Help with ios LDAP setup for VPN access

Similar Messages

• Need Help With ACS LDAP setup to Query AD

  I have 2 Win 2003 ADs, one of them is configured and working under Windows Database (using remote agent) configuration. I am trying to setup the second AD with Generic LDAP setup. I want to know what exactly I should use in the fields UserObjectType and Class, and GroupObjectType and Class for Windows 2003 AD. All Cisco documents give example of Netscape LDAP syntax. I was told by our server admin. what to put under Admin DN, CN=myid,OU=mygroup,OU=myorg,DC=mydomain,DC=com
  I have both user & group directory subtree fields filled with DC=mydomain,DC=com.
  I am using the ip address for Primary LDAP server, and port is 389, LDAP version 3 is checked.
  Is any of these DC, OU, etc. case sensitive?
  With all entries that I have tried, when I go to map a group, I am getting error "LDAP server NOT reachable. Please check the configuration". My ACS can ping the domain controller's IP address fine.
  Please help. Thank you in advance,
  Murali

  Murali,
  These references may help...
  http://download.microsoft.com/download/3/d/3/3d32b0cd-581c-4574-8a27-67e89c206a54/uldap.doc
  http://www.microsoft.com/technet/archive/winntas/plan/dda/ddach02.mspx?mfr=true
  http://technet.microsoft.com/en-us/library/aa996205.aspx
  Regards,
  Richard

• Help with Proper DNS Setup for Leopard Standard Server Setup

  Hello All,
  Problem Description-
  I was reviewing some training today on DNS setup and checking for proper setup with the sudo changeip - checkhostname tool and I seem to have an incorrectly configured DNS setup. So I need some help on correcting it. When I go to the "Server Preferences" tool I cannot log in using apple.ourdomainname.com instead in order to use the tool I have to input localhost as the server name. Now I just thought that the system was broken or something and with the help of my training I now see it's a DNS problem. I thought I had everything proper since I followed the steps of creating proper DNS/RDNS entries with my ISP. Now I am stuck wondering what else isn't working properly due to the DNS issue. Thanks in advance.
  Technical Info-
  My ISP provides us with 5 static IP's and we have asked them to create entries and verified the setup of apple.ourdomainname.com = x.x.x.x which is one of our public IP's assigned currently assigned to the WAN port of our Apple Airport Extreme. We have also had them create a PTR record which also is present, verified and functional. Our MacMini running 10.5.5 is connected directly to one of the ethernet ports on our Apple Airport Extreme which is our NAT/Firewall for the LAN. So during the setup of the Standard Server install the OS configured the Airport with the required ports for chat/web/vpn. And mobile Mac's can VPN in and gain folder access and web works fine too. We don't use the e-mail portion so I can't say how that works. The server is using the DNS of 10.0.200.1 which is the IP of the Airport and the airport is programmed with the DNS of OpenDNS servers 208.67.222.222 and 208.67.220.220. The reason for this whole long shpeal is that I want to give as much technical background as possible for the best possible help.
  Thanks
  DM

  What happens when you use 'Localhost' instead of 'localhost' (i.e. capitalizing the 'L')?

• Help with project/folder setup for new flex project??

  Hello all,
    I need help deciding how to set up my projects for a new flex application we're developing.
  We have an in-house custom java/jsp "framework". This framework has JSP pages for administering applications that are built using this framework. One part of the framework generates all java base and model objects from our database tables to be used in the new application.
  The new application will have a back-office part (Adobe AIR) and a web facing part (Adobe Flex).  Both the AIR and Flex parts of the application need to access the java model objects via AS3 classes (I believe I'll do this using remoteobject).
  My questions are as follows:
  After I create the base and model AS3 classes that remoteobject with the java classes can I put these in a common library project so both my AIR and Flex app can access common AS3 code.  I feel I should do this to keep from duplicating code by copying the AS3 classes in both my AIR and Flex projects.  Can you give my any examples or links to information on how to do this??
  I plan to also create a common java project for all base and model objects generated from my db tables so that the common library project with AS3 classes could remoteobject interface with the java classes in the java project. I would like to keep all of my business logic in the java model classes.  Does this seem appropriate for the projects/setup listed above?
  Here are the projects I think I need in Flex Builder.
  FlexWebApp
  AIRBackOfficeApp
  JavaApp - Common
  AS3FlexLibraryApp - Common
  The FlexWebApp and AIRBackOfficeApp will reference the AS3FlexLibraryApp and the AS3FlexLibraryApp will remoteobject to the java classes in JavaApp.
  Any help or direction with this is greatly appreciated.
  Thanks,
  Whitney

  Hi,
  Please post only once (do not post same thread across multiple forums).
  help with Financials setup from very basics...
  Re: help with Financials setup from very basics...
  Regards,
  Hussein

• I need help with proper DNS setup for 10.5.8 Server

  I'm administering a 10.5.8 server that I sold and setup about a year ago. I'm experiencing issues with getting iCal server to be happy. All of the clients are running 10.5.8, but I'm running 10.6.1. I've heard from others that connecting iCal in 10.6 to a 10.5 iCal Server should be no problem.
  I'm beginning to think that I have DNS issues. Probably because I'm not and never have been 100% certain how to set it up completely correctly. I used to be able to get Kerberos tickets, but now I can't. With the new "Ticket Viewer" in 10.6, it asks for two bits of information. First is "Identity" where I'm guessing I should put [email protected] and then password. When I do this I get an alert dialog that says "Kerberos Error -- cannot resolve network address for KDC in realm example.com"
  The server is a Mac Pro tower with two Ethernet ports. En2 is connected directly to the Internet and has a static IP with a domain name assigned to it. We'll call it "example.com" for the purposes of the discussion. The En1 is connected to the network switch and has a static LAN IP of 192.168.1.250. All clients inside and outside are able to reach the server via domain name for WWW & AFP, no problem.
  nslookup on the static IP address returns "example.com" and nslookup on "example.com" returns the correct static IP address. Open Directory is running and happy including Kerberos. The LDAP search base is "dc=example,dc=com". The LDAP search base is a concept I haven't quite grasped, so I'm just going to assume it's correct.
  The domain name is hosted outside by a service provider that forwards all "example.com" requests to the server with the exception of mail.
  In DNS, I have three "sections" that look like this:
  Name Type Value
  1.168.192.in-addr.arpa. Reverse Zone -
  192.168.1.250 Reverse Mapping example.com.
  000.000.00.in-addr.arpa. Reverse Zone -
  000.000.000.000 Reverse Mapping example.com.
  com. Primary Zone -
  mail.example.com. Alias mail.our-email-isp.com.
  example.com. Machine Multiple values
  www.example.com. Machine Multiple values
  NOTE: the zeros aren't actually zeros, they are the static IP assigned to the server/domain
  When I select the top element "1.168.192.in-addr.arpa." down below "Allows zone transfer" is NOT checked. Nameservers shows the zone as "1.168.192.in-addr.arpa." and the Nameserver Hostname as "ns.example.com."
  When I select the next line down "192.168.1.250", Resolve 192.168.1.250 to: example.com.
  When I select the "000.000.00.in-addr.arpa." element, it has the same settings -- nameservers "000.000.00.in-addr.arpa." and "ns.example.com."
  When I select the next line down (our static IP), Resolve 000.000.000.000 to: example.com.
  When I select "com." the admin email is populated with a valid email address, Allows zone transfer is NOT checked. In nameservers, Zone is "com." and Nameserver Hostname is "example.com." The mail exchangers are mail2.our-email-isp.com. priority 10 and mail.our-email-isp.com. and priority 20.
  When I select the machine "example.com." it shows both the real-world static IP and the 192.168.1.250, same with "www.example.com.".
  Am I doing something wrong with this setup? Should "com." be the primary zone or should that be "example.com." ???
  I've been thinking about getting rid of the DNS entry for the 192.168.1.250 address altogether, but will the clients in the office suffer performance issues??? I do not think that the client workstations are configured to get DNS from the server anyway. Should the "www.example.com." record be a Machine record or should it be an alias record?
  Any help you have to offer is greatly appreciated! Thanks!
  In the meantime, I'm going to look around and see if I can understand "Allows zone transfer" and LDAP Search base a bit better.

  Okay, I found a lovely article at the following address which I think helps me to clarify what I'm doing wrong. Despite that, I'd still like to have any feedback you have to offer.
  http://www.makemacwork.com/configure-internal-dns-1.htm
  Also, when editing DNS entries, Server Admin likes to set the nameserver to "ns." -- whatever your domain is. Should I be overriding that and if so, replace it with what?

• Need help with QoS config/setup for my home network.

  I have a home network that spans two buildings, has and FTP download server, VoIP phones,and several computers among other IP devices.  I run a home based business where my clients get access to the company FTP download server (NOT illegal file sharing).  the problem is that when they are downloading files my VoIP takes a big hit and gets choppy when speaking to my customers.  Below is  the layout of the network.
  Our Internet access is Verizon 4G, there are no other options available at this time or we would switch.  The Verizon 4G MiFi connects to a TP-Link wifi router that then connects to port fa0/5 on the Office 3550PoE switch.  There is a trunk between the Office switch to the House 3550PoE switch.  The House switch then connects to the Shop 3524XL switch also using a trunk.  Please note that EVERYTHING works fine other than the VoIP issue, VoIP makes and receives calls without connections issues.
  Auto QoS has been run on the Office switch ports fa0/1 and fa0/2 as well as on the House switch ports fa0/3 and fa0/5.  There is NO auto QoS on the 3524XL
  What is the best way to give VoIP traffic top priority over FTP and web browsing when going out port fa0/5 on the Office Switch?  Over the internal network we are not having any call quality issues between the IP phones, just calls to our SIP provider.  Yes, I understand that once calls exit the Office switch to the TP-Link wifi router there will not be any QoS.  But, if I can give priority to the packets at the layer 3 Office switch (or wherever you suggest) then at least I will not have to kill a users FTP download while I am on the phone.
  Thank You

  I can make ANY changes necessary, just need to know what to do.
  First, did you notice the output of the command  sh mls qos fa0/5 above?  Is it working correctly?
  Next, Yes I do have version W17 and can install if if needed.  The lost of possible commands I listed above was from the conf t - config interface fa0/x level.  There is class and policy mapping commands the the config global level along with all these other commands:
    aaa                         Authentication, Authorization and Accounting.
    access-list                 Add an access list entry
    alias                       Create command alias
    arp                         Set a static ARP entry
    banner                      Define a login banner
    boot                        Boot Commands
    buffers                     Adjust system buffer pool parameters
    cdp                         Global CDP configuration subcommands
    cgmp                        Global CGMP configuration commands
    class-map                   Configure QoS Class Map
    clock                       Configure time-of-day clock
    cluster                     Cluster configuration commands
    default                     Set a command to its defaults
    default-value               Default character-bits values
    downward-compatible-config  Generate a configuration compatible with older software
    enable                      Modify enable password parameters
    end                         Exit from configure mode
    errdisable                  Error disable
    exception                   Exception handling
    exit                        Exit from configure mode
    file                        Adjust file system parameters
    help                        Description of the interactive help system
    hostname                    Set system's network name
    interface                   Select an interface to configure
    ip                          Global IP configuration subcommands
    line                        Configure a terminal line
    logging                     Modify message logging facilities
    mac-address-table           Configure the MAC address table
    map-class                   Configure static map class
    map-list                    Configure static map list
    mvr                         Enable/Disable MVR on the switch
    no                          Negate a command or set its defaults
    ntp                         Configure NTP
    policy-map                  Configure QoS Policy Map
    power                       power configuration
    priority-list               Build a priority list
    privilege                   Command privilege parameters
    queue-list                  Build a custom queue list
    rmon                        Remote Monitoring
    scheduler                   Scheduler parameters
    service                     Modify use of network based services
    shutdown                    Shutdown system elements
    snmp-server                 Modify SNMP parameters
    spanning-tree               Spanning Tree Subsystem
    stackmaker                  Specify stack name and add its member
    tacacs-server               Modify TACACS query parameters
    tftp-server                 Provide TFTP service for netload requests
    time-range                  Define time range entries
    udld                        Configure global UDLD setting
    username                    Establish User Name Authentication
    vmps                        VMPS settings
    vtp                         Configure global VTP state

• Need help with dual monitor setup for KDE 3.5.5.

  Here's my hardware:
  NEC MultiSync LCD 1530V:  1024x768 (analog)
  Samsung SyncMaster 941BW: 1440x900 (digital)
  nVidia Dual head AGP video card.
  The dual monitor works under dual-boot Windows, boot up and pure Linux console.  I've googled around for help, changed my xorg.conf file accordingly to some sites, but it wasn't much help. 
  Here's my working xorg.conf:
  Section "ServerLayout"
      Identifier     "Simple Layout"
      Screen         "Screen 1" 0 0
      InputDevice    "Mouse1" "CorePointer"
      InputDevice    "Keyboard1" "CoreKeyboard"
  EndSection
  Section "Files"
      FontPath        "/usr/share/fonts/misc"
      FontPath        "/usr/share/fonts/75dpi"
      FontPath        "/usr/share/fonts/100dpi"
      FontPath        "/usr/share/fonts/Type1"
  EndSection
  Section "Module"
      Load           "dbe"      # Double buffer extension
      SubSection     "extmod"
          Option         "omit xfree86-dga"   # don't initialise the DGA extension
      EndSubSection
      Load           "freetype"
      Load           "glx"
  EndSection
  Section "InputDevice"
      Identifier     "Keyboard1"
      Driver         "kbd"
      Option         "AutoRepeat" "500 30"
      Option         "XkbRules" "xorg"
      Option         "XkbModel" "pc101"
      Option         "XkbLayout" "us"
  EndSection
  Section "InputDevice"
      Identifier     "Mouse1"
      Driver         "mouse"
      Option         "Protocol" "Auto"    # Auto detect
      Option         "Device" "/dev/input/mice"
  EndSection
  Section "Monitor"
      Identifier     "NEC LCD1530V"
      HorizSync       31.5 - 48.5
      VertRefresh     50.0 - 70.0
  EndSection
  Section "Device"
      Identifier     "Standard VGA"
      Driver         "vga"
      VendorName     "Unknown"
      BoardName      "Unknown"
  EndSection
  Section "Device"
      Identifier     "NVIDIA GeForce"
      Driver         "nvidia"
      Option "NoLogo" "true"        
      EndSection
  Section "Screen"
      Identifier     "Screen 1"
      Device         "NVIDIA GeForce"
      Monitor        "NEC LCD1530V"
      DefaultDepth    24
      SubSection     "Display"
          Viewport    0 0
          Depth       8
          Modes      "1024x768"
      EndSubSection
      SubSection     "Display"
          Viewport    0 0
          Depth       16
          Modes      "1024x768"
      EndSubSection
      SubSection     "Display"
          Viewport    0 0
          Depth       24
          Modes      "1024x768"
      EndSubSection
  EndSection
  Using this xorg.conf file, only my NEC LCD analog monitor could display KDE while the Samsung digital can't.
  Any suggestions?   

  Thanks for your help guys, I'm halfway there.
  The second monitor shows the KDE desktop, but it isn't exactly what I expected.  Right now, both monitors display at 1024x768 (each) or 2048x768 (total).  The larger monitor stretches and distorts the display of 1024x768 to its natural resolution at 1440x900 and it isn't what I wanted.  Other than that, the dual desktop setup behaves what I expected to.
  Here's a snippet of my xorg.conf that currently works:
  Section "Monitor"
  Identifier "NEC LCD1530V"
  HorizSync 31.5 - 48.5
  VertRefresh 50.0 - 70.0
  EndSection
  Section "Monitor"
  Identifier "Samsung SyncMaster"
  HorizSync 31.5 - 60
  VertRefresh 60.0 - 70.0
  EndSection
  Section "Device"
  #VideoRam 131072
  # Insert Clocks lines here if appropriate
  Identifier "NVIDIA GeForce"
  Driver "nvidia"
  Option "NoLogo" "true"
  Option "TwinView" "true"
  Option "TwinViewOrientation" "LeftOf"
  Option "SecondMonitorHorizSync" "30-50"
  Option "SecondMonitorVertRefresh" "60"
  # Option "MetaModes" "1440x900, 1440x900; 1024x768, 1024x768"
  EndSection
  Section "Screen"
  Identifier "Screen 1"
  Device "NVIDIA GeForce"
  Monitor "NEC LCD1530V"
  DefaultDepth 24
  SubSection "Display"
  Viewport 0 0
  Depth 8
  Modes "1024x768"
  EndSubSection
  SubSection "Display"
  Viewport 0 0
  Depth 16
  Modes "1024x768"
  EndSubSection
  SubSection "Display"
  Viewport 0 0
  Depth 24
  Modes "1024x768"
  EndSubSection
  EndSection
  Section "Screen"
  Identifier "Screen 2"
  Device "NVIDIA GeForce"
  Monitor "Samsung SyncMaster"
  DefaultDepth 24
  SubSection "Display"
  Viewport 0 0
  Depth 8
  Modes "1440x900"
  EndSubSection
  EndSection
  Anyone have an idea?
  EDIT:  Oh snaps.  I just did a pacman -Syu and it upgraded Arch Linux to 0.8 and the 2nd monitor stopped working.

• Installing Elements 11 on Mac. Need help with install error "Setup wants to make changes."

  Installing Elements 11 on Mac 10.8.2. Need help with install error:  Setup wants to make changes. Type your password to allow this."  After entering Adobe password, nothing happens.  Locked from further installation.  Any ideas?  Adobe phone support could not help.

  Just before letting changes (installation in this case) be made on the system, Mac OS prompts for password & this has to be the Mac system password. This password prompt is the system's own native prompt & would accept the system password only. Please make sure it is the right system password (all/admin rights) and the installaion should run.

• Good day I need the solution to the problem presented my iphone with ios upgrade from 7 to access any app, I get a message that says "log on to itunes to receive notifications"

  Good day I need the solution to the problem presented my iphone with ios upgrade from 7 to access any app, I get a message that says "log on to itunes to receive notifications"

  After the iOS 7.0.2 update words with friends is not working for me either. When I attempt to open the app it just closes itself after a few seconds of being open. This happens every time I attempt to open it.

• I think I need help with driver (software) settings for D110a

  I think I need help with driver (software) settings for D110a all-in-one
  Product: D110a all-in-one
  OS: Windows XP Professional
  Error messages: None
  Changes before problem appeared: None--new installation
  The quality of photo images (mostly JPG files) in printouts is awful even though the files display beautifully on the PC screen. I am using
  IrfanView software for displaying/printing. As far as I can tell, IrfanView is not the problem.
  When I print the same images on a Deskjet 5150 attached to a different PC also running XP Pro and IrfanView, the quality of the printouts is at
  least acceptable, Some would probably say good or very good.
  It's dificult to explain in words the problem with the printouts. A picture of really pretty vegetables (squashes, tomatoes, watermelon, etc) comes
  out much too red. Moreover, the red, which appears shaded on the screen, seems to be all one shade in the D110a printouts.
  Something similar happens to a view of a huge tree in full leaf. On screen, there are subtle variations in the "greenness" of the leaves. In the
  printout, all green is the same shade. In the same printout, the trunk of the tree is all a single shade of grey. It isn;t even obvious that the
  trunk is a round, solid object.
  I liken the effect to audio that disappears entirely when you lower the volume and gets clipped into square waves in even moderately loud passages.
  I don't know whether the D110a driver software permits adjusting the parameters that appear to be set incorrectly, and if adjustments are possible,
  how I would identify which parameters to adjust, how I would access them, or how I would adjust them. I'm hoping that someone can help. Thanks.
  I forgot to mention that I have used the diagnostic application and it tells me that there are no problems.
  e-mail me at [email protected]

  brazzmonkey wrote:
  Hi everyone,
  I noticed the following message when network starts on my gateway
  Warning: This functionality is deprecated.
  Please refer to /etc/rc.conf on how to define a single wired
  connection, or use a utility such as netcfg.
  Then I realized the way network settings should be written in rc.conf has changed. But I can't figure out how this should be done.
  Currently, my set up is the following (old way):
  INTERFACES=(eth0 eth1)
  eth0="dhcp"
  eth1="eth1 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255"
  ROUTES=(!gateway)
  eth0 is on DHCP because the IP is dynamically assigned my ISP.
  eth1 has a fix IP because it's on the LAN side.
  No problem to use DHCP on eth0 with the new settings.
  But for eth1, I don't know what I am supposed to write for gateway.
  Wiki isn't clear on that one either, and it looks like many articles still refer to the old way.
  Any guidance appreciated, thanks.
  brazzmonkey,
  you can't define 2 interfaces the old way (even though I saw some tricky workaround somewhere in the forums).
  Use, f.e., netcfg:
  Comment your old lines.
  In /etc/rc.conf insert:
  NETWORKS=(Eth0-dhcp Eth1-static)
  DAEMONS=(..... !network @net-profiles ....)
  In /etc/network.d create 2 files:
  First one is named  Eth0-dhcp.
  Contents:
  CONNECTION="ethernet"
  DESCRIPTION="Whatever text"
  INTERFACE=eth0
  HOSTNAME="your hostname"
  IP="dhcp"
  DHCP_TIMEOUT=15
  Second one is named Eth1-static.
  Contents:
  CONNECTION='ethernet'
  DESCRIPTION='whatver'
  INTERFACE='eth1'
  HOSTNAME='hname'
  IP='static'
  ADDR='192.168.0.10'
  GATEWAY='192.168.0.1' # your gateway IP
  DNS=('192.168.0.1') # your DNS server
  The names Eth0-dhcp and Eth1-static are not magic. They just must be the same in rc.conf and in /etc/network.d.
  Hope it helps.
  mektub
  PS: netcfg must be installed.
  Last edited by Mektub (2011-07-20 14:07:05)

• Need help with a activation code for Adobe Acrobat X Standard for my PC,, Don't have older version serial numbers,  threw programs away,  only have Adobe Acrobat X Standard,  need a code to unlock program?

  Need help with a activation code for Adobe Acrobat X Standard for my PC, Don't have older Version of Adobe Acrobat 9, 8 or 7. 

  You don't need to install the older version, you only need the serial number from your original purchase. If you don't have them to hand, did you register? If so, they should be in your Adobe account. If not you really need to contact Adobe, though it isn't clear they will be able to do anything without some proof of purchase etc.

• Im trying to update my iphone with ios 5 but, for some reason its not giving me the option to do it? i've restored my phone once like it says do on the website and it hasnt done it? what can i do ?

  Im trying to update my iphone with ios 5 but, for some reason its not giving me the option to do it? i've restored my phone once like it says do on the website and it hasnt done it? what can i do ?

  Are you sure you have a 3GS and not a 3G?  The 3G cannot be updated to iOS5.  What version are you on now?... Settings > General > About > Version

• [solved]Need help with a bash script for MOC conky artwork.

  I need some help with a bash script for displaying artwork from MOC.
  Music folders have a file called 'front.jpg' in them, so I need to pull the current directory from MOCP and then display the 'front.jpg' file in conky.
  mocp -Q %file
  gives me the current file playing, but I need the directory (perhaps some way to use only everything after the last  '/'?)
  A point in the right direction would be appreciated.
  thanks, d
  Last edited by dgz (2013-08-29 21:24:28)

  Xyne wrote:
  You should also quote the variables and output in double quotes to make the code robust, e.g.
  filename="$(mocp -Q %file)"
  dirname="${filename%/*}"
  cp "$dirname"/front.jpg ~/backup/art.jpg
  Without the quotes, whitespace will break the code. Even if you don't expect whitespace in any of the paths, it's still good coding practice to include the quotes imo.
  thanks for the tip.
  here it is, anyhow:
  #!/bin/bash
  filename=$(mocp -Q %file)
  dirname=${filename%/*}
  cp ${dirname}/front.jpg ~/backup/art.jpg
  then in conky:
  $alignr${execi 30 ~/bin/artc}${image ~/backup/art.jpg -s 100x100 -p -3,60}
  thanks for the help.
  Last edited by dgz (2013-08-29 21:26:32)

• Need help with IOS commands to see wireless printer

  Seems that I'm not asking the question correctly, or providing the right information.
  The problem:
  I've purchased a wireless printer, (an HP 6500a) and I can not see / ping / use the printer on the wireless network.
  Environment:
  Cisco 891 ISR in standalone. Single office - Home-office environment. Nothing spectacular. WLAN connected and operational to the internet.
  The printer is configured to use a static IP of 10.0.0.3 and reports that it is connected to the AP. However, when I ping FROM the command line at the AP, I DO NOT see the printer. (I did previously, but we lost power last night due to a storm and I'm still trying to reconfigure it...) DHCP is configured on the router to exclude the range 10.0.0.1 through 10.0.0.99
  How do I configure the wireless router to allow any connected client to share files / printers etc? Seems that the Cisco router has this shut off
  by default and I've found nothing in the user manual or by asking for help on here how to reverse this so that I can share printers / files on the LAN.
  Please, I'm not stupid, but I'm only casually familiar with IOS and Cisco's networking terms.
  Thanks in advance,
  -Mike
  =============== Begin Wiresless AP config (running-config) ==============
  Current configuration : 3122 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname (Remnoved)
  enable secret 5 (Removed)
  no aaa new-model
  dot11 syslog
  dot11 ssid (Removed)
     vlan 1
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 0 (Removed)
  username (removed)
  username (Removed)
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers tkip
  broadcast-key vlan 1 change 30
  ssid (Removed)
  antenna gain 0
  station-role root
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers tkip
  broadcast-key vlan 1 change 30
  ssid (Removed)
  antenna gain 0
  dfs band 3 block
  channel dfs
  station-role root
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
  no ip address
  no ip route-cache
  interface GigabitEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address dhcp client-id GigabitEthernet0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  access-list 110 permit icmp any any echo
  access-list 110 permit icmp any any echo-reply
  access-list 110 permit icmp any any source-quench
  access-list 110 permit icmp any any packet-too-big
  access-list 110 permit icmp any any time-exceeded
  bridge 1 route ip
  banner login ^CC
  % Password change notice.
  Default username/password setup on AP is cisco/cisco with privilege level 15.
  It is strongly suggested that you create a new username with privilege level
  15 using the following command for console security.
  username <myuser> privilege 15 secret 0 <mypassword>
  no username cisco
  Replace <myuser> and <mypassword> with the username and password you want to
  use. After you change your username/password you can turn off this message
  by configuring  "no banner login" and "no banner exec" in privileged mode.
  ^C
  line con 0
  privilege level 15
  login local
  no activation-character
  line vty 0 4
  login local
  cns dhcp
  end

  Wireless clients can get on w/o issue. Nobody can ping anyone else or see them.
  No file sharing, no printer.
  Tried using the web-based config which works for some items, but wont access the advanced config.
  I'm on my way into town, so can't post the router config, but it is posted in my earlier question
  of last week. I can login later if you otherwise need it here.
  Thanks,
  -Mike

• Desperate help needed to configure WVC210 for remote access?

  Hi, I'm new and desperately need some help on setting up my WVC210 for remote access.
  I manage to setup and see images from my WVC210 using my home LAN via both wired and also wireless.
  I have 2 questions:
  (a) for wireless connection, i only manage to get connection to my WVC210 if i disable the wireless security from my router. But that means i'm opening my wireless LAN to everyone. How can i still get connection to the camera if i enable the wireless security from my router. (FYI: my router is 2Wire ADSL  from Singnet Mio)
  (b) how can i get connection to my WVC210 from outside or in my office? I type in the camera Fixed IP address (displayed on the front screen) on the web browser, by it shows a error page. Is there some setting that i might need to adjust ?
  Pls kindly help me
  Thank you.

  Bernard,
  For Item (2) is there any difference between the camera built-in dyndns updater versus the software updater? I am under the impression that the software updater is easier to manage.
  The biggest difference for you is that the camera always stays at the same location, and the laptop goes with you. Every time you access the internet from a different location with the laptop the software updater is sending the new IP address to dyndns.com. This causes you to lose access to your camera because the FQDN doesn't point to your home IP address anymore. Once the dyndns credentials are in the camera (or router) there is no management needed. The device will automatically update dyndns.com with your new IP address as it changes, and you do not need to do anything.
  For Item (3), are you saying port forward 1025 is it for the 2nd camera only or for both? Or is it 2nd camera use 1025 and first camera use 8080?
  Here's an example of what I mean:
  Camera 1: 192.168.1.210 port 1024. In router, forward port 1024 to 192.168.1.210
  Local Access: http://192.168.1.210:1024
  Remote Access: http://bernards210.dyndns.org:1024 (Example)
  Camera 2: 192.168.1.211 port 1025. In router, forward port 1025 to 192.168.1.211
  Local Access: http://192.168.1.211:1025
  Remote Access: http://bernards210.dyndns.org:1025 (Example)
  Camera 3: 192.168.1.212 port 1026. In router, forward port 1026 to 192.168.1.212
  Local Access: http://192.168.1.212:1026
  Remote Access: http://bernards210.dyndns.org:1026 (Example)
  to access the 2 camera outside, do i have to have another dyndns host name or can i use the current one for both camera?
  As you can see in the above example, the dyndns name remains the same for remote access to all three cameras. The only change is the port number at the end. Your router will translate the port number to the IP address that the port is forwarded to, allowing you to select the camera that you wish to view by changing the port number in the address.
  I was actually thinking that the camera web browser can show 2 camera at the same time. Is it possible?
  No. Each browser window will display a single camera. You can however opens multiple instances of your browser to allow viewing of more than one camera simultaneously. A better solution is to install the Video Monitoring Software that is included with the camera which allows you to view multiple cameras in the same window.