Ip route cache
Is there any benifit of using this command, is it by default on ?
HI Carl,
It enabled fast switching.
There are differet switching methods which can be used,To control the use of switching methods for forwarding IP packets use the ip route-cache command in interface configuration mode.
Using the route cache is often called fast switching. The route cache allows outgoing packets to be load-balanced on a per-destination basis rather than on a per-packet basis. The ip route-cache command with no additional keywords enables fast switching.
Check this link for more details
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hisw_r/ips_a1h.htm#wp1160847
HTH
Ankur
Similar Messages
-
Regarding no ip route-cache on Cisco 2960
The users have been complaining about the network is slowness , after checking each lay2 switches, I found under each vlan the no ip route-cache is configured, the module is 2960, I am not sure if the command is there by default or configured manually, it is configured under the vlan interface only, not under each interface, will this be the reason that causing the slow performance? by the way will there be downtime by removing this command?
ThanksNetwork Latency is hard to troubleshoot.
-Isolate which customers are complaining about slow services
-ID the services(is is just shared drive access or just web access or is it everything accross the board)
If its the entire network, you probably have issues at the core or backbone so start looking for something that changed or is not meshing with the original design baseline.
If its isolated to one leg of the network, you can look at interface counters for errors or protocol implementations(maybe STP reconverged to a new link that is slower or root bridge problems are occuring.
You can also look at the CPU on the switches supporting the laggy hosts. If its through the roof, then you probably have a loop or broadcast storm.
Hope this helps, but latency is really hard to troubleshoot until you can isolate the problem down.
Also, ip route-cache is just a higher level of switching. The 2960 is perfectly capable of switching traffic for all of its user ports with the default switching method. -
Netflow and IP route-cache flow on a serial Int?
Hi, i was wondring if turning the ip route-cache on a serial Int connecting to a T1 line to the ISP is having adverse affect on the router or not assuming more processing power.
is there a collector by Cisco thatcan be downloaded for free and use to collect the flow?
Can CiscoWorks LMS be used "or VMS" to collect the netflow information?
Thanks very much for your help/feedback.
Thx,
MasoodMasood,
Cisco have produced an excellent white paper on netflow performance - try searching for "NetFlow Performance Analysis".
Also, in the netflow section on Cisco's web site there is an extensive list of both commercial and freeware netflow applications. (You can't use CiscoWorks though.)
Andrew. -
'no ip route-cache' on Tunnel interfaces
Hi,
A quick and hopefully simple question. Is there any reason why 'no ip route-cache' and 'no ip mroute-cache' should be configured on Tunnel interfaces?
Generally, when should 'no ip route-cache' be configured on an interface?
Many thanks,
AndyAndy, no easy question, and prety much send some of us back to basics.. one have to take a deeper look at this command to barely get a good picture. See first link thread , good discussion on your question.. generaly no ip- route-catch improves performance for router forwarding processing desitions.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbfa166
You can find more details on three types of switching methods such as ( fast switching by ip route catch command ), I believe it helps understand better the commands.
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml
Another instance where you would have IP route catch enable on an interface would be for the use of netflow, IP route-cacth command on an interface is requirement for implementing netflow .
Rgds
-Jorge -
I have the above command on the LAN interface on all of my WAN routers performing WCCP. Per this disccussion topic:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&topicID=.ee7814f&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2a947
it is recommended to remove that statement. Can someone confirm if the recommendation by dstolt is accurate?Andy, no easy question, and prety much send some of us back to basics.. one have to take a deeper look at this command to barely get a good picture. See first link thread , good discussion on your question.. generaly no ip- route-catch improves performance for router forwarding processing desitions.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbfa166
You can find more details on three types of switching methods such as ( fast switching by ip route catch command ), I believe it helps understand better the commands.
http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml
Another instance where you would have IP route catch enable on an interface would be for the use of netflow, IP route-cacth command on an interface is requirement for implementing netflow .
Rgds
-Jorge -
Ip route cache-flow Vs ip flow ingress Vs ip flow egress
Hi,
Can anyone explain the diference and when i should use these?
RegardsHi,
There's a nice exlanation on the following link:
http://www.plixer.com/blog/scrutinizer/netflow-version-9-egress-vs-ingress
Best regards,
Giorgos -
Routing and caching layer vs. F5 load balancer or both.
We have 4 WFE servers farm, For load balancing, I can see following option.
Purchase the F5 load balancer, don't use the RM.
Have a one more server that will do Routing using RM and caching. Don't use the
F5 load balancer.
Have both F5 load balancer and RM
I am wondering what approach we should take. I have read a lot of articles in MSDN, all suggests that we should have a routing & caching layer at front of WFE server. Considering we have just 4 WFE Servers do we need to have a separate routing and cache
layer along with F5 load balancer. I am really confused here.
Regards Restless SpiritUsing Request Management isn't a replacement for using a hardware load balancer. It will be used internally within SharePoint to route things appropriately. It depends on the number of users your farm will support, but you may or may not need
a dedicated distributed cache / request management layer. Refer to this
diagram to see where your farm fits in.
Corey Roth - SharePoint Server MVP blog:
www.dotnetmafia.com twitter: @coreyroth |
SP2 Apps -
How to Configure Transparent caching on Cat 6500 with CSM in routed mode
I am trying to configure Transparent caching on Cat 6500 with CSM in routed mode, but facing some problems in it , also I have gone thru the example config on cisco site for transparent caching using CSM on Cat 6500 , but the above does not fit my clients requirement.
The scenario is like
Access Switches - Cat6500 with MSFC & CSM - Internet Router
|
Cache Engines and Real servers
The clients as well as real servers are on seperate VLANs (L3) and the requirement is to load balance the internet traffic using cache engines.
I'd really appreciate any helpful suggestions or any useful links/docs/info on this.
Thanks
kumarHello Joerg,
Thanks for the reply.
I have already gone thru the sample config shown by this weblink, however this link refers to configuring transparent caching on the CSM in BRIDGED MODE ( i.e both the client and server vlans are having the same IP address ) but in our case , we have multiple L3 VLANS on the CAT6509 having IP addresses in different SUBNETS , and the Real servers to be used for caching also exist on one of these VLANS. Thus, the scenario described by the Weblink does not apply here. Also , in the configuration referred by the above weblink, the VLAN 100 is configured as client , however the endusers are shown to be on vlan200 which is configured as SERVER VLAN in the CSM.
Dont you think there is something wrong here, I mean the endusers should be on VLAN 100 (Client) and real servers on VLAN 200 (SERVER).
So, I have to configure CSM in routed mode ( i.e both the client and server vlans will have seperate IP addresses in different subnets ) and the endusers will be on all VLANS .
Pls let me know , how I can implement this solution.
Thanks again
Sudhir -
Cisco ASA & Router Site to Site VPN up but not passing traffic
Dear all,
Please help me the attached document vpn issue, site-to-site vpn is up but I am not able to passing traffic.
Advance Thanks
ahossainASA#
ASA Version 8.2(1)
hostname Active
domain-name test.com
interface Ethernet0/0
description LAN/STATE Failover Interface
interface Ethernet0/1
speed 100
nameif outside
security-level 0
ip address 212.71.53.38 255.255.255.224 standby 212.71.53.37
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.50.1 255.255.255.0 standby 192.168.50.4
interface Ethernet0/3
description INSIDE
speed 100
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa821-k8.bin
boot config disk0:/running-config
ftp mode passive
dns server-group DefaultDNS
domain-name test.com
access-list deny-flow-max 1
access-list alert-interval 2
access-list allow extended permit ip any any
access-list VPN extended permit ip any any
access-list OUTSIDE extended permit ip any any
access-list al-outside extended permit ip any host 212.107.106.129
access-list al-outside extended permit ip any any
access-list encrypt_acl extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit ip any any
access-list DMZ_access_out extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in_1 extended permit ip any any
access-list no-nat extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DMZ 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface failover Ethernet0/0
failover key *****
failover link failover Ethernet0/0
failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any DMZ
icmp permit any inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 212.71.53.36 1
route outside 10.2.2.0 255.255.255.0 212.71.53.36 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
service resetoutside
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map mal 10 set peer 212.107.106.129
crypto map IPSec_map 10 match address encrypt_acl
crypto map IPSec_map 10 set peer 212.107.106.129
crypto map IPSec_map 10 set transform-set mal
crypto map IPSec_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 outside
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXX address 212.71.53.38
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto map mal 10 ipsec-isakmp
set peer 212.71.53.38
set transform-set mal
match address 120
interface Loopback0
ip address 10.3.3.1 255.255.255.0
ip virtual-reassembly in
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 172.20.34.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/1
ip address 212.107.106.129 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/2
description *!* LAN *!*
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http secure-server
ip nat pool OUTPOOL 212.107.106.132 212.107.106.132 netmask 255.255.255.248
ip nat inside source route-map nonat pool OUTPOOL overload
ip route 0.0.0.0 0.0.0.0 172.20.34.53
ip route 10.1.1.0 255.255.255.0 212.107.106.130
ip route 192.168.50.0 255.255.255.0 212.71.53.38
ip access-list extended outside
remark CCP_ACL Category=1
permit ip any any log
ip access-list extended outside1
remark CCP_ACL Category=1
permit ip any any log
access-list 110 permit tcp 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 120 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 130 permit ip 10.2.2.0 0.0.0.255 any
route-map nonat permit 10
match ip address 130
control-plane
ASA Version 8.2(1)
hostname Active
domain-name test.com
interface Ethernet0/0
description LAN/STATE Failover Interface
interface Ethernet0/1
speed 100
nameif outside
security-level 0
ip address 212.71.53.38 255.255.255.224 standby 212.71.53.37
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.50.1 255.255.255.0 standby 192.168.50.4
interface Ethernet0/3
description INSIDE
speed 100
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa821-k8.bin
boot config disk0:/running-config
ftp mode passive
dns server-group DefaultDNS
domain-name test.com
access-list deny-flow-max 1
access-list alert-interval 2
access-list allow extended permit ip any any
access-list VPN extended permit ip any any
access-list OUTSIDE extended permit ip any any
access-list al-outside extended permit ip any host 212.107.106.129
access-list al-outside extended permit ip any any
access-list encrypt_acl extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit ip any any
access-list DMZ_access_out extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in_1 extended permit ip any any
access-list no-nat extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DMZ 1500
mtu inside 1500
failover
failover lan unit primary
failover lan interface failover Ethernet0/0
failover key *****
failover link failover Ethernet0/0
failover interface ip failover 10.10.10.1 255.255.255.252 standby 10.10.10.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any DMZ
icmp permit any inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 212.71.53.36 1
route outside 10.2.2.0 255.255.255.0 212.71.53.36 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
service resetoutside
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map mal 10 set peer 212.107.106.129
crypto map IPSec_map 10 match address encrypt_acl
crypto map IPSec_map 10 set peer 212.107.106.129
crypto map IPSec_map 10 set transform-set mal
crypto map IPSec_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 outside
==================================================================
Remote-Router#
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXX address 212.71.53.38
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set mal esp-3des esp-md5-hmac
crypto map mal 10 ipsec-isakmp
set peer 212.71.53.38
set transform-set mal
match address 120
interface Loopback0
ip address 10.3.3.1 255.255.255.0
ip virtual-reassembly in
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 172.20.34.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/1
ip address 212.107.106.129 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
crypto map mal
interface GigabitEthernet0/2
description *!* LAN *!*
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http secure-server
ip nat pool OUTPOOL 212.107.106.132 212.107.106.132 netmask 255.255.255.248
ip nat inside source route-map nonat pool OUTPOOL overload
ip route 0.0.0.0 0.0.0.0 172.20.34.53
ip route 10.1.1.0 255.255.255.0 212.107.106.130
ip route 192.168.50.0 255.255.255.0 212.71.53.38
ip access-list extended outside
remark CCP_ACL Category=1
permit ip any any log
ip access-list extended outside1
remark CCP_ACL Category=1
permit ip any any log
access-list 110 permit tcp 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 120 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 deny ip 10.2.2.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 130 permit ip 10.2.2.0 0.0.0.255 any
route-map nonat permit 10
match ip address 130
control-plane -
Can't connect to new router...
Hi
I've just installed a new intranet here at my place and one of the changes is that my computer must connect to another router now. While everything works perfect in both Knoppix and windows, I can't get Arch to connect....
I've collected all files to show you my situation (I think):
rc.conf:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime"
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="en_GB.utf8"
HARDWARECLOCK="localtime"
TIMEZONE="Europe/Brussels"
KEYMAP="be-latin1.map.gz"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# Scan hardware and load required modules at bootup
MOD_AUTOLOAD="yes"
# Module Blacklist - modules in this list will never be loaded by udev
MOD_BLACKLIST=(pcmcia)
# Modules to load at boot-up (in this order)
# - prefix a module with a ! to blacklist it
MODULES=(ath_pci fglrx powernow-k8)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
HOSTNAME="icarus"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available
# interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
# Note: to use DHCP, set your interface to be "dhcp" (eth0="dhcp")
lo="lo 127.0.0.1"
eth0="dhcp"
INTERFACES=(lo eth0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.123.254"
#gateway="default gw 192.168.1.1"
ROUTES=(gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network-profiles
#NET_PROFILES=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(@syslog-ng iptables @network !netfs @hal @crond !ifplugd @alsa @ddclient @denyhosts @sshd @mpd @powernowd)
# End of file
lspci -vvv section for my network card:
02:03.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
Subsystem: Unknown device 1631:d008
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR+
Latency: 64 (8000ns min, 16000ns max)
Interrupt: pin A routed to IRQ 19
Region 0: I/O ports at 8800 [size=256]
Region 1: Memory at ff3ef400 (32-bit, non-prefetchable) [size=256]
Expansion ROM at 50000000 [disabled] [size=64K]
Capabilities: <access denied>
ifconfig output:
eth0 Link encap:Ethernet HWaddr 00:13:D3:8B:9E:89
inet addr:192.168.123.1 Bcast:192.168.123.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:690 (690.0 b) TX bytes:994 (994.0 b)
Interrupt:19 Base address:0x400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3998 (3.9 Kb) TX bytes:3998 (3.9 Kb)
lsmod:
Module Size Used by
nls_cp437 5888 1
vfat 10880 1
fat 45852 1 vfat
cpufreq_userspace 3536 1
ipt_REJECT 3968 1
ipt_LOG 6144 8
nf_conntrack_ipv4 14092 6
xt_state 2432 6
nf_conntrack 52872 2 nf_conntrack_ipv4,xt_state
nfnetlink 4760 2 nf_conntrack_ipv4,nf_conntrack
xt_limit 2560 10
xt_tcpudp 3328 22
iptable_filter 2688 1
iptable_mangle 2560 0
ip_tables 10452 2 iptable_filter,iptable_mangle
x_tables 11908 6 ipt_REJECT,ipt_LOG,xt_state,xt_limit,xt_tcpudp,ip_tables
isofs 31040 0
zlib_inflate 16256 1 isofs
tda827x 6916 1
saa7134_dvb 15884 0
dvb_pll 12292 1 saa7134_dvb
ohci1394 31408 0
ieee1394 81720 1 ohci1394
video_buf_dvb 4996 1 saa7134_dvb
dvb_core 71976 1 video_buf_dvb
tda1004x 15492 2 saa7134_dvb
snd_seq_oss 29312 0
snd_seq_midi_event 6528 1 snd_seq_oss
snd_seq 46672 4 snd_seq_oss,snd_seq_midi_event
snd_seq_device 6924 2 snd_seq_oss,snd_seq
ppdev 7556 0
lp 9348 0
tuner 61352 0
usb_storage 79296 1
snd_pcm_oss 37024 0
snd_mixer_oss 14592 1 snd_pcm_oss
firewire_ohci 15360 0
firewire_core 36032 1 firewire_ohci
crc_itu_t 2304 1 firewire_core
pcspkr 2944 0
saa7134 119244 1 saa7134_dvb
ppp_generic 23828 0
slhc 5760 1 ppp_generic
ide_core 112580 1 usb_storage
8139cp 19584 0
8139too 23168 0
mii 4864 2 8139cp,8139too
video_buf 20356 3 saa7134_dvb,video_buf_dvb,saa7134
compat_ioctl32 1536 1 saa7134
ir_kbd_i2c 7184 1 saa7134
ir_common 30084 2 saa7134,ir_kbd_i2c
videodev 26752 1 saa7134
v4l2_common 15744 3 tuner,saa7134,videodev
v4l1_compat 14084 2 saa7134,videodev
parport_pc 35556 1
parport 31304 3 ppdev,lp,parport_pc
serio_raw 5764 0
psmouse 35984 0
snd_atiixp 15884 2
snd_ac97_codec 95652 1 snd_atiixp
ac97_bus 2432 1 snd_ac97_codec
snd_pcm 69124 4 snd_pcm_oss,snd_atiixp,snd_ac97_codec
snd_timer 19332 3 snd_seq,snd_pcm
snd 45028 11 snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_atiixp,snd_ac97_codec,snd_pcm,snd_timer
soundcore 6496 1 snd
snd_page_alloc 7816 2 snd_atiixp,snd_pcm
rtc_cmos 7328 0
rtc_core 14984 1 rtc_cmos
rtc_lib 2944 1 rtc_core
sg 26652 0
k8temp 4864 0
i2c_piix4 7948 0
i2c_core 20352 8 tda827x,saa7134_dvb,dvb_pll,tda1004x,tuner,saa7134,ir_kbd_i2c,i2c_piix4
ehci_hcd 30732 0
tsdev 6720 0
ati_agp 7308 0
ohci_hcd 19588 0
evdev 8192 4
thermal 10888 0
fan 3844 0
button 6160 0
battery 8324 0
ac 4100 0
powernow_k8 13972 0
freq_table 3984 1 powernow_k8
processor 24788 2 thermal,powernow_k8
fglrx 726624 11
agpgart 27224 2 ati_agp,fglrx
wlan_scan_sta 12416 0
ath_rate_sample 13312 1
ath_pci 104744 0
wlan 195504 4 wlan_scan_sta,ath_rate_sample,ath_pci
ath_hal 231264 3 ath_rate_sample,ath_pci
usbcore 112520 4 usb_storage,ehci_hcd,ohci_hcd
ext3 119432 3
jbd 54312 1 ext3
mbcache 6916 1 ext3
sr_mod 14756 0
cdrom 34336 1 sr_mod
sd_mod 22784 8
pata_atiixp 5888 2
sata_sil 8456 4
ata_generic 5380 0
libata 108084 3 pata_atiixp,sata_sil,ata_generic
and dmesg output after a fresh bootup:
Linux version 2.6.22-ARCH (root@workstation64) (gcc version 4.2.1) #1 SMP PREEMPT Fri Aug 31 19:54:09 UTC 2007
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000003ffd0000 (usable)
BIOS-e820: 000000003ffd0000 - 000000003ffde000 (ACPI data)
BIOS-e820: 000000003ffde000 - 0000000040000000 (ACPI NVS)
BIOS-e820: 00000000ff780000 - 0000000100000000 (reserved)
127MB HIGHMEM available.
896MB LOWMEM available.
found SMP MP-table at 000ff780
Entering add_active_range(0, 0, 262096) 0 entries of 256 used
Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 229376
HighMem 229376 -> 262096
early_node_map[1] active PFN ranges
0: 0 -> 262096
On node 0 totalpages: 262096
DMA zone: 32 pages used for memmap
DMA zone: 0 pages reserved
DMA zone: 4064 pages, LIFO batch:0
Normal zone: 1760 pages used for memmap
Normal zone: 223520 pages, LIFO batch:31
HighMem zone: 255 pages used for memmap
HighMem zone: 32465 pages, LIFO batch:7
DMI 2.3 present.
ACPI: RSDP 000F90C0, 0014 (r0 ACPIAM)
ACPI: RSDT 3FFD0000, 0038 (r1 A M I OEMRSDT 7000520 MSFT 97)
ACPI: FACP 3FFD0200, 0084 (r2 A M I OEMFACP 7000520 MSFT 97)
ACPI: DSDT 3FFD0430, 397A (r1 0AAAA 0AAAA000 0 INTL 2002026)
ACPI: FACS 3FFDE000, 0040
ACPI: APIC 3FFD0390, 005C (r1 A M I OEMAPIC 7000520 MSFT 97)
ACPI: MCFG 3FFD03F0, 003C (r1 A M I OEMMCFG 7000520 MSFT 97)
ACPI: SSDT 3FFD3DB0, 0D6E (r1 ATI ATIPATCH 1 INTL 2002026)
ACPI: OEMB 3FFDE040, 0056 (r1 A M I AMI_OEM 7000520 MSFT 97)
ATI board detected. Disabling timer routing over 8254.
ACPI: PM-Timer IO Port: 0x808
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
Processor #0 15:7 APIC version 16
ACPI: LAPIC (acpi_id[0x02] lapic_id[0x81] disabled)
ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
IOAPIC[0]: apic_id 1, version 33, address 0xfec00000, GSI 0-23
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 21 low level)
ACPI: IRQ0 used by override.
ACPI: IRQ2 used by override.
Enabling APIC mode: Flat. Using 1 I/O APICs
Using ACPI (MADT) for SMP configuration information
Allocating PCI resources starting at 50000000 (gap: 40000000:bf780000)
Built 1 zonelists. Total pages: 260049
Kernel command line: root=/dev/sda1 rootfstype=ext3 ro vga=795 clock=pit
Warning! clock= boot option is deprecated. Use clocksource=xyz
mapped APIC to ffffd000 (fee00000)
mapped IOAPIC to ffffc000 (fec00000)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
PID hash table entries: 4096 (order: 12, 16384 bytes)
Detected 2189.023 MHz processor.
Console: colour dummy device 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Memory: 1034320k/1048384k available (2393k kernel code, 13332k reserved, 783k data, 304k init, 130880k highmem)
virtual kernel memory layout:
fixmap : 0xfff82000 - 0xfffff000 ( 500 kB)
pkmap : 0xff800000 - 0xffc00000 (4096 kB)
vmalloc : 0xf8800000 - 0xff7fe000 ( 111 MB)
lowmem : 0xc0000000 - 0xf8000000 ( 896 MB)
.init : 0xc0421000 - 0xc046d000 ( 304 kB)
.data : 0xc035641f - 0xc041a1bc ( 783 kB)
.text : 0xc0100000 - 0xc035641f (2393 kB)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay using timer specific routine.. 4382.14 BogoMIPS (lpj=7301039)
Security Framework v1.0.0 initialized
Mount-cache hash table entries: 512
CPU: After generic identify, caps: 078bfbff e3d3fbff 00000000 00000000 00000001 00000000 00000001
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
CPU: L2 Cache: 1024K (64 bytes/line)
CPU: After all inits, caps: 078bfbff e3d3fbff 00000000 00000410 00000001 00000000 00000001
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
Compat vDSO mapped to ffffe000.
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
Freeing SMP alternatives: 11k freed
Early unpacking initramfs... done
ACPI: Core revision 20070126
ACPI: Looking for DSDT in initramfs... error, file /DSDT.aml not found.
CPU0: AMD Athlon(tm) 64 Processor 3700+ stepping 01
Total of 1 processors activated (4382.14 BogoMIPS).
ENABLING IO-APIC IRQs
..TIMER: vector=0x31 apic1=0 pin1=2 apic2=-1 pin2=-1
..MP-BIOS bug: 8254 timer not connected to IO-APIC
...trying to set up timer (IRQ0) through the 8259A ... failed.
...trying to set up timer as Virtual Wire IRQ... works.
Brought up 1 CPUs
Booting paravirtualized kernel on bare hardware
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: BIOS Bug: MCFG area at e0000000 is not E820-reserved
PCI: Not using MMCONFIG.
PCI: PCI BIOS revision 3.00 entry at 0xf0031, last bus=2
PCI: Using configuration type 1
Setting up standard PCI resources
ACPI: Interpreter enabled
ACPI: (supports S0 S1 S3 S4 S5)
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
PCI: Transparent bridge - 0000:00:14.4
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCE2._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.P0P9._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKF] (IRQs 9) *0, disabled.
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 7 10 11 12 14 15) *0, disabled.
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
ACPI: bus type pnp registered
pnp: PnP ACPI: found 15 devices
ACPI: ACPI bus type pnp unregistered
SCSI subsystem initialized
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a report
NetLabel: Initializing
NetLabel: domain hash size = 128
NetLabel: protocols = UNLABELED CIPSOv4
NetLabel: unlabeled traffic allowed by default
ACPI: RTC can wake from S4
pnp: 00:08: iomem range 0xfff80000-0xffffffff could not be reserved
pnp: 00:0b: ioport range 0xe00-0xe7f has been reserved
pnp: 00:0c: iomem range 0xfec00000-0xfec00fff has been reserved
pnp: 00:0c: iomem range 0xfee00000-0xfee00fff has been reserved
pnp: 00:0d: iomem range 0xe0000000-0xefffffff has been reserved
pnp: 00:0e: iomem range 0x0-0x9ffff could not be reserved
pnp: 00:0e: iomem range 0xc0000-0xcffff could not be reserved
pnp: 00:0e: iomem range 0xe0000-0xfffff could not be reserved
pnp: 00:0e: iomem range 0x100000-0x3fffffff could not be reserved
Time: pit clocksource has been installed.
PCI: Bridge: 0000:00:02.0
IO window: 7000-7fff
MEM window: ff200000-ff2fffff
PREFETCH window: bff00000-dfefffff
PCI: Bridge: 0000:00:14.4
IO window: 8000-8fff
MEM window: ff300000-ff3fffff
PREFETCH window: 50000000-500fffff
PCI: Setting latency timer of device 0000:00:02.0 to 64
NET: Registered protocol family 2
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
TCP established hash table entries: 131072 (order: 9, 2097152 bytes)
TCP bind hash table entries: 65536 (order: 7, 786432 bytes)
TCP: Hash tables configured (established 131072 bind 65536)
TCP reno registered
checking if image is initramfs... it is
Freeing initrd memory: 481k freed
apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac)
apm: overridden by ACPI.
highmem bounce pool size: 64 pages
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
Installing knfsd (copyright (C) 1996 [email protected]).
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
Boot video device is 0000:01:00.0
PCI: Setting latency timer of device 0000:00:02.0 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[0000:00:02.0:pcie00]
vesafb: framebuffer at 0xc0000000, mapped to 0xf8880000, using 7680k, total 262144k
vesafb: mode is 1280x1024x24, linelength=3840, pages=67
vesafb: protected mode interface info at c000:5977
vesafb: pmi: set display start = c00c5a0b, set palette = c00c5a57
vesafb: pmi: ports = 7810 7816 7854 7838 783c 785c 7800 7804 78b0 78b2 78b4
vesafb: scrolling: redraw
vesafb: Truecolor: size=0:8:8:8, shift=0:16:8:0
Console: switching to colour frame buffer device 160x64
fb0: VESA VGA frame buffer device
isapnp: Scanning for PnP cards...
isapnp: No Plug & Play device found
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
00:05: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
00:06: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
loop: module loaded
input: Macintosh mouse button emulation as /class/input/input0
PNP: PS/2 Controller [PNP0303:PS2K,PNP0f03:PS2M] at 0x60,0x64 irq 1,12
serio: i8042 KBD port at 0x60,0x64 irq 1
serio: i8042 AUX port at 0x60,0x64 irq 12
mice: PS/2 mouse device common for all mice
input: AT Translated Set 2 keyboard as /class/input/input1
TCP cubic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
Using IPI No-Shortcut mode
Freeing unused kernel memory: 304k freed
libata version 2.21 loaded.
sata_sil 0000:00:11.0: version 2.2
ACPI: PCI Interrupt 0000:00:11.0[A] -> GSI 23 (level, low) -> IRQ 16
scsi0 : sata_sil
scsi1 : sata_sil
ata1: SATA max UDMA/100 cmd 0xf881ec80 ctl 0xf881ec8a bmdma 0xf881ec00 irq 16
ata2: SATA max UDMA/100 cmd 0xf881ecc0 ctl 0xf881ecca bmdma 0xf881ec08 irq 16
ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
ata1.00: ATA-7: WDC WD1600JS-00MHB1, 10.02E01, max UDMA/133
ata1.00: 312581808 sectors, multi 16: LBA48
ata1.00: configured for UDMA/100
ata2: SATA link down (SStatus 0 SControl 300)
scsi 0:0:0:0: Direct-Access ATA WDC WD1600JS-00M 10.0 PQ: 0 ANSI: 5
ACPI: PCI Interrupt 0000:00:12.0[A] -> GSI 22 (level, low) -> IRQ 17
scsi2 : sata_sil
scsi3 : sata_sil
ata3: SATA max UDMA/100 cmd 0xf8826880 ctl 0xf882688a bmdma 0xf8826800 irq 17
ata4: SATA max UDMA/100 cmd 0xf88268c0 ctl 0xf88268ca bmdma 0xf8826808 irq 17
ata3: SATA link down (SStatus 0 SControl 300)
ata4: SATA link down (SStatus 0 SControl 300)
ACPI: PCI Interrupt 0000:00:14.1[A] -> GSI 16 (level, low) -> IRQ 18
PCI: Setting latency timer of device 0000:00:14.1 to 64
scsi4 : pata_atiixp
scsi5 : pata_atiixp
ata5: PATA max UDMA/100 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x0001ff00 irq 14
ata6: PATA max UDMA/100 cmd 0x00010170 ctl 0x00010376 bmdma 0x0001ff08 irq 15
sd 0:0:0:0: [sda] 312581808 512-byte hardware sectors (160042 MB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd 0:0:0:0: [sda] 312581808 512-byte hardware sectors (160042 MB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sda: sda1 sda2 < sda5 > sda3 sda4
sd 0:0:0:0: [sda] Attached SCSI disk
ata5.00: ATA-6: ST3160021A, 8.01, max UDMA/100
ata5.00: 312581808 sectors, multi 16: LBA48
ata5.00: configured for UDMA/100
ata6.00: ATAPI: _NEC DVD_RW ND-3530A, 2.01, max UDMA/33
ata6.00: configured for UDMA/33
scsi 4:0:0:0: Direct-Access ATA ST3160021A 8.01 PQ: 0 ANSI: 5
sd 4:0:0:0: [sdb] 312581808 512-byte hardware sectors (160042 MB)
sd 4:0:0:0: [sdb] Write Protect is off
sd 4:0:0:0: [sdb] Mode Sense: 00 3a 00 00
sd 4:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd 4:0:0:0: [sdb] 312581808 512-byte hardware sectors (160042 MB)
sd 4:0:0:0: [sdb] Write Protect is off
sd 4:0:0:0: [sdb] Mode Sense: 00 3a 00 00
sd 4:0:0:0: [sdb] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sdb: sdb1 sdb2 sdb3 sdb4
sd 4:0:0:0: [sdb] Attached SCSI disk
scsi 5:0:0:0: CD-ROM _NEC DVD_RW ND-3530A 2.01 PQ: 0 ANSI: 5
sr0: scsi3-mmc drive: 48x/48x writer cd/rw xa/form2 cdda tray
Uniform CD-ROM driver Revision: 3.20
sr 5:0:0:0: Attached scsi CD-ROM sr0
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.30.13 (AR5210, AR5211, AR5212, AR5416, RF5111, RF5112, RF2413, RF5413, RF2133)
wlan: 0.8.4.2 (0.9.4)
ath_pci: 0.9.4.5 (0.9.4)
ACPI: PCI Interrupt 0000:02:00.0[A] -> GSI 20 (level, low) -> IRQ 19
ath_pci: switching rfkill capability off
ath_rate_sample: 1.2 (0.9.4)
ath_pci: switching per-packet transmit power control off
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: turboG rates: 6Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 7.9 phy 4.5 radio 5.6
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5212: mem=0xff3f0000, irq=19
Linux agpgart interface v0.102 (c) Dave Jones
[fglrx] Maximum main memory to use for locked dma buffers: 929 MBytes.
[fglrx] USWC is disabled in module parameters
[fglrx] PAT is disabled!
[fglrx] module loaded - fglrx 8.40.4 [Jul 31 2007] on minor 0
ACPI: duty_cycle spans bit 4
ACPI Exception (processor_core-0781): AE_NOT_FOUND, Processor Device is not present [20070126]
powernow-k8: Found 1 AMD Athlon(tm) 64 Processor 3700+ processors (version 2.00.00)
powernow-k8: 0 : fid 0xe (2200 MHz), vid 0x6
powernow-k8: 1 : fid 0xc (2000 MHz), vid 0x8
powernow-k8: 2 : fid 0xa (1800 MHz), vid 0xa
powernow-k8: 3 : fid 0x2 (1000 MHz), vid 0x12
input: Power Button (FF) as /class/input/input2
ACPI: Power Button (FF) [PWRF]
input: Power Button (CM) as /class/input/input3
ACPI: Power Button (CM) [PWRB]
ohci_hcd: 2006 August 04 USB 1.1 'Open' Host Controller (OHCI) Driver
ACPI: PCI Interrupt 0000:00:13.0[A] -> GSI 19 (level, low) -> IRQ 20
ohci_hcd 0000:00:13.0: OHCI Host Controller
ohci_hcd 0000:00:13.0: new USB bus registered, assigned bus number 1
ohci_hcd 0000:00:13.0: irq 20, io mem 0xff6fe000
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 4 ports detected
ACPI: PCI Interrupt 0000:00:13.1[A] -> GSI 19 (level, low) -> IRQ 20
ohci_hcd 0000:00:13.1: OHCI Host Controller
ohci_hcd 0000:00:13.1: new USB bus registered, assigned bus number 2
ohci_hcd 0000:00:13.1: irq 20, io mem 0xff6fd000
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 4 ports detected
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 4:0:0:0: Attached scsi generic sg1 type 0
sr 5:0:0:0: Attached scsi generic sg2 type 5
ACPI: PCI Interrupt 0000:00:13.2[A] -> GSI 19 (level, low) -> IRQ 20
ehci_hcd 0000:00:13.2: EHCI Host Controller
ehci_hcd 0000:00:13.2: new USB bus registered, assigned bus number 3
ehci_hcd 0000:00:13.2: irq 20, io mem 0xff6fc000
ehci_hcd 0000:00:13.2: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb3: configuration #1 chosen from 1 choice
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 8 ports detected
piix4_smbus 0000:00:14.0: Found 0000:00:14.0 device
usb 3-2: new high speed USB device using ehci_hcd and address 2
usb 3-2: configuration #1 chosen from 1 choice
usb 2-3: new full speed USB device using ohci_hcd and address 2
rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0
rtc0: alarms up to one month
PPP generic driver version 2.4.2
8139too Fast Ethernet driver 0.9.28
ACPI: PCI Interrupt 0000:02:03.0[A] -> GSI 20 (level, low) -> IRQ 19
eth0: RealTek RTL8139 at 0xf913e400, 00:13:d3:8b:9e:89, IRQ 19
eth0: Identified 8139 chip type 'RTL-8100B/8139D'
8139cp: 10/100 PCI Ethernet driver v1.3 (Mar 22, 2004)
usb 2-3: configuration #1 chosen from 1 choice
ACPI: PCI Interrupt 0000:02:04.0[A] -> GSI 21 (level, low) -> IRQ 21
firewire_ohci: Added fw-ohci device 0000:02:04.0, OHCI version 1.10
ACPI: PCI Interrupt 0000:00:14.5[b] -> GSI 17 (level, low) -> IRQ 22
firewire_core: created new fw device fw0 (0 config rom retries)
input: PC Speaker as /class/input/input4
input: ImExPS/2 Logitech Wheel Mouse as /class/input/input5
parport_pc 00:07: reported by Plug and Play ACPI
parport0: PC-style at 0x378, irq 7 [PCSPP,TRISTATE,EPP]
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
Initializing USB Mass Storage driver...
scsi6 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
scsi7 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
Linux video capture interface: v2.00
saa7130/34: v4l2 driver version 0.2.14 loaded
ACPI: PCI Interrupt 0000:02:01.0[A] -> GSI 21 (level, low) -> IRQ 21
saa7133[0]: found at 0000:02:01.0, rev: 208, irq: 21, latency: 64, mmio: 0xff3ef800
saa7133[0]: subsystem: 1043:4857, board: ASUSTeK P7131 Dual [card=78,autodetected]
saa7133[0]: board init: gpio is 0
input: saa7134 IR (ASUSTeK P7131 Dual) as /class/input/input6
saa7133[0]: i2c eeprom 00: 43 10 57 48 54 20 1c 00 43 43 a9 1c 55 d2 b2 92
saa7133[0]: i2c eeprom 10: 00 01 20 00 ff 20 ff ff ff ff ff ff ff ff ff ff
saa7133[0]: i2c eeprom 20: 01 40 01 02 03 01 01 03 08 ff 00 cb ff ff ff ff
saa7133[0]: i2c eeprom 30: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
saa7133[0]: i2c eeprom 40: ff 21 00 c2 96 10 03 32 15 00 ff ff ff ff ff ff
saa7133[0]: i2c eeprom 50: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
saa7133[0]: i2c eeprom 60: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
saa7133[0]: i2c eeprom 70: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
tuner 1-004b: chip found @ 0x96 (saa7133[0])
tuner 1-004b: setting tuner address to 61
tuner 1-004b: type set to tda8290+75a
lp0: using parport0 (interrupt-driven).
ppdev: user-space parallel port driver
tuner 1-004b: setting tuner address to 61
tuner 1-004b: type set to tda8290+75a
saa7133[0]: registered device video0 [v4l2]
saa7133[0]: registered device vbi0
saa7133[0]: registered device radio0
DVB: registering new adapter (saa7133[0]).
DVB: registering frontend 0 (Philips TDA10046H DVB-T)...
tda1004x: setting up plls for 48MHz sampling clock
scsi 6:0:0:0: Direct-Access Seagate External Drive PQ: 0 ANSI: 0
sd 6:0:0:0: [sdc] 312581808 512-byte hardware sectors (160042 MB)
sd 6:0:0:0: [sdc] Write Protect is off
sd 6:0:0:0: [sdc] Mode Sense: 27 00 00 00
sd 6:0:0:0: [sdc] Assuming drive cache: write through
sd 6:0:0:0: [sdc] 312581808 512-byte hardware sectors (160042 MB)
sd 6:0:0:0: [sdc] Write Protect is off
sd 6:0:0:0: [sdc] Mode Sense: 27 00 00 00
sd 6:0:0:0: [sdc] Assuming drive cache: write through
sdc: sdc1
sd 6:0:0:0: [sdc] Attached SCSI disk
sd 6:0:0:0: Attached scsi generic sg3 type 0
usb-storage: device scan complete
scsi 7:0:0:0: Direct-Access Generic USB SD Reader 1.00 PQ: 0 ANSI: 0
sd 7:0:0:0: [sdd] Attached SCSI removable disk
sd 7:0:0:0: Attached scsi generic sg4 type 0
scsi 7:0:0:1: Direct-Access Generic USB CF Reader 1.01 PQ: 0 ANSI: 0
sd 7:0:0:1: [sde] Attached SCSI removable disk
sd 7:0:0:1: Attached scsi generic sg5 type 0
scsi 7:0:0:2: Direct-Access Generic USB SM Reader 1.02 PQ: 0 ANSI: 0
sd 7:0:0:2: [sdf] Attached SCSI removable disk
sd 7:0:0:2: Attached scsi generic sg6 type 0
scsi 7:0:0:3: Direct-Access Generic USB MS Reader 1.03 PQ: 0 ANSI: 0
sd 7:0:0:3: [sdg] Attached SCSI removable disk
sd 7:0:0:3: Attached scsi generic sg7 type 0
usb-storage: device scan complete
tda1004x: found firmware revision 29 -- ok
EXT3 FS on sda1, internal journal
kjournald starting. Commit interval 5 seconds
EXT3 FS on sdb4, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
kjournald starting. Commit interval 5 seconds
EXT3 FS on sda4, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
Adding 522072k swap on /dev/disk/by-path/pci-0000:00:11.0-scsi-0:0:0:0-part5. Priority:-1 extents:1 across:522072k
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (8190 buckets, 65520 max)
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:27:96:74:08:00 SRC=192.168.123.254 DST=255.255.255.255 LEN=331 TOS=0x00 PREC=0x00 TTL=64 ID=64771 PROTO=UDP SPT=67 DPT=68 LEN=311
Unknown InputIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:6b:27:96:74:08:00 SRC=192.168.123.254 DST=255.255.255.255 LEN=331 TOS=0x00 PREC=0x00 TTL=64 ID=65027 PROTO=UDP SPT=67 DPT=68 LEN=311
Marking TSC unstable due to: cpufreq changes.
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=48113 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=48113 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=48113 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=48113 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=48113 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=48113 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=48114 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=48117 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Clocksource tsc unstable (delta = -90943342 ns)
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=7077 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=44
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.130.129 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
Unknown OutputIN= OUT=eth0 SRC=192.168.123.153 DST=195.130.129.161 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=31572 DF PROTO=UDP SPT=32768 DPT=53 LEN=55
My router's IP is 192.168.123.254 but if I ping that address or I try to connect to the web interface on that address to configure the router I can't get any connection... I've also tried to specify all paramaters directly in rc.conf (eth0="eth0 192.168.123.1 netmask 255.255.255.0 broadcast 192.168.123.255") but that didn't help neither.
I'm kind of out of ideas on how to solve this... I hope someone here will help me getting out of windows (the only OS on my pc with internet FTM).I'm so stupid... I should've thought about iptables... I'm reconfiguring them now, thank you very much!
-
2851 router vpn to 851 router lan clients cannot ping
Greets - I'm expanding my lab experience by adding a 2851 router to my mix of 18xx and 851/871 units. Some of this infrastructure is in production, some just lab work. I have established good connectivity between 18xx's and 851/871's with IPSEC VPNs (site-to-site static and dynamic), but my problem is with adding in a 2851.
Setup: 2851 with 12.4 ADVENTK9, WAN on GE0/0 as 216.189.223.bbb/26, LAN on GE0/1 as 172.20.0.1/20 (VPN module, but no additional HWIC modules)
851 with 12.4 ADVENTK9, WAN on FE4 as 216.53.254.aaa/24, LAN on FE0..3 via BVI1 as 172.21.1.1/24
The two router WAN ports are bridged via a 3rd router (a Zywall with 216.0.0.0/8 route, with the router at 216.1.1.1) affectionately called the "InterNOT", which provides a surrogate to the great web, minus actual other hosts and dns, but it doesn't matter. As both my WAN addresses are within 216.x.x.x, this works quite well. This surrogate has tested fine and is known to not be part of a problem.
The 851 has been tested against another 851 with complementary setup and a successful VPN can run between the two.
I have good LAN-WAN connections on each router. I do have a "Good" VPN connection between the two routers.
The problem: I cannot ping from a LAN host on 172.20.x.x on the 2851 to any 172.21.1.x (eg 172.21.1.1) host on the 851, and vice versa.
From a LAN host, I can ping to my InterNOT - for example a dhcp host 172.20.6.2 on the 2851 LAN can ping 216.1.1.1 fine. I can also ping the 851's WAN address at 216.53.254.aaa.
To complicate matters, if I connect to the routers via console, I CAN ping across the vpn to the destination LAN hosts, in both directions.
This seems to indicate that there is a bridging problem between the LAN interfaces to the VPN interfaces. I suspect this is a config problem on the 2851, as I have had a similar config working on my 851 to 851 site-to-site setups. I also suspect it is in the 2851's config as I'm still just starting out with this particular router.
So some stripped-down configs:
For the 2851:
no service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router2851
boot-start-marker
boot-end-marker
no logging buffered
no logging console
enable password mypassword2
no aaa new-model
dot11 syslog
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.20.0.1 172.20.6.1
ip dhcp excluded-address 172.20.6.254 172.20.15.254
ip dhcp pool Internal_2000
import all
network 172.20.0.0 255.255.240.0
domain-name myseconddomain.int
default-router 172.20.0.1
lease 7
no ip domain lookup
multilink bundle-name authenticated
voice-card 0
no dspfarm
crypto pki <<truncated>>
crypto pki certificate chain TP-self-signed-2995823027
<<truncated>>
quit
username myusername privilege 15 password 0 mypassword2
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mysharedkey address 216.53.254.aaa
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to216.53.254.aaa
set peer 216.53.254.aaa
set transform-set ESP-3DES-SHA
match address 100
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 216.189.223.bbb 255.255.255.192
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
no shut
interface GigabitEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 172.20.0.1 255.255.240.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no mop enabled
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.0.0 0.0.15.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.20.0.0 0.0.15.255 172.21.1.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.20.0.0 0.0.15.255 172.21.1.0 0.0.0.255
access-list 101 permit ip 172.20.0.0 0.0.15.255 any
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
banner motd ~This is a private computer system for authorized use only. And Stuff~
line con 0
line aux 0
line vty 0 4
privilege level 15
password mypassword
login local
transport input telnet ssh
scheduler allocate 20000 1000
end
And for the 851:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router851
boot-start-marker
boot-end-marker
logging buffered 52000 debugging
no logging console
enable password mypassword
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip dhcp use vrf connected
ip dhcp excluded-address 172.21.1.1 172.21.1.100
ip dhcp pool Internal_2101
import all
network 172.21.1.0 255.255.255.0
default-router 172.21.1.1
domain-name mydomain.int
dns-server 172.21.1.10
lease 4
ip cef
ip domain name mydomain.int
ip name-server 172.21.1.10
crypto pki <<truncated>>
crypto pki certificate chain TP-self-signed-3077836316
<<truncated>>
quit
username myusername privilege 15 password 0 mypassword2
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mysharedkey address 216.189.223.aaa
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to216.189.223.bbb
set peer 216.189.223.bbb
set transform-set ESP-3DES-SHA2
match address 100
bridge irb
interface FastEthernet0
spanning-tree portfast
interface FastEthernet1
spanning-tree portfast
interface FastEthernet2
spanning-tree portfast
interface FastEthernet3
spanning-tree portfast
interface FastEthernet4
description $ETH-WAN$
ip address 216.53.254.aaa 255.255.254.0
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1
no shut
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
description Bridge to Internal Network
ip address 172.21.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 172.21.1.0 255.255.255.0 BVI1
ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.21.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.21.1.0 0.0.0.255 172.20.0.0 0.0.15.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.21.1.0 0.0.0.255 172.20.0.0 0.0.15.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.21.1.0 0.0.0.255 172.21.101.0 0.0.0.31
access-list 101 permit ip 172.21.1.0 0.0.0.255 any
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
bridge 1 route ip
banner motd ~This is a private computer system for authorized use only. And Stuff.~
line con 0
password mypassword
no modem enable
line aux 0
line vty 0 4
password mypassword
scheduler max-task-time 5000
end
Note that the above are somewhat stripped-down configs, without firewall or WAN ACL's - interestingly my default WAN-Inbound ACLs seem to break connectivity when included, so I realize I have some more cleanup to do there, but the 2851 LAN bridging seems to be what I should concentrate on first.
I'm still googling some of the particulars with the 2851, but any assistance is appreciated.
Regards,
Ted.Hi,
First,please delete NAT.If we configured the NAT in the RRAS,the source IP address in all packets sent to 192.168.1.0/24 would be translated to 192.168.1.224.
Second,please enable the LAN routing in RRAS server.To enable LAN routing,please follow the steps below,
1.In the RRAS server,Open Routing and Remote Access.
2.Right-click the server name,then click
properties.
3.On the General tab,select
IPv4 Router check box,and then click Local area network(LAN) routing only.
Then,announce the 172.16.0.0 network to the router.
To learn more details about enabling LAN routing, please refer to the link below,
http://technet.microsoft.com/en-us/library/dd458974.aspx
Best Regards,
Tina -
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
Problem with Cisco 861W router and outgoing VPN
We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 216.49.160.10 216.49.160.66
default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciatedHello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router. -
2611XM refuses to grab a DHCP address from an upper router.
HI, first time here. Im a homeschooled student and trying to work on getting a CCNA. I ran into an issue which puts me in a stopping point. I have a Cisco 2611XM router in which im trying to pass internet traffic to a few select computers. The problem is the WAN (fa0/1) will not get an address from the d-link router which is handing out dhcp addresses to all my computers in the main network. Ive watched lots of youtube videos but only to validate Ive used the same methods they did. SO here is a quick run down of the topology.
cable modem>dlink router>cisco2611XM>dumbSwitch>Computer#3
> >LinksysSLMG224G 24 port switch>computers 1,2
As you can see my network splits off from the dlink into what needs to be 2 networks.
So why cant I get the WAN interface of the 2611XM to grab a dhcp address?
config
secureROUTER#sh run
Building configuration...
Current configuration : 1031 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname secureROUTER
boot-start-marker
boot-end-marker
enable secret 5 $1$fq4Z$ty8gmQfFw6v0sM2O0rW2D1
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
no ip domain lookup
interface FastEthernet0/0
description LAN
ip address 10.0.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
interface FastEthernet0/1
description WAN
ip address dhcp
ip nat outside
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
ip nat inside source list 1 interface FastEthernet0/0 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
banner motd ^CGet the fuck out!!^C
line con 0
line aux 0
line vty 0 4
password 7 111B1F5244000D
logging synchronous
login
endDuplicate post.
Go HERE. -
Cisco 876w: wlan client - routing problem
I configured a Cisco 876w to connect to an existing WLAN as a client. Now I would like to connect 3 PCs to the 876w which should be able to access the internet via the 876w.
Problem:
Being at the console (ssh) of the 876w, I can ping hosts in the internet (even with their name like www.google.com) but when I'm using a client PC, I can't... What am I missing here? Could it be a NAT problem?
Config:
Internet <---> DSL Router 192.168.1.1 (and WLAN AccessPoint) <---> Cisco 876w (gets IP per DHCP, VLAN1 IP: 10.10.10.1) <---> PC (10.10.10.101)
Current configuration : 9897 bytes
version 12.4
no service pad...dot11 vlan-name wlan-lan vlan 1
dot11 ssid WLAN
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 0923467F1B2E52789807132F7A202E3D31
no ip source-route
ip dhcp excluded-address 10.10.10.1 10.10.10.9
ip dhcp excluded-address 10.10.10.101 10.10.10.254
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
domain-name cisco.test.com
dns-server 208.67.222.222
ip cef
no ip bootp server
ip domain name test.com
ip name-server 208.67.222.222ip ddns update method sdm_ddns1
HTTP
add http://[email protected]/nic/update?system=dyndns&hostname=//[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://[email protected]/nic/update?system=dyndns&hostname=//[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
no ipv6 cef
multilink bundle-name authenticated
isdn switch-type basic-net3
username admin privilege 15 secret 5 $1$uiouLKjbLIUBlKbj
username service privilege 15 secret 5 $1$LKjblkJNBLKkjlbkm
archive
log config
hidekeys
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-cls--1
match access-group name AllowAny
policy-map type inspect sdm-policy-sdm-cls--1
class type inspect sdm-cls--1
inspect
class class-default
drop
zone security wan
zone security lan
zone-pair security sdm-zp-lan-wan source lan destination wan
service-policy type inspect sdm-policy-sdm-cls--1
interface BRI0
description <--
no ip address
ip flow ingress
ip virtual-reassembly
encapsulation ppp
shutdown
dialer pool-member 1
isdn switch-type basic-net3
isdn point-to-point-setup
ppp multilink!
interface ATM0
backup interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no atm ilmi-keepalive
interface ATM0.3 point-to-point
description <--
ip flow ingress
shutdown
pvc 1/32
pppoe-client dial-pool-number 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
description <--
no ip address
no ip proxy-arp
ip flow ingress
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 1 mode ciphers aes-ccm
ssid WLAN
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root
no cdp enable
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
no cdp enable
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security lan
ip tcp adjust-mss 1412
interface Dialer0
ip ddns update hostname blahblah.dnsalias.com
ip ddns update sdm_ddns1
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security wan
encapsulation ppp
shutdown
dialer pool 1
dialer idle-timeout 600
dialer string 01919214124
dialer load-threshold 20 outbound
dialer watch-group 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname asfa
ppp chap password 7 128763520
ppp pap sent-username asfa password 7 0302141555
ppp multilink
interface Dialer2
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security wan
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap pap callin
ppp chap hostname gast
ppp chap password 7 095B239876473F06090A
ppp pap sent-username gast password 7 1239847629873693D
router rip
network 10.0.0.0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http access-class 23ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source list 106 interface Dot11Radio0.1 overload
ip access-list extended AllowAny
remark CCP_ACL Category=128
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended nix
remark tut nix
remark CCP_ACL Category=2
permit tcp any any
permit udp any any
permit icmp any any
permit ip any any
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 permit ip any any
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 103 remark CCP_ACL Category=2
access-list 103 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 remark Alles
access-list 105 remark CCP_ACL Category=2
access-list 105 permit ip 10.10.10.0 0.0.0.255 any
access-list 105 permit icmp 10.10.10.0 0.0.0.255 any
access-list 105 permit udp 10.10.10.0 0.0.0.255 any
access-list 105 permit tcp 10.10.10.0 0.0.0.255 any
access-list 106 remark NAT wlan
access-list 106 remark CCP_ACL Category=2
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 106 permit icmp 10.10.10.0 0.0.0.255 any
access-list 106 permit udp 10.10.10.0 0.0.0.255 any
access-list 106 permit tcp 10.10.10.0 0.0.0.255 any
dialer watch-list 1 ip 208.67.222.222 255.255.255.255
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
#sh ip int brief
ndrmedienturm#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
BRI0 unassigned YES NVRAM standby mode/disabled down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down
Dot11Radio0 unassigned YES TFTP up up
Dot11Radio0.1 unassigned YES DHCP up up
ATM0 unassigned YES NVRAM administratively down down
ATM0.3 unassigned YES unset administratively down down
SSLVPN-VIF0 unassigned NO unset up up
Vlan1 10.10.10.1 YES NVRAM up up
NVI0 unassigned YES unset administratively down down
Dialer0 unassigned YES NVRAM administratively down down
Dialer2 unassigned YES NVRAM up up
Virtual-Dot11Radio0 unassigned YES TFTP up up
Virtual-Dot11Radio0.1 192.168.1.54 YES DHCP up upHi,
Just check it out few things from client are you able to ping the wan interface of the cisco 876w and when you ping the internt address from client pc what is the out put of the nat translation in router.
The command to check the same is show ip nat translation is packet is gettin translated or not.
Hope to Help !!
Ganesh.H
Maybe you are looking for
-
If I have opened firefox, and I am on my igoogle home page, and if I click the add page button to open a new window, the new pages opens to a blank internet page where I have to type in the new web address I want to go to. This started happening afte
-
ADF - use of selectOneRadio to programmatically display or hide other comps
Hi guys, I am totally new to ADF and will appreciate any help that you can give me. This has to do with the selectOneRadio component and then some. I currently have an ADF jsp form with values that are bound to the underlying entity. The page also ha
-
What is the best method for backing up movies?
I've been using Handbrake to rip out movies that I OWN so I can watch them on my apple tv. Everything works great, I'm just wondering what the best way to back up these files is. Any ideas? I own about 400 DVD's and would like to have them all in my
-
Mac Mini - Philips TV model 42pf9831d
I just purchased a 2.5ghz Apple Mac Mini and when I connect it to my Philips TV model 42pf9831d via hdmi the television initially displays the apple rebooting for the first 30 seconds, then the television goes blank. The Philips specs state hdcp is
-
I've just upgraded from CS6 at work to CC and when drawing image maps it's back to popping up this message: The previous solutions I can find (which worked in CS6) do not work here. When I go into my Preferences > Accessibility I only have this optio