Malfunction of Low balanace router

Similar Messages

• Low cost router with DHCP option 66

  I am trying to find the lowest cost Cisco router with option 66.  I use the router in conjunction with spa50x phones and need to be able to have them config at boot up.
  I was using the srp521.  It was suggested to use the isa550, but that just got an EOL.  Do any of the RV routers support it, I did not find it on a rv110 and I know its not on the rv042.  It seems to me that this is a functionality that should be on a router aimed at a small business.
  Sage

  Dear Sage,
  Thank you for reaching the Small Business Support Community.
  Unfortunately none of the Small Business routers were intended to provide DHCP option 66 for IP Phones configuration via TFTF server. I suggest you to look for a enterprise device for that matter, like an ASA for example, and you can also inquire about a low cost option from their community support forum.
  My job role in Cisco, among several, is to identify business opportunities and product enhancements for the Small Business products so I am definitely going to suggest this option 66 feature for future firmware releases.
  Please do not hesitate to reach me back if there is anything I may assist you with in the meantime.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• Poor Performance from Router MI424WR

  Purchased Verizon internet for the first time a few months ago, was told the coverage was 200 feet from router.  My home is 2 stories, have no internet in lower level (router is on top floor), cannot get signal on deck, which is literally 50 feet from router.  Is this what I should expect for my money?  I used to have cable modem and separate router, and had zero problems in 3-story, 3500 sq ft house. Should I have to buy an extender, isn't there other options Verizon can offer me for what I am paying?  Or maybe someone has a suggestion on how to fix.  Really disappointed in this service, plus if you try to call for support, the wait time is always over an hour.  How can a company get away with this? Really digusted as I work from home on the net, and can only work in 50% of my living space.  Thanks for any suggestions. Steve

  chefdijour wrote:
  I am not sure what you mean by "change the channel that the router is using for wireless devices and see if that helps"? Trying to get someone on the phone of even arrange a service visit is all but impossible, a sad state of affairs for a such a large company that lauds itself on customer service.  I long for cable again. FYI, you're talking to other customers here.  If you want a response from Verizon, you need to call or chat with them. To adjust WiFI settings on the router, you'll need to login to it's administrative management web page.  Typical installs will put it at http://192.168.1.1 (go ahead, click on that link).  The username is "admin".  The password is printed on the router's label, unless you've changed it. A simple google search for "mi424wr manual" will locate the documentation on Verizon's web site.  If that doesn't answer your questions about how to adjust the settings, post back and you'll get some more help. If you can't figure this out yourself (with help from forums like this or other online resources), you'd be better off hiring a local network tech to do the work rather than a Verizon tech visit.  They typically do not do this type of in home support.  If you do get Verizon to send a tech for this, they will charge you a lot of money for it as it's not a problem with their system. Enjoy. 

• Cisco CE565 and Router 3COM 3012 series

  I would like to know that does Router 3com 3012 supports protocal WCCP in able to work with cisco content engine CE565 for transparent proxy mode?

  From what I've seen the simple answer is No, the 3012 is quite a low specification router. I've also been told that not all implementations of WCCPv2 are equal, don't know if this is FUD or not but I think my recommendation would be to use a Cisco router to perform transparent redirection. At least the support will be better if you done run into issues.
  regards
  Mark

• My complaints about VZW's lack of good "feature" phones

  In an effort to save on my wireless bill (college kids have to do that) I have moved from my beloved LG Ally to a KIN TWOm. Upon seeing  the selection of  "feature" phones that VZW offers, I was left with an empty feeling. Verizon has to have the worst selection of "feature" or "quick messaging" phones in the business. Gone are the glory days of the ENv Touch, Rogue, Chocolate Touch (piece of crap really), and Reality (still found in some stores). Now we (the customer) are stuck with offerings like the Cosmos Touch and the Pantech Crux as well as the KINs. As far as the Cosmos and Crux is concerned, they are far from enticing. So is the once overly hyped KIN series the only appealing decives they offer for those looking to save? Looks that way.
  Let's take a look at what competitors like ATT and T Mobile have to offer (I use them as they are now, technically, "bigger" than VZW). ATT has a spectacular selection within their "quick messaging" phones. Some of those that shine brightest are the LG Vu Plus, Samsung Eternity II, Samsung Solstice, HTC Freestyle, and the Pantech Laser (among others). All of these phones offer a
  resistive touch screen or better, as well as, at the least, a 2mp camera. All of them also come with some type of social network integration. The Samsung also include an intuitive display that allows you to place widgets on up to three homescreens. The Freestyle provides a smartphone experience without the data package price, and the Laser is acclaimed as the thinnest sliding phone ever.
  T Mobile has the Samsung Gravity T, t249, t359 and  Nokia Nuron (these stick out to me most). The t249 and t359 aren't touch screen phones, but they have clean interfaces and social networking integration. The Gravity has a 2mp camera, good color choices, and a great OS. The Nuron isn't the greatest phone, but it offers a capacitive touchscreen and a good user experience. Even though T Mobile's selection isn't as good as ATT's, it trounces VZWs'.
  If you don't have the pleasure of choosing from great selections (those of ATT and T Mobile) then like most, if not all of us here, you are stuck between choosing a flip phone dating back at least four years (Accolade), one approved by military standards (Ravine, Brigade, Barrage, etc...) or one of the touchscreen "feature" phones VZW offers. The Cosmos Touch, Crux or KIN ONEm or KIN TWOm. What is so bad about these phones? Well, I can't say too much is wrong with the KINs, aside from them carrying a half-baked OS (the potential these phones had was astoundingly lost in bad marketing and under development). The Crux on the other-hand is a pain to use. Considering its unresponsive touch screen, and sluggish performance it makes for a terrible user experience. This leaves the Cosmos Touch-it is no ENv Touch. It lacks a good camera, no way to record video, and a bad screen resolution. 
  The way I see it is that the only decent "feature" phones VZW offers are the KINs ONEm and TWOm. They are equipped with WiFi, 5 and 8mp cameras (respectively) capacitive touchscreens, and a decent web browser. These are features that ATT and T Mobile do not offer on their "quick messaging" phones (1 point for VZW). Too bad they only come with a stripped OS (no more LOOP or KIN SPOT) because these features were too "data heavy"  and, in all honesty, made them too much like smartphones. Nor do they include Backup Assist support, or any access to the VZW apps (really not a big deal anyway). At least when using a KIN you aren't bombarded with VZW marketing and logos. 
  Before I settled on the KIN TWOm I checked to see if I could get my hands on a Samsung Rogue (re-certified). The only way I could only get it is to pay $159. For a re-certified phone? I don't think so. It is obvious that while ATT and T Mobile are still keeping those in mind who can't afford a smartphone, VZW is forgetting them. They are throwing the "feature" phone to the wind and concentrating on selling expensive smartphones. I will say that they are making smartphones more affordable, but it is not yet enough.
  In the end I will stick with VZW, as long as I can afford it....they really do have the best coverage. But I will be a disgruntle customer stuck with a pathetic selection of "feature" phones until the day I go back to my smartphone (out of college maybe?). I will now step off of my soapbox.
  Thanks to those of you who read this, and I hope VZW takes this seriously.

  The main point of the post was to provide a solid comparison of the lower end phones offered by the three most major carriers in order to show that VZW is falling behind (albeit in brief). I will admit that that did get lost as my post dragged on. The problem is that Verizon does not offer a good enough selection of phones to choose from for those trying to save by going the lower end route.
  Thier selection of phones has indeed changed. Comparing the latest run of "feature" phones to the phones they offered not just two years ago, I can see a change. The quallity and build of the products is the same, but the capabilities are lower. If you look back at the phones I mentioned from ATT and compare them to the touchscreen phones that Verizon offers, I think you will see a difference in features. You can get previous phones; but by doing so you forfeit the ability of getting insurance, or any other replacements.
  When I said that T Mobile and ATT are bigger than VZW, I am taking into account the merger that is currently taking place. Once the merger is 100% complete they will have about 30 million more subscribers than VZW. I doubt that T Mobile's quick messaging phones will become obsolete like Alltel's did. T Mobile is larger and thier phones are better known.
  I agree that VZW has better customer service (many sources can prove this), but I do not agree that ATT's  phones are garbage. They carry Samsung, LG, and Pantech. VZW carries the same brands (+ Sharp). I will again agree that VZW is the best all around, except for the selection of  "feature" phones. A reason I will stay with Verizon is that they have good customer service, and great reception everywhere, if this were not the case I would switch carriers simply for the chance to get a better lower end phone. I also stay with them in hopes of being able to get a smartphone back one day-VZW has a fantastic selection of them.

• What is up with Apple's Network not supporting Network scanning and even Ne

  Hello.
  I have a HP 3210 Network printer/scanner. After upgrading from my LinkSys router to a Time Capsule I now find that my HP Network scanning capability is dead. Apple tech support has admitted that they don't support scanning nor even some network printers on the Time Capsule, airport & Airport express. Apple won't even give me enough details on the issue so I can talk intelligently with HP???
  What is up with that? That is completely unacceptable. I can print to my printer, I can browse the built-in web server (and scan interestingly enough using the web server), but when you try and run the HP scanning client it indicates it can't communicate with the printer/scanner.
  Any ideas out there? I'm really disappointed.
  Len in Canada

  What is the deal here?
  Easily explained: On or about 24 July the entire discussions.apple.com web site was moved to servers running Windows Vista Enterprise OS. The site was compromised approximately 6 seconds later by a group of Romanian hackers believed to be funded by Nigerian Internet scammers who had millions of dollars in credit to play with when hundreds of thousands of victims sent them their credit card numbers to pay what they thought were nominal fees to get some of the 100,000 missing iPhones sold the first week but according to AT&T never activated. Supposedly, a malfunction in a mail router or address machine (the story varies) inadvertently sent all these phones to a mid-ranking Nigerian official who needed financial assistance with getting them out of the country.
  Well, either that or the site is still controlled by Apple & has been undergoing extensive changes which, shall we say, have not yet been completely sorted out, much in the same way that Iraq has not ....

• Windows RDP Remote Desktop not working with WRVS4400N

  I use RDP extensively on my LAN to use and manage 4 PCs running Win XP or Win7. My consumer-grade Cisco Linksys WRT610n crapped out after less than 2 years, so I thought I'd try the Cisco WRVS4400N to gain extra features like VPN. I have not enabled anything new on the router except for adding a second wireless SSID for guest use, although no bandwidth management or VLANs have been set up yet. Firmware version is 2.0.0.8.
  Since installing this router I have been unable to use Windows RDP on ANY of my computers on the LAN, whether I use the machine name or the IP address. I can ping every device on my network - print servers, NAS boxes, PCs, but no RDP. WHAT'S GOING ON?

  I have the EXACTLY same problem!......
  It´s driving me crazy that I have spend 150 $ for some shit of a device (Sorry but i´m frustrated)
  I have almost tried everything to make RDP work without any succes.
  I have opened port 3389 to the spefic computer with RDP enabled. It worked prefectly with a low-budget router
  undtil a changed it out a (high quality router - WRVS4400N-EU Version 2)
  Could some please tell me what i´m doing wrong or what Cisco is doing wrong.
  I have always belived that Cisco produckts was equal quality

• What method does iPhoto 6 use to convert Raw photos for Books?

  I shoot Raw. I like to have the odd soft cover iBook for Holiday memories.
  Obviously iPhoto does not upload the RAW files to the printers, so what is its conversion process? Would I get better results if I converted them first before creating a Book File? I have followed the list of disappointments people have with these smaller books. Old Toad was most helpful with the Pref Setting 300 tip, but I wonder if in the process of conversion from Raw iPhoto uses a lower quality route?
  Any one out there who knows the best practice for Raw Shooters. By the way I am based in London and so the alternative printing websites do seem to take a bit too long with postage.

  Adobe Camera Raw is the way to go – it will do all you want and more.
  You can pick up the basics very quickly but it pays in the long run to discover its incredible versatility by visiting the Camera Raw forum.
  And read the book too!

• How does BT Broadband actually work?

  I'm trying to understand the process of how my PC connects to the internet and what journey the data takes. I did a trace route for twitter.com from my PC, and got the following results, which I'm trying to use to 'visualise' the network. I am not technologically minded in the slighest so apologise in advance if my questions (in bold below) are moronic:
  Tracing route to twitter.com [199.16.156.102]
  over a maximum of 30 hops:
  1 14 ms 2 ms 6 ms BThomehub.home [192.XXXXXX...]
  I'm assuming this is just the address of my own BT wireless hub. 
  2 * * * Request timed out.
  3 * * * Request timed out.
  4 10 ms 9 ms 9 ms 217.41.216.53
  5 10 ms 10 ms 10 ms 213.120.156.210
  6 16 ms 34 ms 10 ms 213.120.178.65
  7 31 ms 12 ms 17 ms 217.41.168.107
  Steps 4 - 7: what are these? They appear to be BT addresses. Are they just various BT routers directing the data towards the nearest main access point? What are these in terms of physical locations - a building with a bunch of routers in them?
  8 11 ms 10 ms 10 ms acc1-te0-4-0-11.l-far.21cn-ipp.bt.net [109.159.2
  55.194]
  I've looked up the "21cn" bit and can see this seems to be some kind of BT network - so I'm guessing this is the point where local traffic joins BT's own 'backbone'?
  9 12 ms 10 ms 10 ms core1-te0-7-0-6.faraday.ukcore.bt.net [109.159.2
  49.19]
  Googling this and it seems to be an actual buildling called the faraday buildling in London?
  10 14 ms 13 ms 14 ms 62.6.201.217
  This is another BT address, which appears to be in Suffolk. Why has it suddenly gone up there? 
  11 11 ms 12 ms 12 ms xe-1-1-0.cr1-lon1.twttr.com [195.66.225.142]
  I can see that this is LINX in London. As I understand it, this is an information exchange point where various ISP's come together to peer. I don't get what happens when it gets to the IXP, i.e, how it then connects internationally...
  12 117 ms 116 ms 116 ms xe-10-1-1.iad1-cr1.twttr.com [199.16.159.145]
  13 128 ms 144 ms 132 ms ae50.atl1-er1.twttr.com [199.16.159.73]
  14 121 ms 122 ms 122 ms 199.16.156.102
  Steps 12 - 14 are twitter-owned US addresses. The jump from 11 - 12 seems fairly massive. How did the data get from LINX in London all the way over the US? Perhaps it got sent to a submarine cable off the coast of the UK, but was there not any more routing involved to help it get there? What was the point of it going to the IXP in the first place?
  One final question: where do DNS servers come into all of this? At what point in the journey is the DNS server queried (presumably quite early on). Where are DNS servers located in the UK?

  Not directly answering your questions, but some comments and comparison to my routing ...
  The dns server does not come into the routing of the real data packet.  The DNS server converts the name twitter.com into the ip address  199.16.156.102.  That will generally only be done once right at the start of any communication.
  You are correct that the fist step is the HomeHub (typically 192.168.1.254).  This should respond in 1ms or less, maybe a little more for wireless.
  Step 2 is some kind of concentrator behind the exchange and into the BT network.  It usually gives a tracert time, which is useful (at least for Infinity users) for seeing if you are interleaved or not (values around 5/6ms not, values around 15ms yes)
  The next few steps do go through various BT routers.  The path taken is sometimes rather roundabout:  for me (Winchester) it always goes via Sheffield and then to Ilford or Ealing before escaping the BT internal network at telehouse in London.  
  I'm guessing the Sheffield bit from the .sf. bit in the name, from the ping times, and from comments made by others on the the forums.  Looking up the location for an ip address on the various sites is not at all reliable, so your Suffolk bit may or may not really be there.
  The long jump at your step 11/12 is probably from telehouse to a concentrator in the US with no IP level steps in between.  I'm not sure how the actual fibres run and whether there is any lower level routing.
  ~~~~
  Tracing route to twitter.com [199.16.156.38]
  over a maximum of 30 hops:
  1 <1 ms <1 ms <1 ms 192.168.1.254
  2 6 ms 5 ms 8 ms 172.16.14.14
  3 * * * Request timed out.
  4 7 ms 7 ms 7 ms 213.120.158.173
  5 11 ms 11 ms 11 ms 217.32.145.106  <<< I guess from the extra 4ms that this is at or near Sheffield
  6 13 ms 11 ms 12 ms 217.41.169.95
  7 13 ms 11 ms 11 ms 217.41.169.109
  8 11 ms 11 ms 32 ms acc2-xe-5-0-2.sf.21cn-ipp.bt.net [109.159.251.239]
  9 18 ms 23 ms 23 ms core1-te0-0-0-6.ilford.ukcore.bt.net [109.159.251.157]  <<< slow to respond to tracert requests
  10 24 ms 23 ms 23 ms peer4-te-0-3-0-1.telehouse.ukcore.bt.net [62.172.102.25]
  11 20 ms 20 ms 20 ms xe-1-1-0.cr1-lon1.twttr.com [195.66.225.142]
  12 126 ms 127 ms 139 ms xe-10-1-1.iad1-cr1.twttr.com [199.16.159.145]
  13 142 ms 148 ms 149 ms ae50.atl1-er1.twttr.com [199.16.159.73]
  14 138 ms 137 ms 139 ms 199.16.156.38

• InDesign CS4 - Serious Screen Rendering Issue

  I just migrated from the CS2 Suite to CS4 Suite (I uninstalled CS2 Suite first before installing CS4 Suite) on my Windows XP SP3 system.
  The first thing I noticed was that InDesign CS4 (ID) had trouble rendering its screens properly when doing common functions. When the issue occurs, only "parts" of the ID app screen will display (see attached figure), and the CPU usage (as shown in Task Manager) goes to 100% usage. At this point, my system grinds to a halt, and I don't know where I am in the ID application because the screen is not fully "painted". All I can do then is shut down ID using the "End Task" option of the Windows Task Manager. As soon as ID closes, my CPU usage immediately goes back to normal (5-10% range).
  So far, I've noticed this rendering issue when:
  - I minimize the app to the system tray, then go to maximize it. This happens with or without an ID file open.
  - I am closing/exiting a file
  - any time a lot of screen repainting needs to occur when moving "in" and "out" of ID
  This issue may not happen at every instance in the above circumstances, but often enough (90% of the time) to make ID virtually unusable to me. Sometimes, I am able to "jog" ID back to its senses (i.e., a proper repainting of the screen) by navigating through the ID menus. This works only sporadically, however, and the results usually do not last long.
  This issue does not show up on any other of my CS4 apps (PhotoShop, Illustrator, Acrobat, etc.), nor on any of my Windows Office 2003 apps. My other colleagues in my department have not seen this issue with their CS4 ID, and some of them are running nearly identical systems as mine (everything but the Dell monitor).
  What I've tried so far without any help:
  - used Adobe Updater for the latest CS4 updates (I am running ver. 6.0.2 of ID)
  - ran Windows Update and installed all the latest updates beyond SP3
  - deleted files on my hard drive to free up space (I have 20% free)
  - defragged my hard drive
  - updated my display driver
  - tried various screen resolutions and refresh rates of my display
  Specs of my machine:
  Dell Optiplex GX620
  Pentium 4 3.00 Ghz CPU
  80 GB Hard drive
  4 GB RAM
  Windows XP SP3
  Dell 1907ftp LCD monitor
  IE ver. 6.0.2900
  McAfee 3.6.0.608 virus checking
  Can anyone help?

  One thing that is missing from your list of system components is the video card used on your system. And that may be the source of your problems. In general, though, we are not aware of any video problems particular to InDesign 6 as opposed to InDesign 4 which you previously had installed.
  Many low-end computers from Dell and others take the low cost route by integrating a graphics display chip, typically from Intel, on the motherboard which does not have its own dedicated graphics memory. It shares memory with Windows. This has several ramifications (pun not really intended, sorry!). The first is that using main memory as video memory means that you have very slow video memory, very much slower than the memory on dedicated graphics cards. The second is that access to that memory competes with disk operations, CPU operations, and virtually everything and anything going on with your system. If in fact your system does have one of these integrated graphics chips in lieu of a real graphics card, there might not be much you can do assuming you have the latest video driver (you said you checked that) unless your Dell OptiPlex allows you to disable the motherboard integrated graphics chip and install a real video card. (To be completely fair, the integrated graphics display chips are perfectly fine for systems that are not running graphically intensive applications - Outlook, Word, and a web browser instance or two work quite well with those configurations.)
  Other things that I would check would be disk space as well as fragmentation. An 80GB disk is not that big these days and if most or much of the remaining free disk space is highly fragmented (as it might be after uninstalling CS2, installing CS4, and perhaps doing a whole bunch of Windows updates including SP3), disk operations, including page file operations, might be excrutiatingly slow.
            - Dov

• NAC server is not available on the network

  I am doing a rollout of ISE 1.1.1. I am using NAC agent 4.9.0.47 for posture checking win7 x86 machines. Occassionly users are getting 'NAC server is not availble.... try disconecting and connecting to the network to start a new connection' When I  try to reproduce the issue it is not happening. It happens randomly here and there. What are the possible reasons fro this issue. Since ISE is not getting posture result, and the machine remain in in posture check 'unknown' stage. I am in half way of rollout and it is stoping me to further rollout. IIf anybody knows, please advise.........

  Hi,
  I had the same issue and upgrading to 1.1.2 made the issue quiet down a bit. I have a few reported issues but havent seen any in the past 2 weeks. Also which supplicant is the client running and do they see these on the laptops or machines that have both wired and wireless connections?
  The reason I ask is that the native windows supplicant tends to connect to both networks (wired and wireless), this can can cause some problems with the NAC agent if the link for the wired or "the lower metric route" flaps.
  the bug cisco provided me is related to "CSCuc70607".
  Hope this helps,
  Tarik Admani
  *Please rate helpful posts*

• E1000 wifi dead whenever I copy a large file between 2 PC's

  Whenever I try to copy a large file (eg. 200 MB) from one PC to another (both connected wirelessly to the Linksys E1000 router), the wifi on the router dies.  I can see the wifi indicator light on the router go off, and my PC's lose their connection (of course).
  I understand that the E1000 is a low-end router so if it copies really slowly I can accept it.  But how can the wifi just die out like that?  Is there something I didn't setup properly?
  btw, this issue is present even after I upgraded to the latest firmware (2.1.02 build 5).
  Would greatly appreciate any advice.

  Hi,
  Thank you for your reply.
  1.  Problem not due to firmware upgrade.  The problem existed before the firmware upgrade, and persist after the upgrade. But yes, I did power off and power on my router again.
  2. I followed some instructions on this forum to chnage the following settings:
  Channel: 11
  MTU: 1340
  Beacon: 75
  Fragmentation Threshold: 2304
  RTS: 2304
  And strangely enough, it works now!
  3.  This morning, upon seeing your reply, I decided to do some investigation to see which setting did the trick. I modified each setting back to the default, one by one, and tested the large file copy each time I revert something back to default.
  Surprisingly, the file copy operation was successful throughout the tests, even upon reverting all settings back to default.
  So, what is the "problem" with this router? I had problems for 1 month with the default settings, and then suddenly all problems disappear?
  Wai Kee

• ISE/NAC posturing - WSUS not available?

  We ran into this scenario this weekend.
  We have 2 VPN sites(US and EMEA) both ASA 5515X...each site has a WSUS server (US is master, EMEA is downstream).
  VIA GPO, we have EMEA workstations set to get updates from the EMEA WSUS server. We have the VPN profiles set to rollover if one isn't available.
  (so if you try to connect to US, and it isn't responding it automatically tries the EMEA connection, and vice versa)
  We have tested the scenarios where the EMEA VPN itself is down, but the EMEA employees are still able to connect via the US, because the INTERNAL network (and its tunnel to EMEA) is still active.
  The problem that arose this weekend was, that ALL of the EMEA site was offline, including the WSUS server. So even if EMEA employees connected to the VPN, when the NAC agent checked the WSUS update status, it would time out looking for the EMEA WSUS server.
  So, as a workaround I had to tell ISE not to perform WSUS checking for the EMEA group.
  However, this is a manual process, and not acceptable in a 24/7 environment.
  Does anyone have suggestions on how to correct this single point of failure? Can you identify a secondary WSUS server on the client so that it tries to talk to both at any given time? Is there some setting in ISE?
  Honestly, this ISE implementation has been a HUGE thorn in my side....and it seems just when I think we are able to put it behind us...some other little detail comes out of the woodwork like this. I just want this to work, and make things better and smoother...not keep having little issues and it reflecting bad on myself and co-workers.
  Dirk

  Hi,
  I had the same issue and upgrading to 1.1.2 made the issue quiet down a bit. I have a few reported issues but havent seen any in the past 2 weeks. Also which supplicant is the client running and do they see these on the laptops or machines that have both wired and wireless connections?
  The reason I ask is that the native windows supplicant tends to connect to both networks (wired and wireless), this can can cause some problems with the NAC agent if the link for the wired or "the lower metric route" flaps.
  the bug cisco provided me is related to "CSCuc70607".
  Hope this helps,
  Tarik Admani
  *Please rate helpful posts*

• Making a new private network.

  I want to build a network - private network. I have 80-90 sites with up to 14 hosts on each site. The hosts comunicate with a server. Not much trafic. Can I use a couple of 2924-XL-EN to connect the sites together? And from the switches a connection to another 2924 where I have the server?

  Instead of using a complete layer2 network design, I would start looking at Layer3 segmentation and fault isolation. If all 90 sites were connected with nothing but layer2 switches, you would have issues with STP convergance, broadcast storms, etc. Essentially, a single user with a bad nic or virus could take down the entire network. Depending on your requirements, you could do a hub-and-spoke design and have each site connect to a layer3 router at the hub of your design. From this you can provision subinterfaces per site and allow vlans per site. This would shrink the broadcast domain per site, and reduce the risk of a single site taking out the entire network. The layer3 device at the hub could provide inter-vlan routing to provide communication with all the sites. Or if distance is a factor, you could provision a lower end router per site (1710 or something) and have this router connect to a slightly higher end layer3 device (2800 or something depending on your traffic requirements). This would be a more scalable design and allow you to provide more services in the future. If you wanted to go all out with it, you could provision some kind of 2800 per site with a 3800 at the hub. Then you could run MPLS VPNs. Each site would have a router capable of label imposition and your at your hub, your router could function as a P router. You could also place your server into a central services VRF and do selective import and export of the VPN routes. This gives you the ablility to further segment your network (possibly start selling Internet access or service access to various customers) and still keep everything private.
  Hope this helps.

• DMZ setup for SBS 2011

  Any suggestions on a low end router capable of providing a decent firewall that would begin to meet the security requirements needed for a DMZ setup?  (example Cisco PIX 506 Firewall) 
  And whether it can be done with just a couple of wireless routers, one with an enabled DMZ?   My initial thought on this is that the standard consumer wireless routers have an eight character password which is far from secure enough to do
  much of anything. (brainstorm details below)
  Thought is to place a web form login page in the DMZ... add a read only file to test the web form access.  Nothing fancy and for now, it does nothing except verify that user can login or is denied login.   Verified login goes nowhere except
  "Success".  Build something later when the first part works (if it works).
  Plan is to exist over two lans (or IP sets within the domain - one set is 192.168.01.xxx and the other set is 192.168.02.xxx) and set up bypass rules between the two.  The Lan 192.168.01.xxx would house the DMZ (with HTTP port 80 access) and the
  Lan 192.168.02.xxx would house the internal domain (SBS 2011 DC running VPN, Sharepoint etc, HyperV server with virtuals running SQL and TFS, and laptop access).  The 192.168.01.xxx is a guest lan for non-domain (non-hostile) members.
  So my questions: 
  1) Can the HTTP header be forwarded from SBS 2011 router rules on the router firewall to hit the second lan (http requests from 192.168.02.xxx would be routed over to 192.168.01.xxx)?
  2) Can an inexpensive router like the PIX ($30 used) above solve the "crack the eight character router password issue?"  (Maybe I just need a newer router in general where the passwords are more secure?)
  Currently RWW open, SSL open, VPN (1723) open, 25 open... all other ports closed.  [Does this create any snafu's?]
  Hard to make head or tails of
  http://forums.untangle.com/networking/25935-setting-up-sbs-2011-secondary-internal-dmz-3.html
  R, J

  While all this is good information, I would clarify one point
  Port 80 should not be open and port forwarded as it's the single most commonly attacked port
  Users should be taught to come in via port 443, using https
  Cris Hanna [SBS - MVP] (since 1997)
  Co-Contributor, Windows Small Business Server 2008 Unleashed
  http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
  Owner, CPU Services, Belleville, IL
  A Microsoft Registered Partner
  MVPs do not work for Microsoft
  Please do not submit questions directly to me.
  <Linda Graham> wrote in message
  news:[email protected]...
  Hi,
  I have deployed similar setups for clients. The main thing is the quality of the router/firewall facing the internet. I assume when you talk about open ports, you mean open via NAT (network address translation) otherwise, you are leaving the firewall to
  do the hard work. I am a fan of Draytek 2830 adsl routers. They also have cable routers if you connect via cable. These are much more expensive than $30 - about £230 in the UK. Cheaper models by other manufacturers are available, but what you should look for
  is a fully customisable NAT server (also called virtual server on some cheaper models) Have a look at Zyxel and TP-Link professional routers. Passwords with these routers can be as complex as you need.
  I assume you have a static IP address or block of static IP addresses for your public wan address. Using dynamic DNS will create problems with spam filters if you are using an Exchange/smtp server on your SBS server to send email and is not recommended.
  SBS needs to be able to access your server via ports 25, 80, 443 and 987. You may also want to use 1726 if you need a VPN connection. Use NAT to map these ports from WAN to LAN. for example if your WAN address is XXX.XXX.XXX.XXX and your LAN subnet
  is 192.168.1.0 with your SNS server IP address set to 192.168.1.1 and your router IP is 192.168.1.254, then you would add the following to the NAT address table:
  WAN XXX.XXX.XXX.XXX port 25 to LAN 192.168.1.1 port 25
  WAN XXX.XXX.XXX.XXX port 80 to LAN 192.168.1.1 port 80
  WAN XXX.XXX.XXX.XXX port 443 to LAN 192.168.1.1 port 43
  WAN XXX.XXX.XXX.XXX port 987 to LAN 192.168.1.1 port 987
  This will provide secure access to these ports from WAN to LAN and will enable SBS remote web access, SBS Exchange Email and Outlook Web Access. Computers connecting will require either a third party domain certificate (eg from Verisign or
  GoDaddy etc) or the self issued certificate (found in the public document folder on the SBS server) to be distributed to machines to enable them to use this remote access.
  For the non secure subnet, you will need another router connected to a LAN port on your main router. Configure the WAN address of the secondary router to be 192.168.1.253 and the LAN  subnet to be anything suitable but different from your primary
  LAN, eg 192.168.2.0. On your main router, set the WAN IP address of your secondary router (192.168.1.253) on the DMZ. This opens the WAN port of the secondary router to the internet but isolates it from your primary LAN subnet.
  This setup is suitable for a secure network with public wifi access via the secondary router. Use the secondary router to restrict bandwidth, download types adult content etc. to prevent public abuse of your Wifi network, but still making it suitble
  for smatphones to connect.
  I hope this is clear, but if you have any questions, post again.
  regards,
  Linda
  Cris Hanna, Microsoft SBS MVP, Owner-CPU Services, Belleville, IL