I am setting up a link between buildings that uses wireless links. I'm using Layer 3 routed ports on 2 3560 switches to handle the routing between sites. Normally I would just put these in a /30 and then the switches handle the rest. However, the wireless access points have a web interface for managing them that I want to be able to access, but it's only available on the single NIC that also carries traffic. What would be the best way of making this work? Should I make the link a /29 and give the access points an IP in the same range? If this is the case what do I use for the default gateway for the access points?
I have included a diagram to try to explain the issue clearer. The IP addresses in black are what I would do if this were a standard cable (and indeed this will work, but I wont be able to access the admin interface of the wireless AP) and the red ip addresses are the alternative if I use a /29 (but as I said, I'm not sure what to use for the default gateways).
I can not find any information about management port of Cisco ISR 2911, 2921 and so on. There is management port in specification of 2911 and 2921 and I do not know if this port can be as a simple Ethernet port – forward traffic in/out on L3.
I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace)
I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.
I have IOS content filtering using the Trend Micro subscription service working on a 2911 running 15.1.(3)T3 with the security license option and a 30 day demo Trend subscription. Once I figured out that the content filtering for Trend appears to be completely broken in 15.2 (even using docs for 15.2) I went back to 15.1 and it works great.
Everything seems great so far except I would like to have a more 'fancy' or custom blocked page where a user can have a couple links to either go to the trend micro reporting page [URL] or some other page, and maybe some branding so they know the page is coming from our network and is not some fake security thing or phishing attempt or whatever.
I know I can use the 'parameter-map type urlf policy trend ' section to do a tiny bit of customization of the text that appears on the default blocked page display and there is an option for it to go to a simple redirect instead ('block-page redirect -url') but how to do more with either the built in page or the redirect- url to keep the information of what page the user was trying to access and why it was blocked (category etc.) while adding more features.
Oh, one last thing, this doesn't support any kind of 'user override' or anything like that does it? So that a network can have a filter applied but an admin could override the filtering to allow temporary access to something?
I have installed a cisco 2911 router and the cisco usb console drivers on my pc, win 7 64 bit.however when I use putty and open the com port assigned it just goes blank, I am using the usb port on my laptop to connect and using the cisco usb console cable provided
I am new to the ACE30. I a basic configuration from the CLI and I am trying to use the device manger. I am able to get to the web informational page rather then accessing the login page. I have rest the password for both the admin and www and still no go. my question is how to go into enabling the GUI access.
I have a new SG300-28P, and have had occasional issues with being unable to connect to it via anything other than the serial port. I have connectivity between my machine and the switch (tested with ping each way), and in fact, have the same problem if I take a laptop to the switch and connect them directly.What happens is that though the switch is operating normally, http, https, ssh and telnet attempts to access all fail in one way or another. Ssh and telnet either yields no response or a refused connection (even though those services are enabled). For http and https, I'll occasionally get enough of the web page to be able to tell what it is ... but attempts to log in just don't work.While this is happening, the CPU and packet load on the switch is very, very low.Rebooting didn't work entirely, though it may have made it better. Resetting to factory defaults and then reconfiguring makes it work.This is using the latest firmware: 220.127.116.11.
We have purchased a number of 2911 routers.We got Base & security license as we wanted to enable encryption. However we probably wont use the security.We are replacing 2811 routers.Unfortunately the 2811 routers have FXS ports with 2 - 4 POTS handsets - I completely forgot about these ports when I was ordering.Now I have VIC3-FXS cards which are ok in the 2911 but unfortunately I cant get them to work.I am missing PVDMs (well adapters anyway), and even if I got them the router wont take any commands relating to voice due to the license.Is is possible to 'rehost' the security and turn it into a UC ?I am new to these 2911 and Licensing.
I have a 2801 router that I am replacing with a 2911. I know the ports on the 2911 are Gigabits and the 2801 are Fe. I read where the IOS would not support backup and restore on each other . I am attaching a show ver on both routers. I need to know if backup and restore would work and or what other changes would need to get done.
I have a Cisco 2911 router that I will like to use it for setting up a site to site VPN but the router does not support VPN commands. When I issue crypto isakmp command, it says command no recognized. When I issue ipsec transform-set command, it says command not recognized. The IOS running on my router is c2900-universalk9-mz.SPA.151-2.T1.bin. Also see the output of my show licences features command: [code]
what can be done on this router to enable use it for setting up a VPN connection.
I have a 2911 router with 15.1(4) Ios Version. I need to enable the evaluation sna feature but when I try to enter the command "license feature snasw" but I get an error, the command "License feature" does not exist.
I am planning on having a contractor in to configure some new routers and would like for him to login using the local account on the routers while company personal continues to use radius is this possible.
And I got 2 internet connections from isp one is static ip leased line and the other one i dsl dynamic ip one.
What I want is i need to configure internet load balance between these 2 internet and also i need to use static ip for remote access vpna and for my exchange port forwarding.
My dsl line in 100 mps and my leased line 2mb dedicated.
I configured the router as with some example config i got on internet my internet is fine but load balancing not happening and i configured the REMOTE ACCESS VPN . I am able to connect the remote access vpn but no communication through remote access . i cannot reach any device through remote access.
Note: if load balancing is not possible how i can configure for internet traffic use dsl line and for remote access vpn and live exchange port forwarding through leased line.
I am attaching my configuration and also debug crypto isakmp status
I'm have serveral issues with my router.First, using port 8090, I'm unagle to get remote management of the router.Port 8090 is forwarded to the router 192.168.1.10 I have other issues too, I think the router is blocking my FTP conenction to my NDAS drives.I wish the router would show the UPnP port that are autoamtically added t othe system.Port 80 works well going to my NDAS drives.Firewall, DoS Blocking WAN are all turned off.
I am trying to connect my Cisco 2911 router to my community in CNA. I can see the routers on the topology map, but when I try to add to community I get an error message stating that the router is unreachable (Unable to connect). I can ping device from ame client. I can view Device Properties for map (Device type: CISCO2911/K9). Telenet attempt to connect but we only use SSH for connectivity (the same as all of my switches that are connected to community). 2911 is listed as a supported router on Cisco site.
whether a Cisco Router 2911 would work on images other than universal image. This is the question raised by one of our customer. He has 2811 Router where-in he has configured T1/E1 configuration, terminated to Zyxel Modem and working fine. Now he wants to replace this 2811 router with 2911 router. Since the universal image in 2911 router is not working with the present configuration in 2811 router, he wants to know, what options are there for him to configure this in 2911.
We have a Cisco 2911 router in our company. I didn't set it up myself nor I was involved. I only started working here recently, bit over 3 months ago. I have been given ongoing task which other IT Technicians been struggling for almost a year with a idea that maybe because I'm fresh person in the company I will find a original idea why could this thing not work.
Our router have a problem with blocking a single IP address, but not completely It's hard to explain but I will try my best. Company is hosting their website externally and accessing the host and FTP on the host on daily bases. It is important for the website to work on the internal network in company. It does work sometimes, but from time-to-time the website showing time-out error 118 on any point before Cisco router using both http and https, have tried putting just the IP address( doesn't matter is it on the general network or last ISA server on DMZ ). I am able to connect to the website using any of proxy gates but not directly to the website. I have also tested the connection past the router and I was able to connect to the website without any problems. I am also able to ping the host's address from the router and internal network.
I have eliminated the possibility of not correctly setup proxy or firewall on the network as problem also occur on the DMZ. I have also checked access-lists on the router and firewall rules for Any possibilities and I can't really see a way why would the router do this.
how this switch module works in 2911 router? I have two 2911 routers in HSRP configuration for redundancy with crossover cable between switch modules. OSPF running on routers.If active router loses its power and then comes back again, it boots first, its internal link to switch module comes up and it starts to forward packets to switch module. The switch module starts to boot only after router is ready. So I have outage of about 3-4 minutes. For our real-time applications it is way too long.
any way to start booting of the switch module before router gets ready?I understand I can boot it manually, but it is only after router is ready. Only way to get around it I found is to disable internal link and use router interface to connect to the switch module.
I have a small issue with Remote Management on my E4200v2.I have enabled it , select https and set Allowed Remote IP Address to any on the default port ( 8080 ).After all of this, I cannot connect to my router from my office or any other place. I'm using DDNS and all its ok ( updated at time ). I've tried also connecting to my direct ip address ( dynamic ) but with no result.P.S. no incoming log from port 443 using https.
I want to be able to login to a router remotely and foward a port on the router. I thought i saw a spot for remote management but don't know how to use it. I have a dyn account and can create a dns for it.
i setup security dvrs on the internet so clients can see cameras from outside their homes. I would like to be able to login to a router if i need to foward a port or something similar.
My University has free Internet at student homes, but we need to login by PPTP to get an official, public IPv4 and be able to reach the outside world. The network people at the University says that when the PPTP is up, everything should be open (no firewall of any kind).
have my WRT160NL that gets a 10.10.73.0/23 address from DHCP on WAN port. Currently I have 10.10.74.21. My internal network uses 172.17.17.0/24.My PPTP-server is located at 10.192.1.1 and when I connect, I usually get an IP in the 18.104.22.168/24-range. Currently I have 22.214.171.124. I use DynDNS to make sure I always know the public IP by the host binders.dyndns.info ...
So, I have Remote management enabled with HTTP and HTTPS, any IP and default port 8080. But no response from the outside world seems to go through.If I turn of the "filter ICMP" but keep the SPI Firewall on, I get ping reply from external sources towards my router, but still no HTTP or HTTPS response.I also have a Torrent I try to port forward to to be active, this is 23277, and this is the only thing that keeps coming up in the incoming log on my router.
It's not possible to connect to the routers management over the PPTP-tunnel?And why can't I get the port forward to work .. Same reason? PPTP 126.96.36.199 -> 172.17.17.100 (LAN) won't work?
We have a RV042. remote management is set to DISABLE - but even after restarting the router i can access the interface remotely over the internet.even when i enable it and change the port to say 5555 i can connect to the web interface using either port 5555 but ALSO on port 80.what's wrong here?the only way to stop that was to create a rule that blocks port 80 on the WAN interface. (btw. could this rule affect LAN users when browsing the web?)
I have the need to filter multicast between vlans as described below. PIM Sparse-Mode is being utilized for this multicast network and changing any Vlan to PIM Dense mode is not an option.
- Vlan 217 and Vlan 4 should not be communicating on mcast with any other vlan, including eachother (each vlan isolated).
-Vlan 64 and Vlan 80 are able to communicate witch each other on mcast but not with any other vlans (isolated vlan group).
-All other vlans can communicate mcast freely.
What I've created thus far is below. It does not appear to be the most elegant solution and would be difficult for the administrators to adjust as new requirements come along. Yes, I will be adding the appropriate link-local multicast addresses so as to not break routing and other dependent technologies.
ip access-list ext ANY_CONN permit ip any any ip access-list ext MCAST_INTRA_217 permit ip 188.8.131.52 184.108.40.206 220.127.116.11 255.255.224.0 permit ip 18.104.22.168 255.255.224.0 22.214.171.124 126.96.36.199 ip access-list ext MCAST_ISOLATE
Probably an easy fix but something's weird in my config. I am setting up a new network, so this is not production, Routed environment, down to the access layer using 3560-x l3 switches.
vlan 10: data vlan 20: wifi vlan 30: wifi guests vlan 40: voip
My objective is to allow all traffic OUTBOUND to certain subnets (10.10.0.0/24, 10.10.100.0/24, 10.10.110.0/24 10.10.120.0/24) and block any other 10.0.0.0/8 networks. By doing it this way, after blocking all other internal traffic, I allow everything else to ensure internet traffic can go out.
Extended IP access list VLAN10_TRAFFIC_FLOW 10 permit ip any 10.10.0.0 0.0.0.255 20 permit ip any 10.10.100.0 0.0.0.255 30 permit ip any 10.10.110.0 0.0.0.255 40 permit ip any 10.10.120.0 0.0.0.255 50 deny ip any 10.0.0.0 0.255.255.255 (5 matches) 60 deny ip any 172.16.0.0 0.0.255.255 70 permit ip any any!interface Vlan10description DATAip address 10.104.10.1 255.255.255.0ip access-group VLAN10_TRAFFIC_FLOW outendThe problem is, from the above info, when I ping 10.10.0.5 from a workstation in VLAN 10, it should match rule 10, but instead if matches rule 50 (as shown by the 5 matches)