Cisco 2611 router and RADIUS

Greetings. First of all, let me start by saying that I am a fool, I know I am a fool and I apologize for wasting everyone's time. In fact, I do RTFM, RTFMs a lot, and I've yet to find a resolution.

Secondly, I am setting up a RADIUS server in my test network. I installed Yopougon RADIUS on a Windows 2000 System. I have the following Setup on my Cisco 2611 router:

With the help of 2297 off 29688 bytes

! 17:20:27 PDT configuration was last modified Tuesday, May 20, 2008

! NVRAM config update at 17:20:29 PDT Tuesday, May 20, 2008

version 12.1

no single-slot-reload-enable service

horodateurs service debug datetime localtime show-timezone msec

Log service timestamps datetime localtime show-timezone msec

encryption password service

host Tester name

logging buffered debugging 10000

AAA new-model

RADIUS AAA server group RadiusServers

ACCT-port of the server 172.26.0.2 auth-port 1812 1813

Group AAA authentication login default local RadiusServers

AAA authentication login local localauth

AAA authentication ppp default if necessary to group local RADIUS

AAA authorization exec default local radius group

RADIUS AAA authorization network default local group

AAA accounting delay start

start-stop radius group AAA accounting exec by default

start-stop radius group AAA accounting network default

AAA process 6

Select the secret xxx

test username password xxx

clock timezone PST - 8

clock summer-time recurring PDT

IP subnet zero

no ip domain-lookup

no ip bootp Server

interface Loopback0

the IP 192.168.0.1 255.255.255.0

interface Ethernet0/0

Description for the main network

address IP X.X.X.X 255.255.255.128

no ip redirection

no ip unreachable

no ip proxy-arp

NAT outside IP

full-duplex

No cdp enable

interface Ethernet0/1

Description of network internal

IP 172.26.0.1 255.255.255.0

no ip redirection

no ip unreachable

no ip proxy-arp

IP nat inside

load-interval 30

full-duplex

No cdp enable

IP nat pool test X.X.X.X-X.X.X.X netmask 255.255.255.128

IP nat inside source list 3 pool overload test

IP nat inside destination list 3 pool test

IP classless

IP route 0.0.0.0 0.0.0.0 X.X.X.X

no ip address of the http server

radius of the source interface Ethernet0/1 IP

access-list 3 permit 172.26.0.0 0.0.0.255

not run cdp

public RO 15 SNMP-server community

secret key of acct-port 1812 auth-172.26.0.2 - RADIUS server host port 1813

RADIUS server retransmit 3

key secret RADIUS server

Line con 0

password xxx

Synchronous recording

line to 0

line vty 0 4

access-class 10

1234567890 7 password

Synchronous recording

NTP-period clock 17208108

Server NTP 192.43.244.18

end

My RADIUS server is in place and respond to queries, but my router does not seem to be transferring applications to authenticate to it. In fact, when I connect to the router using HyperTerminal, it expires, and I find myself authenticate locally.

I don't really like if my Cisco equipment authenticates with the RADIUS server, but I have to get set up to authenticate my users so that I can follow their time online. What I missed in my router configuration? Therefore no transfer requests to the RADIUS Server user authentication.

Thanks for any assistance, you may be able to provide.

If you explore the authentication Proxy and it works, it could make you forget the PPPoE fast enough.

If you decide to pursue PPPoE, the following link is probably where you will find most of the information on the configuration of Cisco PPPoE:

http://www.Cisco.com/en/us/Tech/tk175/tk819/tsd_technology_support_protocol_home.html

"Providers" of Cisco forums could provide some guidance if PPPoE is achievable with your platform and environment?

Tags: Cisco Security

Similar Questions

What VPN Cisco IOS VPN and RADIUS client?

Hello community,

My company are trying to set up the remote user VPN for all of our external collaborators to the help of our existing Cisco router and a RADIUS server in Active Directory.

I did all the AAA config on the router and set up the RADIUS, but I do not know what customer buy Cisco Remote and how to set up.

Anyone who knows this set upwards or it uses can be me help please we don't lose our money (and my boss time!)?

Thanks in advance.

Paul

Paul,

AnyConnect lets connect you using IKEv2/IPsec and SSLVPN for IOS network head.

There are countless examples of configuration.

Alternatively, some clients of IKEv1/IPsec 3rd party exists and are able to connect, however is those who are not TAC (Cisco) supported. You can check the feature called ezvpn

M.

Cisco linksys router and cannot access the wireless network

We have cisco linksys wireless router. When we installed everything first, we could connect our wireless laptops to the network. Now, however, the network is detected, but there is no access to the internet. We have even a guy from ATT were out and he said that the wireless router has been installed backwards? He installed a dsl fast access on our laptop icon, and now we can access the wireless network but only if we connect as the first. We can also connect iPod to the wireless network. They detect the network, but when we enter the password cannot connect.

Hi JC_3094,

Welcome to the Microsoft Community and thanks for posting the question.

According to the description, it looks like you aren't able to access the Internet.

The likely causes of this problem is if the router is not configured properly.

Here are some steps that should help you to solve this problem.

Method 1:

Check if the router is configured properly to get access to the Internet.

Method 2:

Try the steps mentioned in this link and check:

This tutorial is designed to help you identify and solve problems with a wired (Ethernet) and wireless (Wi - Fi) network connections in Windows.

Wireless and wired network problems

http://Windows.Microsoft.com/en-us/Windows/network-connection-problem-help#network-problems=Windows-7&V1H=win8tab1&V2H=win7tab1&V3H=winvistatab1&v4h=winxptab1

Method 3:

If there is a frequent disconnection try to update the firmware on the router and check.

In addition, visit these links for more information:

Why can't I connect to the Internet?

http://Windows.Microsoft.com/en-us/Windows7/why-can-t-I-connect-to-the-Internet

Hope this information helps. Respond us if you have any questions with windows and we will be happy to help.

E2500 Cisco's router dual-band

Hello

I just install the Cisco E2500 router and set up my wireless network.

I bought the router hoping it would give me a more powerful than my old G Linksys 2.4 Ghz signal.

Using inSSider I see my router and unfortunately it seems that both the 2.4 Ghz and 5 GHz range are both at the same time. I need help. The strength of the signal under RSSI is - 60 to-57 for the 2.4 Ghz and 5 Ghz range.

I have to turn off one of these groups or what should I do to get a stronger signal?... my old Linksys router was to-50.

Help... I'm not at all intuitive on routers, but I think that I would have only one band at a time or someother setting needs to be changed in order to improve my signal strength.

Where we cut a band anyway?

Any help would be appreciated.

Thank you

Tom.

Hi GV Expert,.

Thanks for your explanation as to what is measured and its relevance.

I would like to run the test that describe you.

First; When you say to connect my computer to a single band, I say - would allow a band to achieve this result?

In addition, how do you transfer a file, we are talking about transfer between my two computers?

Thank you for your patience and your help.

Tom.

Problem with IKEv2 routes w using PSK and RADIUS

Hello

I have a 7 881 + (15.2 (4) M2) connected to a 1001 ASR (03.07.01.S) via the Internet. The goal is to set up DVTI on the ASR, use FlexVPN on the CPE and inject crypto IKEv2 itineraries in the VRF on the EP for subnets protected on the SCE when using pre-shared key for authentication and RADIUS to return the attributes.

I can get the tunnel works fine, but I can't get the cryptographic routes.

My configs:

7 881 + CPE:

Crypto ikev2 keyring Keychain-CPE

peer ASR

address

pre-shared key abcd

!

Profile of crypto ikev2 IKEV2-PROFILE-CPE

match one address remote identity 255.255.255.255

identity local fqdn cpe.ipsec.net

sharing front of remote authentication

sharing of local meadow of authentication

Keyring key chain local-CPE

DPD 30 2 periodic

!

Crypto ipsec transform-set esp - TFS-AES256-SHA-HMAC-aes 256 esp-sha-hmac

tunnel mode

!

by default the crypto ipsec profile

game of transformation-TFS-AES256-SHA-HMAC

profile ikev2 IKEV2-PROFILE-CPE

!

Crypto ikev2 client flexvpn FLEX

Peer 1

Customer inside Loopback0

customer connect Tunnel0

!

interface Loopback0

IP 255.255.255.255

!

interface Tunnel0

the negotiated IP address

source of tunnel Dialer2

ipv4 ipsec tunnel mode

dynamic tunnel destination

tunnel protection ipsec default profile

PE OF THE ASR:

Authorization group to the network IPSEC-AUTHOR of AAA AAA-GROUP-IPSEC-RADIUS

!

Crypto ikev2 60 2 dpd periodicals

!

Profile of crypto ikev2 IKEV2-PROFILE-ASR

corresponds to fvrf FVRF

match identity fqdn remote domain ipsec.net

sharing front of remote authentication

sharing of local meadow of authentication

Keyring aaa IPSEC-AUTHOR

AAA authorization user psk IPSEC-AUTHOR list

virtual-model 1

!

Crypto ipsec transform-set esp - TFS-AES256-SHA-HMAC-aes 256 esp-sha-hmac

tunnel mode

!

by default the crypto ipsec profile

game of transformation-TFS-AES256-SHA-HMAC

the value of RADU ikev2-profile

answering machine only

!

type of interface virtual-Template1 tunnel

no ip address

source of tunnel GigabitEthernet0/0/3

ipv4 ipsec tunnel mode

tunnel vrf FVRF

tunnel protection ipsec default profile

Definition of RADIUS user name:

CPE. IPSec.net

Tunnel-Password = abcd,

Framed-IP-Address = 172.16.0.254,

Box-IP-Netmask = 255.255.255.254,

Cisco-avpair = "ip:interface - config = vrf forwarding test",

Cisco-avpair = "" ip:interface - config = address ip 172.16.0.255 255.255.255.254 ","

Cisco-avpair = 'ipsec:route - value = interface',

Cisco-avpair = "ipsec:route - value prefix = 32",

Cisco-avpair = "ipsec:route - accept = any"

The tunnel interface is coming on the CPE, the virtual access interface is implemented on the ASR. I could use BGP to Exchange routing between EP and CPE information, but I want to use IKE.

I think the problem is because I don't know how to call a permission policy IKEv2 on PBS (in which I could set up a list of access for the ). But on the CPE, I have the following limitations:

I want to use PSK for authentication, but no RADIUS server is available. So, the only other option for PSK authentication is a Keyring set locally, as there is no way to use a user name defined locally (local authentication) with a set of keys.

So how can I trigger an IKEv2 authorization under the profile of IKEv2 policy?

CPE (config-ikev2-profile) list of psk #aaa user authorization?

The WORD AAA list name

If I set a local aaa authorization list, then all authentication fails:

AAA authorization network default local

Profile of crypto ikev2 IKEV2-PROFILE-CPE

by default the AAA user psk authorization list

* 15:52:27.042 Dec 20 UTC: IKEV2-3-NEG_ABORT %: negotiation failed due to the ERROR: exchange Auth failed

And there is no way to trigger that the authorization policy if I do not set the command above, is not it? I tried to modify the authorization policy by default with access list, but it is not taken into account.

If I use a card with an access-list and IKEv2 encryption, I can get directions crypto on the ASR. But I want to use FlexVPN on the CPE.

Is there a way to do this?

Also the IOS configuration guides are not too useful

Thank you

Radu

. "09:12:42.299 Dec 21 UTC: IKEv2:IKEv2 local AAA asks author ' 87.84.214.31 '.

. "09:12:42.299 Dec 21 UTC: IKEv2:IKEv2 local AAA - political ' 87.84.214.31 ' does not exist.

. 09:12:42.299 Dec 21 UTC: authorization IKEv2:IKEv2 162 error

Not sure how resembles your config, but here it says that it cannot find

ikev2 crypto 87.84.214.31 permission policy

<...>

If it is configured?

Cisco VPN Client and Windows XP VPN Client IPSec to ASA

I configured ASA for IPSec VPN via Cisco VPN Client and XP VPN client communications. I can connect successfully with Cisco VPN Client, but I get an error when connecting with the XP client. Debugging said "misconfigured groups and transport/tunneling mode" I know, they use different methods of transport and tunneling, and I think that I have configured both. Take a look at the config.

PS a funny thing - when I connect with client VPN in Windows Server 2003, I have no error. The only difference is that client XP is behind an ADSL router and client server is directly connected to the Internet on one of its public IP of interfaces. NAT in the case of XP can cause problems?

Config is:

!

interface GigabitEthernet0/2.30

Description remote access

VLAN 30

nameif remote access

security-level 0

IP 85.*. *. 1 255.255.255.0

!

access-list 110 scope ip allow a whole

NAT list extended access permit tcp any host 10.254.17.10 eq ssh

NAT list extended access permit tcp any host 10.254.17.26 eq ssh

access-list extended ip allowed any one sheep

access list nat-ganja extended permit tcp any host 10.254.17.18 eq ssh

sheep-vpn access-list extended permits all ip 192.168.121.0 255.255.255.0

tunnel of splitting allowed access list standard 192.168.121.0 255.255.255.0

flow-export destination inside-Bct 192.168.1.27 9996

IP local pool raccess 192.168.121.60 - 192.168.121.120 mask 255.255.255.0

ARP timeout 14400

global (outside-Baku) 1 interface

global (outside-Ganja) interface 2

NAT (inside-Bct) 0 access-list sheep-vpn

NAT (inside-Bct) 1 access list nat

NAT (inside-Bct) 2-nat-ganja access list

Access-group rdp on interface outside-Ganja

!

Access remote 0.0.0.0 0.0.0.0 85.*. *. 1 2

Route outside Baku 10.254.17.24 255.255.255.248 10.254.17.10 1

Route outside Baku 192.1.1.0 255.255.255.0 10.254.17.10 1

Outside-Baku route 192.168.39.0 255.255.255.0 10.254.17.10 1

Route outside-Ganja 192.168.45.0 255.255.255.0 10.254.17.18 1

Route outside-Ganja 192.168.69.0 255.255.255.0 10.254.17.18 1

Route outside-Ganja 192.168.184.0 255.255.255.0 10.254.17.18 1

Route outside Baku 192.168.208.16 255.255.255.240 10.254.17.10 1

Route outside-Ganja 192.168.208.112 255.255.255.240 10.254.17.18 1

dynamic-access-policy-registration DfltAccessPolicy

Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT

Crypto ipsec transform-set newset aes - esp esp-md5-hmac

Crypto ipsec transform-set esp-3des esp-md5-hmac vpnclienttrans

Crypto ipsec transform-set vpnclienttrans transport mode

Crypto ipsec transform-set esp-3des esp-md5-hmac raccess

life crypto ipsec security association seconds 214748364

Crypto ipsec kilobytes of life security-association 214748364

raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map

vpnclientmap 30 card crypto ipsec-isakmp dynamic dyn1

card crypto interface for remote access vpnclientmap

crypto isakmp identity address

ISAKMP crypto enable vpntest

ISAKMP crypto enable outside-Baku

ISAKMP crypto enable outside-Ganja

crypto ISAKMP enable remote access

ISAKMP crypto enable Interior-Bct

crypto ISAKMP policy 30

preshared authentication

3des encryption

md5 hash

Group 2

life 86400

No encryption isakmp nat-traversal

No vpn-addr-assign aaa

Telnet timeout 5

SSH 192.168.1.0 255.255.255.192 outside Baku

SSH 10.254.17.26 255.255.255.255 outside Baku

SSH 10.254.17.18 255.255.255.255 outside Baku

SSH 10.254.17.10 255.255.255.255 outside Baku

SSH 10.254.17.26 255.255.255.255 outside-Ganja

SSH 10.254.17.18 255.255.255.255 outside-Ganja

SSH 10.254.17.10 255.255.255.255 outside-Ganja

SSH 192.168.1.0 255.255.255.192 Interior-Bct

internal vpn group policy

attributes of vpn group policy

value of DNS-server 192.168.1.3

Protocol-tunnel-VPN IPSec l2tp ipsec

Split-tunnel-policy tunnelspecified

Split-tunnel-network-list value split tunnel

BCT.AZ value by default-field

attributes global-tunnel-group DefaultRAGroup

raccess address pool

Group-RADIUS authentication server

Group Policy - by default-vpn

IPSec-attributes tunnel-group DefaultRAGroup

pre-shared-key *.

Hello

For the Cisco VPN client, you would need a tunnel-group name configured on the ASA with a pre-shared key.

Please see configuration below:

http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805734ae.shtml

or

http://tinyurl.com/5t67hd

Please see the section of tunnel-group config of the SAA.

There is a tunnel-group called "rtptacvpn" and a pre-shared key associated with it. This group name is used by the VPN Client Group name.

So, you would need a specific tunnel-group name configured with a pre-shared key and use it on the Cisco VPN Client.

Secondly, because you are behind a router ADSL, I'm sure that's configured for NAT. can you please activate NAT - T on your ASA.

"crypto isakmp nat-traversal.

Thirdly, change the transformation of the value

raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map

Let me know the result.

Thank you

Gilbert

LAN does not work when the Cisco E1000 router hangs

Original title: Download sp3

Remember - this is a public forum so never post private information such as numbers of mail or telephone! I bought recently a new Cisco E1000 router. My computer is a laptop model Lenovo 0769.

I am running windows XP with sp2. The cisco software requires sp3. I called support of cisco and even they couldn't get to download sp3. My network is wireless on the router and I had to install from another laptop computer on the system. My LAN does not work when hooked. What do you suggest to me.

Ideas:
- You have problems with programs
- Error messages
- Recent changes to your computer
- What you have already tried to solve the problem
Hi mdenrique,

1. what exactly do you mean by LAN (Local Area Network) does not work? You get the error message?

If you have not installed Service Pack 3, try the following steps:
Step 1: Download Service Pack 3
see How to obtain the latest Windows XP service pack .
b. scroll the window and click on "Download now the Windows XP Service Pack 3 package" to download the service pack.
c. save the file on the desktop.

Step 2: Install Service Pack 3
a. open the file downloaded and follow the instructions in the wizard to complete the installation.
b. restart the computer once the installation is complete.

For more information, see steps to take before you install Windows XP Service Pack 3

Note: Once you have installed service pack 3, install the router and check if the problem persists.

Step 3: To troubleshoot LAN, run home and small Office Networking Troubleshooter
a. Click Start and then click Help and Support.
b. under Pick a help topic, click Network and Internet.
c. under network and the Web, click on resolution of networking or Web problems and then click on home and small Office Networking convenience store.
d. answer the questions in the troubleshooter to try to find a solution.

For more information, see the following articles:
1 see How to troubleshoot a network in Windows XP
2 see two resources to solve the problems of connection network in Windows XP

Visit our Microsoft answers feedback Forum and let us know what you think.

Computer connection on another printer on cisco valet router

I have a router (R1) provided by Verizon that connects me to the internet. Also connected to this router (R1) is a computer (PC1) and also my Cisco Valet (R2), which gives me connections wireless. Connected to the M20 Highway Cisco is a wireless (PC2) laptop and a printer wireless HP (PR1). Even if the Cisco M20 (R2) is connected to the internal network from Verizon (R1), PC (PC2) and printer (PR1) are on the internal network of Cisco (R2). I want (PC1) to be able to view and print to printer (PR1), but (PC1) on the router (R1) does not see printer (PR1). Laptop computer (PC2) also on Cisco (R2) can see and print it on the printer (PR1) very well, so wireless is not the issue. The issue is that PC1 must pass through and see PR1.

PC1 <-->R1 R2 <--> <-->PR1

If anyone can help with the configuration of the router. Thank you.

What is the IP address of the main router and router M20?

Ensure that both routers are in the same IP range.

R1 is connected to the internet port M20?

You connect 2 routers to each other. Use M20 as a wireless access point.

Consider that the IP address of the main router is 192.168.1.1.

Then change the local IP address of the M20 to 192.168.1.2. Disable the DHCP server on the M20.

Connect the cable to the R1 to the port Ethernet 1 M20. In this way all devices will be in the same IP range.

Cisco Wireless router model WRT120N guard give up Internet connection

My wireless router will work for 6-8 hours, and then remove the connection to the internet. I switch the modem and the router several times to re-establish the connection. I'm also using a Netgear Access Point.

I use:

Charter high-speed Internet

Motorola Modem

Model Cisco WRT120N router

Parameters

Mixed-mode

Channel Auto width - 20 MHz or 40 MHz

Security - Personal WPA2

Disabled SSID broadcast

Firmware Version v1.0.04

Automatic connection Type - Conf DHCP

Beacon interval - 50

Fragmentation threshold 2304

RTS threshold 2304

All other settings are default.

When I unplug the modem to the router and plug it on the desktop I have internet service.

The connection is also falling only on wired or wireless?

Try to update the firmware on your router.
Connect to the computer with the Ethernet cable to the router.
Download the latest firmware from the site Web of Linksys and save it to your computer. Open the router configuration page. Click the Administration tab and switch to the sub tab upgrade the Firmware through the firmware file that you have already downloaded and update on your router.
After upgrading the firmware on the router, it is recommended that you must reset the router and reconfigure. Press and hold the reset button on the router for 30 seconds. Release the reset button and wait 10 seconds. Power cycle the router and reconfigure.

Cisco 1921 router default password invalid

Hi all

I am facing a weird problem where after the reset of the router Cisco 1921, I am trying to connect using the default name "cisco" and the password "cisco".

and I get the error message no valid password.

I hard reset the router using the key in the back.

Can someone help me solve this error. Its frustrating when you can't even connect on a new router

Thank you!!

Some devices are configured with the old password. If you log on to these credentials and save the configuration, the default password is cleared. If you have set a new password, you'll end up with an inaccessible area. This avoids the production of devices with the default manufacture password and being exposed.

You need to do a password recovery procedure.

(1) connect the console to the device
(2) turn on the device
3) press ctrl + break until you are in rommon mode

Type confreg 0 x 2142 to the rommon 1 > fast to boot from Flash.

This step allows you to bypass the startup configuration where passwords are stored.

Type of reset to the rommon 2 > prompt.

The router restarts, but does not take into account the stored configuration.

Type no after each Setup question, or press Ctrl-C to skip the initial configuration process.

Type for the router > prompt.

You are in enable mode and should see the Router prompt #.

Because this is a new router without previous configuration is not really necessary to restore the last saved configuration. But if you'd: copy start run

WARNING: Do not enter the copy running-config startup-config or write. These commands erase your startup configuration.

Type configure terminal.

The hostname (config) # prompt is displayed.

Type enable secret in order to change the enable secret password. For example:

hostname (config) secret #enable YourPassword

Restore the previous value of the conf-reg:
hostname (config) #config - register 0 x 2102

If you did a copy start run, you must also configure a new user:

Youruser yourpassword username secret

And of course: save your configuration

Do not forget to rate helpful messages ;)

Sent by Cisco Support technique iPad App

Problem starting the Cisco 2821 router

Hello world

I have cisco 2821 router. I am facing problem starting.

someone suggest me what is the problem.

Thanks in advance...

VERSION of the SOFTWARE system Bootstrap, Version 12.4 (13r) T, (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.

The ECC memory initialization
.
C2821 platform of 262144 KB of main memory
Main memory is configured for 64-bit with ECC active

ReadOnly initialized ROMMON
load complete, point of entry to the program: 0x8000f000, size: 0xcb80
load complete, point of entry to the program: 0x8000f000, size: 0xcb80

load complete, point of entry to the program: 0x8000f000, size: 0x26bc2cc
Decompression of self-image: #.
################################################################################
################################################################################
################################################################################
################################################################################
################################################################# [OK]

Smart init is enabled
Smart init is sizing iomem
MEMORY_REQ TYPE ID
0003E8 0X003DA000 C2821 Mainboard
1A 0X0025178C E3 0001AB
0X00263F50 VPN on board
0X000021B8 embedded USB
Swimming pools public buffer 0X002C29F0
Swimming pools public particle 0 X 00211000
TOTAL: 0X00D65284

If all memory conditions above are
"UNKNOWN", you could use a non supported
configuration or there is a software problem and
the system may be compromised.
Rounded IOMEM to: 14 MB.
Using iomem of 5 percent. [14 mb / 256Mb]

Legend restricted rights

Use, duplication, or disclosure by the Government is
subject to such restrictions as set out in paragraph
(c) Commercial - limited computer software
The rights to FAR clause 52.227 - 19 and subparagraph s
(c) (1) (ii) rights to technical and computer data
Clause of DFARS 252.227 - 7013 section software.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4 T7 (9)
Version of the SOFTWARE (fc3)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Last updated Friday, January 10 08 16:35 by prod_rel_team
Image text-base: 0x400B1E74 database: 0x434A9AC0

ERROR detected on Bus PCI1
Try REINSTALLING all the modules in the system
pci1_int_cause 0 x 00000240,
pci1_err_addr 0 x 00091009, pci0_err_cmd 0x0000000A
PCI Master Read parity error
Abort target PCI

R0 = r1 = r2 FFFFFFFF FFFFFFFF = 0 r3 = 45 80000 r4 = 0
R5 = 303 r6 = 0 A7 = 1 = 0 = 100000 r9 r8
R10 = 0 r11 = 465E4369 r12 = 0 r13 = 465E436A r14 = 0
R15 = r16 r17 8 = 0 = C100 r18 = 0 r19 3400 101 =
R20 = r21 0 = 40096828 r22 = FFFFFFFF r23 = r24 FFFF00FF = 0
R25 = 469AAC64 r26 = 0 = 469AAC60 r28 = 0 = 469AAC5C r29, r27
R30 = 0 r31 = 469AAC58 r32 = r33 FFFFFFFF = r34 = FFFFFFFF FFFFFFFF
R35 = r36 = r37 = r38 = r39 FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF = FFFFFFFF
R40 = FFFFFFFF = FFFFFFFF = FFFFFFFF = FFFFFFFF r44 r43 r42 r41 = FFFFFFFF
R45 = r46 = r47 = r48 FFFFFFFF FFFFFFFF FFFFFFFF = r49 0 = 469AACD0
R50 = 0 0 = 0 r53 r51 = r52 = 3040A 801 r54 = FFFFFFFF
R55, r56 = FFFFFFFF = FFFFFFFF r58 r57 A000F000 = = 0 = 465E4358 r59
R60 = r61 = r62 FFFFFFFF FFFFFFFF = r63 = 0 402E4B10
GENS = 3400 103 mdlo_hi = my 0 = 251 00
mdhi_hi = 0 = 0 badvaddr_hi = FFFFFFFF mdhi
BadVAddr = cause = epc_hi 0 = FFFFFFFF FFFFFFFF
EPC = 402E4B08 err_epc_hi = err_epc FFFFFFFF = FFFFFFFF

ERR-1-FATAL %: interruption of the fatal error, reload
err_stat = 0 x 0

= Posts from Flushing (02: 37:51 UTC Wednesday, may 18, 2016) =.

Messages in queue:

02:37:51 UTC Wednesday, may 18, 2016: interrupt exception, signal CPU 22, PC = 0 x 0

--------------------------------------------------------------------
Software fault possible. On reccurence, you perceive
crashinfo, 'show tech' and contact Cisco Technical Support.
--------------------------------------------------------------------

-Trace =
$0: 00000000, AT: 00000000, v0: 00000000, v1: 00000000
A0: 00000000, a1: 00000000, a2: 00000000, a3: 00000000
T0: 00000000, t1: 00000000, t2: 00000000, t3: 00000000
T4: 00000000, t5: 00000000, t6: 00000000, t7: 00000000
s0: 00000000, s1: 00000000, s2: 00000000, s3: 00000000
S4: 00000000, s5: 00000000, s6: 00000000, s7: 00000000
T8: 00000000, t9: 00000000, k0: 00000000, k1: 00000000
GP: 00000000, sp: 00000000, s8: 00000000, ra: 00000000
EPC: 00000000, ErrorEPC: 00000000, GENS: 00000000
MY: 00000000, MDHI: 00000000, BadVaddr: 00000000
CacheErr: 00000000, DErrAddr0: 00000000, DErrAddr1: 00000000
DATA_START: 0X434A9AC0
Cause 00000000 (Code 0 x 0): Exception of interruption

Writing crashinfo in flash: crashinfo_20160518-023752
No reboot to warm storage
System received a system error *.
signal = 0 x 16, code = 0x0, context = 0 x 46905718
PC = 0x40096d7c, Cause = 0 x 20, State Reg = 0 x 34008002

Software Cisco IOS, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4 (9)T7
Version of the SOFTWARE (fc3)

OK, the router is running on a train of "T".

ERROR detected on Bus PCI1
Try REINSTALLING all the modules in the system
pci1_int_cause 0 x 00000240,
pci1_err_addr 0 x 00091009, pci0_err_cmd 0x0000000A
PCI Master Read parity error
Abort target PCI

Remove any all NM/NME or WIC/HWIC cards and restart again. If the router is able to start properly, upgrade the router to a higher version. DO NOT use another "T" train if it is needed. Use instead a train of "M".

Cisco 850 routing issues

I am trying to configure a cisco 850 router but I can't do a ping to the outside world of Vlan1. show running-configLooks follow

Current configuration : 5563 bytes!! Last configuration change at 15:33:02 UTC Sat Aug 13 2016 by ciscoversion 15.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname fw2.myfw.tld!boot-start-markerboot-end-marker!!logging buffered 51200 warnings!aaa new-model!!!!!!!aaa session-id commonwan mode ethernet!!!ip dhcp excluded-address 10.10.10.1ip dhcp excluded-address 192.168.1.1ip dhcp excluded-address 129.x.x.5!ip dhcp pool ccp-pool import all network 192.168.1.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4  default-router 192.168.1.1  lease 0 2!         !         !         ip domain name mydomain.tldip name-server 8.8.8.8ip name-server 8.8.4.4ip cef    no ipv6 cef!         !         !         !         crypto pki trustpoint TP-self-signed-1017650632 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1017650632 revocation-check none rsakeypair TP-self-signed-1017650632!         !         crypto pki certificate chain TP-self-signed-1017650632 certificate self-signed 01  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030   31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274   69666963 6174652D 31303137 36353036 3332301E 170D3135 30343037 31303536   30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649   4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30313736   35303633 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281   81008B15 A50BCE53 C1A10611 78247737 97E31A5D 653AF401 024B244B F96B48E0   0A1B41EE 16FBFDD1 46F2E1E2 1329D2C6 EEFBCF5B 217DE650 7D2729B0 266008F3   AC4565EA 53D7FA5B 35761F14 6FBDCFAC 24994667 CB0311A9 7FE25580 7D9564C3   BFE10A4A F5F57C4F C4E18EC9 19874BCA 03127F56 252D04B8 9465A23F FBB9045B   D9EF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603   551D2304 18301680 146EAE54 B0C95DC2 0561F596 BC47E94B EF80617E F9301D06   03551D0E 04160414 6EAE54B0 C95DC205 61F596BC 47E94BEF 80617EF9 300D0609   2A864886 F70D0101 05050003 81810014 F5B63E51 AD80D4A0 3230E94D 3D1BE457   5D7CF78D 3C911F32 C7238D24 4A8C84D5 D5D4F744 EA2FFD5C 4A40E7A1 A517BFE3   10CC6078 5F446A15 F60EA41E 08C688AF A7834485 0991C739 F3CA38FE CFAA31E2   C72031C1 BAEFA756 719E4903 705C98A7 E20CB004 6FC82D22 D4E62E0C DBA54481   F6A68B3D AA905352 DD76B19F CD4190        quit!         !         username cisco password 0 somepasswordusername admin privilege 15 secret 5 $1$JJZR$kw8yTTHkjUGKIfB8sQiyJ0!         !         controller VDSL 0 shutdown !         ip telnet source-interface Vlan1ip ssh port 2222 rotary 1ip ssh source-interface Vlan1ip ssh rsa keypair-name 1024!         !         !         !         !         !         !         !         !         !         !         !         interface ATM0 no ip address shutdown  no atm ilmi-keepalive!         interface Ethernet0 no ip address shutdown !         interface FastEthernet0 no ip address!         interface FastEthernet1 no ip address!         interface FastEthernet2 no ip address!         interface FastEthernet3 no ip address!         interface GigabitEthernet0 no ip address!         interface GigabitEthernet1 description PrimaryWANDesc_WAN interface ip address 129.x.x.5 255.255.255.0 duplex auto speed auto!         interface Vlan1 description $ETH_LAN$ ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.1.254 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1412!         ip forward-protocol ndip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000!         !         ip dns serverip nat inside source list nat-list interface GigabitEthernet1 overloadip route 0.0.0.0 0.0.0.0 GigabitEthernet1!         mac-address-table aging-time 15no cdp run!         !         !         banner exec ^C% Password expiration warning.-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for  one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to use.

-----------------------------------------------------------------------^C        banner login ^C-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.   

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp -----------------------------------------------------------------------^C        !         line con 0 no modem enableline aux 0line vty 0 4 access-class 23 in privilege level 15 transport input telnet ssh!         scheduler allocate 60000 1000!         end

I am connected via the port console of the router and can ping the outside world only from port GigaEthernet1 whose IP address129.x.x.5

Clients that connect on VLan1 get IP addresses in the range of 192.168.1.0/24 and these clients can ping each other, the gateway that is 192.168.1.1 and the GigaEthernet1 that has the intellectual property129.x.x.5

What's not in this case? Any suggestion is appreciated the most.

@[email protected] / * /;

Thanks for your post. I had a look at your configuration, and it is great that you are a few short steps on your NAT is why it does not work. Please follow the steps below in order to get this work properly.

1. first of all, let us remove the old configuration NAT then back to a clean slate with the following commands.

no ip nat inside source list nat-list interface GigabitEthernet1 overloadclear ip nat translation *

2. now, we will create a list of access control allows for NAT traffic and create the new NAT statement for that tie together. * NOTE: If the version of IOS, you are running requires mask rather than generic then change 0.0.0.255 to 255.255.255.0.

access-list 100 permit ip 192.168.1.0 0.0.0.255 anyip nat inside source list 100 interface GigabitEthernet1 overload

3. the next step is to specify the logical role of the interfaces in question, whether they are 'inside' or ' outside'.

interface vlan1 ip nat inside exitinterface GigabitEthernet1 ip nat outside exit

4. Finally, save us the configuration and reload.

copy run startreload

After the unit is returned as a result of charging, please try again. In some cases - depending on the version of the IOS, you have to ping the outside world from a computer on the local network rather than just sourcing of the interface VLAN. Try this back and forth, and let me know how get you there. I can't wait to hear back.

Kind regards

Luke Oxley

Please evaluate the useful messages and mark the correct answers.

I'm losing configuration when I turned off my Cisco 857 router

I bought the new router Cisco 857 of the shop. Router must have been used before as I couln can't go inside with name of user and password default cisco/cisco.

Well I followed digital and reset the password for the user name and password. Now I have finally connected to Cisco CP express on my IE browser.

I discovered that someone was using a router in the shop that's why I countries: ' t log in to him in the first place. In any case the problem is that when I changed my configuration and applies the settings he remembers until I turned off. When I turn on again he remembers all the parameters of this shop.

He returned everything back: IP address, former account to level 15 and password - just like after the password reset.

I tried again and he again lost the settings. So I found instructions:

http://www.Cisco.com/en/us/products/HW/routers/ps233/products_tech_note09186a00800a65a5.shtml

I followed it and changed once again all the settings of the router. My settings are still lost after the power on/off. I noticed that when I do everything first bit it shows

0x2102 not 0x2142 like they think that is password reset mode.

Here is my output from Hyper Terminal:

=============================

Cisco#enable

Cisco#show start

Using 3359 out of 131072 bytes

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname Cisco

boot-start-marker

boot-end-marker

logging buffered 51200 warnings

enable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.

no aaa new-model

crypto pki trustpoint TP-self-signed-3185909327

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3185909327

revocation-check none

rsakeypair TP-self-signed-3185909327

crypto pki certificate chain TP-self-signed-3185909327

certificate self-signed 01 nvram:IOS-Self-Sig#5.cer

dot11 syslog

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.248

default-router 10.10.10.1

lease 0 2

ip cef

no ip domain lookup

ip domain name molinary.com

username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.

username username privilege 15 password 0 password