Help to configure 2911 router
Hi All,
My company recently order a new circuit for our VoIP use and we have a Cisco 2911 router.
The new circuit is terminated with a ethernet handoff. I have never configure a router direct connect to ISP circuit before, please help!
Following details is give by the ISP:
WAN IP
IPv4 Network Address: X.X.6.204/30
IPv4 Customer Address: X.X.6.206/30
IPv4 PE Interface Address: X.X.6.205/30
LAN IP
IPv4 Static Routing : X.X.159.0/29
Default GATEWAY: X.X.159.1
Available Addresses: X.X.159.2 - X.X.159.6
Subnetmask: 255.255.255.248
VLAN Tagging :Transparent
DNS Server: 198.6.100.6, 198.6.1.125
Hi,
On the circuit (interface) connecting to your provider you need to add this IP
X.X.6.206/30
example:
interface f0/0
ip address X.X.6.206 255.255.255.252
no sh
On the interface connecting to your lan you need to add this IP:
X.X.159.1
example:
interface f0/1
ip address X.X.159.1 255.255.255.248
no sh
below range is used for your LAN side (PC, server, etc..) with default gateway being X.X.159.1 255.255.255.248
X.X.159.2 - X.X.159.6
HTH
Similar Messages
-
HELP FOR CONFIGURATION BROADBAND ROUTER TENDA W311...
I have one BROADBAND ROUTER TENDA W311R, but I can not make the right configuration to use it.
Could someone help me?alekurkova wrote:
I have one BROADBAND ROUTER TENDA W311R, but I can not make the right configuration to use it.
Could someone help me?
That router cannot be used with ADSL, only Infinity, provided you have an Openreach modem.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Help required in configuring multicast routing
Hi,
We have two 2 servers and 200 clients.
2 servers are in one vlan, 200 clients are in another vlan.
first server will send data to second server with multicast address 234.5.6.7
second server will send data to 200 clients with multicast address 234.5.6.8
first server is able to send data to second server.
but second server is not able to send data to clients.
If we put clients in same vlan, second server is able to send data to clients.
So we understood that multicast routing needs to be enabled in L3 switch.
Switch Model: 3550
IOS version: 12.1(19)EA1a
Any help in configuration required for this.........
Regards
SKRAOHi Skrao,
Does your client vlan and server vlan exist on same layer 3 switch if yes then perform this config and it should work..
On global config mode
ip multicast-routing distributed
On interface vlan config (for both client vlan and server vlan)
ip pim sparse-dense-mode
You can very well fine tune later.Try this and update if it worked.
HTH
Ankur -
Please help me in configuring a router!
Hi! I have to configure a new router with a static route. No routing protocol will be used. Since, I'm a budding Network aspirant i do not know much about things. My senior Network Engineer has asked me to configure this router. There's an apartment where our Overseas employees stay, earlier this apartment had a broadband connection which was further divided through the APs(Cisco Wireless Access Points) and made usable to around 20 users. Now, they have bought in their own lease line and I have to configure this router. Please help me doing this as I'm not aware of anything else apart from what I have written here. Thanks a ton in advance!
Hello,
You should provide some info so that people can figure out what do you want to do. For example, what kind of leased-line is it? L2 or L3? Is it like a cable connecting two sites from your company or is there any router in between from your leased-line provider...?
For what you say, the easiest thing would be to configure a default route to the other end of the leased line and voilà.
Otherwise, you can always ask your senior Network Engineer to configure it (him/her)self or ask for help to him/her.
Regards,
Reg. -
Ip SLA failover config not working need help urgent cisco 2911 K9 router
Hi,
I am setting up failover wan for one of my cient and seems everything i have configured correctly but its not working. For track i am using google DNS ip 8.8.8.8 and 8.8.4.4 where if i ping 8.8.8.8 from router it pings but not 8.8.4.4. I I think because 8.8.4.4 no pinging so router does not jump if primary gigabitethernet0/0 down.
Not sure what i am doing wrong. Please find below config details:
-------------------------------------------config-----
username admin privilege 15 password 7 XXXXX
redundancy
track 10 ip sla 1 reachability
delay down 5 up 5
track 20 ip sla 2 reachability
delay down 5 up 5
interface GigabitEthernet0/0
ip address 122.160.79.18 255.0.0.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 182.71.34.71 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/2
description $ES_LAN$
ip address 200.200.201.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source route-map giga0 interface GigabitEthernet0/0 overload
ip nat inside source route-map giga0 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 track 10
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 track 20
ip route 8.8.4.4 255.255.255.255 GigabitEthernet0/1 permanent
ip route 8.8.8.8 255.255.255.255 GigabitEthernet0/0 permanent
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.4.4 source-interface GigabitEthernet0/1
frequency 10
ip sla schedule 2 life forever start-time now
access-list 100 permit ip any any
access-list 101 permit ip any any
route-map giga0 permit 10
match ip address 100
match interface GigabitEthernet0/0
route-map giga1 permit 10
match ip address 101
match interface GigabitEthernet0/1
control-plane
------------------------------------------config endHello,
as Richard Burts state correct the nat configuration is not right. But the ICMP echo request for the IP SLA is traffic, which is generated from the router with a source-interface specified. There shouldn't be any NAT operation at all, or? Iam using IP SLA for two WAN connections too, but I can't recall ever seen an entry for the icmp operation in the output of sh ip nat trans.
To me the static route configuration looks wrong too. As far as I remember it's necessary to specify a next-hop address (Subnet/mask via x.x.x.x) on Multiple Access Broadcast Networks like ethernet, otherwise the Subnet appears as directly connected on the routing table. The configuration "ip route subnet mask <outgoing interface> only works correct for p2p links. With the configuration above i would say there is no routing at all possible except for "real" direct attached networks. Vibs said it's possible to reach the google dns 8.8.8.8 but not the second one 8.8.4.4. I verified that 8.8.4.4 usually answers to ICMP echo-request.
My guess is that the next hop for the gig 0/0 interface has proxy arp enabled but the next hop for the gig0/1 interface hasn't proxy arp turned on.
kind regards
Lukasz -
2911 router - Netflow V5 through GRE Tunnels
Hi All,
Does the 2911 router support the ability for Netflow V5 to pass through GRE tunnels? I can't seem to find any documentation that indicates this.
Thanks,
GurjinderIf you are going to use a GRE tunnel as the flow export interface from the router exporting NetFlow, it will not work. Cisco bug IDs for this issue are CSCsk25481 and CSCef28662 and is applicable to both traditional and flexible NetFlow.
To allow NetFlow export from a device through an encrypted tunnel on the same device, enable Flexible NetFlow and use the command output-features when configuring your flow exporter. That will allow NetFlow export over encrypted tunnels.
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate posts and close questions if you have found the answers helpful. -
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
Well ... I just spent a wonderful hour and a half (not) bouncing around VZ technical support, etc. trying to get assistance regarding configuring my DSL router.* Between the low-quality Skype connection to India and my lack of success, I'm a little bummed out right now.
Could one of you perhaps help me? I'm trying to configure a single, wire-attached network node (port 4 of the router) so that it can only consume up to 320 Kbps of my 750 Kbps (7.5 Mbps) DSL bandwidth ... no matter what. This results from this node consuming virtually all of the circuit's bandwidth when streaming or during bulk file transfers.
I have tried to remedy the problem using priority with no discernible impact.
The Quality of Service (QoS) element called Traffic Shaping (Services | QoS | Traffic Shaping), described on Page 51 of the VZ DSL-2750B User Manual , appears to be the ideal solution to my problem. Repeated attempts at activating this QoS have all resulted in no throttling of bandwidth consumption.
My most recent attempt was to define the device on Port 4 as the DMZ host ... and then apply a new rule (320 TX, 320 RX) to this interface. Again, no joy.
Does anyone have any experience with this service on this router?
Am I chasing my tail trying to configure the router without validating that my circuit is not configured with "Fastpath (PSE) inactive"?
If the circuit configuration is a potential problem, which office should I ask for at VZ customer service?
Here is the information from the System page of the Router Control Panel:
Gateway ID: PX2M1BC000000
Software Version: 5.4.12.1.44
Release Date: Feb 19 2012
Platform: D-Link DSL-2750B
Board Tag:... Ntag-5_4_12_1_44
Compilation Flags:... LIC=/home/bat/bat/dlink_bcm96328_5_4_12_1/20120219_1343/conf/jpkg_bcm9636x_dlink.lic CONFIG_RG_PROD_IMG=y DIST=DLINK_DSL2750B
I'll note that the Router provides a notification that "RX QOS might not operate when Fastpath (PSE) is active" when I update the router configuration page concerning Traffic Shaping. Because Fastpath is not mentioned in the User Manual, I'm guessing that Fastpath (PSE) might be a configurable attribute of the circuit servicing my PoP, but I have no idea if this is the case.
I searched for relevant messages on this board ... without success. If this has already been addressed, please provide a link, and accept my apologies. (My Google-Fu tends to be weak.)The asterisk in the first post refers to the following summary of events:
10:40 - Attempt to solve my configuration question using VZ chat begins.
10:49 - VZ chat agent Danish refers me to phone support. (Chat ID number is 020813176471 if you're with VZ and are interested.)
10:50 - Call VZ phone support.
11:02 - Talk with Angel. Because she has not heard of, nor received training in, "traffic shaping," she says my question about configuring this VZ DSL modem must be addressed by "Premium Technical Support." She transfers me.
11:13 - Talk with Pamela. Premium Technical Support only responds to questions about 3d party products. Because my question concerns a VZ DSL modem, Basic Technical Support is responsible. She transfers me.
11:17 - Talk with Joe. He says either the vendor (D-Link) or premium technical support is required. Because I had already tried with D-Link (they referred me to Verizon, as this modem was built exclusively for VZ), I explained what I had already experienced, and described how I wanted "assistance configuring my VZ DSL modem, specifically a feature described on page 51 of the User Manual." He transfers me.
11:23 - The automated phone system asks for my 12-digit customer ID. I wasn't able to find it fast enough, and rolled through to Financial Services. Eventually Trig picked up, listened to my story, and transferred me to "Technical Support" providing the direct dial number, just in case (866.945.79xx).
11:32 - Entered the phone queue. Lots of hissing and clicks.
11:35 - Talk with Monika. (The voice clarity from this point onward was on the order of 1st-generation Skype. Between the horrible language problem -- Monika is in India don'cha know -- and the lousy line quality, this was the most frustrating.) No matter what I said, I couldn't convey the reason for my call. I asked to talk with a supervisor, which Monika related was not possible. She also related that she could not transfer me to an American POC or supervisor.
12:01 - Hung up the phone ... and started down the path that led to my post immediately above.
I was repeatedly queried about the account name and number throughout the process. Conveying this information was especially challenging during the Indian call segment. -
I have a PC and a need help to configure my external hard disk on my network. Thanks
I have a PC and a need help to configure my external hard disk on my network. Thanks
If you mean you wish to plug a USB drive into the Airport Extreme router (or TC not express) that is easy..
The disk must be formatted FAT32.. as if.. stay away from FAT .. or HFS+ ie Mac OS extended Journaled.
Format the disk on a Mac is best.. and even use GUID partition scheme not MBR.
The PC has no issue writing and reading files because this is a network drive.. The PC does not write to the drive.. it writes files to the Airport OS which writes and reads the disk and passes the info using standard windows SMB.. To the windows computer it will be a Windows NT server.. FAT32 setup.
If your setup is different.. to my hugely guessed assumptions.. give details.. always helps to have.. make and model.
Make and model of disk.. make and model of router.. how the setup will be done.. what windows OS you run.. etc etc.
As it stands your question could have nothing to do with apple at all.. other than you posted in a forum so I guess there is something apple in there somewhere. -
airport extreme software will not install on vista, how can i still configure the router? Trying to help someone with vista get an airpot extreme configured. 10.0.1.1 does not work, the software will not install correctly on their vista machine. How can I get into the base tation and lock it down?
Hi - Vista can be tricky - I need more info to see if I can be of some help - first, is the Vista machine a desktop or a laptop and is it fully up to date with Windows Update (sp2 or higher)? - next, are you trying to install Airport Utility version 5.5.3 which is the correct one for Vista? - and finally, what do you mean "it will not install" - what kind of error messages or evidence are you getting?
-
It says I cannot reconfigure my router to MAC OS X 10.9.4 but it can do so with a MAC OS X 10.5.8, MAC OS X 10.6.1, and/or a MAC OS X 10.7 or later operating system. How is it even possible that my MAC OS X 10.9.4 is later than MAC OS X 10.7 model but unable to configure the router?
Can anyone help me with my dilemma?NicoleDianneAgnes wrote:
... I haven't yet gotten rid of the old computer, ...
That is good News...
From your OLD computer...
Copy your ENTIRE iTunes FOLDER to an External Drive... and then from the External Drive to your New Computer..
Full Details Here > http://support.apple.com/kb/HT1751
Also... Have a look at these 2 Videos...
http://macmost.com/moving-your-itunes-library.html
http://macmost.com/moving-your-itunes-media-to-an-external-drive.html -
Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
keyring ISR_Keyring
self-identity user-fqdn [email protected]
match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overloadHow does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post. -
Please help me configure authentic connection with Caller ID via ISDN 30B+D using Cisco ACS
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Hi all
I have set up a dial up connection between to PC's at remote site and center. It using ISDN 30B+D which is configured on Router 3845. Currently I have configured authentic connection with username and password using Cisco ACS. To enhance the security configuration I want to authenticate both the phone number which dialup with Cisco ACS. And currently I have not done this. Please help me solve this problem.
Thanks so much
Longn1) I deleted bridge-utils, netcfg
2) I edited /etc/hostapd/hostapd.conf:
interface=wlan0
#bridge=br0
edited /etc/dnsmasq.conf:
interface=wlan0
dhcp-range=192.168.0.2,192.168.0.255,255.255.255.0,24h
and edited /etc/rc.local:
ifconfig wlan0 192.168.0.1 netmask 255.255.255.0
ifconfig wlan0 up
3) I added in autostart these daemons: hostapd, dnsmasq and iptables.
Profit! -
Cisco 2911 router interface hangs
dears,
Please note that the LAN interface (GigabitEthernet0/2) on our 2911 router is hanging. the interface stays up/up but is not reachable and stops passing traffic. the issue is temporary resolved after putting the interface in default configuration and reapplying back the configuration.
shut/no shut and router reload does not resolve the issue.
interface GigabitEthernet0/2
description connected to LAN
ip address 10.1.184.2 255.255.255.0
ip nat inside
ip inspect mea in
ip virtual-reassembly in
standby 1 ip 10.1.184.1
standby 1 priority 110
standby 1 preempt
standby 1 track 100 decrement 50
load-interval 30
duplex auto
speed auto
IOS used: c2900-universalk9-mz.SPA.151-4.M8.bin
Please advise.
thank you in advance.Hi Richard.
Normal interface state.
Gi 0/0 UP
GI 0/1 Admin Down
Gi 0/2 Admin Down
Fast 0/0/0 Up
Fast 0/0/1 Up
The routers works normally , lines ok, and devices attached ok, without any reason, no problems in lines PtP , no power problems, lost the connectivity, the only way to restore the connectivity is with a router reset.
The Gi 0/0 connect to the LAN local:
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 4c00.827f.3de0 (bia 4c00.827f.3de0)
Description: "LAN LOCAL"
Internet address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 564000 bits/sec, 98 packets/sec
5 minute output rate 303000 bits/sec, 75 packets/sec
2120530 packets input, 802569322 bytes, 0 no buffer
Received 19268 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1277 multicast, 0 pause input
2304826 packets output, 1883365124 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
845 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
And the device conected to this interface is a WS-C3750X-24P (with this example, i have the problem in four routers), with a cat5e wired, no problems was reported in the ws-C3750X-24P.
In my case when the router is reset, recovered the normal operation
More input:
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FCZ17397055
4 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
System image file is "flash0:c2900-universalk9-mz.SPA.152-1.T4.bin"
Thanks in advance.
David. -
Need help regarding Cisco 1841 Router
hello everyone , i am need of help regarding configuring of FE 0/1 port. our company have a cisco 1841 router. The serial 0/0/0 is connected with VSAT for internet. The FE 0/0 is connected to switch(LAN) through which net connectivity is provided to all users. Recently a new VSAT has been installed at our site,with different IP series. So every time we want to switch between the two net connectivity we need to change the entire IP configuration of all users, which in turn prohibits the users from accessing the printers,data servers etc which are been set to our existing IP series. So, my idea was to configure the FE 0/1, so that just by changing the DNS will help us providing internet along with all other devices without changing the entire IP series. The new VSAT modem has a lan cable which can be connected to FE 0/1. Can any one help out in solving the problem. Our existing IP series is 192.168.3.1..... and the new VSAT series is 10.205.74.1......
Bao
Do I understand correctly that you will have 20 remote users who will telnet to the 2511 and from the 2511 will use reverse telnet to access the console of router1, router2, router3, etc which have their console ports connected to async ports of the 2511? If that understanding is correct then the firewall only needs to open TCP port 23 for telnet. The other ports (2001, 2002, etc) are between the 2511 and router1, router2, etc and will not be seen by the firewall. If my understanding is not correct then please clarify.
I do not believe that you will find an image for the 2500 that supports SSH.
HTH
Rick
Maybe you are looking for
-
I have $0.66 in the US Mac App Store and I want to change my country to Canada. Unfortunately MAS keeps telling me that I want to spend all the money in my account before I can change my country. Please help
-
BAPI_BUPR_RELATIONSHIP_CREATE ??
Hello experts , I need to upload the data to BP transaction using bapi BAPI_BUPR_RELATIONSHIP_CREATE. I have some fields like department telephone extension fax email which also needs to be uploaded . But these feilds are not there in IMPORT PARAMETE
-
I'm trying to figure out how I to get a Mac running OS X 10.9, with iCloud Keychain enabled, to *not* automatically connect to WiFi, even if the WiFi radio is turned on and a known network is reachable. The lack of a simple 'disconnect' feature in OS
-
Set env var(FORMS_PATH) in default.env
Thanks in advance to all: My question is: Can I set var FORMS_PATH in Linux environment as: FORMS_PATH=/u01/oracle/ora_midtier/forms: FORMS_PATH=$FORMS_PATH:/Forms10g/Source_Appl/Web/Menu or in different way (%FORRRXXXX%) Thanks again
-
SA_MAGIC header corrupt on ZFS causing kernel panic in S11.1 SRU5.5
I have a number of Sun Fire x4500s and x4540s running S11.1 SRU5.5. One of the x4540s has recently started kernel panicking within minutes of powering on and sharing its file systems over NFS (it provides user directories for a computing cluster). If