BigDeesDad

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 76 total)
  • Author
    Posts
  • Avatar
    BigDeesDad
    Member
    in reply to: CISCO 857W – No Internet Connection #366389

    Re: CISCO 857W – No Internet Connection

    Are you sure the Dialer0 subnet mask is correct? That is alot of addresses

    Avatar
    BigDeesDad
    Member
    in reply to: checking port mode #366388

    Re: checking port mode

    show vlan will list all the access ports

    show interface trunk will list the trunk ports

    Avatar
    BigDeesDad
    Member
    in reply to: Would Half-Duplex factor into EIGRP route selection? #366387

    Re: Would Half-Duplex factor into EIGRP route selection?

    Duplex settings do not effect the DUAL algorithm so the Passive route should have been via the 10Mb interface and not the T1 interface. EIGRP uses bandwidth/delay to calculate the cost with additional K values of load, MTU and reliability which are rarely ever used.

    The only reason I could think this would happen is that the 10Mb interface was not “up” because of a duplex mismatch error hence the only operating interface was the T1. When you changed to FD the 10Mb interface came “up” and DUAL recalulated the cost selecting this as the best route.

    Did you configure the “bandwidth” on the interfaces?

    Avatar
    BigDeesDad
    Member
    in reply to: Trouble Loading IOS on a Cisco Catalyst 2950 Switch #366386

    Re: Trouble Loading IOS on a Cisco Catalyst 2950 Switch

    If you have a copy of the IOS then you can XModem it across to the switch

    Avatar
    BigDeesDad
    Member
    in reply to: Cisco 857W Router and cannot connect to the internet. #366385

    Re: Newbie needs help with cisco 837 reconfigure – no internet access

    You have not configured NAT, try the following:

    interface Dialer1
    ip nat outside
    !
    interface BVI1
    ip nat inside
    !
    access-list 1 permit 192.168.x.x 0.0.0.255
    !
    ip nat inside source list 1 interface Dialer1 overload

    Avatar
    BigDeesDad
    Member

    Re: Cisco 857W NOT WORKING – DHCP NOT WORKING? – Please help

    You do not need to erase and put the whole config in again. If you just copy the lines below and then paste into your session it will make the relevant changes. Nothing else will be changed on your config apart from these lines. If you change the x.x.x.x for the relevant addresses i.e. DNS and static WAN this will be done too.

    You will need to be in global configuration mode i.e. (Router#)

    interface BVI1
    no ip access-group 102 in
    !
    no access-list 101
    no access-list 102
    !
    access-list 101 remark Traffic allowed to enter the router from the Internet
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip 169.254.0.0 0.0.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny icmp any any echo
    access-list 101 permit ip any any
    access-list 101 permit gre any any
    !
    interface Dialer0
    no ip address negotiated
    ip address x.x.x.x x.x.x.x (put ip address then subnet mask here)
    !
    ip name-server x.x.x.x

    Avatar
    BigDeesDad
    Member

    Re: Cisco 857W NOT WORKING – DHCP NOT WORKING? – Please help

    You have not amended the access-lists correctly this is the reason why DHCP is not working. Do the following:

    interface BVI1
    no ip access-group 102 in

    no access-list 101
    no access-list 102

    access-list 101 remark Traffic allowed to enter the router from the Internet
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip 169.254.0.0 0.0.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny icmp any any echo
    access-list 101 permit ip any any
    access-list 101 permit gre any any

    Avatar
    BigDeesDad
    Member

    Re: Cisco 857W NOT WORKING – DHCP NOT WORKING? – Please help

    Your ATM0 and Dot11Radio0 interfaces are “shutdown” so you will need to enable these.

    Access-list 102 is applied to the BVI1 interface which is denying everything so you will need to remove this.

    Access-list 101 is also denying all traffic from the internet so you should amend that too. 101 should look more like this:

    access-list 101 remark Traffic allowed to enter the router from the Internet
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip 169.254.0.0 0.0.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny icmp any any echo
    access-list 101 permit ip any any
    access-list 101 permit gre any any

    Avatar
    BigDeesDad
    Member
    in reply to: how to add encryption protocol cisco 2611 #366381

    Re: how to add encryption protocol cisco 2611

    Cisco does support MS-Chap v2 on IOS relase 12.2 and later.

    Have a look at the following link:

    http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/hmschap.html

    Avatar
    BigDeesDad
    Member

    Re: Newbie needs help with cisco 837 reconfigure – no internet access

    No probs mate, it happens to us all

    Avatar
    BigDeesDad
    Member

    Re: Newbie needs help with cisco 837 reconfigure – no internet access

    You have not configured access-list 1 so there is nothing to match against NAT source-list 1

    Avatar
    BigDeesDad
    Member
    in reply to: Isatap tunneling #366378

    Re: Isatap tunneling

    Check out this link for some info:

    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/prod_white_paper0900aecd805c54d0.html

    Avatar
    BigDeesDad
    Member
    in reply to: RIP – What I missed ? #366377

    Re: RIP – What I missed ?

    Looks like it is just a mistake when they were writing down the routing table. If you look at the config of R1, the routing table does not match any interface.

    Avatar
    BigDeesDad
    Member
    in reply to: RIP – What I missed ? #366376

    Re: RIP – What I missed ?

    If the routers can ping each interface then there is no problem with the routing, as confirmed with the routing table output below for R1 and R2. The outputs show only 2 routers?

    Sounds like you have not configured the default gateway of the PC. Check the folowing PC config

    IP Address: 192.168.4.x
    Subnet mask: 255.255.255.0
    Default Gateway: 192.168.4.2

    Avatar
    BigDeesDad
    Member
    in reply to: cleaning out all vlan config from 2950 #366375

    Re: cleaning out all vlan config from 2950

    env_vars is where the system settings are stored (MTU etc). You can delete this file and on reboot the system will be at default values.

    private-config.text is where the crypto private keys are stored. This file cannot be viewed but you can delete it.

    Avatar
    BigDeesDad
    Member
    in reply to: cleaning out all vlan config from 2950 #366374

    Re: cleaning out all vlan config from 2950

    The delete flash:vlan.dat should have been successful as long as the file has not been renamed from the default.

    Do a show flash and confirm the name of the vlan database before you try and delete.

    Avatar
    BigDeesDad
    Member
    in reply to: connect cisco 1841 to WIC 1T? #366373

    Re: connect cisco 1841 to WIC 1T?

    Take a look at the following link but a CAB-X21MT= is a standard 10ft DTE X21 cable

    http://www.cisco.com/en/US/products/hw/routers/ps332/products_tech_note09186a0080094b45.shtml

    Avatar
    BigDeesDad
    Member
    in reply to: Need advice on ppp config for Cisco 2600 #366372

    Re: Need advice on ppp config for Cisco 2600

    The Serial0/0 and Serial0/1 interfaces are shutdown.

    Have you configured the usernames and passwords? You will need to configure a seperate username/password for each bundle.

    Avatar
    BigDeesDad
    Member
    in reply to: Diffie-Hellman group #366371

    Re: Diffie-Hellman group

    Yes your policies need to be the same at either end of the VPN or the IKE phase 1 will fail and DH group 2 is the default value.

    Avatar
    BigDeesDad
    Member
    in reply to: Router on a stick and Nat on a Stick #366370

    Re: Router on a stick and Nat on a Stick

    Yes 100 hosts on a VLAN is easily accomodated if you have the interface capacity. As long as you are not using any applications that “broadcast” then you should be ok.

    Cisco recommend up to 1000 devices per VLAN if used with “normal” IP traffic, being non broadcast.

    Avatar
    BigDeesDad
    Member
    in reply to: Router on a stick and Nat on a Stick #366369

    Re: Router on a stick and Nat on a Stick

    I have never configured a proxy server but yes it sounds correct to me.

    As the proxy server would be on the same VLAN as the ADSL router, the internet access would be available. All other VLAN hosts would be able to access the proxy so they too would have internet access. You would need to configure each host to point to the proxy address for internet connections.

    It is a lot of extra work that could be solved by statics on the ADSL router. Would the owner of the ADSL router not configure statics on your behalf?

    Avatar
    BigDeesDad
    Member
    in reply to: Router on a stick and Nat on a Stick #366368

    Re: Router on a stick and Nat on a Stick

    Yes you could do that and all devices within VLAN 10 would have internet access.

    The only problem being that the internet traffic would trombone up and down the switch-router link.

    Internet traffic from the hosts will be sent to the default gateway (2600) which will then pick up the default route to 192.168.1.1 (ADSL) and then get routed back into the LAN.

    If you did this then you could create a Proxy server within VLAN10 and then the other VLAN hosts could point to this Proxy for internet access

    Avatar
    BigDeesDad
    Member
    in reply to: Vlan Question on Cisco Switches #366367

    Re: Vlan Question on Cisco Switches

    Inter-vlan traffic will still be sent via the router being the layer 3 device.

    The VLAN access list will work on the 3500XL but you may have to upgrade your current IOS if the commands are unavailable.

    Avatar
    BigDeesDad
    Member
    in reply to: Router on a stick and Nat on a Stick #366366

    Re: Router on a stick and Nat on a Stick

    You have a default route from the 2600 to the ADSL router but it sounds like you do not have a return path.

    The ADSL router is directly connected to the 192.168.1.0 subnet but it has no knowledge of your VLAN subnets.

    On the D-Link ADSL router configure static routes to the 192.168.101.0, 192.168.102.0 and 192.168.103.0 subnets with the next-hop of 192.168.1.2

    Avatar
    BigDeesDad
    Member
    in reply to: Router on a stick and Nat on a Stick #366365

    Re: Router on a stick and Nat on a Stick

    Your D-Link ADSL router should provide all the NAT functionality.

    Do you have a default route configured, pointing to the D-Link router? Can you post your config?

    Avatar
    BigDeesDad
    Member
    in reply to: Vlan Question on Cisco Switches #366364

    Re: Vlan Question on Cisco Switches

    A great learning route for ACLs is the CCNA Security exam becuase it is in-depth across the whole security spectrum and focuses a lot on ACLs. If you want to do the exam then you need a valid CCNA first.

    To configure VACL you can do the following:

    Create access list to allow specific traffic:
    Cat3550(config)# access-list 100 permit tcp any host 10.1.1.2 eq telnet



    Create access-map to link ACL with forwarding action:
    Cat3550(config)# vlan access-map ALLOWTELNET 10

    Cat3550(config-access-map)# match ip address 100
    Cat3550(config-access-map)# action forward
    Apply access-map to VLANs:

    Cat3550(config)# vlan filter ALLOWTELNET vlan-list 1-100

    The above configuration is an example to permit telnet traffic to 10.1.1.2 using an access-map called ALLOWTELNET with sequence number 10 and ACL 100.

    Avatar
    BigDeesDad
    Member

    Re: Seek general advice – how to keep internet connection active (800 series)

    Instead of “reload” you can just “shutdown” the Dialer0 interface which will disconnect your PPP session and then “no shutdown” the Dialer0 interface to re-establish.

    This will be much quicker than a reload.

    Try configuring a keepalive value on your Virtual-Template interface.

    Avatar
    BigDeesDad
    Member
    in reply to: Last Login #366362

    Re: Last Login

    show user” will only detail the current users logged into the device, it will not show any previous user activity.

    Tehcamel is correct, if logging is not configured then “show run” is your best bet.

    Avatar
    BigDeesDad
    Member
    in reply to: Vlan Question on Cisco Switches #366361

    Re: Vlan Question on Cisco Switches

    Just configure ACLs as per your requirements and apply them to the relevant VLANs

    Avatar
    BigDeesDad
    Member
    in reply to: Cisco 1710 behind Adit600 from windstream #366360

    Re: Cisco 1710 behind Adit600 from windstream

    What exactly do you want to do? You don’t need an ACL if you want to provide static NAT.

    You have 5 public IPs but i take it you have more than 5 private hosts that wish to access the internet so it will be better to config NAT overload.

    Delete your NAT and ACL configuration and use the following:

    You have already got the inside/outside interfaces
    Router(config)# int fastethernet0
    Router(config-if)# ip nat inside
    Router(config)# int Ethernet0
    Router(config-if)# ip nat outside

    Set NAT pool of allocate public addresses
    Router(config)# ip nat pool PUBLIC *.*.56.66 *.*.56.70 prefix-length 28

    Configure ACL to allow LAN hosts (amend as you wish)
    Router(config)# ip access-list 10 permit 10.0.0.0 0.0.0.255

    Tie ACL to NAT pool
    Router(config)# ip nat inside source list 10 pool PUBLIC overload

Viewing 30 posts - 1 through 30 (of 76 total)