Problem with Cisco 861W router and outgoing VPN
We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 216.49.160.10 216.49.160.66
default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciated
Hello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router.
Similar Messages
-
Problem with Cisco 831 router NAT translation or routing
Hello,
I’ve reviewed several post on this forum, very useful, and I think this 831 router config should allow for NAT'ng port 8080 to the ‘inside’ ip address, per this statement below. but my efforts have not been successful, no responses get back to outside client (xx.24.40). clients on inside can communicate outbound fine. The iis server at .10.3 is definitely up and running on port 8080. I know this is probably a duplicate of other posts but if anyone can pinpoint my error I would really appreciate it!!
ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
Here is some debug ip nat output when attemping to connect on port 8080, do not get response back from server to external client (xx.24.40)….
Feb 03 13:22:49 10.10.10.1 297472: *Mar 2 00:09:31.894: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21674]
Feb 03 13:22:49 10.10.10.1 297473: *Mar 2 00:09:31.894: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21674]
Feb 03 13:22:52 10.10.10.1 297474: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21678]
Feb 03 13:22:52 10.10.10.1 297475: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21678]
Feb 03 13:22:52 10.10.10.1 297476: *Mar 2 00:09:34.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21679]
Feb 03 13:22:52 10.10.10.1 297477: *Mar 2 00:09:34.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21679]
Feb 03 13:22:58 10.10.10.1 297478: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44122) -> (xx.xx.254.128, 8080) [21684]
Feb 03 13:22:58 10.10.10.1 297479: *Mar 2 00:09:40.906: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21684]
Feb 03 13:22:58 10.10.10.1 297480: *Mar 2 00:09:40.906: NAT: o: tcp (xx.xx.254.40, 44123) -> (xx.xx.254.128, 8080) [21685]
Feb 03 13:22:58 10.10.10.1 297481: *Mar 2 00:09:40.910: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21685]
Feb 03 13:23:10 10.10.10.1 297482: *Mar 2 00:09:52.922: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21698]
Feb 03 13:23:10 10.10.10.1 297483: *Mar 2 00:09:52.922: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21698]
Feb 03 13:23:13 10.10.10.1 297484: *Mar 2 00:09:55.930: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21702]
Feb 03 13:23:13 10.10.10.1 297485: *Mar 2 00:09:55.930: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21702]
Feb 03 13:23:19 10.10.10.1 297486: *Mar 2 00:10:01.934: NAT: o: tcp (xx.xx.254.40, 44124) -> (xx.xx.254.128, 8080) [21709]
Feb 03 13:23:19 10.10.10.1 297487: *Mar 2 00:10:01.934: NAT: s=xx.xx.254.40, d=xx.xx.254.128->10.10.10.3 [21709]
Feb 03 13:23:58 10.10.10.1 297489: *Mar 2 00:10:41.306: NAT: expiring xx.xx.254.128 (10.10.10.3) tcp 8080 (8080)
538-R1023-C830#sh running-config full
Building configuration...
Current configuration : 4329 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 538-R1023-C830
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no logging console
no aaa new-model
resource policy
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.1.18.152
lease 0 2
ip cef
ip domain list sd.cox.net
ip domain name sd.cox.net
no ip ips deny-action ips-interface
no ftp-server write-enable
crypto pki trustpoint TP-self-signed-75609932
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-75609932
revocation-check none
rsakeypair TP-self-signed-75609932
crypto pki certificate chain TP-self-signed-75609932
certificate self-signed 01
<snip>
interface Ethernet0
description inside
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Ethernet1
description outside
ip address dhcp
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
interface Ethernet2
no ip address
shutdown
interface FastEthernet1
no ip address
duplex auto
speed auto
interface FastEthernet2
no ip address
duplex auto
speed auto
interface FastEthernet3
no ip address
duplex auto
speed auto
interface FastEthernet4
no ip address
duplex auto
speed auto
no ip classless
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 10.10.10.3 8080 interface Ethernet1 8080
logging trap debugging
logging 10.10.10.3
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip any any
control-plane
banner login ^C
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
endHi Alain,
yes, the client i was testing with is on the same subnet as public router ip. Good thought on the firewall, I will disable any firewall on iis machine (my laptop) and re-test. will reply with those results on Monday. ultimately i'm needing to test nat for port 9100 to a printer, I'll add that and test as well, firewall shouldn't be a factor with printer.
thank you.
Grant -
VPN problems with ActionTec wireless router
I'm trying to set up VPN from my Win7 laptop to my Win7 desktop to use while travelling.
I have an ActionTec GT704WGB and cannot VPN from my laptop on the Internet in to my desktop on this router. Using the Microsoft VPN test tools pptpsrv and pptpclnt I can successfully send VPN test messages (Port 1723 and GRE Protocol 47) between the two machines on my subnet, bypassing the ActionTec, so I know that Windows and Norton Internet Security are not the problem. But when I put the laptop on the Internet through another provider I cannot get any messages through the ActionTec. The ActionTec is configured (Security / VPN) to support VPN with Port 1723 forwarding and GRE * * * ). I am suspecting perhaps the ActionTec does not support inbound VPN but cannot find anything in the user manual or ActionTec support that clarifies one way or the other. I'm sure I used to be able to outbound VPN to my former employer's network.
It seems there is something about this router, or perhaps there is something in the Verizon network that does not support inbound VPN. Does anyone know?The actiontech does support incoming and outgoing VPN connections. What changes possibly needed with your VPN setup or different port forwarding needed would need to be advised by the VPN tech support group.
Anthony_VZ
**If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan -
Well my iphone 5 does not remember my home network. This is not a problem with the wifi router as the ipad works absolutely fine. The wifi loses it connection in just 2 minutes. So could you please fix this problem.
Not unless the modem is causing a problem.
What you want to do is get it to work reliably over Ethernet first, then tackle wifi. Power off the modem. On your macbook, delete the Ethernet configuration and the Wifi configuration. Power up the modem, then connect the mac via Ethernet. Create the new Ethernet configuration and see if you can connect. -
PLEASE HELP! Problems with Cisco WLAN and WPA encryption
I checked the threads and didn't see this posted. I have a Cisco WLAN card in my T42_2373_C88. It's a very unfortunate thing that this wireless LAN card/wireless config. utitlity doesn't support WPA encryption. I'm not entirely sure that it's the problem with the WLAN card, and the reason for this is that I initially set up a network through the Windows config. utility bypassing the IBM utility (which I can no longer do). I wasn't actually able to connect to my local network until I completely removed the profile for my home network in the access connections, only then was I able to connect (WPA-PSK (TKIP)). I saw some drivers available for my make and model on the lenovo.com driver site. I downloaded the drivers and went through device manager specifying the folder where the drivers were located and the drivers were not recognized by windows as valid drivers. Unless specifically told otherwise, I don't want to manually override and load these drivers. This is a business machine, and this specific wireless function is VERY critical.
Thankstry using URLConnection instead of HTTPConnection.
-
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
I have been having problems with my iPod touch and my WRT...
I have been having problems with my iPod touch and my WRT54G router. I am so frustrated right now because after following the various steps mentioned in one of these threads, following Earthlink's prompts, and speaking with Apple, my iPod touch will still not work. It is connected to the internet but will not download the pages. It is quite frustrating. I have changed from WPA to WEP, I switched the 4th Generated key to the 1st. I've disabled this, enabled that. I've done just about everything. I updated the firmware. I made the switch from a partial bridge to a full bridge. Still nothing seems to work. Does anyone have any other suggestions? The one thing I have not done is enter the Apple code into the iPod which searches for website...-- I cannot access the internet with my iPod so this web address does not work. If anyone has been successful, will you please give me step by step instructions? Yesterday I was on the phone with Linksys for about an hour. Before that with Apple for about an hour and before that with Earthlink. How it is that I can walk into a Bread Co. or Apple Store and immediately connect to the internet with my iPod but I can't in my own house?? Everyone seems to think it is someone else's problem so I've gone around and around. Not one of the Linksys support personnel suggested I look here on this community forum. I had to pay the $9 fee to have advanced Linksys help but still my iPod does not work and when I called back, the man I spoke with seemed to think the case was closed because my PC, Laptop, and iPod are connected to the internet -- the iPod just won't download the webpages or get mail. My iPod's IP address begins with 192. I would appreciate any help on this matter
Message Edited by AlliW on 10-02-2008 02:06 PMI had the same issues with my iPod touch & iPhone. It's a known issue with the touch & Linksys G routers. Go into settings on the touch & do the following.
1. Settings - wifi - linksys
2. Erase your DNS settings & input same numbers as in router
Settings.
3. Http proxy should be
in off position.
4. Close out & open safari you should now have a wireless
connection. -
I just bought an Apple TV and am trying to set it up. I am connected to wireless, is having difficulties setting time and date. When I try to connect to iTunes and sharing. It keeps telling me that there is a problem with my apple ID and password. I have quadruple checked and re-entered and it won't recognise it. What do I do? Dan.
Sounds like it is more an issue of connecting to the internet. Not just the WiFi Some people have reported that performing a power cycle on their Internet router solved this.
-
NTP Service on Domain Controller have problem with cisco switch
Hello!
I have Windows Server 2008 R2 SP1 Domain Controller with NTP services
The windows opertion system clients get NTP time ok.
There are problem with cisco switch, can't get time from NTP.
Can anybody help me to fix problem?
C:\Users\Sysuser>w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 1800 (Local)
MaxPosPhaseCorrection: 1800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NTP (Policy)
NtpServer: 10.7.0.4 (Policy)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
Cisco config and errors
CISCO1#show ntp ass det
10.7.0.7 configured, insane, invalid, stratum 3
ref ID 10.7.0.4, time D5BC850F.C8400AB2 (15:50:39.782 MSK Mon Aug 19 2013)
our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
root delay 62.50 msec, root disp 11128.04, reach 377, sync dist 11218.796
delay 6.06 msec, offset -467951.1096 msec, dispersion 56.49
precision 2**6, version 3
org time D5BC8864.F79C33A7 (16:04:52.967 MSK Mon Aug 19 2013)
rcv time D5BC8A38.EBDECB39 (16:12:40.921 MSK Mon Aug 19 2013)
xmt time D5BC8A38.EA5173BE (16:12:40.915 MSK Mon Aug 19 2013)
filtdelay = 6.06 5.87 3.23 7.90 6.41 5.17 13.03 3.43
filtoffset = -467951 -467905 -467936 -467885 -467764 -467816 -467707 -467697
filterror = 0.02 15.64 31.27 46.89 62.52 78.14 93.75 93.78Hi,
>>I gave log on as a service right to this account in Default Domain Controllers Policy but unfortunately it was not enough
Based on your description, we can try to grant this account Allow log on locally
user right in the default domain controller policy to see if it helps.
The policy setting is:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
Allow log on locally
http://technet.microsoft.com/en-us/library/cc756809(v=ws.10).aspx#feedback
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards,
Frank Shen -
Pls help me.i have a problem with WRT54G wireless router.
Dear all, Now i got face some problem with WRT54G wireless router.The problem is after i connect to the internet...the wireless will automatic drop..is that any ppl here got face this and got any solution to solve it...?thanks for sharing..
hi...logon to router's setup page and try changing channel to 11, go to advanced wireless settings, try changing transmission rate to 54Mbps, beacon interval to 50, fragmentation and RTS threshold to 2304, also try upgrading latest firmwar on the router...check whether it maks any difference or not and let me know.
-
Can I format the CF in a cisco 1800 router and then use it on the ASA 5520?
Can I format Compact Flash in a cisco 1800 router and then use it on the ASA 5520?
You don't have to format the card in the router. You can do that on your PC. Just format the CF-card as FAT32 and plug it into the ASA.
BUT: If you just want to "upgrade" the old card with a different one, then first attach the original card from the ASA to your PC and copy all files (including the hidden ones) to your PC and then copy them back to the new card. That way you also move your licenses to the new card which are stored in hidden files and your private data like keys. -
Had problem with my hotmail account and had to change my password. Ever since then, my default e-mail account set up to hotmail doesn't work...it sends from gmail. How can I correct that?
On your iPhone you need to change your password in 2 places:
- Incoming Mail Server and
- Outgoing Mail Server
To get to the password entry for the Outgoing Mail Server you have to tap on cell smtp.live.com and again on the second view. -
Window 8 WiFi problem with Cisco wireless network
Anyone encounter a Windows 8 WiFi authentication problem with Cisco wireless network?
We are using WLC 5508, 7.2.111, and AP 3602i with WPA2.
Sent from Cisco Technical Support iPad AppThis problem occurred with Soney, and Dell models. Lenovo with Windows 8 factory installed is working fine.
Won't make any difference as these laptop's wireless NIC cards are different.
Can you try with OPEN authentication. If the Sony and/or Dell laptop works, then you start cranking up the security and/or encryption settings until you break them.
I'm with Scott here: It's got to be a wireless NIC card driver.
As what George has stated, post the debug of the failed attempts. -
I downloaded a new version of firefox. It said it had problems with my norton toolbar and now it doesn't feature it in the window. I'm not that comp savvy. How do I either get the Norton toolbar up or go back to the old firefox? Thank you.
Please authorize ADE 3 with same credentials that you used with older version of ADE
-
After having yet another problem with my MacBook Pro and having to wipe the drive, I am now unable to sync my iPhones etc without erasing all the music on them. Is there a way around this? I have no other library!
iTunes is a mess! It couldn't find it's own libraries and I was forced to create a new one. Now I don't know where my music is or if any's missing.columbus new boy wrote:
How crap is that?
It's not crap at all.
It's not that simple. For example, I've 3500 songs on my MacBook but don't want them all on my phone, so I have to manually select each song again???
There has to be a solution.
Why not simply make a playlist with the songs you want on the iPhone?
and maintain a current backup of your computer.
Maybe you are looking for
-
[Mac] Could not complete your request because of a program error.
Hello, I've got the problem with opening the file. It was saved in Photoshop CS 6, everything was ok, but after opening the file in few seconds here the message "Could not complete your request because of a program error." What should I do?? It was m
-
Excise invoice number in FI report (FBL5N)
Hi all, I want excise invoice number while checking fi posting report in FBL5N. In standard report, billing document number is there but excise invoice number is not there. Can anyone tell me that how can i get excise invoice number in FBL5N. Thanks
-
How to upload pdf files to icloud using a pc
While using MobileMe and Idisk on my pc was extremely easy, turning to iCloud seems to be more cahotic. i.e. I cannot upload PDF file from my pc to iCloud. Any suggestion? Thanks
-
Css copy paste problem still a problem in Dreamweaver CS4
Hi all, I know this one has been discussed before, but this is still a major usability issues with the product with no practical solution available. For some reason no one seems to be able to mark http://forums.adobe.com/thread/209290?start=50&tstart
-
Create Query views in BI 7.0
My Dear Friends Can any body tell me how to create Query views in BI 7.0 and assign to Data provider its top urgent. Your help will be more appreciated Thx & regards