Aironet 1252 with catalyst 2960-8TC-L & 1841 router compatibility

Hello

First of all they are togther a good combination?

I'll buy new ap 1252 and switch catalyst 2960-8TC-L my question can I connect the access point to 1 x 10/100/1000Base-T/SFP (mini-GBIC) (uplink) port?

because to work on ap with capacity 300 Mbps, it needs port 1000, I will use to power ap powerinjector.

It will be 15 sereve pc as a working group and 60 customers on wlan.

Concerning

Saher

Depending on the type of traffic and bandwidth customer requirements demand, you might need a couple more of ap which means you may have to settle for a switch of 24 ports. Cisco recommends 15-25 users by so, but still, you can have more if it's just e-mail and web browsing.

Tags: Cisco Wireless

Similar Questions

  • 6248 FI Cisco's UCS with Cisco catalyst 2960 connectivity

    In our environment, UCS, connects the two fabric as a Cisco Nexus 9 k switch upstream with vPC and it works well. But we need to isolate some virtual servers on the blades of the UCS on an entirely separate DMZ switch which is Cisco catalyst 2960.

    (1) so can we connect cables separate physical twinax of FI uplink ports to catalyst 2960 and connectivity to the servers in the DMZ keeping YEW to nexus connectivity as it is?

    (2) in this case, as there are 2 switches to nexus core 1 and 2 so we will require 2 cisco catalyst 2960 for disjoint such a network? or otherwise we can connect A FI and FI B to one on his 2 numbers 2960 switch. Gig SFP ports + 10?

    (3) also suggest things must be taken in charge, the best guides practice or an illustration in this context.

    The assignment is static and cannot be changed.

    location 1 - uplink 1

    slot 2 - uplink 2...

    If a property has no blade, the corresponding uplink is not used and that can not be changed!

    This dedication of uplinks of IOM is of course a lot of resources: cables, ports on FI, allowed port,...

  • Cisco Catalyst 2960-S switch configured for 802. 1 x sends a query to access the Radius Server Radius

    Setup

    Cisco Catalyst 2960-S running 15.0.2 - SE8

    Under Centos freeRadius 6.4 RADIUS server

    Client (supplicant) running Windows 7

    When Windows client is connected to the port (port 12 in my setup) with authentication of 802. 1 x active switch, show of Wireshark that catalyst sends ask EAP and the client responds with EAP response. But it made not the request to the Radius server. The RADIUS test utility 'aaa RADIUS testuser password new-code test group' works.
    Here is my config running. Any advice would be greatly appreciated.
    #show running mySwitch-
    mySwitch #show running-config
    Building configuration...

    Current configuration: 2094 bytes
    !
    version 12.2
    no service button
    horodateurs service debug datetime msec
    Log service timestamps datetime msec
    no password encryption service
    !
    hostname myswitch
    !
    boot-start-marker
    boot-end-marker
    !
    activate the password secret 5 $1$ Z1z6$ kqvVYRQdVRZ0h8aDTV5DR0 enable password!
    !
    !
    AAA new-model
    !
    !
    AAA dot1x group group radius aaa accounting dot1x default start-stop radius authentication group!
    !
    !
    AAA - the id of the joint session
    1 supply ws-c2960s-24ts-l switch
    !
    !
    !
    !
    !
    control-dot1x system-auth
    pvst spanning-tree mode
    spanning tree extend id-system
    !
    !
    !
    !
    internal allocation policy of VLAN no ascendant interface FastEthernet0 no stop ip address!
    GigabitEthernet1/0/1 interface
    !
    interface GigabitEthernet1/0/2
    !
    interface GigabitEthernet1/0/3
    !
    interface GigabitEthernet1/0/4
    !
    interface GigabitEthernet1/0/5
    !
    interface GigabitEthernet1/0/6
    !
    interface GigabitEthernet1/0/7
    !
    interface GigabitEthernet1/0/8
    !
    interface GigabitEthernet1/0/9
    !
    interface GigabitEthernet1/0/10
    !
    interface GigabitEthernet1/0/11
    !
    interface GigabitEthernet1/0/12
    switchport mode access
    Auto control of the port of authentication
    dot1x EAP authenticator
    !
    interface GigabitEthernet1/0/13
    !
    interface GigabitEthernet1/0/14
    !
    interface GigabitEthernet1/0/15
    !
    interface GigabitEthernet1/0/16
    !
    interface GigabitEthernet1/0/17
    !
    interface GigabitEthernet1/0/18
    !
    interface GigabitEthernet1/0/19
    !
    interface GigabitEthernet1/0/20
    !
    interface GigabitEthernet1/0/21
    !
    interface GigabitEthernet1/0/22
    !
    interface GigabitEthernet1/0/23
    !
    interface GigabitEthernet1/0/24
    !
    interface GigabitEthernet1/0/25
    !
    interface GigabitEthernet1/0/26
    !
    interface GigabitEthernet1/0/27
    !
    interface GigabitEthernet1/0/28
    !
    interface Vlan1
    IP 10.1.2.12 255.255.255.0
    !
    IP http server
    IP http secure server
    activate the IP sla response alerts
    recording of debug trap
    10.1.2.1 host connection tcp port 514 RADIUS-server host 10.1.2.1 transport auth-port 1812 acct-port 1646 timeout 3 retransmit testing123 key 3.
    Line con 0
    line vty 0 4
    password password
    line vty 5 15
    password password
    !
    end

    interface GigabitEthernet1/0/16
    !
    interface GigabitEthernet1/0/17
    !
    interface GigabitEthernet1/0/18
    !
    interface GigabitEthernet1/0/19
    !
    interface GigabitEthernet1/0/20

    Have you run wireshark on the server because the request to switch? If so you make sure that there is a response from the server? For Windows network POLICY Server (I've never tried Centos), you must ensure that the request is related to a policy which then authenticates, or denies access. Usually, it is a matter of such attributes and the seller.

    Regarding the configuration, it seems a bit out of the AAA. Try to remove the:

    line "aaa dot1x group service radius authentication" and this by using instead:

    "aaa dot1x default radius authentication group". After the dot1x word you are supposed to provide a list of the authentication or the default Word if you do not want to use a list.

  • Web authentication Catalyst 2960

    Hello

    I am trying to configure Web authentication relief on a catalyst 2960 switch. The goal is to authenticate customers via web authentication that are consistent (the part of 802. 1 x works fine) not 802. 1 x and allow them access to the network. The problem is that the web authentication seems to fail.

    The equipment about my question: switch catalyst 2960 (version: 122 - 37.SE) and a FreeRadius.

    Here's what happens:

    The authentication window will appear in my browser and the access request is sent to the RADIUS.

    The term RADIUS replies with an Access-Accept. Debugging running on the switch show that all this information is coming properly authentication and switch outputs debug a 'status = PASS' and permission to debug outputs a 'status = PASS_ADD'. Despite this the browser on the client generates a message "authentication failure".

    I have read the manual and the Cisco attribute value pairs are mentioned: ' priv-lvl = 15' and «proxyacl...»» ». They are required to make it work? Given that I'm not setting up any authentication switch connection via RADIUS.

    Any suggestions?

    Thanks in advance

    Yes, they are mandatory.

    If priv-lvl = 15 is not returned to the switch, the user will see? Authentication failed? and the access list will not apply. If the source in the statements of proxyacl field is not? everything? or there are other errors of syntax, the user will see? Successful authentication? but the access list will not apply and the user will be denied access to the network.

    Not sure about the configuration of specific FreeRADIUS, but you need to set up the? [026\009\001] Cisco av pair VSA. It should look like:

    Priv-lvl = 15

    proxyacl #10 = ip permit a whole

    Let me know if this lets you squared

  • Cisco 2112 WALN controller unable to detect Aironet 1252

    I'm new on this.

    A new Aironet 1252 and trying to hang on until Controller 2112. There are already two existing WAP related to the controller, but the new, it is not displayed. I need instructions step by step how get this working because I do not know where to start

    I have attached the aironet config

    Please help

    Hello

    The AP is in mode Autononous... therefore, it will not work with the WLC until we convert ITTO LWAPP or CAPWAP... Please download the latest capwap / LWAPP image from below link for1252 AP (image = c1250-rcvk9w8 - tar.124 - 21A .JA2 .tar)

    http://www.Cisco.com/Cisco/software/release.html?mdfid=281235915&flowid=6779&softwareid=280775090&release=12.4%2821A%29JA2&rellifecycle=&relind=available&RelType=latest

    and then get the TFTPd32 on your laptop and install... Make sure that the PA and the interface ethernet laptop are on the same subnet and try ping AP bvi IP of your laptop inte... If we are able to then...

    Tap the image to the tftp server by going to the right directory... then issue the belkow command...

    / force-reload DOWNLOAD-sw AP #archive / overwrite tftp: / /image.tar

    ex

    Assuming 10.10.10.1 is your tftp server... change accordingly...

    / force-reload DOWNLOAD-sw AP #archive / overwrite tftp://10.10.10.1/c1250-rcvk9w8-tar.124-21a.JA2.tar

    This recharge and get to image LWAPP AP will join the WLC and then you need to configure on the WLC stand according to your needs...

    Let me know if that answers your question...

    Concerning
    Surendra
    ====
    Please do not forget to note positions that answered your question and mark as answer or was useful

  • Dot1x multidomain on Catalyst 2960

    Hello

    I improved my 2960 with the latest basic version of LAN 12.2 (46) which includes the authentication of domain Multi (MDA) and I tried to configure what is described here:

    http://www.Cisco.com/en/us/Tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml

    I have the following exceptions in my configuration:

    (1) SE - cat 2960 with the latest version of IOS 12.2 (46) that supports the MDA;

    (2) using the Win2K IAS as a server radius. and

    (3) third party (Avaya) with active begging dot1x IP phone. I have a PC with ability to dot1x connected to the second port of the IP phone.

    That's what I set up on the phone IP port:

    interface FastEthernet0/9

    switchport access vlan 221

    switchport mode access

    switchport voice vlan 222

    dot1x EAP authenticator

    self control-port dot1x

    multi-domain host-mode dot1x

    protect the dot1x violation-mode

    dot1x reauth-deadline 30

    dot1x re-authentication

    spanning tree portfast

    I also configured the server Radius IAS Win2K to send RADIUS 'cisco-av-pair attribute' tell the authenticator (Cisco Catalyst 2960) that a supplicant (IP phone) is authorized on the voice VLAN as described in config-notes above link.

    When the supplicant IP phone starts to authenticate, he succeeds, but that the port does not allow the field of VOICE, even though the 2960 receives the attribute "cisco-av-pair" of the Radius Server RADIUS. I confirmed the reception of this attribute of debugging on the switch.

    RADIUS: Receipt of id 160.2.100.74:1645 1645/64, Access-Accept, len

    110

    17:02:38: RADIUS: authenticator 7 d AC 50 FE 14 B4 FC DC - 3A A4 E5 3F 1E 76 62

    C3

    17:02:38: RADIUS: EAP-Message [79] 6

    17:02:38: RADIUS: 03 05 00 04

    17:02:38: RADIUS: [25] in class 32

    17:02:38: RADIUS: 44 05 05 A2 00 00 01 37 00 01 A0 02 64 4A C9 01 1 33 79 52

    D8 58 00 00 00 00 00 00 1 b E7 [D7dJ3yRX]

    17:02:38: RADIUS: seller, Cisco [26] 34

    17:02:38: RAY: Cisco-AVpair [1] 28 'device-traffic-class = voice.

    17:02:38: RADIUS: Message-Authenticato [80] 18

    17:02:38: RADIUS: D9 42 78 88 26 5A 65 83 68 B0 E0 C7 AF 5TH 0F 51 [B

    [x & Zeh ^ Q]

    17:02:38: RADIUS (00000009): receipt of id 1645/64

    17:02:38: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

    Cat2960 #show dot1x int fa0/9 details

    Dot1x FastEthernet0/9 information

    -----------------------------------

    EAP AUTHENTICATOR =

    PortControl = AUTO

    ControlDirection = both

    HostMode = MULTI_DOMAIN

    Violation mode = PROTECT

    A re-authentication = on

    QuietPeriod = 60

    ServerTimeout = 0

    SuppTimeout = 30

    ReAuthPeriod = 30 (configured locally)

    ReAuthMax = 2

    MaxReq = 2

    TxPeriod = 30

    RateLimitPeriod = 0

    Dot1x authenticator customer list

    -------------------------------

    Domain = DATA

    "Supplicant" = 0004.0d9b.46d8

    AUTH State = AUTHENTICATED SM

    AUTH BEND State IDLE = SM

    Port status = AUTHORIZED

    ReAuthPeriod = 30

    ReAuthAction = is re-authenticated

    TimeToNextReauth = 20

    Authentication method = Dot1x

    Authorized by = authentication server

    Policy of VLAN = n/a

    I don't think I need CDP to allow the field of voice, if the Radius server sends the attribute "cisco-av-pair".

    Have I misunderstood the concept?

    Thank you!

    You can share the config switch?

    Missing for example aaa authorization network default radius group?

  • not visible on the switch Catalyst 2960 vNIC...

    Dear all,

    I configured the UCS chassis with 5 blades and installed the esxi on all five blades...

    I created a VNIC 10 per server and by now I have ip for esxi management by combining two NICs for and YEW is connected to the switch catalyst 2960. The uplinks are 1 Gig at the END and at the end of the switch... and I made these trunk at the end of the switch, all permitted the VLAN on the trunk link

    I have configured all the VLANS on during vNIC based on a model and all of those selected. vlan1 is the vlan by default & selected the same.

    Please help me to solve the problem... I got tired of all the means & could not able to find a solution.

    Kind regards

    Gopi G

    Greetings.

    Please confirm you learn your esxi mgmt addresses (VMK0 will inherit mac vnic UCSM) on FI: #connect nxos

    #See table of mac addresses

    Do the same on your 2960 switches.  You see the mac addresses on the ports of 2960 connected for the UCSM uplinks?

    Your uplinks UCSM go the 2960 into a port channel?

    Thank you

    Kirk

  • Button Mode Catalyst 2960

    Hello

    Can someone tell me a method of turning off the function of the Mode button on a catalyst 2960 to stop this reboot of the switch after being detained for 10 seconds? Even with a config full on the switch, the function "reset" always seems to bypass the config and clear/reload the switch.

    Is it possible to disable this feature in the software?

    Thank you very much

    Charlie Read

    Try the following command: no express installation

    See the following link for more details on the order.

    http://www.Cisco.com/en/us/products/hw/switches/ps628/products_command_reference_chapter09186a00801a6c4a.html#3549999

    I hope this helps.

    Steve

  • The Catalyst 2960 G switch configuration

    Is it possible to configure a Catalyst 2960 G Switch to act as / be an unmanaged (no router) switch?  If so, please provide detailed and simple instructions.

    Hi @lcbalogh1,

    I think that these switches are not routing compatible, but one thing... What you want to do is to have the switch set in a single broadcast domain (all ports in the same VLAN), right? If so, follow these steps:

    • Disable the routing features with the configuration command global "don'tno ip Routing.
    • If the first command is not accepted, type the "No dsm prefer lanbase-routing.

    These two steps above to disable the routing features.

    OK, to mark all the ports of the members of the same VLAN, you have a few options:

    • You can leave all the default ports VLAN (VLAN 1)
    • Or, you can configure all ports in another VLAN different
      • switchport mode access
      • access switchport vlan id - vlan>

    Hope this is useful for you.

    Rgrds,

    Martin, computer scientist

  • How acess catalyst 2960-s

    How acess catalyst 2960-s

    The main method of management is the Cisco Network Assistant however if you need to use the console port, then use the supplied RJ45 to DB9 cable to connect to a local serial port.

    Software wise, that it is possible to extract the 2 files HyperTerminal from a CD in Windows XP to run on a Win7 PC. The best alternative is a PuTTY terminal emulator.

  • How to upgrade IOS for Aironet 1252 G

    I'm trying to update the IOS for Aironet 1252 G wirless access point, I look at all the instruction and they do not make sense! And there is just no instuctions on how to upgrade the IOS in the WEB BROWSER interface. I just did an install of Windows Server 2008R2 and real simple compared to only raise AP and running, but there still Microsoft and their staff try to keep things simple for people where CISCO makes more complex theings.

    Hello

    If you try to update the IOS on a Cisco AP upgrade recomeneded uses the cli via a telnet session or console.

    **************************************************************************** RECOMMENDED UPGRADE TROUGH CLI: The following are the proper steps to do an IOS upgrade in a CLI/Telnet session (This is the recommended upgrade): 1st: Use a TFTP server in the computer that you are going to use for the upgrades. If you don't have one, get the free TFTP server in the following link: http://tftpd32.jounin.net Note: Make sure that the computer and the APs are in the same subnet. For example and AP in default settings will have IP: 10.0.0.1, so you need to have the computer as IP 10.0.0.2, subnet mask: 255.255.255.0. 2nd: Download the IOS image from the Cisco.com Web site. Note: Do not "unzip" the image. 3rd: Open the TFTP server (make sure that the TAR file's name of the IOS image is shown as in the web site, because sometimes it gets renamed to "Download .tar" and if that happens you need to rename it).  Browse the TAR file and select it, then click ok. 4th: Telnet the unit, go to enable mode and enter the following command: ap#archive download-sw /overwrite /force-reload tftp://IPAddress of_the_tftp_server/name_of_the_IOS_image_you_downloaded In this link, you must specify the extension, as an example: ap#archive download-sw /overwrite /force-reload tftp://10.0.0.2/c1200-k9w7-tar.122-13.JA.tar Note: The IOS image name is case sensitive, and it should be complete.
    
******************************************************************************
    

    This is the same procedure for any AP in IOS mode, the difference would be the image used for each specifc model.

  • How to use Layer 2 Ports on the Cisco 1841 router switch

    Hello

    I use the Cisco 1841 router with a single port layer 3 Fe0 and 8 Ports switched.

    I gave the IP on the Fe0 port which is connected to another router.

    Now I don't know how to use Layer 2 of the router switch ports.

    I tried to make one of the port as a Port of access by switchport mode access and connected my laptop and the same subnet given IP, but I can't ping my Fe0 IP port and vice versa, as I am also unable to ping my laptop router.

    Can someone explain to me how to use these ports on layer 2?

    Hi Muhammadatifmasood, take a look at the link below, I'm sure that you will find it useful.

    https://supportforums.Cisco.com/discussion/10919631/how-enable-routing-b...

    BenSamayoa

  • Card crypto applied to the Vlan Interface of the 1841 router

    Currently, our 1841 router has a T1 connected to the WIC T1, Comcast Cable connected to Fa0/0 and the local network connected to Fa0/1.  Tuesday, our 1841 will have an ethernet connection to a new gateway router instead of use the WIC T1.  I added a 4-port ethernet module to the router in the anticipation of this change.  Since the 4-port module is not layer 3 capable, I created a virtual local area network so that I can address the Vlan with the IP address that has been previously configured on the WIC T1.  My goal is to move our IPSec vpn tunnel interface series interface vlan newly created.  I was able to add all orders of the interface vlan, but I wanted to make sure that when the time comes to make the transition, the tunnel will be actually get when it is configured on an interface vlan that is then assigned to one of the four ethernet ports in the add-on.  Has anyone done this or seen that fact?  Potential drawbacks?  Thank you very much!

    Hello

    Crypto-map is compatible with the IVR, so if everything else is in place, it does not work.

    HTH

    Laurent.

  • VPN between 2 1841 router using a connection HDSL

    Hi all

    I need help to solve my problem, sorry for my English, I'll try to explain my problem

    I need to build a VPN (ipsec) between 2 side that use a Cisco 1841 router, each with its own public IP address.

    The side 2 can ping each public IP address but the VPN are DOWN state.

    The schema is the following:

    192.168.1.0/24 (LAN1) <->Ro1 (X.X.X.X) <- vpn="" -="">(Y.Y.Y.Y) Ro2 <->192.168.2.0/24 (LAN2)

    the configuration of the Ro1 is shown on, the same configuration is present also in Ro2, but with a different IP address

    SH run
    Building configuration...

    Current configuration: 9808 bytes
    !
    version 12.4
    horodateurs service debug datetime msec
    Log service timestamps datetime msec
    encryption password service
    !
    hostname TEST
    !
    boot-start-marker
    start the flash c1841-adventerprisek9 - mz.124 - 24.T.bin system
    boot-end-marker
    !
    forest-meter operation of syslog messages
    logging buffered 51200 warnings
    !
    No aaa new-model
    dot11 syslog
    no ip source route
    !
    !
    !
    !
    IP cef
    no ip bootp Server
    IP domain name test.it
    Server name x.x.x.x IP
    Server name x.x.x.x IP
    inspect the IP log drop-pkt
    inspect the IP incomplete-max 300 low
    inspect the high IP-400 max-incomplete
    IP inspect a minute low 300
    IP inspect hashtable-size 2048
    inspect the IP tcp synwait-time 20
    inspect the tcp host incomplete-max 300 IP block-time 60
    inspect the name ID tcp IP
    inspect the IP udp ID name
    inspect the IP ftp login name
    No ipv6 cef
    !
    Authenticated MultiLink bundle-name Panel
    !
    !
    !
    !
    !
    Password username privilege 15 TEST TEST 0
    Archives
    The config log
    hidekeys
    !
    !
    crypto ISAKMP policy 10
    BA 3des
    md5 hash
    preshared authentication
    Group 2
    !
    address TEST key crypto isakmp Y.Y.Y.Y
    ISAKMP crypto keepalive 10
    !
    !
    Crypto ipsec transform-set VPN - SET esp-3des esp-md5-hmac
    !
    VPN ipsec-isakmp crypto map
    defined peer Y.Y.Y.Y
    transformation-VPN-SET game
    match address 150
    !
    !
    !
    property intellectual ssh time 60
    property intellectual ssh authentication-2 retries
    property intellectual ssh version 2
    !
    !
    !
    interface FastEthernet0/0
    Description * Ro1-> LAN router *.
    IP 192.168.1.254 255.255.255.0
    IP nat inside
    IP virtual-reassembly
    automatic duplex
    automatic speed
    No keepalive
    !
    !
    interface Serial0/0/0
    no ip address
    frame relay IETF encapsulation
    event logging subif-link-status
    dlci-change of status event logging
    IP access-group 103 to
    load-interval 30
    no fair queue
    frame-relay lmi-type ansi
    !
    point-to-point interface Serial0/0/0.1
    Description * Ro1-> WAN router *.
    IP x.x.x.x 255.255.255.252
    NAT outside IP
    inspect the IP ID out
    IP virtual-reassembly
    SNMP trap-the link status
    No cdp enable
    No arp frame relay
    frame-relay interface dlci 100 IETF
    VPN crypto card
    !
    !
    IP forward-Protocol ND
    IP route 0.0.0.0 0.0.0.0 Serial0/0/0.1

    no ip address of the http server
    no ip http secure server
    !
    !
    IP nat inside source map route VPN - NAT interface overloading Serial0/0/0.1
    !
    !

    Access-list 100 * ACL NAT note *.
    access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 100 permit ip 192.168.1.0 0.0.0.255 any
    Note access-list 103 *.
    Note access-list 103 * OPEN PORTS VPN *.
    access-list 103 allow udp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq non500-isakmp
    access-list 103 allow udp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq isakmp
    access-list 103 allow esp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 103 allow ahp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 103 deny ip any one
    Note access-list 150 * ACL VPN *.
    access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    Note access-list 150 *.
    !
    route VPN - NAT allowed 10 map
    corresponds to the IP 100
    !
    control plan
    !
    !
    !
    Line con 0
    local connection
    line to 0
    line vty 0 4
    privilege level 15
    local connection
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    local connection
    transport input telnet ssh
    !
    Scheduler allocate 20000 1000
    end

    Thus, according to the display of the response of these controls.

    Ro1 (config) # sh encryption session
    Current state of the session crypto

    Interface: Serial0/0/0.1
    The session state: down
    Peer: 81.21.17.146 port 500
    FLOW IPSEC: allowed ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
    Active sAs: 0, origin: card crypto

    Ro1 (config) # sh crypto map interface serial 0/0/0.1
    "VPN" 1-isakmp ipsec crypto map
    By peer = Y.Y.Y.Y
    Extend 150 IP access list
    access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    Current counterpart: Y.Y.Y.Y
    Life safety association: 4608000 kilobytes / 86400 seconds
    Answering machine-only (Y/N): N
    PFS (Y/N): N
    Transform sets = {}
    VPN - SET: {esp-3des esp-sha-hmac},.
    }
    Interfaces using crypto card VPN:
    Serial0/0/0.1

    Thanks in advance

    No, you don't have source your ping to the LAN interface.

    In Ro1: Source of ping 192.168.2.254 192.168.1.3

    OR / of Ro2: source ping 192.168.1.3 192.168.2.254

  • I have to stay with OS10.7.5 due to software compatibility, but is it possible to update Safari to latest version during your stay on OS10.7.5

    I have to stay with OS10.7.5 due to software compatibility, but is it possible to update Safari to latest version during your stay on OS10.7.5. How this is done. Thank you very much.

    It is not possible to update Safari past 6.1.6 on Lion.

    (144969)

Maybe you are looking for