NHRP on the SR520
I configured a couple of 881's via Cisco Configuration Professional. One as a DMVPN hub, and the other as a secondary hub. I then have a couple of SR520's which I want to use these two hub servers. I then used CCP to generate a list of commands to connect another unit to the DMVPN. Here is what it generated :
crypto ipsec transform-set ESP-3DES-SHA esp-sha-hmac esp-3des
mode transport
exit
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
exit
interface Tunnel0
exit
default interface Tunnel0
interface Tunnel0
bandwidth 1000
delay 1000
ip nhrp holdtime 360
ip nhrp network-id 100000
ip nhrp authentication DMVPN_NW
ip mtu 1400
no shutdown
ip address 192.168.254.3 255.255.255.0
ip tcp adjust-mss 1360
ip nhrp nhs 192.168.254.1
ip nhrp nhs 192.168.254.2
ip nhrp map 192.168.254.1 75.xxx.xxx.xxx
ip nhrp map multicast 75.xxx.xxx.xxx
ip nhrp map 192.168.254.2 70.254.254.254
ip nhrp map multicast 70.254.254.254
tunnel source FastEthernet4
tunnel protection ipsec profile CiscoCP_Profile1
tunnel key 100000
tunnel mode gre multipoint
exit
router eigrp 1
network 192.168.254.0 0.0.0.255
exit
Ok, so I understand that the SR520's don't support EIGRP, and that i would instead set static routes in place of the EIGRP setup.
However, one thing I wasn't counting on is that the 520s did not seem to support NHRP either. Is this type of setup unsupported on the SR520s, or is there something I'm doing wrong?
When i go into the tunnel 0 interface, and try to type "ip nhrp ..." those commands are unavilible.
If this sort of setup is not availible, how should I be configuring the 520s? Or do I just need a firmware update or something?
I'm running 12.4(20)T5
Thanks
I have been waiting about 2 weeks to get my SmartNet contract processed. Isn't there a way to get a free 30 days to IOS updates or something?
Similar Messages
-
Official replacement for the SR520 in SBCS (UC500) deployments
Now that the SR520 as well as the SA500 series are EoL/EoS, what is the officially supported equipment (ie. configurable through CCA) for small teleworker and remote offices using the UC500 SBCS system? Is it the ISA500?
Dear Partner,
Thank you for reaching Cisco Small Business Support Community.
The ISA570W or the RV215W would be the best equipment to get that combines highly secure Internet, wireless, site-to-site, and remote access VPN plus many other features to accomplish today's needs and challenges. Please refer to their datasheets for details
ISA500 series datasheet;
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps11850/ps11752/data_sheet_c78-717565.html
RV215W datasheet;
http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps12678/data_sheet_c78-712088.html
Please let me know if there is anything else we may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
I cant get the router to work at all. I want to default it. CCA wont let me default the configuration for this router for some reason. The check box under reset config is missing.
I backup up the configs using tftp and then copied the V9 factory config to the router.
I did a copy flash start then the new config then wr mem
when I reload the router does an auto-save and copies the running over the startup
So I did the process again and then did a copy start run and got all kinds of errors.
what exactly is the correct method to default the routerHi,
sounds like your in a hole right now... not good.
Take a look at this document:
http://www.cisco.com/en/US/docs/routers/access/500/520/software/configuration/guide/520scg_rommon.html#wp1019618
If you do a write erase, then save the start-up config to a new file on the flash:, or export the startup config to a tftp server (might be the best way to go). Then reload and start in ROM monitor, and change the startup config from the file you just created, then you might have a running config.
CAREFUL: Know your limitations before doing this.. this is not the easiest configuration if you are not familiar with CLI. TAC is the recommended way to go.
Regards
Eivind -
Query on SR520-ADSL and using FE ports for WAN
Hi all,
Apologies for a noob type question here but I am hoping to save myself a junk of money:
I currently have a Cisco SR520-ADSL router in place utilising my current ADSL2+ Broadband connection.
The router is using a /29 Public address range on the ATM interface and on one of the FE ports to a firewall on the same subnet, which does the NAT to the PCs etc.
Internet <> SR520 (Public) <> Firewall (Public) <> LAN/PCs (Private/NAT)
This is all working fine but we are looking to upgrade our WAN link to a corporate Fibre link.
My ISP has given me new IP addresses, including a seperate WAN IP Subnet to my LAN IP Subnet, but all are still public.
e.g. (Addresses Just for example purposes)
WAN = 195.1.1.1 /30
My Router IP = 195.1.1.2
ISP Gateway = 195.1.1.1
LAN IP = 190.1.1.1 /29
So my question is simply this: Can I utilise my SR520 to route the two networks, using two of the FE ports and ignore the ATM (ADSL) port?
If so then I don't need to invest in a 1841 or similar and, for now, this will save me money.
I am just not sure if the useability of the 4 FE ports on the SR520 is reduced in any way when compared to a 1841 or similar?
Regards,
Chris SnapeHi Chris,
Sure, the port itself is layer 2 only, but there is no reason why you couldn't assign that to a dedicated layer 3 vlan interface.
eg:
conf t
vlan 32
name WAN
exit
interface fast 1
switchport access vlan 32
exit
interface vlan 32
ip address 10.10.10.10 255.255.255.0
The SR520 supports 4 VLANs, you can use the show vlan-switch command to see what is already configured.
As I mentioned previously, there may be certain limitations to using this approach, but it may be sufficient for many scenarios.
Also, just to repeat for others reading this thread, while possible, this is not a specifically supported configuration for the SR520 series routers.
Regards,
Andy -
my company uses dmvpn to connect with branch,but sometime when i “show ip nhrp bri " , i got some issus ,
the show information
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.3/32 192.168.96.3 incomplete
192.168.96.4/32 192.168.96.4 incomplete
192.168.96.5/32 192.168.96.5 incomplete
192.168.96.6/32 192.168.96.6 incomplete
192.168.96.7/32 192.168.96.7 incomplete
192.168.96.8/32 192.168.96.8 incomplete
192.168.96.9/32 192.168.96.9 incomplete
192.168.96.10/32 192.168.96.10 incomplete
192.168.96.11/32 192.168.96.11 incomplete
192.168.96.12/32 192.168.96.12 incomplete
192.168.96.13/32 192.168.96.13 incomplete
192.168.96.14/32 192.168.96.14 incomplete
192.168.96.15/32 192.168.96.15 incomplete
192.168.96.16/32 192.168.96.16 incomplete
192.168.96.17/32 192.168.96.17 incomplete
192.168.96.18/32 192.168.96.18 incomplete
192.168.96.19/32 192.168.96.19 incomplete
192.168.96.20/32 192.168.96.20 incomplete
192.168.96.21/32 192.168.96.21 incomplete
192.168.96.22/32 192.168.96.22 incomplete
192.168.96.23/32 192.168.96.23 incomplete
192.168.96.24/32 192.168.96.24 incomplete
192.168.96.25/32 192.168.96.25 incomplete
192.168.96.27/32 192.168.96.27 incomplete
192.168.96.28/32 192.168.96.28 incomplete
192.168.96.29/32 192.168.96.29 incomplete
192.168.96.30/32 192.168.96.30 incomplete
192.168.96.31/32 192.168.96.31 incomplete
192.168.96.32/32 192.168.96.32 incomplete
192.168.96.33/32 192.168.96.33 incomplete
192.168.96.34/32 192.168.96.34 incomplete
192.168.96.35/32 192.168.96.35 incomplete
192.168.96.36/32 192.168.96.36 incomplete
192.168.96.37/32 192.168.96.37 incomplete
192.168.96.38/32 192.168.96.38 incomplete
192.168.96.39/32 192.168.96.39 incomplete
192.168.96.40/32 192.168.96.40 incomplete
192.168.96.41/32 192.168.96.41 incomplete
192.168.96.42/32 192.168.96.42 incomplete
192.168.96.43/32 192.168.96.43 incomplete
192.168.96.44/32 192.168.96.44 incomplete
192.168.96.45/32 192.168.96.45 incomplete
192.168.96.46/32 192.168.96.46 incomplete
192.168.96.47/32 192.168.96.47 incomplete
192.168.96.48/32 192.168.96.48 incomplete
192.168.96.49/32 192.168.96.49 incomplete
192.168.96.50/32 192.168.96.50 incomplete
192.168.96.51/32 192.168.96.51 incomplete
192.168.96.52/32 192.168.96.52 incomplete
192.168.96.53/32 192.168.96.53 incomplete
192.168.96.54/32 192.168.96.54 incomplete
192.168.96.55/32 192.168.96.55 incomplete
192.168.96.56/32 192.168.96.56 incomplete
192.168.96.57/32 192.168.96.57 incomplete
192.168.96.58/32 192.168.96.58 incomplete
192.168.96.59/32 192.168.96.59 incomplete
192.168.96.60/32 192.168.96.60 incomplete
192.168.96.61/32 192.168.96.61 incomplete
192.168.96.62/32 192.168.96.62 incomplete
192.168.96.63/32 192.168.96.63 incomplete
192.168.96.64/32 192.168.96.64 incomplete
192.168.96.65/32 192.168.96.65 incomplete
192.168.96.66/32 192.168.96.66 incomplete
192.168.96.67/32 192.168.96.67 incomplete
192.168.96.68/32 192.168.96.68 incomplete
192.168.96.69/32 192.168.96.69 incomplete
192.168.96.70/32 192.168.96.70 incomplete
192.168.96.71/32 192.168.96.71 incomplete
192.168.96.72/32 192.168.96.72 incomplete
192.168.96.73/32 192.168.96.73 incomplete
192.168.96.74/32 192.168.96.74 incomplete
192.168.96.75/32 192.168.96.75 incomplete
192.168.96.76/32 192.168.96.76 incomplete
192.168.96.77/32 192.168.96.77 incomplete
192.168.96.78/32 192.168.96.78 incomplete
192.168.96.79/32 192.168.96.79 incomplete
192.168.96.80/32 192.168.96.80 incomplete
192.168.96.81/32 192.168.96.81 incomplete
192.168.96.82/32 192.168.96.82 incomplete
192.168.96.83/32 192.168.96.83 incomplete
192.168.96.84/32 192.168.96.84 incomplete
192.168.96.85/32 192.168.96.85 incomplete
192.168.96.86/32 192.168.96.86 incomplete
192.168.96.87/32 192.168.96.87 incomplete
192.168.96.88/32 192.168.96.88 incomplete
192.168.96.89/32 192.168.96.89 incomplete
192.168.96.90/32 192.168.96.90 incomplete
192.168.96.91/32 192.168.96.91 incomplete
192.168.96.92/32 192.168.96.92 incomplete
192.168.96.93/32 192.168.96.93 incomplete
192.168.96.94/32 192.168.96.94 incomplete
192.168.96.95/32 192.168.96.95 incomplete
192.168.96.96/32 192.168.96.96 incomplete
192.168.96.97/32 192.168.96.97 incomplete
192.168.96.98/32 192.168.96.98 incomplete
192.168.96.99/32 192.168.96.99 incomplete
192.168.96.100/32 192.168.96.100 incomplete
192.168.96.101/32 192.168.96.101 incomplete
192.168.96.102/32 192.168.96.102 incomplete
192.168.96.103/32 192.168.96.103 incomplete
192.168.96.104/32 192.168.96.104 incomplete
192.168.96.105/32 192.168.96.105 incomplete
192.168.96.106/32 192.168.96.106 incomplete
192.168.96.107/32 192.168.96.107 incomplete
192.168.96.108/32 192.168.96.108 incomplete
192.168.96.109/32 192.168.96.109 incomplete
192.168.96.110/32 192.168.96.110 incomplete
192.168.96.111/32 192.168.96.111 incomplete
192.168.96.112/32 192.168.96.112 incomplete
192.168.96.113/32 192.168.96.113 incomplete
192.168.96.114/32 192.168.96.114 incomplete
192.168.96.115/32 192.168.96.115 incomplete
192.168.96.116/32 192.168.96.116 incomplete
192.168.96.117/32 192.168.96.117 incomplete
192.168.96.118/32 192.168.96.118 incomplete
192.168.96.119/32 192.168.96.119 incomplete
192.168.96.120/32 192.168.96.120 incomplete
192.168.96.121/32 192.168.96.121 incomplete
192.168.96.122/32 192.168.96.122 incomplete
192.168.96.123/32 192.168.96.123 incomplete
192.168.96.124/32 192.168.96.124 incomplete
192.168.96.125/32 192.168.96.125 incomplete
192.168.96.126/32 192.168.96.126 incomplete
192.168.96.127/32 192.168.96.127 incomplete
192.168.96.128/32 192.168.96.128 incomplete
192.168.96.129/32 192.168.96.129 incomplete
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
192.168.96.137/32 192.168.96.137 incomplete
192.168.96.138/32 192.168.96.138 incomplete
192.168.96.139/32 192.168.96.139 incomplete
192.168.96.140/32 192.168.96.140 incomplete
192.168.96.141/32 192.168.96.141 incomplete
192.168.96.142/32 192.168.96.142 incomplete
192.168.96.143/32 192.168.96.143 incomplete
192.168.96.144/32 192.168.96.144 incomplete
192.168.96.145/32 192.168.96.145 incomplete
192.168.96.146/32 192.168.96.146 incomplete
192.168.96.147/32 192.168.96.147 incomplete
192.168.96.148/32 192.168.96.148 incomplete
192.168.96.149/32 192.168.96.149 incomplete
192.168.96.150/32 192.168.96.150 incomplete
192.168.96.151/32 192.168.96.151 incomplete
192.168.96.152/32 192.168.96.152 incomplete
192.168.96.153/32 192.168.96.153 incomplete
192.168.96.154/32 192.168.96.154 incomplete
192.168.96.155/32 192.168.96.155 incomplete
192.168.96.156/32 192.168.96.156 incomplete
192.168.96.157/32 192.168.96.157 incomplete
192.168.96.158/32 192.168.96.158 incomplete
192.168.96.159/32 192.168.96.159 incomplete
192.168.96.160/32 192.168.96.160 incomplete
192.168.96.161/32 192.168.96.161 incomplete
192.168.96.162/32 192.168.96.162 incomplete
192.168.96.163/32 192.168.96.163 incomplete
192.168.96.164/32 192.168.96.164 incomplete
192.168.96.165/32 192.168.96.165 incomplete
192.168.96.166/32 192.168.96.166 incomplete
192.168.96.167/32 192.168.96.167 incomplete
192.168.96.168/32 192.168.96.168 incomplete
192.168.96.169/32 192.168.96.169 incomplete
192.168.96.170/32 192.168.96.170 incomplete
192.168.96.171/32 192.168.96.171 incomplete
192.168.96.172/32 192.168.96.172 incomplete
192.168.96.173/32 192.168.96.173 incomplete
192.168.96.174/32 192.168.96.174 incomplete
192.168.96.175/32 192.168.96.175 incomplete
192.168.96.176/32 192.168.96.176 incomplete
192.168.96.177/32 192.168.96.177 incomplete
192.168.96.178/32 192.168.96.178 incomplete
192.168.96.179/32 192.168.96.179 incomplete
192.168.96.180/32 192.168.96.180 incomplete
192.168.96.181/32 192.168.96.181 incomplete
192.168.96.182/32 192.168.96.182 incomplete
192.168.96.183/32 192.168.96.183 incomplete
192.168.96.184/32 192.168.96.184 incomplete
192.168.96.185/32 192.168.96.185 incomplete
192.168.96.186/32 192.168.96.186 incomplete
192.168.96.187/32 192.168.96.187 incomplete
192.168.96.188/32 192.168.96.188 incomplete
192.168.96.189/32 192.168.96.189 incomplete
192.168.96.190/32 192.168.96.190 incomplete
192.168.96.191/32 192.168.96.191 incomplete
192.168.96.192/32 192.168.96.192 incomplete
192.168.96.193/32 192.168.96.193 incomplete
192.168.96.194/32 192.168.96.194 incomplete
192.168.96.195/32 192.168.96.195 incomplete
192.168.96.196/32 192.168.96.196 incomplete
192.168.96.197/32 192.168.96.197 incomplete
192.168.96.198/32 192.168.96.198 incomplete
192.168.96.199/32 192.168.96.199 incomplete
192.168.96.200/32 192.168.96.200 incomplete
192.168.96.201/32 192.168.96.201 incomplete
192.168.96.202/32 192.168.96.202 incomplete
192.168.96.203/32 192.168.96.203 incomplete
192.168.96.204/32 192.168.96.204 incomplete
192.168.96.205/32 192.168.96.205 incomplete
192.168.96.206/32 192.168.96.206 incomplete
192.168.96.207/32 192.168.96.207 incomplete
192.168.96.208/32 192.168.96.208 incomplete
192.168.96.209/32 192.168.96.209 incomplete
192.168.96.210/32 192.168.96.210 incomplete
192.168.96.211/32 192.168.96.211 incomplete
192.168.96.212/32 192.168.96.212 incomplete
192.168.96.213/32 192.168.96.213 incomplete
192.168.96.214/32 192.168.96.214 incomplete
192.168.96.215/32 192.168.96.215 incomplete
192.168.96.216/32 192.168.96.216 incomplete
192.168.96.217/32 192.168.96.217 incomplete
192.168.96.218/32 192.168.96.218 incomplete
192.168.96.219/32 192.168.96.219 incomplete
192.168.96.220/32 192.168.96.220 incomplete
192.168.96.221/32 192.168.96.221 incomplete
192.168.96.222/32 192.168.96.222 incomplete
192.168.96.223/32 192.168.96.223 incomplete
192.168.96.224/32 192.168.96.224 incomplete
192.168.96.225/32 192.168.96.225 incomplete
192.168.96.226/32 192.168.96.226 incomplete
192.168.96.227/32 192.168.96.227 incomplete
192.168.96.228/32 192.168.96.228 incomplete
192.168.96.229/32 192.168.96.229 incomplete
192.168.96.231/32 192.168.96.231 incomplete
192.168.96.232/32 192.168.96.232 incomplete
192.168.96.233/32 192.168.96.233 incomplete
192.168.96.234/32 192.168.96.234 incomplete
192.168.96.235/32 192.168.96.235 incomplete
192.168.96.236/32 192.168.96.236 incomplete
192.168.96.237/32 192.168.96.237 incomplete
192.168.96.238/32 192.168.96.238 incomplete
192.168.96.239/32 192.168.96.239 incomplete
192.168.96.240/32 192.168.96.240 incomplete
192.168.96.241/32 192.168.96.241 incomplete
192.168.96.242/32 192.168.96.242 incomplete
192.168.96.243/32 192.168.96.243 incomplete
192.168.96.244/32 192.168.96.244 incomplete
192.168.96.245/32 192.168.96.245 incomplete
192.168.96.246/32 192.168.96.246 incomplete
192.168.96.247/32 192.168.96.247 incomplete
192.168.96.248/32 192.168.96.248 incomplete
192.168.96.249/32 192.168.96.249 incomplete
192.168.96.250/32 192.168.96.250 incomplete
192.168.96.251/32 192.168.96.251 incomplete
192.168.96.252/32 192.168.96.252 incomplete
192.168.96.253/32 192.168.96.253 incomplete
192.168.96.254/32 192.168.96.254 incomplete
usually, when i show the same information after a while ,the nhrp get the normal
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.132/32 192.168.96.132 incomplete
192.168.96.133/32 192.168.96.133 incomplete
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
why this happened ,top players , thx~~~~~pradeepde,
Thank you very much for your response. I think you may be right, I have upgraded the IOS to a maintenance release 12.4.15T9 and this does appear to have fixed the problem.
Thanks again -
About a decade ago I took the CCNA course but not the certification , so I have a good level of knowledge. I do IT support for a non profit and we acquired an SR520. We chose it because we want to set up 3 to 5 VPN's allowing a few folks to work from home. I currently have the following issues: 1. while using my Vista laptop, a USB to serial cable, PuTTY for terminal emulation, I can connect and after 1-2 minutes the connection quits. I restart PuTTY and it works for a short time. The router doesn't seem to know the terminal was restarted. I am using 9600,8,1,n Any clues? 2. I have a DHCP server and would like to disable the one on the SR520 3. While I do want to eventually create VPN's and perhaps VLAN's for now I would like to disable both and turn them on in stages. The config assistance is useful but I would like to preconfigure and make a seamless switch. My email is [email protected] Thanks in advance, Jim Warriner
Andrew,
Maybe I am dense but I am banging my head against a brick wall here.
I can g through the security setup wizard and get as far as "apply configuration"
but it is "grayed out" . I can save the config as a file but cannot find a way to
save te file to the router. Connecting to the router as you suggested does not
show an option for DHCP disable and gives warnings if I attempt to change the
IP address of fe0 stating that it will disable NAT.
What am I missing?
I have reset the ruter to defaults several times, connected to it with my vista
laptop in a "private network" (192.168.75.1 the router and 192.168.75,11 my PC)
and always run into the same issues. Obviously I am missing a step some where.
The router does nothave the wireless option so I am ignoring that section of the setup.
I doubt if I can return the router (not that I want to) because we received it via Techsoup
as a donation. I want to make this work.
Jim Warriner -
SR520 Aerial - are you able to purchase an Aerial on it's own?
Customer has broken the aerial on their SR520 Router and was wanting to know if they can purchase an aerial on it's own? Can anyone suggest any options?
Hi,
The SR520 uses the same antenna as the 870 series. Not sure if these are still available as spares - I have seen some available on E-bay.
Essentially this is a 2.2dBi antenna with TNC connector.
Regards,
Andy -
my company uses dmvpn to connect with branch,but sometime when i “show ip nhrp bri " , i got some issus ,
the show information
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.3/32 192.168.96.3 incomplete
192.168.96.4/32 192.168.96.4 incomplete
192.168.96.5/32 192.168.96.5 incomplete
192.168.96.6/32 192.168.96.6 incomplete
192.168.96.7/32 192.168.96.7 incomplete
192.168.96.8/32 192.168.96.8 incomplete
192.168.96.9/32 192.168.96.9 incomplete
192.168.96.10/32 192.168.96.10 incomplete
192.168.96.11/32 192.168.96.11 incomplete
192.168.96.12/32 192.168.96.12 incomplete
192.168.96.13/32 192.168.96.13 incomplete
192.168.96.14/32 192.168.96.14 incomplete
192.168.96.15/32 192.168.96.15 incomplete
192.168.96.16/32 192.168.96.16 incomplete
192.168.96.17/32 192.168.96.17 incomplete
192.168.96.18/32 192.168.96.18 incomplete
192.168.96.19/32 192.168.96.19 incomplete
192.168.96.20/32 192.168.96.20 incomplete
192.168.96.21/32 192.168.96.21 incomplete
192.168.96.22/32 192.168.96.22 incomplete
192.168.96.23/32 192.168.96.23 incomplete
192.168.96.24/32 192.168.96.24 incomplete
192.168.96.25/32 192.168.96.25 incomplete
192.168.96.27/32 192.168.96.27 incomplete
192.168.96.28/32 192.168.96.28 incomplete
192.168.96.29/32 192.168.96.29 incomplete
192.168.96.30/32 192.168.96.30 incomplete
192.168.96.31/32 192.168.96.31 incomplete
192.168.96.32/32 192.168.96.32 incomplete
192.168.96.33/32 192.168.96.33 incomplete
192.168.96.34/32 192.168.96.34 incomplete
192.168.96.35/32 192.168.96.35 incomplete
192.168.96.36/32 192.168.96.36 incomplete
192.168.96.37/32 192.168.96.37 incomplete
192.168.96.38/32 192.168.96.38 incomplete
192.168.96.39/32 192.168.96.39 incomplete
192.168.96.40/32 192.168.96.40 incomplete
192.168.96.41/32 192.168.96.41 incomplete
192.168.96.42/32 192.168.96.42 incomplete
192.168.96.43/32 192.168.96.43 incomplete
192.168.96.44/32 192.168.96.44 incomplete
192.168.96.45/32 192.168.96.45 incomplete
192.168.96.46/32 192.168.96.46 incomplete
192.168.96.47/32 192.168.96.47 incomplete
192.168.96.48/32 192.168.96.48 incomplete
192.168.96.49/32 192.168.96.49 incomplete
192.168.96.50/32 192.168.96.50 incomplete
192.168.96.51/32 192.168.96.51 incomplete
192.168.96.52/32 192.168.96.52 incomplete
192.168.96.53/32 192.168.96.53 incomplete
192.168.96.54/32 192.168.96.54 incomplete
192.168.96.55/32 192.168.96.55 incomplete
192.168.96.56/32 192.168.96.56 incomplete
192.168.96.57/32 192.168.96.57 incomplete
192.168.96.58/32 192.168.96.58 incomplete
192.168.96.59/32 192.168.96.59 incomplete
192.168.96.60/32 192.168.96.60 incomplete
192.168.96.61/32 192.168.96.61 incomplete
192.168.96.62/32 192.168.96.62 incomplete
192.168.96.63/32 192.168.96.63 incomplete
192.168.96.64/32 192.168.96.64 incomplete
192.168.96.65/32 192.168.96.65 incomplete
192.168.96.66/32 192.168.96.66 incomplete
192.168.96.67/32 192.168.96.67 incomplete
192.168.96.68/32 192.168.96.68 incomplete
192.168.96.69/32 192.168.96.69 incomplete
192.168.96.70/32 192.168.96.70 incomplete
192.168.96.71/32 192.168.96.71 incomplete
192.168.96.72/32 192.168.96.72 incomplete
192.168.96.73/32 192.168.96.73 incomplete
192.168.96.74/32 192.168.96.74 incomplete
192.168.96.75/32 192.168.96.75 incomplete
192.168.96.76/32 192.168.96.76 incomplete
192.168.96.77/32 192.168.96.77 incomplete
192.168.96.78/32 192.168.96.78 incomplete
192.168.96.79/32 192.168.96.79 incomplete
192.168.96.80/32 192.168.96.80 incomplete
192.168.96.81/32 192.168.96.81 incomplete
192.168.96.82/32 192.168.96.82 incomplete
192.168.96.83/32 192.168.96.83 incomplete
192.168.96.84/32 192.168.96.84 incomplete
192.168.96.85/32 192.168.96.85 incomplete
192.168.96.86/32 192.168.96.86 incomplete
192.168.96.87/32 192.168.96.87 incomplete
192.168.96.88/32 192.168.96.88 incomplete
192.168.96.89/32 192.168.96.89 incomplete
192.168.96.90/32 192.168.96.90 incomplete
192.168.96.91/32 192.168.96.91 incomplete
192.168.96.92/32 192.168.96.92 incomplete
192.168.96.93/32 192.168.96.93 incomplete
192.168.96.94/32 192.168.96.94 incomplete
192.168.96.95/32 192.168.96.95 incomplete
192.168.96.96/32 192.168.96.96 incomplete
192.168.96.97/32 192.168.96.97 incomplete
192.168.96.98/32 192.168.96.98 incomplete
192.168.96.99/32 192.168.96.99 incomplete
192.168.96.100/32 192.168.96.100 incomplete
192.168.96.101/32 192.168.96.101 incomplete
192.168.96.102/32 192.168.96.102 incomplete
192.168.96.103/32 192.168.96.103 incomplete
192.168.96.104/32 192.168.96.104 incomplete
192.168.96.105/32 192.168.96.105 incomplete
192.168.96.106/32 192.168.96.106 incomplete
192.168.96.107/32 192.168.96.107 incomplete
192.168.96.108/32 192.168.96.108 incomplete
192.168.96.109/32 192.168.96.109 incomplete
192.168.96.110/32 192.168.96.110 incomplete
192.168.96.111/32 192.168.96.111 incomplete
192.168.96.112/32 192.168.96.112 incomplete
192.168.96.113/32 192.168.96.113 incomplete
192.168.96.114/32 192.168.96.114 incomplete
192.168.96.115/32 192.168.96.115 incomplete
192.168.96.116/32 192.168.96.116 incomplete
192.168.96.117/32 192.168.96.117 incomplete
192.168.96.118/32 192.168.96.118 incomplete
192.168.96.119/32 192.168.96.119 incomplete
192.168.96.120/32 192.168.96.120 incomplete
192.168.96.121/32 192.168.96.121 incomplete
192.168.96.122/32 192.168.96.122 incomplete
192.168.96.123/32 192.168.96.123 incomplete
192.168.96.124/32 192.168.96.124 incomplete
192.168.96.125/32 192.168.96.125 incomplete
192.168.96.126/32 192.168.96.126 incomplete
192.168.96.127/32 192.168.96.127 incomplete
192.168.96.128/32 192.168.96.128 incomplete
192.168.96.129/32 192.168.96.129 incomplete
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
192.168.96.137/32 192.168.96.137 incomplete
192.168.96.138/32 192.168.96.138 incomplete
192.168.96.139/32 192.168.96.139 incomplete
192.168.96.140/32 192.168.96.140 incomplete
192.168.96.141/32 192.168.96.141 incomplete
192.168.96.142/32 192.168.96.142 incomplete
192.168.96.143/32 192.168.96.143 incomplete
192.168.96.144/32 192.168.96.144 incomplete
192.168.96.145/32 192.168.96.145 incomplete
192.168.96.146/32 192.168.96.146 incomplete
192.168.96.147/32 192.168.96.147 incomplete
192.168.96.148/32 192.168.96.148 incomplete
192.168.96.149/32 192.168.96.149 incomplete
192.168.96.150/32 192.168.96.150 incomplete
192.168.96.151/32 192.168.96.151 incomplete
192.168.96.152/32 192.168.96.152 incomplete
192.168.96.153/32 192.168.96.153 incomplete
192.168.96.154/32 192.168.96.154 incomplete
192.168.96.155/32 192.168.96.155 incomplete
192.168.96.156/32 192.168.96.156 incomplete
192.168.96.157/32 192.168.96.157 incomplete
192.168.96.158/32 192.168.96.158 incomplete
192.168.96.159/32 192.168.96.159 incomplete
192.168.96.160/32 192.168.96.160 incomplete
192.168.96.161/32 192.168.96.161 incomplete
192.168.96.162/32 192.168.96.162 incomplete
192.168.96.163/32 192.168.96.163 incomplete
192.168.96.164/32 192.168.96.164 incomplete
192.168.96.165/32 192.168.96.165 incomplete
192.168.96.166/32 192.168.96.166 incomplete
192.168.96.167/32 192.168.96.167 incomplete
192.168.96.168/32 192.168.96.168 incomplete
192.168.96.169/32 192.168.96.169 incomplete
192.168.96.170/32 192.168.96.170 incomplete
192.168.96.171/32 192.168.96.171 incomplete
192.168.96.172/32 192.168.96.172 incomplete
192.168.96.173/32 192.168.96.173 incomplete
192.168.96.174/32 192.168.96.174 incomplete
192.168.96.175/32 192.168.96.175 incomplete
192.168.96.176/32 192.168.96.176 incomplete
192.168.96.177/32 192.168.96.177 incomplete
192.168.96.178/32 192.168.96.178 incomplete
192.168.96.179/32 192.168.96.179 incomplete
192.168.96.180/32 192.168.96.180 incomplete
192.168.96.181/32 192.168.96.181 incomplete
192.168.96.182/32 192.168.96.182 incomplete
192.168.96.183/32 192.168.96.183 incomplete
192.168.96.184/32 192.168.96.184 incomplete
192.168.96.185/32 192.168.96.185 incomplete
192.168.96.186/32 192.168.96.186 incomplete
192.168.96.187/32 192.168.96.187 incomplete
192.168.96.188/32 192.168.96.188 incomplete
192.168.96.189/32 192.168.96.189 incomplete
192.168.96.190/32 192.168.96.190 incomplete
192.168.96.191/32 192.168.96.191 incomplete
192.168.96.192/32 192.168.96.192 incomplete
192.168.96.193/32 192.168.96.193 incomplete
192.168.96.194/32 192.168.96.194 incomplete
192.168.96.195/32 192.168.96.195 incomplete
192.168.96.196/32 192.168.96.196 incomplete
192.168.96.197/32 192.168.96.197 incomplete
192.168.96.198/32 192.168.96.198 incomplete
192.168.96.199/32 192.168.96.199 incomplete
192.168.96.200/32 192.168.96.200 incomplete
192.168.96.201/32 192.168.96.201 incomplete
192.168.96.202/32 192.168.96.202 incomplete
192.168.96.203/32 192.168.96.203 incomplete
192.168.96.204/32 192.168.96.204 incomplete
192.168.96.205/32 192.168.96.205 incomplete
192.168.96.206/32 192.168.96.206 incomplete
192.168.96.207/32 192.168.96.207 incomplete
192.168.96.208/32 192.168.96.208 incomplete
192.168.96.209/32 192.168.96.209 incomplete
192.168.96.210/32 192.168.96.210 incomplete
192.168.96.211/32 192.168.96.211 incomplete
192.168.96.212/32 192.168.96.212 incomplete
192.168.96.213/32 192.168.96.213 incomplete
192.168.96.214/32 192.168.96.214 incomplete
192.168.96.215/32 192.168.96.215 incomplete
192.168.96.216/32 192.168.96.216 incomplete
192.168.96.217/32 192.168.96.217 incomplete
192.168.96.218/32 192.168.96.218 incomplete
192.168.96.219/32 192.168.96.219 incomplete
192.168.96.220/32 192.168.96.220 incomplete
192.168.96.221/32 192.168.96.221 incomplete
192.168.96.222/32 192.168.96.222 incomplete
192.168.96.223/32 192.168.96.223 incomplete
192.168.96.224/32 192.168.96.224 incomplete
192.168.96.225/32 192.168.96.225 incomplete
192.168.96.226/32 192.168.96.226 incomplete
192.168.96.227/32 192.168.96.227 incomplete
192.168.96.228/32 192.168.96.228 incomplete
192.168.96.229/32 192.168.96.229 incomplete
192.168.96.231/32 192.168.96.231 incomplete
192.168.96.232/32 192.168.96.232 incomplete
192.168.96.233/32 192.168.96.233 incomplete
192.168.96.234/32 192.168.96.234 incomplete
192.168.96.235/32 192.168.96.235 incomplete
192.168.96.236/32 192.168.96.236 incomplete
192.168.96.237/32 192.168.96.237 incomplete
192.168.96.238/32 192.168.96.238 incomplete
192.168.96.239/32 192.168.96.239 incomplete
192.168.96.240/32 192.168.96.240 incomplete
192.168.96.241/32 192.168.96.241 incomplete
192.168.96.242/32 192.168.96.242 incomplete
192.168.96.243/32 192.168.96.243 incomplete
192.168.96.244/32 192.168.96.244 incomplete
192.168.96.245/32 192.168.96.245 incomplete
192.168.96.246/32 192.168.96.246 incomplete
192.168.96.247/32 192.168.96.247 incomplete
192.168.96.248/32 192.168.96.248 incomplete
192.168.96.249/32 192.168.96.249 incomplete
192.168.96.250/32 192.168.96.250 incomplete
192.168.96.251/32 192.168.96.251 incomplete
192.168.96.252/32 192.168.96.252 incomplete
192.168.96.253/32 192.168.96.253 incomplete
192.168.96.254/32 192.168.96.254 incomplete
usually, when i show the same information after a while ,the nhrp get the normal
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.132/32 192.168.96.132 incomplete
192.168.96.133/32 192.168.96.133 incomplete
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
why this happened ,top players , thx~~~~~pradeepde,
Thank you very much for your response. I think you may be right, I have upgraded the IOS to a maintenance release 12.4.15T9 and this does appear to have fixed the problem.
Thanks again -
Hello all,
I wanted to know if the WLAN on a SR520 supports QOS.
We are trying to setup a teleworker site and want to stick with the 500 family of devices. The requirement of the teleworker site is to have hard wired PCs connecting to the SR520 and a wireless phone at the teleworker site with good voice quality (QOS).
For Example, take the UC500 (not a typo UC500) and its built-in WLAN (assuming you order it this way). According to the documentation the WLAN will work with the Cisco 7921 (for example), but does not support QOS over that WLAN antenea, you must get a WAP or WLC and WAP combination to support QOS over WLAN.
I would appreciate seeing this in a Cisco official document.
Thanks, JohnThe SR520 is WMM certified, but it does not support diversity. For mixed wireless voice and wireless data deployments it should be a good choice. However, you are sayig that the PC's will be wired to the network, while the voice will be wireless. In this case, I think that more important than WLAN QoS is WAN QoS. The reason is that with this being a teleworker deployment, the 7921 will be registering to a remote UC500.
With regards to the lack of QoS/WMM support in the UC500, that has changed somehow. We still mandate that you deploy a WAP/WLC when using the 7921. But with the new SPA525 phone (wireless desk phone), CCA will push QoS configuration for the embedded and external access points, depending on the deployment model. Notice that this is possible because there are no roaming or mobile considerations (the SPA525 is a "static" phone).
Hope this helps,
Marcos -
SR520 - UC520 VPN - Banging my head
I had a VPN tunnel working on another SR520 and UC520. I copied most of the vpn parts of the configs over the new set of equipment. It does not work. I am trying to plug a phone into the SR520. It just says registering. The phone is setup on the UC520. I have attached the configs for both.
Thanks to anyone that can help.sure...
sbcs-48U#sh run
Building configuration...
Current configuration : 39285 bytes
! Last configuration change at 15:34:15 PST Wed Mar 18 2009 by cisco
! NVRAM config last updated at 08:28:42 PST Wed Mar 11 2009 by cisco
version 12.4
parser config cache interface
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service compress-config
hostname sbcs-48U
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 $1$9NKA$ctuO5k76h5.MfpwOT44zT.
aaa new-model
aaa authentication login default local
aaa authentication login Foxtrot_sdm_easyvpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network Foxtrot_sdm_easyvpn_group_ml_1 local
aaa session-id common
clock timezone PST -8
clock summer-time PST recurring
crypto pki trustpoint TP-self-signed-3798541801
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3798541801
revocation-check none
rsakeypair TP-self-signed-3798541801
crypto pki certificate chain TP-self-signed-3798541801
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373938 35343138 3031301E 170D3039 30333130 31363433
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37393835
34313830 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AF2C 49896D4B 59DC182F B0A72A87 7A2D27C8 0003BDC7 07CB910D 15FB34DE
B603E7FB 28247D5B 94C8313F 000B9AC6 4066DFE0 E3BD0C96 F526E064 F43F274E
529F4D05 1A2A2587 AE8A28A2 AF24BF78 6120BE25 BAB3B222 A9C1EF3C CF49099F
DA489AAE D68C2F0F 7D4B8572 CA5A23C8 C3F2B1F8 57242F5C 265D24B8 ED55D778
0EFB0203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603
551D1104 09300782 05554335 3230301F 0603551D 23041830 168014AE 21B7EABC
E04263F3 622BDFF1 88F1A4A5 125F9930 1D060355 1D0E0416 0414AE21 B7EABCE0
4263F362 2BDFF188 F1A4A512 5F99300D 06092A86 4886F70D 01010405 00038181
007E4AF4 9781D726 BBE4B4D2 D3B98FB0 335B7868 EB463D3E C4F15E6D 9CDA9314
AC98D61D 50F2395C C9665837 9C257386 4A5D01BC EEBD338A 01280261 A8D74A79
4A24141A 09828B77 B2C3BB27 0FF2931D 67634FA6 92820CF9 5393F42F DBF713C4
8BE94DF5 317DF2C9 F0F3A4D4 219139AC 9B8113E7 EA3C2724 CA4A332D 0D191A5B 9F
quit
dot11 syslog
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.1.1 10.1.1.10
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp pool phone
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 10.1.1.1
ip dhcp pool data
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 64.102.6.247
ip name-server 64.102.6.247
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ipv6 cef
stcapp ccm-group 1
stcapp
stcapp feature access-code
multilink bundle-name authenticated
trunk group ALL_FXO
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
no update-callerid
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice hunt-group 1 parallel
final 400
list 201,202,203,204,205
timeout 16
pilot 505
voice translation-rule 1111
voice translation-rule 1112
rule 1 /^9/ //
voice translation-rule 2001
voice translation-rule 2222
rule 1 /^91900......./ //
rule 2 /^91976......./ //
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate calling 1111
translate called 1112
voice-card 0
no dspfarm
username cisco privilege 15 secret 5 $1$VXm.$Z9dCqAQBcpi2qCnr0HKHi1
username remuser secret 5 $1$TDzM$R5lxPNmJCRSIKsAh94maw.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EZVPN_GROUP_1
key cisco123
dns 64.102.6.247
pool SDM_POOL_1
acl 105
max-users 10
crypto isakmp profile sdm-ike-profile-1
match identity group EZVPN_GROUP_1
client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
archive
log config
logging enable
logging size 600
hidekeys
ip tftp source-interface Loopback0
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 64.102.88.173 255.255.255.0
ip access-group 104 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/1
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/8
switchport mode trunk
macro description cisco-switch
interface Virtual-Template1 type tunnel
ip unnumbered Vlan1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
interface Vlan1
description $FW_INSIDE$
ip address 192.168.10.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
interface Vlan100
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly
ip local pool SDM_POOL_1 192.168.10.101 192.168.10.109
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 64.102.88.1
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip nat inside source list 1 interface FastEthernet0/0 overload
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 192.168.10.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 10.1.10.2 eq non500-isakmp
access-list 101 permit udp any host 10.1.10.2 eq isakmp
access-list 101 permit esp any host 10.1.10.2
access-list 101 permit ahp any host 10.1.10.2
access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 deny ip 192.168.10.0 0.0.0.255 any
access-list 101 deny ip 64.102.88.0 0.0.0.255 any
access-list 101 deny ip 10.1.1.0 0.0.0.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp any host 192.168.10.1 eq non500-isakmp
access-list 102 permit udp any host 192.168.10.1 eq isakmp
access-list 102 permit esp any host 192.168.10.1
access-list 102 permit ahp any host 192.168.10.1
access-list 102 deny ip 10.1.10.0 0.0.0.3 any
access-list 102 deny ip 64.102.88.0 0.0.0.255 any
access-list 102 deny ip 10.1.1.0 0.0.0.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp any host 10.1.1.1 eq non500-isakmp
access-list 103 permit udp any host 10.1.1.1 eq isakmp
access-list 103 permit esp any host 10.1.1.1
access-list 103 permit ahp any host 10.1.1.1
access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 deny ip 10.1.10.0 0.0.0.3 any
access-list 103 deny ip 192.168.10.0 0.0.0.255 any
access-list 103 deny ip 64.102.88.0 0.0.0.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_14##
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp any host 64.102.88.173 eq non500-isakmp
access-list 104 permit udp any host 64.102.88.173 eq isakmp
access-list 104 permit esp any host 64.102.88.173
access-list 104 permit ahp any host 64.102.88.173
access-list 104 deny ip 10.1.10.0 0.0.0.3 any
access-list 104 deny ip 192.168.10.0 0.0.0.255 any
access-list 104 deny ip 10.1.1.0 0.0.0.255 any
access-list 104 permit udp host 64.102.6.247 eq domain any
access-list 104 permit icmp any host 64.102.88.173 echo-reply
access-list 104 permit icmp any host 64.102.88.173 time-exceeded
access-list 104 permit icmp any host 64.102.88.173 unreachable
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any log
access-list 105 remark SDM_ACL Category=4
access-list 105 permit ip 192.168.10.0 0.0.0.255 any
access-list 105 permit ip 10.1.1.0 0.0.0.255 any
access-list 105 permit ip 10.1.10.0 0.0.0.255 any
snmp-server community public RO -
Can the SR520 actually sustain full WAN bandwidth to the LAN ports?
I have a client that's just pulled a Cogent fiber service guaranteed at 100mbps. He's wanting me to spec a small biz router that will ensure he gets "what he's paying for "--full 100 mbps at the LAN.
I had a Cisco online person say they've recommended this SR520 to others with 100mbps service, but I see no spec or even partner information or data that I can point to for W-L throughput numbers?
Any help would be appreciated!
BTW, if there's another small biz option that is still simple, we can suggest that, too.
Chet_PHi Chet,
Thanks for using the Small Business Support Community.
Although the SR520 has an Fast Ethernet WAN interface, it is unlikely to be able to forward internet traffic at 100Mbps.
Ultimately maximum forwarding rates will depend on the type of features you wish to use.
In terms of small business products, the SRP541 might offer the performance levels you require in this case.
Andy -
Connecting 800 series through a sr520
hi there
i have a demroom set up which includes a sr520 as the edge router connecting to the ISP and i have a uc 560 connected to that which is working fine
i also have a new business edition 3000 and a 800 series router which im looking to connect to the sr 520 for access to the ISP as the 800 series doesn't have a ADSL line on it .i have given the 800 series routers wan interface a static address of 192.168.75.14 wich is from the address range in the sr520s default vlan and excluded the address from the DHCP pool. now from the ccp express on the 800 s i can ping the wan port of the 800 s and the default vlan/gateway of the sr520 and the wan ip of the sr520 but no further also once i try pinging it from the cmd on windows i cant ping any further that the wan interface on the 800 s . i was hoping some one could help me with this as im not to sure where to go nexthi andy
thanks for getting back to me .yes the wan port fe 4 on the 800 is 192.168.75.14 and i have a default route sending the traffic out fe4 the wan port to the next hop address 192.168.75.1 the default address/vlan of the sr520
i have selected the wan port as the outside interface but have not configured nat.
the reason i have used the 800 at all is that the be3000 needs a router that has C.U.B.E (cisco unifyed border element)
and the sr520 doesnt also i only have one broadband line that uses adsl which the 800s doesnt support so i thought it would be easy enough just to directly connect the 800 to the sr520 put in a few static route and that would be it
but like i mentioned before i can ping the wan port of the sr520 from the ios of the 800 even googles dns 8.8.8.8 but get no internet connection and when i ping the wan interface from the sr520 its successful it seems to be from the wan port on the 800 and the 800s default vlan/gateway 10.10.10.1 wich is have some difficulty passing traffic
any ideas would be more that welcome
regards
lee -
Where can I get a complete and accurate version of the CLI Reference Manual for my SR520? I would like it to be in PDF form since I will need it most when my network is down and I am trying to repair my network.
Luke,
While the SR520-T1 does not support the CLI, the other models do support the CLI, but Enterprise provides this support with a contract. The admin guide can be found here: http://www.cisco.com/en/US/docs/routers/access/500/520/software/configuration/guide/520scg.pdf
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security -
Hello,
Recently I bought a SR520-FE. And it works fine untill I do the following…
Setup is as follows:
Vlan 75 DHCP enabled with 192.168.22.x
Vlan 70 DHCP enabled with 192.168.75.x
When I create a second Vlan with number 70 on the sr520 and “connect” it to FE1 together with a second DHCP scoop with IP range 192.168.75.x, and I create a second Vlan on my switch and connect this to the SR520, see the picture then al the systems in the network are unable to connect to the internet.
What am I doing wrong.
Thanks for you help.
RuudHi Dave,
Thanks for your reply.
For your point of view, the client are connecting to Vlan 1 on the switch and getting an IP form the range 192.168.22.x.
As default, all the ports on the SR520 are tagged as smart ports. I've configured FE1 as a port which is connected to a switch... and did nothing els to the other ports on the router.
I don't understand this line: I guess you have set the switch ports leading to the SR520 as access (non tagged) ports
What do you mean with it?
I'll post ASAP the show tech of the router.
Thanks again,
Regeards,
Ruud -
GUI issues with VPN server / remote settings - SR520 UC540
Kinda new to the CCA world, but not new to the game. So far I am finding the limitations a bit frustrating, but here's the main issue at the moment:
Attempting to set up a simple network with a UC540 at HQ, with an SR520 at a SOHO site. I can get the remote VPN working fine, also get a VPN to the SR520 for remote administration working. Actually had everything working fine, saved the config and rebooted to test prior to shipping it to out.
However, when I go back to look at the settings, trouble starts.The remote VPN settings don't show - the CCA tells me changes have been made in the CLI (not). The display for the VPN Server also seems buggy as it will not always display the settings for the VPN itself or the networks listed under split tunnels.Changes to either VPN setup appear to bork the other.
As this is going to a site far, far away I need to be very sure that the VPN setup is solid, at least for remote access. I have a sneaking suspicion that some of the settings are shared and changes to one setup affect the other, but after going from everything working > save > reload > not working, I can't see what is wrong.
Short version - need SOHO to communicate with HQ over site-to-site VPN, with remote access from 3d location to CCA.
Any hints?Hi,
To resolve your issue as soon as possible, please post your question on the Forefront TMG forum:
http://social.technet.microsoft.com/Forums/en-US/home?forum=Forefrontedgegeneral
Steven Lee
TechNet Community Support
Maybe you are looking for
-
I bought an Ibook by mistake when I thought I was buying an audiobook. I only have an Ipod - can't read a big book like that on an Ipod. Is it possible to transfer it to a Kobo Vox? If not, how do I get hold of Itunes to exchange them (I will pay the
-
How to add new field storage location of MM in FMDERIVE
Dear All I want to add new field storage location in FMDERIVE as need to consume budget on the basis of storage location Thanks in advance
-
I keep losing files on my XServe
I am having an issue with my application files that are stored on my G5 Xserve and hopefully someone has an answer. Currently on of our users will create a new application file, such as PDF, and place it in a folder that was created on our server. Th
-
Hi, I have an Jca program which has 3 input params and one output param. Its works fine when I hard code those values. But now i need these values as input from the user (user will be entering these values). How to get these values from a jsp page? C
-
I have built all of my process in v9.0.2.62.3 except for once the row is loaded into my staging table, I want to delete this row from the source. I was trying to use the post-mapping process to call a procedure that would perform the deletion. Howeve