ACS sends NetBios broadcasts
Hello
We have two devices ACS and they send a large number of NetBios broadcasts. Why they are sent (are they necessary) and is it possible to disable this?
Thanks in advance and best regards
Dominic
If your ACS a version 4.2 device there is a bug that identifies this problem, it is not yet fixed I would advise you to subscribe to this bug to get updates as to when it will be fixed:
Tags: Cisco Security
Similar Questions
-
Authentication ACS 16:01
We have an existing servers Cisco ACS 4.1 ha deployment wireless with 802 user authentication. 1 X against AD. We are seeking to remove a number of former DCs in the near future. Before retiring from the DCs, I want if ensure no authentication request is not sent to them. Since the interface of GBA, I can't determine what DC IP / host names GBA points to. Within databases users Exernal-> Database Configuration-> database Windows, I see no mention of the server ip address / host name. I ran through the configuration he guide but have not seen any place where you enter the information either. Is it possible that the IP addresses of the servers DC may also be stored in a file of configuration on the server itself? Are there any suggestions short of performance capture wireshark to/from each of the domain controllers to see if authentication requests from the ACS servers? Any advice or suggestions would be appreciated.
From the perspective of the ACS, this may be because it is not under the control of the AEC to choose the domain controller. ACS sends the user credentials to a database of Windows by passing the user credentials for the Windows operating system of the computer running ACS for Windows or the remote agent Solution engine. The success or failure of the ACS authentication request Windows database.
You can refer to the link listed below:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_ser....
2/user/guide/UsrDb.html#wp353547If you run ACS on windows you have a freedom to use the lmhost windows file.
The final goal to ensure communication with specific domain controllers, on the member server running ACS, configure an LMHOSTS file to include entries for each domain controller that must authenticate the ACS. The format of an LMHOSTS file is very special. Make sure you understand the requirements of configuration of the LMHOSTS file. For more information, see:
-Microsoft.com: LMHOSTS file
-L' sample LMHOSTS file is provided with the Windows operating system.
The default location and name of the file of the sample is
SystemRoot > \system32\drivers\etc\lmhostsFor more information, please see the below listed doc
http://www.Scribd.com/doc/50262863/345/using-the-Lmhosts-fileNOTE: In order to check what domain and ACS DC trying to connect, check auth.log when complete the value of logging.
I hope this helps.
Kind regards
Jatin kone
* Make the rate of useful messages *.
-
ACS wireless authentication failed
Greetings,
We have recently migrated to IAS in Windows to Cisco ACS 5.2.0.26 for our wireless authentication and use PEAP-MSCHAPv2 hit AD. Everything seems to work fine except when a user account has a restriction on which machines they are allowed to connect to, date to which an ACS journal entry shows as follows.
24441 account not allowed to log on by using the current workstation
This was work properly when we were using the IAS server and I think ACS is not just pass the attributes required at this time. All know how what extra configuration may be needed in ACS to support this configuration?
See you soon,.
Rob
Sounds like you have enabled computer authentication. In the case of ACS wireless can get the names of the authentication request machine. With this strategy/limitation defined in Active Directory to apply the restriction of user login then ACS will have to provide a name of host machine for each request that it send to Active Directory. As it has already set up it is not possible for the CSA to know the name of the actual machine of the authentication of the user, ACS sends a default name for the machine its own name with each request to AD. On the ad, we create a computer by name of ACS account and then allow all users to connect to this computer. This way ACS is allowed to authenticate all.
If please see Add GBA as a computer account on the ad with the same host name and see if helps.
Rgds,
Jousset
The rate of useful messages-
-
802. 1 x with dACL - prefix of an invalid attribute: "ACS."
Dear all,
I spent half an update to fix this problem without success, I hope you could help me.
I configured a simple solution of 802. 1 x on a PC driver who must authenticate through PEAP-MSCHAPv2 users against my user database internal GBA.
Version of the switch:
Model number: WS-C3750V2-48PS-S
Software: c3750-ipbasek9 - mz.122 - 52.SE.bin
ACS:
C1121 with version 5.3.0.40
The problem occurs when the ACS sends within the radius Authentication accept packet the following attribute:
Cisco-AV-pair=ACS:CiscoSecure-defined-ACL=#ACSACL#-IP-auth-4eb90704
On the side of the switch, I see the following debug log:
002558: 8 Nov 14:31:35.586: % AUTHMGR-5-START: start "dot1x' for the client (0022.680b.da7b) on the Interface Fa1/0/1 AuditSessionID AC1FFE4E0000003105BCDE19
002559: 14:31:35.703 8 Nov: AAA/ATTR: prefix of an invalid attribute: "ACS."
002560: 8 Nov 14:31:35.703: % DOT1X-5-FAIL: failure of authentication for the client (0022.680b.da7b) on the Interface Fa1/0/1 AuditSessionID AC1FFE4E0000003105BCDE19
002561: 8 Nov 14:31:35.703: % AUTHMGR-7-RESULT: result of the "dead server" authentication of 'dot1x' for the client (0022.680b.da7b) on the Interface Fa1/0/1 AuditSessionID AC1FFE4E0000003105BCDE19
802.1 x switch associated config:
GLOBAL:
Group AAA dot1x default authentication RADIUS
Group AAA authorization network default RADIUS
start-stop radius group AAA accounting dot1x default
RADIUS-server host 172.31.254.140 auth-port 1645 acct-port 1646
RADIUS-server host 172.31.254.141 auth-port 1645 acct-port 1646
RADIUS server key 7 123415ASFASFAS55512
RADIUS vsa server send accounting
RADIUS vsa server send authentication
analysis of IP device
IP access-list extended by DEFAULT, ALL
allow an ip
SPECIFIC PORT
interface FastEthernet1/0/1
Description model Port 802. 1 x
switchport access vlan 244
switchport mode access
IP access-group by DEFAULT, while
authentication event fail following action method
open authentication
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
MAB
dot1x EAP authenticator
dot1x tx-time 10
end
Next to the ACS authentication ends successfully, but for some reason, the switch cannot understand attribute was sent by the ACS:
Why Authentication translates as 'server-dead?
Hereby, I have attached the authorization profile, the downloadable ACLs and the detail of the RADIUS authentication for the request...
Any idea?
Thank you very much!
Yes, I came across the same issue and ended up as a bug with the 3750
CSCtj28883 dACL attribute the parsing failed when debug "author of aaa" on
Description is
The DACL processing fails when the following debug settings are turned on.
1 debug aaa attr
2 debug aaa authorization
The same works very well when they are turned down. Set the switch of newspaper.
I believe has been resolved in version 3750-Build 12.2 (55) as to the next note, attached to the bug as proved to be irreparable on later constructions
The issuer has confirmed that the bug is not seen on the image of 55SE.
The issue is only seen in 53SE
can also try and switch debug off
-
9.1 ASA + ACS 5.4 SSL Web portal bookmarks according to the ad group.
Hello.
Having some problems with ssl vpn on ASA 5515-X.
I have ASA (9.1) connected to the web portal without client ssl ACS (5.4) and set up mobile client anyconnect. ACS also have connection to Active Directory.
So he has set up this group AD users, for example, the VPN_clients connect via the anyconnect client or no client via SSL web page. And it works very well.
My goal is to make different bookmarks portals SSL (in terms of strategies of different group ASA) according to the users AD Group.
For example: I have 3 groups in AD: VPN_admin, VPN_Finance, VPN_Logistic. I want that the users in the group after authentication to SSL web portal would see only their own bookmarks available only for their group.
As I inderstand once ACS authentication process must respond to ASA which the user consist of ad groups and ASA should choose the group policy right for the user, but I have no experience how to do that?
Hello Ivan,.
You're right, ACS can leave the ASA what group policy is to assign based on the RADIUS of the 25 attribute.
Measures on the ACS:
1 - definition of ad groups:
2 set the authorization profile tab elements of the policy:
3. create the policy and authorization access criteria:
Then, on the ASA:
1 create a group policy and name it.
2. through the ASDM, create and assign bookmarks to this group policy.
3 - once a user authenticates, the ACS sends 25 attribute, which contains the string 'OU = it'.
4 - ASA seeks group it strategy and assigns it to the user's session.
Let me know if you have any questions.
HTH.
Please note all useful messages.
-
Hello
I need help on the utility of message Boroadcost. Message from Boradcost that I try to run it in the background, it works very well in Production. If I try to work on QA with the same syntax that it does not work.
Please find the below syntax I used.
BroadcastMessage.cmd - f: passwordFile.txt localhost < application name >, < message >; admin.
Location: E:\Hyperion\products\Planning\bin
The passwordFile contains the password encrypted, generated by another utility of planning.
Even I do not get any kind of error on it. It is said that it is executed. but the user does not receive the message... in QA. We use the 11.1.3 version...
Please, help us to check any kind of scanario...
Thank you
Suresh
Edited by: user13124234 11 July 2010 23:56
Edited by: user13124234 11 July 2010 23:57Have you tried to send msg broadcast from inside the planning application. Tools-> broadcast message. Try this.
-
Impossible to establish a VPN between AG241 and WAG54GP2 tunnel
Hello
This is my first post on this forum and I send my best regards to everyone!
I signed up because I have a problem with establishing a VPN tunnel between an AG241 modem/router and a modem/router WAG54GP2 with wireless and VoIP.
The scenario is simple: both ends have dynamic IP, so I set up an account with dyndns.org for both routers.
WAG54GP2 has 192.168.1.1/255.255.255.0 AG241 has 192.168.3.254/255.255.255.0 IP and IP.
In both routers, I turned block anonymous internet requests, so I can ping both routers.
This is the configuration of WAG54GP2:
VPN Passthrough
IPSec PassThrough: activate
Intercommunication PPPoE: activate
PPTP PassThrough: enable
L2TP PassThrough: enableIPSec VPN tunnel
Select the Tunnel: 1
VPN IPSec tunnel: enabled
Tunnel name: OfficeLocal security group:
Subnet
IP: 192.168.1.0
Mask: 255.255.255.0Local security gateway: PVC 1 (ppp0)
Remote secure group:
IP: 192.168.3.0
Mask: 255.255.255.0Remote security gateway:
IP Addr.
The remote router's public IP address IP address: w.x.y.z.
Encryption: THE (I also tried 3DES and disabled)
Authentication: SHAKey management:
Auto. (IKE)
PFS: enabled
Pre-shared Key: the password I chose
Life key: 3600 Sec.Advanced settings
Phase 1
Mode of operation: main mode (I also tried aggressive mode)Proposal1
Encryption: A
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Proposition2
Encryption: ESP_NULL
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Another parameter
NAT traversal not verified
NetBIOS broadcast Checked
Anti-reponse not checked
Keep-Alive not verified
If IKE 5 times failedmore
Not checkedThis is the AG241 configuration:
VPN Passthrough
IPSec PassThrough: activate
Intercommunication PPPoE: activate
PPTP PassThrough: enable
L2TP PassThrough: enableIPSec VPN tunnel
Select the Tunnel: 1
VPN IPSec tunnel: enabled
Name of the tunnel: user 1Local security group:
Subnet
IP: 192.168.3.0
Mask: 255.255.255.0Local security gateway: PVC 1 (ppp0)
Remote secure group:
IP: 192.168.1.0
Mask: 255.255.255.0Remote security gateway:
AnyKey management:
Auto. (IKE)
PFS: enabled
Pre-shared Key: the same password I put on the WAG54GP2
Life key: 3600 Sec.Advanced settings
Phase 1
Mode of operation: main mode (I also tried aggressive mode)Proposal1
Encryption: A
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Proposition2
Encryption: A
Authentication: SHA
Group: 768 bits
Life key: 3600 sec.Another parameter
NAT traversal not verified
NetBIOS broadcast Checked
Anti-reponse not checked
Keep-Alive not verified
If IKE 5 times failedmore
Not checkedWhen I click on Connect the WAG54GP2 router, do not access and in the newspapers, I see:
2009 07-30 T 16: 16:10 + 01:00 IKE ["Board"] Tx > MM_I1: SA w.x.y.z.
2009 07-30 T 16: 16:20 + 01:00 IKE ["Board"] ERROR: message w.x.y.z. port 500: connection refused
If I use the dynamic FQDN instead of the dynamic IP (w.x.y.z.) change of message for:
2009 07-30 T 16: 46:16 + 01:00 IKE ["Board"] ERROR: problem of remote domain name Security Gateway!
Is there someone who could help me build this tunnel?
A big thank you to everyone who will help me!
Cinghiuz
If you are Encountering difficulties connecting to the VPN Tunnel using a router ADSL modem you should see this
Also, make sure that you have the latest firmware installed on your entry door and change the MTU setting...
-
Wake on LAN (WOL) through different VLAN on SG-300-10
Hello
I try to get WOL working through different VLAN on a Switch SG-300-10 in layer 3 Mode. To achieve this, I set up a UDP relay (GUI menu Configuration IP) for UDP Port 7 to 255.255.255.255 (this should inundate all interfaces with the package), however, does not work WOL in different VLANS. When I am connected directly to the VLAN corresponding, WOL works fine in the same subnet. Am I missing something here?
All comments appreciated!
Thank you very much!
Hi Romeo,.
A few minutes to try it on my SG300 - 10 p mode layer 3.
My NAS unit is capable WOL and I thought I would use it in my test environment...
Ran a basic test to check my sender of packet Magic from my PC "awakened" my NAS unit.
As you would expect, on the same subnet, the magic packet WOL caused my NAS unit to power, no problem.
But this isn't really the test, just a test database to check that my sender of the packet magic WOL and NAS was working well.
The screenshot below shows WOL software I used on my PC. Why use this software, no reason except that it was available for free. Also, I'm sure other WOL software out there for different platforms that work just as well or with more features.
First of all, I see according to your question, you used relays UDP destination port 7, well it is the default setting on the UDP relay on my switch.
I wonder why you used or stayed with destination UDP port 7, because the Magic packet mailers may use different destination UDP ports?
I had to use wireshark to see the real destination UDP port that uses my sender of the magic packet WOL.
Notice of capturing wireshark above, that my magic packet software uses the UDP port destination 9, NOT the default value that you can see on the switch. Ignore what wireshark labels this port.
OK, I then created a VLAN that I named "VLAN2' with a = 2 VID on my SG300 - 10 p (SRW2008P-K9-NA)
I added a 192.168.2.1/24 IP interface to VLAN2, which is a different network from the default VLAN.
I then added three ports this VLAN newly created as a member untagged VLAN2.
The default VLAN (VID = 1) an IP network 192.168.10.0/24.
My NAS (WOL capable) unit has an IP address of 192.168.10.61.
I plugged my PCt to the vlan 2 and statically assigned 192.168.2.2/24. It is the PC that has the magic package software.
I added a route static to my router WAN, just so that I could access the router my PC attached to the VLAN2 WAN.
I tried the magic packet WOL software and will not turn on my NAS. He expected that the magic packet broadcast would never jump over a limit of LAN in one VLAN different...
Now, I tried to install a UDP relay so that the Magic Packet WOL "would be" the VLAN2 network interface VLAN1.
So I configure and add to my SG300 UDP relay entry - 10 p. See the screen capture below.
I have to admit, I'm used to using UDP relay normally take a netbios broadcast and unicast to a server Ms.
But check the screenshot below, I put the switch to send the UDP relay to the broadcast address of VLAN1 network... The magic packet Wakeup sent from my PC into 2 VLANS must have passed over the limit VLAN that my NAS unit woke.
In order to check the destination port UDP to your WOL software using wireshark, and then create an appropriate UDP relay.
Experiment and play with that, once you get your device WOL properly powereing successfully.
Best regards, Dave
If I answered your question, please rate the relevance of this response
-
What are these "channel messages"? (In German, "Kanalnachrichten")
Sometimes I get a notifitcation the title of "Kanalnachricht". There are numbers displayed.
To give you an image, I uploaded an image in my blog:I have not yet scanned the source code to determine, why I got these notifitcations.
I guess, it could be due to the "Cell of reception information" setting in the "Phone settings" dialog box (c.f. preferences app).Soon I'll crosspost this question in the forum of the carrier (i.e. in the forum of Congstar) German in German.
Some providers (e.g. O2 in Germany) send Cell broadcast on channel 221.
They use it to post the coordinates of the base station so it can be determined, for example, if the phone is in the area of the House. It seems to me that this could well be caused by the information of the cell 'receive' setting.
I don't know about other providers - so if you use Congstar/T-Mobile, I'm not sure if the above is valid. -
Hello
I need to know what Windows Firewall rules must be defined for TestStand/CVI see the ARP protocol. We see nothing, no ethernet traffic.
I have a system (Army Gold Master 7, using TestStand and CVI) who has "standard" Government firewall rules We strive to communicate by Ethernet to specialized devices and we see no traffic unless disable us the firewall. We are not on the internet (not allowed by gov). The specialized devices send a broadcast request for IP but the software it never sees.
I added (incoming and outgoing) rules to allow traffic to and from my application (CVI app that does a lot of TestStand active X calls). In the logs I saw something on cviproxy so I put rules to allow that. I've set allow rules for TestStand Runtime engine. I also disabled Windows defender.
Any suggestions? BTW, we will not disable the firewall once it is deployed.
Thank you
Hey Joe,
I did some checking, and generally, CVI does not implement itself - treatment rather ARP packet, it uses Windows built in functionality to receive ARP packets and assign IP addresses. ARP is contained in the Protocol Ethernet himself and is at a lower level than the concept of ports, so that Windows Firewall cannot directly block ARP packets.
Your software CVI aims to process ARP packets in some way, or are you just wanting to communicate with devices via Ethernet? If it's the last, then the assignment of intellectual property should arrive outside the CVI and regarding the CVI you must only make sure that the correct port has been opened for communication with the specialized unit. This port number would be depends on the configuration of the device itself.
When you disable the firewall and are able to communicate with the device, how is the appliance gets its IP address? For example, it is automatically assigned by Windows or your router (with DHCP) or it has a static IP address assigned to him? It is possible that the IP address is assigned, but given that the specific communication port is blocked by the firewall, the communication can occur.
I hope this helps a little, and if you can give us the answers to these questions, we can provide I hope to better understand the situation.
-
original title: a different output for ping - an IP address
I am trying to determine the name of the computer to an IP address
When I open a command prompt in a computer (Windows XP connected to our domain) and type ping - a [IP address], I get a result
When I open a command prompt in another computer (Windows Server 2008 connected to the WORKING group) and type ping - a [IP address], I get a different result
And there are other times when ping - [IP address] will display the name of the computer on a computer (usually the Windows Server 2008), but not the other
I tried to google
1. why this happens
2. what result is correct
Please specify.
The order of DNS in Windows name resolution is as follows:
- Name of the local host (file Hosts Local generally in c:\windows\system32\drivers\etc\hosts)
- Cache Client DNS resolution
- DNS server
- Cache of NetBIOS names
- WINS server
- NetBIOS broadcasts
- File LMHosts (same location as the HOSTS file)
The reason you get different results could be because machines could be on different subnets (different results for broadcast), using a different DNS server machines or are configured for different WINS servers, or the names are already cached because of prior activity.
HTH,
JW -
ARP expire for Windows XP, Vista and 7
What is the exact value or ARP expire for Windows XP, Vista and 7, if the primary remote DHCP server is not available, then how long long time, it will release ARP and send DHCP broadcast again?
Hello
Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Windows 7 forum.
http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads
-
I read the books of Wendell Odom and I have a question about VLANS and trunking. As far I knew trunking is necessary when you have a network that is split in two between multiple switches. When a host sends a broadcast shall be issued to all hosts in this VLAN on all switches. Switches in turn need to know the VLAN ID when the package comes from another switch. Otherwise he won't know where to deliver the broadcast.
So in short, my understanding is that trunking is only required for the provision of programming (or packages from unknown hosts, when the package is also flooded to all ports VLAN and trunk) between the switches and only in cases where the network is split between them.
But I also read that the trunks are necessary between switches and default gateways for networks with the switch services. But I don't see the reason for it. Say, you switch1 switch2 vlanB, vlanA. There is no spread between the switches. And if the host vlanA must deliver unicast packets to host vlanB, then packet is routed using general rules. It comes to the default gateway, then the corresponding switch. Who needs to know the VLAN ID here and for what reason?
I understand your concern in this way - if the MAC address is unique so why should we VLAN for unicast transfer of packages of L2 if this can be done simply using the destination MAC.
In a very simple situation it is possible, YES. But the network is not that simple now. Accept this notion of VLAN began with the broadcast domain. And at the beginning of each unicast is unknown unicast to switch that is sent on all ports to get to the destination - then it's first use of the VLAN - limit the scope of unknown unicast.
Once that known and learned switch destination MAC on his CAM it can transfer packets by dest MAC and no limit to reach necessary because we have unique destination port. But imagine switch is reloaded or CAM table age expired time-out and all MAC removed - now your unicast is unknown still - if you do not use of VLAN at this time here you will flood all ports with it until your learn the destination MAC in CAM. So it's not like--we have VLAN only for broadcast - we need for the unicast to the field of application of the limit of the outbound ports when dest MAC is unknown. And once configured this VLAN we cannot say - tag only these unicast packets and not tag other - we tag all - that's the concept.
Another thing to support VLAN for unicast - imagine this package came to its final output port. You have this connected IP phone and PC port. Those of design in the field of different mailing - in different VLANS. PC VLAN is untagged, and voice VLAN is tagged as IP phone can understand this encapsulation. If you package was voice and you have lost your tag VLAN already - he will send you to the PC not identified even if you have the right destination MAC of the IP phone and it will be dropped on PC because of incorrect Mac
Third situation is when the output port is connected to the server hostying multiple virtual machines. Those who can share the same physical MAC but server can support dot1q tagging and put them in different VLANS. Once again if you have lost your code of VLANS through switches you will not be able to achieve the correct server.
So the questions of VLAN is not just about how to pass from one switch to another - is the notion of transfer from one side to the other packages L2. Package from one VLAN must always stay there if that's the L2 and the output of the last switch to VLAN correct (labeled or not identified based on the connected device).
VLAN concept goes further L3 routing as explained above in my and Alans messages.
I hope this helps.
Nik
-
Routing over VPN between ISA550W and RV215W
Hello all I have a problem with the VPN between my two office
I have an ISA550W at the head office (chcnorth)
I have a RV215W to the remote desktop (chcsouth)
the VPN is up and running, I can connect from Headquarters to remote control (chcsouth-RV215W)
and vice versa however when client computers on the remote end are trying to connect to the
Main office to access the database, they can't.
the problem started last week I received a call from the remote desktop that they can connect to our database
on the main office, I tried to connect remotely to see what was going on, it turns out that the router has completely put back
at the plant, including the firmware
I reinstalled the latest firmware for the RV215W of installation all connections as they were, I could
get VPN to connect, I can ping to the interface of the RV215W from my seat and I ping the ISA550W
the remote desktop, however my remote clients still cannot access my server at the main office
I realized after I have everything set up, I had a backup of my original installation and thinking I had
just missed something I restored it to the firmware to factory upgraded to power and restored the backup of the
RV215W I've had. still no dice
So I am now at a loss, there were no other changes to the network on both ends, I've been on this som my eyes several times
are blurred,
any ideas, workarounds for solutions would be greatly appreciated
Thanks in advance
John G
John,
It doesn't look like your question is more DNS related, as you can access the server by its IP address if the "connection" allows you to set up this way. It is quite common, that you cannot resolve names through the tunnel because netbios broadcasts will not pass. The RV215W have shared DNS within the parameters of the tunnel, so this isn't an option more.
If the "connection" is a PC, you can work around this by editing the LMHOSTS file. Please see the following instructions:
http://www.JakeLudington.com/Windows_7/20100924_how_to_edit_windows_7_lmhosts_file.html
In your case, it might look more at:
192.168.1.200 sqlsvr
Now if you ping or try to access sqlsvr from the computer, it will automatically know that it should go to 192.168.1.200 without having to find the IP address.
Answer please if you have any questions.
-Marty
-
Access gui Cisco 2811 v7.0.4 w/AIM-CUE
Hello
We are running an older router which works fine for our needs, as indicated in the subject. I am trying to access the graphical interface for the AIM - CUE and am unable to. I can access the ccme.html to the router, but that is not integrated with the function of automatic monitoring, nor there of our current configuration info. I added a route to the QUEUE of the command prompt and I am able to ping and the ip address of the QUEUE to access from a browser, but it points to builtin of the 2811 CCME or CCP. Any help anyone could offer would be greatly appreciated. Thanks in advance for your help. Please find the config for the router and the GUIDE below.
Router:
Router#sh running-config
Building configuration...
Current configuration : 12555 bytes
!
! Last configuration change at 20:19:49 CDT Sat Oct 26 2013 by GlennP
! NVRAM config last updated at 20:06:24 CDT Sat Oct 26 2013 by cmeadmin
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging discriminator ENV severity drops 4 facility drops ENVMON mnemonics drops
FAN_LOW_RPM
logging buffered discriminator ENV 4096
logging console discriminator ENV
logging monitor discriminator ENV
enable secret 5 $1$nCKH$KBDP9dCX10xvqP98Ucm5u/
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 172.22.1.154
ip dhcp excluded-address 172.22.1.200
!
ip dhcp pool Voice
network 172.22.1.0 255.255.255.0
default-router 172.22.1.154
option 150 ip 172.22.1.154
!
!
ip name-server 4.2.2.2
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
trunk group FXO
!
!
!
!
voice hunt-group 1 parallel
list 101,102,103,104,105,106,107
timeout 60
pilot 200
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-4121280238
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4121280238
revocation-check none
rsakeypair TP-self-signed-4121280238
!
!
crypto pki certificate chain TP-self-signed-4121280238
certificate self-signed 02
3082023E 308201A7 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313231 32383032 3338301E 170D3133 31303237 30313035
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31323132
38303233 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C0A7 8EB7F49F C57776E1 9CD28DF9 F3EDF876 BB02405F 1DF7B345 319C419A
23C7D891 28F496B4 675D290C 60FAE2F4 6730D680 655DD0B5 61E64C72 2B73599A
A5567091 499FD933 646168FD 4E730B8C C1079AC5 7327B695 10ED4D76 2D931584
DDA2B93B 6681E10D C82F2ABB 9DB055C8 D157EACE AB19335C B172C3E3 D8EF8452
34E90203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 ADD5749E
6A87B4CF 22F924BE 400851F6 B9F8412A 301D0603 551D0E04 160414AD D5749E6A
87B4CF22 F924BE40 0851F6B9 F8412A30 0D06092A 864886F7 0D010104 05000381
81004F81 D08AC0B6 41AAEA8B 35CAC6AF BC07DBF9 9CA42AF1 782BBCE9 1CBB68B6
0AD5A177 664FDFA0 079A5C76 29FB06B2 5760445F 8468F04B B6A37A39 32F8F079
DB6302FE 1792547D 199922B0 907C0CCA 1FD3C322 F7B70E7C 594E96F1 DE283C2A
B7313614 A028D7FF 96E9F047 79162805 4C1CA86F 0232BF0E 0A0659F5 24B7EEDA D5AE
quit
!
!
license udi pid CISCO2811 sn FTX1030A49Q
username cmeadmin privilege 15 password 7 08721D1D5C4854424A
username GlennP privilege 15 password 7 115A485642435A595C
!
!
no ip ftp passive
ip ftp source-interface FastEthernet0/0
ip ftp username cmeadmin
ip ftp password 7 091F1F5A4C54464753
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.146 255.255.255.0
duplex auto
speed auto
!
interface Service-Engine0/0
ip unnumbered FastEthernet0/1.1
service-module ip address 172.22.1.155 255.255.255.0
service-module ip default-gateway 172.22.1.154
!
interface FastEthernet0/1
ip address dhcp
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 172.22.1.154 255.255.255.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
!
ip route 0.0.0.0 0.0.0.0 10.1.1.30
ip route 172.22.1.155 255.255.255.255 Service-Engine0/0
!
!
!
tftp-server flash:phone/7940-7960/P00308000500.bin alias P00308000500.bin
tftp-server flash:Desktops/320x212x12/CampusNight.png
tftp-server flash:Desktops/320x212x12/CiscoFountain.png
tftp-server flash:Desktops/320x212x12/MorroRock.png
tftp-server flash:Desktops/320x212x12/NantucketFlowers.png
tftp-server flash:Desktops/320x212x12/TN-CampusNight.png
tftp-server flash:Desktops/320x212x12/TN-CiscoFountain.png
tftp-server flash:Desktops/320x212x12/TN-Fountain.png
tftp-server flash:Desktops/320x212x12/TN-MorroRock.png
tftp-server flash:Desktops/320x212x12/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x12/Fountain.png
tftp-server flash:Desktops/320x212x12/CiscoLogo.png
tftp-server flash:Desktops/320x212x12/TN-CiscoLogo.png
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:gui/admin_user.html alias admin_user.html
tftp-server flash:gui/admin_user.js alias admin_user.js
tftp-server flash:gui/CiscoLogo.gif alias CiscoLogo.gif
tftp-server flash:gui/Delete.gif alias Delete.gif
tftp-server flash:gui/dom.js alias dom.js
tftp-server flash:gui/downarrow.gif alias downarrow.gif
tftp-server flash:gui/ephone_admin.html alias ephone_admin.html
tftp-server flash:gui/logohome.gif alias logohome.gif
tftp-server flash:gui/normal_user.html alias normal_user.html
tftp-server flash:gui/normal_user.js alias normal_user.js
tftp-server flash:gui/Plus.gif alias Plus.gif
tftp-server flash:gui/sxiconad.gif alias sxiconad.gif
tftp-server flash:gui/Tab.gif alias Tab.gif
tftp-server flash:gui/telephony_service.html alias telephony_service.html
tftp-server flash:gui/uparrow.gif alias uparrow.gif
tftp-server flash:gui/xml-test.html alias xml-test.html
tftp-server flash:gui/xml.template alias xml.template
tftp-server flash:ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash:ringtones/AreYouThereF.raw alias AreYouThereF.raw
tftp-server flash:ringtones/Bass.raw alias Bass.raw
tftp-server flash:ringtones/CallBack.raw alias CallBack.raw
tftp-server flash:ringtones/Chime.raw alias Chime.raw
tftp-server flash:ringtones/Classic1.raw alias Classic1.raw
tftp-server flash:ringtones/Classic2.raw alias Classic2.raw
tftp-server flash:ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash:ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xm
l
tftp-server flash:ringtones/Drums1.raw alias Drums1.raw
tftp-server flash:ringtones/Drums2.raw alias Drums2.raw
tftp-server flash:ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash:ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash:ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash:ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash:ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash:ringtones/Piano1.raw alias Piano1.raw
tftp-server flash:ringtones/Piano2.raw alias Piano2.raw
tftp-server flash:ringtones/Pop.raw alias Pop.raw
tftp-server flash:ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash:ringtones/Ring1.raw alias Ring1.raw
tftp-server flash:ringtones/Ring2.raw alias Ring2.raw
tftp-server flash:ringtones/Ring3.raw alias Ring3.raw
tftp-server flash:ringtones/Ring4.raw alias Ring4.raw
tftp-server flash:ringtones/Ring5.raw alias Ring5.raw
tftp-server flash:ringtones/Ring6.raw alias Ring6.raw
tftp-server flash:ringtones/Ring7.raw alias Ring7.raw
tftp-server flash:ringtones/RingList.xml alias RingList.xml
tftp-server flash:ringtones/Sax1.raw alias Sax1.raw
tftp-server flash:ringtones/Sax2.raw alias Sax2.raw
tftp-server flash:ringtones/Vibe.raw alias Vibe.raw
tftp-server flash:phone/7940-7960/P00308000500.loads alias P00308000500.loads
tftp-server flash:phone/7940-7960/P00308000500.sb2 alias P00308000500.sb2
tftp-server flash:phone/7940-7960/P00308000500.sbn alias P00308000500.sbn
tftp-server flash:phone/7941-7961/apps41.8-4-1-23.sbn alias apps41.8-4-1-23.sbn
tftp-server flash:phone/7941-7961/cnu41.8-4-1-23.sbn alias cnu41.8-4-1-23.sbn
tftp-server flash:phone/7941-7961/cvm41sccp.8-4-1-23.sbn alias cvm41sccp.8-4-1-2
3.sbn
tftp-server flash:phone/7941-7961/dsp41.8-4-1-23.sbn alias dsp41.8-4-1-23.sbn
tftp-server flash:phone/7941-7961/jar41sccp.8-4-1-23.sbn alias jar41sccp.8-4-1-2
3.sbn
tftp-server flash:phone/7941-7961/SCCP41.8-4-2S.loads alias SCCP41.8-4-2S.loads
tftp-server flash:phone/7941-7961/term41.default.loads alias term41.default.load
s
tftp-server flash:phone/7941-7961/term61.default.loads alias term61.default.load
s
tftp-server flash:CP7905080002SCCP060817A.zup
tftp-server flash:CP7912080003SCCP070409A.sbin
tftp-server flash:ATA030204SCCP090202A.zup
tftp-server exit
tftp-server music-on-hold.au
tftp-server enable
!
control-plane
!
!
voice-port 0/3/0
trunk-group FXO
no battery-reversal
no comfort-noise
connection plar 300
description 715833XXXX
caller-id enable
!
voice-port 0/3/1
trunk-group FXO
no battery-reversal
no comfort-noise
connection plar 300
description 715833YYYY
caller-id enable
!
voice-port 0/3/2
trunk-group FXO
no battery-reversal
no comfort-noise
connection plar 300
description 715833AAAA
caller-id enable
!
voice-port 0/3/3
!
!
!
!
dial-peer voice 100 pots
trunkgroup FXO
destination-pattern 9.T
!
dial-peer voice 800 voip
description VM
destination-pattern 800
session protocol sipv2
session target ipv4:172.22.1.155
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 300 voip
description Sterling AA
destination-pattern 300
session protocol sipv2
session target ipv4:172.22.1.155
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
!
sip-ua
mwi-server ipv4:172.22.1.155 expires 86400 port 5060 transport u
!
!
telephony-service
no auto-reg-ephone
max-ephones 40
max-dn 100
ip source-address 172.22.1.154 port 2000
timeouts interdigit 3
system message Sterling Optical #258
load 7960-7940 P00308000500
dialplan-pattern 1 . extension-length 3
voicemail 800
max-conferences 8 gain -6
call-park system application
moh flash:/music-on-hold.au
multicast moh 239.10.16.1 port 2000
web admin system name admin password cisco
dn-webedit
time-webedit
transfer-system full-consult
secondary-dialtone 9
fac custom dpark-retrieval *00
create cnf-files version-stamp 7960 Apr 15 2013 22:15:20
!
!
ephone-dn 1
!
!
ephone-dn 11 dual-line
number 101
name Front 1
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 12 dual-line
number 102
name Front 2
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 13
number 103
name Front 3
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 14
number 104
name Exam Room
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 15
number 105
name Screening Area
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 16
number 106
name Lab
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 17
number 107
name Insurance Office
call-forward busy 800
call-forward noan 800 timeout 10
mwi sip
!
!
ephone-dn 18
number 108
name 7940
!
!
ephone-dn 19
number 109
name Spare1
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 20
number 110
name spare2
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 21
number 111
name Spare1
call-forward busy 800
call-forward noan 800 timeout 70
!
!
ephone-dn 30
number 201
label General VM
description General VM
call-forward all 800
hold-alert 30 originator
!
!
ephone-dn 77
number 777
park-slot timeout 300 limit 2 recall
description Call Park Slot
!
!
ephone-dn 88
number 888
park-slot timeout 300 limit 2 recall
description Call Park Slot
!
!
ephone-dn 99
number 000
mwi off
!
!
ephone-dn 100
number 001
mwi on
!
!
ephone 1
mac-address 0015.62EA.5C58
username "frontdesk1" password cisco
type 7960
button 1:11
!
!
!
ephone 2
mac-address 0015.62B5.DBF6
username "frontdesk2" password cjp44206
type 7960
button 1:12
!
!
!
ephone 3
mac-address 0007.855C.853F
type 7940
button 1:13
!
!
!
ephone 4
mac-address 0017.E001.0940
type 7940
button 1:14
!
!
!
ephone 5
mac-address 0007.8553.2B3C
type 7940
button 1:15
!
!
!
ephone 6
mac-address 0015.C614.A1D1
type 7940
button 1:16
!
!
!
ephone 7
mac-address 0015.F9EC.1EED
username "insurance" password 1234
type 7940
button 1:17
!
!
!
ephone 9
!
!
!
ephone 10
mac-address 0007.8553.2E74
type 7940
button 1:20
!
!
!
ephone 11
mac-address 0019.E855.7616
type 7940
button 1:21
!
!
!
line con 0
line aux 0
line 194
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp master 6
ntp peer 69.164.217.193
ntp peer 204.9.136.253
end
CUE:
Router#service-module service-Engine 0/0 sess
Trying 172.22.1.154, 2194 ... Open
AIM-CUE#
AIM-CUE# sh running-config
Generating configuration:
clock timezone America/Chicago
hostname AIM-CUE
line console
exit
system language preferred "en_US"
ip name-server 4.2.2.2 4.2.2.3
ntp server 172.22.1.154 prefer
software download server url "ftp://127.0.0.1/ftp" credentials hidden "6u/dKTN/h
sEuSAEfw40XlF2eFHnZfyUTSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfG
WTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"
site name local
site-hostname 172.22.1.154
web credentials hidden "c9yem6kD1vJqrOHVxftjAknfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0n
fGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"
end site
privilege ViewHistoricalReports create
privilege manage-users create
privilege manage-passwords create
privilege ViewRealTimeReports create
privilege local-broadcast create
privilege broadcast create
privilege vm-imap create
privilege ManagePublicList create
privilege ViewPrivateList create
privilege ManagePrompts create
groupname staff create
groupname Broadcasters create
username GlennP create
username insurance create
username admin create
username cisco create
privilege ViewHistoricalReports description "Privilege to view historical report
s"
privilege manage-users description "Privilege to create, modify, and delete user
s and groups"
privilege manage-passwords description "Privilege to reset user passwords"
privilege ViewRealTimeReports description "Privilege to view realtime reports"
privilege local-broadcast description "Privilege to send local broadcast message
s"
privilege broadcast description "Privilege to send local or remote broadcast mes
sages"
privilege vm-imap description "Privilege to manage personal voicemail via IMAP c
lient"
privilege ManagePublicList description "Privilege to manage public lists"
privilege ViewPrivateList description "Privilege to view private list"
privilege ManagePrompts description "Privilege to create, modify, or delete syst
em prompts"
privilege ViewHistoricalReports operation report.historical.view
privilege manage-users operation user.configuration
privilege manage-users operation user.mailbox
privilege manage-users operation user.password
privilege manage-users operation user.remote
privilege manage-users operation user.pin
privilege manage-users operation system.debug
privilege manage-users operation user.notification
privilege manage-users operation group.configuration
privilege manage-passwords operation user.password
privilege manage-passwords operation user.pin
privilege manage-passwords operation system.debug
privilege ViewRealTimeReports operation report.realtime
privilege local-broadcast operation broadcast.local
privilege local-broadcast operation system.debug
privilege broadcast operation broadcast.local
privilege broadcast operation system.debug
privilege broadcast operation broadcast.remote
privilege vm-imap operation voicemail.imap.user
privilege ManagePublicList operation voicemail.lists.public
privilege ManagePublicList operation system.debug
privilege ViewPrivateList operation voicemail.lists.private.view
privilege ManagePrompts operation prompt.modify
privilege ManagePrompts operation system.debug
groupname Administrators member admin
groupname Administrators member cisco
groupname Broadcasters member admin
groupname staff privilege broadcast
groupname staff privilege local-broadcast
groupname Broadcasters privilege broadcast
groupname staff phonenumber "201"
username insurance phonenumber "107"
username GlennP supervisor designate
restriction msg-notification create
restriction msg-notification min-digits 1
restriction msg-notification max-digits 30
restriction msg-notification dial-string preference 1 pattern * allowed
backup server url "ftp://127.0.0.1/ftp" credentials hidden "EWlTygcMhYmjazXhE/VN
XHCkplVV4KjescbDaLa4fl4WLSPFvv1rWUnfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8Z
ZNgd+Y9J3xlk2B35j0nfGWTYHfmP"
calendar biz-schedule sterling_open
closed day 1 from 00:00 to 24:00
open day 2 from 10:00 to 18:00
open day 3 from 10:00 to 20:00
open day 4 from 10:00 to 18:00
open day 5 from 10:00 to 20:00
open day 6 from 10:00 to 18:00
open day 7 from 09:00 to 17:00
end schedule
calendar biz-schedule systemschedule
open day 1 from 00:00 to 24:00
open day 2 from 00:00 to 24:00
open day 3 from 00:00 to 24:00
open day 4 from 00:00 to 21:00
open day 4 from 22:00 to 24:00
open day 5 from 00:00 to 24:00
open day 6 from 00:00 to 24:00
open day 7 from 00:00 to 24:00
end schedule
ccn application autoattendant aa
description "Sterling Auto-Attendant"
enabled
maxsessions 4
script "aa.aef"
parameter "busClosedPrompt" "AABusinessClosed.wav"
parameter "holidayPrompt" "AAHolidayPrompt.wav"
parameter "welcomePrompt" "AAWelcome.wav"
parameter "disconnectAfterMenu" "false"
parameter "dialByFirstName" "false"
parameter "allowExternalTransfers" "false"
parameter "MaxRetry" "3"
parameter "dialByExtnAnytime" "false"
parameter "busOpenPrompt" "AABusinessOpen.wav"
parameter "businessSchedule" "systemschedule"
parameter "dialByExtnAnytimeInputLength" "4"
parameter "operExtn" "1001"
end application
ccn application ciscomwiapplication aa
description "ciscomwiapplication"
enabled
maxsessions 6
script "setmwi.aef"
parameter "CallControlGroupID" "0"
parameter "strMWI_OFF_DN" "8001"
parameter "strMWI_ON_DN" "8000"
end application
ccn application msgnotification aa
description "msgnotification"
enabled
maxsessions 6
script "msgnotify.aef"
parameter "logoutUri" "http://localhost/voicemail/vxmlscripts/mbxLogout.jsp"
parameter "DelayBeforeSendDTMF" "1"
end application
ccn application promptmgmt aa
description "promptmgmt"
enabled
maxsessions 1
script "promptmgmt.aef"
end application
ccn application sterlingaa aa
description "sterlingaa"
enabled
maxsessions 6
script "sterlingaa.aef"
parameter "Sterling_Sched" "sterling_open"
parameter "Sterling_Hunt" "200"
end application
ccn application voicemail aa
description "Sterling Voicemail by RhinoIT"
enabled
maxsessions 4
script "voicebrowser.aef"
parameter "logoutUri" "http://localhost/voicemail/vxmlscripts/mbxLogout.jsp"
parameter "uri" "http://localhost/voicemail/vxmlscripts/login.vxml"
end application
ccn engine
end engine
ccn reporting historical
database local
description "se-10-1-1-6"
end reporting
ccn subsystem sip
gateway address "172.22.1.154"
mwi envelope-info
mwi sip sub-notify
end subsystem
ccn trigger http urlname msgnotifytrg
application "msgnotification"
enabled
maxsessions 2
end trigger
ccn trigger http urlname mwiapp
application "ciscomwiapplication"
enabled
maxsessions 1
end trigger
ccn trigger sip phonenumber 2000
application "voicemail"
enabled
maxsessions 4
end trigger
ccn trigger sip phonenumber 300
application "sterlingaa"
enabled
maxsessions 6
end trigger
ccn trigger sip phonenumber 800
application "voicemail"
enabled
maxsessions 6
end trigger
service phone-authentication
end phone-authentication
service voiceview
enable
end voiceview
voicemail callerid
voicemail broadcast recording time 300
voicemail default messagesize 240
voicemail notification restriction msg-notification
voicemail mailbox owner "admin" size 775
description "admin mailbox"
end mailbox
voicemail mailbox owner "insurance" size 775
description "insurance mailbox"
end mailbox
end
-Pat
Is not clear what you mean. IP of CUe should put CUE GUI.
Maybe you are looking for
-
Hello!I have a problem - El Capitan would not download on my MacBook Air 2008 I had a few weeks ago. When I try to get to the AppStore, it says "this version of Mac OS X 10.11 cannot be installed on this computer." I know that my Mac is a bit old, bu
-
Using annotate preview - delete + insert?
Hello I just started to use the feature to annotate previews for annotate PDFs on a MacBook Pro, after you use the GoodReader app on an iPad. In GR, there is a way to expunge erroneous text and insert the correct text in a single action that perfectl
-
Failed to start the laptop - screen remains black
My laptop does not start. Power led and load are also on, HDD LED, but has black screen.If I hit F12 when starting with my recovery disk in, I can hear the CD being run/search but screen remains black.Seems to me that the (bios) boot is corrupted. An
-
German date in numbers format using
Since the last update of version numbers 3.6.1 program does not recognize the average German to write a date more. (exact) It recognizes only the British or American way with slashes (jj/mm/aaaa) which suchs really, because all of my sheets and cvs.f
-
I noticed that I had updates ready to install and need to restart my computer, so I clicked on the update computer and turn off. He did the updates, then stop. I turned it back on and it makes more updates. When he returned to the top, I logged on my