Viewing MAX-reseved-bandwidth on Cisco 7600 router

Similar Messages

• What is the max. bandwith limitation on cisco 2621XM router

  Hi all,
  I am new to this forum. The need to learn more about cisco has driven me to this forum. The topics are very helpful.
  As per the datasheet provided on Cisco site, 2621XM supports
  NM- 1
  AIM- 1
  WIC - 2
  FE - 2
  Performace - 30 kpps.
  I would like to know the maximum bandwidth it can take.
  regds,
  Mahesh

  Mahesh,
  there is no way to go from PPS to bandwidth withouth further hypotesys. The reason way I am saying so is because packet size varies and even switching methods varies so the router might be faster tha expected. I suppose that those 30 KPPS are process switched (which means the router CPU is interrupted to look up the routing table, make a routing decision and queue the packet).
  So enabling things like CEF (cisco express forwarding) only the first packet generates an interrupt the rest of the flow will not.
  I suggest a basic reading on the subject here:
  http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1831/products_tech_note09186a00800a7306.shtml
  Cheers
  Fabio

• How to view Log on the cisco 2821 Router

  Hi,
  can any one help me  to view the Log on the Cisco 2821 router for any  issue occur.
  Thanks,
  Saroj

  Cisco devices use the syslog to manage system logs and alerts. But in Cisco devices there is lack of large internal storage space for storing these kinds of logs.So to overcome Cisco devices has the following two options:
  1) internanal buffer — That is a small part of memory buffers to collect log the most recent messages. The buffer size is limited and , when the device reboots, these syslog messages are lost.by default it is on
  (If not follow this steps
  conf t
  logging on
  logging console.....console logs
  logging buffer  size ......set the size of buffer
  terminal monitor.......to gets logs on the remote terminal like telnet,ssh etc.
  sh logging.........to see buffer logs.)
  2) Syslog server—  By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.
  If you have any syslog server please find the below simple config .
  conf t
  logging host x.x.x.x
  logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)
  before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time
  command to set time manually on router is (set clock ) or to use ntp server use ntp server x.x.x.x to sync clock to router router.
  Hop thant is informative ,
  Regards,
  Ashish

• Cisco 7600 Series (7603) Router Information

  Hello,
  Does anyone have a link or reference to a good description of the Cisco 7600 boot process and various memory heirarchy functions? I'm looking for information on what should be in NVRAM, FLASH, SUP-BOOTFLASH etc. Thank you.

  You can find all the 7600 series router info here.
  http://www.cisco.com/en/US/products/hw/routers/ps368/products_data_sheet0900aecd801c5cab.html
  http://www.cisco.com/en/US/products/hw/routers/ps368/prod_literature.html
  HTH,
  Sundar

• CISCO E1200 ROUTER REDUCED BANDWIDTH THRUPUT

  I am experiencing signifcant bandwidth reduction at a range of about 30 feet from the router. I have a Cisco E1200 router. I have xfinity 30mps speeds. On a wired connection I got close to my 30mps speeds. On a wireless I receive about 25mps while I am within 5 feet of the router. As I run speed tests every five feet I am seeing a significant drop in speeds. At 30 feet I am lucky to get 3mps. The router broadcasts through two metal stud walls between the router and the 30 feet away.
  I have upgraded firmware, reset the router, disabled the QoS (WWM) option. The router is configured for WPA2 personal and is using Wi-Fi Protected Setup by defaults. At the time of testing only three devices were connected and only one was actively being utilized.
  Any help would be appreciated.
  Neil

  That sounds normal. When you disabled WMM, you essentially turned it in in to a wireless G router. 25 Mbps is about all you're going to get with that 54 Mbps link speed. That's normal.
  Consider purchasing a refurb EA4500 for $65. You'll get better range and throughput. (But if you disable WMM, you'll be back in the same sinking boat).

• Cisco view for Cisco 7201 router

  Hi ,
  We have LMS 3.0.1 and we are not able to get cisco view for Cisco 7201 router.
  Any help would be appricated.
  thanks,
  Samir

  Make sure you have version 22.0 of the Rtr7000 CiscoView package loaded.  You can update your CiscoView packages under Common Services > Software Center > Device Update.

• Max-reserved-bandwidth 100% for the interface

  According to CCO as following text, the remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic. I want to know why cisco choose 25 percent. why not 30% or 20%?
  If I config the max-reserved-bandwidth 100% for the interface, does it will effect the routing protocol? also effect the network conectivity?
  thanks for your answer
  =======
  Usage Guidelines for max-reserved-bandwidth
  The sum of all bandwidth allocation on an interface should not exceed 75 percent of the available bandwidth on an interface. The remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic.
  If you need to allocate more than 75 percent for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP RTP Priority, and Frame Relay PIPQ, you can use the max-reserved-bandwidth command. The percent argument specifies the maximum percentage of the total interface bandwidth that can be used.
  If you do use the max-reserved-bandwidth command, make sure that not too much bandwidth is taken away from best-effort and control traffic.
  The max-reserved-bandwidth command is intended for use on main interfaces only; it has no effect on virtual circuits (VCs) or ATM permanent virtual circuits (PVCs).

  Kevin,
  this is the wrong group for this question.
  Gilles.

• I am loosing configuration when I power off my Cisco 857 router

  I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
  Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
  I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
  It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
  I tried it again and it again lost settings. So I found following instruction:
  http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
  I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
  0x2102 not 0x2142 like they think that is password reset mode.
  Here is my output from Hyper Terminal:
  =============================
  Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool   import all   network 10.10.10.0 255.255.255.248   default-router 10.10.10.1   lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config  hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38  encapsulation aal5mux ppp dialer  dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for  one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar  1 01:19:27.786: %SYS-5-RELOAD: Reload requested  by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK]              Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.           cisco Systems, Inc.           170 West Tasman Drive           San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected               ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar  1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized*Mar  1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled*Mar  1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar  1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar  1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar  1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar  1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar  1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar  1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar  1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar  1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar  1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar  1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar  1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar  1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar  1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar  1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar  1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar  1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar  1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
  Please help me as I am stuck and can't go any further....

  Hi David White,
  Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
     write memory
  to save the configuration.  You can then verify that your changes have been saved to the startup config by issuing:
     show startup-config"
  The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
  Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
  Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
  Phillip
  write memory
  is
  copy running-config startup-config"
  Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
  I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
  I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
  Could you please write me step by step guide how can I make changed options stay permanently on router?
  thank you
  Dragan

• Configuration Issue with my Cisco 871 Router

  Hi all,
  I am a newbie to the Cisco IOS.
  I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
  With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
  Below is my current config:
  Hoggers#show config
  Using 4414 out of 131072 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Hoggers
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 **********************.
  no aaa new-model
  crypto pki trustpoint TP-self-signed-568493463
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-568493463
  revocation-check none
  rsakeypair TP-self-signed-568493463
  crypto pki certificate chain TP-self-signed-568493463
  certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
  dot11 syslog
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1
  ip dhcp excluded-address 192.168.1.2
  ip dhcp excluded-address 192.168.1.3
  ip dhcp excluded-address 192.168.1.4
  ip dhcp excluded-address 192.168.1.5
  ip dhcp excluded-address 192.168.1.6
  ip dhcp excluded-address 192.168.1.7
  ip dhcp excluded-address 192.168.1.8
  ip dhcp excluded-address 192.168.1.9
  ip dhcp excluded-address 192.168.1.10
  ip dhcp excluded-address 192.168.1.100
  ip dhcp excluded-address 192.168.1.90
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     lease 0 2
  ip dhcp pool LANPOOL
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 41.212.3.2 41.212.3.253
  ip domain name yourdomain.com
  ip name-server 41.212.3.2
  ip name-server 41.212.3.253
  archive
  log config
    hidekeys
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description Wan to Outside World
  ip address 41.212.79.108 255.255.255.0
  duplex auto
  speed auto
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.1.1 255.255.255.0
  ip tcp adjust-mss 1452
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 41.212.79.1
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
  access-list 23 permit 10.10.10.0 0.0.0.7
  no cdp run
  control-plane
  scheduler max-task-time 5000
  end
  I'll appreciate any light you can shed on what am missing.

  2 wireless routers can not communicate wirelessly with each other.
  You need to connect cable between 2 routers and use the second wireless router as access point.
  Follow this link to connect Linksys router to another router.
  Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address.

• Problem with Cisco 861W router and outgoing VPN

  We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
  Here is the Access Point Configuration:
  Current configuration : 2100 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname obap
  enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
  no aaa new-model
  dot11 syslog
  dot11 ssid OLIVER
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 0 XXXXXXXXXXX
  username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm tkip
  ssid OLIVER
  antenna gain 0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecti
  ng AP with the host router
  no ip address
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 192.168.0.2 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  banner login ^CC
  % Password change notice.
  Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
  It is strongly suggested that you create a new username with privilege level
  15 using the following command for console security.
  username <myuser> privilege 15 secret 0 <mypassword>
  no username cisco
  Replace <myuser> and <mypassword> with the username and password you want to
  use. After you change your username/password you can turn off this message
  by configuring  "no banner login" and "no banner exec" in privileged mode.
  ^C
  line con 0
  privilege level 15
  login local
  no activation-character
  line vty 0 4
  login local
  cns dhcp
  end
  obap#
  Here is the Router's Configuration:
  Current configuration : 5908 bytes
  ! No configuration change since last restart
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname obrouter
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
  no aaa new-model
  memory-size iomem 10
  clock timezone PCTime -5
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-1856757619
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1856757619
  revocation-check none
  rsakeypair TP-self-signed-1856757619
  crypto pki certificate chain TP-self-signed-1856757619
  certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
    34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
    35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
    7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
    071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
    B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
    F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
    551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
    0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
    1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
    06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
    DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
    F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
    B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
    505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
          quit
  no ip source-route
  ip dhcp excluded-address 192.168.0.1 192.168.0.99
  ip dhcp pool ccp-pool1
     import all
     network 192.168.0.0 255.255.255.0
     dns-server 216.49.160.10 216.49.160.66
     default-router 192.168.0.1
  ip cef
  no ip bootp server
  ip domain name brushhog.com
  ip name-server 216.49.160.10
  ip name-server 216.49.160.66
  license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
  username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description $ES_WAN$$FW_OUTSIDE$
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  pppoe-client dial-pool-number 1
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
  ip address 192.168.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1412
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1452
  ip flow ingress
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname XXXXXXXXXXXXX
  ppp chap password 7 XXXXXXXXXXXXXXXX
  ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
  no cdp enable
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.0.0 0.0.0.255
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  banner exec ^C
  % Password expiration warning.
  Cisco Configuration Professional (Cisco CP) is installed on this device
  and it provides the default username "cisco" for  one-time use. If you have
  already used the username "cisco" to login to the router and your IOS image
  supports the "one-time" user option, then this username has already expired.
  You will not be able to login to the router with this username after you exit
  this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you
  want to use.
  ^C
  banner login ^CAuthorized access only!
  Disconnect IMMEDIATELY if you are not an authorized user!^C
  line con 0
  login local
  no modem enable
  transport output telnet
  line aux 0
  login local
  transport output telnet
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0 4
  privilege level 15
  login local
  transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end
  Any help would be appreciated

  Hello,
  i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
  Can someone help?
  Thank you.
  Here is my config for internal AP and router.

• Available bandwindth and 'max-reserved bandwidth'

  Is the max-reserved bandwidth only important when working with Qos classes and the bandwidth statement? Is the default 75% available bandwidth only used then?
  In other words if I have a 100MB link with a service policy applied for Voice, Call-Control and video. After that I notice the available bandwidth on thie 100MB link is 61280 kilobits/sec.
  If I put in a 'max-reserved bandwidth 95' would I reclaim another 20MB of bandwidth for the class-default? Would leaving 5% on the 100MB link for routing and other stuff be acceptable?
  Here is the config and show commands:
  class-map match-any Call-Control
  match ip dscp cs3
  match ip dscp af31
  class-map match-any Video
  match ip dscp af41
  class-map match-any Voice
  match ip dscp ef
  policy-map QOS_classes_to_ACN
  class Voice
  priority 10000
  class Call-Control
  bandwidth 500
  class Video
  bandwidth 3220
  class class-default
  fair-queue
  random-detect
  interface FastEthernet6/0
  description 100MB Link to ACN
  ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
  ip route-cache flow
  no ip mroute-cache
  load-interval 30
  duplex full
  speed 100
  service-policy output QOS_classes_to_ACN
  ROC-RT7206-QMOE#sh int f6/0
  FastEthernet6/0 is up, line protocol is up
  Hardware is i82543 (Livengood), address is 00b0.4a28.3ca8 (bia 00b0.4a28.3ca8)
  Description: 100MB Link to ACN
  Internet address is xxx.xxx.xxx.xxx/xx
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
  reliability 255/255, txload 183/255, rxload 21/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output 00:00:00, output hang never
  Last clearing of "show interface" counters 01:13:30
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 5211742
  Queueing strategy: Class-based queueing
  Output queue: 70/1000/64/5211742 (size/max total/threshold/drops)
  Conversations 2/35/256 (active/max active/max total)
  Reserved Conversations 2/2 (allocated/max allocated)
  Available Bandwidth 61280 kilobits/sec <--- Available bandwidth
  30 second input rate 8615000 bits/sec, 6860 packets/sec
  30 second output rate 71788000 bits/sec, 7484 packets/sec
  31692173 packets input, 4263195179 bytes
  Received 1204 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog
  0 input packets with dribble condition detected
  34536300 packets output, 2513155446 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out

  Here is the output of show policy-pam int:
  ROC-RT7206-QMOE#sh policy-map int f6/0
  FastEthernet6/0
  Service-policy output: QOS_classes_to_ACN
  Class-map: Voice (match-any)
  3417571 packets, 934178998 bytes
  30 second offered rate 1722000 bps, drop rate 0 bps
  Match: ip dscp ef (46)
  3417571 packets, 934178998 bytes
  30 second rate 1722000 bps
  Queueing
  Strict Priority
  Output Queue: Conversation 264
  Bandwidth 10000 (kbps) Burst 250000 (Bytes)
  (pkts matched/bytes matched) 1908656/521903140
  (total drops/bytes drops) 0/0
  Class-map: Call-Control (match-any)
  615085 packets, 48926098 bytes
  30 second offered rate 84000 bps, drop rate 0 bps
  Match: ip dscp cs3 (24)
  588857 packets, 47299978 bytes
  30 second rate 81000 bps
  Match: ip dscp af31 (26)
  26228 packets, 1626120 bytes
  30 second rate 2000 bps
  Queueing
  Output Queue: Conversation 265
  Bandwidth 500 (kbps) Max Threshold 64 (packets)
  (pkts matched/bytes matched) 337953/26882724
  (depth/total drops/no-buffer drops) 0/0/0
  Class-map: Video (match-any)
  146136 packets, 82165408 bytes
  30 second offered rate 90000 bps, drop rate 0 bps
  Match: ip dscp af41 (34)
  146136 packets, 82165408 bytes
  30 second rate 90000 bps
  Queueing
  Output Queue: Conversation 266
  Bandwidth 3220 (kbps) Max Threshold 64 (packets)
  (pkts matched/bytes matched) 81687/45950190
  (depth/total drops/no-buffer drops) 0/0/0
  Class-map: class-default (match-any)
  35227089 packets, 47492000208 bytes
  30 second offered rate 87718000 bps, drop rate 14714000 bps
  Match: any
  Queueing
  Flow Based Fair Queueing
  Maximum Number of Hashed Queues 256
  (total queued/total drops/no-buffer drops) 0/5171786/0
  exponential weight: 9
  class Transmitted Random drop Tail drop Minimum Maximum Mark
  pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
  0 30181523/39910255774 1297726/1944176143 3893194/5836883998 20 40 1/10
  1 0/0 0/0 0/0 22 40 1/10
  2 0/0 0/0 0/0 24 40 1/10
  3 0/0 0/0 0/0 26 40 1/10
  4 0/0 0/0 0/0 28 40 1/10
  5 0/0 0/0 0/0 30 40 1/10
  6 1213/88749 0/0 0/0 32 40 1/10
  7 0/0 0/0 0/0 34 40 1/10
  rsvp 0/0 0/0 0/0 36 40 1/10

• Cisco 877W router and external ADSL modem

  Cisco 877W router and external ADSL modem
  In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
  The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
  The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
  If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname xxxxxxxxxxxxxxxxxxxxx
  boot-start-marker
  boot-end-marker
  logging buffered 4096 warnings
  enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  aaa new-model
  aaa group server radius sdm-vpn-server-group-2
  aaa group server radius rad_eap
   server 192.168.253.1 auth-port 1812 acct-port 1813
   server 192.168.253.1 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local
  aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa authorization ipmobile default group rad_pmip
  aaa authorization network sdm_vpn_group_ml_2 local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone PCTime 0
  clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-2834265337
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2834265337
   revocation-check none
   rsakeypair TP-self-signed-2834265337
  crypto pki certificate chain TP-self-signed-2834265337
   certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
  dot11 syslog
  dot11 ssid GuestAP
     vlan 101
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 113B162712001F4A2D2B25
  dot11 ssid LanAP
     vlan 100
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
     mbssid guest-mode
  no ip source-route
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.252.1 192.168.252.8
  ip dhcp excluded-address 192.168.252.15 192.168.252.254
  ip dhcp pool sdm-pool1
     import all
     network 192.168.252.0 255.255.255.0
     domain-name XXX.Local
     dns-server xxx.xxx.xxx.xxx
     default-router 192.168.252.254
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  no ip bootp server
  no ip domain lookup
  ip domain name XXX.Local
  ip name-server xxx.xxx.xxx.xxx
  ip name-server xxx.xxx.xxx.xxx
  ip reflexive-list timeout 120
  vpdn enable
  vpdn-group 1
   request-dialin
    protocol pppoe
  username administrator privilege 15 secret 5 £££££££££££££££££££££
  class-map type inspect match-any IN_to_OUT_CLASS
   match protocol tcp
   match protocol udp
   match protocol icmp
  class-map type inspect match-any OUT_to_IN_CLASS
   match protocol https
   match protocol smtp extended
  class-map type inspect match-any DMZ_to_IN_CLASS
   match protocol http
   match protocol https
   match protocol smtp extended
  policy-map type inspect DMZ_to_IN_POL
   class type inspect DMZ_to_IN_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect IN_to_OUT_POL
   class type inspect IN_to_OUT_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect OUT_to_IN_POL
   class type inspect OUT_to_IN_CLASS
    inspect
   class class-default
    drop log
  zone security INSIDE
  zone security OUTSIDE
  zone security DMZ
  zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
   service-policy type inspect OUT_to_IN_POL
  zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_IN source DMZ destination INSIDE
   service-policy type inspect DMZ_to_IN_POL
  bridge irb
  interface Loopback0
   no ip address
  interface Null0
   no ip unreachables
  interface ATM0
   no ip address
   shutdown
   no atm ilmi-keepalive
   dsl operating-mode auto
  interface FastEthernet0
   description Outside Interface (PPPoE)
  interface FastEthernet1
   description Inside Interface
   switchport access vlan 10
  interface FastEthernet2
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface FastEthernet3
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface Dot11Radio0
   no ip address
   no ip route-cache cef
   no ip route-cache
   encryption vlan 100 mode ciphers aes-ccm tkip
   encryption vlan 101 mode ciphers aes-ccm tkip
   ssid GuestAP
   ssid LanAP
   mbssid
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
   channel 2437
   station-role root
  interface Dot11Radio0.100
   description LanAP
   encapsulation dot1Q 100
   no ip route-cache
   no cdp enable
   bridge-group 10
   bridge-group 10 subscriber-loop-control
   bridge-group 10 spanning-disabled
   bridge-group 10 block-unknown-source
   no bridge-group 10 source-learning
   no bridge-group 10 unicast-flooding
  !interface Dot11Radio0.101
  ! description GuestAP
  ! encapsulation dot1Q 101
  ! no ip route-cache
  ! no cdp enable
  ! bridge-group 1
  ! bridge-group 1 subscriber-loop-control
  ! bridge-group 1 spanning-disabled
  ! bridge-group 1 block-unknown-source
  ! no bridge-group 1 source-learning
  ! no bridge-group 1 unicast-flooding
  interface Vlan1
   description $ES_LAN$
   no ip address
   ip virtual-reassembly
   pppoe enable group global
   pppoe-client dial-pool-number 1
   bridge-group 1
  interface Vlan10
   no ip address
   ip virtual-reassembly
   bridge-group 10
  interface Dialer1
   description $FW_OUTSIDE$
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly
   zone-member security OUTSIDE
   encapsulation ppp
   ip route-cache flow
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname XXXXXXX
   ppp chap password 7 xxxxxxxxxxxxxxxxxxx
   ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
   ppp ipcp dns request
   ppp ipcp wins request
   hold-queue 224 in
  interface Dialer0
   no ip address
  interface BVI10
   description Inside Interface
   ip address 192.168.253.254 255.255.255.0
   ip access-group 101 in
   ip helper-address 192.168.253.1
   ip nat inside
   ip virtual-reassembly
   zone-member security INSIDE
  interface BVI1
   description DMZ Interface
   ip address 192.168.252.254 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   zone-member security DMZ
  ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip http access-class 1
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
  ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
  ip access-list extended DMZ_to_IN_POL
   remark SDM_ACL Category=128
   permit ip any any
  ip access-list extended Inside_Clients_NAT
   remark SDM_ACL Category=2
   permit ip 192.168.253.0 0.0.0.255 any
  logging 192.168.253.10
  access-list 1 remark Auto generated by SDM Management Access feature
  access-list 1 remark SDM_ACL Category=1
  access-list 1 permit 192.168.253.0 0.0.0.255
  access-list 100 remark VTY Access-class list
  access-list 100 remark SDM_ACL Category=1
  access-list 100 permit ip 192.168.253.0 0.0.0.255 any
  access-list 100 deny   ip any any
  access-list 101 remark Auto generated by SDM Management Access feature
  access-list 101 remark SDM_ACL Category=1
  access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
  access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
  access-list 101 deny   tcp any host 192.168.253.254 eq telnet
  access-list 101 deny   tcp any host 192.168.253.254 eq 22
  access-list 101 deny   tcp any host 192.168.253.254 eq www
  access-list 101 deny   tcp any host 192.168.253.254 eq 443
  access-list 101 deny   tcp any host 192.168.253.254 eq cmd
  access-list 101 deny   udp any host 192.168.253.254 eq snmp
  access-list 101 permit ip any any
  access-list 199 permit ip any host 10.1.1.1
  dialer-list 1 protocol ip permit
  no cdp run
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
  radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
  radius-server vsa send accounting
  control-plane
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 10 protocol ieee
  bridge 10 route ip
  banner login C Border Router
  line con 0
   no modem enable
   transport output telnet
  line aux 0
   transport output telnet
  line vty 0 4
   access-class 100 in
   privilege level 15
   length 0
   transport input telnet ssh
  scheduler max-task-time 5000
  scheduler interval 500
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  sntp server xxx.xxx.xxx.xxx
  end

  Hi Jody,
  Apologies delay in replying. I have done the following:
  Made two of the FE ports vlan1,BVI1 (for LAN traffic)
  Left one port as VLAN10 as the pppoe client conected to the externalmodem
  Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
  I have DHCP configured to serve the DMZ  addresses.
  This all works for LAN clients and also works for a client attachedto that physical DMZ port.
  When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
  I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
  If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
  I cannot add another VLAN due to the 2 vlan limit in this image.
  Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
  Think I am about to give upon this.
  Regards,

• RADIUS and Cisco 2611 router

  Greetings. First, let me start by saying I am an idiot, I know I am an idiot, and I apologize for wasting everyone's time. I have actually RTFM, many RTFMs, in fact, and I still have not found a resolution.
  Second, I am trying to set up a RADIUS server in my test network. I have installed ClearBox RADIUS on a Windows 2000 system. I have the following configuration on my Cisco 2611 router:
  Using 2297 out of 29688 bytes
  ! Last configuration change at 17:20:27 PDT Tue May 20 2008
  ! NVRAM config last updated at 17:20:29 PDT Tue May 20 2008
  version 12.1
  no service single-slot-reload-enable
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname Tester
  logging buffered 10000 debugging
  aaa new-model
  aaa group server radius RadiusServers
  server 172.26.0.2 auth-port 1812 acct-port 1813
  aaa authentication login default group RadiusServers local
  aaa authentication login localauth local
  aaa authentication ppp default if-needed group radius local
  aaa authorization exec default group radius local
  aaa authorization network default group radius local
  aaa accounting delay-start
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa processes 6
  enable secret xxx
  username test password xxx
  clock timezone PST -8
  clock summer-time PDT recurring
  ip subnet-zero
  no ip domain-lookup
  no ip bootp server
  interface Loopback0
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/0
  description To Main Network
  ip address X.X.X.X 255.255.255.128
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  full-duplex
  no cdp enable
  interface Ethernet0/1
  description To Internal Network
  ip address 172.26.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  load-interval 30
  full-duplex
  no cdp enable
  ip nat pool test X.X.X.X X.X.X.X netmask 255.255.255.128
  ip nat inside source list 3 pool test overload
  ip nat inside destination list 3 pool test
  ip classless
  ip route 0.0.0.0 0.0.0.0 X.X.X.X
  no ip http server
  ip radius source-interface Ethernet0/1
  access-list 3 permit 172.26.0.0 0.0.0.255
  no cdp run
  snmp-server community public RO 15
  radius-server host 172.26.0.2 auth-port 1812 acct-port 1813 key secret
  radius-server retransmit 3
  radius-server key secret
  line con 0
  password xxx
  logging synchronous
  line aux 0
  line vty 0 4
  access-class 10 in
  password 7 1234567890
  logging synchronous
  ntp clock-period 17208108
  ntp server 192.43.244.18
  end
  My RADIUS server is up and responding to requests, but my router does not appear to be forwarding authentication requests to it. In fact, when I log into the router using HyperTerm, it times out, and I end up authenticating locally.
  I really don't care whether my Cisco equipment authenticates against the RADIUS server, but I do need to get it set up to authenticate my users so I can track their time online. What have I missed in my router configuration? Why isn't it forwarding user authentication requests to the RADIUS server.
  Thank you for any assistance you may be able to provide.

  I have found that if I am in the middle of composing a response, and I open the thread in another browser window (to refer to it), when I go to submit my response, it doesn't get posted. Perhaps you are running into the same thing.
  The command I shared:
  aaa authentication enable default group radius local
  ... was erroneous. The keyword should have been "enable", as you have discovered.
  Therefore use:
  aaa authentication enable default group radius enable
  When I view a Wireshark trace I see the following:
  AVP: l=18 t=User-Password(2): Decrypted: "user-PWD\000\000\000\000\000\000\000\000"
  Like you, I see the user password appended with the group of \000 grouping's.
  Note the word "Decrypted" which confirms that the password entered in Wireshark is a match with that entered on the AAA client (for what that's worth).
  I'm not sure if I suggested that this would confirm that the server and client were using the same shared secret. If I did, I miss-spoke. I think we would have to gauge the server's response to the attributes we see passed by the client.
  The Wireshark decryption is much more dramatic with TACACS+ because the whole payload is encrypted.
  My issue with your PPPoE is that I saw no "interface" on the router that is configured to perform such authentication. I do seem to recall a global authentication command with the PPP keyword perhaps. I have not attempted to do this, and am not sure whether the interfaces in your router will support this method. Perhaps someone else will weigh in with an opinion.
  However, there are other mainstream authentication methods that I think you should investigate as well.
  You could implement 802.1x on a switch so that a host has to authenticate before it can gain Layer 3 access to the LAN. Depending on the platform, you can download VLAN assignments and ACLs.
  I believe the router also supports 802.1x, but that may determine whether a host can get "through" the router. I have not had cause to investigate 802.1x on the router. I may do so in the future to authorize access to IPsec tunnels.
  The router is also likely to support Authentication Proxy. This feature intercepts a user's attempt to browse resources on the other side of the router. User specific ACLs can be downloaded to the router (from RADIUS) to control what resources a user can access.
  I think you should:
  1. Resolve the issue(s) with AAA logins on the router. It'll establish a baseline of functionality, and give you some short term joy.
  2. Investigate whether PPPoE support exists on your router's interfaces.
  3. Read up on 802.x and Authentication Proxy (docs on Cisco web site).
  4. Decide which methods appeals to you.
  5. Dive in.
  I'd lose the self-deprecation. I don't think it will serve you well. If you're treated badly, move to a newsgroup where the participants display a higher level of emotional maturity. I don't think you will have an issue on the Cisco forums. Others would probably step in.
  I'm going to be absent for several days, so if you don't receive any response, it will be for said reason.
  Good luck.

• Cisco 878 router for ADSL connectivity

  Hi All,
  I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
  Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
  controller in 878 rtr. I think i m missing something somewhere.
  Below is the config that i have done
  controller DSL 0
  mode atm
  loopback digital
  dsl-mode shdsl symmetric annex A
  line-rate auto
  line-term cpe
  line-mode 2-wire line-one
  ip cef
  ip dhcp excluded-address 192.168.10.1 192.168.10.10
  ip dhcp pool INSIDE-Pool
     import all
     network 192.168.10.0 255.255.255.0
     default-router 192.168.10.1
     dns-server 212.77.192.59 212.77.192.60
     lease 8
  interface ATM0
  description (Outside Public Interface)
  no shutdown
  no ip address
  load-interval 30
  no atm ilmi-keepalive
  pvc 8/35             
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface Dialer0
  ip address negotiated
  no ip redirects
  no ip proxy-arp
  no ip unreachables
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip route-cache flow
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp authentication chap callin
  ppp chap hostname p4411XXXX
  ppp chap password qatarXXXX
  ppp pap sent-username p44114032 password 0 qatarXXXX
  no sh
  ip route 0.0.0.0 0.0.0.0 Dialer0
  no ip http server
  ip nat inside source list 101 interface Dialer0 overload
  access-list 1 permit any
  access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
  access-list 101 permit ip 192.168.0.0 0.0.255.255 any
  dialer-list 1 protocol ip permit

  i have an adsl line
  i try to configure the router 878
  but no connection ,, kann u tel me how do u have resolve the probleme please
  this is the running config
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname cisco2
  boot-start-marker
  boot-end-marker
  no logging buffered
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  resource policy
  clock timezone EST -5
  clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
  ip subnet-zero
  ip cef
  ip name-server 212.217.0.1
  ip name-server 212.217.0.12
  ip name-server 212.217.1.1
  ip ddns update method sdm_ddns1
   DDNS both
  vpdn enable
  vpdn-group pppoe
  crypto pki trustpoint TP-self-signed-201735762
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-201735762
   revocation-check none
   rsakeypair TP-self-signed-201735762
  crypto pki certificate chain TP-self-signed-201735762
   certificate self-signed 01
    3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
    375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
    37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
    C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
    FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
    05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
    02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
    11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
    FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
    D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
    007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
    1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
    E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
    819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
    quit
  username xxxxx privilege 15 password 0 xxxxx
  controller DSL 0
   mode atm
   line-term co
   line-mode 4-wire standard
   dsl-mode shdsl symmetric annex B
   ignore-error-duration  15
   line-rate 4608
  interface BRI0
   no ip address
   encapsulation hdlc
   shutdown
  interface ATM0
   no ip address
   ip nat outside
   ip virtual-reassembly
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   pvc 8/35
    pppoe-client dial-pool-number 1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Vlan1
   description lan
   ip address 192.168.1.5 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly
   ip route-cache flow
   ip tcp adjust-mss 1412
  interface Dialer1
   ip ddns update hostname xxxx.dyndns.org
   ip ddns update sdm_ddns1
   ip address negotiated
   ip mtu 1452
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   no cdp enable
   ppp authentication chap pap callin
   ppp chap hostname xxxxx
   ppp chap password 0 xxxxx
   ppp pap sent-username xxxxx password 0 xxxxx
  interface Dialer0
   no ip address
  ip classless
  ip http server
  ip http access-class 24
  ip http authentication local
  ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip access-list extended to-sip-servers
   remark --- traffic to any sip server
   permit udp 192.168.1.0 0.0.0.255 any eq 5060
  access-list 1 permit 0.0.0.0 255.255.255.0
  access-list 1 permit 192.168.1.0 0.0.0.255
  dialer-list 1 protocol ip permit
  snmp-server community public RO
  no cdp run
  control-plane
  banner motd ^CINE welcome
  banner ^C
  line con 0
   no modem enable
  line aux 0
  line vty 0 4
   password cisco
  scheduler max-task-time 5000
  end

• Cisco 7609 router received higher traffic than upstream provider router is sending

  Hi all,
  I have a Cisco 7609 router that connects to our upstream provider router using 3rd party DWDM Fiber backhaul provider.
  The upstream provider router is a Juniper router that had capped our port speed to 1.1Gbps, the backhaul provider didn't capped our port speed and the maximum speed is 2Gbps since it's a 2x1Gbps port channel interface.
  I have noticed that our 7609 router able to receive traffic that exceeds 1.1Gbps, and the highest traffic able to received is 1.3Gbps and more.
  I have crossed checked the MRTG graph provided by our upstream provider as well as our PRTG graph and indeed we are receiving higher bandwidth than our upstream provider is sending.
  I'd like to know if anyone know how it is possible to receive traffic that is higher than what the neighbor router is sending?
  Regards

  Hi at all,
  We found a solution for this Problem !!
  We always and always got this error:
  %PQUICC-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
  The problem was the cable! The following pin-out is required:
                                          1 ----- 1
                                          2 ----- 2
                                          3 ----- 6
                                          4 ----- 5
                                          5 ----- 4
                                          6 ----- 3
                                          7 ----- 7
                                          8 ----- 8 
  We used this and the fault has disappeared!!
  The only problem that still exists:
  After the first connection the router must be rebooted because otherwise no more additional session is established.
  Thanks for all answers.
  Regards,
  Mario