I have a Cisco 886G i have configured a fallback mechanism. i did this with a sla track. You can see this in the config below. Bij the problem is that i can't get internet to work when connection is in fail over state. it fails over to Cllular0 and i can ping from router to the internet. that works fine but when i want to use the internet from one of the pc's is doesn't work. i traced it to nat. there seems to be that only one ip nat inside source .... when i change this one from dialer0 to cellular0 i have internet on the computers.how can i configure multiple ip nat inside source... rules or is there an other way to accomplished this?
we are testing WLC v7.4 in our lab. The AP joins fine but when we try to move it to another WLC running 7.2 (simulating a fall-back plan if there are issues with the 7.4 code), it fails saying image not found.
I have ACS 5.1 configured to authenticate users based on Active Directory. I have configured wired 802.1x too, with machine authentication enabled on ACS.When I login with credentials that exist in AD, it works fine. Then I configured Windows Authentication to ask for credentials (popup window). But I experience network disconnection when I login with a local account even though I entered correct AD credentials.I want to do the following: for an account that exist on the machine being authenticated (non-AD account), ACS should check its local database and reply with authentication success if it finds it, so the user is granted network connectivity.I heard about Identity Sequence in ACS. But I still don't see the right configuration,
I have an issue with AP Fallback not working with two Cisco 4402-50 WLC's. Here is the senerio:
Site 1 has a 4402 (WLC01) running software 7.0.220.0 with 48 associated access points. AP Fallback is enabled in Controller > General and all 48 AP's are set to Critical failover with WLC01 being the primary controller and WLC02 (at site 2) being the secondary.
Site 2 is the location of WLC02 which is also running software 7.0.220.0 but has 0 ap's associated and also had AP Fallback set to enabled.
Your typical active/passive setup
The problem is when WLC01 goes down all of the AP's fail over to WLC02, however when the connection is restored to WLC01 we have to manually reboot each access point in order for them to reassociate back to the primary controller. Isn't AP Fallback enabled suppose to allow the AP's to move back to the primary controller once connection is reestablished?
We have both ADSL2+ and Cable broadband and wish to have them both connected to and accessible on the same network, possibly linked by using the WiFi modem-routers or by adding redundant WiFi modem-routers in bridge mode.The object is to have a seamless each-way fall-back as both broadband feeds have been unreliable in the past, sometimes for weeks at a time and this has had a destructive influence on concurrent college, uni courses and various pocket-money commercial interests.The current situation is to have two separate wired networks running at 100/1000 with limited WiFi access for laptops and mobile device access.All clients would effectively be part of the same workgroup but with a possible future dmz to a small dynamic dns server for non-business convenience and test use. (HTML, PHP, MySQL website development exercises etc.)At present, there are no significant internal security issues within the firewalls provided by the existing modem-routers and there is no significant budget.
I know the way to configure the ASA to fallback to LOCAL authentication, if the Radius server is not available.
Now we would like to authenticate the local users, if the user is not found in the AD. Is this possible and how can I configure this with the new policies? I tested it with "dropping" when the user is not found in the AD, but then the Radius server will be marked as "dead" and the other AD users can't login for a given period. Maybe we can configure the dead time to 0, but this is not as nice it could be.
I'm deploying a Cisco Mesh infrastructure using WLC 7.2 version and 1552 APs.
This Mesh APs will be connected in the Light Pole and the RAP will be connected to the SP Switch located in this same Pole.
The MAP will be powered using Pole source power and will be connected to the RAP over 5.8 Bach haul.
My Customer asks if is possible that in case of SP Switch lost the connectivity to the Backbone IP, the RAP can connected to another RAP and maintain the connectivity to the Backbone over the Air, like REPEATER FALLBACK mode in Autonomous version.
For that I thinking to change the role of the RAP APs to "MAP with UTP Cable", but I'm not sure that a MAP AP with CAPWAP tunnel over UTP Cable can provide a Down link Backhand to another MAPs. That is possible?
I'm trying to test fast roaming using a Cisco 2100 Series controller and 2 1140 APs. The initial authentication succeeds fine and the wireless connection works ok using WPA2+CCKM and LEAP with a Cisco ACS radius server.The problem is that the client does not attempt to preauthenticate with the other AP because the RSN Capabilities IE in the AP beacons and probe responses do not set the RSN Preauthentication capable bit. I can't figure out what it takes to get the APs to indicate to clients that it can do preauthentication. I'm been crawling through all the documentation I can find, to no avail.
We are about to share a 10 MBit ISP connection with 2 others companies, and they are going to split the bill up into 3,3 and 4 Mbit, so we where thinking that we could setup a switch before their and ours router and provide them with a static IP from our ISP. But is it possible to set a bandwidth limit on the ports of a Cisco Catalyst 2960-8TC, so that we can set a limit of 3,3 and 4 on 3 ports.
I want to PAT my project of WLAN and i attached the document, how I create the Testing Criteria of the said scenarios, PAT document includes WCS 7.0, WLC 5508, MSE 3310, Cisco AP 3502e and ACS 4.2.
I have 7 POE switches that have ESI IP phones attached. I have two VLANS, 1 and 2. VLAN 2 is used for voice and is defined in each switch.The ESI IP phones connect to my POE switch ports and the pc attaches through the ESI IP phone.
I have had voice quality issue between floors in my building. Talking to others on my floor via the IP phone, there are no voice quality issues. [code]
I am looking at a config on a 5550 FW, and am trying to make sense of the syntax of the following rules. I have been to the Cisco site, but can't find much on the syntax.
I currently use a device called the Access Enforcer which runs OpenBSD. I have 3 stable, working VPN tunnel's where the other side's device is a Cisco ASA 5520 or 5540. I was setting up my 4th VPN where the other side used a Cisco ASA 5520 and ran into issue's. The Cisco side can bring up the tunnel. Once the tunnel is up each side can talk to the other side. However, when the tunnel is dropped, the OpenBSD side cannot bring up the tunnel. The error received is on the OpenBSD device is "isakmpd[29581]: transport_send_messages: giving up on exchange from-XX.X.X.0/24-to-XX.XXX.XXX.240, no response from peer XX.XX.XXX.141:4500". I have been trying to figure this out for weeks now and can't seem to find the cause.
I am trying to configure a 3750G that has been sitting on the shelf for several months and am getting the following error -
% Error: Unable to create flash:/microcode_update% Error: It must not already exist
Normally, getting an error during POST isnt a good thing. My first thought was that flash was corrupted or flagged RO somehow. I did fsck flash: with no change. I next tried fsck /test flash:. It tested 77 blocks and performed 0 erasures. It had been running for about 15 minutes with no problems reported so far. Multiple reboots of the switch still report the same error.
I have reviewed the history of what I have done on this switch and finally think I found the problem. I noticed a microcode_update directory that I am not used to see on a 3750. Deleted the directory using the rmdir command and rebooted the switch. On reboot, I noticed that a front_end/ directory was listed as being created as well as fe_type_1 and fe_type_2 were created. The switch now boots up without any errors.
I have two Cisco Aironets 1401 connected to a Cisco Catalyst 3560 Switch. When users log onto the Wifi the APs authenticate with a Freeradius that then authenticates with LDAP.
Recently users have been getting kicked off of the network but I'm not sure why.If so how do I set these APs to roam with my setupd?For all I know there could be an issue with the switch I'm just not sure where to start when it comes to troubleshooting this issue.
Guys I am using a cisco 2911 router with three interfaces: Gi0/0 connected through a switch to all my servers and Gi0/2 which will connect to another server, and Gi0/1 is my outside interface connecting through a switch to two ISP's.I have webservers and Terminal servers/File Servers with 10.0.0.0 network address connected throught My Gi0/0 interface.Now I want to implement a Cisco Advanced firewall for security on my router using CCP.I want the firewall to work such that it allows external users to access the servers on Gi0/0 through ports 0,23,25,20,21,53, 110,3389. and to access the SIP server on Gi0/2. My issue is can i just create two DMZ's for both interface Gi0/0 and Gi0/2 without creating an inside zone and Gi0/1 as outside zone as my internal traffic is mostly server based and the users connect remotely through terminal server to access resourcess using RDP, secondly how do I open the relevant ports.I have checked alot and all I have seen is just basic process on using the wizard I have no idea how to go about this issue.
I bought a new cisco 3550 switch to prepare for my Cisco certification prepration. Actually i dont know how to connect the cisco switch to a laptop with only usb ports....... earlier i used to do my practise using Cisco packet tracer but i think for CCNP switch that is not enough thats y i bought second hand switch. how can i connect that switch with my toshiba laptop which has only USB ports. do i need to buy some sort of convertor or other hardware. And if so what does u call it and how much does it cost?
I am struggling to have my PPTP traffic to get routed through NAT to reach other Server LAN segment. I am using Cisco 2921 router as a PPTP server.This Cisco 2921 router is working as PPTP server and doing NAT also to reach Server LAN segment (LAN-B).My problem is after PPTP connection establishes I cannot reach any of the LAN segment, but after connecting PPTP I can browse Internet without any issue, but none of the LAN element is reachable. Please have a look on the configuration I am posting 2921 router configuration to suggest something, I have also attached the network setup for better understanding…Just to update Clients in LAN-A can access Internet as well as servers (LAN-B). [code]
I would like to know the IOS which supports :ACL Support for Filtering on TTL Value feature on my Cisco 7600 device. I check on cisco and found the Cisco 12.4T release but this software doesn't fit onto my chasis. which software should I upgrade to on my cisco 7600 to have this feature.
I have a cisco router I would like to reset the password for. Its the first password that is entered. for exampleUser access verificationPassword:I have changed the en password using this command:router(config)#enable secret cisco123 <---example password
I finally got the Site to Site Vpn from our corporate to remote site. Is there a way to connect a cisco phone over that network. Since both Voice Vlans are exempt from acl I would imagine all traffic is clear to go accross? and if so I just have to set the phone to our tftp/ccme. Will that work.
I want to create a user who only has access to "router>" prompt on the CLI. this user should not be able to do enable command and by no other means be able to go to global configuration mode. I know the command router(conf t)# username ABC privilege 1 password ABCPASS, but even with this command, this user gets privilege 15 access.
I have the CISCO 1800 and I have there the HWIC-2T. I have two questions.First is an easy one. I want to replace the HWIC-2T with HWIC-4T but the CISCO 1800 guide and the HWIC-4T guide says that they dont fit together but I inserted the HWIC-4T in to the CISCO 1800 it recognized him with all the 4 Smart Serial ports that it hase. The question is, how can I check if the CISCO 1800 supports the HWIC-4T?Second question is how can I configure one of the Smart Serials in the HWIC-2T/4T to comunicate with the X.25 Protocol? What I have now is at one end CISCO 1800 and at the other end CISCO 2800 and they are comunicating with each other throught one of the Smart Serials they have. I want to connect to each one of then an old pc that comunicate only with X.25 and I want this two computers to comunicate with each other throught those two routers.
We're currently evaluating Cisco Prime LMS 4.2.Something we've been trying to achieve for the past couple of days is to have LMS notify us when a Microsoft Host is Unreachable, and then to notify us once that alarm has cleared (the Microsoft Host is Reachable again).
We're at the point where the Microsoft Host was discovered, LMS incorrectly identified it as a Cisco Call Manager, so we changed it's identity to non-cisco device > microsoft host > microsoft host. LMS currently has the device listed as being in the 'Questioned' state. SNMP timeout has been set to 15 seconds, and the SNMP community is correct.
Being new to LMS Prime, and having not received any training on the product to this point, we turned to the admin guide, but we couldn't find anything that goes into detail for how to manage the notification for non-Cisco devices.
Is what we're trying to achieve possible with Cisco Prime LMS 4.2? We just want to be able to receive simple 'host unreachable' notifications for Microsoft servers, and the corresponding 'cleared' notifications once the server is back online.
I'm trying to understand CEF; I know it's used most commonly in layer 3 switches but that routers can also do it. The routers that support CEF must have special hardware I'm assuming? (Since CEF is layer 3 processes in ASICs) How can we check if a router is capable of CEF? Does anyone know a good link/graphic that shows how much faster CEF is than software-based layer 3 processes?
Basically, I have a network which has a LAN and a DMZ. I need to isolate a few servers and users from the LAN so I created a VLAN on the switch. I assigned it an IP address in a different subnet and assigned ports to the VLAN. Port forwarding is configured on the switch.For testing purposes, before this goes live, I connected a computer directly to one of the switch ports (ge4/5) and assigned it a static IP in that subnet, the gateway being the VLAN IP. I can ping the VLAN IP but I can’t ping the router or get to the Internet,I tried setting the gateway to the ASA VLAN interface (e0/1.4) with the same result.The 1st step is to get Internet access. The next step will be to allow access to the Exchange server on the LAN.There are many devices not shown on the diagram but the important ones are there.
Having a hard time getting Cisco phones to roam 'cleanly' in a Cisco unified wireless environment; Cisco 2504 controller with Cisco LAP1142n (lightweight) APs. The phone SSID is not broadcast and is using WEP encryption. The problem is that when the user is walking around the property, traversing from AP to AP in-call (external and internal calls), they notice the point at which the phone roams from AP to AP - it's literally two or three seconds of no sound and then the call resumes back again. Fast SSID change has been enabled, we've tried locking the SSID to 802.11a only, b only and g only but with only slightly better results when locked to B. We've lowered the client roaming threshold RSSI to -75dB from -80dB, this also yielded better results but still a couple of seconds gap exists. Cisco TAC came in on a Webex session earlier, changed a few QoS settings and advanced wireless settings on the controller, but to no avail. Wireless signal has been proven to not be an issue; several AIRMagnet PRO surveys have been carried out showing the signal throughout the property to meet the -67dB requirement.
I have the above router and use P2P program to download the odd TV series only thing is that when I'm using Tixati to surf on the same computer or any other computer on the network is very slow. To get around that I only use the P2P when everyone is in bed. Is there any way to limit the bandwidth that the program uses. Also not related to the above question but I have another RV042 in another location using VPN and a wireless router. Looking for all in one solutjon does not have to be a new router was thinking about SonicWall TZ 150.
Cisco's native client doesnt work anymore under Mac OS X 10.8.3 cause you can not boot the system in 32bit.The built in VPN client tough seems that connects and maintain the connection correctly It does not work..I cant navigate with the web browser. Checked the routing table and it looks it sends all traffic throug the VPN but no luck.With other VPN clients (Shimo) the same issue.Anyone is expert in VPN and Mac OS X?
