New to Cisco
Background-
I am making the move from managing a DEV SAN system to a true production system, which includes moving from workgroup switches to a director class switch. We are going to go with the 9500 family as I am not sure what is going to happen to McData/Brocade, like everyone else.
Question -
I have not been a Cisco user so I need to start learning the SAN-OS and other aspects of the Cisco tools. Can you all please recommend a few good books to get me started, as well as which is the first Cisco certification that I should look at.
Thank you in advance
I would of course recomend Long's book on Storage Networking Protocols.
I also have found the CCO documentation and configuration cookbook extremely helpfull.
here is the link to the 3.0 docs http://www.cisco.com/univercd/cc/td/doc/product/sn5000/mds9000/3_0/index.htm
I would also recomend the following classes, either in person, or video on demand.
MDS 9000 Configuration and Troubleshooting (MDSCT)
Cisco MDS Storage Networking Fundaments (CMSNF)
Cisco Advanced Storage Implementation and Troubleshooting (CASI)
Cisco Storage Network Design Essentials (CSDE)
Cisco Multiprotocol Storage Essentials (CMSE)
--Colin
Similar Messages
-
New to Cisco, ASA5505 Help
Afternoon guys,
I have decided I want to learn Cisco so made the decision to pick up a used ASA 5505 from ebay and use it as my main firewall/router. I have it installed and working but have a few questions about configuration, as some of what i have done seems like a very inefficient way of setting things up.
My Basic config is this
O2 ADSL Modem in bridge only mode 192.168.1.254 > ASA 5505 Public Static IP >ASA Inside 192.168.1.1 > Rest of internal LAN.
I have spotted this blog post that details how to get to the modems WebUI through a Cisco router, But i am not sure how I would implement it in my network setup so would like advice on this.
http://en.tiagomarques.info/2011/05/access-your-modem-webui-behind-a-cisco-router-bridged-configuration/
O2 Modem IP: 192.168.1.254 ASA inside IP: 192.168.1.1Apple Airport: 192.168.1.2 (Wireless Bridge)LAN : 192.168.1.0/24 (VLAN 1)
The other thing I would like to ask is about PAT, I have configured it to allow Ports 3074TCP/UDP and 88TCP inbound to my Xbox to allow Xbox live to work. But I would like to know if there is a better way to do this using object groups.
This is currenlty how I set it up,
object network xbox_udp_3074host 192.168.1.5nat (inside,outside) static interface service udp 3074 3074exitaccess-list acl_outside extended permit udp any object xbox_udp_3074 eq 3074object network xbox_tcp_3074host 192.168.1.5nat (inside,outside) static interface service tcp 3074 3074exitaccess-list acl_outside extended permit udp any object xbox_tcp_3074 eq 3074object network xbox_udp_88host 192.168.1.5nat (inside,outside) static interface service udp 88 88exitaccess-list acl_outside extended permit udp any object xbox_udp_88 eq 88
What I would like to know is there a better more efficient way of setting this up as I have 3 network objects with 3 NAT statements and 1 ACL.
Finally I have attempted to configure a Client VPN on the ASA and it works and connects but the problem is it only appears to let web traffic through. If i connect using the VPN built into my iPhone and try a ping using using Ping Lite app i dont get any responce's. but if you open safari and put in 192.168.1.4 I get the WebUI of my NAS device if i try to RDP to my home server the connection times out. If i drop the VPN and connect to Wifi i can ping and RDP from my phone ok so it must be a config problem.
Below is my full config I have masked the password and cryptochecksum
: Saved: Written by enable_15 at 02:08:45.939 GMT Sat Apr 21 2012!ASA Version 8.4(3) !hostname warrillow-asa1domain-name warrillow.localenable password (Masked) encryptedpasswd (Masked) encryptednames!interface Ethernet0/0 description physical connection to O2 Box IV switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 description to inside VLAN nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 description to outside interface (O2 Modem) nameif outside security-level 0 ip address (Public Static IP) 255.255.254.0 !ftp mode passiveclock timezone gmt 0clock summer-time GMT recurringdns server-group DefaultDNS domain-name warrillow.localobject network obj_any subnet 192.168.1.0 255.255.255.0object service playOn service tcp destination eq 57331 object service service_xbox_udp_88 service tcp destination eq 88 object network HomeServer_tcp_57331 host 192.168.1.250object network xbox_udp_3074 host 192.168.1.5object network xbox_tcp_3074 host 192.168.1.5object network xbox_udp_88 host 192.168.1.5object-group icmp-type DefaultICMP description Default ICMP Types permitted icmp-object echo-reply icmp-object unreachable icmp-object time-exceededobject-group service xbox_live tcp-udp port-object eq 3074 port-object eq 88object-group protocol TCPUDP protocol-object udp protocol-object tcpaccess-list acl_outside extended permit icmp any any object-group DefaultICMP access-list acl_outside extended permit tcp any object HomeServer_tcp_57331 eq 57331 access-list acl_outside extended permit udp any object xbox_udp_3074 eq 3074 access-list acl_outside extended permit tcp any object xbox_tcp_3074 eq 3074 access-list acl_outside extended permit udp any object xbox_udp_88 eq 88 pager lines 24mtu inside 1500mtu outside 1500ip local pool vpnpool 10.0.0.2-10.0.0.200 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1icmp permit any echo-reply outsideno asdm history enablearp timeout 14400!object network obj_any nat (inside,outside) dynamic interfaceobject network HomeServer_tcp_57331 nat (inside,outside) static interface service tcp 57331 57331 object network xbox_udp_3074 nat (inside,outside) static interface service udp 3074 3074 object network xbox_tcp_3074 nat (inside,outside) static interface service tcp 3074 3074 object network xbox_udp_88 nat (inside,outside) static interface service udp 88 88 access-group acl_outside in interface outsideroute outside 0.0.0.0 0.0.0.0 (Public Static IP) 1timeout xlate 3:00:00timeout pat-xlate 0:00:30timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALaaa authentication ssh console LOCAL http server enablehttp 192.168.1.0 255.255.255.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart warmstartcrypto ipsec ikev1 transform-set strong-des esp-3des esp-md5-hmac crypto dynamic-map dynmap 30 set ikev1 transform-set strong-descrypto map warrillow 65535 ipsec-isakmp dynamic dynmapcrypto map warrillow interface outsidecrypto isakmp identity address crypto ikev1 enable outsidecrypto ikev1 policy 11 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400telnet 192.168.1.0 255.255.255.0 insidetelnet timeout 30ssh 192.168.1.0 255.255.255.0 insidessh timeout 30console timeout 30threat-detection rate syn-attack rate-interval 600 average-rate 30 burst-rate 45threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160threat-detection basic-threatthreat-detection scanning-threat shun duration 3600threat-detection statisticsthreat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200webvpngroup-policy Warrillow internalgroup-policy Warrillow attributes wins-server none dns-server value 192.168.1.250 vpn-idle-timeout 120 vpn-tunnel-protocol ikev1 default-domain value warrillow.localusername mattw password (Masked) encrypted privilege 15tunnel-group Warrillow-VPN type remote-accesstunnel-group Warrillow-VPN general-attributes address-pool vpnpool default-group-policy Warrillowtunnel-group Warrillow-VPN ipsec-attributes ikev1 pre-shared-key *****!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class class-default user-statistics accounting!service-policy global_policy globalprompt hostname context no call-home reporting anonymoushpm topN enable
EDIT: to remove public IP from config postedHi,
Adding the following configurations should allow ICMP through the ASA (for the echo-reply to come through also without using ACL)
policy-map global_policy class inspection_default
inspect icmp
Unless you had already added this.
You might also find the following documents/video helpfull. It shows off some of the common NAT configurations. This was mostly to help the people that were moving from the old to the new format. But it should be helpfull to you also. I know I sometimes double check there.
Document: https://supportforums.cisco.com/docs/DOC-9129
Video: https://supportforums.cisco.com/docs/DOC-12324 (also has a link to the above document)
Regarding the NAT configurations for modem management, I cant guarantee this will work but the first configuration that came to mind is the following (kind resembles the NONAT configuration)
Though I'm not really sure if this would work as the LAN network and the outside management IP is from the same network. But you can always try.
object network LAN
subnet 192.168.1.0 255.255.255.0
object network MODEM-MANAGEMENT
host 192.168.1.254
nat (inside,outside) source static LAN LAN destination static MODEM-MANAGEMENT MODEM-MANAGEMET
- Jouni -
New Features: Cisco Technical Support Mobile App v3.6
Cisco Technical Support Mobile App v3.6 - New Features:
On Monday, May 12th, a new version of the Cisco Technical Support mobile application was released with the following new features:
Aggregated Content For More Than Six Thousand Products
Select from one of more than six thousand models to access aggregated support documentation, software downloads, and Cisco Support Community content within "Product Information". It is like having your own personal library in the palm of your hand.
Pocket Integration
Send In-App content to your Pocket (Read-It-Later) account for easy, synchronized access across all your devices. As Darren Murph describes on BGR.com, you can further enhance your experience with IFTTT to automate content archival from your Pocket account to several other channels including Evernote, Instapaper, Dropbox, and Box.net.
For more Information
Pocket: http://www.getpocket.com
IFTTT: http://www.ifttt.com
IFTTT Pocket Recipes: https://ifttt.com/recipes?channel=pocket#popular
Support Contract Expiration Reminders
With your permission, event reminders can be added to your calendar 90 and 60 days prior to your support contracts expiring. Keeping your contracts up to date ensures non interrupted access to Cisco TAC.
And there's more…
Users with active support contracts can view, update and create support cases, track and initiate RMA Returns, and research software bug information. Stay up to date with the latest offerings from Cisco through several Video, Podcasts and RSS Feeds.
How to Download the App
The app can be found by searching for "Cisco Technical Support"in either the iTunes or Google Play App Stores. Direct links to the app are provided below:
iOS: https://itunes.apple.com/us/app/cisco-technical-support/id398104252?mt=8
Android: https://play.google.com/store/apps/details?id=com.cisco.swtg_android&hl=enHi Jessica,
On the iOS mobile app, communities with sub-communities are identified by a blue arrow next to the community. If you tap on the community name you will be taken to the community, if you tap on the blue arrow you will be taken to the sub-communities within that parent community. For Android tapping on the arrow next to the community name will expand that community to show any sub-communities underneath it. I hope this helps.
Thanks,
Kent -
What's New in Cisco Active Advisor?
Hello folks,
A new version of CAA is up, with a bunch of new features and bug fixes. Here’s a glimpse of the new features added recently.
1) Delete devices
Devices on your inventory list can now be deleted.
Simply select the devices to delete and click the Trash icon at the top of the list.
You will be asked to confirm your delete request.
2) Enabled Features
Quickly discover your devices’ enabled features using CAA! All IOS devices that enter your inventory list are now scanned for their enabled features.
In the device’s window, you’ll find a new tab named ‘Enabled Features’
Clicking this tab will show all the features that are enabled on your IOS device, ordered by Technology and Features.
Clicking on the various Technology names will open up a new window that shows all available features under that category.
3) Line cards and modules
Good news! Now line cards and modules on your switches and routers will be discovered and displayed in CAA.
In the inventory list, some devices will have the line card and modules icon
This indicates that CAA has discovered line cards or modules on your chassis.
Clicking this icon will lead you to the list of discovered modules. There you will see its status information, as well as relevant lifecycle data.
When you go into the device overview window, click the same icon to see the line cards and modules list.
Please note that there is a color code to the line cards and modules icon.
Red indicates that CAA has found lifecycle alerts on one or more of your modules
Blue indicates that no lifecycle alerts have been found.
Please let us know what you think of these feature additions and of Cisco Active Advisor in general!
We'd love to hear your thoughts and feedback!
Thanks,
The CAA TeamBug fixes.
Type "ios 6.0.2" into the search bar at the top of this page by Support and read for yourself. -
AIRONET 1260 with new radius cisco ACS 4.x
Hi, I have a new CISCO AIRONET 1260
I have CISCO ACS 5.1 radius for VPN on ASA and tried to configure an NDG on it for AIRONET 1260 too and worked fine with IEEE 802.1x CISCO EAP-FAST authentication
As I had some trouble to let users to authenticate only on VPN if are VPN users and only on CISCO AIRONET if need only WIFI AIRONET
I tried exception policies rules but something not working. VPN was ok but not WIFI access denied for rule policy access
I decided to install CISCO ACS 4.x on Windows 2003 that is on ACS 5 DVD
I created NDG as done on ACS 5 put a shared secret , put on AIRONET too as done for ACS 5 but I receive an error against ACS 4.x
To troubleshout it I tried
http://www.cisco.com/en/US/partner/tech/tk722/tk720/technologies_configuration_example09186a00807bf3c8.shtml
but not work ! I think to have done all fine owever on ACS 5 it worked in 5 minutes
I searched log inside ACS 4 and found "Invalid message authenticator in EAP request" and I found this:
https://supportforums.cisco.com/docs/DOC-3991
Changed shared secret more times but ever not workign with ACS 4
what's wrong?
I need to have user and password prompt on client trying to authentincate on AIRONET WIFI and I need ACS INTERNAL USER no active directory, no LDAP , no external user databaseI have solved
-
Fairly new to cisco ASA 5505 - Can someone look through my config?
Hi.
Can some one tell me if I did the NAT part right? Both dynamic and static.
To be able to reach one vlan from another I created a Nat between them, is this the right way to do it?
I can still limit the access between the vlans based on the access list.
I also getting slow throughput over the VPN tunnel. Is there something wrong with my config. I used the wizard to set it up. There is also a cisco asa5505 on the other end.
If there is some thing else that seems wrong, please let me know.
Any help would be greatfully appreciated!
Config:
: Saved
ASA Version 7.2(2)
hostname ciscoasa
domain-name default.domain.invalid
enable password x encrypted
names
name 192.168.1.250 DomeneServer
name 192.168.1.10 NotesServer
name 192.168.1.90 OvServer
name 192.168.1.97 TerminalServer
name 192.168.1.98 w8-eyeshare
name 192.168.50.10 w8-print
name 192.168.1.94 w8-app
name 192.168.1.89 FonnaFlyMedia
interface Vlan1
nameif Vlan1
security-level 100
ip address 192.168.200.100 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address 79.x.x.226 255.255.255.224
ospf cost 10
interface Vlan400
nameif vlan400
security-level 100
ip address 192.168.1.1 255.255.255.0
ospf cost 10
interface Vlan450
nameif Vlan450
security-level 100
ip address 192.168.210.1 255.255.255.0
ospf cost 10
interface Vlan460
nameif Vlan460-SuldalHotell
security-level 100
ip address 192.168.2.1 255.255.255.0
ospf cost 10
interface Vlan461
nameif Vlan461-SuldalHotellGjest
security-level 100
ip address 192.168.3.1 255.255.255.0
ospf cost 10
interface Vlan462
nameif Vlan462-Suldalsposten
security-level 100
ip address 192.168.4.1 255.255.255.0
ospf cost 10
interface Vlan470
nameif vlan470-Kyrkjekontoret
security-level 100
ip address 192.168.202.1 255.255.255.0
ospf cost 10
interface Vlan480
nameif vlan480-Telefoni
security-level 100
ip address 192.168.20.1 255.255.255.0
ospf cost 10
interface Vlan490
nameif Vlan490-QNapBackup
security-level 100
ip address 192.168.10.1 255.255.255.0
ospf cost 10
interface Vlan500
nameif Vlan500-HellandBadlands
security-level 100
ip address 192.168.30.1 255.255.255.0
ospf cost 10
interface Vlan510
nameif Vlan510-IsTak
security-level 100
ip address 192.168.40.1 255.255.255.0
ospf cost 10
interface Vlan600
nameif Vlan600-SafeQ
security-level 100
ip address 192.168.50.1 255.255.255.0
ospf cost 10
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 500
switchport trunk allowed vlan 400,450,460-462,470,480,500,510,600,610
switchport mode trunk
interface Ethernet0/3
switchport access vlan 490
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd x encrypted
ftp mode passive
clock timezone WAT 1
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Lotus_Notes_Utgaaande tcp
description Frim Notes og ut til alle
port-object eq domain
port-object eq ftp
port-object eq www
port-object eq https
port-object eq lotusnotes
port-object eq pop3
port-object eq pptp
port-object eq smtp
object-group service Lotus_Notes_inn tcp
description From alle og inn til Notes
port-object eq www
port-object eq lotusnotes
port-object eq pop3
port-object eq smtp
object-group service Reisebyraa tcp-udp
port-object range 3702 3702
port-object range 5500 5500
port-object range 9876 9876
object-group service Remote_Desktop tcp-udp
description Tilgang til Remote Desktop
port-object range 3389 3389
object-group service Sand_Servicenter_50000 tcp-udp
description Program tilgang til Sand Servicenter AS
port-object range 50000 50000
object-group service VNC_Remote_Admin tcp
description Frå oss til alle
port-object range 5900 5900
object-group service Printer_Accept tcp-udp
port-object range 9100 9100
port-object eq echo
object-group icmp-type Echo_Ping
icmp-object echo
icmp-object echo-reply
object-group service Print tcp
port-object range 9100 9100
object-group service FTP_NADA tcp
description Suldalsposten NADA tilgang
port-object eq ftp
port-object eq ftp-data
object-group service Telefonsentral tcp
description Hoftun
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
port-object eq telnet
object-group service Printer_inn_800 tcp
description Fra 800 nettet og inn til 400 port 7777
port-object range 7777 7777
object-group service Suldalsposten tcp
description Sending av mail vha Mac Mail programmet - åpner smtp
port-object eq pop3
port-object eq smtp
object-group service http2 tcp
port-object range 81 81
object-group service DMZ_FTP_PASSIVE tcp-udp
port-object range 55536 56559
object-group service DMZ_FTP tcp-udp
port-object range 20 21
object-group service DMZ_HTTPS tcp-udp
port-object range 443 443
object-group service DMZ_HTTP tcp-udp
port-object range 8080 8080
object-group service DNS_Query tcp
port-object range domain domain
object-group service DUETT_SQL_PORT tcp-udp
description For kobling mellom andre nett og duett server
port-object range 54659 54659
access-list outside_access_in extended permit ip any any
access-list outside_access_out extended permit ip any any
access-list vlan400_access_in extended deny ip any host 149.20.56.34
access-list vlan400_access_in extended deny ip any host 149.20.56.32
access-list vlan400_access_in extended permit ip any any
access-list Vlan450_access_in extended deny ip any host 149.20.56.34
access-list Vlan450_access_in extended deny ip any host 149.20.56.32
access-list Vlan450_access_in extended permit ip any any
access-list Vlan460_access_in extended deny ip any host 149.20.56.34
access-list Vlan460_access_in extended deny ip any host 149.20.56.32
access-list Vlan460_access_in extended permit ip any any
access-list vlan400_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Lotus_Notes_Utgaaande
access-list vlan400_access_out extended permit tcp any host DomeneServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host TerminalServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host OvServer object-group http2
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Lotus_Notes_inn
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host w8-eyeshare object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host w8-app object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host FonnaFlyMedia range 8400 8600
access-list vlan400_access_out extended permit udp any host FonnaFlyMedia range 9000 9001
access-list vlan400_access_out extended permit tcp 192.168.4.0 255.255.255.0 host DomeneServer
access-list vlan400_access_out extended permit tcp 192.168.4.0 255.255.255.0 host w8-app object-group DUETT_SQL_PORT
access-list Vlan500_access_in extended deny ip any host 149.20.56.34
access-list Vlan500_access_in extended deny ip any host 149.20.56.32
access-list Vlan500_access_in extended permit ip any any
access-list vlan470_access_in extended deny ip any host 149.20.56.34
access-list vlan470_access_in extended deny ip any host 149.20.56.32
access-list vlan470_access_in extended permit ip any any
access-list Vlan490_access_in extended deny ip any host 149.20.56.34
access-list Vlan490_access_in extended deny ip any host 149.20.56.32
access-list Vlan490_access_in extended permit ip any any
access-list Vlan450_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan1_access_out extended permit ip any any
access-list Vlan1_access_out extended permit tcp any host w8-print object-group Remote_Desktop
access-list Vlan1_access_out extended deny ip any any
access-list Vlan1_access_out extended permit icmp any any echo-reply
access-list Vlan460_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan490_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_FTP
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_FTP_PASSIVE
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_HTTPS
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_HTTP
access-list Vlan500_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan470_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan470_access_out extended permit tcp any host 192.168.202.10 object-group Remote_Desktop
access-list Vlan510_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan480_access_out extended permit ip any any
access-list Vlan510_access_in extended permit ip any any
access-list Vlan600_access_in extended permit ip any any
access-list Vlan600_access_out extended permit icmp any any
access-list Vlan600_access_out extended permit tcp any host w8-print object-group Remote_Desktop
access-list Vlan600_access_out extended permit tcp 192.168.1.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_out extended permit tcp 192.168.202.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_out extended permit tcp 192.168.210.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_in_1 extended permit ip any any
access-list Vlan461_access_in extended permit ip any any
access-list Vlan461_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan400_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list outside_20_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list outside_20_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list Vlan462-Suldalsposten_access_in extended permit ip any any
access-list Vlan462-Suldalsposten_access_out extended permit icmp any any echo-reply
access-list Vlan462-Suldalsposten_access_out_1 extended permit icmp any any echo-reply
access-list Vlan462-Suldalsposten_access_in_1 extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu Vlan1 1500
mtu outside 1500
mtu vlan400 1500
mtu Vlan450 1500
mtu Vlan460-SuldalHotell 1500
mtu Vlan461-SuldalHotellGjest 1500
mtu vlan470-Kyrkjekontoret 1500
mtu vlan480-Telefoni 1500
mtu Vlan490-QNapBackup 1500
mtu Vlan500-HellandBadlands 1500
mtu Vlan510-IsTak 1500
mtu Vlan600-SafeQ 1500
mtu Vlan462-Suldalsposten 1500
no failover
monitor-interface Vlan1
monitor-interface outside
monitor-interface vlan400
monitor-interface Vlan450
monitor-interface Vlan460-SuldalHotell
monitor-interface Vlan461-SuldalHotellGjest
monitor-interface vlan470-Kyrkjekontoret
monitor-interface vlan480-Telefoni
monitor-interface Vlan490-QNapBackup
monitor-interface Vlan500-HellandBadlands
monitor-interface Vlan510-IsTak
monitor-interface Vlan600-SafeQ
monitor-interface Vlan462-Suldalsposten
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (vlan400) 0 access-list vlan400_nat0_outbound
nat (vlan400) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan450) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan460-SuldalHotell) 1 0.0.0.0 0.0.0.0
nat (Vlan461-SuldalHotellGjest) 1 0.0.0.0 0.0.0.0
nat (vlan470-Kyrkjekontoret) 1 0.0.0.0 0.0.0.0
nat (Vlan490-QNapBackup) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan500-HellandBadlands) 1 0.0.0.0 0.0.0.0
nat (Vlan510-IsTak) 1 0.0.0.0 0.0.0.0
nat (Vlan600-SafeQ) 1 0.0.0.0 0.0.0.0
nat (Vlan462-Suldalsposten) 1 0.0.0.0 0.0.0.0
static (vlan400,outside) 79.x.x.x DomeneServer netmask 255.255.255.255
static (vlan470-Kyrkjekontoret,outside) 79.x.x.x 192.168.202.10 netmask 255.255.255.255
static (vlan400,outside) 79.x.x.x NotesServer netmask 255.255.255.255 dns
static (vlan400,outside) 79.x.x.231 TerminalServer netmask 255.255.255.255
static (vlan400,outside) 79.x.x.234 OvServer netmask 255.255.255.255
static (vlan400,outside) 79.x.x.232 w8-eyeshare netmask 255.255.255.255
static (Vlan490-QNapBackup,outside) 79.x.x.233 192.168.10.10 netmask 255.255.255.255 dns
static (Vlan600-SafeQ,outside) 79.x.x.235 w8-print netmask 255.255.255.255
static (vlan400,outside) 79.x.x.236 w8-app netmask 255.255.255.255
static (Vlan450,vlan400) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (Vlan500-HellandBadlands,vlan400) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (vlan400,Vlan500-HellandBadlands) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,Vlan450) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,outside) 79.x.x.252 FonnaFlyMedia netmask 255.255.255.255
static (Vlan462-Suldalsposten,vlan400) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
static (vlan400,Vlan462-Suldalsposten) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,Vlan600-SafeQ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Vlan600-SafeQ,vlan400) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ,Vlan450) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ,vlan470-Kyrkjekontoret) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan450,Vlan600-SafeQ) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (vlan470-Kyrkjekontoret,Vlan600-SafeQ) 192.168.202.0 192.168.202.0 netmask 255.255.255.0
access-group Vlan1_access_out out interface Vlan1
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
access-group vlan400_access_in in interface vlan400
access-group vlan400_access_out out interface vlan400
access-group Vlan450_access_in in interface Vlan450
access-group Vlan450_access_out out interface Vlan450
access-group Vlan460_access_in in interface Vlan460-SuldalHotell
access-group Vlan460_access_out out interface Vlan460-SuldalHotell
access-group Vlan461_access_in in interface Vlan461-SuldalHotellGjest
access-group Vlan461_access_out out interface Vlan461-SuldalHotellGjest
access-group vlan470_access_in in interface vlan470-Kyrkjekontoret
access-group vlan470_access_out out interface vlan470-Kyrkjekontoret
access-group vlan480_access_out out interface vlan480-Telefoni
access-group Vlan490_access_in in interface Vlan490-QNapBackup
access-group Vlan490_access_out out interface Vlan490-QNapBackup
access-group Vlan500_access_in in interface Vlan500-HellandBadlands
access-group Vlan500_access_out out interface Vlan500-HellandBadlands
access-group Vlan510_access_in in interface Vlan510-IsTak
access-group Vlan510_access_out out interface Vlan510-IsTak
access-group Vlan600_access_in_1 in interface Vlan600-SafeQ
access-group Vlan600_access_out out interface Vlan600-SafeQ
access-group Vlan462-Suldalsposten_access_in_1 in interface Vlan462-Suldalsposten
access-group Vlan462-Suldalsposten_access_out_1 out interface Vlan462-Suldalsposten
route outside 0.0.0.0 0.0.0.0 79.x.x.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username x password x encrypted privilege 15
aaa authentication ssh console LOCAL
http server enable
http 192.168.210.0 255.255.255.0 Vlan450
http 192.168.200.0 255.255.255.0 Vlan1
http 192.168.1.0 255.255.255.0 vlan400
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 match address outside_20_cryptomap_1
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer 62.92.159.137
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp enable vlan400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 62.92.159.137 type ipsec-l2l
tunnel-group 62.92.159.137 ipsec-attributes
pre-shared-key *
telnet 192.168.200.0 255.255.255.0 Vlan1
telnet 192.168.1.0 255.255.255.0 vlan400
telnet timeout 5
ssh 171.68.225.216 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd update dns both
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan1
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface outside
dhcpd address 192.168.1.100-192.168.1.225 vlan400
dhcpd option 6 ip DomeneServer 81.167.36.11 interface vlan400
dhcpd option 3 ip 192.168.1.1 interface vlan400
dhcpd enable vlan400
dhcpd address 192.168.210.100-192.168.210.200 Vlan450
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan450
dhcpd option 3 ip 192.168.210.1 interface Vlan450
dhcpd enable Vlan450
dhcpd address 192.168.2.100-192.168.2.150 Vlan460-SuldalHotell
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan460-SuldalHotell
dhcpd option 3 ip 192.168.2.1 interface Vlan460-SuldalHotell
dhcpd enable Vlan460-SuldalHotell
dhcpd address 192.168.3.100-192.168.3.200 Vlan461-SuldalHotellGjest
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan461-SuldalHotellGjest
dhcpd option 3 ip 192.168.3.1 interface Vlan461-SuldalHotellGjest
dhcpd enable Vlan461-SuldalHotellGjest
dhcpd address 192.168.202.100-192.168.202.199 vlan470-Kyrkjekontoret
dhcpd option 3 ip 192.168.202.1 interface vlan470-Kyrkjekontoret
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan470-Kyrkjekontoret
dhcpd enable vlan470-Kyrkjekontoret
dhcpd option 3 ip 192.168.20.1 interface vlan480-Telefoni
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan480-Telefoni
dhcpd address 192.168.10.80-192.168.10.90 Vlan490-QNapBackup
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan490-QNapBackup
dhcpd option 3 ip 192.168.10.1 interface Vlan490-QNapBackup
dhcpd address 192.168.30.100-192.168.30.199 Vlan500-HellandBadlands
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan500-HellandBadlands
dhcpd option 3 ip 192.168.30.1 interface Vlan500-HellandBadlands
dhcpd enable Vlan500-HellandBadlands
dhcpd address 192.168.40.100-192.168.40.150 Vlan510-IsTak
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan510-IsTak
dhcpd option 3 ip 192.168.40.1 interface Vlan510-IsTak
dhcpd enable Vlan510-IsTak
dhcpd address 192.168.50.150-192.168.50.199 Vlan600-SafeQ
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan600-SafeQ
dhcpd enable Vlan600-SafeQ
dhcpd address 192.168.4.100-192.168.4.150 Vlan462-Suldalsposten
dhcpd option 6 ip DomeneServer 81.167.36.11 interface Vlan462-Suldalsposten
dhcpd option 3 ip 192.168.4.1 interface Vlan462-Suldalsposten
dhcpd enable Vlan462-Suldalsposten
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
prompt hostname context
Cryptochecksum:x
: endI was just wondering if this is the way to do the "connection" between vlans.. or should it be routed?
The traffic between the vlan is working as intended. There are not much traffice only some RDP connection and some printing jobs.
But i'm getting some of these errors: (not alle like this, but portmap translation creation failed)
305006 192.168.10.200 portmap translation creation failed for udp src Vlan460-SuldalHotell:192.168.2.112/59133 dst Vlan490-QNapBackup:192.168.10.200/161
I did the sh interface commends:
Result of the command: "sh interface"
Interface Vlan1 "Vlan1", is down, line protocol is down
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.200.100, subnet mask 255.255.255.0
Traffic Statistics for "Vlan1":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 79.x.x.226, subnet mask 255.255.255.224
Traffic Statistics for "outside":
1780706730 packets input, 1221625431570 bytes
1878320718 packets output, 1743030863134 bytes
5742216 packets dropped
1 minute input rate 558 pkts/sec, 217568 bytes/sec
1 minute output rate 803 pkts/sec, 879715 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 621 pkts/sec, 482284 bytes/sec
5 minute output rate 599 pkts/sec, 428957 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Vlan400 "vlan400", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan400":
1093422654 packets input, 1191121436317 bytes
784209789 packets output, 374041914789 bytes
11465163 packets dropped
1 minute input rate 751 pkts/sec, 870445 bytes/sec
1 minute output rate 462 pkts/sec, 116541 bytes/sec
1 minute drop rate, 11 pkts/sec
5 minute input rate 474 pkts/sec, 415304 bytes/sec
5 minute output rate 379 pkts/sec, 197861 bytes/sec
5 minute drop rate, 7 pkts/sec
Interface Vlan450 "Vlan450", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.210.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan450":
139711812 packets input, 27519985266 bytes
202793062 packets output, 233679075458 bytes
12523100 packets dropped
1 minute input rate 68 pkts/sec, 9050 bytes/sec
1 minute output rate 83 pkts/sec, 88025 bytes/sec
1 minute drop rate, 6 pkts/sec
5 minute input rate 145 pkts/sec, 15068 bytes/sec
5 minute output rate 241 pkts/sec, 287093 bytes/sec
5 minute drop rate, 6 pkts/sec
Interface Vlan460 "Vlan460-SuldalHotell", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.2.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan460-SuldalHotell":
177971988 packets input, 161663208458 bytes
193137004 packets output, 137418896469 bytes
4003957 packets dropped
1 minute input rate 13 pkts/sec, 2295 bytes/sec
1 minute output rate 14 pkts/sec, 15317 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 4 pkts/sec, 794 bytes/sec
5 minute output rate 1 pkts/sec, 477 bytes/sec
5 minute drop rate, 2 pkts/sec
Interface Vlan461 "Vlan461-SuldalHotellGjest", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan461-SuldalHotellGjest":
332909692 packets input, 351853184942 bytes
312038518 packets output, 156669956740 bytes
583171 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan462 "Vlan462-Suldalsposten", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.4.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan462-Suldalsposten":
33905 packets input, 14303320 bytes
28285 packets output, 27536357 bytes
10199 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan470 "vlan470-Kyrkjekontoret", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.202.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan470-Kyrkjekontoret":
12176257 packets input, 4305665570 bytes
10618750 packets output, 5982598969 bytes
974796 packets dropped
1 minute input rate 2 pkts/sec, 770 bytes/sec
1 minute output rate 1 pkts/sec, 861 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 708 bytes/sec
5 minute output rate 1 pkts/sec, 980 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan480 "vlan480-Telefoni", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.20.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan480-Telefoni":
246638 packets input, 43543149 bytes
10 packets output, 536 bytes
226674 packets dropped
1 minute input rate 0 pkts/sec, 126 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 56 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan490 "Vlan490-QNapBackup", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.10.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan490-QNapBackup":
137317833 packets input, 6066713912 bytes
223933623 packets output, 263191563744 bytes
531738 packets dropped
1 minute input rate 0 pkts/sec, 135 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 68 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan500 "Vlan500-HellandBadlands", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.30.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan500-HellandBadlands":
30816778 packets input, 4887486069 bytes
42403099 packets output, 47831750415 bytes
948717 packets dropped
1 minute input rate 3 pkts/sec, 707 bytes/sec
1 minute output rate 3 pkts/sec, 3459 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 23 bytes/sec
5 minute output rate 0 pkts/sec, 31 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan510 "Vlan510-IsTak", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.40.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan510-IsTak":
1253148 packets input, 245364736 bytes
1225385 packets output, 525528101 bytes
161567 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan600 "Vlan600-SafeQ", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.50.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan600-SafeQ":
1875377 packets input, 1267279709 bytes
1056139 packets output, 290728055 bytes
521943 packets dropped
1 minute input rate 0 pkts/sec, 165 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 178 bytes/sec
5 minute output rate 0 pkts/sec, 9 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea06, MTU not set
IP address unassigned
1782670655 packets input, 1256666911856 bytes, 0 no buffer
Received 95709 broadcasts, 0 runts, 0 giants
1978 input errors, 1978 CRC, 0 frame, 0 overrun, 1978 ignored, 0 abort
0 L2 decode drops
17179928790 switch ingress policy drops
1878320261 packets output, 1778955488577 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/2 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea08, MTU not set
IP address unassigned
1790819459 packets input, 1783854920873 bytes, 0 no buffer
Received 27571913 broadcasts, 0 runts, 0 giants
614 input errors, 614 CRC, 0 frame, 0 overrun, 614 ignored, 0 abort
0 L2 decode drops
19768 switch ingress policy drops
1547507675 packets output, 991527977853 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/3 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea09, MTU not set
IP address unassigned
137318166 packets input, 9176625008 bytes, 0 no buffer
Received 290030 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
335 switch ingress policy drops
223933623 packets output, 267222625073 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops -
SQL Questions (New to Cisco)
Hello. I work for Clarian Health in Indianapolis and am trying to learn as much as possible about the SQL databases, both AWDB and HDS so that I can handle the reporting for our Revenue Cycle Customer Service.
I am currently working my way through the Database Schema Handbook for Cisco Unified ICM /Contact Center Enterprise & Hosted. I’m also reviewing the explanation pages that are available for the reports on WebView. During my reviews, I have noticed a few things that confuse me.
My questions are:
1. Why do a majority of the tables on our SQL Server start with “t_”?
2. Why do some of the tables have data on the AWDB server but not on the HDS server, and vice versa? (Examples: t_Agent and t_Agent_Team and t_Agent_Team_Member and t_Person are blank on the HDS database but not blank on the AWDB database; but the t_Agent_Logout is blank on the AWDB database and not blank on the HDS database)
3. When data is moved to the HDS server every 30 minutes, is it also removed from the corresponding AWDB table?
4. In review of the agent26: Agent Consolidated Daily Report syntax info located on the WebView, 1 of the calculations uses the LoggedOnTimeToHalf from the Agent_Half_Hour table while the remaining calculations uses the same field from the Agent_Skill_Group_Half_Hour table. Can you please tell me why this is? Why would all of the percent calculations not use the data from the same table? (The % of time Agent paused and/or put a task on hold uses the Agent_Half_Hour Table. All other % calculations uses the same field from the Agent_Skill_Group_Half_Hour Table.)
5. Also in reviewing the agent26: Agent Consolidated Daily Report syntax info, I noticed that it contains the Skill_Group table, the Agent_Half_Hour table and the Media_Routing_Domain table. Both the Skill Group table and the Agen_Half_Hour table contain links to the Media_Routing_Domain table. Which relationship/join is actually utilized for this report?
6. Why doesn't the LoggedOnTimeToHalf field on both the Agent_Half_Hour table and the Agent_Skill_Group_Half_Hour table have the same value in them?
7. On the agent_26: Agent Consolidated Daily Report syntax explanation page, the Agent State Times: Log on Duration says that it is derived using the Agent_Half_Hour.LoggedOnTimeToHalf field, but when i convert this field to HH:MM:SS, it does not match the actual WebView report. But, when I use the Agent_Skill_Group_Half_Hour.LoggedOnTimeToHalfHour, it does match. Which one is correct?
8. On the agent_26: Agent Consolidated Daily Report, why does the Completed Tasks: Transfer Out contain both the TransferredOutCallsToHalf and the NetTransferredOutCallsToHalf fields? What's the difference between the two? What Transfer out data writes to each field?
Thank you.
Angie Combest
Clarian Health
[email protected]You need to be careful when looking at the three databases - Logger, AW, HDS - which use the same schema. But many of what appear to be tables in the AW are really views into the t_ tables in the HDS - the data is not there in the AW DB. You are right to look at the schema - but check with SQL Enterprise to understand a bit more.
In essence, the AW DB is for configuration data and real-time data. The HDS is for historical data. You can query the AW DB for (say) Call_Type_Half_Hour data and join with the Call_Type table to resolve the call type ID into its name - but the data is really in the HDS through the view.
The DB design is quite complex and sophisticated - many things are not obvious.
Keep up your research.
Regards,
Geoff -
Hi,
I'm working for Industry Canada and we just received a new video conference system. It is connected to a DSL line. The video conferencing work perfect when we dial out. But I have a issue when a external person try to dial me in, it can't connect. I think there is a problem with local IP (modem) and dedicated IP (public IP). I try to config. the modem but still experiencing problem with receiving calls.
Anybody can help?
Thank youFor incoming call to Endpoint behind the FW/Router, you need to configure 1:1 NAT or port forwarding.
If firewall/router is H.323 awareness and support ALG, then you won’t need configure each port but most of home router will require manual port forwarding configuration.
For H.323 connection with C-series Endpoint, following ports will be use
Gatekeeper Discovery (RAS) – Port 1719 – UDP (not necessary for this case as not registering on GK).
Q.931 call Setup – Port 1720 – TCP
H.245 – Port Range 5555-6555– TCP
Video – Port Range 2326-2485 – UDP
Audio – Port Range 2326-2485 – UDP
Data/FECC – Port Range – 2326-2485 – UDP
Please note H.245 ports range is from 5555 to 6555 while port allocation configured as "Static".
If port allocation configured as "Dynamic", then port range is from 11000 to 20999.
If you modify port configuration (Static/Dynamic), codec must restart to affect configuration change.
Default RTP/RTCP port range for media is 2326 to 2485.
However this is configurable by "RTP Ports Range Start" and "RTP Ports Range Stop". -
I want to be able to tie the registering users into the visitor registration section of a segregated guest network. I want to have a link that would appear in the front end after you register a visitor which would direct you to this program which is the lobby ambassador. Any non guest user could be able to register a guest and be provided a temp logon for the guest for a period of time.
Anyone has an idea of how I can achieve this using a Cisco lobby ambassadorYou should be able to expand it to something bigger. On the controller go to Security, AAA, General. Increase this number, it will require a reboot. I'm not sure the maximum you can increase it to (could be controller dependent).
-
New installation - Cisco Prime from OVA on VMWare
Hi,
I have just imported Cisco Prime OVA and followed the setup and entered the IP Address, hostname, DNS, Gateway etc etc... When I attempt to enter via the URL https://CicsoPrime01 it doesn't accept the connection. I'm able to ping to the CiscoPrime machine, but can't get in.
I searched and saw some troubleshooting steps such as ncs status, ncs start....
Result:
/opt/CSO01umos/bin/wcsadmin.sh no such file or directory....
Any help?
Thanks,if an ncs status returns :::: /opt/CSO01umos/bin/wcsadmin.sh no such file or directory...::::
I would bet your installation is no good.
Please redeploy the OVA -
Management VLAN -- New to Cisco
I've been working on configuring VLANs for my network and I came across something that confuses me. Under practical tips in this docuemnt http://www.cisco.com/warp/public/473/189.html#tips it states:
Separate the management VLAN from the user or server VLAN, as in this diagram. The management VLAN is different from the user or server VLAN. With this separation, any broadcast/packet storm that occurs in the user or server VLAN does not affect the management of switches.
Do not use VLAN 1 for management. All ports in Catalyst switches default to VLAN 1, and any devices that connect to nonconfigured ports are in VLAN 1. The use of VLAN 1 for management can cause potential issues for the management of switches, as the first tip explains.
I understand the concept, and i've made my managment VLAN 10. However, when I connect a computer to the switch it doesn't default to VLAN1 it defaults to VLAN10 which puts the computer by default in the management VLAN.
What's the point of creating a different VLAN ID for management if the workstations are going to default to it anyhow? I understand once I configure the ports it will take them out of the management VLAN, I'm just wondering why I couldn't use VLAN1 as the management domain.
Regards,
DavidTo support an inband management VLAN, you'll have to configure trunking (802.1Q) between switch uplinks allowing your management vlan (VLAN 10) traffic to traverse the trunk in addition to the user vlan (lets say vlan 20). To trunk, you must utilize a unique VLANs per subnet. I like to force trunking (switchport encap dot1q, switchport mode trunk, switchport nonnegotiate) so as not to utilize DTP (dynamic trunking protocol).
For user access, you need to configure the vlan on the switch and enable switchport mode access along with switchport access vlan 20 (user vlan).
Keep in mind, inband management works well for user access; however, for data center server access trunking is not recommended.
With all that said, you still may have to use VLAN 1 in certain scenarios. For instance, an IBM Blade center management module required the use of vlan 1 to manage the blade center. -
With Ali Mohammed
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about what’s new in Cisco Identity Services Engine (ISE) Version 1.2 and to understand the new features and enhanced troubleshooting options with Cisco expert Ali Mohammed.
Cisco ISE can be deployed as an appliance or virtual machine to enforce security policy on all devices that attempt to gain access to network infrastructure. ISE 1.2 provides feature enrichment in terms of mobile device management, BYOD enhancements, and so on. It also performs noise suppression in log collection so customers have greater ability to store and analyze logs for a longer period.
Ali Mohammed is an escalation engineer with the Security Access and Mobility Product Group (SAMPG), providing support to all Cisco NAC and Cisco ISE installed base. Ali works on complicated recreations of customer issues and helps customers in resolving configuration, deployment, setup, and integration issues involving Cisco NAC and Cisco ISE products. Ali works on enhancing tools available in ISE/NAC that are required to help troubleshoot the product setup in customer environments. Ali has six and a half years of experience at Cisco and is CCIE certified in security (number 24130).
Remember to use the rating system to let Ali know if you have received an adequate response.
Because of the volume expected during this event, Ali might not be able to answer each question. Remember that you can continue the conversation on the Security community, sub-community shortly after the event. This event lasts through September 6, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hi Ali,
We currently have a two-node deployment running 1.1.3.124, as depicted in diagram:
http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_010.html#ID89
Question 1:
After step 1 is done, node B becomes the new primary node.
What's the license impact at that stage, when the license is mainly tied to node A, the previous primary PAN?
Step 3 says to obtain a new license that's tied to both node A & node B, as if it's implying an issue would arise, if we leave node B as the primary PAN, instead of reverting back to node A.
=========
Question 2:
When step 1 is completed, node B runs 1.2, while node A runs 1.1.3.124.
Do both nodes still function as PSN nodes, and can service end users at that point? (before we proceed to step 2)
Both nodes are behind our ACE load balancer, and I'm trying to confirm the behavior during the upgrade, to determine when to take each node out of the load balancing serverfarm, to keep the service up and avoid an outage.
===========
Question 3:
According to the upgrade guide, we're supposed to perform a config backup from PAN & MnT nodes.
Is the config backup used only when we need to rollback from 1.2 to 1.1.3, or can it be used to restore config on 1.2?
It also says to record customizations & alert settings because after the upgrade to 1.2, these settings would change, and we would need to re-configure them.
Is this correct? That's a lot of screen shots we'll need to take; is there any way to avoid this?
It says: "
Disable services such as Guest, Profiler, Device Onboarding, and so on before upgrade and enable them after upgrade. Otherwise, you must add the guest users who are lost, and devices must be profiled and onboarded again."
Exactly how do you disable services? Disable all the authorization policies?
http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4EFE5E15B9854A648C9EF18D492B9105
==================
Question 4:
The 1.1 user guide says the maximum number of nodes in a node group was 4.
The 1.2 guide now says the maximum is 10.
Is there a hard limit on how many nodes can be in a node group?
We currently don't use node group, due to the lack of multicast support on the ACE-20.
Is it a big deal not to have one?
http://www.cisco.com/en/US/customer/docs/security/ise/1.2/user_guide/ise_dis_deploy.html#wp1230118
thanks,
Kevin -
I have the following setup:
Private network <-> SW <-> CISCO VPN <-> ISP MODEM
I have configured VPN part and is working correctly. I have a computer in the private network at static address 192.168.1.100 and an application is running on it on 8100 tcp port for clients.
Now I need to connect from the Internet to the application on 192.168.1.100 on port 8100.
How to configure CISCO router to forward traffic coming in tcp port 8100 to machine 192.168.1.100??
ISP Modem is going to handover all the traffic to CISCO device.
Thank YouHi Karthik,
I need this to work so that
outside users should be able to access 192.168.1.100:8100 using http://PublicIP:8100 without using VPN at all
And VPN users should be able to access using http://192.168.1.100:8100
I am new to CISCO and committed to setup this for a customer. I got the VPN configured correctly by reading help. If I can do this last configuration, I am saved.
Thank you for your time
My Router Configuration Follows
sh run
Building configuration...
Current configuration : 5416 bytes
! Last configuration change at 17:58:55 CSTime Mon Aug 20 2012 by csi
! NVRAM config last updated at 17:58:24 CSTime Mon Aug 20 2012 by csi
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 $1$KJWP$wujENW/75bJnnoUxGXYJE0
aaa new-model
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone CSTime -6
clock summer-time CSTime date Mar 11 2012 2:00 Nov 4 2012 2:00
crypto pki trustpoint TP-self-signed-986700165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-986700165
revocation-check none
rsakeypair TP-self-signed-986700165
crypto pki certificate chain TP-self-signed-986700165
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39383637 30303136 35301E17 0D313230 38313631 38353134
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3938 36373030
31363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A4AD22DF ECCB9372 C3E88024 318D7181 C2BE73E1 DB6F0B70 4A2781FF A0AB108D
FEDD1EE5 C9C761A6 A9738299 684F25AC FC56F107 4FD43297 4D0D248B C431D0E2
1A53D9B3 B0BCF9CF 7DF157FD 517594D0 B05FCD98 681D5A66 B48265FE BF353F47
84FDA0C5 1A46E55D 40429810 B0A0D3A8 153FAD0A 78538AE0 657467FD FD44E6ED
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821750 69636179 756E652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801491 5CACBE40 0996DFCE 1B9C67C3 9316041C 40FB8130
1D060355 1D0E0416 0414915C ACBE4009 96DFCE1B 9C67C393 16041C40 FB81300D
06092A86 4886F70D 01010405 00038181 003F26CD 9FA486C5 F71250F6 FC7E44F8
CC1C15AC 1364CCA1 2E23CACA D123F78B F4B933EB 73648D75 A2C0B17A 28FAAC18
7CAAB60E 9E5A49C3 50217868 BEFA30F5 6F36A04B BE41FE65 7C684DB9 10320AA1
77D0BBC4 7216C6F6 20564AE2 8F46A06B 85AED401 9DB59ABF 6B360531 153BA6E1
ECBF1F55 D4AF489A 70276D39 D13AF574 C5
quit
ip source-route
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.25
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.222
ip dhcp excluded-address 192.168.1.254
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip dhcp pool Internal_Network
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.100.1
ip cef
ip domain name yourdomain.com
ip name-server 192.168.100.1
no ipv6 cef
license udi pid CISCO881-K9 sn FTX1604828M
username csi privilege 15 secret 5 $1$G4wK$PRgc9k9omH9X8s1u37lkh1
username RemoteUser secret 5 $1$EWRQ$vPW7kG3jNhqwHTiL8IsBx0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group RemoteAccessSupport
key Router_WWTP
pool VPN-Pool
acl VPN-Access-List
crypto isakmp profile vpn-isakmp-profile-1
match identity group RemoteAccessSupport
client authentication list vpn_xauth_ml_1
isakmp authorization list vpn_group_ml_1
client configuration address respond
virtual-template 2
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 192.168.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip local pool VPN-Pool 192.168.1.101 192.168.1.150
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1
ip access-list extended VPN-Access-List
permit ip 192.168.1.0 0.0.0.255 any
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 remark Used for Internet access to Internal N/W
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
control-plane
banner motd ^C---------- Router VPN Router ----------^C
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 124A50424A5E5550
transport input telnet ssh
scheduler max-task-time 5000
end -
Hi,
We are in the process of Migrating Cisco CUCM & Voice Gateway (From another vendor to Cisco).
The requirement is all internal calls between Cisco IP Phones & Lync to be flown through CUCM. Means internal extension to extension. Remaining all calls like Mobile, National, International, Toll Free, Emergency, Shared numbers calling to be routed
to Cisco Voice Gateway.
We created the test dial plan, Voice policies, Route and assigned it to couple of user from Lync (2 extensions) and from Cisco side we have taken 2 IP Phones which is pointed to new CUCM. We tested all below scenarios,everything was working fine.
Lync to Lync Call using internal Extension number – Routed through Cisco new CUCM
Lync to Cisco Call using internal Extension number – Routed through Cisco new CUCM
Cisco to Lync Call using internal Extension number – Routed through Cisco new CUCM
Lync to Hotline Numbers (66XX, 68XX Numbers) – Routed through Cisco Gateway
Lync to Shared Numbers starting with 600 (Verified the number 600535353) - Routed through Cisco Gateway
Lync to Emergency numbers & Toll Free Numbers (Not verified the emergency Number as we decided to do it at end) - Routed through Cisco Gateway
Lync to Landline Numbers – Any 7 digit numbers - Routed through Cisco Gateway
Lync to National Numbers – Starting with 3,4,6,7,8 followed by 7 digits - Routed through Cisco Gateway
Lync to Mobile Phones – Starting with 05 contains exactly 10 digits - Routed through Cisco Gateway
Lync to International Numbers – Starting 00 contains at least 11 digits - Routed through Cisco Gateway
All Incoming calls – From Landline, Mobiles, International Numbers - Routed through Cisco Gateway
Call Transfer – To another Lync Extension, Cisco Extension, Landline, Mobiles, International Number
Conference – with another Lync Extension, Cisco Extension, Landline, Mobiles, International Number
Call Forwarding – To another Number, Voice mail
Response Groups
Click to call – As if user try to place a call by directly click the number from Outlook, Websites will be in E.164 format
Dial in meeting – Conference calls are works fine
But when we roll out to the production we are facing issues listed below
1) The phones we used during testing are working which is using same dial plan, Voice policy, Route, PSTN Usage. But from production most of the phones are not working (using the same dial plan, voice policy, Route). Also Problem is only with external calls
as the internal calls are working fine between Cisco & Lync even in production (Routed through CUCM) NOTE: All incoming calls are working fine (From international, local, national, extension)
2) How long its going to take for Lync to push the new voice policies, Dial plans to the Phones?
3) Is there a way to forcefully update the policies, dial plans to the Phone?
4) Also the environment is using over 100 dial plans, so I just copied and pasted the Normalization rules that we tested and working fine. Most of the dial plans are assigned to individual users as every dial plan contains a normalization rule for
international calling with Unique Prefix (Example: User John international Normalization rules says #1234#00#CountrycodePhonenumber, means if John has to place the international call he need to dial #1234# followed by 00 and then country code, then actual
phone number). In this case how long its take for the users / phones to get updated with new dial plans?
6) Is it recommended to use multiple dial plans ? What are the best practices?
5) Also calls are working fine one & failing on subsequent tries. Means when I dial first 1 or 2 times. Call fails, but when I try 3rd time and subsequently it works. After some again there will be failure during 1 or 2 attempts. Why is it so?
6) After updating the dial policies, voice Route, Voice policies If i reboot all the phones from Switch, Will the changes take effect immediately?
7) Also when some one calling from mobile or external number to Lync extensions they cant here any Dial tones or caller tunes? Its working fine when they call Cisco Extensions. Also to Lync its working if we dial in E.164 Format, if we dial like 023XXXXX
format its not working. Any guess about this issue?
Waiting for some one to help,
Best regards
Krishna
Thanks & Regards Krishnakumar BHi,
1. As all incoming call worked normally, please double check outgoing ports for Lync FE Server and Mediation Server.
You can refer to the link of “Ports and protocols for internal servers in Lync Server 2013” below:
http://technet.microsoft.com/en-us/library/gg398833.aspx
2. When an administrator makes a change to Lync Server (for example, when an administrator creates a new voice policy or changes the Address Book server configuration settings) that change is recorded in the Central Management store.
In turn, the change must then be replicated to all the computers running Lync Server services or server roles.
So it may not replication completely immediately.
3. You can run the following cmdlet with Lync Server Management Shell on FE server to
forcibly replicate information to a computer: Invoke-CsManagementStoreReplication
4. As you used over 100 dial plans, it may be the issue of multiple dial plans. Would you please tell us why you created different dial plan for individual user with unique prefix?
5. Multiple dial plans and undue normalization rules may cause call fail. You can double check the normalization rule.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
I am loosing configuration when I power off my Cisco 857 router
I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
I tried it again and it again lost settings. So I found following instruction:
http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
0x2102 not 0x2142 like they think that is password reset mode.
Here is my output from Hyper Terminal:
=============================
Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar 1 01:19:27.786: %SYS-5-RELOAD: Reload requested by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK] Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar 1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized*Mar 1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled*Mar 1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar 1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar 1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar 1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar 1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar 1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar 1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar 1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar 1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar 1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar 1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar 1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar 1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar 1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar 1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar 1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar 1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar 1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar 1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar 1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar 1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
Please help me as I am stuck and can't go any further....Hi David White,
Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
write memory
to save the configuration. You can then verify that your changes have been saved to the startup config by issuing:
show startup-config"
The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
Phillip
write memory
is
copy running-config startup-config"
Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
Could you please write me step by step guide how can I make changed options stay permanently on router?
thank you
Dragan
Maybe you are looking for
-
How can I transfer pictures from my iPad to my iMac?
I have pictures on mhy iPad that I want to get to my new iMac. The only pictures that transfer are the pictures that I took with my iPad. How can I get my other photos to transfer?
-
I bought an ipod nano for my wife for Christmas and added music to it from my library. She now wants to add some of her music from her library on her mac. How can we do this??
-
Cant sign in to use find my iphone on pc?
This is what my computer says "iCloud has stopped responding. An error has prevented this application from working properly. Help Apple improve its products by sending us diagnostic and usage informaiton about iCloud. So I send to apple and try and r
-
Portal Runtime Exception opening KM Detail Iview
Hi , I created a KM Navigation Iview and i can see my folders and files. When i click from the Iview Context menu the Details option i get the exception. "Portal runtime error. An exception occurred while processing your request. Send the exception
-
Lightroom data base files previews
I wish to be able to Remove these Lightroom 5 Data Base Preview Files that NOW show up in my libraries pictures( June 2014 ) daily folder and also the Root Thumbnail icon that is showing. Please note all my other photos imputed from my picture libra