IP cache flow

Hello All,
We are facing a strange issue. In the cache flow output we seeing the input interface as Te8/6 for the IP 10.57.55.11. whereas if we sh route to the same it is taking anonther interface.
#sh ip cache verbose flow | i 10.64.2.191
Te8/6            10.57.55.11      Te7/5            10.64.2.191     06 00 00       4
Te8/6            10.57.55.11      Te7/5            10.64.2.191     06 00 00       4
#sh ip route 10.57.55.11
Routing entry for 10.57.55.0/24
Known via "ospf 1", distance 110, metric 21, type intra area
Last update from 10.57.0.38 on TenGigabitEthernet7/3, 1w3d ago
Routing Descriptor Blocks:
* 10.57.0.38, from 10.57.254.142, 1w3d ago, via TenGigabitEthernet7/3
      Route metric is 21, traffic share count is 1
    10.57.0.26, from 10.57.254.142, 1w3d ago, via TenGigabitEthernet8/3
      Route metric is 21, traffic share count is
Can anybody explain the logic behind this,
Regards,
Thiyagu

Hi,
some kind of an asymmetric routing probably in your network.
I.e., the 10.57.55.11 source is using a different path to reach the destination 10.64.2.191 than your router would choose for routing back.
Do you see any returning traffic in your flow cache?
If not, the real returning traffic is not routed via this particular router, i.e., taking a completely different path.
Best regards,
Milan

Similar Messages

Sh ip cache flow command in Nexus

is there a similar command to the sh ip cache flow in Nexus?
Thanks..
_Greg...

Hi Greg
Try
sh hardware flow ip
Below you can find the documentation about netflow on nexus:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_15netflow.html
HTH,
Alex

Netflow and IP route-cache flow on a serial Int?

Hi, i was wondring if turning the ip route-cache on a serial Int connecting to a T1 line to the ISP is having adverse affect on the router or not assuming more processing power.
is there a collector by Cisco thatcan be downloaded for free and use to collect the flow?
Can CiscoWorks LMS be used "or VMS" to collect the netflow information?
Thanks very much for your help/feedback.
Thx,
Masood

Masood,
Cisco have produced an excellent white paper on netflow performance - try searching for "NetFlow Performance Analysis".
Also, in the netflow section on Cisco's web site there is an extensive list of both commercial and freeware netflow applications. (You can't use CiscoWorks though.)
Andrew.

Ip route cache-flow Vs ip flow ingress Vs ip flow egress

Hi,
Can anyone explain the diference and when i should use these?
Regards

Hi,
There's a nice exlanation on the following link:
http://www.plixer.com/blog/scrutinizer/netflow-version-9-egress-vs-ingress
Best regards,
Giorgos

Ip flow-cache timeout active 2

Good afternoon. On my 1841 when i enter the "ip flow-cache timeout active 2" command it accepts this command with no errors. But when i look at my running-config this does not list.
I did the same thing on my 2811's and 3745 and it shows up in the running-config.
Should I assume if it doesnt' show up in my config file than it is not applied?
How can I verify that it is or isn't?
Thanks...

Use the show commands "sh ip cache flow" and "sh ip flow export" to verify the NetFlow configurations. If the output of show command shows the active flow timeout to be 2, it has been applied.
Regards,
Don Thomas Jacob
ManageEngine NetFlow Analyzer

ACE 4710 transparent LB with two Caches and two routers.

Hello,
I have ACE 4710 that load balance two cach flows (bluecoat), i am doing pbr on the routers to send the traffic destined to port 80 to ACE then Cach farm. After that the Cach flow will get the page from the internet via two routers. The return traffic will match another pbr on the routers with source port 80 that will send it to the ACE then CachFlow again .....then to the users.
I am not using ip-spoofing on the CachFlow for now. In the figure attached i created a VIP 0.0.0.0 0.0.0.0 port 80 on the interface on the ACE facing the routers, but the question is do i have to create another VIP 0.0.0.0 0.0.0.0 port 80 on the interface on ACE facing the Cach Flow? or just forward the traffic on the default route? What might be the default route since i have to use two routers and i cannot use hsrp?
Kindly I need some assistance
Thank you and regards,
George
access-list PERMIT_ALL line 8 extended permit ip any any
access-list CFLOW line 8 extended permit ip any any
ip name-server 8.8.8.8
ip name-server 4.2.2.2
##################################Config for Cache Cache Servers###################
probe http CISCO_WWW_PROBE
ip address 72.163.4.161
interval 2
faildetect 2
passdetect interval 2
passdetect count 5
request method head url /index.html
expect status 200 200
exit
probe http YAHOO_WWW_PROBE
ip address 87.248.112.181
interval 2
faildetect 2
passdetect interval 2
passdetect count 5
request method head url /index.html
expect status 200 200
exit
serverfarm host TRANSPARENT_PROXY_SF
description Transparent Proxy Farm
transparent
predictor hash url
probe CISCO_WWW_PROBE
probe YAHOO_WWW_PROBE
rserver CFLOW01
    inservice
rserver CFLOW02
    inservice
exit
exit
############################################# Router Cache Farm ############################
probe icmp ICMP_PROBE
description *** Probe for icmp health monitoring ***
interval 5
faildetect 2
passdetect interval 60
passdetect count 2
exit
rserver host Router01
description Connection to Sodetel Router
ip address 192.168.14.4
probe ICMP_PROBE
inservice
rserver host Router02
description Connection to IDM Router
ip address 192.168.14.5
probe ICMP_PROBE
inservice
serverfarm host Routers
description Transparent Proxy Farm
transparent
predictor hash url
probe ICMP_PROBE
rserver Router01
    inservice
rserver Router02
    inservice
exit
exit
################################# Management################################
class-map type management match-any REMOTE_MGMT
description Allow Remote management for below protocols
8 match protocol icmp any
9 match protocol ssh source-address 172.31.13.31 255.255.255.255
10 match protocol ssh source-address 172.31.31.21 255.255.255.255
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_MGMT
    permit
class-map match-all CFLO2Internet
2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map match-all TRANSPARENT_VIP_CM
2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
policy-map type loadbalance first-match TRANSPARENT_LB_PM
class class-default
    serverfarm TRANSPARENT_PROXY_SF backup Routers
policy-map type loadbalance first-match CFLO2Internet_LB
class class-default
    serverfarm Routers
policy-map multi-match CFLO2Internet_PM
class CFLO2Internet
    loadbalance vip inservice
    loadbalance policy CFLO2Internet_LB
    loadbalance vip icmp-reply active
    connection advanced-options TCP
policy-map multi-match L3L4_PM
class TRANSPARENT_VIP_CM
    loadbalance vip inservice
    loadbalance policy TRANSPARENT_LB_PM
    loadbalance vip icmp-reply active
    connection advanced-options TCP
====Interfaces======
interface vlan 11
description Interface between Routers and ACE
ip address 192.168.14.2 255.255.255.224
alias 192.168.14.1 255.255.255.224
peer ip address 192.168.14.3 255.255.255.224
no icmp-guard
access-group input PERMIT_ALL
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input L3L4_PM
no shutdown
interface vlan 21
description Connection to CFlow ServerFarm
ip address 192.168.12.2 255.255.255.224
alias 192.168.12.1 255.255.255.224
peer ip address 192.168.12.3 255.255.255.224
no icmp-guard
access-group input CFLOW
service-policy input CFLO2Internet_PM ------>>>> Is this necessary???
no shutdown

Hi George,
In the topology you described, only the service-policy in the interface towards the routers is necessary. For the traffic from the caches, the ACE will just forward to the default gateway.
The only problem is, as you mentioned, that you cannot use HSRP. In that case, you can still configure two default gateways, but there is no way to predict which one the ACE will use at a given time (the way it does to select the one it will use is sending an ARP request to both gateways and using the one that replies first until the ARP entry expires)
If you need to load-balance the traffic between both routers, then yes, you would need to configure a new VIP on the cache side and load-balanced to a transparent serverfarm composed of both routers.
Regards
Daniel

Does WCCP skew results of 'ip flow top-talkers'?

I have a router that has been configured to show ip flow top-talker information. I recently added a WAAS to this site that is using WCCP redirection. The 'top-talkers' output on the router still works - but shows source/destination of the router and WAAS device as the talkers for all traffic that has been redirected. I'm not able to see that actual client IPs for that traffic .. and that is the majority of my traffic. Is there any way to still be able to view this traffic as I did before? If I dump netflow to an actual netflow server instead of using top-talkers will that work - or will it display the same thing?
Router configuration:
interface multilink1
ip flow ingress
interface gi0/0
ip flow ingress
ip flow-top-talkers
top 25
sort-by bytes
Now when I do a 'show ip flow top-talkers', here's what I see: 10.10.11.18 is WAAS and 10.10.255.11 is loopback of the router.
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Bytes
Gi0/0.1       10.10.11.18     Mu1           10.10.255.11    2F 0000 0000   141M
Gi0/0.1       10.10.11.18     Mu1           10.10.255.11    2F 0000 0000    12M
Gi0/0.1       10.10.11.124    Gi0/0.1       10.10.10.53     06 1058 0A26 1801K
Gi0/0.1       10.10.11.54     Gi0/0.1       10.10.10.5      06 0E0C 0A26   882K
Gi0/0.1       10.10.11.107    Gi0/0.1       10.10.10.50     06 043D 05D6   736K
Gi0/0.1       10.10.11.60     Gi0/0.1       10.10.10.5      06 0409 0A26   723K
Gi0/0.1       10.10.11.103    Gi0/0.1       10.10.10.5      06 0407 0A26   713K
Gi0/0.1       10.10.11.120    Gi0/0.1       10.10.10.14     06 0456 05D6   531K
Gi0/0.1       10.10.11.237    Gi0/0.1       10.10.10.27     06 238C 110E   527K
Gi0/0.1       10.10.11.62     Gi0/0.1       10.10.10.53     06 C00E 05D6   463K
Gi0/0.1       10.10.11.125    Gi0/0.1       10.10.10.30     06 12A1 1F90   355K
Gi0/0.1       10.10.11.115    Gi0/0.1       10.10.10.14     06 042C 05D6   336K
Gi0/0.1       10.10.11.137    Gi0/0.1       10.10.10.6      06 04AC 0D3D   244K
Gi0/0.1       10.10.11.154    Gi0/0.1       10.10.10.53     06 0A0D 0A26   216K
Gi0/0.1       10.10.11.66     Gi0/0.1       10.10.10.6      06 C018 05D6   195K
Gi0/0.1       10.10.11.91     Gi0/0.1       10.10.10.5      06 0439 05D6   145K
Gi0/0.1       10.10.11.58     Gi0/0.1       10.10.10.14     06 0458 05D6   134K
Gi0/0.1       10.10.11.127    Gi0/0.1       10.10.10.30     06 0618 1F90   115K
Gi0/0.1       10.10.11.18     Local         10.10.255.11    11 0800 0800    96K
Gi0/0.1       10.10.11.147    Gi0/0.1       10.10.10.14     06 118F 0A26    88K
Gi0/0.1       10.10.11.95     Gi0/0.1       10.10.10.14     06 0C35 0D3D    84K
Gi0/0.1       10.10.11.105    Gi0/0.1       10.10.10.27     06 C98F 01BD    70K
Gi0/0.1       10.10.11.117    Gi0/0.1       10.10.10.53     06 CB1A 0D3D    41K
Gi0/0.1       10.10.11.65     Gi0/0.1       10.10.10.14     06 0EF9 05D6    40K
Gi0/0.1       10.10.11.112    Gi0/0.1       10.10.10.21     06 08D5 0D3D    37K
Thanks!

I believe the problem is caused because I have the WAAS appliance in the same subnet as users. I am using the 'egress-method negotiated-return intercept-method wccp' on the WAAS to send the traffic back to the router. This uses GRE, which is causing the cache flow data to show up the way it is.
I will have to move the WAAS to a different subnet and change the return method.

Cannot config "ip flow-top-talkers" on 7606-S

We have a router 7606-S is running IOS 12.2 (33r) SRD2 and Internet BGP protocol.
I tried to enable Flow Top Talkers on it to check Top 10 flow talkers.
1.configure interface:
Router(config-if)#ip flow ingress
2.configure
Router(config)#ip flow-top-talkers
but it shows:
Router((config)#ip flow-top-talkers
^
% Invalid input detected at '^' marker.
Router(config)#ip flow-?
flow-aggregation flow-cache flow-capture flow-egress flow-export
I then tried command
Router#show ip flow top-talkers
% Top talkers not configured
Can anyone advice if anything I miss please?
Thanks in advance.

Does your switch have a network services module installed?
Note Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image.

VPN Communication Problem

I have created a working VPN between a remote PC with Cisco VPN Client and Easy VPN server on Cisco 1802 (DSL). The Router has an dynamic external IP and is accessible over DynDNS. The problem is not the VPN connetion, but the communication between the remote PC and LAN behind the router.
Ping functions to all devices on the LAN
telnet 25 functions
DNS functions
Access to shares is taking ages, functions then sometimes, usually runs it into a Timeout
HTTP is taking ages and breaks then
Remotedesktop to a 2k server breaks
Remotedesktop to a 2k3 server opens the server window, but before the login mask breaks
Application Security Log of the SDM:
JAN 16 14:09:35.902 PC Time DROP PKT Dropping tcp pkt 192.168.121.15:80 => 192.168.122.5:4293
JAN 16 14:11:35.662 PC Time DROP PKT Dropping tcp pkt 192.168.122.5:4302 => 192.168.121.15:3389
Any idea's what's wrong with the config?

Hi there,
I see some issues here:
1. Increase the value in the command:
ip tcp synwait-time 10
2. Remove following command from the interface Dialer0 config:
ip route-cache flow
3. On the VPN client PC, open the SetMTU utiliy (in the VPN client folder) and set the MTU on the interface to 1300.
Start the above steps and test after each.
Please rate if this helped.
Regards,
Daniel

Cisco 871 to Cisco ASA 5545 Site-to-Site VPN Split Tunnel not working.

Tunnel comes up and can see and access protected traffic but cannot access web (Split Tunnel). Don't know if access problem or route issue.
Listed below is configuration for Cisco 871, any help very much appreciated.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key test address x.x.x.x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to x.x.x.x
set peer x.x.x.x
set transform-set ESP-3DES-SHA
match address 100
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 4.34.195.193 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 172.200.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip tcp adjust-mss 1452
ip route 0.0.0.0 0.0.0.0 4.34.195.193 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.200.1.0 0.0.0.255 172.16.2.0 0.0.0.255

I don't see any NAT configuration above. Check you can PING out to the internet (8.8.8.8 for example) from the router itself as it won't need NAT to PING from the outside interface.
Have a look at this document on setting up NAT for your inside devices:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

Cisco 1812 wireles setup, can't get it to work

Hello everyone,
I've read trough the "871 wireless setup" topic, which I found very helpful, but I still can't get my wireless working. Basically I have a Cisco 1812W and I would like both wireless and wired to be on the same subnet. We aren't using DHCP, so the IP's are all static (even for the wireless clients). I can connect to my wireless SSID, but ping doesn't go trough either way. Wired connections are working fine. So the wireless client is connected, but has no IP address as far as the router goes (show Dot11 associations shows it's IP as 0.0.0.0) , but the wireless client does have an IP set up.
I guess I'm overlooking something in my config, so here it is (i took out the firewall rules and aaa setup, they aren't relevant if i'm not mistaken and there's a limit to post size):
ip cef
ip tcp synwait-time 10
no ip bootp server
ip name-server <removed>
ip name-server <removed>
crypto pki trustpoint TP-self-signed-1358229530
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1358229530
revocation-check none
rsakeypair TP-self-signed-1358229530
crypto pki certificate chain TP-self-signed-1358229530
certificate self-signed <removed>
quit
username <removed>
bridge irb
interface Null0
no ip unreachables
interface FastEthernet0
description $ETH-WAN$$FW_OUTSIDE$
ip address extip extsubnet
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect sdm_ins_in_100 in
ip inspect SDM_MEDIUM out
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Dot11Radio0
description 802.11g
no ip address
encryption mode ciphers tkip
ssid <removed>
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 <removed>
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1
description 802.11a
no ip address
shutdown
encryption key 1 size 40bit 7 1ED10A3EC0C5 transmit-key
encryption mode wep mandatory
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
interface Vlan1
description $FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
bridge-group 1
interface BVI1
ip address <internal router ip> <subnet>
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 <external router IP> permanent
ip flow-top-talkers
top 5
sort-by bytes
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
<bunch of static nats>
<access rules>
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
line aux 0
line vty 0 4
access-class 102 in
password 7 <removed>
transport input ssh
scheduler allocate 4000 1000
webvpn context Default_context
ssl authenticate verify all
no inservice
end

Okay, I've somewhat figured it out. Apparently my WPA-PSK configuration doesn't work with the integrated Broadcom adapter found in the laptop I was testing it with.
Either that or my WPA-PSK configuration is broken.
I switched over to an open network with no encrpytion and everything works now.

What is the best way to trust DSCP values on 6509 interfaces?

I have 6509's with 2 Ten-gig interfaces configured into a Port Channel (routed with IP addressing) - the IOS is 12.2(18)SXE3. I want to trust the DSCP values of packets traveling through the interfaces and have applied 'mls qos trust dscp' on both the physical Ten-gig interfaces as well as the L3 Port Channel interface.
1.Is it necessary to have the statement on all the interfaces, or is just having it on the Port channel enough?
Here is the config right now:
interface Port-channel4
description to 6509-Core-A P4 (T1/3, T2/3)
ip address 164.xxx.xx.xx 255.255.255.252
ip pim sparse-mode
ip route-cache flow
mls qos trust dscp
interface TenGigabitEthernet1/1
description to 6509-Core-A T1/3 (P4)
no ip address
ip route-cache flow
mls qos trust dscp
channel-group 4 mode desirable
interface TenGigabitEthernet1/2
description to 6509-Core-A T2/3 (P4)
no ip address
ip route-cache flow
mls qos trust dscp
channel-group 4 mode desirable
Also, what command can I use to see the dscp counters? In the 3560/3750 catalyst line you can enter: 'sh mls qos int f0/1 statistics' and get a display of all the dscp/cos input/output packet counts, but I can't find a comparable command in the 6509.
2. Is there one?

I think you do this on the individual port interfaces, not the port-channel interface, becasue the queueing mechanisims associated with DSCP values are port based.
By doing this, if you have policy maps you want to use, you attach them to the ports not the port-channel.
For the command on 6509, you can use:
sh mls qos ip gigabitEthernet 1/1
Hope this helps and let me know how that works out.
Gary

"No internet access" on Guest Wifi

We upgraded our router the other day, we made a backup as well as a txt copy of the config file for copying in various commands to the new router .
We have a Secure wifi for employees and a Guest wifi for visitors. We have a server doing the DHCP(10.27.131.8) for both the secure (10.27.131.0 network) and for the Guest (10.26.131.0 network). The Secure wifi is working as it should be - the Guest however is not. Visitors can connect and get a valid IP address from the 10.26.131.0 network but have no internet access. Everything else has stayed the same - no changes to the AP's.
Again we copied the config from the old to the new with a few minor changes but nothing that should effect the Guest wifi.
I did an ipconfig after connecting to the Guest Wifi and I can get a correct IP address 10.26.131.214, Default GW: 10.26.131.1.
I enclosed the config from my router is anybody could shed some light,
Thanks in advance.
Building configuration...
aaa new-model
aaa authentication login default line local
aaa authentication login vtymethod group tacacs+ line
aaa authentication login conmethod line
aaa authentication login httpmethod group tacacs+ local
aaa authentication enable default enable group tacacs+
aaa authentication ppp default none
aaa authorization config-commands
aaa authorization exec default local group tacacs+ none
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
resource policy
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.26.131.1 10.26.131.100
ip dhcp pool guest
   network 10.26.131.0 255.255.255.0
   dns-server 208.67.222.222 208.67.220.220
   default-router 10.26.131.1
   domain-name guest.X.xxx
interface Tunnel3
ip address 172.17.3.2 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 12.xx.xx.xx
tunnel destination 19x.xx.xx.xx
interface Tunnel55
ip address 192.168.66.10 255.255.255.0
ip accounting output-packets
ip accounting access-violations
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 12.xx.xx.xx
tunnel destination 12.xx.xx.xx
interface FastEthernet0/0
ip address 12.xx.xx.xx 255.255.255.248
ip nat outside
ip route-cache flow
duplex auto
speed auto
service-policy output physical
interface FastEthernet0/1
description CONNECTION TO SW3
no ip address
duplex auto
speed auto
service-policy output physical
interface FastEthernet0/1.1
description LAN
encapsulation dot1Q 1 native
ip address 10.27.131.254 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
no snmp trap link-status
interface FastEthernet0/1.20
description GUEST NETWORK
encapsulation dot1Q 20
ip address 10.26.131.1 255.255.255.0
ip access-group 101 in
ip helper-address 10.27.131.8
no snmp trap link-status
interface FastEthernet0/1.200
description Phone VLAN
encapsulation dot1Q 200
ip address 10.5.2.254 255.255.255.0
no snmp trap link-status
interface Serial0/0/0
no ip address
shutdown
interface Serial0/2/0
no ip address
shutdown
interface Serial0/3/0
no ip address
shutdown
ip classless
ip route 0.0.0.0 0.0.0.0 12.xx.xx.xx
ip route 10.5.5.0 255.255.255.0 10.5.2.1
ip route 10.10.0.0 255.255.255.0 172.17.3.5
ip route 10.10.200.0 255.255.255.0 172.17.3.5
ip route 10.25.131.0 255.255.255.0 192.168.66.20
ip route 10.27.129.0 255.255.255.0 172.17.3.5
ip route 10.27.130.0 255.255.255.0 172.17.3.5
ip route 140.xx.xx.xx 255.255.0.0 172.17.3.5
ip route 192.168.2.0 255.255.254.0 172.17.3.5
ip route 192.168.99.0 255.255.255.0 172.17.3.5
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 2 interface FastEthernet0/0 overload
access-list 2 permit 10.27.131.0 0.0.0.255
access-list 2 permit 10.25.131.0 0.0.0.255
access-list 2 permit 192.168.66.0 0.0.0.255
access-list 2 permit 10.14.0.0 0.0.0.255
access-list 2 permit 10.5.5.0 0.0.0.255
access-list 2 permit 10.5.2.0 0.0.0.255
access-list 5 deny   10.27.131.123
access-list 5 permit 192.168.2.0 0.0.0.255
access-list 5 permit 10.27.131.0 0.0.0.255
access-list 5 permit any
access-list 101 permit tcp any host 10.27.131.8 eq 67
access-list 101 permit udp any host 10.27.131.8 eq bootps
access-list 101 permit ip 10.26.131.0 0.0.0.255 host 10.14.0.6
access-list 101 deny   ip 10.26.131.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny   ip 10.26.131.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 101 deny   ip 10.26.131.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 deny   icmp 10.26.131.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 101 deny   icmp 10.26.131.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny   icmp 10.26.131.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.26.131.0 0.0.0.255 any
access-list 102 permit icmp 10.25.131.0 0.0.0.255 any
access-list 102 permit ip 192.168.66.0 0.0.0.255 any
access-list 102 permit ip 10.25.131.0 0.0.0.255 any
access-list 102 permit ip 10.27.131.0 0.0.0.255 any

Hi,
I also apologize for my late answer.
I appears your ACL 101 that filters traffic entering the Fa0/1.20 is not correctly written to allow DHCP requests to be processed by the router. The attempt has been made - but it is not correct. In particular, check out the second entry in the ACL 101:
access-list 101 permit udp any host 10.27.131.8 eq bootps
It allows all DHCP messages that are already targeted to 10.27.131.8, the DHCP server. However, such targeted DHCP messages may be used by clients only after they know who the DHCP server is in the first place. Until then, the requests are targeted to 255.255.255.255 and sourced from 0.0.0.0. Such packets are not allowed by any entry in the ACL 101 and are therefore dropped even before the DHCP Relay Agent can process them. That would explain why your clients actually cannot obtain IP address via DHCP in VLAN 20.
We need to add the following entry immediately before or after the existing second entry in the ACL 101:
access-list 101 permit udp any host 255.255.255.255 eq bootps
You may accomplish this by the following sequence of commands directly pasted into the global configuration:
ip access-list resequence 101 10 10
ip access-list extended 101
15 permit udp any host 255.255.255.255 eq bootps
end
The first line will cause the individual entries of the ACL 101 to be internally numbered, starting with the sequence number 10 and incrementing by 10 for each subsequent entry. The second line enters the ACL 101, treating it as a named ACL, allowing us to use the extended editing features. Finally, the third line starting with the sequence number 15 will cause the entry to be added between the existing first (seq no 10) and second (seq no 20) entry. It must be entered including the sequence number, otherwise the line will be added at the end of the ACL.
Would you mind trying out this modification? The former corrections with the NAT I have described earlier must be applied as well.
Best regards,
Peter

My 851W only allows a single wireless connection at a time

1st device associates fine. 2nd device gets message - You are either out or range of credentials incorrect. If I shut down the wireless adapter in the 1st device the 2nd immediately associates.   Re-enable adapter in 1st device and now it cannot associate, same out of range or credentials message
Here's the full config
#sh run
Building configuration...
Current configuration : 7426 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname saa01.panjde.nj
boot-start-marker
boot system flash
boot-end-marker
logging buffered 51200
logging console informational
enable secret 5 <omittted>
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.25 10.10.10.254
ip dhcp pool sdm-pool1
   import all
   network 10.10.10.0 255.255.255.224
    default-router 10.10.10.1
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip ssh time-out 60
ip ssh authentication-retries 2
crypto pki trustpoint TP-self-signed-1218768189
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1218768189
revocation-check none
rsakeypair TP-self-signed-1218768189
crypto pki certificate chain TP-self-signed-1218768189
certificate self-signed 01
   30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
   31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
   69666963 6174652D 31323138 37363831 3839301E 170D3032 30333031 30313339
   34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
   4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32313837
   36383138 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
   8100C851 20F52411 0EB54BDE 2A94E59E A8519700 78365D20 8A601CA9 4F39FE76
   32D6132E 4818EDDD CEF23693 54DB319D E044B994 FCEE3E88 567D5F44 39973E1B
   6A7CFFC9 352A199D 5BB97CE6 B8515877 02A3AD40 B585B7A7 AE459BB4 F628BAA1
   E25BA349 26E529F6 20906E4C 42DE148B 334A440B ED8E18EB 10F87715 FD562047
   45670203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
   551D1104 1F301D82 1B736161 30312E70 616E6A64 652E6E6A 2E636F6D 63617374
   2E6E6574 301F0603 551D2304 18301680 14AF142A 26B99015 4E52B7CB CEDA485E
   7800D40C 9B301D06 03551D0E 04160414 AF142A26 B990154E 52B7CBCE DA485E78
   00D40C9B 300D0609 2A864886 F70D0101 04050003 818100C5 2DDDB22D 5D98BC9D
   73426486 C9DF6AEA 463D31D9 7656D7EA E8213739 B3EC68B0 0E308062 91D379BC
   5A2CEB4E 439B3678 EBC23F0E 570C0989 5904EF65 72A2A4D6 B1D8AE25 D9E38AEB
   C15A3BAB 39BE35CB DE2D9524 16B74998 C67F3943 0DDEBF51 1A476AF0 8896B10E
   15DE45B1 194B2B6F E736FADA 6550B219 451F63BF F3CAAE
   quit
bridge irb
interface Loopback0
ip address 10.0.0.1 255.255.255.252
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface Dot11Radio0
no ip address
encryption mode ciphers tkip
ssid <omitted>
    authentication open
     authentication key-management wpa
    wpa-psk ascii 7 <omitted>
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.31
access-list 2 permit 68.86.0.0 0.1.255.255
access-list 2 permit 10.10.10.0 0.0.0.31
access-list 2 deny   any
access-list 2 remark for VTY access
access-list 20 permit 63.241.192.58
access-list 100 permit ip 10.10.10.0 0.0.0.31 any
access-list 100 deny   ip any any
access-list 101 remark input ACL for Outside - CM facing - Interface
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit udp any any eq ntp
access-list 101 permit ip 68.86.0.0 0.1.255.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any
control-plane
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C********************************************************************************
                                 WARNING
        This system is solely for the use of authorized   and
contractors.   reserves the right at any time to monitor usage of this
system to ensure compliance with this policy, all applicable   policies
that apply to electronic communications, and all applicable laws. Your use of
this system constitutes your acceptance of and agreement to all applicable
electronic communications policies, your consent to monitoring by
,and your express agreement to use this system in compliance with all
applicable laws. Any unauthorized use of or access to this system may result
in a revocation of your user privileges, other disciplinary action up to and
including termination of employment or contract, or referrals to law
enforcement officials including the provision evidence of any unauthorized use
or access to law enforcement.
********************************************************************************^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 2 in
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
sntp server 68.87.96.5
sntp server 152.10.1.186
end

The router connects directly to a cable modem.
The issue is not DHCP, it is that the clients cannot associate with the router AP. Until is associates it will of course not sent a DHCP discover. Only a single laptop can associate at a time. As soon as the 1st laptop is powered down, the 2nd laptop can associate. Turn the 1st laptop back on and it cannot associate until the 2nd is powered down. There is not even a log message that the 2nd laptop is trying to associate
1st laptop associates and then is powered off:
000220: Oct 19 20:26:40.912 EDT: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   0026.b6ea.3a3e Associated SSID[c0mcastNET0] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
000225: Oct 19 20:33:29.491 EDT: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0026.b6ea.3a3e Reason: Disassociated because sending station is leaving (or has left) BSS SSID[c0mcastNET0]
Almost Immediately 2nd laptop associates
000226: Oct 19 20:33:31.912 EDT: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   0026.b6ea.3bee Associated SSID[c0mcastNET0] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]

Q-sig Integration AS5400 / Hicon 300 E

I have a AS5400 router, and it has two E1/R2 interfaces and One E1/PRI(ISDN/QSIG).The first E1(6/7) are linked with PBX (ISDN Q-Sig) and the second E1 I used to remote access with E1 R2 linked with PSTN it's work fine.
The problem is with ISDN/Q-SIG voice works:
Below the configuration: (sh ver, Debug q931 and 921)
Phone -- PABX/Hicom 300 -- E1/PRI(ISDN-Qsig) -- AS5400 --- 2621 -- E1/R2 -- PABX/Hicom 300 Phone
AS5400#sh run
Building configuration...
Current configuration : 6990 bytes
version 12.2
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service pt-vty-logging
hostname AS5400
boot system flash c5400-is-mz.122-15.T1.bin
no boot startup-test
logging queue-limit 100
no logging rate-limit
no logging console
resource-pool disable
clock timezone BRA -3
spe country e1-default
spe default-firmware spe-firmware-1
ip subnet-zero
no ip source-route
ip cef
isdn switch-type primary-qsig
isdn voice-call-failure 0
voice call send-alert
voice call convert-discpi-to-prog
voice call carrier capacity active
voice rtp send-recv
voice service voip
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
h323
voice class codec 1
codec preference 1 g726r32
voice class codec 2
codec preference 1 g729br8
codec preference 5 g726r32
no voice hpi capture buffer
no voice hpi capture destination
mta receive maximum-recipients 0
controller E1 6/0
framing NO-CRC4
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled ani
ds0 busyout 27-31 soft
cas-custom 0
country brazil
metering
seizure-ack-time 2
category 2
answer-signal group-b 1
dnis-digits min 3 max 12
answer-guard-time 1
description *** E1/R2 / PABX ***
controller E1 6/1
framing NO-CRC4
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country brazil
metering
seizure-ack-time 2
category 2
answer-signal group-b 1
dnis-digits min 3 max 12
answer-guard-time 1
description *** E1/R2 / PABX ***
controller E1 6/2
controller E1 6/3
controller E1 6/4
controller E1 6/5
controller E1 6/6
controller E1 6/7
pri-group timeslots 1-8,16
description *** E1/PRI ISDN Q-sig / PABX ***
interface FastEthernet0/0
ip address xxxxxxxxxxxxxxxxxx
ip route-cache flow
duplex full
speed 100
no cdp enable
interface FastEthernet0/1
ip address xxxxxxxxxxxxxxxxxxxx
load-interval 30
duplex full
speed auto
no cdp enable
hold-queue 75 in
interface Serial6/7:15
no ip address
isdn switch-type primary-qsig
isdn overlap-receiving
isdn incoming-voice modem
isdn guard-timer 3000
isdn contiguous-bchan
isdn bchan-number-order ascending
isdn sending-complete
no cdp enable
interface Group-Async0
no ip address
group-range 1/00 3/107
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxx
no ip http server
call rsvp-sync
call progress tone country brazil
voice-port 6/0:0
input gain -5
output attenuation -5
compand-type a-law
cptone BR
timeouts initial 0
timeouts interdigit 0
timeouts call-disconnect 3
timeouts wait-release 3
voice-port 6/1:0
input gain -5
output attenuation -5
compand-type a-law
cptone BR
voice-port 6/7:D
bearer-cap Speech
mgcp profile default
dial-peer cor custom
dial-peer voice 1 pots
description *** xxxxxxxxxxxxxxxx ***
preference 1
destination-pattern 514...
progress_ind alert enable 8
direct-inward-dial
port 6/0:0
prefix 4
dial-peer voice 4 voip
description *** xxxxxxxxxxx ***
destination-pattern 0115509....
voice-class codec 1
session target ipv4:xxxxxxxxxx
fax rate 14400
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
dial-peer voice 150 voip
description *** xxxxxxxxxxxxxx ***
preference 3
destination-pattern 2301T
progress_ind setup enable 3
voice-class codec 1
session target ipv4:xxxxxxxxx
fax rate 14400
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
dial-peer voice 5 pots
description *** xxxxxxxxxxxxxxxx ***
preference 5
destination-pattern 514...
direct-inward-dial
port 6/1:0
forward-digits 3
prefix 4
dial-peer voice 7 pots
description *** xxxxxxxxxxxxxxx ***
preference 3
destination-pattern 515T
direct-inward-dial
port 6/1:0
forward-digits 3
prefix 5
dial-peer voice 100 voip
description *** xxxxxxxxxxxx ***
destination-pattern 110T
voice-class codec 1
session target ipv4:xxxxxxxxxx
fax rate 14400
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
dial-peer voice 159 voip
description *** ISDN-Qsig ***
destination-pattern 590115509....
voice-class codec 1
session target ipv4:xxxx
no vad
line 3/00 3/107
no flush-at-activation
modem InOut
scheduler allocate 10000 400
end
AS5400#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 5400 Software (C5400-IS-M), Version 12.2(15)T1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 27-Mar-03 07:42 by ccai
Image text-base: 0x6000895C, data-base: 0x61600000
ROM: System Bootstrap, Version 12.2(1r)1, RELEASE SOFTWARE (fc1)
BOOTLDR: 5400 Software (C5400-BOOT-M), Version 12.1(1)XD1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc2)
voz2-poa uptime is 21 hours, 15 minutes
System returned to ROM by reload at 12:24:43 BRA Thu Apr 24 2003
System image file is "flash:c5400-is-mz.122-15.T1.bin"
cisco AS5400 (R7K) processor (revision T) with 262144K/65536K bytes of memory.
Processor board ID JAE053503JM
R7000 CPU at 250Mhz, Implementation 39, Rev 1.0, 256KB L2, 2048KB L3 Cache
Last reset from IOS reload
Channelized E1, Version 1.0.
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
Primary Rate ISDN software, Version 1.1.
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x31,
Board Hardware Version 3.27, Item Number 800-5171-02,
Board Revision A0, Serial Number JAE053503JM,
PLD/ISP Version 2.2, Manufacture Date 3-Sep-2001.
Processor 0x14, MAC Address 0x0653455054
Backplane HW Revision 1.0, Flash Type 5V
2 FastEthernet/IEEE 802.3 interface(s)
19 Serial network interface(s)
276 terminal line(s)
16 Channelized E1/PRI port(s)
512K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
8192K bytes of processor board Boot flash (Read/Write)
Configuration register is 0x2102
AS5400#
AS5400#debug isdn q931
debug isdn q931 is ON.
voz2-poa#debug isdn q921
debug isdn q921 is ON.
voz2-poa#
*Apr 24 10:34:01.444 BRA: ISDN Se6/7:15 Q921: User RX <- RRp sapi=0 tei=0 nr=0
*Apr 24 10:34:01.444 BRA: ISDN Se6/7:15 Q921: User TX -> RRf sapi=0 tei=0 nr=66
*Apr 24 10:34:10.096 BRA: ISDN Se6/7:15 Q921: User RX <- INFO sapi=0 tei=0, ns=66 nr=0
*Apr 24 10:34:10.096 BRA: ISDN Se6/7:15 Q931: SEGMENT pd = 8 callref = 0x007F
Segmented Message i = 0x8105
1st segment. Segments remaining : 1
*Apr 24 10:34:10.096 BRA: ISDN Se6/7:15 Q921: User TX -> RR sapi=0 tei=0 nr=67
*Apr 24 10:34:10.120 BRA: ISDN Se6/7:15 Q921: User RX <- INFO sapi=0 tei=0, ns=67 nr=0
*Apr 24 10:34:10.120 BRA: ISDN Se6/7:15 Q931: SEGMENT pd = 8 callref = 0x007F
Segmented Message i = 0x0005
Segments remaining : 0
*Apr 24 10:34:10.120 BRA: ISDN Se6/7:15 Q921: User TX -> RR sapi=0 tei=0 nr=68
*Apr 24 10:34:10.120 BRA: ISDN Se6/7:15 Q931: RX <-
*Apr 24 10:34:10.120 BRA: ISDN Se6/7:15 Q931: SETUP pd = 8 callref = 0x007F (re-assembled)
Bearer Capability i = 0x9090A3
Standard = CCITT
Transer Capability = 3.1kHz Audio
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0xA98382
Exclusive, Channel 2
Facility i = 0x91AA068001008201008B0100A1150202243006082B0C02885302010603050101000000
Facility i = 0x91AA068001018201018B0100A1580202244006082B0C0288530201073048A2463044810100820101A30BA0098004343136310A0100A40B80033230313004800200C8A50C8004343136313004800200C8A614800D353930313135353039393035303003800164
Facility i = 0x91AA068001018201018B0100A1300202245006082B0C0288530201043020800332303102030ACB48800332303102030ACB49A004800200C8A104800200C8
Facility i = 0x91AA068001008201008B0102A1140202246002013B300B30090A01050A01030A0104
Facility i = 0x91AA068001008201008B0100A11C0202247006042B0C0900A110040B4A4F414F204152414E4441020101
Facility i = 0x91AA068001008201018B0100A1330202248006082B0C0288530201003023822101039E00A0031A0200000001000000000000840E38208F0480C500000404008884
Progress Ind i = 0x8183 - Origination address is non-ISDN
Calling Party Number i = 0x0083, '4161'
Plan:Unknown, Type:Unknown
Called Party Number i = 0x80, '5901155099050'
Plan:Unknown, Type:Unknown
*Apr 24 10:34:10.120 BRA: ISDN **ERROR**: Module-CCPQSIG Function-CCPQSIG_CallOffered Error-Unknown event 0x4E
*Apr 24 10:34:14.064 BRA: ISDN Se6/7:15 Q921: User RX <- INFO sapi=0 tei=0, ns=68 nr=0
*Apr 24 10:34:14.064 BRA: ISDN Se6/7:15 Q931: RELEASE_COMP pd = 8 callref = 0x007F
Cause i = 0x80E6333033 - Recovery on timer expiry
*Apr 24 10:34:14.064 BRA: ISDN Se6/7:15 Q921: User TX -> RR sapi=0 tei=0 nr=69
AS5400#
Any idea?
Can someone help me?
Regards

The call received on AS5400 over isdn-qsig line was disconnected because of CALL-PROCEEDING was not received by PBX/Hicom switch.
So number 5901155099050 will match the voip dial-peer 159 and ip call will be initiated to 2621. Now 2621 will initiate the call over E1-R2 to pbx/switch and call-proceeding has to be generated by that switch which will be forwarded back to isdn-qsig switch/pbx. I think that delayed too much and finally switch may have timedout and disconnect the call.
So turn on "debug voip ccapi inout" and "debug isdn q931" on both the gateways involved to see what happened with that call.

IP cache flow

Similar Messages

Maybe you are looking for