Configure Cisco 3560 catalyst
I have cisco 3560 series switch I want to configure my pc using an rj45 rollover cable, no com port, how can I configure with LAN and is it possible to configure using cisco packet tracer
Hello faizkt777,
Using the series USB adapter you can solve your problem. If you install the right driver, it would generate COM Port, so you can configure your switch with her. Another option is to use the usb port on the cisco console, if it is to provide your switch. You can download here the driver of cisco
https://software.Cisco.com/download/release.html?mdfid=282979369&SOFTWAR...
Try and tell us if this suggestion may solve your problem.
Note and marked as correct if that is the case.
Kind regards
Tags: Cisco Support
Similar Questions
-
To apply a Cisco 3560 Switch in my network
Can someone help me to solve my problem?
I have a Cisco switch catalyst 3560 that I need to implement in my network and I want to do is to have 3 different VLANS created and use them to separate and test.
Is it possible to do only a single switch?
Hello
It is a community of user to user of Toshiba.
I put t know how your problem is connected to a Toshiba laptop, but if you have problems with the Cisco product, I recommend you visit the support page for Cisco to get support for this device.
-
Configuration Cisco AP 2600 (AIR-CAP2602I-E-K9) and Cisco 2500 wireless controller?
This is the first time that I work with this type of devices (Cisco Ap 2600 (AIR-CAP2602I-E-K9) and wlc 2500)... my experience to the CCNP (router and Switch)
How configuration Cisco Ap 2600 (AIR-CAP2602I-E-K9) and wlc 2500?
Please find attachment (Cisco device map)
Hello
Here are the docs for you to configure the Basic for AP switch port configuration IE 2600 s and wlc.
WLC port must be configured as a trunk.
Port of the AP must be access.
CAP2600 series requires software 7.2.110.0 wlc minimum (make sure you have it or above release)
Upgrade if you follow it.
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml
1. http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080665cdf.shtml (SW port configs)
2. http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
(Another thing very importand, discovery mechanism, choose properly)
If you choose the option dhcp 43, it uses the TLV format. Type is always f1, the length is 4 * (wlc number for which you want to provide discovery for, in your case) Value = Hex conversion of the wlc management ip address.
A video for the process of
http://www.youtube.com/watch?v=oOh_Iv1CHxQ.
Thank you
Sahil
-
The switch configuration of 6500 catalyst for IPS Inline the METHOD works
I understand how to configure the switch Catalyst 6500 so that the monitoring of ports are access ports in two VLAN separate operation online.
However, I don't see any document that describes how the desired VLAN traffic gets forced through the IPS.
"Promiscuous" mode, you can use copy/capture VACL and forwards traffic wished the METHOD of analysis. I don't see how to get traffic desired through the IPS.
Note that the 6500 host is running native SXE IOS 12.2 (18).
Thanks for any help.
A transparent firewall is a pretty good comparison.
Say you have vlan 10 with 100 PCs and 1 router for the network.
If you want to apply a transparent firewall on this vlan you can put not just the Firewall interface on vlan 10. Nothing would go through the firewall.
Instead, you need to create a new vlan, say 1010. Now you place the Firewall interface on vlan 10 and the other on the vlan 1010. Nothing is still going through the firewall. So now move you that router from vlan 10 to vlan 1010. Everything you do is to change the vlan, IP address and the mask of the router remain the same.
The firewall transparent bridge vlan 10 and vlan 1010. The SCP on the vlan 10 ae is able to communicate and through the router, but must go through the transparent firewall to do.
The firewall is transparent because there no IP Route between 2 VLANS, instead, the same IP subnet is on the VLAN and the transparent firewall ensuring the beidges between the 2 VLANS.
The transparent firewall can do firewall between the SCP on the vlan 10 and the router on vlan 1010. But PC has vlan 10 talks for PC B on vlan 10, then the transparent firewall does not see and cannot block this traffic.
An InLine sensor is very similar to the transparent firewall and will fill between the 2 VLANS. And similarly an InLine sensor is able to monitor InLine between PCs traffic on vlan 10 and the router on vlan 1010, but will not be able to monitor the traffic between 2 PCs on vlan 10.
Now the PC on the other vlan and the router on a virtual LAN is a classic deployment for the sensors online, but your VLAN need not be divided in this way. You can choose to place some servers in one vlan and desktop to another vlan. You subdivide them VLAN to whatever the logical method for your deployment.
Now for the surveillance of several VLANs the same principle still applies. You can't control traffic between machines on the same vlan. So for each the VLAN that you want to analyze, you will need to create a new vlan and divide the machines between the 2 VLANS.
In your case with Native IOS, you are limited to only 1 pair of VLAN for InLine followed, but your desired deployment would require 20 pairs of vlan.
The IPS 5.1 software now has the ability to manage the 20 pairs, but the native IOS software doesn't have the ability to send the 40 VLAN (20 pairs) to the JOINT-2.
Changes in native IOS are in testing right now, but I have not heard a release date for these changes.
Now cat BONES has already made these changes. So here is a breakdown of basic of what you could do in the BONE of cat and you can use to prepare for a deployment native IOS when it came out.
For VLAN 10-20 and 300-310, you want monitored, you will need to break each of those VLANs in VLAN 2.
Let's say that keep us it simple and add 500 to each vlan in order to create the new VLAN for each pair.
Therefore, the following pairs:
10/510, 511/11, 12/512, etc...
300/800, 801/301, 302/802, etc...
You configure the port to probe trunk all 40 VLAN:
set the trunk 5/7 10-20 300-310 510-520 800-810
(And then clear all other vlans off this trunk to clean things up)
In the configuration of JOINT-2 create the 20 pairs of vlan inline on interface GigabitEthernet0/7
NW on each of VLAN original 20 leave the default router for each LAN virtual vlan original to the vlan 500 +.
At this point, you should be good to go. The JOINT-2 will not track traffic that remains inside each of the 20 VLAN original, but would monitor the traffic is routed in and out of each of the 20 VLAN.
Due to a bug of switch, you may need to have an extra PC moved to the same vlan as the router if the switch/MSFC is used as the router and that you deploy with a JOINT-2.
-
Hi all
I need your help here I am trying to configure a router Cisco 881 when infact I have a connection which reached the Wan port on the router, I set up 88.le XXX (public IP) I put the default gateway etc... his short film works because when I ping the IP to the outside, than it works
My problem, I want to have internet on my FastEthernet port 0, I configured a dhcp 192.168.0.X albums pool it works but I got no internet despite having the nat outside inside put the road, so I added a static route, but it is not the copy of my config work thank you.1 running-config #show
Building configuration...Current configuration: 5424 bytes
!
! Last configuration change at 15:56:09 UTC Thursday, March 13, 2014 by admin
version 15.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
No aaa new-model
iomem 10 memory size
!
Crypto pki trustpoint TP-self-signed-2132292671
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 2132292671
revocation checking no
rsakeypair TP-self-signed-2132292671
!
!
TP-self-signed-2132292671 crypto pki certificate chain
certificate self-signed 01
3082022B XXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
DHCP excluded-address IP 10.10.10.1
DHCP excluded-address IP 192.168.0.254
!
DHCP IP CCP-pool
import all
Network 10.10.10.0 255.255.255.248
default router 10.10.10.1
Rental 2 0
!
IP dhcp pool vlan5
network 192.168.0.0 255.255.255.0
default router 192.168.0.254
Server DNS 8.8.8.8
!
!
!
no ip domain search
"yourdomain.com" of the IP domain name
IP cef
No ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ18047124
!
!
!
!
!
!
!
property intellectual ssh version 2
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 5
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
IP 84.14.XXX. X 255.255.255.248
NAT outside IP
IP virtual-reassembly in
automatic duplex
automatic speed
!
interface Vlan1
Description $ETH_LAN$
IP 10.10.10.1 255.255.255.248
IP tcp adjust-mss 1452
!
interface Vlan5
IP 192.168.0.254 255.255.255.0
!
default IP gateway - 84.14.209.185
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
IP nat inside source list 2 interface FastEthernet4 overload
IP route 0.0.0.0 0.0.0.0 84.14.209.185
!
access-list 2 allow 192.168.0.0 0.0.0.255
not run cdp
!
!
exec banner ^ C
% Warning of password expiration.
-----------------------------------------------------------------------Professional configuration Cisco (Cisco CP) is installed on this device
and it provides the default username "cisco" single use. If you have
already used the username "cisco" to connect to the router and your IOS image
supports the option "unique" user, that user name is already expired.
You will not be able to connect to the router with the username when you leave
This session.It is strongly recommended that you create a new user name with a privilege level
15 using the following command.username
secret privilege 15 0 Replace
and with the username and password you
you want to use.-----------------------------------------------------------------------
^ C
connection of the banner ^ C
-----------------------------------------------------------------------
Professional configuration Cisco (Cisco CP) is installed on this device.
This feature requires the unique use of the user name "cisco" with the
password "cisco". These default credentials have a privilege level of 15.YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
IDENTIFICATION INFORMATION PUBLICLY KNOWNHere are the Cisco IOS commands.
username
secret privilege 15 0
No username ciscoReplace
and with the username and password
to use.IF YOU DO NOT CHANGE THE IDENTIFICATION INFORMATION PUBLICLY KNOWN, YOU WILL HAVE
NOT BE ABLE TO CONNECT TO THE DEVICE AGAIN ONCE YOU HAVE DISCONNECTED.For more information about Cisco CP, you follow the instructions of the
Of your router's QUICK START GUIDE or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^ C
!
Line con 0
local connection
no activation of the modem
line to 0
line vty 0 4
access-class 23 in
privilege level 15
password
opening of session
entry ssh transport
line vty 5 15
access-class 23 in
privilege level 15
local connection
transport input telnet ssh
!
!
endAdd below
interface Vlan5
IP nat inside
-
Cisco Catalyst 4503->; Cisco 3560 L3->; Cisco 2960 L2->; Cisco SMB switch
Hi Experts,
I am trying to add a Cisco SMB SF300 - 24 Switch to an infrastructure that has only the Cisco Catalyst switches
The base layer is Cisco Cataylst 4503. Distribution is Cisco Catalyst 3560 and Cisco 2960 switches access layer.
There are about 30 VLAN present in the infrastructure that is announced to all switches using VTP. Inter VLAN routing takes place at basic switches
by creating the Interface VLAN for each VLAN of L2.
1. the new 150 VLAN must be created on the new Cisco SMB switch. If I create a corresponding interface 150 VLAN on core switches, it will forward the other VLANs traffic just as he is currently working for Cisco 2960 Catayst switches?
2. While they inspected, I could see that the DERIVATIVE is not supported on the Cisco SMB switches and I would need to go GVRP if I need to make advertising information to other switches VLAN. But since GVRP is only supported on CatOS and there is no inter operability between GVRP and DERIVED, I would need to manually create the VLAN on the new switch. Is this correct?
Help, please!
Thank you very much
ANUP
Good afternoon Anup Sasikumar
Please use our forum
My name is Johnnatan I am part of the community of support to small businesses, I saw your post and I understand that you want to configure VTP and GVRP.
I'm afraid you will have to configure it manually each Vlan in each device CatOS GVRP, in order to keep their databases vlan in sync. As you say, VTP is support it not in CatOS
You can try to connect the two protocols, but I encourage you do not follow this procedure.
On your question about intervlan routing, if you create a corresponding interface 150 VLANS on switches to base it is routed, if your configuration is correct (port access, ports of junction, intervlan etc..)
I hope that you will find this answer useful, if it was satisfactory to you, please indicate the question as answer.
Please evaluate the useful messages.
Greetings,
Johnnatan Rodriguez Miranda.
Support of Cisco network engineer
-
Backup of configuration Cisco Codec C40
Dear all,
Can I know how to take backup of the configuration of the Cisco Codec C40, please?
And also help me with the document of the administrator?
Thanks in advance
Kind regards
Syed
You can simply copy the output of the xConfiguration and paste it into the SSH client. You may need to change the output a bit to get the correct formatting, however. For example, the output registered since my SHH client contains a preceding * c which must be removed before that I can stick again in the SSH client:
*c xConfiguration Video Wallpaper: Waves
When you perform a software update, codec configuration, including the keys installed option is not affected and will remain in the process. Keys options include Premium (PR), double (DD) display resolution and Multisite (MS). C40 has been end of sales since June 2015, so it is not possible to order anything for this, see eos-eol-notice-c51-733467. Procedure to upgrade the software codec is on pg 28, the same page mentioned in my previous answer. To upgrade codec software, you will need a release key when switching from one major version to another, as TC5 to TC7. You can request a release of the Cisco Licensing Portal key > obtain other Licenses > telepresence free software key, as long as the device has an active support contract. If you do not have an active support contract, you can contact TAC and get the free unlock key by referencing the Security Advisory cisco-sa-20160504-tpxml, which you can get a key to unlocking TC7. -
I am configuring a Cisco 1921 router to connect with my cable modem. The router gets an IP address from the DHCP server and I can ping resources on the internet on the router. The router distributes DHCP addresses to clients, but clients are unable to access the internet. I'm missing something simple. Here is my config:
R1-1921 #sh run
Building configuration...Current configuration: 6236 bytes
!
! 19:11:22 EST configuration was last modified Thursday, November 5, 2015 by *.
version 15.3
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname R1-1921
!
boot-start-marker
boot system flash: c1900-universalk9-mz. Spa. 153 - 3.M6.bin
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 $1$ F3oi$ EtowSjpBITAVsWVxr4EDM.
activate the password *.
!
No aaa new-model
No process cpu extended history
No pork process autoprofile cpu
iomem 10 memory size
clock timezone IS - 5 0
clock to summer time EDT recurring
!
!
!
!
DHCP excluded-address 192.168.1.1 IP 192.168.1.100
DHCP excluded-address IP 192.168.1.201 192.168.1.254
DHCP excluded-address 192.168.2.1 IP 192.168.2.100
DHCP excluded-address 192.168.2.201 IP 192.168.2.254
DHCP excluded-address IP 10.10.10.1 10.10.10.100
DHCP excluded-address IP 10.10.10.201 10.10.10.254
DHCP excluded-address IP 192.168.20.1 192.168.20.100
DHCP excluded-address IP 192.168.20.201 192.168.20.254
!
IP dhcp pool vlan2_Home_DHCP
network 192.168.2.0 255.255.255.0
F104.0a0a.140b hexagonal option 43
domain name *.
Server DNS 8.8.8.8 8.8.4.4
default router 192.168.2.254
Rental 7
!
IP dhcp pool vlan10_Home_DHCP
Network 10.10.0.0 255.255.0.0
F104.0a0a.140b hexagonal option 43
domain name *.
default router 10.10.10.1
Server DNS 8.8.8.8 8.8.4.4
Rental 7
!
IP dhcp pool vlan20_Home_DHCP
network 192.168.20.0 255.255.255.0
F104.0a0a.140b hexagonal option 43
domain name *.
Server DNS 8.8.8.8 8.8.4.4
default router 192.168.2.254
Rental 7
!
IP dhcp pool vlan1_Home_DHCP
network 192.168.1.0 255.255.255.0
F104.0a0a.140b hexagonal option 43
domain name *.
Server DNS 8.8.8.8 8.8.4.4
by default-router 192.168.1.254
Rental 7
!
!
!
IP domain name *.
IP cef
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
Crypto pki trustpoint TP-self-signed-2424561219
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 2424561219
revocation checking no
rsakeypair TP-self-signed-2424561219
!
!
TP-self-signed-2424561219 crypto pki certificate chain
certificate self-signed 01
3082022B 30820194 02020101 300 D 0609 2A 864886 F70D0101 05050030 A0030201
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 32343234 35363132 6174652D 3139301E 170 3135 31313032 31383034
35395A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 32 34323435 65642D
36313231 3930819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
81008E99 C46CD1DA 4626A4A1 614268 HAS 4 FC70E1B0 66E4D691 6F1DDA9E EE15D3D6
44469CAF D9EB6EAF B155D164 5E75CD1E B0541204 98C7BC8A E973A18A 852F7BC3
09B33BDB C4C63C75 4C8B7A60 BA3BB4E7 C980BDFA 35F50803 C92973F4 19A 90217
48E993E3 BFC1EE4D C9A8ABE7 C094E89B 9629195A 0763605 A D577278C B8C39AB9
010001A 3 53305130 1 130101 FF040530 030101FF 301F0603 0F060355 0CEF0203
551 2304 18301680 14B9ECCC A5378EAC C33EA600 3A11948F 56021544 74301 06
03551D0E 04160414 B9ECCCA5 378EACC3 3EA6003A 11948F56 02154474 300 D 0609
2A 864886 05050003 81810046 FC666C70 E65C191B 951D69CC BE68D6D1 F70D0101
B5EC7175 ED432B26 7C44E882 1 C 04F30A7C 006392 E782CB04 CC898FD4 2B5F9085
A84DB5BA 0996408A 46D36AE7 20A4BADA D418EC0D F7A94E46 08782215 C7EEF16F
998E78F0 17026E9A 0705D4F7 FCEEED19 AB467E35 6A8E2CED A35BD0C3 236CF87D
76F3BF78 45D940EF DF0A8934 D411F3
quit smoking
udi pid CISCO1921/K9 sn license *.
!
!
!
redundancy
!
!
!
!
!
property intellectual ssh time 60
!
!
!
!
!
!
!
!
!
interface Loopback0
172.40.59.1 the IP 255.255.255.255
!
the Embedded-Service-Engine0/0 interface
no ip address
Shutdown
No cdp enable
!
interface GigabitEthernet0/0
no ip address
automatic duplex
automatic speed
No cdp enable
No mop enabled
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
IP 192.168.1.253 255.255.255.0
No cdp enable
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
192.168.2.253 IP address 255.255.255.0
No cdp enable
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
IP 10.10.10.1 255.255.0.0
No cdp enable
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
address 192.168.20.1 255.255.255.0
No cdp enable
!
interface GigabitEthernet0/1
DHCP IP address
no ip redirection
no ip proxy-arp
NAT outside IP
IP virtual-reassembly in
automatic duplex
automatic speed
No cdp enable
!
IP forward-Protocol ND
!
no ip address of the http server
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
IP nat inside source list 1 interface GigabitEthernet0/1 overload
IP default-network 192.168.1.0
IP route 0.0.0.0 0.0.0.0 dhcp 20
!
no routing capabilities-Manager service
not run cdp
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 allow to 192.168.10.0 0.0.0.255
access-list 2 allow 192.168.20.0 0.0.0.255
access-list 2 allow 192.168.30.0 0.0.0.255
access-list 2 permit 192.168.40.0 0.0.0.255
access-list 2 allow to 192.168.1.0 0.0.0.255
access-list 2 allow 10.10.20.0 0.0.0.255
access-list 3 Let 192.168.10.0 0.0.0.255
access-list 3 allow 192.168.20.0 0.0.0.255
access-list 3 allow 192.168.30.0 0.0.0.255
access-list 3 permit 192.168.40.0 0.0.0.255
access-list 3 Let 192.168.1.0 0.0.0.255
access-list 23 allow 10.10.10.0 0.0.0.7
!
control plan
!
!
!
Line con 0
exec-timeout 0 0
local connection
line to 0
line 2
no activation-character
No exec
preferred no transport
transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
StopBits 1
line vty 0 4
privilege level 15
local connection
transport of entry all
line vty 5 15
privilege level 15
local connection
transport of entry all
!
Scheduler allocate 20000 1000
!
endYour modem might need routes to subnets and the NAT configuration for these subnets.
However, another way to do it is NAT CBC all IP addresses to the IP of the interface gi0/1 looks you can try to do.
If you don't then.
(1) you must add 'ip nat inside' to every subinterface
(2) the ACL for your NAT made reference only 192.168.1.x customers while your other ACL refers all subnets.
If you want to have all subnets access the internet turn it into NAT reference one another ACLs
(3) don't know what you're doing with the statement "ip default-network 192.168.1.0.
Just remove it and use the default route you have in your configuration and you don't need to add an ad at the end.
Jon
-
configuration cisco air-ap1142n-a-k9 problem wpa2 wireless access point
HI people,
I am brand new to Cisco Wireless, just that I bought new wireless access point air-ap1142n-a-k9 cisco, try to configure the configuration of wpa2 for security reason, but impossible to configure in any mode security. So my AP is currently no security / encryption mode.
Could someone can help and suggest me I will appreciate if I get all documents, so the security problem can be solved.
Concerning
Sanjeev
OK great
----------------------------------------------------------------------------------------------------------------------
Be sure to note the correct answer and mark the thread as answered
-
Hi all
Let me start by saying I've searched high and low to find answers to my questions but couldn't find one. So here: I'm not very familiar with Cisco products. I have some knowledge and experience with configuration of routers/switches but all very basic. Today, we received our new router to our business environment. A standard C881 Cisco-K9. Our previous router was a model House and not suitable for our needs.
-Configuration of the WAN port. We have a fiber of our ISP connection, the modem they provide has a useful interface that we can use our internet connection. Basically just connect our router to the router with a network (RJ-45 UTP) cable. Very basic, but it is that we put in some very specific IP on our router on the router to communicate. No DHCP on our side of the ISP; I have to put in manually by default, a gateway address DNS, subnet mask and IP address. How to proceed on the CLI? What are the commands once I have access to the port to the WAN interface?
-I know a little how configure DHCP for our workstations, but one thing that has been a problem, is that the ports are L2 according to the router. Once I put in the no command switchport, in order to be able to assign a DHCP server to an interface I get a message prompt that the command was not disabled or something like that. How to solve this?
-How can I set up a VPN on a specific interface on the router port? And is it possible to use the portfast on this interface once said VPN is enabled? I need to do this because our mediaplayers running on Android have problems with the VPN and DHCP at the same time. And static assignment does not work, I tried.
I would be very grateful for your help!
Hello
Assuming the following:
- WAN interface is GigabitEthernet0/0
- Static IP address given to you is 1.1.1.1/30
- Default gateway is 1.1.1.2.
- LAN is GigabitEthernet0/1 and is configured as 192.168.1.1
- LAN subnet is 192.168.1.0/24
-To set up your interface WAN from the Global Configuration mode:
interface GigabitEthernet0/0
IP 1.1.1.1 255.255.255.252
no downtime
IP route 0.0.0.0 0.0.0.0 1.1.1.2
! You need to configure NAT as well!
-To set up your DHCP for your local network:
int vlan 1 (or any VLAN that you use)
IP 192.168.1.1 255.255.255.0
!
DHCP excluded-address 192.168.1.1 IP 192.168.1.10
!
IP dhcp data pool
network 192.168.1.0 255.255.255.0
default router 192.168.1.1
business domain name
Server DNS 8.8.8.8 8.8.4.4
0 8 rental
More details: http://www.internetworkingcareer.com/ccna/how-to-configure-your-cisco-router-as-a-dhcp-server/
-The VPN will be implemented on the WAN interface. If you have problems 'VPN and DHCP', then your VPN probably is not configured correctly. PortFast can not be enabled on a port of layer 3, and even though it is possible he would do nothing since STP does not run on it. Just forget about Portfast altogether when you think of your VPN.
I hope this helps!
Kind regards
Tim
Please don't forget to rate helpful messages and mark the answers accurate.
-
Backup folder Configuration Cisco first infrastructure 2.0?
Hi all
where is the backup devices folder in PI 2.0 configuration, I tried searching with winscp for *.cfg but have not found anything.
the most funny thing is when I am connected via the WEB (GUI), I can see the configurations of devices (under configuration of archive).
so anyone know where is the file?
Thank you
Dawit
Hi Dawit,
https://supportforums.Cisco.com/message/3975460#3975460
check the thread above, hope this will answer your query...
Thank you-
Alya
[Note the useful post]
Ratings encourage contributors *. -
configuration Cisco No. 2851 IPS intrusion prevention system
Hi, I wonder - could someone guide me to the implementation of IPS intrusion prevention system. I'm new to the world of cisco and still did not have my head around it. for the intrusion prevention system IPS I put 0/1 (lan) entrants and g 0/0 as a wan?
Hello
You must be careful when activating the IP address of your router. Category will activate you more cpu/memory will be used, and your router may crash.
I'll write all the config as directly here, because it is a good step by step by Cisco:
http://www.Cisco.com/c/en/us/products/collateral/security/iOS-intrusion-...
I'll also join a best practice document from Cisco.
IPS/signature of software should be found on the Cisco's Web site: https://software.cisco.com/download/release.html?mdfid=282941564&reltype...
To answer your question, you can do inbound and outbound on your WAN interface (attacks should come first to the outside).
If you have enough power, why not do as well on the LAN but I will recommend doing it on the WAN, organize and when you're comfortable, you can create one for the LAN interface.
Here is a config I made for a cisco 892 router which works fine:
IP IP config flash card: ips try again 1
IP IP address notify CETS
IPS the ips name iosips IP list
!
category-signature IP ips
all categories
true retreat
category ios_ips base
fake retirement
category all-ddos ddos
fake retirement
enabled true
products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
category, any adware/spyware-adware/spyware
fake retirement
enabled true
products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
category virus/worms/trojans botnet
fake retirement
enabled true
products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
category virus/worms/trojans all-viruses/worms/trojans
fake retirement
enabled true
products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
category models internet_edge
Advanced ios_ips category
fake retirement
!ips-setting IP to auto update
occur - 0 0 06 weekly
Cisco
username password xxxxxx xxxxx!
!
IPS extended IP access list
allow a full tcp
allow a udp
allow icmp a whole
allow an ipI don't know if you have a firewall on your local network, but when I do IPS on a cisco router if there is no firewall, I recommend you to activate ZBF on router itself. This allows to add a little more security.
Just in case, under a ZBF configuration for home router (like the 892 series):
extended access IP MANAGEMENT list
permit tcp any any eq 22
allow icmp a whole
!
Underisable extended IP access list
deny ip host fragments 224.0.0.5
deny ip host fragments 224.0.0.6
refuse the host ip 224.0.0.5 no fragment
refuse the host ip 224.0.0.6 no fragment
permit icmp any any fragment
allow udp any any fragment
permit tcp any any fragment
permit tcp any RST eq 639
permit tcp any RST bgp eq
IP enable any no fragment
!
zbf-wan-to-lan extended IP access list
permit tcp any host 192.168.0.1 eq 3389 ===> internal of the server accessible from the internet (port forwarding)
!
type of class-card inspect entire game Internet
group-access name zbf-wan-to-lan game
class-map correspondence class-mgmt
match the name of group-access MANAGEMENT
unwanted match class-map
match the name of group-access Underisable
type of class-card inspect entire game All_Protocols
tcp protocol match
udp Protocol game
match icmp Protocol
!
type of policy-card inspect Trusted_to_Internet
class type inspect All_Protocols
inspect
class class by default
drop
type of policy-card inspect Trusted
class class by default
Pass
copp-policy policy-map
unwanted class
drop
class class-mgmt
to comply with-police action 2048000 pass drop action exceeds
class class by default
type of policy-card inspect Internet_to_Trusted
class type inspect Internet
inspect
class class by default
drop
!
!
Trusted zone security
Security for the Internet zone
Trusted zone-pair security-> trusted destination trust Trusted source
traffic LAN to LAN Description
type of service-strategy inspect Trusted
Trusted zone-pair security-> Trusted Internet source Internet destination
Description LAN for Internet traffic
type of service-strategy inspect Trusted_to_Internet
security Internet zone - pair-> Trusted Internet source Trusted destination
Description WAN for Internet traffic
type of service-strategy inspect Internet_to_Trusted
!
the g0/0 interface (WAN)
the Member's area Internet Security
!
G0/1 of the interface (LAN)
approved members area security
!Thank you
-
Can I configure Cisco (AIR-CAP1602I-T-K9) 1602i offline?
Hi everyone, please, I need help here.
I bought 3 Cisco (AIR-CAP1602I-T-K9) 1602i but I did not buy a controller. How can I configure then offline?
I saw in other forums, I need to change the IOS software to a stand-alone software. They suggested the ap1g2-k9w7 - tar.152 - 4.JA1.tar. I would like to know if this is the right software and if there is no problem with the license if I download and use it.
Explanation of the differences between AIR-CAP-1602i-x-K9 e AIR-SAP-1602i-x-K9
http://community.Spiceworks.com/topic/448208-Cisco-Aironet-1602i-questions-issues
How to convert standalone IOS
http://www.experts-exchange.com/Networking/Wireless/Q_28245190.html
Download IOS:
Thank you.
Wesley
Hello
Yes, you must pass in stand-alone mode. Yes, this is the right software and you will not face any problem regarding the license.
But to download the standalone AP image of cisco, you need a CCO (Cisco connection) and the valid service contract.
Here is the final image: can download here
http://software.Cisco.com/download/release.html?mdfid=284366503&flowid=3...
How to covert to lAP for standalone:
http://www.YouTube.com/watch?v=QQ_NuxdRhQ4
http://rscciew.WordPress.com/2014/05/07/access-point-conversion-lap-to-a...
Concerning
Remember messages useful rates
-
Configuration Cisco 1905.
I have a facility where the client uses 1905 router to access the Internet. They have a local network with 192.168.1.0/24 segment and a segment of WAN of 150.129.126.168/29 provided by the ISP.
Currently, they use a D-Link router for internet access and his works fine. But when we use the Cisco router with config below, users are unable to access the internet.
Cisco config:
gi0/0---192.168.1.1/24 (LAN) interface
interface gi0/1---150.129.126.170/29 (WAN)
IP route - 0.0.0.0 0.0.0.0 150.129.126.169
Pool DHCP - 192.168.1.180 to 192.168.1.199
Now, since we use Pvt Ip in the network segment local and Public WAN, I feel that we must run NAT for users to access the internet. But not quite sure how to do it.
Any suggestions and help in this regard would be highly appreciated :).
Hi chinmoy.boruah1,
You can use the following commands:
R1 (config) #ip - 7 standard access list
R1 (config-std-nacl) #permit 192.168.1.0 0.0.0.255
R1 (config) #ip nat inside source list 7 g0/1 interface overload
R1 (config) #interface gi0/0
R1(Config-if) #ip nat inside
R1 (config) #interface gi0/1
R1(Config-if) nat outside #ip
If you need more information about the different ways to configure nat this will help you to:
http://www.Cisco.com/c/en/us/TD/docs/iOS-XML/iOS/ipaddr_nat/configuratio...
Hope this info helps!
Note If you help!
-JP-
-
Hi all
I work for a company of Radio 2-way, we use Motorola equipment. One of the systems requires a router for each repeater site. Motorola recommends a MSR20 20 HP router. I set up this router before and it works great but I would use cisco vs. HP equipment. I'm having issues reflecting the way in which we present the HP router to the CLI on the Cisco 1841. I'd appreciate any help that someone is willing to offer.
Here's how the HP router is configured in the CLI... Thank you!!
Hello
the following is the equivalent of Cisco for the yellow highlisghted lines:
!hostname Site1!int Eth0/0 ip nat outide ip address 192.168.1.1 255.255.255.0!int Eth0/1 ip nat inside ip address 10.1.1.1 255.255.255.0!ip nat inside source static udp 192.168.1.10 55001 10.1.1.1 55001ip nat inside source static udp 192.168.1.11 55011 10.1.1.1 55011ip nat inside source static udp 192.168.1.12 55012 10.1.1.1 55012!ip route 0.0.0.0 0.0.0.0 10.1.1.254!
Cheers, Seb.
Maybe you are looking for
-
My Firefox just got an update and know that I don't know how to block images...
I regularly need to block images when I use Firefox, and until this morning, I was able to do it by putting it in the options. Now my firefox just updated and I can not find this option anywhere-_-'-could someone explain to me please how can I do it
-
just installed firefox but can't find my favorites
FF asked if I wanted to import my favorite folders, I said yes. But nothing? I looked in the bookmarks, but nothing is there?
-
Satellite P100-347 - nVidia drivers day?
Can support Toshiba fix some vista updated drivers for: Satellite P100-347... (pspa6e) This should be up to date on Toshiba site, because the drivers onNVIDIA.com do not work on my Toshiba laptop... Thnx
-
No sound from monitor mounted speakers.
I have an old monitor (AOpen f1513) that I connected to my computer Dell (Optiplex sx280). There is no sound from the speakers. I checked the cables and they are all tight, and made sure the volume was enough on the monitor and in my audio devices in
-
__Upgrading for Vista Ultimate - Dell Inspiron 1420 can't restart and not sound
I just upgraded from Vista Home to Vista Ultmate and my Dell Inspiron reboot correctly... remember to come by saying she does not restart... gives me a lot of options (safe mode,..., normally). The only way to get it to start is to force a complete