WRT160N Router and DMZ

Similar Messages

• Will a WRE54G repeater work with a WRT160N router?

  I'm using a WRT160N router and only getting 2 bars out of 5; fair signal. A friend has offered to sell me a WRE54G range expander. Will a G repeater work with an N router?

  Yes,the WRE54G should work with WRT160N...You need to match all the wireless settings of the router to the range expander and it should work then.

• Port forwarding and DMZ refuses to work properly on WRT54G wireless router.

  I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
  here's a screenshot of my port forwarding page:
  http://img205.imageshack.us/img205/1497/linksysbg2.jpg
  here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
  http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
  now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. Thanks

  Did you tired upgrade of the firmware on the router??
  Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time ....

• Configuring WRT160n router to maximize range and speed

  I have just bought and installed a WRTn160 router. I used the default configuration settings. Unfortunately, I realized that on my second floor, one computer (g) did not pick up the signal and the other computer (n) was extremely slow. On the contrary my old LinkSys (b) router worked just fine with both machines. I then changed the 'Wide' channel to 20MHz and used channel 6 (the default was 'Auto'). This improved the speed on the second floor considerably. My questions are:
  1- How do I know if the computer supporting 802.11n is actually using it? The manual indicates that 20MHz is for b/g only.
  2-  If this configuration is supporting b/g only, how can I configure the router to support (n) computer while still supporting the (g) computer and maintaining range and speed?
  3- How can I test for bandwidth between my desktop and the two other wireless computers? Currently, I only test bandwidth using my ISP. Needless to say, this is limited to bandwidth for Internet connectivity. 
   4- Advertisement for n routers indicate increased speed and range. This has not been my experience, in fact to the contrary, range dramatically shrunk. Is this limited range a configuration issue? a WRT160n router issue? or a limitation with the technology (802.11n)?

  I would suggest you to readjust the wireless settings of the router...
  On the setup page,click on the Wireless tab,Change the channel to 11 and click on save settings..Under Wireless tab,click on Advance Wireless Settings tab and Change N document.write("Transmission Rate")Transmission Rate to 15-130Mbps, Change the Beacon Interval to 75, Fragmentation Threshold to 2304,RTS Threshold to 2304 and Click on save settings... Under Security tab,uncheck " document.write("Filter Anonymous Internet Requests")Filter Anonymous Internet Requests"...Power cycle the network and check the result.

• Cisco asa 5505 issues ( ROUTING AND PAT)

  I have some issues with my cisco asa 5505 config. Please see details below:
  NETWORK SETUP:
  gateway( 192.168.223.191)   - cisco asa 5505 ( outside - 192.168.223.200 , inside - 192.168.2.253, DMZ - 172.16.3.253 )  -
  ISSUES:
  1)
  no route from DMZ to outside
  example:
  ping from 172.16.3201 to the gateway
  6          Jan 27 2014          11:15:33                    172.16.3.201          39728                              Failed to locate egress interface for ICMP from outside:172.16.3.201/39728 to 172.16.3.253/0
  2)
  not working access from external to DMZ AT ALL
  ASA DETAILS:
  cisco asa5505
  Device license          Base
  Maximum Physical Interfaces          8          perpetual
  VLANs          3      DMZ Restricted
  Inside Hosts          Unlimited          perpetual
  configuration:
  firewall200(config)# show run
  : Saved
  ASA Version 9.1(3)
  hostname firewall200
  domain-name test1.com
  enable password xxxxxxxxxxx encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd XXXXXXXXXXX encrypted
  names
  interface Ethernet0/0
  switchport access vlan 100
  interface Ethernet0/1
  switchport access vlan 200
  interface Ethernet0/2
  switchport access vlan 200
  interface Ethernet0/3
  switchport access vlan 200
  interface Ethernet0/4
  switchport access vlan 300
  interface Ethernet0/5
  switchport access vlan 300
  interface Ethernet0/6
  switchport access vlan 300
  interface Ethernet0/7
  switchport access vlan 300
  interface Vlan100
  nameif outside
  security-level 0
  ip address 192.168.223.200 255.255.255.0
  interface Vlan200
  mac-address 001b.539c.597e
  nameif inside
  security-level 100
  ip address 172.16.2.253 255.255.255.0
  interface Vlan300
  no forward interface Vlan200
  nameif DMZ
  security-level 50
  ip address 172.16.3.253 255.255.255.0
  boot system disk0:/asa913-k8.bin
  boot config disk0:/startup-config.cfg
  ftp mode passive
  clock timezone GMT/BST 0
  clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  dns server-group DefaultDNS
  domain-name test1.com
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network office1-int
  host 172.16.2.1
  object network firewall-dmz-gateway
  host 172.16.3.253
  object network firewall-internal-gateway
  host 172.16.2.253
  object network com1
  host 192.168.223.227
  object network web2-ext
  host 192.168.223.201
  object network web2-int
  host 172.16.3.201
  object network gateway
  host 192.168.223.191
  object network office1-int
  host 172.16.2.1
  object-group network DMZ_SUBNET
  network-object 172.16.3.0 255.255.255.0
  object-group service www tcp
  port-object eq www
  port-object eq https
  access-list DMZ_access_in extended permit icmp any any
  access-list DMZ_access_in extended permit ip any any
  access-list outside_access_in extended permit tcp any object web2-ext eq www
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500 
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-714.bin
  no asdm history enable
  arp DMZ 172.16.4.199 001b.539c.597e alias
  arp DMZ 172.16.3.199 001b.539c.597e alias
  arp timeout 14400
  no arp permit-nonconnected
  object network web2-int
  nat (DMZ,outside) static web2-ext service tcp www www
  access-group outside_access_in in interface outside
  access-group DMZ_access_in in interface DMZ
  route inside 172.168.2.0 255.255.255.0 192.168.223.191 1
  route inside 172.168.3.0 255.255.255.0 192.168.223.191 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.223.227 255.255.255.255 outside
  http 172.163.2.5 255.255.255.255 outside
  http 172.163.2.5 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 192.168.223.227 255.255.255.255 outside
  ssh 172.163.2.5 255.255.255.255 outside
  ssh 172.163.2.5 255.255.255.255 inside
  ssh timeout 60
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd address 172.16.2.10-172.16.2.10 inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 176.58.109.199 source outside prefer
  ntp server 81.150.197.169 source outside
  ntp server 82.113.154.206
  username xxxx password xxxxxxxxx encrypted
  class-map DMZ-class
  match any
  policy-map global_policy
  policy-map DMZ-policy
  class DMZ-class
    inspect icmp
  service-policy DMZ-policy interface DMZ
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:9c73fa27927822d24c75c49f09c67c24
  : end

  Thank you one more time for everthing. It is workingin indeed
  Reason why maybe sometimes I had some 'weird' results was because I had all devices connected to the same switch.Separtated all networks to a different switches helped.Anyway if you could take a look one last time to my configuration and let me know if it's good enough to deploy it on live ( only www for all , ssh restricted from outside, lan to dmz) .Thanks one more time.
  show run
  : Saved
  ASA Version 9.1(3)
  hostname firewall200
  domain-name test1.com
  enable password xxxxxxxxxx encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd xxxxxxxxxxxx encrypted
  names
  interface Ethernet0/0
  switchport access vlan 100
  interface Ethernet0/1
  switchport access vlan 200
  interface Ethernet0/2
  switchport access vlan 200
  interface Ethernet0/3
  switchport access vlan 200
  interface Ethernet0/4
  switchport access vlan 300
  interface Ethernet0/5
  switchport access vlan 300
  interface Ethernet0/6
  switchport access vlan 300
  interface Ethernet0/7
  switchport access vlan 300
  interface Vlan100
  nameif outside
  security-level 0
  ip address 192.168.223.200 255.255.255.0
  interface Vlan200
  mac-address 001b.539c.597e
  nameif inside
  security-level 100
  ip address 172.16.2.253 255.255.255.0
  interface Vlan300
  no forward interface Vlan200
  nameif DMZ
  security-level 50
  ip address 172.16.3.253 255.255.255.0
  boot system disk0:/asa913-k8.bin
  boot config disk0:/startup-config.cfg
  ftp mode passive
  clock timezone GMT/BST 0
  clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  dns domain-lookup inside
  dns domain-lookup DMZ
  dns server-group DefaultDNS
  name-server 8.8.8.8
  name-server 8.8.4.4
  domain-name test1.com
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network firewall-dmz-gateway
  host 172.16.3.253
  object network firewall-internal-gateway
  host 172.16.2.253
  object network com1
  host 192.168.223.227
  object network web2-ext
  host 192.168.223.201
  object network web2-int
  host 172.16.3.201
  object network gateway
  host 192.168.223.191
  object network office1-int
  host 172.16.2.1
  object-group network DMZ_SUBNET
  network-object 172.16.3.0 255.255.255.0
  object-group service www tcp
  port-object eq www
  port-object eq https
  access-list DMZ_access_in extended permit icmp any any
  access-list DMZ_access_in extended permit ip any any
  access-list DMZ_access_in extended permit tcp 172.16.3.0 255.255.255.0 interface outside eq ssh
  access-list outside_access_in extended permit tcp any object web2-int eq www
  access-list outside_access_in extended permit tcp any object web2-int eq ssh
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any DMZ
  asdm image disk0:/asdm-714.bin
  no asdm history enable
  arp DMZ 172.16.4.199 001b.539c.597e alias
  arp DMZ 172.16.3.199 001b.539c.597e alias
  arp timeout 14400
  no arp permit-nonconnected
  object network web2-int
  nat (DMZ,outside) static web2-ext net-to-net
  access-group outside_access_in in interface outside
  access-group DMZ_access_in in interface DMZ
  route outside 0.0.0.0 0.0.0.0 192.168.223.191 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.223.227 255.255.255.255 outside
  http 172.163.2.5 255.255.255.255 outside
  http 172.163.2.5 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 192.168.223.227 255.255.255.255 outside
  ssh 172.163.2.5 255.255.255.255 outside
  ssh 172.16.3.253 255.255.255.255 outside
  ssh 172.163.2.5 255.255.255.255 inside
  ssh timeout 60
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 176.58.109.199 source outside prefer
  ntp server 81.150.197.169 source outside
  ntp server 82.113.154.206
  username xxxxx password xxxxxxxxx encrypted
  class-map DMZ-class
  match any
  policy-map global_policy
  policy-map DMZ-policy
  class DMZ-class
    inspect icmp
  service-policy DMZ-policy interface DMZ
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:f264c94bb8c0dd206385a6b72afe9e5b
  : end

• How to connect my Mac Book Pro to Linksys WRT160N router

  HI,
  I just bought a   Linksys WRT160N router. I pop the installation disk in my mac book pro and walk thru the installation procedure successfully.
  But I can't connect wirelessly from my MacBook Pro (running mac os x 10.5).
  It sees the router and I did type in the password correctly (i copy from the text file generated by the installation procedure), but I keep getting 'coonnection timeout'.
  Anyone has similar problem and know how to fix it?
  Thank you. 

  I experienced this behavior today.  My client had a WRT160N version 3 running on firmware 3.0.02.  I upgraded it to the current version, 3.0.03, because checking for upgrades is part of the service I provide to my clients.  After that point, I could not connect wirelessly -- I got the "connection timeout" message every time I provided the password.  Reviewing the firmware release notes, I saw a mention of "Fixed wireless channel 11 being unstable."  My client was operating on channel 11.  When I moved the router to channel 1, bingo -- the wireless connected perfectly.  And no, no one in the vicinity was running another network on 11 -- there was only one other, and he was on 6, which is non-overlapping.
  The best part was when I called Cisco for help and got told there would be a charge for assistance to solve the problem their own firmware obviously caused, that (unlike every other manufacturer in the business) they don't recommend people upgrading their firmware unless something is clearly broken (where is that on the website or in the upgrade instructions, please?), and that they don't keep copies of the older firmware.

• WRT160n V3 and LAN network

  I own a WRT160n V3 router, and it's set up to be the host of a wired LAN setup. To detail the layout, one computer is directly connected to the router. A cable then feed from the router and into an ethernet port which leads to the back of the house. At the back, a D-Link DSS-5 switch connects to the port that feeds to the router at the front. From this switch, my brother connects his PC, along with another ethernet cable that leads back to my room. This cable then connects to yet another DSS-5 switch that I connect my PC and Xbox 360 to. As of late, there have been frequent disconnections  for my brother's PC, my own PC, and the Xbox 360, all of which occurring at the same exact time. It will lag out for a few seconds, then reconnect, but only after whatever we were doing online is terminated from signal loss. The {C at the front that is connected to the router has a stable connection, however. I've made sure the router has the latest firmware and even went so far to switch out ethernet cables for newer ones, but to no avail. Any help would be appreciated, because I've just about had it. 

  If the computer connected directly to your linksys is behaving normally and not losing connection then your problem is likely downstream of the router.
  Would it be possible to simulate your setup with short 6 foot ethernet cables between the switches in the same room instead of the current custom cable runs? Could your custom home cabling be the problem? Runs too long maybe? What happens if you swap the two switches, does the problem persist the same

• WRE54G is already connected to WRT160N Router, but can not get access to internet?

  Hello,,,
  I have seven of rung expanders WRE54G and all settings i set as this link
  http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=4104&p_created=11611...
  * same wireless SSID name
  * same Channle  ( What is the difference between the channel number 6 & number 11 for example?)
  * security ( i used WPA2 mixed, that is not in WRE54G, so what i should use)
  * Each Expander has own IP address as 192.168.1.2 up to 192.168.1.8
  Is the gateway mean the main IP of router 192.168.1.1 ?
  all those expanders connected with WRT160N ( the Link gets Blue light)
  but my laptop can not get the IP address near of any of those expanders, to get the access to the internet!!!!
  What is the reason please?
  Message Edited by Almowdmer on 11-10-2008 12:42 AM

  I am very happy to communicate with you ( I sure i can learn some thing from you my brother )
  Your words are true seven the number of expanders is not easy option
  or the cause of the success of the wireless network coverage May succeed strengthened,
  with one or two, but more than that needs to be a better distributor.
  I think I will use RangePlus WRT110 as repeater in some floor where the wireless signal
  is not can work, after connecting through the wire with the main router,
  and then I can get half the reference from the repeater when i useing the WRE54G expander
  What do you think?!!
  I put on my experience on this link
  http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread.id=115808
  Message Edited by Almowdmer on 11-16-2008 10:21 PM

• Problem logging onto WRT160N router.

  I installed the WRT160N router successfully, setting the type of connection (B/G/N/) to mixed. My laptop and wireless printer see the network just fine, but when I try to logon with the laptop, I get the following error message: "The network password needs to be 40 bits or 104 bits depending on your network configuration. This can be entered as 5 or 13 ASCII characters or 10 or 26 hexadecimal digits." I can't figure out when I go back to the setup of the router which settings need to be changed and to what. The wireless printer can't log on to the router either. Thanks...

  Make sure that you are using correct network key (for Ex: 10hex or 26hex digit)  ..... Check the key from the setup page of wireless router .....

• WRT160N Router drops connection

  I have a couple laptops connected to a brand new WRT160N. Previous to putting in the new router, I never had any problems. Now that I have the new router, one of my laptops keeps dropping the connection. I have to open the wireless settings and disconnect/reconnect to get it to work. Oddly, sometimes when I do that there is no password in the connection information, but if I close it and start it again it generally works. I am using WPA2 encryption and windows XP machines.
  Any thoughts?

  I have the WRT160N router, running a mixed g/n standard (though both computers connect through g) with WPA2 security. Both laptops are Windows XP, though on the one that loses connection I did upgrade from SP2 to SP3 to see if it made a difference (none). I have a NAS drive attached, but I just put that on last night. Also have an iPod docking station attached (internet radio to my stereo), but have not used it and unplugging did not seem to impact. Other than that, I think its pretty vanilla.
  I am not a real tech guy, so if I missed anything important (and I assume I did) let me know.
  Any help is appreciated.

• Cisco 877W router and external ADSL modem

  Cisco 877W router and external ADSL modem
  In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
  The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
  The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
  If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname xxxxxxxxxxxxxxxxxxxxx
  boot-start-marker
  boot-end-marker
  logging buffered 4096 warnings
  enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  aaa new-model
  aaa group server radius sdm-vpn-server-group-2
  aaa group server radius rad_eap
   server 192.168.253.1 auth-port 1812 acct-port 1813
   server 192.168.253.1 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login default local
  aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa authorization ipmobile default group rad_pmip
  aaa authorization network sdm_vpn_group_ml_2 local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  clock timezone PCTime 0
  clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
  crypto pki trustpoint TP-self-signed-2834265337
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2834265337
   revocation-check none
   rsakeypair TP-self-signed-2834265337
  crypto pki certificate chain TP-self-signed-2834265337
   certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
  dot11 syslog
  dot11 ssid GuestAP
     vlan 101
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 113B162712001F4A2D2B25
  dot11 ssid LanAP
     vlan 100
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
     mbssid guest-mode
  no ip source-route
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.252.1 192.168.252.8
  ip dhcp excluded-address 192.168.252.15 192.168.252.254
  ip dhcp pool sdm-pool1
     import all
     network 192.168.252.0 255.255.255.0
     domain-name XXX.Local
     dns-server xxx.xxx.xxx.xxx
     default-router 192.168.252.254
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  no ip bootp server
  no ip domain lookup
  ip domain name XXX.Local
  ip name-server xxx.xxx.xxx.xxx
  ip name-server xxx.xxx.xxx.xxx
  ip reflexive-list timeout 120
  vpdn enable
  vpdn-group 1
   request-dialin
    protocol pppoe
  username administrator privilege 15 secret 5 £££££££££££££££££££££
  class-map type inspect match-any IN_to_OUT_CLASS
   match protocol tcp
   match protocol udp
   match protocol icmp
  class-map type inspect match-any OUT_to_IN_CLASS
   match protocol https
   match protocol smtp extended
  class-map type inspect match-any DMZ_to_IN_CLASS
   match protocol http
   match protocol https
   match protocol smtp extended
  policy-map type inspect DMZ_to_IN_POL
   class type inspect DMZ_to_IN_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect IN_to_OUT_POL
   class type inspect IN_to_OUT_CLASS
    inspect
   class class-default
    drop log
  policy-map type inspect OUT_to_IN_POL
   class type inspect OUT_to_IN_CLASS
    inspect
   class class-default
    drop log
  zone security INSIDE
  zone security OUTSIDE
  zone security DMZ
  zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
   service-policy type inspect OUT_to_IN_POL
  zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
   service-policy type inspect IN_to_OUT_POL
  zone-pair security DMZ_TO_IN source DMZ destination INSIDE
   service-policy type inspect DMZ_to_IN_POL
  bridge irb
  interface Loopback0
   no ip address
  interface Null0
   no ip unreachables
  interface ATM0
   no ip address
   shutdown
   no atm ilmi-keepalive
   dsl operating-mode auto
  interface FastEthernet0
   description Outside Interface (PPPoE)
  interface FastEthernet1
   description Inside Interface
   switchport access vlan 10
  interface FastEthernet2
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface FastEthernet3
   description Inside Interface
   switchport access vlan 10
   spanning-tree portfast
  interface Dot11Radio0
   no ip address
   no ip route-cache cef
   no ip route-cache
   encryption vlan 100 mode ciphers aes-ccm tkip
   encryption vlan 101 mode ciphers aes-ccm tkip
   ssid GuestAP
   ssid LanAP
   mbssid
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
   channel 2437
   station-role root
  interface Dot11Radio0.100
   description LanAP
   encapsulation dot1Q 100
   no ip route-cache
   no cdp enable
   bridge-group 10
   bridge-group 10 subscriber-loop-control
   bridge-group 10 spanning-disabled
   bridge-group 10 block-unknown-source
   no bridge-group 10 source-learning
   no bridge-group 10 unicast-flooding
  !interface Dot11Radio0.101
  ! description GuestAP
  ! encapsulation dot1Q 101
  ! no ip route-cache
  ! no cdp enable
  ! bridge-group 1
  ! bridge-group 1 subscriber-loop-control
  ! bridge-group 1 spanning-disabled
  ! bridge-group 1 block-unknown-source
  ! no bridge-group 1 source-learning
  ! no bridge-group 1 unicast-flooding
  interface Vlan1
   description $ES_LAN$
   no ip address
   ip virtual-reassembly
   pppoe enable group global
   pppoe-client dial-pool-number 1
   bridge-group 1
  interface Vlan10
   no ip address
   ip virtual-reassembly
   bridge-group 10
  interface Dialer1
   description $FW_OUTSIDE$
   ip address negotiated
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly
   zone-member security OUTSIDE
   encapsulation ppp
   ip route-cache flow
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname XXXXXXX
   ppp chap password 7 xxxxxxxxxxxxxxxxxxx
   ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
   ppp ipcp dns request
   ppp ipcp wins request
   hold-queue 224 in
  interface Dialer0
   no ip address
  interface BVI10
   description Inside Interface
   ip address 192.168.253.254 255.255.255.0
   ip access-group 101 in
   ip helper-address 192.168.253.1
   ip nat inside
   ip virtual-reassembly
   zone-member security INSIDE
  interface BVI1
   description DMZ Interface
   ip address 192.168.252.254 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   zone-member security DMZ
  ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip http access-class 1
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
  ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
  ip access-list extended DMZ_to_IN_POL
   remark SDM_ACL Category=128
   permit ip any any
  ip access-list extended Inside_Clients_NAT
   remark SDM_ACL Category=2
   permit ip 192.168.253.0 0.0.0.255 any
  logging 192.168.253.10
  access-list 1 remark Auto generated by SDM Management Access feature
  access-list 1 remark SDM_ACL Category=1
  access-list 1 permit 192.168.253.0 0.0.0.255
  access-list 100 remark VTY Access-class list
  access-list 100 remark SDM_ACL Category=1
  access-list 100 permit ip 192.168.253.0 0.0.0.255 any
  access-list 100 deny   ip any any
  access-list 101 remark Auto generated by SDM Management Access feature
  access-list 101 remark SDM_ACL Category=1
  access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
  access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
  access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
  access-list 101 deny   tcp any host 192.168.253.254 eq telnet
  access-list 101 deny   tcp any host 192.168.253.254 eq 22
  access-list 101 deny   tcp any host 192.168.253.254 eq www
  access-list 101 deny   tcp any host 192.168.253.254 eq 443
  access-list 101 deny   tcp any host 192.168.253.254 eq cmd
  access-list 101 deny   udp any host 192.168.253.254 eq snmp
  access-list 101 permit ip any any
  access-list 199 permit ip any host 10.1.1.1
  dialer-list 1 protocol ip permit
  no cdp run
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
  radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
  radius-server vsa send accounting
  control-plane
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 10 protocol ieee
  bridge 10 route ip
  banner login C Border Router
  line con 0
   no modem enable
   transport output telnet
  line aux 0
   transport output telnet
  line vty 0 4
   access-class 100 in
   privilege level 15
   length 0
   transport input telnet ssh
  scheduler max-task-time 5000
  scheduler interval 500
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
  sntp server xxx.xxx.xxx.xxx
  end

  Hi Jody,
  Apologies delay in replying. I have done the following:
  Made two of the FE ports vlan1,BVI1 (for LAN traffic)
  Left one port as VLAN10 as the pppoe client conected to the externalmodem
  Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
  I have DHCP configured to serve the DMZ  addresses.
  This all works for LAN clients and also works for a client attachedto that physical DMZ port.
  When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
  I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
  If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
  I cannot add another VLAN due to the 2 vlan limit in this image.
  Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
  Think I am about to give upon this.
  Regards,

• Router and related question

  Try to do the web hosting. The Web Server will host about 10 web applications for the public access (from several hundreds to a couple of thousands people to concurrently access). This server will be located in a Server-Hosting-Company which will use T1/T3 line to connect with the Internet. My web server will be placed in the hosting company's server room (This means that the hosting company will take care of the internet connection, while my server in turn will connect to the company's LAN system). . Now my questions are:
  1) I would like to have a router to act as a firewall, switch, VPN, and to support the DMZ. There is only the data pass though (no sound and vedio is required)
  Of course, the faster, the better. But I would also take the budget into the consideration, so the router should resasonably get the job down, but not be over spended on. Which Cisco routers fits better: 1801 or 2801, or else?
  2) This router will not connect to a DSL or T1 or T3, instead, it will directly plug into the server room's LAN system, can I hook it up using the router's Ethernet port?
  3) To place a web cache machine in the DMZ, can I connect the Web Cache machine to the router's Ethernet port? Or, is there a port SPECIALLY for the DMZ to make the connection?
  Many thanks.
  Scott

  1800s are fixed configs with only wic slots, and you dont need wic slots in your app.
  Get a 2811 for a min, it will have two fastE interfaces or you can get a 2821 or 2851 which have 2 GigE ports onboard. You can use IOS firewal feature on the router and also can do VPN. You need to get the Advanced security or higher feature set and an AIM card if you plan to terminate a lot of VPN connections.
  To support a DMZ switch on the router itself you can buy a module such as NM-16ESW - 16 port switch and put your servers there. You can use ACLS and CBAC to permit specific traffic going to these web servers.
  IOS firewall wont be truly the same as using a dedicated firewall such as PIX or ASA. So I would recommend using a PIX firewall for this purpose.

• Router and Wireless Ps3 Problems. Please help.

  well ok i had a previous router, wireless, and it work well with my ps3. Then i found out hey wait, my NAT type 3 is preventing me from playing with my friends. So i tried to fix it. Well something went wrong and my router just completely failed on me. So i went and bought a Linksys WRT160N. Bam it was amazing. My internet work on my ps3 and computer. But yet i still had a NAT type3. The only positive thing was i now had uPnP avaliable. So i went to try and fix my NAT type....then something went wrong again. Today i was opening the ports b/c someone said open your ports to change NAT 3 to NAT 2. Then all of a sudden i try my connection on my ps3 and it says Error 8013013E, cannot reach the access point. It wouldnt even get the Ip Adress. Everything is typed in right and the WPA security, but still cant connect to the access point. Plus if this helps, when i try to do the Wi-Fi Protective Setup, it says failed. I was thinking about just returning the router to its manufactured state but i dont know how. Any suggestions??

  I think the ports on your router are not opened properly, that's the reason the NAT type on your PS3 is set to NAT3.
  To make your PS3  work with your Router, follow the steps bellow. 
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter... Leave username blank & in password use admin in lower case...
  On the set-up tab change the MTU Size to 1452 and click Save Settings...
  Once you return to the set up page click on the Security tab and uncheck Block Anonymous Internet Requests and click on Save Settings...
  Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
  1) On the first line in Application box type in ABC, in the start box type in 80 and End box type in 80, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  2) On the second line in Application box type in DEF, in the start box type in 443 and End box type in 443, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  3) On the third line in Application box type in GHI, in the start box type in 5223 and End box type in 5223, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  4) On the fourth line in Application box type in JKL, in the start box type in 3478 and End box type in 3479, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  5) On the fifth line in Application box type in MNO, in the start box type in 3658 and End box type in 3658, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  6) On the sixth line in Application box type in PQR, in the start box type in 10070 and End box type in 10080, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box and click on Save Settings
  7) Now assign the given ip address on your PlayStation ip address :- 192.168.1.20, subnet mask :- 255.255.255.0, default gateway :- 192.168.1.1...
  8) Also assign the dns addresses on the PlayStation Primary dns :- 4.2.2.2...Secondary dns :- 192.168.1.1
  9) Turn off your modem, router, and PlayStation...Wait for a minute...
  10) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the PlayStation and test it...

• WRT54GS Router and NAT 3 PS3 Problems

  Ok. I need a lot of help. And yes. I used the search option prior to posting this topic and none of it answered my questions. I did try a few tips I saw firsthand at these topics but it still didn't solve my Nat 3 Problem. Heres my ps3s setup basically. Set the MTU to 1365, in the firewall settings unchecked Block Anonymous Internet Requests, In the Applications and Gaming tab I put my PS3s IP address in the DMZ. Tested my connection on my PS3 and the same NAT 3. I want to **bleep** a brick now because I have been frustrated by this. Googling didn't help. So I am hoping you guys can help me figure this out. FYI: I am changing this setting through the LAN connected from my PC to the router and I have my PS3 wired to the router also. With this NAT 3 problem my downloads are slow as hell and although I haven't tested online gaming yet this will be a huge factor in the lag.

  Try forwarding ports TCP: 80, 443, 5223 UDP: 3478, 3479, 3658 on the rotuer setup page ... See if it works ...

• N Ultra Range Pluse WRT160n router

  I can't connect my N Ultra Range Pluse WRT160n router wirelessly to my laptop.It showing undefined network only & it IP address taking is starting with 169 and it is not asking the network share key also . But I can connect to another laptop & my laptop can connect another wireless connection .kindly reply me what is the problem?
  one more problem i have when i  try to connect wirelessly to another laptop it is asking pin only not asking the key
  kindly reply me
  Solved!
  Go to Solution.

  I think you need to make some wireless changes on your Router. I think this will solve the problem.
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave username blank & in password use admin in lower case...
  For Wireless Settings, please do the following : -
  Click on the Wireless tab
  -Here select manual configuration...Wireless Network mode should be mixed...
  -Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
  - Set the Radio Band to Standard-20MHz and change the Standard channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
  Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
  For Wireless Security : -
  Click on the Sub tab under Wireless > Wireless Security...
  Change the Wireless security mode to WPA, For Encryption, select AES...For Passphrase input your desired WPA Key. For example , MySecretKey , This will serve as your network key whenever you connect to your wireless network. Do NOT give this key to anyone.
  NOTE : Passphrase should be more that 8 characters...
  Click on Advanced Wireless Settings
  Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
  Now see if you can locate your Wireless Network and attempt to connect...
  OR.
  While connecting to your Wireless Network, If it ask you for the Pin number, Flip your Router upside down, and you will find the 8 digit Pin number, note down the pin number and when prompted type and Pin number and click on Connect and you should be able to go online wirelessly from your Computer.