Cisco Switching/Routing :: 3600 Accessing Wireless Access Point From Remote Subnet
Mar 28, 2013
I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace)
I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.
View 12 Replies
ADVERTISEMENT
Oct 23, 2012
I noticed that the 3600 access point series will get an add-on module to support 802.11ac. This standard will support more than 1 GBit/s.But the 3600 series still do only have got one GBit port. Any extended information about 802.11ac in the upcoming Cisco portfolio?
View 8 Replies
View Related
Apr 12, 2011
Main Site allows communication from Remote Site via VPN to Windows ServerMain Site also has a secondary subnet that communicates ONLY through internet but NOT to the Windows Server.Sonicwall 192.168.168.x is main siteRemote Site is 192.168.0.x connecting to Main Site to access shared folders on serverSecondary subnet at Main Site is 192.168.0.x using Windows XP PC's. They are accessing a linux server at 192.168.0.215 which Main Site has no access to.VPN remote ip's are 192.168.0.x - they can successfully access the Windows Server at 192.168.168.100 BUT NOT 192.168.0.215.GOAL: Want to connect Remote Site to Secondary subnetWilling to make router changes or whatever is necessary to get Remote Site to access Secondary Subnet with the only exception that the Secondary Subnet REMAINS.VPN DHCP is turned off but willing to turn it on.Willing to make the Linux Server 'discoverable' on the Windows Server. Don't know linux at all but another co-worker set it up and can make changes.
View 4 Replies
View Related
May 16, 2013
i have router 2911
pub ip: 121.97.65.61-74
interface gigabitethernet 0/1
ip address 121.97.65.61/28
[Code].....
and other ip will drop/kick/disconnected automatically
how to implement this on access list
View 6 Replies
View Related
Oct 16, 2012
it is each wireless access point need to have different subnet, if 24 users connect at the same time? will it be slow down if 24 user put in the same network?
View 1 Replies
View Related
Nov 1, 2011
Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...
Should i put routing from outside 1.1.1.2 to 192.168.10.x by using 192.168.100.1 as a gateway?
View 1 Replies
View Related
May 24, 2012
Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped. I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts? The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).
View 4 Replies
View Related
Mar 23, 2011
I want to give access to remote subnet on firewall 5505.
Remote subnet is 16x.15X.56.0
Here is my access list
access-list outside_5_cryptomap extended permit ip 192.168.12.0 255.255.254.0 16x.15X.56.0 255.255.254.0
View 7 Replies
View Related
Jul 11, 2012
I have a network with 3 sites that are on different subnets. Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?
View 2 Replies
View Related
Jun 9, 2013
I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.
View 1 Replies
View Related
Jul 23, 2012
I've got a remote site which is connected to the headquarters via VPN site to site IP Sec tunnel. When I am in my office I have no problem to reach the remote network, but, when I try to connect to the remote network via VPN client, I can't reach it.in the remote office I've hot a Router 3800 (Cisco IOS Software, 3800 Software (C3845-DVENTERPRISEK9-M), Version 12.4(13c), RELEASE SOFTWARE (fc2)) in the headquarters I've got an ASA 5520 Version 8.0(3) I've chequed access-list, and network objects and it seems everythink ok.
local network: 10.30.0.0 0.0.0.0
remote network 10.31.0.0 0.0.0.0
ASA
object-group network remote-network
network-object 172.16.27.0 255.255.255.0
[code]....
View 3 Replies
View Related
Sep 9, 2012
I have a Netgear modem/router [DGN1000] (192.168.0.x) that serves as a the router for network 1 and also as the internet gateway. I have a Cisco [E4200] (192.168.1.x) router connected to the Netgear modem via the WAN port on the Cisco. This serves as the router for network 2.
DHCP is turned on for both routers. I can access all devices on network 1 using any device o network 2 including the Netgear modem configuration page, but I cant access any device on network 2 from network 1. Is it possible to have access to devices from both networks? [URL]
View 3 Replies
View Related
Sep 2, 2011
I've seen/heard people use several different ways to subnet sizes for Point-to-Point links. I see pros and cons for all these ways. [code]
View 10 Replies
View Related
Feb 14, 2011
I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.
View 6 Replies
View Related
Apr 25, 2012
I have an 871w set up to add wireless connectivity to an existing network. When adding a client to the physical interfaces to test VLAN internet connectivity, however, a DHCP address is assigned but internet traffic on the terminal never reaches the network nor does the network recognize the IP the terminal shows as being 'connected'. Also, pings sourced from the VLAN do reach destinations. I've attached my config file, I think it's a routing issue of some kind.
10.26.99.0 is the existing network. 10.26.99.1 is an existing 871w router set as the DHCP server for that network and 10.26.99.10 is a Windows Server 2003 DNS box. VLAN 2 and DHCP pool alpha were control sets for trialing DNS settings.
View 10 Replies
View Related
Feb 14, 2012
I have a 1130 cisco access point,we are using this for wireless cisco IP phone connectivity to the network.Earlier access point was woring fine and we were able to make calls through IP phone.But we have relocated to new place.Now the access point is not working and we are not able to make the calls on the wireless IP phone as the access point is not working.But the access is in the netwrok and we are able to ping the IP address of the Access point.
We are contonuously getting the below loggs on Access point and the access point is getting power from the ethernet port of the switch not through the external powerr adaptor.
error message:
: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
4507R (0012.7fb6.6e6c).
how to make this work.
View 6 Replies
View Related
Oct 8, 2011
I have set up an access point as per the instructions I found on this site. It works perfectly, holds a wireless signal fine. Now, I have the challenge of trying to remote connect to the home computer that is connected to this access point. I have absolutely no clue as to what changes in settings have to be made.
View 4 Replies
View Related
Dec 5, 2012
I'm using the ctrl-break sequence in hyperterminal during the the initial boot, and it's hanging.
View 1 Replies
View Related
Jun 10, 2012
On a small Bording School we have the students living in several small houses, each equipped with an AP.Each Ap serve 4 Vlans.I want to restrict the switch for these AP, in a way to keep the students from removing the AP and connecting their own equipment.I tried using the secure port feature on the SG300, but that had the result of allowing the AP but denying all the users connected to the AP.The switch is a SG300-28P placed in L3 mode.
View 3 Replies
View Related
May 22, 2013
I have Cisco Access point AIR-CAP1602I-N-K9 ,My doubt is,is this AP support on WLC AIR-WLC2112-K9
View 1 Replies
View Related
Apr 3, 2012
i am trying to configure my HP 420 access point. I have configure different SSID on it, This access point is connected to cisco 4500 switch, i have configure trunk on up link to access point.my problem is the client are not able to get an IP address form the correct vlan if i tagged the SSID to it.
in the following the output of show run int in cisco 4500 switch:
interface GigabitEthernet3/13
description ==== HP ACCess point ====
switchport trunk allowed vlan 99,130,132
switchport mode trunk
[code]....
View 1 Replies
View Related
Sep 6, 2012
Just installed ASA -5505 replaced cisco 851
My exchange server hosts remote outlook clients and remote web access
no one on the remote side can access my exchange server
internal mail flows in bound and out bound.
My iphone can not access the exchange server either.
When the Cisco 851 was online all the above worked great. Nothing changed on the remote client side just put the ASA 5505 in service.
I am new to the ASSA 5505 family. Had a reseller configure the router but unable to get them at this hour. Called Cisco support but they are closed at this time also.
View 5 Replies
View Related
Apr 16, 2013
I need to know if 3502p with outdoor antennas supports Point-to-Point Wireless Bridging?
View 6 Replies
View Related
Jun 25, 2012
I can't figure out how to get the config right for the 802.11n channel to work.
View 4 Replies
View Related
Jan 27, 2013
i have to Bridge the AP to VLAN1 which has the DHCP pool. For some reason when I try to do this from iOS console it tells me that gig0 is not a bridgable interface. I am newb to Cisco iOS (24 hours new ). I got the Cisco Configuration Professional working and would like to fix my issue through there if possible? why my AP wont get anything but APIPA addresses?
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 13 Replies
View Related
Mar 31, 2013
I am not sure if what I am trying to accomplish is possible. On my internal network I have the following VLANs setup (102, 104, 106) and they map one to one to a subnet (ie: 102 = 192.168.102.0/23, 104 = 192.168.104.0/24, etc).All interVLAN routing is done on a 3560 via vlan SVI. Connected to the 3560 via a routed port is a ASA 5510. The routed port has IP 192.168.100.1 and the ASA interface on the other side of that routed port has IP 192.168.100.2. I use 802.1x on the wired network to assign users (based on their department) into a specific VLAN. I want to extend this concept to Remote VPN access. Therefore I setup multiple Group Policies (policy is applied based on an LDAP attribute) where each policy defines a different DHCP scope. This has successfully allowed me to login wtih different users who get assigned to different Group policies and they obtain the correct DHCP IP address from the internal DHCP server (ie: an engineering person logins remotely and gets an IP in 192.168.102.0 range). However the issue (and as I was planning this out I knew this would come up) is that traffic can be routed out from the VPN client to its destination but there is no return path.
View 3 Replies
View Related
Jun 19, 2012
I'm working designing a switch system for our core/data center.
We have 5 esx hosts, 2 sans with 3 nodes each. We have voice servers, a couple of routers and a few odds and ends. There are 7 other locations aggregating into this data center via 1-2gbps fiber connections. The bandwidth usage on these links is minimal, but there is a total of about 3000 devices aggregating into the system. My main concern right now is the 3560G's are seeing many output drops, due to the small buffer size on those switches. I have been looking at couple of options to resolve this issue, including the 4948E, 4507E, and 3750X switches.
Budget being the biggest factor, I am finding that the 4507 might be out of the price range. So I was leaning towards the 4948E switches for connecting the servers and iscsi san's as the 3750X is not recommended for iscsi. Redundancy is important so I would like to have two. The second concern is that I need to aggregate the fiber connections and for that I was looking at the ME-3600X or possibly the WS-C3750X-12S-E. I'm running eigrp, so this switch would need to have full routing, as it would also serve as the core switch for the 4948E's.
So in the end I was thinking that two 4948E switches up linked to the ME-3600X which would do full routing for the fiber aggregation and any routing needed for the servers and sans.
Servers and Sans_________4948E________ME-3600X_________7 fiber connections
|____________4948E_____________|
I would look at a second ME-3600X in the future for redundancy. This is the lowest cost biggest buffer solution that I could find.
View 2 Replies
View Related
Oct 27, 2011
I've just been testing QOS on 3560 with version 15.0(1) and it seems the the default qos trust behavior on access ports has changed. By default the trust state of a port is not to trust anything, however rather than rewriting the DSCP value of the incoming packets and settign it to 0 the switch now seems to leave the DSCP value unchanged.
SW04-C3560(config)# do sh mls qos int g0/2
GigabitEthernet0/2
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
[Code]......
View 4 Replies
View Related
Feb 27, 2013
How would I bridge a wireless connection with a distance of 400 feet? Would twoAP1262N-A-K9 be able to make this happen? Or is there another wireless bridge that you all can think of?I would be connecting one AP1262 of off a 3750g switch and at the far end (400 ft aproximately) another AP1262N-A-K9.
View 12 Replies
View Related
Feb 15, 2012
I have 2 data centers miles apart. They are on a Paetec MPLS. I have a Lightower point to point Ethernet link between the two data centers as well. At data center A, I have a Paetec managed router (192.168.2.1). The subnets behind that router are 192.168.2.0, 192.168.100.0 and 192.168.101.0. I also have a Cisco 1841 that is configured with fa0 addressed as 192.168.2.250 and fa1 as 10.5.5.1. Fa1 is the one end of the point to point Ethernet link to data center B.At data center B, I have a Paetec managed router (10.0.2.1). The subnets behind that router are 10.0.2.0, 10.0.100.0 and 10.0.101.0. I also have a Cisco 1841 that is configured with fa0 addressed as 10.0.2.250 and fa1 as 10.5.5.2.What I want to happen is any traffic headed from data center A destined for 10.0.100.0 or 10.0.101.0 to be routed through the point to point Ethernet link. I had Paetec add routes in their managed router to route any traffic headed for 10.0.100.0 and 10.0.101.0 to my Cisco 1841 (192.168.2.250).I wanted to do the same for traffic destined for 192.168.100.0 and 192.168.101.0 from data center B. Paetec added the appropriate routes to the router at data center B.Now, if I trace from data center A to 10.0.100.45, I see this:
1 <1 ms <1 ms <1 ms 192.168.2.1
2 <1 ms <1 ms <1 ms 192.168.2.250
3 4 ms 4 ms 4 ms 10.5.5.2
4 3 ms 3 ms 3 ms 10.0.2.1
So the routing seems to be ok. However after it hits 10.0.2.1, it gets lost after that.Am I missing something? Is this a misconfiguration on Paetec’s routers?
View 1 Replies
View Related
May 8, 2012
I have a question for Cisco Cat.2960-s Flex Stack switches which are installing on our sties. Two of 2960-s Stack switches as access switch and two of Cisco ME 3600X Series as distribution layer switches are to be installed in our sites. In case of two stack switches, One is will be a Master and the other one will be a member logically, as you know. So, if the master fails, the other one automatically becomes the stack master following a well-documented election process.
Now, it is my question. How long takes to be a stack master from a member switch ? I cant find it on white paper of Cat.2960-s flex stack .
And also, I heard that sometimes a member switches don't election process when the master fails as a result, all stack members become
a panic. Is that really right ? In addition, I heard that the stack switches have many troubleshooting points than stand alone switches.
I really wanna know if the stack switches are good solution for resilience of huge network site. I'm waiting an answer from those who have experience of maintenance or installation.
View 9 Replies
View Related
Apr 20, 2012
I had a new AIR-AP1042N-N-K9 access point and I tried to convert it into lightweight mode with the image c1140-rcvk9w8-tar.124-21a.JA2.tar . I used all the methods but the AP is getting hanged at one position after decompressing the new IOS. The capture of the process is below: [code] After this I am getting the junk characters and everytime AP hangs at this position.
View 4 Replies
View Related
Mar 15, 2012
I have 2 cisco 1941/K9 vpn router. I have configured both with LAN ip address given by our vpn provider which is 172.10.10.1 and the other is 172.10.20.1. Both IP addresses are configured to GigabitEthernet port 0/0 on both routers.
1. Is it possible to configure our own set of ip address like 10.71.10.1 and 10.71.50.1 on the GE 0/0 port?
2. Or can we configure our own set of ip addresses (10.71.10.1 and 10.71.50.1) to GigabitEthernet port 0/1 and maintain the other ip addresses on port 0/0?
The first purpose is to have our own set of ip addresses for LAN connection and I will be able to connect or telnet whichever ip address or port is up.
View 0 Replies
View Related
