Viewing MAX-reseved-bandwidth on Cisco 7600 router
Hi everybody
I have been searching a command that will shows us the max-reseved bandwidth ( In the context of QOS) on cisco 7600.
I appreciate your help
Thanks
ciscoR1#show version
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1(3)S5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 12-Feb-13 13:17 by prod_rel_team
ROM: System Bootstrap, Version 12.2(33r)SRD5, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.1(3)S5, RELEASE SOFTWARE (fc2)
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I'm uncertain, but on a 7600 with 15.x IOS, it's likely QoS is following the HQF changes, and if so, max-reserved-bandwidth has really been deprecated.
Similar Messages
-
What is the max. bandwith limitation on cisco 2621XM router
Hi all,
I am new to this forum. The need to learn more about cisco has driven me to this forum. The topics are very helpful.
As per the datasheet provided on Cisco site, 2621XM supports
NM- 1
AIM- 1
WIC - 2
FE - 2
Performace - 30 kpps.
I would like to know the maximum bandwidth it can take.
regds,
MaheshMahesh,
there is no way to go from PPS to bandwidth withouth further hypotesys. The reason way I am saying so is because packet size varies and even switching methods varies so the router might be faster tha expected. I suppose that those 30 KPPS are process switched (which means the router CPU is interrupted to look up the routing table, make a routing decision and queue the packet).
So enabling things like CEF (cisco express forwarding) only the first packet generates an interrupt the rest of the flow will not.
I suggest a basic reading on the subject here:
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1831/products_tech_note09186a00800a7306.shtml
Cheers
Fabio -
How to view Log on the cisco 2821 Router
Hi,
can any one help me to view the Log on the Cisco 2821 router for any issue occur.
Thanks,
SarojCisco devices use the syslog to manage system logs and alerts. But in Cisco devices there is lack of large internal storage space for storing these kinds of logs.So to overcome Cisco devices has the following two options:
1) internanal buffer — That is a small part of memory buffers to collect log the most recent messages. The buffer size is limited and , when the device reboots, these syslog messages are lost.by default it is on
(If not follow this steps
conf t
logging on
logging console.....console logs
logging buffer size ......set the size of buffer
terminal monitor.......to gets logs on the remote terminal like telnet,ssh etc.
sh logging.........to see buffer logs.)
2) Syslog server— By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.
If you have any syslog server please find the below simple config .
conf t
logging host x.x.x.x
logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)
before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time
command to set time manually on router is (set clock ) or to use ntp server use ntp server x.x.x.x to sync clock to router router.
Hop thant is informative ,
Regards,
Ashish -
Cisco 7600 Series (7603) Router Information
Hello,
Does anyone have a link or reference to a good description of the Cisco 7600 boot process and various memory heirarchy functions? I'm looking for information on what should be in NVRAM, FLASH, SUP-BOOTFLASH etc. Thank you.You can find all the 7600 series router info here.
http://www.cisco.com/en/US/products/hw/routers/ps368/products_data_sheet0900aecd801c5cab.html
http://www.cisco.com/en/US/products/hw/routers/ps368/prod_literature.html
HTH,
Sundar -
CISCO E1200 ROUTER REDUCED BANDWIDTH THRUPUT
I am experiencing signifcant bandwidth reduction at a range of about 30 feet from the router. I have a Cisco E1200 router. I have xfinity 30mps speeds. On a wired connection I got close to my 30mps speeds. On a wireless I receive about 25mps while I am within 5 feet of the router. As I run speed tests every five feet I am seeing a significant drop in speeds. At 30 feet I am lucky to get 3mps. The router broadcasts through two metal stud walls between the router and the 30 feet away.
I have upgraded firmware, reset the router, disabled the QoS (WWM) option. The router is configured for WPA2 personal and is using Wi-Fi Protected Setup by defaults. At the time of testing only three devices were connected and only one was actively being utilized.
Any help would be appreciated.
NeilThat sounds normal. When you disabled WMM, you essentially turned it in in to a wireless G router. 25 Mbps is about all you're going to get with that 54 Mbps link speed. That's normal.
Consider purchasing a refurb EA4500 for $65. You'll get better range and throughput. (But if you disable WMM, you'll be back in the same sinking boat). -
Cisco view for Cisco 7201 router
Hi ,
We have LMS 3.0.1 and we are not able to get cisco view for Cisco 7201 router.
Any help would be appricated.
thanks,
SamirMake sure you have version 22.0 of the Rtr7000 CiscoView package loaded. You can update your CiscoView packages under Common Services > Software Center > Device Update.
-
Max-reserved-bandwidth 100% for the interface
According to CCO as following text, the remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic. I want to know why cisco choose 25 percent. why not 30% or 20%?
If I config the max-reserved-bandwidth 100% for the interface, does it will effect the routing protocol? also effect the network conectivity?
thanks for your answer
=======
Usage Guidelines for max-reserved-bandwidth
The sum of all bandwidth allocation on an interface should not exceed 75 percent of the available bandwidth on an interface. The remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic.
If you need to allocate more than 75 percent for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP RTP Priority, and Frame Relay PIPQ, you can use the max-reserved-bandwidth command. The percent argument specifies the maximum percentage of the total interface bandwidth that can be used.
If you do use the max-reserved-bandwidth command, make sure that not too much bandwidth is taken away from best-effort and control traffic.
The max-reserved-bandwidth command is intended for use on main interfaces only; it has no effect on virtual circuits (VCs) or ATM permanent virtual circuits (PVCs).Kevin,
this is the wrong group for this question.
Gilles. -
I am loosing configuration when I power off my Cisco 857 router
I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
I tried it again and it again lost settings. So I found following instruction:
http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
0x2102 not 0x2142 like they think that is password reset mode.
Here is my output from Hyper Terminal:
=============================
Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar 1 01:19:27.786: %SYS-5-RELOAD: Reload requested by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK] Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar 1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized*Mar 1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled*Mar 1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar 1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar 1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar 1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar 1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar 1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar 1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar 1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar 1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar 1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar 1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar 1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar 1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar 1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar 1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar 1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar 1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar 1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar 1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar 1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar 1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
Please help me as I am stuck and can't go any further....Hi David White,
Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
write memory
to save the configuration. You can then verify that your changes have been saved to the startup config by issuing:
show startup-config"
The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
Phillip
write memory
is
copy running-config startup-config"
Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
Could you please write me step by step guide how can I make changed options stay permanently on router?
thank you
Dragan -
Configuration Issue with my Cisco 871 Router
Hi all,
I am a newbie to the Cisco IOS.
I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
Below is my current config:
Hoggers#show config
Using 4414 out of 131072 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Hoggers
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 **********************.
no aaa new-model
crypto pki trustpoint TP-self-signed-568493463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-568493463
revocation-check none
rsakeypair TP-self-signed-568493463
crypto pki certificate chain TP-self-signed-568493463
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.90
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip dhcp pool LANPOOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 41.212.3.2 41.212.3.253
ip domain name yourdomain.com
ip name-server 41.212.3.2
ip name-server 41.212.3.253
archive
log config
hidekeys
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Wan to Outside World
ip address 41.212.79.108 255.255.255.0
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.212.79.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
scheduler max-task-time 5000
end
I'll appreciate any light you can shed on what am missing.2 wireless routers can not communicate wirelessly with each other.
You need to connect cable between 2 routers and use the second wireless router as access point.
Follow this link to connect Linksys router to another router.
Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address. -
Problem with Cisco 861W router and outgoing VPN
We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 216.49.160.10 216.49.160.66
default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciatedHello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router. -
Available bandwindth and 'max-reserved bandwidth'
Is the max-reserved bandwidth only important when working with Qos classes and the bandwidth statement? Is the default 75% available bandwidth only used then?
In other words if I have a 100MB link with a service policy applied for Voice, Call-Control and video. After that I notice the available bandwidth on thie 100MB link is 61280 kilobits/sec.
If I put in a 'max-reserved bandwidth 95' would I reclaim another 20MB of bandwidth for the class-default? Would leaving 5% on the 100MB link for routing and other stuff be acceptable?
Here is the config and show commands:
class-map match-any Call-Control
match ip dscp cs3
match ip dscp af31
class-map match-any Video
match ip dscp af41
class-map match-any Voice
match ip dscp ef
policy-map QOS_classes_to_ACN
class Voice
priority 10000
class Call-Control
bandwidth 500
class Video
bandwidth 3220
class class-default
fair-queue
random-detect
interface FastEthernet6/0
description 100MB Link to ACN
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip route-cache flow
no ip mroute-cache
load-interval 30
duplex full
speed 100
service-policy output QOS_classes_to_ACN
ROC-RT7206-QMOE#sh int f6/0
FastEthernet6/0 is up, line protocol is up
Hardware is i82543 (Livengood), address is 00b0.4a28.3ca8 (bia 00b0.4a28.3ca8)
Description: 100MB Link to ACN
Internet address is xxx.xxx.xxx.xxx/xx
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 183/255, rxload 21/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output 00:00:00, output hang never
Last clearing of "show interface" counters 01:13:30
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 5211742
Queueing strategy: Class-based queueing
Output queue: 70/1000/64/5211742 (size/max total/threshold/drops)
Conversations 2/35/256 (active/max active/max total)
Reserved Conversations 2/2 (allocated/max allocated)
Available Bandwidth 61280 kilobits/sec <--- Available bandwidth
30 second input rate 8615000 bits/sec, 6860 packets/sec
30 second output rate 71788000 bits/sec, 7484 packets/sec
31692173 packets input, 4263195179 bytes
Received 1204 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
34536300 packets output, 2513155446 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped outHere is the output of show policy-pam int:
ROC-RT7206-QMOE#sh policy-map int f6/0
FastEthernet6/0
Service-policy output: QOS_classes_to_ACN
Class-map: Voice (match-any)
3417571 packets, 934178998 bytes
30 second offered rate 1722000 bps, drop rate 0 bps
Match: ip dscp ef (46)
3417571 packets, 934178998 bytes
30 second rate 1722000 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 10000 (kbps) Burst 250000 (Bytes)
(pkts matched/bytes matched) 1908656/521903140
(total drops/bytes drops) 0/0
Class-map: Call-Control (match-any)
615085 packets, 48926098 bytes
30 second offered rate 84000 bps, drop rate 0 bps
Match: ip dscp cs3 (24)
588857 packets, 47299978 bytes
30 second rate 81000 bps
Match: ip dscp af31 (26)
26228 packets, 1626120 bytes
30 second rate 2000 bps
Queueing
Output Queue: Conversation 265
Bandwidth 500 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 337953/26882724
(depth/total drops/no-buffer drops) 0/0/0
Class-map: Video (match-any)
146136 packets, 82165408 bytes
30 second offered rate 90000 bps, drop rate 0 bps
Match: ip dscp af41 (34)
146136 packets, 82165408 bytes
30 second rate 90000 bps
Queueing
Output Queue: Conversation 266
Bandwidth 3220 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 81687/45950190
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
35227089 packets, 47492000208 bytes
30 second offered rate 87718000 bps, drop rate 14714000 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/5171786/0
exponential weight: 9
class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 30181523/39910255774 1297726/1944176143 3893194/5836883998 20 40 1/10
1 0/0 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 1213/88749 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10 -
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
Greetings. First, let me start by saying I am an idiot, I know I am an idiot, and I apologize for wasting everyone's time. I have actually RTFM, many RTFMs, in fact, and I still have not found a resolution.
Second, I am trying to set up a RADIUS server in my test network. I have installed ClearBox RADIUS on a Windows 2000 system. I have the following configuration on my Cisco 2611 router:
Using 2297 out of 29688 bytes
! Last configuration change at 17:20:27 PDT Tue May 20 2008
! NVRAM config last updated at 17:20:29 PDT Tue May 20 2008
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname Tester
logging buffered 10000 debugging
aaa new-model
aaa group server radius RadiusServers
server 172.26.0.2 auth-port 1812 acct-port 1813
aaa authentication login default group RadiusServers local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa processes 6
enable secret xxx
username test password xxx
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip domain-lookup
no ip bootp server
interface Loopback0
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
description To Main Network
ip address X.X.X.X 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
full-duplex
no cdp enable
interface Ethernet0/1
description To Internal Network
ip address 172.26.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
load-interval 30
full-duplex
no cdp enable
ip nat pool test X.X.X.X X.X.X.X netmask 255.255.255.128
ip nat inside source list 3 pool test overload
ip nat inside destination list 3 pool test
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
no ip http server
ip radius source-interface Ethernet0/1
access-list 3 permit 172.26.0.0 0.0.0.255
no cdp run
snmp-server community public RO 15
radius-server host 172.26.0.2 auth-port 1812 acct-port 1813 key secret
radius-server retransmit 3
radius-server key secret
line con 0
password xxx
logging synchronous
line aux 0
line vty 0 4
access-class 10 in
password 7 1234567890
logging synchronous
ntp clock-period 17208108
ntp server 192.43.244.18
end
My RADIUS server is up and responding to requests, but my router does not appear to be forwarding authentication requests to it. In fact, when I log into the router using HyperTerm, it times out, and I end up authenticating locally.
I really don't care whether my Cisco equipment authenticates against the RADIUS server, but I do need to get it set up to authenticate my users so I can track their time online. What have I missed in my router configuration? Why isn't it forwarding user authentication requests to the RADIUS server.
Thank you for any assistance you may be able to provide.I have found that if I am in the middle of composing a response, and I open the thread in another browser window (to refer to it), when I go to submit my response, it doesn't get posted. Perhaps you are running into the same thing.
The command I shared:
aaa authentication enable default group radius local
... was erroneous. The keyword should have been "enable", as you have discovered.
Therefore use:
aaa authentication enable default group radius enable
When I view a Wireshark trace I see the following:
AVP: l=18 t=User-Password(2): Decrypted: "user-PWD\000\000\000\000\000\000\000\000"
Like you, I see the user password appended with the group of \000 grouping's.
Note the word "Decrypted" which confirms that the password entered in Wireshark is a match with that entered on the AAA client (for what that's worth).
I'm not sure if I suggested that this would confirm that the server and client were using the same shared secret. If I did, I miss-spoke. I think we would have to gauge the server's response to the attributes we see passed by the client.
The Wireshark decryption is much more dramatic with TACACS+ because the whole payload is encrypted.
My issue with your PPPoE is that I saw no "interface" on the router that is configured to perform such authentication. I do seem to recall a global authentication command with the PPP keyword perhaps. I have not attempted to do this, and am not sure whether the interfaces in your router will support this method. Perhaps someone else will weigh in with an opinion.
However, there are other mainstream authentication methods that I think you should investigate as well.
You could implement 802.1x on a switch so that a host has to authenticate before it can gain Layer 3 access to the LAN. Depending on the platform, you can download VLAN assignments and ACLs.
I believe the router also supports 802.1x, but that may determine whether a host can get "through" the router. I have not had cause to investigate 802.1x on the router. I may do so in the future to authorize access to IPsec tunnels.
The router is also likely to support Authentication Proxy. This feature intercepts a user's attempt to browse resources on the other side of the router. User specific ACLs can be downloaded to the router (from RADIUS) to control what resources a user can access.
I think you should:
1. Resolve the issue(s) with AAA logins on the router. It'll establish a baseline of functionality, and give you some short term joy.
2. Investigate whether PPPoE support exists on your router's interfaces.
3. Read up on 802.x and Authentication Proxy (docs on Cisco web site).
4. Decide which methods appeals to you.
5. Dive in.
I'd lose the self-deprecation. I don't think it will serve you well. If you're treated badly, move to a newsgroup where the participants display a higher level of emotional maturity. I don't think you will have an issue on the Cisco forums. Others would probably step in.
I'm going to be absent for several days, so if you don't receive any response, it will be for said reason.
Good luck. -
Cisco 878 router for ADSL connectivity
Hi All,
I got a Cisco 878-k9 G.SHDSL router. I am trying to configure to get connectivity to my Service Provider.
Earlier i have configured Cisco 877 router serval times. But Cisco 878 for the first time. There is a DSL
controller in 878 rtr. I think i m missing something somewhere.
Below is the config that i have done
controller DSL 0
mode atm
loopback digital
dsl-mode shdsl symmetric annex A
line-rate auto
line-term cpe
line-mode 2-wire line-one
ip cef
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp pool INSIDE-Pool
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 212.77.192.59 212.77.192.60
lease 8
interface ATM0
description (Outside Public Interface)
no shutdown
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
ip address negotiated
no ip redirects
no ip proxy-arp
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname p4411XXXX
ppp chap password qatarXXXX
ppp pap sent-username p44114032 password 0 qatarXXXX
no sh
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip nat inside source list 101 interface Dialer0 overload
access-list 1 permit any
access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permiti have an adsl line
i try to configure the router 878
but no connection ,, kann u tel me how do u have resolve the probleme please
this is the running config
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname cisco2
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip cef
ip name-server 212.217.0.1
ip name-server 212.217.0.12
ip name-server 212.217.1.1
ip ddns update method sdm_ddns1
DDNS both
vpdn enable
vpdn-group pppoe
crypto pki trustpoint TP-self-signed-201735762
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-201735762
revocation-check none
rsakeypair TP-self-signed-201735762
crypto pki certificate chain TP-self-signed-201735762
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303137 33353736 32301E17 0D303230 33303130 32353235
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3230 31373335
37363230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A62304BC 27194971 2A4FAEB3 9D57240E 26EDED2A 1674FF9A 7CBBB8F2 85245C3B
C4DDBBF8 F8A67D31 5FDCBD11 72A2735D 9E8FC84B 17B55C71 43C10E41 ACC50BEC
FCE8D9EE 6D2B0B55 9BD5B62C 3981506F 04B92C25 CA4C307E BC6A6A5F 4FBEF0EE
05FEFA57 C7D879FD 79EF442F 121D6393 57E96F31 5414D1D5 4FADFBC0 95C9EAB3
02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
11040B30 09820763 6973636F 322E301F 0603551D 23041830 16801418 6C8FED13
FFD7B2FB F6FA47E7 682B0093 FAE2AC30 1D060355 1D0E0416 0414186C 8FED13FF
D7B2FBF6 FA47E768 2B0093FA E2AC300D 06092A86 4886F70D 01010405 00038181
007C867C AC28A7F0 4BDD261C 81A71F1D E0671C28 F4724F5D ED1FE702 BCE234D9
1F85FE90 4D0AD23E 9904CBF9 D44A8CD5 0F5515BB 8FEEE4BB FF9795E1 7770B60A
E37455CC D6606EAF E0EAEEA4 932F55E6 91C6F87F 1D022203 08AD7C78 4DCF5AEA
819D2367 2B5054CC 695A4EF5 BC9ADA26 F7803106 E94BD666 179EB3DF 4CDE4CB8 1C
quit
username xxxxx privilege 15 password 0 xxxxx
controller DSL 0
mode atm
line-term co
line-mode 4-wire standard
dsl-mode shdsl symmetric annex B
ignore-error-duration 15
line-rate 4608
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
description lan
ip address 192.168.1.5 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
interface Dialer1
ip ddns update hostname xxxx.dyndns.org
ip ddns update sdm_ddns1
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp pap sent-username xxxxx password 0 xxxxx
interface Dialer0
no ip address
ip classless
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip access-list extended to-sip-servers
remark --- traffic to any sip server
permit udp 192.168.1.0 0.0.0.255 any eq 5060
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
control-plane
banner motd ^CINE welcome
banner ^C
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
scheduler max-task-time 5000
end -
Cisco 7609 router received higher traffic than upstream provider router is sending
Hi all,
I have a Cisco 7609 router that connects to our upstream provider router using 3rd party DWDM Fiber backhaul provider.
The upstream provider router is a Juniper router that had capped our port speed to 1.1Gbps, the backhaul provider didn't capped our port speed and the maximum speed is 2Gbps since it's a 2x1Gbps port channel interface.
I have noticed that our 7609 router able to receive traffic that exceeds 1.1Gbps, and the highest traffic able to received is 1.3Gbps and more.
I have crossed checked the MRTG graph provided by our upstream provider as well as our PRTG graph and indeed we are receiving higher bandwidth than our upstream provider is sending.
I'd like to know if anyone know how it is possible to receive traffic that is higher than what the neighbor router is sending?
RegardsHi at all,
We found a solution for this Problem !!
We always and always got this error:
%PQUICC-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
The problem was the cable! The following pin-out is required:
1 ----- 1
2 ----- 2
3 ----- 6
4 ----- 5
5 ----- 4
6 ----- 3
7 ----- 7
8 ----- 8
We used this and the fault has disappeared!!
The only problem that still exists:
After the first connection the router must be rebooted because otherwise no more additional session is established.
Thanks for all answers.
Regards,
Mario
Maybe you are looking for
-
Finding query access frequency or how many times a query has been executed?
Dear Experts I need to find the total number of access frequency of individual queries that are requested by the users say at a particular time. Say there are 20 distinct queries requested in the time difference of 3 hours. All of the 20 queries or s
-
My 820 is showing as updated to the amber software but i am still not able to download certain apps. The appstore message says i need to update to amber????? Any ideas? I'm on an 820 on O2 in the uk.... thankyou
-
Why is there no option to tweak the EQ for music on the iPhone?
Apple iPhones should have this option stock standard who the **** is running this backyard operation? Why should I have to DL third party apps for something the iPhone should already have? If apple didn't bring back google maps I would have never upd
-
I have an arraycollection, Called myPrices. I just want to display the Product number from the arraycollection. I dont know the syntax. This gets me [Object.object] <mx:Text text="{myPrices}"/> If I make a datagrid and make one column be PWDL01 I get
-
My macbook pro is very slow. what can i do?
my macbook pro is very slow. what can i do?