I apply extended ACL on my router cisco 1941, but it didn't work. So I tried to apply standard ACL, it's work. I'm not sure about my cisco 1941 IOS is support extended ACL. My cisco IOS is
Cisco CISCO1941/K9
c1900-universalk9-mz.SPA.151-4.M1.bin
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
data None None None
I have a sony bravia tv that has wifi and supports dlna. And I have a desktop in another room, running windows xp. Since they both connected to the same network, is it possible to use the tv as another screen for the pc?( duplicate the screen, whatever i do on the pc will be shown on the tv screen) I'm installing a software that might stream content from the pc to the tv, but then i'm not hoping too much on it because the tv seems to be very picky about fCPUile formats... so i figured somehow duplicating the screen would be best if all else fails i'll just hook up the CPU to the TV.
whether MTU sweep is possible in Brocade 7420B. This is used in Data Center and Sys Admins are refusing it . I wish to check path MTU between these two devices (including these devices) separated by transmission media (I own this). OR any other method to check path MTU in Brocade . I have allowed jumbo frames in all my DXCs.
I am trying to test the MTU between two 3750 switches I have in the lab. I've set the MTU with the command "system mtu 9000" on both switches and rebooted.
The only connections on the switches are the gig ports connecting the two switches. Each interface is a member of vlan 1.
I am doing an extended ping. I set the datagram size to 2000. When the df bit is set the ping doesn't go through. If the DF bit is not set the ping goes through.
The debug ip icmp shows, 4d00h: ICMP: dst (1.1.1.1): frag. needed and DF set.
Why is fragmentation needed when the MTU is set to 9000?
GigabitEthernet1/0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0015.2b7d.0d01 (bia 0015.2b7d.0d01) MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,
I've got a 7200 vxr that I'm trying to create a named extended access-list in.
I got to configure it if I go into ip after that the only commands available for access-list are log-update, logging, and re sequence.
so if I go back to the main config menu access-list is an available command
but then from the main config menu, if I type: access-list extended eth0_in it says invalid input detected at the carrot marker which is under the first character of the work extended.
also, at the main config menu, if I type: ip access-list extended eth0_in it again give me the invalid input detected at the word extended.
I don't understand what I am missing to get this to work.
I have a BT broadband connection with one of their BT Home Hub 2 routers. Within the house the wireless signal is fine, however I have an outside office in the garden which is just beyond the normal range of the wireless signal. I tested this by connecting using my DELL XPS Win7 laptop and walking from the house to the office and it lost the signal about 10 feet short!
Is there any way to extend the range of the wireless signal? I cannot use homeplugs as the office is on a different fuse box from the house.
The BT Home Hub 2 is an ADSL router using n technology.
I do have a spare Netgear N150 ADSL2+ wireless router, is there any way of using it to boost the range of the signal?
I have received a router from my isp and ive connected that router to my dlink 615 the computer connects to tIhat network but theres "no internet access" and sometimes its taking longer than usual also its showing 2 signals (1 from my og router and the other from the dlink router), also i cannot use my dlink router as the main router cause my phone line is connected to my isps router
I have created Different extended access-list which allow/block some specific services like IP,TCP,UDP ,ICMP etc for certain source and destination . But now I have to allow/Block all/any type of services to a certain host from a extended access-list . How can I do it ?
I'm trying to configure an extended access list on one AS5350XM but I get one way hearing on a voice calls and I can't determine why (please see the attached diagram). There is an OSPF running on both gigabit interfaces and the Loopback address is also advertised (it is actually the voip IP address). The access list is applied on both interfaces in the inbound direction. There is another gateway with IP:4.4.4.4 (no firewalls here) and the routing between gateways is working properly.
Here is part of the access list (applied on AS5350):
. . permit ip host 4.4.4.4 host 3.3.3.3 . .
When I review the log of the AS5350xm I see many errors like this one:
%SEC-6-IPACCESSLOGP: list example denied udp 3.3.3.3(16638) -> 4.4.4.4(18094), 1 packet
So how it is possible to see this error since the access list is in inbound direction and the IP address (4.4.4.4) is open. I don't have problems when I do telnet or ssh from 3.3.3.3 to 4.4.4.4.
I have a N750Db router along with a Dual-band wireless range extender. It works great, but it created two new networks with "_xt" at the end of the SSID to denote the extended networks. This means I have to disconnect/reconnect to the base/extended networks as I move around my house. If I were to rename the extended networks to have the same SSID as the base networks, would that allow me to walk around my place without having to connect to the extended network, or will it create some sort of conflict or error?
I'm trying to add an access-list rule to allow internal servers to connect an outside host on a asa 5540. The hostname translates to multiple ip's. Normally I just lookup the ip address or one of the ip's the hostname translates too and use that in the access-list as the host. For some reason the actual ip's, which are a few, are not always available so using a specific ip sometimes does not work, thus the reason I have to use the hostname instead of the ip. I have 2 hostnames. www.hostname.com and subdomain.hostname.com.
This is how I normally add these rules (the ip addresses are fictive): access-list internet_access extended permit tcp host 192.168.50.5 host 84.115.57.121 eq www log
When I try to add this using the hostname on our asa I get an error: access-list internet_access extended permit tcp host 192.168.50.5 host www.hostname.com ?ERROR: % Unrecognized command
I've tried it without the 'www', so hostname.com but same error.
I was wondering why can't we no longer use the multiple ports within an extented ACL like I use to do it in a CAT3750E.I have IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.02.00.SG.I wanted to create an ACL like so [code] But when I do, it tells me that I cannot do it.... I can only add 1 tcp port to my ACL line. I tried to search the "object-group" concept also but it's not implemented in this IOS.Can this be done in IOS-XE ?I'm migrating my enviroment from a CAT3750E stack to a C4510-E.
We have a 3560 switch running IOS universalk9-mz.150-1.SE3.bin.Recently, we saw two problems with this switch:-
1. if we try to enable subinterface on any routed interface , for eg. gig1/1, it says invalid input detected. It doesnt accept encapsulation command also. Following was done to enable subinterface:
int gig1/1 no ip address int gig1/1.2000 ip address 1.1.1.1
under the gi1/1.2000 subinterface, it doesnt present the option of ip address.
2. we created a layer 2 vlan 2000 like: vlan 2000 When we do an exit after creating this vlan , it gives following error:-
%SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 2000: extended VLAN(s) not allowed in current VTP mode
We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
! radius-server attribute 44 include-in-access-req radius-server attribute nas-port format d radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard
[Code]....
How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN
I couldn't found out any info ((( for radius-server attribute 61 extended
I tried to extend the Range of the Guest WLAN of the E2000 with several different Access Points vom TP-Link. (Last try: TL-WA901D) The Access Point recognises the WLAN and sometimes it has a connection for a short time. But then the whole WLAN is breaking down, sometimes the Router E200 hangs up, also with the LAN connections. The E200 is connected to a sky-DSL Router and works fine when no additional access point is connected. In the web-Interface of the E2000 I cant setup any specific Guest-WLAN settings.
We have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it. The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command. So we implemented a MAC Access-List Extended ACL. Here is what we did
mac access-list extended BLAH permit #host 0000.XXXX.YYYY any interface range fa 2/5 - 20 mac access-group BLAH out
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20. We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening. The TUT devices are learning about MAC addresses that are on other TUT devices.
I am trying to write an extended ACL for the voice vlan.My scenario is the following:I have two PBXs with two Catalyst 4505 L3 switches.The C4505 are connected trough a trunk link.I have a VTP domain configured.
Voice VLANs are Vlan 100 and Vlan 101 with networks 10.2.0.0/16 and 10.4.0.0/16 Voip telephones are communicating between them self and everything is working fine.I want to secure both voice VLANs with an ACL to allow only couple of IPs to administer the phones.The PCs are connected trough a integrated switch via VOIP telephone.Here is the sample configuration of the dhcp pool for the PC VLAN:
ip dhcp pool PCs network 10.1.0.0 255.255.0.0 default-router 10.1.1.1 dns-server 10.10.10.1 option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0064.0000.0000.00ff
I had to implement the 43 hex option because the PCs did not get the ip from the DHCP because of the vendor specific information.The thing that worries me is will the DHCP forward the ACKs for the PCs if I implement this test ACL:
ip access-list extended VLAN100 permit ip 10.2.0.0 0.0.255.255 10.4.0.0 0.0.255.255 permit ip 10.4.0.0 0.0.255.255 10.2.0.0 0.0.255.255 permit ip 192.168.2.0 0.0.0.255 10.2.0.0 0.0.255.255 permit ip 192.168.2.0 0.0.0.255 10.4.0.0 0.0.255.255 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps (this I am not sure do I need) permit udp host 255.255.255.255 eq bootps host 0.0.0.0 eq bootpc (also this) deny ip any any
I only want to allow the network 192.168.2.0/24 and maybe some other hosts to access the web based http gui to adiminister the IP phones.All PCs are connected trough the VOIP terminals. I do not want to deny the traffic to PCs.
Is there any chance the Wireless Repeater mode work with WPA2-AES ?If not, which model of AP should I buy to connect it with my wap54g as Wireless Repeater?
As mentioned this works fine but I'm about to setup a point to point VPN with from the above Cisco to another site which isn't controlled by myself and the remote side of this point to point VPN will only allow connections from the "172.16.1.0" subnet to communicate with it.
The issue I have is that the Cisco VPN clients also need to communicate with the remote side of this point to point VPN but they are obviously coming from the "192.168.5.0" subnet. Is this possible and where to start with this that would be fantastic.
I have a problem with my routers (cisco 1941)I'm running a DMVPN network (Hub and spoke)All the hubs are connected to the 2 hubs. With 4 tunnels. (each hub has 2 interfaces to the spokes. the spokes only have one interface to the hubs, so I splitted them and so I now have 4 dmvpn tunnels). one of the interfaces on a hub malfuntioned and because of that the customers had problems with logging in and sending packets. I made this kind of structure because of when one of the tunnels failed the spoke could use the 3 others... BUT, what happened here was that the spoke still tried to use all 4 of the tunnels and because of that I had 25% package loss!So this didn't work. Now I read about IP SLA, but I was wondering of this could work? (I cannot test it on spare routers, and I don't want to implement it and risking a total network failure...) and how to configure it. Should I make 4 different sla processes which I should all 4 track? And when I make the ip routes, how should I make or configure it so that 1 of the tunnels/interfaces fails that the spoke would addapt the routes?
I'm trying to get two Cisco 1941 routers with HWIC-1T and HWIC-3G-HSPA interfaces to use the 3G interfaces if the frame is down (as it is right now).In the lab, I was not able to get these to use the 3G interfaces as a backup (i.e. backup interface cell 0/1/0) and I've not been able to workout the correct incantation for static routing either.
kununurra#show ip int br d1 Interface IP-Address OK? Method Status Protocol Dialer1 172.31.2.94 YES IPCP up up
I have been breaking my head over a problem with my new 1941W ISR since about two weeks now.When I restart the router, the service-module wlan-ap0 is not working.After a restart of the router, when I ask a service-module wlan-ap2 status, I get:Service Module is Cisco wlan-ap0Service Module supports session via TTY line 67Service Module is waiting for registration messageService Module reset on error is disabledService Module heartbeat-reset is enabledService Module is in fail openService Module status is not available
After a while it changes to Service Module is failed.If I restart the module with service-module wlan-ap2 reset, it works. Is this a technical error?
We bought a CISCO1941 K9 router. To enabled IPSec feature, I need the PAK to active IPSec on 1941. Where I can buy a valid PAK? Could it be done via on-line support?
I have tested using some UDP packet sending/receiving software (which works through another router), and the packets just aren't getting through. Likewise trying to telnet into the external IP on port 80 doesn't get through to the destination server.
It feels like the route doesn't exist between the Vlan 100 and Vlan 2 when it's coming in, or maybe there's an ACL needed for the incoming traffic?
We have a Cisco 1941 Router with two single HWIC cards supporting two T1 lines 3Mbps total bandwidth. We have a distance learning lab that takes atleast 2mb connection when in use so it realy kills our bandwidth. I was looking to possible add a thrid T1.
My question: Can I just buy a double wide HWIC card and replace the single port one. Would this require re-configuration or it's simply plug n play?
What other options can I try for more bandwidth instead of adding thrid T1.
I've got some 1941 ciscos set on every branch.We have native L2 between this offices and I want to use external ip addresses on gig 0� interfaces anfdf local ip addresses on lo 0 interfaces, and use lo 0 for vpn connections.
I do:
int gig 0/0 ip add 192.168.181.14 255.255.255.0 ip nat outside
I can ping it from local network behind giga 0/1 but i can't ping it fro outside, how can i do this?
I have recently gotten a cisco 1941 router running version 15.1(3)T, and am trying to configure the router as a PPPoE server for access via a vlan on one of the gigabit ethernet ports.I currently have a cisco 2620 router (version 11.3(2)XA4) with the following relevant configurations:
I am trying to duplicate this (all but IP addresses) on the new router, but there are some options that do not seem to exist in this particular software/hardware combination. Specifically,
vpdn-group pppoe accept-dialin protocol pppoe
does not accept "pppoe" as a protocol, only allowing l2tp. What has changed, and what the proper configuration is.
