Cisco SSM 10 assignment IP to the interface

Similar Questions

• Cisco ASA 5510 L2L VPN on the backup interface

  OK, here is what I have and I even if I knew how to do this, but it has not worked for me.  I hope someone out there can help you.

  I have an ASA 5510 running 8.4 with double configuration of ISPs on 2 different interfaces: outside (primary), backup (backup).  I also have a site to site VPN ASA another in another city.  The VPN is now configured on the external interface and works very well.  What I wanted to do, is to make the VPN running on backup interface only.

  So, I changed the card encryption on the remote side to use the backup interface IP and created a tunnel-group for her.  Then, I created a map encryption for backup interface and activated ikev1 on it.  The default route is configured to use the external interface, so I created a static route that routes traffic destined for the external interface of the remote side to the backup interface default gateway.  I can get to establish tunnels, but no traffic passes through them.  I have however while I need a NAT device for the tunnel traffic to I created a NAT so but still no transmitted traffic.  I tried the packet - trace and he said: the traffic was allowed and show its crypto ipsec command, I see the configuration of the tunnel, but no traffic will pass through it.  Can anyone help?

  Ben,

  you use a code to version 8.4, I recommend starting by removing the config NAT statements at both ends. This version does not have the NAT and control, and if you don't need... I've seen instances with 8.4 (3) where a NAT even though apparently correct was causing not to pass through the traffic.

  Site A:

  NAT (inside, backup) source static obj-SiteALAN obj-SiteALAN static obj-SiteBLAN obj-SiteBLAN

  Site b:

  NAT (inside, outside) source static obj - 192.168.5.0 obj - 192.168.5.0 destination static obj - 192.168.3.0 obj - 192.168.3.0

  If possible, you should increase your AES encryption, but this is a personal point of view and should not stop the traffic through the links. You should be able to see the counters for the data transmitted / received are these incrementing?

  Do you have the ACLs that are from the inside to the outside and internal interface to the Interface of backup (duplicated.

  In this model, the control is the routing.

  Best regards

  Ju

  http://helpamunky.WordPress.com/

• All traffic Vlan to the Interface of the Proxy Server

  Hello!

  I need little help to route all the traffic on VLAN to the proxy server.

  I have different VLANS on switches L2 200-26 and by 300-28-L3 for routing.

  I have already created VLANs and able to rout them, but facing problem for routing traffic to the interface proxy for internet access.

  I have different VLAN for example Vlan 10, 10.10.10.0/24 sales, Vlan20 10.10.20.0/24 Marketing. I have trunk between switches interfaces and default 1U is the same on all switches.

  My proxy server has two NICs, one is connected to a dsl modem and other one to the switch port that uses the IP 192.168.0.2 to default vlan1.

  I am able to surf the internet using vlan1 but not on ther VLAN.

  I put the route defaults to the switch of 192.168.0.2, but don't not routing for internet to another VLAN.

  Thank you

  Hello

  To answer your questions:

  1. I have to update the following files?

  https://software.Cisco.com/download/release.html?mdfid=283019617&release...

  Yes, please let me know what firmware and boot code, that you have right now and I'll tell you what is the best way for you to upgrade because you shouldn't go straight to the latest firmware unless you run already 1.3.5.58 or later version.

  2. it supports to 8 dhcp pools. I have swimming pools, but I have more than 8 VLAN. I put all the settings, works very well.

  You are right and I forgot to mention the limitation of only 8 DHCP pools, I'm sorry. That being said, make sure that your current DHCP server uses IP addresses assigned to each VLAN on the switch as the gateway by default for the VLAN respective.

  3 for the Proxy Server, I need to find a way to point back roads of VLAN to vlan mapping static address on the switch. I'm confused in this little piece.

  I understand that this can be confusing, let me see if I can explain it a little better.

  Assuming that everything on the switch is configured according to my recommendations can

  1. you need a single, a route by default on the switch, so that when a PC is connected to one of VLAN on she tries to go online, an unknown IP address to the switch, it will send it to the Ip address of the router, because the proxy server will be able to reach this IP public, unknown to any Web site.

  2 - when the traffic is back to this Web site, it will be intended for another subnet that the proxy server is on. Suppose the answer is looking for 10.10.10.100 (subnet unknown to the proxy server), without a static route on the proxy server it say where to send this traffic, packets are simply deleted.

  3. you need to create as many static routes on the proxy server as the amount of VIRTUAL LANs, you have on your network.

  For now I know that the proxy server is 192.168.0.2 on VLAN 1 but I don't know what the IP address of the switch is on the same VLAN, it should be something on the 192.168.0.x range.

  All journeys should look like this:

  10.10.10.1 255.255.255.0 send 192.168.0.x (IP address of the switch on the VLAN 1)

  10.10.20.1 255.255.255.0 send 192.168.0.x (IP address of the switch on the VLAN 1)

  Alternatively, if all your internal VIRTUAL local networks are on the beach of 10.10.x.x then you should be able to create a single rule to summarize all the VLAN as this:

  10.10.1.1 255.255.0.0 send 192.168.0.x (IP address of the switch on the VLAN 1)

  Please let me know if it was a little clearer.

  Feel free to ask any questions.

• SG300-20 - configure DHCP on the interface VLAN

  I have read the different partners of the discussions on the SG300 and SG500 going on regarding the high setting of VLAN and DHCP on VIRTUAL networks.  For some reason, I could not get even this simple task to work.

  First thing I did was update my version firmware and boot as follows:

  SW version 1.3.7.18 (date of 12 January 2014 time 18:02:59)

  Start the 1.3.5.06 version (dated 21 July 2013 times 15:12:10)

  HW version V02

  When I rebooted the SG300 after the SW/Boot updates the boot configuration has been crushed and I had to configure my switch from scratch.  The intention is to have two VIRTUAL networks:

  VLAN 1: all the devices, servers, etc.

  VLAN 2: subnet basis which distributes DHCP addresses

  The SG300-20 is connected to a router Asus RT-AC66U on the 192.168.1.x subnet and provides access to the internal network and WiFi access (IP address of the router is 192.168.1.1 and the default gateway).  Everything works without any problem.  So my task is simply to create 2 VLANS on 192.168.2.x subnet and use DHCP to assign addresses.  I spent many hours on it and I still can't get it to work.  When I connect a laptop to the port (GI8) assigned to 2 VLANS, I end up finding a few wobbly 169.254.x.x address.  I definitely thought something would not 'easy' that hard to set up, but apparently I was wrong.

  The SG300 is running in mode L3 as shown in my running-config below.

  Someone gets to see something which could prevent my client from the laptop to receive the interface VLAN 2 DHCP IP addresses that are not on the 192.168.2.x subnet?

  Any ideas / suggestions would be greatly appreciated!

  Here's my running-config:

  config-file-header
  MYSTICSW1
  v1.3.7.18 / R750_NIK_1_35_647_358
  CLI v1.0
  router adjustment system mode

  SSD of encrypted file indicator
  @
  SSD-control-start
  config of SSD
  control of password file unrestricted SSD
  no control of the integrity of the file ssd
  SSD-control-end cb0a3fdb1f3a1af4e4430033719968c0
  !
  database of VLAN
  VLAN 2
  output
  Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
  Add a voice vlan Yes-table 00036 b Cisco_phone___
  Add a voice vlan Yes-table 00096e Avaya___
  Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
  Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
  Add a voice vlan Yes-table 00d01e Pingtel_phone___
  VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
  Add a voice vlan Yes-table 00e0bb 3Com_phone___
  Hello interface range vlan 1
  hostname MYSTICSW1
  host 192.168.1.15 record
  logging source hostname id
  username privilege 15 b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 encrypted password cisco
  location of the SNMP-Server Office
  clock timezone ""-5
  DST Web recurring U.S. clock.
  clock source sntp
  unicast SNTP client enable
  unicast SNTP client survey
  survey of 192.168.1.10 SNTP server
  !
  interface vlan 1
  IP 192.168.1.254 255.255.255.0
  no ip address dhcp
  !
  interface vlan 2
  name MysticWAN
  192.168.2.254 IP address 255.255.255.0
  !
  interface gigabitethernet8
  switchport mode access
  switchport access vlan 2
  !
  output
  Default IP gateway 192.168.1.1

  Thanks in advance!

  Clint Lambert

  Clint, please see this post

  https://supportforums.Cisco.com/message/4178990#4178990

  -Tom
  Please mark replied messages useful
  http://blogs.Cisco.com/smallbusiness/

• IP overlapping between VPN remote access and within the interface

  Hi all

  I tried to replace an ASA and configured vpn for remote access using cisco VPN client.

  Remote access users are not able to access within the network, but have no problem accessing the network through a VPN site-to site.

  One thing to note is that remote access VPN users are assigned an ip address of 10.X.3.1 - 10.X.3.200 mask 255.255.255.0. The inside interface is on 10.X.1.2 255.255.0.0.

  Remote access users will have no problem to access within the network if the pool of the vpn client is changed to 192.168.1.1 to 192.168.1.100.

  ASA errors

  6 January 7, 2012 16:25:08 302013 10.X.3.1 27724 3389 10.X.1.66 built of TCP connections incoming 20940 for outside:10.X.3.1/27724 (10.X.3.1/27724)(LOCAL\Cisco) at inside:10.X.1.66/3389 (10.X.1.66/3389) (Cisco)

  6 January 7, 2012 16:25:08 106015 10.X.1.66 3389 10.X.3.1 27724 Deny TCP 10.X.1.66/3389 to 10.X.3.1/27724 flags SYN ACK on dmz interface (no link)

  I understand that the overlap between access ip address range remote vpn network interface network and inside will cause routing problems, but why the syn - ack makes its appearance in the DMZ interface? The interface of the DMZ is on ip address 172.16.Y.1 255.255.255.0.

  I intend to reduce the interface 10.X.0.0 255.255.254.0 inside if it is in fact a routing problem due to the IP address that overlap, but I understand why the syn - ack comes from the dmz interface and the diagnosis of the problem is correct. I check with the customer and was informed that the existing design works on an another ASA with no such problems.

  I agree what you said and also tried, but it does not work.

  http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00807e0aca.shtml#overlap

  Solution, that you already know

  Solution

  Always ensure that the IP addresses in the pool should be assigned to VPN, network clients internal head unit and the internal network to the VPN Client must be in different networks. You can assign the same major network with different subnets, but sometimes the routing problems.

  Thank you

  Ajay

• ASA5505 inscription on SSL cert error when applied to the interface?

  Created a CSR, gets the certificate files, the downloaded ASA505.   Three certificates in the CA certificates; the one in the certificate of identification.  Everything seems all just wonderful.  "Now use the SSL certs: in trying to associate the certificate with the Interface in the SSL settings section, we get an error"

  [OK] ssl encryption rc4-aes128-sha1 aes256-3des-sha1 sha1 sha1
  [ERROR] ssl trust-point ASDM_TrustPoint5 outside
  Trustpoint are not registered.  If please register trustpoint and try again.

  The cert will appear in the drop-down selection, why the error?  How do I delete it?

  Hi Stewart Buswell,

  I have seen this problem when starting the CSR request through the CLI by using the configuration of the terminal of registration and then going to the ASDM and adding the identity certificate without using the command crypto ca enroll through the CLI.

  In this case, if you use the CLI/ASDM you can follow this guide:

  http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

  And the way to solve this problem will be generation a new CSR on the ASDM using the same key pair and install the certificate on this trustpoint. After you apply the cert to the ssl, you can remove the old one which was not.

  Hope this info helps!

  Note If you help!

  -JP-

• create a description of the interface if no ip address received from the dhcp server

  Hi Experts,

  I would like to create simple script revved my interface isn't getting an IP address, it will add the description of this interface. I tried writing but no luck. BTW, this is my first attempt of EEM. Thanks in advance...

  Event Manager applet change-address_2
  model event syslog "DHCP_Description."
  order cli action 001 'enable '.
  action 002 cli command "show int G0/0 | address Internet Inc. will be negotiated"
  football action 003 cli match $_cli_result
  action 004, «config t» cli command
  005 action, command cli "int g0/0".
  action 006 cli "description of the command NO IP ASSIGN"

  I built a task of laboratory for this kind of thing for CiscoLive.  In the laboratory, a static IP address is assigned to the interface, but it's easy to change to simply put a description.  The following policies:

  "event Manager environment q.
  Dhcp-intf-up applet event handler
  event syslog LINEPROTO.*GigabitEthernet0/0,.*changed state model up to
  order cli action 001 'enable '.
  action 002, «config t» cli command
  action 003 cli command "event manager applet dhcp-intf-timer."
  action 004 cli command 'event timer countdown 60 '.
  005 action, command cli "action 1.0 cli command enable."
  action 006 cli command "action 2.0 cli command $q config t$ q.
  action 007 cli command "action 3.0 $q interface cli command Gi0/0$ q.
  action 008 cli command "action 4.0 cli don't command $q description NO ATTRIBUTION of IP $q.
  action 010 cli command "action 6.0 cli don't command $q no event manager applet dhcp-intf-timer-disable$ q.
  action 011 cli command "action 7.0 cli don't command $q no event manager applet dhcp-intf-timer$ q.
  action 012 cli command "event manager applet dhcp-intf-timer-disable.
  action 013 cli command "syslog events model $q%DHCP-6-ADDRESS_ASSIGN:.*GigabitEthernet0/0 $q.
  action, command cli 014 'action 1.0 cli enable command '.
  action 015 cli command "action 2.0 cli command $q config t$ q.
  action 016 cli command "action 3.0 cli don't command $q no event manager applet dhcp-intf-timer$ q.
  action 017 cli command "action 4.0 cli don't command $q no event manager applet dhcp-intf-timer-disable$ q.
  action 018 cli command 'end '.

• No access to the interface of the ASA by behind the other is

  Hello

  I am faced with the issue of not being able to access the interface of "dmz" behind the interface 'internet '.

  Here is a brief description of the topology:

  

  List entry on the internet access "," allows for 1xx.xxx.172.1 traffic.

  No nat is configured between these interfaces.

  The routing is OK because hosts on the DMZ network are accessible from the Internet.

  The software version is 9.1 (3).

  Security level of the interfaces is the same.

  Security-same interface inter traffic is allowed.

  Here's what packet trace says:

  tracer # package - entry internet udp 7x.xxx.224.140 30467 1xx.xxx.172.1 det 500

  Phase: 1
  Type:-ROUTE SEARCH
  Subtype: entry
  Result: ALLOW
  Config:
  Additional information:
  identity of the 255.255.255.255 1xx.xxx.172.1

  Phase: 2
  Type:-ROUTE SEARCH
  Subtype: entry
  Result: ALLOW
  Config:
  Additional information:
  identity of the 255.255.255.255 1xx.xxx.172.1

  Result:
  input interface: internet
  entry status: to the top
  entry-line-status: to the top
  the output interface: NP identity Ifc
  the status of the output: to the top
  output-line-status: to the top
  Action: drop
  Drop-reason: (headwall) No. road to host

  Please help me find the cause why asa is unable to find the path to its own interface.

  Thank you in advance.

  Hello

  You will not be able to connect to an IP address of an interface ASA behind another ASA interface. It is a limit that has been there for Cisco firewalls as long as I can remember.

  The only exception is when you have a VPN connection that is connected to an ASA interface, then you can connect through this VPN connection to another interface of the ASA. In this case the ASA will also require that you have the following command

  access to the administration

  Where is the name of the interface to which you are connected.

  -Jouni

• Allow specific access through the Interfaces ASA 5510

  Hi all

  In my quest to learn Cisco IOS and devices, I need help in smoothing traffic, or access lists, allowing traffic between internal interfaces on the SAA specifically.

  I have an ASA 5510:

  WAN/LAN/DMZ ports labled E0/0 (LAN), E0/1 (WAN), E0/2 (DMZ).

  Connected to the port E0/0 is a 2811 router

  Connected to the port E0/1 is the (external) Internet

  Connected to the port E0/2 is a 2821

  (I'll add a 3745 for VOIP) port E0/3, but it has not yet happened.

  I want to allow traffic between the 2821 and the 2811 routers so that devices on the networks behind them can talk to each other.

  I've specified specific subnets between the ASA and the routers because I want to learn how to shape traffic behind routers, as well as on the ASA. So behind the routers I have different VLANS, but I'm not restrict access between them, still, at least I don't think I am. But as it is, behind the 2821 devices cannot access the DNS / DOMAIN SERVER that is located behind the 2811. Right now I have the routers DHCP power, who works there. Currently devices behind the router 2821-3560 switch cannot access the domain server, primary dns server.

  How can I set the ASA to allow traffic to flow between the two routers and their VLANS?

  Here's the configs of each device and I have also included my switch configs, incase something should be set on them. I only removed the passwords and the parts of the external IP address. I appreciate the help in which States to create and on which devices.

  I think it is best that I put the links to the files of text here.

  Thank you!

  You must remove the following statements on the two routers:
  -# ip nat inside source... overload
  -for each # ip nat inside/outside interface, if they have configured.

  Remove ads rip of the networks that are not directly connected:
  -2821: 172.16.0.0, 192.168.1.0, 199.195.xxx.0
  -2811: 199.195.xxx.0
  -ASA: 128.0.0.0

  No way should be added to the routers, since he is the one by default, put in scene to ASA.

  Check the tables of routing on routers and the ASA.

  On ASA:

  -Remove:
  object-group network # PAT - SOURCE
  # nat (indoor, outdoor) automatic interface after PAT-SOURCE dynamic source

  -create objects of the networks behind the LAN router and enable dynamic NAT:
  network object #.
  subnet
  NAT (inside, outside) dynamic interface

  -review remains NAT rules.

  -to set/adjust the lists access penetration on the interfaces. Do not forget to allow the rip on the LAN and DMZ interfaces.

  -Disable rip on the outside interface.

• Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?

  Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?

  I have (2) AIR-SAP2602I-A-K9, configured the same way.

  on two different remote LANs.

  They don't seem to be handing out addresses via DHCP.

  {If I connect to a local network with another DHCP server}

  wireless devices can obtain addresses

  This another DHCP server on the LAN through the access point.}

  I followed 12.4.25d. JA.cg.pdf

  Configuration of the Access Point to provide the Service DHCP 5-22

  ---------|---------|---------|

  e.g. 3444-RCS1-AN #show running-config

  Building configuration...

  version 15.2

  3444-RCS1-YEAR host name

  no ip Routing

  USH - DM IP domain name

  DHCP excluded-address IP 192.168.29.89

  IP dhcp RCS1 pool

  network 192.168.29.88 255.255.255.248

  router by default - 192.168.28.1

  Rental 1 0

  interface BVI1

  IP 192.168.28.211 255.255.254.0

  no ip route cache

  default IP gateway - 192.168.28.1

  ---------|---------|---------|

  ---------|---------|---------|

  e.g. 3444-RCS2-AN #show running-config

  Building configuration...

  version 15.2

  3444-RCS2-YEAR host name

  no ip Routing

  USH - DM IP domain name

  DHCP excluded-address IP 192.168.129.81

  IP dhcp RCS2 pool

  network 192.168.129.80 255.255.255.248

  router by default - 192.168.128.1

  Rental 2 0

  interface BVI1

  IP 192.168.128.171 255.255.254.0

  no ip route cache

  default IP gateway - 192.168.128.1

  ---------|---------|---------|

  Thats the DHCP Pool range 192.168.29.88 through 192.168.28.95

  Well this will confuse your customers.

  And this is NOT how to set up your "range".   See below:

  DHCP excluded-address IP 192.168.29.1 192.168.29.87

  DHCP excluded-address IP 192.168.29.96 192.168.29.254

  IP dhcp RCS1 pool

  network 192.168.28.211 255.255.254.0

  router by default - 192.168.28.1

  Rental 1 0

• Cisco first Infrastructure 2.2 API GET Interfaces

  Hello

  I am using Cisco first Infrastructure 2.2 and I am trying to get some info of the API in order to build a model.

  But I can't find how to get the name of all the interfaces of an IP address from the device. I tried many queries, but none of them is what to expect. Is there a way interfaces?

  Thank you.

  Guillaume.

  Hello, don't 'SE InventoryDetails' gives you what you need? I believe you can use the features of REST to filter down to only the devices you are interested.

• ASA 5510 Configuration. How to set up 2 outside the interface.

  Hello

  I have Cisco ASA 5510 and the desktop, I want to create a new route to another (external) router to my ISP.

  The workstation I can Ping ASA E0/2 interface but I cannot ping the router ISP B inside and outside of the interface.

  I based my setup on the existing configuration. which so far is working

  interface Ethernet0/0
  Outside of the interface description
  nameif outside
  security-level 0
  IP 122.55.71.138 address 255.255.255.2
  !
  interface Ethernet0/1
  Inside the interface description
  nameif inside
  security-level 100
  IP 10.34.63.252 255.255.240.0
  !
  interface Ethernet0/2
  Outside of the interface description
  nameif outside
  security-level 0
  IP 121.97.64.178 255.255.255.240
  !

  Global 1 interface (outside)

  global (outside) 2 interface (I created this for E0/2)
  NAT (inside) 0 access-list sheep

  NAT (inside) 1 10.34.48.11 255.255.255.255 (work: router ISP inside and outside interface E0/0)

  NAT (inside) 2 10.34.48.32 255.255.255.255 (work: E0/2 router ISP on the inside interface only but cant outside ping).

  Route outside 0.0.0.0 0.0.0.0 122.55.71.139 1 (work)

  Route outside 10.34.48.32 255.255.255.255 121.97.64.179 1 (the new Road Test)

  Router ISP, that a job can ping and I can access the internet

  interface FastEthernet0/0
  Description Connection to ASA5510
  IP 122.55.71.139 255.255.255.248
  no ip redirection
  no ip proxy-arp
  IP nat inside
  automatic duplex
  automatic speed
  !
  the interface S0/0
  IP 111.54.29.122 255.255.255.252
  no ip redirection
  no ip proxy-arp
  NAT outside IP
  !
  IP nat inside source static 122.55.71.139 111.54.29.122
  IP http server
  IP classless
  IP route 0.0.0.0 0.0.0.0 Serial0/0

  FAI 2

  interface FastEthernet0/0 (SAA can ping this interface)
  Description Connection to ASA5510
  IP 121.97.64.179 255.255.255.248
  no ip redirection
  no ip proxy-arp
  IP nat inside
  automatic duplex
  automatic speed
  !
  interface E0/0 (ASA Can not ping this interface)
  IP 121.97.69.122 255.255.255.252
  no ip redirection
  no ip proxy-arp
  NAT outside IP
  !
  IP nat inside source static 121.97.64.179 121.97.69.122
  IP http server
  IP classless
  IP route 0.0.0.0 0.0.0.0 E0/0

  CABLES

  ASA to router ISP B (straight cable)

  Router ISP in the UDI (straight cable)

  Hope you could give some advice and the solution for this kind of problem please

  Hello

  Are you able to ping the router IP of the interface of the device of the ASA? If so, try a trace of package on the device of the SAA for traffic to the IP address of the router.

  Thank you and best regards,

  Maryse Amrodia

• I can't ping the interface inside of asa or telnet, when I came across the anyconnect vpn

  Hey Cisco net guys pro

  When I connect via anyconnect VPN to ASA 9.x, OS, I cannot ping inside
  the interface of asa or telnet, but I could ping at the interface of the router address
  ASA, the same two subnet

  Telnet 0.0.0.0 0.0.0.0 inside

  ICMP allow any insid

  Hi Ibrahim.

  Try 'inside access management' and let us know how it rates.

  Kind regards
  Dinesh Moudgil

  PS Please rate helpful messages.

• Allow access to a single host separate interface on the inside of the interface

  I use a Cisco PIX 515E ASA 8.0 (3) - two separate networks, one on each interface running...

  I have a separate network interface 'Wireless' intentionally because I share wireless with my neighbor and don't want it on my LAN 'inside '. I sometimes want to use the wireless myself, but only need to access my printer to 192.168.21.6

  How can I access the interface 192.168.21.6 wireless (just tcp/udp port 9100 I think). I've experimented with static controls, but could not operate? I need to create a separate IP such as 192.168.22.6 and map that to 192.168.21.6 inside the interface to be able to print?

  static (inside, wireless) tcp 192.168.22.6 9100 192.168.21.6 9100 netmask 255.255.255.255

  ACL not already allow ALL IP traffic between areas (except the RISKY PORTS) so no need to change that to make this work.

  You can also make static identity in which wireless users can access the printer using its original address. But this will create problems with the neighbor :).

  Please rate if useful.

  Concerning

  Farrukh

• New Cisco Aironet 1602i is not broadcasting the SSID I place

  New Cisco Aironet 1602i is not broadcasting the SSID I place

  SSID I set up is not broadcasting, so I don't see the wireless network to choose and connect. On my laptop if I choose specify the name of the SSID then I am able to connect to the wireless network. I have only 1 Configuration SSID on the access point. Anyone know how to update the configuration for the SSID is broadcast?

  The green light on the AP flashes and turns off about 3 seconds; is this normal or should it stays on all the time?

  Current configuration: 1842 bytes

  !

  version 15.2

  no service button

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  encryption password service

  !

  host ap name

  !

  !

  Pulse 9 logging console

  enable secret 5 $1$ rrlE$ msWqu8CGY/tpDkgRAAAIe /.

  !

  No aaa new-model

  no ip Routing

  no ip cef

  !

  !

  !

  dot11 syslog

  !

  dot11 ssid Mi Casa

  open authentication

  authentication-key wpa version2 management

  WPA - psk ascii 7 142017070F0C787B7579

  !

  !

  Crypto pki token removal timeout default 0

  !

  !

  username Cisco privilege 15 password 7 112A1016141D

  !

  !

  Bridge IRB

  !

  !

  !

  interface Dot11Radio0

  no ip address

  no ip route cache

  !

  encryption algorithms aes - ccm tkip encryption mode

  !

  SSID Mi Casa

  !

  gain of antenna 0

  STBC

  beamform ofdm

  root of station-role

  Bridge-Group 1

  Bridge-group subscriber-loop-control 1

  Bridge-Group 1 covering-disabled people

  Bridge-Group 1 block-unknown-source

  No source of bridge-Group 1-learning

  unicast bridge-Group 1-floods

  !

  interface Dot11Radio1

  no ip address

  no ip route cache

  !

  encryption algorithms aes - ccm tkip encryption mode

  !

  SSID Mi Casa

  !

  gain of antenna 0

  DFS block 3 Strip

  STBC

  beamform ofdm

  channel SFR

  root of station-role

  Bridge-Group 1

  Bridge-group subscriber-loop-control 1

  Bridge-Group 1 covering-disabled people

  Bridge-Group 1 block-unknown-source

  No source of bridge-Group 1-learning

  unicast bridge-Group 1-floods

  !

  interface GigabitEthernet0

  no ip address

  no ip route cache

  automatic duplex

  automatic speed

  Bridge-Group 1

  Bridge-Group 1 covering-disabled people

  No source of bridge-Group 1-learning

  !

  interface BVI1

  IP 192.168.10.200 255.255.255.0

  no ip route cache

  !

  by default-gateway IP 192.168.10.1

  IP forward-Protocol ND

  IP http server

  no ip http secure server

  IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

  !

  1 channel ip bridge

  !

  !

  !

  Line con 0

  line vty 0 4

  local connection

  transport of entry all

  !

  end

  Hi you must guest mode config on the ssid... Read this bud

  https://supportforums.Cisco.com/docs/doc-5442

  Sent by Cisco Support technique iPhone App