SSH from Cisco Router to another Cisco Router

I believe I already know what the issue is but wanted to confirm.
I recently changed the configuration of the routers so that all incoming SSH connections can only be done via the specified port:
ip ssh port xxxx rotary 10
created an ACL and everything works beautifully with Putty. When I try to SSH from a router to another router it sits there and the ACL permits the connection but nothing happens.
I use ssh -p xxxx NAME.
I assume this is because of the cert not being recognized by the connecting router?

Hi,
I'm afraid you misunderstood the purpose of ip ssh port:
To enable secure access to tty (asynchronous) lines, use the ip ssh port command in global configuration mode. To disable this functionality, use the no form of this command.
ip ssh port por-tnum rotary group
no ip ssh port por-tnum rotary group
The result of your command
ip ssh port xxxx rotary 10
is, that incoming ssh sessions destined to your secret port xxxx will be forwarded to a vacant async interface belonging to rotary group 10. That is: anything you type into your ssh client will be sent out as an asynchronous character to the async interface to which the ssh session is connected to. Now I assume that you dont have
What you might want to try is the command rotary which allows to put vty into a rotary group
line vty 2 4
rotary 10
login local
Rgds, MiKa
Message was edited by: m.kafka (added line vty rotary)

Similar Messages

It is possible ssh from a router to another, to its ipv6 link-local address?

Hi
R1 and R2 are connected by serial links, with IPV6 address global unicast and link-local every link.
I can do ping between them. When I do ping to link-local address next router, I need to specify outgoing interface, ping is succesful.
However I can not do SSH v2 from a router to another to its link-local address.
OS R1 and R2: c2900-universalk9-mz.SPA.151-1.M4.bin
R1
Serial0/3/0 [up/up]
FE80::1
2001:1200:CAFE:BEBA::1
R2
Serial0/3/0 [up/up]
FE80::2
2001:1200:CAFE:BEBA::2
Thank you

Hi Cesar,
you should be able to use "%source_itf" at the end of the target IPv6 LL address.
Example with telnet :
R1#ping FE80::302
Output Interface: Ethernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::302, timeout is 2 seconds:
Packet sent with a source address of FE80::301%Ethernet0/0
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms
R1#telnet FE80::302%Ethernet0/0
Trying FE80::302 ... Open
Password required, but none set
[Connection to FE80::302%Ethernet0/0 closed by foreign host]
R1#

SSH from a router

Can we initiate an SSH session from a cisco router or a switch to another device?
thanks in advance
Narayan

Hi,
routerA#ssh ?
-c Select encryption algorithm
-l Log in using this user name
-m Select HMAC algorithm
-o Specify options
-p Connect to this port
-v Specify SSH Protocol Version
WORD IP address or hostname of a remote system
routerA#ssh -v 1 -l admin routerB
Password:
routerB>exit
[Connection to routerB closed by foreign host]
routerA#
HTH
Andrea

Not able to ssh from one EC2 instance to another

I was trying to work with Oracle AMIs on Amazon cloud (EC2 instances).
1) Created 2 EC2 instances of an Oracle database AMI ( based on Oracle Enterprise Linux (OEL) 5)
2) I have opened ports in my security group associated with these EC2 instances.
i) TCP 22 (SSH) - 0.0.0.0/0 ( Everybody)
ii) ICMP ALL - 10.0.0.0/8 ( To enable ping functionality)
So i am able to ping successfully from one EC2 to another with the public DNS, but ssh hangs
a) Login to EC2 instance #1 from my desktop - SUCCESS
b) ssh public_ip_of_instance_2 22 (HANGS).....
c) Login to EC2 instance #2 from my desktop - SUCCESS
d) ssh public_ip_of_instance_1 22 (HANGS).....
Any ideas ? I worked with a default UBUNTU ec2 instance in amazon (public AMIs) and i did not face any problem doing an ssh from one EC2 to another.
Is there something inside OEL (Oracle Enterprise Linux) that locks down ssh on port 22 from one instance to another ?
Any ideas ?

Hi All,
I could solve it myself. Thanks for the time.
The problem was I tried to navigate directly from the component ''BT125H_TASK' to the component 'CRMCMP_CMG', as I could not find any parent for BT125H_TASK earlier.
Now I could find its parent component which is 'BT110M_ACT'.
The outbound plug created in the task component has to be added to the component usage of 'BT110M_ACT' and the delegation should be done. The other things are the same. It works fine.
Regards
Vidhya

I cannot route to remote subnets from cisco vpn client and pptp client

Hi guys,
I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
following the addresses taken from the router.
- encrypted vpn client -
ip address. 192.168.10.20
netmask 255.255.255.0
Default Gateway. none (blank)
- pptp vpn client -
ip address. 192.168.10.21
netmask. 255.255.255.255
Default Gateway. 192.168.10.21
Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
There is anyone can help me..?
Thank you very much.
Many Kisses and Kindly Regards..
Ilaria

The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
Here's the format of the command:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

What I would like from Cisco is the meaning of all level 3 or lower email messages my Router can send to me. So, that I can take the appropriate actions.

v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
My Small Business Router has been sending me email messages. This is a RVS-4000 version 1.
I just want to understand what my Router is emailing me or telling me...
The last message I received from my RVS-4000 was:
Oct 30 13:44:09 - IPSEC EVENT: KLIPS device ipsec0 shut down.
IPSEC EVENT sounds important. Whatever it is... And what is a KLIPS device ipsec0 shutdown????
I have Log Levels 0-3 selected...
Log Level
Setting which level log Router should recorder. Level from 0 ~ 7 means:
0: LOG_EMERG(system is unusable)
1: LOG_ALERT(action must be taken immediately)
2: LOG_CRIT(critical conditions)
3: LOG_ERR(error conditions)
4: LOG_WARNING(warning conditions)
5: LOG_NOTICE(normal, but significant, condition)
6: LOG_INFO(informational message)
7: LOG_DEBUG(debug-level message)
So, when I get any messages... I'm a little concerned. Because the RVS-4000 thinks it's an Error or better.
What I would like from Cisco is the meaning of all level 3 or lower email messages my Router can send to me. So, that I can take the appropriate actions.
I know Cisco inhered these Small Business Routers. When they bought Linksys. However, they have not discontinued them totally and they are still for sale. And Cisco has released a new version 2 of the same Router. So I believe Cisco should support them as well.
Yes, I'm a pain to Cisco. However, I think you understand I'm being scared by my Routers messages to me... And would like some relief.
Bruce

Great suggestions. Problems is this is not the forum for your "wish list" as Apple does not read these USER forums.
Send your feedback to http://www.apple.com/feedback/iphone.html

L2tpv3 dialing from cisco router

I have requirement where customer wants ip dialing to LNS from cisco router with the help of l2tpv3.
Could anyone tell me how to configure this.
regards
shivlu jain

Hello Shivlu,
in one of our routers the backup link is configured in this way
pseudowire-class netvision-l2tp
encapsulation l2tpv2
interface Virtual-PPP1
description NETVISION DIALER
ip address negotiated
ip nat outside
ip virtual-reassembly
no cdp enable
ppp pap sent-username password 0 41003827
pseudowire x.x.x.x 2 pw-class netvision-l2tp
crypto map VPN_MAP
where x.x.x.x is a public ip address
ip route x.x.x.x 255.255.255.255 g0/1
completes this solution where this g0/1
sh run int gi0/1
Building configuration...
Current configuration : 157 bytes
interface GigabitEthernet0/1
description CONNECTION TO CABLE MODEM
ip address dhcp
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
end
and it receives a private ip address from DHCP on a cable modem access network.
but it uses l2tpv2 not L2tpv3 and I've always seen l2tpv2 in this context.
Hope to help
Giuseppe

Best Setup? Daisy Chain WPN824N from Cisco e2000 N Router or use Netgear 600

*NOTE* Two things I'm thinking about as I write this... 802.11 N @ 5 GHZ (2 different approaches) not faster than G @ 2.4 and could I lose strength chaining a G and N router vs. one dual band router... Also, I think I'm answering my own question as I write this... :rolleyes:)
I appreciate any advice!!! I originally setup the WPN824N dedicated to G @ 2.4 GHZ chained from Cisco E2000 dedicated to N @ 5 GHZ. (So $150 already here).
I picked up a Netgear 600 on a whim 2 days ago ($85 and could return). Of course BB told me I'd get a stronger signal and better streaming from this to all devices (most important to me is Apple TV and IPad, but I only use it for free Netflix 99% of the time and I don't believe you get many Hi-Def options). Thinking about it, can the 600 actually operate a full speed N network while supplying G? Does it drop to lowest speed like some? Again, BB told me it would send N speed and G speed simultaneously... Odd for $85???
Here's what I'm running...
1) Hardwired PC as a backup and Media Server (Itunes & DVD Burner)
2) Two T61 Lenovo Laptops (Win 7) - 802.11 G - General Use
3) Ipad - Sometimes Netflix, Pandora, etc. - 802.11 N 5GHZ (Near full strength signal but short distances - normal with 5 GHZ)
4) Apple TV - 802.11 N - Full Signal Strength (80% streaming - 50' through cabinet and one wall; 20% hardwired)
5) Ipod Touch 4 - Pandora, Web Surfing, Apps
6) Iphone 4 - Pandora, Web, Apps
Speed tests appear to be staying steady between the two different router setups; the Ipad, Iphone and Ipod with 11 - 12 Mbps and the laptops with 20 Mbps coming from a Comcast 20 Mbps line. I tried the upgrade to the 30 Mbps line and experienced no improvement.
Specifically, with only a 20 Mbps line should I expect to lose speed and/or signal strength in a chained setup vs the one dual band router?
If so, is it odd the dual band router isn't faster than chained with current settings. Maybe the 600 needs tweeked?
I don't mind keeping the 600 if it could truly make a difference but after a day and a half, I don't believe I'm seeing a difference. There could be a number of other factors that I'm missing, so that is the real meat of the question. Aside from simplicity, are there other things I should consider before going back to the chained setup?
Surprisingly, the cheap 824N maintains a strong, consistent signal and speed. However, I'm not seeing any improvement in speed from the dedicated Cisco Router for N @ 5 GHZ like I had expected. I thought N capable devices would really benefit from removing so much interference. I'm in a Condo and the devices consistently see the same 6 or so networks. Net Stumbler shows about 16 networks, almost all 2.4 GHZ G networks.
My thinking was the Netgear 600 could possibly produce a strong, faster signal to both G and N devices. It seems odd to me that the laptops max out the 20 Mbps download but neither setup pushes the Apple devices past an average of 12 Mbps, especially the Ipad.
Please share your thoughts on this. I'm getting OCD over this and I'm tired of deciphering and trying to tie together information "close" to my questions but none of them specific to what I'm looking for.
Thank you!!!!!
Brad

*NOTE* Two things I'm thinking about as I write this... 802.11 N @ 5 GHZ (2 different approaches) not faster than G @ 2.4 and could I lose strength chaining a G and N router vs. one dual band router... Also, I think I'm answering my own question as I write this... :rolleyes:)
I appreciate any advice!!! I originally setup the WPN824N dedicated to G @ 2.4 GHZ chained from Cisco E2000 dedicated to N @ 5 GHZ. (So $150 already here).
I picked up a Netgear 600 on a whim 2 days ago ($85 and could return). Of course BB told me I'd get a stronger signal and better streaming from this to all devices (most important to me is Apple TV and IPad, but I only use it for free Netflix 99% of the time and I don't believe you get many Hi-Def options). Thinking about it, can the 600 actually operate a full speed N network while supplying G? Does it drop to lowest speed like some? Again, BB told me it would send N speed and G speed simultaneously... Odd for $85???
Here's what I'm running...
1) Hardwired PC as a backup and Media Server (Itunes & DVD Burner)
2) Two T61 Lenovo Laptops (Win 7) - 802.11 G - General Use
3) Ipad - Sometimes Netflix, Pandora, etc. - 802.11 N 5GHZ (Near full strength signal but short distances - normal with 5 GHZ)
4) Apple TV - 802.11 N - Full Signal Strength (80% streaming - 50' through cabinet and one wall; 20% hardwired)
5) Ipod Touch 4 - Pandora, Web Surfing, Apps
6) Iphone 4 - Pandora, Web, Apps
Speed tests appear to be staying steady between the two different router setups; the Ipad, Iphone and Ipod with 11 - 12 Mbps and the laptops with 20 Mbps coming from a Comcast 20 Mbps line. I tried the upgrade to the 30 Mbps line and experienced no improvement.
Specifically, with only a 20 Mbps line should I expect to lose speed and/or signal strength in a chained setup vs the one dual band router?
If so, is it odd the dual band router isn't faster than chained with current settings. Maybe the 600 needs tweeked?
I don't mind keeping the 600 if it could truly make a difference but after a day and a half, I don't believe I'm seeing a difference. There could be a number of other factors that I'm missing, so that is the real meat of the question. Aside from simplicity, are there other things I should consider before going back to the chained setup?
Surprisingly, the cheap 824N maintains a strong, consistent signal and speed. However, I'm not seeing any improvement in speed from the dedicated Cisco Router for N @ 5 GHZ like I had expected. I thought N capable devices would really benefit from removing so much interference. I'm in a Condo and the devices consistently see the same 6 or so networks. Net Stumbler shows about 16 networks, almost all 2.4 GHZ G networks.
My thinking was the Netgear 600 could possibly produce a strong, faster signal to both G and N devices. It seems odd to me that the laptops max out the 20 Mbps download but neither setup pushes the Apple devices past an average of 12 Mbps, especially the Ipad.
Please share your thoughts on this. I'm getting OCD over this and I'm tired of deciphering and trying to tie together information "close" to my questions but none of them specific to what I'm looking for.
Thank you!!!!!
Brad

I have a Cisco/Linksys WRT-54G wireless router and 2 Airport Extremes (the small ones that plug directly into the wall). Is it possible to extend the network from the router using these two AEs? I have a DVD player and Ext HD plugged into the router too..

I have a Cisco/Linksys WRT-54G wireless router and 2 Airport Extremes (the small ones that plug directly into the wall). Is it possible to extend the network from the router using these two AEs? I have a DVD player and Ext HD plugged into the router too. Any ideas? I'm guessing the only way is to do what I've seen in these community pages which states that it can be done but it will drop the bandwidth by 50%. Thoughts?? Thanks!

The Cisco/Linksys WRT-54G was one of the very few routers said to be compatible with Apple's implementation of WDS (Wireless Distribution System) settings.
The info that I have on file indicates that only the WRT-54G versions 4 and under were compatible, so that would be one bridge to cross.
Even if you find that your Cisco/Linksys might be the right version, Apple never published instructions on how to configure the Express devices with other manufactures, so users were left to their own devices to try to figure out how to get things working. Apple's instructions to connect to other Apple devices are in the link below:
WDS network
If you were hoping to use 2 Express devices in this type of configuration...even if it works...the bandwidth penalties will be extremely severe.
The first Express drops the bandwidth (and speed) on the entire network in half and the second halves everything again. So, the result, in effect would be a "g" wireless network running at 25% speed. Few users would consider installing this type of network.
At this point, it becomes one of those things where the fact that you might be able to do something does not mean that there would be much value in doing so. But, it is your decision to decide if you want to try to proceed.

Not able to ssh out from a router

Hi All:
I notices i can't not ssh out to another device from my router.
SSH in from my client (putty) works fine.
and not access-list attached to vty with out direction.
transport output all
I found this problem happened on my ASR1002 with "asr1000rp1-adventerprisek9.03.03.01.S.151-2.S1.bin" and my 2921 router with "c2900-universalk9-mz.SPA.151-4.M2.bin", but it works fine on 7200 with "c7200-advipservicesk9-mz.151-4.M.bin". and my old router 28/18 with 12.4 ios work fine as well.
The symptom is:
BMP-2921-R01#ssh -l jason 1.1.1.1
% Connections to that host not permitted from this terminal
any idea? please help me out
thanks

Hi:
Configuration:
ip domain name xxx.com.sg
ip ssh time-out 30
ip ssh authentication-retries 2
access-list 10 remark "SSH Access Restriction"
access-list 10 permit 123.49.101.6
access-list 10 permit 10.168.2.213
access-list 10 permit 10.168.4.219
access-list 10 permit 10.168.4.217
line vty 0 4
session-timeout 15
access-class 10 in
exec-timeout 5 0
privilege level 15
logging synchronous
transport input telnet ssh
transport output all
line vty 5 15
no exec
transport input none

What's wrong? Verify and compare Cisco 2901 config after loading old config from Cisco 2801

Hi Cisco Community / Friends,
I am new to this site though I have cisco account for many years. I am a CCNA ,I passed my certification on January 2013 I seldom use and utilized my skills on networking becuase of my type of work. I am Project Eng'r working in a System integrator company . Anyway, I would like to ask assistance on the configurations of my Cisco router for this gov't projects.. Here's the situation.
We have a new project for the VSAT Comm'n of Coast Watch Station , The VSAT was installed 7 years ago. The VSAT was only used for a year by this Gov't agency because of subscription issue. Now, they wants to revive and use their VSAT facilities for the Coast watch monitoring. Now, some of this routers are working up to now and for some site are already defective so I need to replace the old 2801 router with a new equivalent model which is Cisco 2901. My plan was just to load the old config into the new Cisco 2901 router. However, after loading it to the new router, I am a little worried because I've got some errors received. I load the old config by copying the old files, edit it in notepad, and load the config using Secure CRT (terminal emulator). When I copy the old config of cisco 2801 to new router cisco 2901 , below are the command not recognized on Cisco 2901. What's wrong ? What are these commands for?
Appreciate your comments and help on this matter.. Thank You very much
Note: I Attached the original config from Cisco 2801 and the other file is the config after I load the config file to Cisco 2901.
(Errors see below)
CWS_4_Pandami(config-erm)#mmi polling-interval 60
                         ^
% Invalid input detected at '^' marker.
CWS_4_Pandami(config-erm)#no mmi auto-configure
                               ^
% Invalid input detected at '^' marker.
CWS_4_Pandami(config-erm)#no mmi pvc
                               ^
% Invalid input detected at '^' marker.
CWS_4_Pandami(config-erm)#mmi snmp-timeout 180
                                                        ^
% Invalid input detected at '^' marker.
CWS_4_Pandami(config-if)#interface GigabitEthernet0/1
CWS_4_Pandami(config-if)# description ===CWS4 SAT Modem===
CWS_4_Pandami(config-if)# bandwidth 256
CWS_4_Pandami(config-if)# ip address 192.168.42.1 255.255.255.0
CWS_4_Pandami(config-if)# duplex auto
CWS_4_Pandami(config-if)# speed auto
CWS_4_Pandami(config-if)# priority-group 1
                                                    ^
% Invalid input detected at '^' marker.
CWS_4_Pandami(config)#access-list 100 permit ip any any dscp cs5
CWS_4_Pandami(config)#priority-list 1 protocol ip high list 100
                          ^
% Invalid input detected at '^' marker.

Hi
From Cisco's website:
The Modem Management Interface (MMI) is software that enables auto-provisioning for the Cisco 827 routers. The MMI uses a fixed PVC to communicate with the Proxy Element (PE) residing on the digital subscriber line access multiplexer (DSLAM). Using MMI, the Cisco 827 router updates the running image and downloads the prescribed configuration using a configuration file or configuration values in a provisioning information database.
The customer premise equipment (CPE) can be automatically configured using the Cisco DSL CPE download, but it can be configured only with the image provisioning feature.
So because this is your device, you don't want to use MMI anyways.
And "priority-list" is QoS. Probably that QoS-command is old and removed, because now QoS is configured using class-maps and policy-maps.

Encapsulation dot1q command missing from C2600 Router

According to what I've read the encapsualtion dot1q command was implemented in version 12.0 I have 12.2 but when I create a sub interface the encapsualtion command is not availabloe
What am i missing !!!
Here is the show version info from my router
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 21-Jun-02 08:50 by ccai
Image text-base: 0x80008074, data-base: 0x80A2BD40
ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
Health_Clinic uptime is 35 minutes
System returned to ROM by reload at 11:44:42 pacific Thu Aug 11 2005
System restarted at 11:45:48 pacific Thu Aug 11 2005
System image file is "flash:c2600-i-mz.122-8.T5.bin"
cisco 2621XM (MPC860P) processor (revision 0x100) with 27648K/5120K bytes of memory.
Processor board ID JAD07110MDR (2342712827)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102

You need smartnet coverage on the router to get access to CCO to download the software that you are looking for. YOu will need to associate the smartnet contract number with a login name (CCO login) that you can sign up at
http://tools.cisco.com/RPF/register/register.do

Verifying data coming from Cisco Unified CCX Historical Reports

Good afternoon
I (along with a number of other colleagues) are heavily involved in a project to take data from a wide variety of different sources and merge it all into one system so that we can report on it in a joined-up manner.
The project comprises a number of different types of data source (such as Telephony or CRM). Within each data source type, we have various suppliers of those products. In the case of telephony data (which I'm looking into at the moment), the eventual aim is to make it possible to take data from any of the telephony platforms in use across our business (currently AVAYA, Alcatel and Cisco) and report on it in a uniform way, thus negating the need for an end-user to know what the Cisco definition of AHT is (for example).
The switch I'm currently looking at is a managed switch, meaning that we don't have any sort of direct access to the back-end database(s). We could probably get it, but I suspect that the company that manages it for us would probably charge a small fortune for that. In view of this, I'm working with a number of the standard reports in the Cisco Unified CCX system. My plan (at the moment anyway) is to identify the reports that we can use that will best provide details of all calls into and out of our contact centres. I'd be looking to get the exact details of each individual call, which could then be rolled up into manageable intervals (such as 15-minute or 30-minute).
Before I go much further, I'd like to be clear on something: I'm a database developer rather than a telecoms engineer so if I ask something that appears to be obvious then I apologise in advance. I've got quite a bit of experience of working with the CTI system that sits on top of our AVAYA platform, but it's proving to be a bit of a wrench effectively "un-learning" that system so that I can make room in my head for the Cisco solution.
So, what I've learned (or have guessed) so far is this:
When I run the Application Performance Analysis report, the Application Names that are returned are effectively the Call Routes that are set up in the system. Each Call Route can be fed by one or more Called Number (which I understand to essentially be a DDI);
The Application Summary Analysis report shows the same Application Name information as is shown in the Application Performance Report. However this report also shows the Called Number, thus providing slightly more information about the individual DDI being answered;
My next plan is to try and run an Agent-level report so that I can see exactly which calls each agent handled. This is where I've run into problems: I ran the CSQ - Agent Summary report for the whole of 17th October. I then ran the Agent Detail report for the same period, and ran it out to CSV so that I could "play" with the data. The CSQ - Agent Summary Report shows that a particular agent on a particular CSQ Name (ID) handled a total of 29 calls. However, if I filter the Agent Detail report for that agent and CSQ, I get a total of 30 calls and for the life of me am unable to identify where the missing call is coming from. Initially I'd thought it might be bacause the CSQ in question has two separate DDIs but as far as I can see, this is making no difference.
I NEED to be 100% sure that when I'm importing the data from the Cisco reports into our system, I am then able to mimic the types of reports that are coming from Cisco, with the same figures. Therefore, if anyone can help me, I'll be extremely grateful.
TIA
Ian Henderson

The "Cisco Unified CCX Historical Reports Scheduler" sits in my startup folder but seems like it doesn't "run" at startup. So I ran a "test":
- Manually right-clicked the "Cisco Unified CCX Historical Reports Scheduler" icon in the startup folder and chose "Run as Administrator"
I didn't log off or reboot PC and the reports are running again. I checked the "properties" of the icon and I did make sure it was already set to "Run this program as an Administrator" under the "Compatibility" tab.
Not sure why it's not working...
Thank you for any help you can provide....

Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
   keyring ISR_Keyring
   self-identity user-fqdn [email protected]
   match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overload

How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post.

Aironet 1600 - A response was not received from the router or access point

Hi,
I'm trying to set up a wireless network with multiple SSID's. The new network only has CISCO products (router, switches). For the moment I'm trying to connect to 1 SSID (Windekind.Gast). the SSID is visible but when connecting devices have te folowing error message in the log:
Connection status summary
Connection started at: 2015-02-17 09:55:49-951
Profile match: Success
Pre-Association: Success
Association: Fail
Security and Authentication: Not started
Root cause:
Wireless association to "Windekind.Gast" failed
A response was not received from the router or access point.
Detailed root cause:
Wireless association to this network failed. Windows did not receive any response from the wireless router or accesspoint.
The signal is perfect (I'm only a few feet away from the AP).
To make sure there is no dhcp problem I tested the swich port in access mode for vlan 30 which supplied an IP correctly. I'm really not seeing the problem and searched the web for days now! Any help would be very much appreciated!
Below the config of the access point (done via de web interface).
! Last configuration change at 05:30:28 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
vlan 50
band-select
authentication open
mobility network-id 50
dot11 ssid Windekind.Gast
vlan 30
band-select
authentication open
authentication key-management wpa version 2
mbssid guest-mode
mobility network-id 30
wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
vlan 40
band-select
mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2452
no preamble-short
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end

Hi Rasika
thanks for the reply! 10.0.0.81 belongs to vlan 1. I changed the config as suggested but no luck.. (same problems are logged in the event viewer). the ap is connected to a switchport in trunk mode and vlan 1 is the native lan (untagged). the port also is joined to vlan 30 (and others).
Below the new config. Hope you can see an error..
! Last configuration change at 22:56:10 UTC Thu Apr 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Default vlan 1
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
   vlan 50
   band-select
   authentication open
   mobility network-id 50
dot11 ssid Windekind.Gast
   vlan 30
   band-select
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   mobility network-id 30
   wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
   vlan 40
   band-select
   mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
no preamble-short
channel 2452
station-role root
payload-encapsulation dot1h
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end
t

SSH from Cisco Router to another Cisco Router

Similar Messages

Maybe you are looking for