Low cost router with DHCP option 66
I am trying to find the lowest cost Cisco router with option 66. I use the router in conjunction with spa50x phones and need to be able to have them config at boot up.
I was using the srp521. It was suggested to use the isa550, but that just got an EOL. Do any of the RV routers support it, I did not find it on a rv110 and I know its not on the rv042. It seems to me that this is a functionality that should be on a router aimed at a small business.
Sage
Dear Sage,
Thank you for reaching the Small Business Support Community.
Unfortunately none of the Small Business routers were intended to provide DHCP option 66 for IP Phones configuration via TFTF server. I suggest you to look for a enterprise device for that matter, like an ASA for example, and you can also inquire about a low cost option from their community support forum.
My job role in Cisco, among several, is to identify business opportunities and product enhancements for the Small Business products so I am definitely going to suggest this option 66 feature for future firmware releases.
Please do not hesitate to reach me back if there is anything I may assist you with in the meantime.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.
Similar Messages
-
Low-cost OS X purchase option for obsolete iBooks?
I have some obsolete iBook G3 500 mhz / 10 gig / 128 meg / CD and iBook G3 700 mhz / 20 gig / 128 meg / Combo. I have been thinking about just throwing them in the trash. Someone tells me, no no don't do that, you can sell them on ebay for ... $50 each or so. Woo.
(Oh, and yes a bunch of them do have that powerful sweaty "iBook Stink" keyboard problem. I am not sure what the official Apple solution is. Anyone tried applying Old Spice to a keyboard?)
Well the only way they are going to be useful is to run at least a newer OS than the 9.2.2 / 10.2 they have. And If I have to pay $120 per license for 10.4, there's really no point starting this exercise and I should go back to the original plan, electronics waste disposal. Preferably with a sledgehammer.
Microsoft has a way to deal with this. They practically give away Windows XP and now Windows 7 for low-cost rebuilt PCs through their refurbisher program, and the licenses cost something like $5-10 per computer.
Microsoft Refurbisher Program
http://www.microsoft.com/refurbishedpcs/programs.aspx
Is there a refurbisher licensing program for cheap old licenses of OS X, from Apple? I am not finding anything.
But I went through this previously. I'm mainly just looking for an update.
I wrote to Steve directly a few years ago asking about free or low-cost OS X licenses for these obsolete Macs, and Apple responded with the name of an electronics recycler near me. (Really!) Once support ends in about 3-4 years, who cares? Apple sure doesn't. And besides, you should be buying "the next one", to stay all hip and cool and "with it", anyway.
Still looks like trashing them is the best option, as trying to sell them for $20 per machine with 9.2.2 / 10.2 is not worth my time to pack and ship them..txformer wrote:
Apple sure doesn't.
Precisely.
BDAqua wrote:
I have no idea what Apple has to lose by making say 10.4 available cheaply, certainly no sales loses
No? Through forced obsolescence you are removing older computers from the market and obliging people to buy newer, so faster turnover and sales of newer (unless they decide that they give up on Macs). Fast forward 5 years. Scenario where Apple sticks with their pattern of no longer selling old versions, nor will they be available on disc because it's all download. How will you get hold of Lion 5 years from now to make a 2008 Mac functional in 2017? I suspect the used Mac market will really be hit hard because our current means of updating older Macs by finding old discs on the used market will be gone. Right now I can buy a 6 year old OS (Leopard) to make my 10 year old Quicksilver still pretty functional in 2012. I am not sure we will be able to do the equivalent in a few years from now becuse we won't have a means of getting hold of the new system versions unless you buy one now and stick it on the shelf "just in case".
Only thing I can think of is maybe a Family Pack install Disc.
Technically those are for family use, not selling 5 computers to anybody on e-bay. In that regard you'd be no better off with a family pack than a single installer. -
ISG with DHCP Option 82 sessions
Greetings, I'm looking to roll out a GPON deployment using the ISG as our BRAS with DHCP-based sessions but we are experience some problems with session restart. Were using an external DHCP server and RADIUS. Sessions come up fine the first time, but if there is an existing session and the CPE node is rebooted the session get's "stuck". To clear the session we turn off the CPE device, clear the state in the GPON shelf and wait for more than 5 minutes. Doing some debug shows the SG-DPM process thinking there is an existing DHCP lease that seems to clear out after five minutes of "silence". I'd like to get this five minutes down to something in the less than 60 seconds range. Anybody know of any knobs to tweak this?
Dec 2 12:49:19.642 EST: SG-DPM: getting the context for mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: input override for mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: null input interface from dhcp,returning access interface GigabitEthernet0/3.300
Dec 2 12:49:19.642 EST: SG-DPM: DHCP Offer notification from client, mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: getting the context for mac_address = 0024.c823.7322
Dec 2 12:49:19.642 EST: SG-DPM: Aborting update. IP address: 10.2.2.162 hasn't changed
Running 12.2 (31) SB19 with the following code snippet:
aaa authorization subscriber-service USER_LOGON group radius
policy-map type control USER
class type control always event session-start
20 authorize aaa list USER_LOGON password blablabla identifier circuit-id
30 service disconnect
interface GigabitEthernet0/3.300
encapsulation dot1Q 300
ip dhcp relay information trusted
ip address 10.1.1.1 255.255.255.224
ip helper-address 10.10.10.10
no cdp enable
service-policy type control USER
ip subscriber l2-connected
initiator dhcpTry...
If the session is still un an unauthenticated state setting the unauthe timer will help:
class type control always event session-start
25 set-timer IP_UNAUTH_TIMER 6
But if the session is authenticated then it is suggested to set a idle timeout value like this:
policy-map type service IDLE_TIME_SERVICE
class type traffic IDLE_TIME
timeout idle 600
class type control always event session-start
24 service-policy type service name IDLE_TIME_SERVICE
Shelley. -
I am trying to connect an HP Laserjet 1102w directly to an HP desktop model a172n with Windows Vista Home Premium OS (32 bit) through a new Linksys AE3500 dual band wireless router which has a USB port for a direct connection. The desktop can see the wireless router but not the printer.
Is there a work around, a printer installer update, or some other solution that enables me to connect the desktop to the printer via the USB connection on the wireless router? I need to have one wireless laptop and one non-wireless desk computer able to use the one printer.
Thanks for any assistance!
Murleen Rayhi there,
It seems as though this situation will require the Cisco connect software to function properly. Check out this article from the cisco knowledge base. It has the step by step setup specific to your case. Let us know if this helps or if you have already been through these steps.
Best of Luck!
You can say thanks by clicking the Kudos Star in my post. If my post resolves your problem, please mark it as Accepted Solution so others can benefit too. -
Intel Anti-Theft Technology: Low cost enterprise options
Working in education, I'm looking for a low cost option for implementing anti-theft tech. All we need is a way to disable stolen computers, in order to deter thieves in the future. We don't expect to recover stolen equipment, so tracking is not needed. Computrace is too expensive. SecureDisable seems like a good option without unnecessary features, but still seems like a lot for a simple service.
Anybody have any experience in this area?
Are pay services absolutely required for this tech? What about writing a custom management plug-in?Hello,
Two thoughts:
Check with your existing vendor(s) of security software to see if they offer an anti-theft module or product as an add-on to your existing license.
The open source Prey Project is another solution to investigate.
Regards,
Aryeh Goretsky
I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
S230u (3347-4HU) • X220 (4286-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
Deutsche Community Comunidad en Español Русскоязычное Сообщество -
Hi,
We are new to grid etc. We are a little frustrated at the costs involved in setting up shared storage with expandability.
We want to use commodity hardware for our servers.
We want to be able to add additional storage when space becomes an issue.
I have read that using NFS and/or Firewire is not a suitable production solution.
Does anybody have a low cost, commodity hardware storage solution?
Thanks
Bengo for AX100.
Source : www.dell.com .... The award-winning Dell/EMC AX100 and the new Dell/EMC AX100i are designed to bring customers an easy-to-use, low-cost SAN solution. The AX100 and the AX100i are ideal storage arrays for small workgroups, medium-sized businesses or branch offices of large corporations.
Rgds
kaps -
Best low cost camcorder to use with imovie?
Currently use windows movie maker and Canon A620 for simple home movies. Some other movie programs won't recognize the Canon format from the camera. Considering macbookpro when leopard and ilife 07 released.
Looking at lower cost comparisons between Sony and Canon in tape and mini DVD. Sony had better reliability & picture & sound ratings in leading consumer magazine of older similar models, but I had the impression Canon might work better with Apple in general?
Also is the current version of iMovie not compatible with formats used by miniDVD?
Since these cameras are all newer will iMovie recognize them, or is there an update to improve compatibility with newer models
Specifically comparing:
Canon ZR850 to Sony DCR-HC38 Mini DV
Canon DC-210 to Sony DCR-DVD108 Mini DVD
Looking for comments or other recommendations
Thanks,
Windows XPMark,
You wrote: "..My iMac has 1-400MB and 1-800MB Firewire port. The 400MB port is in use by a hard drive so I want to use the 800MB port for a camcorder. My research has led me to a Firewiredirect.com site that has 4pin to 9pin cables, so I think this will work.."
..but I doubt it.
I've never got a Sony camcorder to work with a Mac by connecting it with a 4-pin-to-9-pin cable to a FireWire 800 port. But you may be luckier!
However, I often get a Sony camcorder to work by "daisy-chaining" it through an FW400 hard drive, as long as the external hard drive has two FW400 sockets on it. Not all camcorders will work this way - and notably not Canons.
But if the hard drive has two FW400 connections, connect the drive to the Mac with one of them, and plug the camcorder into the other socket on the hard drive. (..You may have to experiment by swapping over the connections to see which way works best..)
With a Sony camcorder plugged into the hard drive, and the hard drive plugged into the Mac, the camcorder should be perfectly visible to the Mac ..and you should be able to save your video onto either the Mac's internal disc, or the external disc ..as long as the external disc is formatted as 'Mac OS Extended', and not as MS-DOS-compatible, or FAT32, or some other Windows format.
If your external hard disc has an FW800 socket, then I'd connect it into your iMac via FW800, and plug the camcorder into the FW400 socket on the Mac. The hard disc - if it has an FW800 connection - will probably work better (..i.e; faster..) through that connection anyway. -
Kindly Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN ?
Kindly
Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN?
Thanks,Linksys/Cisco E4200 are compatible with DHCP. Second, these Wireless-N routers are only capable of enabling the VPN traffic to pass through the device. You will need a VPN router and software to create the actual network to connect with your VPN client.
-
Configure WRT54G Wireless Router with PUBLIC IP address and use DHCP for internal computers
Hi,I have an Internet online service with 5 public IP addresses. The router and the AP are connected to a switch. I would like to configure a WRT54G wireless router with one of this IP public Address and use DHCP (with private ip address) for the computers that will connect to the AP. As the AP is connected to the switch it is possible that other wired computers that are connected to the same switch can obtain an IP address from the DHCP ?
Thansk in advance
Thanks for your help. Please correct me if Im wrong. After connecte the equipments the way you suggestI setup a static IP address (The public IP) in the WRT54GI enable DHCP in the WRT54G with a range from 10.10.0.100 to 10.10.0.200 (as an example) The gateway is the Public IP address right ? How do I route the 10.10.0.x addresses to the public IP address. Thansk again
-
How to write query with low cost
hi
i want to write a query of low cost for the following scenario.
in a table
if a person got a salary >=10000 he is in grade A
if a person got salary >=7000 he is in grade B
if a person got salary >=5000 he is in grade C
if a person got salary >=3000 he is in grade D
else grade E.use CASE
case when salary >= 10000 then 'A'
when salary >= 7000 then 'B'
else 'E'
end as grade
-
Malfunction of Low balanace router
I encounter the following Forte problem:
The low-balancing routers are somtimes disconnected from the environment and
show the following errors in the router log.
However the routers continuously stay on ONLINE.
Is it a bug in Forte 3.0.F.2? The existing replicates under the routers are
also ONLINE and no error is recorded down in each replicate's log file.
I have already turn off the Keep Alive feature which causes sudden
disconnection (stated on the Forte defect report).
Any suggestion is welcome.
Rgds
Tom
INFORMATION: An abnormal disconnect from partition
(30B47390-88AA-11D1-89C9-8754A988AA77:0x9e9ba) was received. Since there
are
no method invocations outstanding to this partition, no notification could
be
given of this disconnect (by indicating a method invocation failed).
Therefore, the information associated with this disconnect is being
reported
to the log.
Class: qqsp_DistAccessException
Error #: [601, 119]
Detected at: qqdo_PartitionMgr::StopLocation at 2
Error Time: Tue Nov 30 11:09:53
Exception occurred (locally) on partition "OP_MB_BLF_cl1_Part21-router",
(partitionId = 30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
[30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in application
"OP_MB_BLF_cl1", pid 31331 on node seattle in environment ProductEnv.
INFORMATION: The connection to the partner was terminated by the
Communication Manager for the reasons below.
Class: qqsp_DistAccessException
Detected at: qqdo_PartitionMgr::StopLocation at 1
Error Time: Tue Nov 30 11:09:53
Exception occurred (locally) on partition
"OP_MB_BLF_cl1_Part21-router", (partitionId =
30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
[30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in
application
"OP_MB_BLF_cl1", pid 31331 on node seattle in environment
ProductEnv.
SYSTEM ERROR: Failed to establish connection: OS Error 61: Connection
refused
Class: qqsp_DistAccessException
Detected at: qqcm_HoseFSM::SetError at 5
Error Time: Tue Nov 30 11:09:53
Exception occurred (locally) on partition
"OP_MB_BLF_cl1_Part21-router", (partitionId =
30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
[30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in
application
"OP_MB_BLF_cl1", pid 31331 on node seattle in environment
ProductEnv.
SYSTEM ERROR: hose 23 STATE_CONNECTING (EXT_RECEIVED) from
qqcm_HoseFSM::IssueConnect (after EstablishConnection)
Class: qqsp_ErrorDescriptor
Detected at: qqcm_HoseFSM::SetError at 1
Error Time: Tue Nov 30 11:09:53
Exception occurred (locally) on partition
"OP_MB_BLF_cl1_Part21-router", (partitionId =
30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0, taskId =
[30B47390-88AA-11D1-89C9-8754A988AA77:0x9ebd0.5365]) in
application
"OP_MB_BLF_cl1", pid 31331 on node seattle in environment
ProductEnv.Dear Sage,
Thank you for reaching the Small Business Support Community.
Unfortunately none of the Small Business routers were intended to provide DHCP option 66 for IP Phones configuration via TFTF server. I suggest you to look for a enterprise device for that matter, like an ASA for example, and you can also inquire about a low cost option from their community support forum.
My job role in Cisco, among several, is to identify business opportunities and product enhancements for the Small Business products so I am definitely going to suggest this option 66 feature for future firmware releases.
Please do not hesitate to reach me back if there is anything I may assist you with in the meantime.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
Can I use Time Capsule to share a public ip within a network with DHCP enabled?
Hi I have a router with 8 public ip's which is doing DHCP for the public ip's I own. What I am trying to do is to give a static public IP to my Time Capsule and then the time capsule should create another network (both wired and wireless) with private IP (eg. 192.168.1.xxx) and do DHCP to the connected to time capsule devices.
I tried to select the option SHARE A PUBLIC IP but it is not working.
Any help?
ArmandosI am assuming that the static IP address that you are attempting to assign the WAN-side of the Time Capsule is one of the eight Public IP addresses available to you ... correct?
If so, then you should be able to configure the TC's WAN port for either: 1) Use the "Using DHCP" option to grab one of these Public IP addresses from the upstream router's DHCP server, or 2) Use the "Manually" option, and then, enter the appropriate IP addresses in their appropriate fields.
With the Connection Sharing = Share a public IP address selected, the TC's NAT & DHCP services will be enabled and they should be able to provide a Private LAN behind it.
Are either or neither the TC's WAN or LAN sides working properly? -
RA VPN into ASA5505 behind C871 Router with one public IP address
Hello,
I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
The public IP address is assigned to the outside interface of the C871. The C871 forwards incoming traffic UDP 500, 4500, and esp to the outside interface of the ASA that has a private IP address. The PC1 can establish a secure tunnel to the ASA. However, it is not able to ping or access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand removing C871 and just use ASA makes VPN much simpler and easier, but I like to understand why it is not working with the current setup and learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname router
boot-start-marker
boot-end-marker
enable password 7 xxxx
aaa new-model
aaa session-id common
clock timezone UTC -8
clock summer-time PDT recurring
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp pool dhcp-vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
ip cef
ip domain name xxxx.local
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
username xxxx password 7 xxxx
ip ssh version 2
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN Interface
ip address 1.1.1.2 255.255.255.252
ip access-group wna-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface Vlan1
no ip address
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description router-asa
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-pat interface FastEthernet4 overload
ip nat inside source static 10.10.10.1 interface FastEthernet4
ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
ip nat inside source static esp 10.10.10.2 interface FastEthernet4
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.10.10.0 255.255.255.252 10.10.10.2
ip route 192.168.2.0 255.255.255.0 10.10.10.2
ip access-list standard ssh
permit 0.0.0.0 255.255.255.0 log
permit any log
ip access-list extended nat-pat
deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended wan-in
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.255.0.0 0.0.255.255 any
deny ip 255.0.0.0 0.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip host 0.0.0.0 any
deny icmp any any fragments log
permit tcp any any established
permit icmp any any net-unreachable
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny ip any any log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class ssh in
exec-timeout 5 0
logging synchronous
transport input ssh
scheduler max-task-time 5000
end
ASA:
ASA Version 9.1(2)
hostname asa
domain-name xxxx.local
enable password xxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxx encrypted
names
ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
interface Ethernet0/0
switchport trunk allowed vlan 2,10
switchport mode trunk
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
ftp mode passive
clock timezone UTC -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name xxxx.local
object network vlan2-mapped
subnet 192.168.2.0 255.255.255.0
object network vlan2-real
subnet 192.168.2.0 255.255.255.0
object network vpn-192.168.100.0
subnet 192.168.100.0 255.255.255.224
object network lan-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
object network vlan2-real
nat (inside,outside) static vlan2-mapped
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh 10.10.10.1 255.255.255.255 outside
ssh timeout 20
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy vpn internal
group-policy vpn attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split
default-domain value xxxx.local
username xxxx password xxxx encrypted privilege 15
tunnel-group vpn type remote-access
tunnel-group vpn general-attributes
address-pool vpn-pool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ikev1 pre-shared-key xxxx
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
: endHi,
I think, that you want control all outbound traffic from the LAN to the outside by ASA.
I suggest some modifications as shown below.
C871:
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.2 255.255.255.0
no ip nat inside
no ip proxy-arp
ip virtual-reassembly
ip access-list extended nat-pat
no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
no permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ASA 5505:
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
Try them out and response.
Best regards,
MB -
DHCP Option Tags are not being applied...
Hi,
About to loose my mind... basically we are working towards a small WYSE Thin Client deployment in our environment. The WYSE clients require to receive certain DHCP Option Tags to find the WCM server of which they receive their configuration from. Same
applies to the WDM Server as well. The problem is no matter what we do, our test client is not receiving the custom option tags we've defined in our DHCP server.
DHCP Servers:
vlan41
10.40.1.206
10.40.1.207
Test Client:
vlan46 - ip helpers defined on the switch
Set to receive the same ip address from the DHCP server through the reservation route.
Option Tags:
186 - WDM Server - 10.40.1.184
195 - WCM Server - 10.40.1.185
196 - WCM Path - /
I've installed Wire Shark on the test client to monitor the DHCP activity. The above custom options tags are not being pushed on to the client.
The Router, DNS Server and Domain Tags are being pushed. So it's working but also not working????!!!
Anybody with some insight to this problem?Hi hpaul_p
In all fairness I'm about to give up... the vendor is not coming up with a solution and constantly blaming Microsoft. To further test and confirm this wasn't a network issue, I've setup a secondary test environment using a 4 port switch, a client and
a DHCP server. Same results!!! I'm really running out of time, so my work around is this: I've setup a SRV records pointing to the WCM server... in your case this would be SRV record for the WDM server. I've disabled the auto
discovery functionality of the WDM Agent, for some reason it seems to be clashing with the WCM agent. Since you will be using WDM only, don't disable auto discovery, tick the DNS SRV record from the Discovery Settings under the client agent.
I'm going to add the clients to the WDM server manually through their ip addresses so don't need auto discovery. From what I gather from the manuals the WCM searches for the repository or conifg servers in this order: 1. SRV 2.DNS (A record)
3.DHCP (Options), I bet it's the same with WDM. Though SRV and DNS methods has their limitations, if you will be using the default paths and credentials it shouldn't be a problem. This is all I have have. Steven Song I've forwarded you the
DHCP database, if you find any problems with it please let me know. -
Which is the best low-cost camera for my use?
Hi everyone. Been busy and off the forums for a while, but need your expertise once again.
I just found out that the Panasonic HVX-200p that's been on loan to me for 2 years has to be returned. Since I run a non-profit, I am thinking about asking my major donors to buy one for us. So, the question becomes which one? I own the CS4 MC, and you can see my other info in my profile.
I only do educational-type videos in an interview format against a green screen so far. I've been capturing direct to OnLocation via 1394 FireWire at 720p/60fps and editing in an HDV 720p/30 sequence. I sometimes do "man on the street" segments (capturing to OnLocation on laptop). I integrate numerous PSD graphics as educational slides, a lot of AE projects I get from videohive and customize, render, & import into PP, and motion backgrounds like Pond5's weekly free stock footage (much of this stuff gets resized, of course). I do some scoring and some SFX and export the audio to SB for touchup. I use a bunch of Lowes/Home Depot worklamps with fluorescent bulbs for lighting the subject and background. I key my backgrounds using PP/AE Dynamic Link. Oh, and I'll need a lapel mic and a tripod, too. I would prefer not to rule out shooting at 1080i/p at some point.
I export H.264 highlight clips which get uploaded to Vimeo and embedded in our website using prettyPhoto features. Ultimately, the finished PP project is exported as MPEG2-DVD, finished in Encore, burned via ImgBurn. If you want to see a good example, watch this http://vimeo.com/23346431. Caution: this is religious material. Be sure to repent before watching
So, there's not really much heavy lifting here. But when it comes to what is the minimum I need with the options of capture formats, etc., I'm clueless. I've read about problems with AVCHD, and although low-cost, is it really a problem for what I do? I trust this forum more than online reviews, and I'd appreciate recommendations of specific models and where to buy, if possible. Also, what about used cameras? Please remember, the budget is tight.
All suggestions and questions are welcome and very much appreciated.
PaulActually, two things surprise me in your statement and one is simply incorrect:
As for Broadcast quality..... a little station called CNN - you might have heard about them bought 250 of them from Panasonic about a year ago.
First, that CNN would buy JVC cameras not from JVC, but from Panasonic.
Second, there are no JVC cameras on the BBC approved list at all, see http://downloads.bbc.co.uk/commissioning/site/BBC_Approved_HD_Cameras.pdf and the only affordable ones on the list in the handheld category are the Canon XF300/305. Maybe that is the reason the BBC bought 350 of these. Even the Sony XDCAM EX is only accepted in combination with a 50 Mb disk drive, not in the native 35 Mb format.
The BBC approved list is a list that most broadcasters adhere to, including CNN, Discovery, ARD and NGC.
The JVC GY-HD100U is definitely not acceptable for HD, and in no way HD broadcast ready. But that CNN bought that number of these cameras is probably caused by the fact that they think these deliver better quality than regular phones. And it does not use XDCAM, but a very simple HDV codec, limited to 1280 x 720 resolution. See http://pro.jvc.com/prof/attributes/specs.jsp?model_id=MDL101539&feature_id=03
This simply means that the Canon codec is very acceptable to the BBC for HD programs. The XF100 uses the same codec, but is only a single sensor camera and for that reason alone not approved by the BBC.
Paul, if you can live with the limitations of a single sensor camera - and given your intended purposes, I think you can - the JVC does not even come close and the XF100 material will be hardly worse than the XF300/305. To the untrained eye the results are almost the same.
Maybe you are looking for
-
For example, suppose that I have selected the three lines in the image A below. From a right-click > Transform > Scale... > Uniform (70%), I can produce B. However I would like to produce C, in which each line is scaled down by 70%. (Of course, I
-
In Portal , iView of type WebService Not working.
hi all , I am working on O4s SP7, I am trying an example where i want to access a web service using EP. i have made the proxy settings that are required.. In system configuration , under Visual Composer i created a new Model from System Template of t
-
TS1538 Connecting Iphone to Itunes
Hello, I just wanted to back -up my Iphone on Itunes as usual, but my Iphone does not come up in the Itunes sidebar and it is not connecting. The Iphone is connected to Windows fine, the Apple Mobile Device is running correctly, my USB cable is fine,
-
Re: Counter in the report
Hi Gurus, Can any one help me out how can I be able to print the counter of invoice details for a check in the output of the report. I am having a report where there are 2 repetitive frames one for check number and other for invoice number. --> After
-
Error when trying to re-publish
I published the page using a local folder. I use my university's domain space, so the ftp is built-in to the computer. I successfully published the page once. However, then I decided I wanted it to be accessed through a different route, so I deleted