name: Switches Allowed
  Authentication Provider: Windows
  Authentication Server: SERVER.DOMAIN.local
  Authentication Type: EAP
  EAP Type: -
  Account Session Identifier: -
  Reason Code: 1
  Reason: An internal error occurred. Check the system event log for additional information.
  Wireshark on the NPS server shows:
  1. The RADIUS Access-Request (1) being received by the NPS Server
  2. The NPS Server sending out a RADIUS Access-Challenge (11) to the authenticator switch
  3. Another RADIUS Access-Request (1) is beging received by the NPS Server
  Packet 2 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 1 (Challange)
  Packet 3 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 2 (Response)
  I've also tried the following:
  - I've also tested with an invalid username/password. The request is correctly denied
  - I've also tested by added ALL EAP Types as condition to the Network Policy. The request isn't pickup by this policy anymore.
  Any help would be greatly appriciated ofcourse.
  Kind regards,
  Peter

  It only took like.. uhm.. forever.. but there's an answer which is "OK ish..".
  Cisco 2960 switches support EAP-MSCHAP; but it seems that NPS only supports EAP-MSCHAP for VPN Connections and not for Wired/Wirelss authentication. Something to do with inner and outer methods and NPS requireing PEAP as an outer method for Wired/Wirelss
  authentication.
  End result is that both the Cisco switches and NPS do support EAP-MD5. Though it's definitly not as secure (at all), it's definitly a step in the right direction and it's something that we'll be implementing.
  Now it seems that NPS doesn't support EAP-MD5 (which is supposidly depricated), it's possible to re-enable it. Using the following articles.
  http://support.microsoft.com/kb/922574/en-us
  Microsft mentioned me that "Though this article says it applies to Windows Vista only, it does apply to Server 2008R2 as well. Also I would suggest you the following link:
  http://support.microsoft.com/kb/981190"
  Please note that you'll have to enable 'Store password using reversible encryption’  on the accounts that will be used for NEAT authentication.
  All though I would have hoped EAP-MSCHAPv2 would work, I feel I do need to clarify that I understand Microsoft's point of view on this as well. They feel EAP methods without PEAP are simply not safe; which is understandable, espcially for EAP-MD5 which
  could be sniffer using a hub/repeater/etc.
  Kind regards,
  Peter

• DACL does not get downloaded to Cisco Switch from ISE

  Hello,
  I have a cisco switch with ios: c3550-ipbasek9-mz.122-44.SE6.bin
  I am trying to push dACL fro my ISE device into the switch, but it is not getting applied to switch.   dynamic vlan assignment workds fine, but dACL doesnot apply
  Any instruction plz?

  Hi Jatin,
  ISE is properly configured for dACL,   i think there is some compatibility issue on cisco switch ios.
  following is the debug output>>
  06:36:43: dot1x-packet:Received an EAP packet on interface FastEthernet0/11
  06:36:43: EAPOL pak dump rx
  06:36:43: EAPOL Version: 0x1  type: 0x0  length: 0x0006
  06:36:43: dot1x-packet:Received an EAP packet on the FastEthernet0/11 from mac 0019.b981.e812
  06:36:43: dot1x-sm:Posting EAPOL_EAP on Client=1D68028
  06:36:43:     dot1x_auth_bend Fa0/11: during state auth_bend_request, got event 6(eapolEap)
  06:36:43: @@@ dot1x_auth_bend Fa0/11: auth_bend_request -> auth_bend_response
  06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_enter called
  06:36:43: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0019.b981.e812
  06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_response_action called
  06:36:43: RADIUS/ENCODE(00000049):Orig. component type = DOT1X
  06:36:43: RADIUS(00000049): Config NAS IP: 192.168.2.250
  06:36:43: RADIUS/ENCODE(00000049): acct_session_id: 73
  06:36:43: RADIUS(00000049): sending
  06:36:43: RADIUS(00000049): Send Access-Request to 192.168.2.231:1812 id 1645/99, len 267
  06:36:43: RADIUS:  authenticator 5B 61 1D 64 D3 D5 9F AD - 23 E0 11 11 B3 C3 5C 81
  06:36:43: RADIUS:  User-Name           [1]   6   "test"
  06:36:43: RADIUS:  Service-Type        [6]   6   Framed                    [2]
  06:36:43: RADIUS:  Framed-MTU          [12]  6   1500
  06:36:43: RADIUS:  Called-Station-Id   [30]  19  "00-11-5C-6E-5E-0B"
  06:36:43: RADIUS:  Calling-Station-Id  [31]  19  "00-19-B9-81-E8-12"
  06:36:43: RADIUS:  EAP-Message         [79]  8
  06:36:43: RADIUS:   02 7A 00 06 0D 00                 [ z]
  06:36:43: RADIUS:  Message-Authenticato[80]  18
  06:36:43: RADIUS:   A6 AB 5A CA ED B8 B4 1E 36 00 9D AB 1A F6 B9 E0                [ Z6]
  06:36:43: RADIUS:  Vendor, Cisco       [26]  49
  06:36:43: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A802FA0000006F016B36D8"
  06:36:43: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
  06:36:43: RADIUS:  NAS-Port            [5]   6   50011
  06:36:43: RADIUS:  NAS-Port-Id         [87]  18  "FastEthernet0/11"
  06:36:43: RADIUS:  State               [24]  80
  06:36:43: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43  [37CPMSessionID=C]
  06:36:43: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30  [0A802FA0000006F0]
  06:36:43: RADIUS:   31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F  [16B36D8;35Sessio]
  06:36:43: RADIUS:   6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31  [nID=ise-server-1]
  06:36:43: RADIUS:   2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B    [ /171025988/24;]
  06:36:43: RADIUS:  NAS-IP-Address      [4]   6   192.168.2.250
  06:36:43: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to up
  06:36:43: RADIUS: Received from id 1645/99 192.168.2.231:1812, Access-Challenge, len 1134
  06:36:43: RADIUS:  authenticator 78 36 A3 38 30 1C F0 7A - 19 83 93 81 B4 6B FF 9E
  06:36:43: RADIUS:  State               [24]  80
  06:36:43: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43  [37CPMSessionID=C]
  06:36:43: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30  [0A802FA0000006F0]
  06:36:43: RADIUS:   31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F  [16B36D8;35Sessio]
  06:36:43: RADIUS:   6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31  [nID=ise-server-1]
  06:36:43: RADIUS:   2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B    [ /171025988/24;]
  06:36:43: RADIUS:  EAP-Message         [79]  255
  06:36:43: RADIUS:   4D 5D 13 47 FC 46 16 EE 62 76 40 09 77 48 31 B6 01 6B 5E 52 33 56 A2 1E 34  [M]GFbv@wH1k^R3V4]
  06:36:43: RADIUS:   02 32 39 FA 4D CA 79 18 4A 42 A2 4E 5C BD AE 29 D2 3D D1 5A FC C2 ED 3E E5 FB C6 B8 D8 DE A8 75 EB 3A A5 7D 02 03 01 00 01 A3 81 CD 30  [29MyJBN\)=Z>u:}0]
  06:36:43: RADIUS:   81 CA 30 0B 06 03 55 1D 0F 04 04 03 02 01 86 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 C4 56 80 A7 C9 18 50 92 EE CC 91 D4 E1 EC DB AD E7 1E 70 A8 30 79 06 03 55 1D 1F 04 72 30 70  [0U0U00UVPp0yUr0p]
  06:36:43: RADIUS:   30 6E A0 6C A0 6A 86 32 68 74 74 70 3A 2F 2F 73 79 73 6C  [0nlj2http://sysl]
  06:36:43: RADIUS:   6F 67 2D 73 65 72 76 65 72 2F 43 65 72 74 45 6E  [og-server/CertEn]
  06:36:43: RADIUS:   72 6F 6C 6C 2F 46 4D 46 42 5F 54 72 75 73 74 65  [roll/FMFB_Truste]
  06:36:43: RADIUS:   64 43 41 2E 63 72 6C 86 34 66 69 6C 65 3A 2F 2F 5C  [dCA.crl4file://\]
  06:36:43: RADIUS:   5C 73 79 73 6C 6F 67 2D 73 65 72 76 65 72 5C 43  [\syslog-server\C]
  06:36:43: RADIUS:   65 72 74 45 6E 72 6F 6C 6C 5C 46 4D 46 42 5F 54  [ertEnroll\FMFB_T]
  06:36:43: RADIUS:   72 75 73 74 65 64 43 41 2E         [ rustedCA.]
  06:36:43: RADIUS:  EAP-Message         [79]  251
  06:36:43: RADIUS:   63 72 6C 30 10 06 09 2B 06 01 04 01 82 37 15 01 04 03 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 63 BA F8 CE D5 8B 0E 94 77 AE 86 6C 37 AB 2F 36 9A B2 85 D5 4A  [crl0+70*Hcwl7/6J]
  06:36:43: RADIUS:   74 8C 33 F5 93 06 A6 57 8D 39 56 8F 02 08 97 CB C6 08 70 8C 22 1E 5D 1F A8 26 6D 60 1F 05 62 D1 24 AB 03 8C 41 F8 1C F1 F8 C2 87 8B 97 02 71 FC 6A  [t3W9Vp"]&m`b$Aqj]
  06:36:43: RADIUS:   EB 12 FC DD 8C 5C 9C 2D AF D2 C4 1C 18 1B 40 BE 78 B0 54 55 59 89 03 1B B7 FB 91 85 EE CA C0 18 1C 78 5D 4D BA FA 9E 44 D3 45 53 A3 BE 46 8A FB 81 BD F1 4C B3 3B  [\-@xTUYx]MDESFL;]
  06:36:43: RADIUS:   D6 66 7E 5B 79 9F 83 53 5E 49 92 B5 7F E5 1A E2 86 8C 83 96 7D 75 A5 1D 08 4E 32 C3 5E EC BF 28 53 EC 53 8A C3 E0 36  [f~[yS^I}uN2^(SS6]
  06:36:43: RADIUS:   82 EE AA 0D 38 3E BA 9C 1D D9 24 BD 48 A6 EE 44 BD 95 68 85 CA 8C 44 F8 E8 A2 FB 94 BC 6F 7C F2 06 91 6C A0 A6 BB 7B 7F 56 BD 15 32 A4     [ 8>$HDhDo|l{V2]
  06:36:43: RADIUS:  Message-Authenticato[80]  18
  06:36:43: RADIUS:   DD 82 F7 10 3F C7 B5 62 9B 2A BB 24 16 A7 59 33            [ ?b*$Y3]
  06:36:44: RADIUS(00000049): Received from id 1645/99
  06:36:44: RADIUS/DECODE: EAP-Message fragments, 253+253+253+249, total 1008 bytes
  06:36:44: dot1x-packet:Received an EAP request packet from EAP for mac 0019.b981.e812
  06:36:44: dot1x-sm:Posting EAP_REQ on Client=1D68028
  06:36:44:     dot1x_auth_bend Fa0/11: during state auth_bend_response, got event 7(eapReq)
  06:36:44: @@@ dot1x_auth_bend Fa0/11: auth_bend_response -> auth_bend_request
  06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_exit called
  06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_enter called
  06:36:44: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x7B length: 0x03F0 type: 0xD  data: @Cfui[ab2,Jt1){                                                                                                                              2]g&GZ1pIbu;+Ga;iF"jy#
  oohuV.aFZ4_|
  P0`At   )B
  06:36:44: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
  06:36:44: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
  06:36:44: RADIUS:  Message-Authenticato[80]  18
  06:36:44: RADIUS:   F5 B0 56 D3 C6 87 BD 10 6E C7 4A 72 5B 5C 60 C5           [ VnJr[\`]
  06:36:44: RADIUS:  Vendor, Cisco       [26]  49
  06:36:44: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A802FA0000006F016B36D8"
  06:36:44: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
  06:36:44: RADIUS:  NAS-Port            [5]   6   50011
  06:36:44: RADIUS:  NAS-Port-Id         [87]  18  "FastEthernet0/11"
  06:36:44: RADIUS:  State               [24]  80
  06:36:44: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43  [37CPMSessionID=C]
  06:36:44: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30  [0A802FA0000006F0]
  06:36:45: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
  06:36:45: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
  06:36:45: dot1x-registry:registry:dot1x_ether_macaddr called
  06:36:45: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/11
  06:36:45: EAPOL pak dump Tx
  06:36:45: EAPOL Version: 0x2  type: 0x0  length: 0x0039
  06:36:45: EAP code: 0x1  id: 0x7E length: 0x0039 type: 0xD
  06:36:45: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0019.b981.e812)
  06:36:45: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_request_action called
  06:36:46: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
  06:36:46: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
  06:36:46: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
  06:36:46: EAPOL pak dump rx
  06:36:46: EAPOL Version: 0x1  type: 0x0  length: 0x0006
  06:36:46: dot1x-ev:
  dot1x_auth_queue_event: Int Fa0/11 CODE= 2,TYPE= 13,LEN= 6
  06:36:46: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/11
  06:36:46: dot1x-ev:Received pkt saddr =0019.b981.e812 , daddr = 0180.c200.0003,
                      pae-ether-type = 888e.0100.0006
  06:36:46: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Fa0/11 is TRUE