ISDN dial-in with Cisco 1721 and WIC-1B-S/T

Similar Messages

• VOIP home lab with cisco 2620 and VIC-2FXO port

  Hi all,
  I m considering building a home lab for studying CCVP, the lab would be based on the follow components :
  - CUCM 8.X (already installed)
  - A couple of soft phones running in VMWARE with IP Blue and CIPC (they are already in place and registered with the CUCM)
  - Cisco router 2620 with NM-2V and VIC-2FXO-M2 (for europe, I'm in France)
  so here are my questions :
  1/ it looks like the NM-2V comes with integrated DSP, so I should not need more DSP, I have got one PSTN analogic line only so I can make only one call at a time, please confirm
  2/ my analog line comes via my home internet provider dsl box, i have already tried to connect an analog phone and it works, please confirm the router will be able to receive and place calls
  thanks for your help, I m looking forward to begin my voice lab

  1. Yes, the NM-2V has built-in DSP resources for up to four calls (max voice port density with two 1st generation VICs). You cannot add further DSP chips to the NM-1V/2V, nor would you need to for what it does. You have one PSTN phone line, thus you can only make one call at a time. If you had a second line you could use the other FXO port for a second concurrent call.
  2. If the phone line works then it will work with the router to make and receive calls. As Gregory said, just configure dial peers for what you need to do.
  Here is some info on the NM-2V:
  http://www.cisco.com/en/US/products/hw/modules/ps2617/products_tech_note09186a0080094ac0.shtml

• Strange behavior with Cisco AP and Intel 3945 wireles card

  Hi,
  I have an interesting problem with an Intel 3945 A/G card, and my cisco APs.
  1. Given:
  Cisco 1100 and 1200 AP running IOS 12.3.8-JEA
  Two laptop, one with Intel 2200 MPCI Card, the other with Intel 3945 MPCI Card
  Microsoft AD with IAS radius server
  a. 1 SSID with Simple EAP-TLS configuration Enterprise WPA/TKIP, no vlans, broadcast SSID. both card associate correctly and operate normally.
  b. 2 SSID, 1 with simple EAP-TLS configuration Enterprise WPA/TKIP (broadcast), and 2nd SSID Open/No encryption/No authentication (not broadcasted), both cards associate correctly and operate normally.
  c. 2 SSID, 1 with simple EAP-TLS configuration Enterprise WPA/TKIP (broadcast), and 2nd SSID WPS-PSK (not broadcasted), both cards operate normally.
  Now it gets interesting:
  c. 2 SSID, 1 with EAP-TLS/WPA Enterprise on its own VLAN 102, 2nd SSID Open/No Encryption/No authentication on a separate VLAN 105, VLAN 1 is used for admin and radius backhaul to IAS.
  If both SSID are broadcasted via mbssid guest-mode both Intel cards work as expected
  If neither SSID are broadcasted, both Intel cards work as expected
  If either SSID is broadcasted via normal guest-mode command, the Intel 2200 associates and works correctly, but the Intel 3945 refuses to assocate to the AP.
  Has anyone heard of side-effect?
  Alan

  I'm seeing a similar issue with the 3945 right now. However in my example the following is the case;
  APs are 1200 series IOS upgraded running 802.11b interfaces only. There are multiple SSIDs NONE of which are broadcasting.
  We've got a few different client types. The Cisco CB21ABG cards are fine, as are the Intel 2200 and 7920 phones. It's only the 3945 that has a problem and it's running Intel's 10.5.1.68 driver which is the latest. I'm considering downgrading it to an older driver.
  Anybody got a definate fix for this Intel card???

• Can't forward ports with Cisco EPC3925 and Airport Express and Extreme!

  Hello,
  I have very big problem, I've been trying for whole day to forward ports for steam and I just can't I tried everything, I have Cisco EPC3925 ( Its main thing I think its router - right ? ) Then I have connected Airport Express to it with ethernet cable ( It's working as DHCP and NAT I have double nat issue in my airport program I don't know what is this ) also Airport Express is set to create a Wi-Fi network, then I have connected Airport Extreme with Wi-fi and set to exceed wi-fi network and can't change anything in it , can't open ports etc. etc. MY COMPUTER is connected to Airport Extreme ( 2nd device ) with cable ! So Im not connecting my computer to internet with wi-fi
  Also I've been looking in Airport Express ( the 1st device ) and I saw that there I can open ports , but I opened them and nothing happend ... ports are still closed... Also I've set my computer ip to static , tried everything . And portforward.com site isn't helpfull . Also I tried to set Airport Express ( 1st device ) in bridge mode and nothing happend ( after I set it to bridge mode I can't open ports in airport program )
  Please is there anyone that can Help me with this ????
  Also I want to say that somehow I dont know how, but I managed to open ports in the past
  I need to open all necessary ports because If I can't open them - I can't make a server and people can't join . I really really need help I've spent whole today's saturday to get it to work and this won't work !

  Tesserax wrote:
  I have Cisco EPC3925 ( Its main thing I think its router - right ? )
  Yes, the Cisco EPC3925 is a combination modem and wireless router or gateway device. This is the device that you would need to configure for port forwarding/mapping.
  Then I have connected Airport Express to it with ethernet cable ( It's working as DHCP and NAT I have double nat issue in my airport program I don't know what is this )
  A "Double NAT" condition is when you have two or more routers in series where they all have NAT enabled. NAT is a service that is intended to allow you to share one Public IP address with multiple Private network clients. This is what allows you to have more than one computer on your local network have the ability to share an Internet access.
  Since you have your AirPort Express connected to the Cisco by Ethernet AND the Express is configured to have NAT enabled is why you are getting a Double NAT warning.
  Normally you would want all downstream routers to be reconfigured as bridges (NAT & DHCP disabled).
  also Airport Express is set to create a Wi-Fi network, then I have connected Airport Extreme with Wi-fi and set to exceed wi-fi network and can't change anything in it , can't open ports etc. etc.
  You will need to reconfigure the Express as a bridge. The fact that you have configured the Extreme to extend its wireless range is fine.
  Also I've been looking in Airport Express ( the 1st device ) and I saw that there I can open ports , but I opened them and nothing happend ... ports are still closed
  You do not want to open ports on the Express. Again, if you reconfigure it as a bridge you won't need to as all of its ports will be opened.
  Ok I understand what u said, so I set my airport Express 1st device in bridge mode - if I do that I can surf internet without problems etc. Then when I set it to bridge mode my computer gets adress 192.168.1.X ( My computer gets 13 and I've set it to be static ) so my computer is 192.168.1.13 then -> I open ports for example 2700-27015 ( for steam ) in my router cisco website witch is 192.168.1.1 and in ip adress label I put my computer adress 192.168.1.13 after I do this I reset the router and turn it back on after all this everything should work fine and my ports should be open right?? Well..I've tried it.. after this I can surf internet without problems of course but my ports are still closed ... Im checking them on http://www.canyouseeme.org/ and it says they are closed I've tried with pultiple ports such as 80 .. and it just won't work I don't know why..
  Also someone told me to use DMZ on and in ip adress put WAN ip of my airport express ( if its NOT set in bridge mode ) and open ports for my airport ( also I tried to open for my computer too ) - It doesn't work
  Please friend tell me you can help me ..
  Message was edited by: bolo822

• Help with connecting MacBook Pro with Cisco Routing and Switches?

  I'm running a CiscoASA 5510 router with several Cisco WS-C2960-48TT-L switches on a local network to connect with MacBook Pro. I need to be able to restrict access to specific users via their computer MAC address. ie: Joe Blow is limited to connecting through Switch 1 on port 10 and anywhere else he tries to plug in will simply not work.

  You need to look at the documentation that came with your router and switches. Or ask your network admin to set it up. Your question has nothing to do with your Macbook Pro configuration. MAC filtering is done in the router not in the computers/devices connecting to the router.

• VPN with Cisco 877 and ASA 5505

  Hi Experts
  this is my scenario :
  remote clients ----> Internet----> Cisco 877---> ASA5505---->LAN
  i would like to allow remote users to connect to my LAN to chek their mails and work as they are in the office. Actually i have configured Cisco877 as VPN Server this is working Fine. but now i'm trying to use ASA with the router because it permit 25 connections at the same time.
  i'm connected to internet using a public ISDN IP.i have heard that i need a second IP adresse for ASA ! and the ASA must act as VPN server and the router as Client, is that right ?
  if i need to configure the link between the router and ASA how can i do it ? i can't find any document or example in the net :/
  please i need your support to make this dream real lol.
  i will poste my configuration step by step following your help.
  many thanks.

  ASA need public ip address that is sure and also ASA acts as vpn. Client server will be remote not router. For that you can use any Ethernet. Trying to make a remote VPN connection via the cisco client, authenticate against an RSA Secure Token server and provide the client an IP address via DHCP.

• Small Sales Office with Cisco 857W and Wireless Skype Handset

  I have a remote sales office which is connected to the internet via a Cisco 857W. One of the sales guys uses a Skype Wireless Handset. I am looking to improve the quality of the handset as much as I can with the local wireless network in the 857W. The handset has WMM (802.11e) and uses ports 1 (alternative ports 80 and 443). My question is how do I enable WMM (802.11e) on this router and how do I or should I give priority to these ports to improve call quality? Config file attached.
  thanks in advance,
  stuart.

  I'm not an expert on this subject but this link could help.
  http://www.cisco.com/en/US/products/ps5853/products_configuration_guide_chapter09186a008067cc16.html

• Certificate based authentication with Cisco WLC and Juniper IC

  Hi
  I have a cisco WLC 4400 and Juniper IC which works as the external Radius server.
  I want the wireless clients to be authenticated using certificates. I know the Juniper IC can understand certificates.
  My question is can cisco WLC understand that the information being presented to it by the client is not username/pwd but a user certificate.
  i have also looked at this article :
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100590-ldap-eapfast-config.html
  What i don't understand here is the need of WLC authenticating the user with his credentials by LDAP when it has authenticated the user cert.
  All your help is appreciated.

  Hi,
  Since you use an external radius server you don't have to worry for this.
  The only config that you need to do on WLC is to define the radius server under Security-AAA-Radius-Authentication and on your WLAN-Security-AAA.
  The doc you refer is only for Local Radius on WLC.
  Hope this helps
  Regards,
  Christos

• Configuring wired 802.1x with Cisco 2950 and NPS 2012 problem

  Hi,
  I am trying to setup wired authentication on my corporate network. For testing purposes, I have setup a Cisco 2950 switch for RADIUS authentication.
  On the first day of the test, access messages were appearing on the event log of the 2012 Server and  we were trying to address the issues with EAP and policy.(Network Policy and Access services)
  Then, suddenly no events are written to the event log for the wired authentication. Accounting data is written to the log file at c:\windows\system32\logfiles, but nothing happens on the event log as if the NPS is not answering. We are using the same server for wireless 802.1x and all is working fine.
  Checking the wired autoconfig log on the client, Restart Reason : Onex Auth Timeout appears.
  Logging seems to be configured properly, there are no entries in event log. Below is the debug information from the 2950 switch;
  KAT2-BATISW1#
  00:18:28: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
  0/17
  00:18:28: dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthern
  et0/17
  00:18:28: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEth
  ernet0/17
  00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
  17 (admin=Both, current oper=Both)
  00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
   Both
  00:18:28:     dot1x_auth Fa0/17: initial state auth_initialize has enter
  00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_initialize_enter called
  00:18:28: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
  00:18:28:     dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
  uto)
  00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
  00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_disconnected_enter_action called
  00:18:28: dot1x-sm:
  dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
  D
  00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
  17 (admin=Both, current oper=Both)
  00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
   Both
  00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
  hernet0/17
  00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
  HORIZED
  00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send po
  rt to unauthorized on vlan 0
  00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
  astEthernet0/17
  00:18:28: dot1x-ev:    GuestVlan configured=0
  00:18:28: dot1x-ev:supplicant 0000.0000.0000 is default
  00:18:28: dot1x-ev:supplicant 0000.0000.0000 is last
  00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:18:28: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/17
  00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
  hernet0/17
  00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
  00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:18:28:     dot1x_auth Fa0/17: idle during state auth_disconnected
  00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
  00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_enter called
  00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
  00:18:28: dot1x-sm:Dot1x Initialize State Entered
  00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
  00:18:28:     dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
  6383(idle)
  00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
  00:18:28: dot1x-sm:Dot1x Idle State Entered
  00:18:28: dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 cu
  rrent_id=0
  00:18:28: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at memloc 80D
  71C74
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
  FastEthernet0/17
  00:18:28: dot1x-ev:
  dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
  00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
  00:18:28: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/17)
  00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
  00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
  FastEthernet0/17
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
  000.0000.0000
  00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
  00:18:28: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
  00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
  00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
  00:18:28: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
  00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
  00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
  00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:18:28:     dot1x_auth Fa0/17: initial state auth_initialize has enter
  00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_initialize_enter called
  00:18:28: dot1x-ev:auth_initialize_enter:0024.1d10.d7c5: Current ID=0
  00:18:28:     dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
  uto)
  00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
  00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_disconnected_enter_action called
  00:18:28: dot1x-sm:
  dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
  D
  00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
  17 (admin=Both, current oper=Both)
  00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
   Both
  00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
  hernet0/17
  00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
  HORIZED
  00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0024.1d10.d7c5 to send po
  rt to unauthorized on vlan 0
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
  astEthernet0/17
  00:18:28: dot1x-ev:    GuestVlan configured=0
  00:18:28: dot1x-ev:supplicant 0024.1d10.d7c5 is last
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28: dot1x-ev:0024.1d10.d7c5 is now unauthorized on port FastEthernet0/17
  00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
  hernet0/17
  00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28:     dot1x_auth Fa0/17: idle during state auth_disconnected
  00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
  00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
  00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
  00:18:28: dot1x-sm:Dot1x Initialize State Entered
  00:18:28:     dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
  00:18:28:     dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
  6383(idle)
  00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
  00:18:28: dot1x-sm:Dot1x Idle State Entered
  00:18:28: dot1x-ev:Created port supplicant block 0024.1d10.d7c5 expected_id=1 cu
  rrent_id=1
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
  FastEthernet0/17
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
  FastEthernet0/17
  00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
  024.1d10.d7c5
  00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
  00:18:28: dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/17)
  00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
  00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
  00:18:28: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 21 (Fa0/17)
  00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28:     dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
  pId)
  00:18:28: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
  00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
  00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
  00:18:28: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
  00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
  alled
  00:18:28: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
  00:18:28:     dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
  start)
  00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
  00:18:28: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
  D353C, swidb=807D4898 on intf=Fa0/17
  00:18:28: dot1x-ev:Managed Timer in sub-block attached as leaf to master
  00:18:28: dot1x-sm:Started the ServerTimeout Timer
  00:18:28: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and leng
  th = 21
  00:18:28: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967283
  00:18:28: dot1x-ev:Couldn't Find a process thats already handling the request fo
  r this id 0
  00:18:28: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
  .1d10.d7c5, VLAN 0 on pending request queue
  00:18:28: dot1x-ev:Found a free slot at slot 0
  00:18:28: dot1x-ev:Found a free slot at slot 0
  00:18:28: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
  24.1d10.d7c5, VLAN 0 from pending request queue
  00:18:28: dot1x-ev:Request id = -13 and length = 21
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
  t0/17
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:28: dot1x-ev:Username is DUZEY\SAYTAMANER
  00:18:28: dot1x-ev:MAC Address is 0024.1d10.d7c5
  00:18:28: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
  00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:30: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
  00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
  00:18:46: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
  00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
  00:18:46:     dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
  apStart)
  00:18:46: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
  00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
  00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
  led
  00:18:46: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
  00:18:46:     dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
  nitialize)
  00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
  00:18:46: dot1x-sm:Dot1x Initialize State Entered
  00:18:46:     dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
  00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
  00:18:46: dot1x-sm:Dot1x Idle State Entered
  00:18:46:     dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
  Abort_noeapLogoff)
  00:18:46: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
  00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
  00:18:46: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
  024.1d10.d7c5
  00:18:46: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
  00:18:46: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
  00:18:46: dot1x-registry:registry:dot1x_ether_macaddr called
  00:18:46: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
  00:18:46: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
  00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
  00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
  00:18:46:     dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
  pId)
  00:18:46: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
  00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
  00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
  00:18:46: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
  00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
  alled
  00:18:46: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
  00:18:46:     dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
  start)
  00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
  00:18:46: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
  D353C, swidb=807D4898 on intf=Fa0/17
  00:18:46: dot1x-ev:Managed Timer in sub-block attached as leaf to master
  00:18:46: dot1x-sm:Started the ServerTimeout Timer
  00:18:46: dot1x-ev:Going to Send Request to AAA Client on RP for id = 1 and leng
  th = 21
  00:18:46: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967284
  00:18:46: dot1x-ev:Found a process thats already handling therequest for this id
   1
  00:18:48: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_ERROR)
  00:18:48: dot1x-ev:Received VLAN is No Vlan
  00:18:48: dot1x-ev:Enqueued the response to BackEnd
  00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:48: dot1x-ev:Enter function dot1x_aaa_acct_end
  00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:18:48: dot1x-ev:Received QUEUE EVENT in response to AAA Request
  00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:dot1x_process_txWhen_expire called
  00:18:58:     dot1x_auth Fa0/17: during state auth_connecting, got event 19(txWh
  en_expire)
  00:18:58: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_connecting
  00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_connecting_action calle
  d
  00:18:58: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for def
  ault supplicant
  00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
  00:19:07: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
  00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
  00:19:07:     dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
  apStart)
  00:19:07: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
  00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
  00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
  led
  00:19:07: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
  00:19:07:     dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
  nitialize)
  00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
  00:19:07: dot1x-sm:Dot1x Initialize State Entered
  00:19:07:     dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
  00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
  00:19:07: dot1x-sm:Dot1x Idle State Entered
  00:19:07:     dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
  Abort_noeapLogoff)
  00:19:07: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
  00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
  00:19:07: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
  024.1d10.d7c5
  00:19:07: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
  00:19:07: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/17)
  00:19:07: dot1x-registry:registry:dot1x_ether_macaddr called
  00:19:07: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
  00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
  00:19:07: dot1x-packet:Rx EAP-Response(Id), id 2, ver 1, len 21 (Fa0/17)
  00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
  00:19:07:     dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
  pId)
  00:19:07: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
  00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
  00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
  00:19:07: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
  00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
  alled
  00:19:07: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
  00:19:07:     dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
  start)
  00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
  00:19:07: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
  D353C, swidb=807D4898 on intf=Fa0/17
  00:19:07: dot1x-ev:Managed Timer in sub-block attached as leaf to master
  00:19:07: dot1x-sm:Started the ServerTimeout Timer
  00:19:07: dot1x-ev:Going to Send Request to AAA Client on RP for id = 2 and leng
  th = 21
  00:19:07: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967285
  00:19:07: dot1x-ev:Couldn't Find a process thats already handling the request fo
  r this id 2
  00:19:07: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
  .1d10.d7c5, VLAN 0 on pending request queue
  00:19:07: dot1x-ev:Found a free slot at slot 0
  00:19:07: dot1x-ev:Found a free slot at slot 0
  00:19:07: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
  24.1d10.d7c5, VLAN 0 from pending request queue
  00:19:07: dot1x-ev:Request id = -11 and length = 21
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:07: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
  t0/17
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:07: dot1x-ev:Username is DUZEY\SAYTAMANER
  00:19:07: dot1x-ev:MAC Address is 0024.1d10.d7c5
  00:19:07: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
  00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
  00:19:19: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
  0/17
  00:19:19: dot1x-ev:supp_info=80D7E584 txWhen_timer=80D7E5D4 quietWhile_timer=80D
  7E594reAuthWhen_timer=80D7E5B4 awhile_timer=80D7E5F4
  00:19:19: dot1x-ev:destroy supplicant block for 0024.1d10.d7c5
  00:19:19: dot1x-ev:supp_info=80D71C74 txWhen_timer=80D71CC4 quietWhile_timer=80D
  71C84reAuthWhen_timer=80D71CA4 awhile_timer=80D71CE4
  00:19:19: dot1x-ev:destroy supplicant block for 0000.0000.0000
  00:19:19: dot1x-ev:Enter function dot1x_aaa_acct_end
  00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
  00:19:19: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
  hernet0/17
  00:19:19: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
  This is driving me crazy, working on it for a whole week and no results..
  Thank you..

  Hi again,
  I have put the config on 2960. Now as soon as the authentication starts, this is the message on debug;
  dot1x authentication unable to start - authenticator not enabled..
  Any ideas?
  regards,
  onur

• EAP-TLS problems with Cisco AP541N and Server 2008 NPS

  Hi,
  I want to use EAP-TLS with my shiny new certificates issued by my new Windows CA, and what happens? Nothing works.
  I don't have a clue what I should do. I try to establish a EAP-TLS connection using my Windows CE mobile device, but my cisco AP541N logs this:
  Oct 18 15:42:58
  info
  hostapd
  wlan0: STA 00:17:23:xx:xx:xx IEEE 802.1X: Supplicant used different EAP type: 3 (Nak)
  Oct 18 15:42:58
  warn
  hostapd
  wlan0: STA 00:17:23:xx:xx:xx IEEE 802.1X: authentication failed - identity 'XXXXXX' EAP type: 13 (TLS)
  Oct 18 15:42:58
  info
  hostapd
  The wireless client with MAC address 00:17:23:xx:xx:xx had an authentication failure.
  NPS logs this:
  Name der Verbindungsanforderungsrichtlinie: Sichere Drahtlosverbindungen 2
  Netzwerkrichtlinienname: XXXXXX
  Authentifizierungsanbieter: Windows
  Authentifizierungsserver: XXXXX
  Authentifizierungstyp: EAP
  EAP-Typ: -
  Kontositzungs-ID: -
  Protokollierungsergebnisse: Die Kontoinformationen wurden in die lokale Protokolldatei geschrieben.
  Ursachencode: 22
  Ursache: Der Client konnte nicht authentifiziert werden, da der angegebene EAP (Extensible Authentication-Protokoll)-Typ vom Server nicht verarbeitet werden kann.
  I'm sorry it's german, but the gist is: The server can't process the authentication with the specified EAP type, which should be EAP-TLS.
  I think the NAK answer in my cisco AP logs is the problem. Well, not the problem, since it is the standard procedure in the EAP request / challenge, I think, but somebody messes up with it.
  Did anybody encounter something like this before? Or just knows what to do?
  Thanks in advance
  Lenni

  Joe:
  Having NPS, you have the options to configure PEAP-MSCHAPv2 or EAP-TLS.
  EAP-TLS: mandates a certificate on the server as well as a certificate on every single machine for authentication purposes.
  PEAP-MSCHAPv2: mandates a certificate on the server only. Users connecting to the wireless network must trust the certificate (or, user devices can be configured to escape this trust and connect even if the server cert is not trusted).
  for PEAP-MSCHAPv2, Your options are:
  - Buy a certificate for the server from a trusted party (Verisign for example [which was bought later by Symantec]). This way all devices will - by default - trust the server's cert.
  - Install local CA. Install a cert on the server and then push the root CA cert for your CA to all client device so they trust this issuer.
  - If both up options are not valid for you, what you can do is to configure every single client to ignore the untrusted cert and proceed with the connectoin. (This is a security concern though. not recommended unless really needed).
  You must get a cert on the server and all clients must trust that certificate's issuer. Otherwise you'll not be able to user PEAP.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Vlan routing with cisco router and linksys switch

  I have a linksys switch width vlan configured, connected to a Cisco router (1841), but I cant route between vlan’s.
  Please help me!!
  It Works with a Cisco switch perfectly(with the same ip and vlan).

  Yes. the linksys switch (SRW2024 24-Port 10/100/1000 Gigabit Switch) supports trunking.
  If you want you can visit the link and see that the switch supports vlan, dot1q and trunking.
  http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1123638180432&pagename=Linksys%2FCommon%2FVisitorWrapper

• PLEASE HELP! Problems with Cisco WLAN and WPA encryption

  I checked the threads and didn't see this posted.  I have a Cisco WLAN card in my T42_2373_C88.  It's a very unfortunate thing that this wireless LAN card/wireless config. utitlity doesn't support WPA encryption.  I'm not entirely sure that it's the problem with the WLAN card, and the reason for this is that I initially set up a network through the Windows config. utility bypassing the IBM utility (which I can no longer do).  I wasn't actually able to connect to my local network until I completely removed the profile for my home network in the access connections, only then was I able to connect (WPA-PSK (TKIP)).  I saw some drivers available for my make and model on the lenovo.com driver site.  I downloaded the drivers and went through device manager specifying the folder where the drivers were located and the drivers were not recognized by windows as valid drivers.  Unless specifically told otherwise, I don't want to manually override and load these drivers.  This is a business machine, and this specific wireless function is VERY critical. 
  Thanks

  try using URLConnection instead of HTTPConnection.

• Mixed environment with Cisco 3750 and SRW248G4

  Dear Community,
  as mentioned above in the subject field, we are evaluating Linksys for Business products.
  We are using Cisco products (i.e. Cisco WS-C3750G-12S-S) for core networking, due to new investment planning, we are evaluation how to upgrade our access switches.
  In fact, we would like to implement Linksys by Cisco products,  SRW248G4 specific. These devices should be connected over fibre cabling using Linksys by Cisco MGBSX1 optical modules.
  So for these reasons, I have to check, if this design is going to work. May you give any feedback to this?
  Thank you in advance.

  Ni hao Seng,
  Without an understanding of what you are trying to achieve I can however say the following;
  I have used the wonderful SRW platform (SRW2008P) in my network for two years now. I have no difficulty in setting up VLAN tags and trunking to a traditional Cisco equipment.
  Most of the problems I have seen is not understanding how to setup VLANs correctly.  I can appreciate that as VLANs took me a long time to understand.
  I think for the benefit of the good people out there that use this community, I should put together a Video on Demand that goes through creating a VLAN that shows how to setup VLANs on a SRW switch, taking into account the three modes the switch ports can be set in (access,general and trunking modes).
  regards Dave

• Achieving Redundancy with Cisco Routers and Switches

  I have two 2600 routers connected to two different ISP and in turn these are connected back to our head office to a 3560 series switch.Iam trying to set up the different connections such that if one ISP connection fails the other one takes over immeadiately.I know i could use HSRP for redundancy but the problem iam facing is the two routers are in different subnets, so it may not be possible to use HSRP in this case.I could be wrong but any help will be appreciated.

  Hi,
  some questions to ask you
  1- 3550 is working as L3 or L2
  if L3 than you can use static route pointing to two different router.if L2 than use secondary address in ethernet infaces of router and run HSRP but for this you need to match vlan.
  2- if intervlan is configured on router's than it will be very easy.
  HTH if not write here

• Cisco Secure ACS with UCP assistance and enable password

  I am running Cisco Secure ACS version 4.2 running on a
  Standalone Windows 2003 Enterprise 2003with the lastest
  windows service pack and update. Secure ACS is running
  fine and I can authenticate with Cisco routers and
  switches. The Windows 2003 server is also running Microsoft
  IIS Server. In other words, the IIS server and Cisco
  Secure ACS is running on the same windows 2003 server.
  I am trying to get Cisco User-Changeable password to work
  with Cisco Secure ACS. I followed the release notes lines
  by lines and the work around provided below:
  Also server require more privileges for the internal windows user that runs CSusercgi.exe.
  The name of the windows user that runs UCP is IUSR_<machine_name>.
  Workaround steps:
  1) Install UCP 4 on a machine that runs IIS server.
  2) Open IIS manager
  3) Locate Default Web Site
  4) Double click on the virtual name 'securecgi-bin'
  5) Right click on CSusercgi.exe and choose Properties
  6) Choose 'File Security' tab
  7) Choose 'Edit' in 'Authentication and access control' area
  8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
  password (make sure that 'Integrated Windows authentication' is checked)
  I still can NOT get this to work. I got this error:
  It says:
  The page cannot be found
  The page you are looking for might have been removed,
  had its name changed, or is temporarily unavailable.
  HTTP Error 404 - File or directory not found.
  Internet Information Services (IIS)
  I modified everything in the Windows 2003 to be "ALLOWED" by
  EVERYONE. In other words, there are NO security on the windows 2003.
  It is still NOT working.
  The other question I have is that can Cisco UCP allow user
  to change his/her enable password?
  Can someone help? Thanks.

  Yes bastien,
  Thank you.
  But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
  I've given it several time; also going through Administrator account with administrative credentials but it always failed.
  Any suggestions/solution/?
  This time many thanks in advance.
  Regards
  Mehdi Raza