Solved: dear cadet,it's does not work - Page 2

prompt2k2 · ‎10-03-2012

Hello,

What are the command for blocking unwanted URL on my network, for example, I want to block www.facebook.com on my network, can anyone help me with the commands.

I will also like to know how to add security to the network, please note the router is NOT a wireless router.

Thank you in anticipation.

cadet alain · ‎10-08-2012

Hi,

Could you do this:

conf t

ip bootp server

int g0/0

no ip helper-address 10.10.10.1

Regards.

Alain

Don't forget to rate helpful posts.

prompt2k2 · ‎10-08-2012

Hi Alain,

Done, but still nothing happened

income(config)#ip bootp server

income(config)#int gig0/0

income(config-if)#no ip helper-address 10.10.10.1

income(config-if)#end

income#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

income#sh run

Building configuration...

Current configuration : 3439 bytes

!

! Last configuration change at 08:48:50 UTC Mon Oct 8 2012

! NVRAM config last updated at 08:49:06 UTC Mon Oct 8 2012

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname income

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 $1$K/Wt$MOaWnBNOE9rLay.m8Sh4a.

enable password 7 151B050F0B272E76

!

aaa new-model

!

aaa authentication login default none

aaa authentication enable default none

aaa authentication ppp default none

!

aaa session-id common

!

no ipv6 cef

no ip source-route

ip cef

!

ip dhcp excluded-address 10.10.10.1 10.10.10.39

!

ip dhcp pool users

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 217.117.0.38 10.10.10.244

!

ip domain name incomeelectrix

ip name-server 217.117.0.38

ip name-server 10.10.10.244

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

license udi pid CISCO1941/K9 sn FCZ1633716L

license boot module c1900 technology-package securityk9

license boot module c1900 technology-package datak9

!

username income privilege 15 secret 4 HSyp0yWKpXLGNBvuMAwswNaIjZOwIZdQsd4T3M2hSo

A

!

redundancy

!

ip tcp synwait-time 10

!

class-map match-any BLOCKED

match protocol http host "*facebook.com"

match protocol http host "*youtube.com"

!

policy-map BLOCK

class BLOCKED

drop

!

interface Embedded-Service-Engine0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

shutdown

!

interface GigabitEthernet0/0

description $ES_LAN$$ETH-LAN$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

service-policy input BLOCK

!

interface GigabitEthernet0/1

description $ES_WAN$$ETH-WAN$

ip address 41.75.205.190 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

router eigrp 109

network 10.0.0.0

network 41.0.0.0

!

router rip

version 2

network 10.0.0.0

network 41.0.0.0

no auto-summary

!

ip default-gateway 41.75.205.189

ip forward-protocol nd

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat pool overld 41.75.205.190 41.75.205.190 prefix-length 24

ip nat inside source list 7 pool overld overload

ip route 0.0.0.0 0.0.0.0 41.75.205.189

!

logging trap debugging

access-list 7 permit 10.10.10.0 0.0.0.255

access-list 199 permit icmp any any

!

no cdp run

!

snmp-server community public RO

!

control-plane

!

banner login ^CWelcome to Incomeelectrix.^C

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password 7 11001706181F0E5D

transport input telnet ssh

transport output telnet ssh

line vty 5 15

privilege level 15

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

end

income#

cadet alain · ‎10-08-2012

Hi,

has your router been restarted since you had the problem ?

Can you do debug ip dhcp server packet and then one one host: ipconfig/release then ipconfig/renew

and post output of the log.

Regards.

Alain

Don't forget to rate helpful posts.

prompt2k2 · ‎10-08-2012

Hi Alain,

I also noticed something, the router is connected to a switch, every system I connected to the switch directly using a cable can access the internet, but other systems connected via a wireless access points (the access points are connected to same switch with cables) cannot access the internet. This was not the case before, I seem to be doing some authentication or authorisation configuration wrong.

Regards

cadet alain · ‎10-08-2012

Hi,

one stuuf you should do also is disable dhcp conflict logging as you have not configured any dhcp database.

conf t

no ip dhcp conflict logging

Concerning the wireless devices , we need more infos as we only got the router running config here.

Do they get a dhcp ip address?

Regards.

Alain

Don't forget to rate helpful posts.

prompt2k2 · ‎10-08-2012

Hi,

They are configured to get IP addresses from the router, they have been working before now, so I doubt the problem is from the wireless access points.

I have restarted the router. still no joy.

cadet alain · ‎10-08-2012

Hi,

did you configure no ip dhcp conflict-logging ?

post the debug ip dhcp server packet output when trying to renew on a wireless host.

post also the output from:

sh ip dhcp binding

sh ip dhcp pool users

Regards.

Alain

Don't forget to rate helpful posts.

prompt2k2 · ‎10-08-2012

income#sh ip dhcp binding

Bindings from all pools not associated with VRF:

IP address Client-ID/ Lease expiration Type

Hardware address/

User name

10.10.10.40 01cc.b255.badb.8c Oct 09 2012 09:13 AM Automatic

10.10.10.41 01a0.4e04.0a16.e5 Oct 09 2012 09:15 AM Automatic

10.10.10.45 01cc.b255.badd.22 Oct 09 2012 09:27 AM Automatic

10.10.10.46 015c.95ae.ea8c.31 Oct 09 2012 09:19 AM Automatic

10.10.10.47 01e0.b9a5.cdaa.a3 Oct 09 2012 09:27 AM Automatic

10.10.10.48 0100.26c6.770e.64 Oct 09 2012 09:29 AM Automatic

10.10.10.49 0100.24be.c0f2.48 Oct 09 2012 09:29 AM Automatic

10.10.10.51 0100.23d3.0115.df Oct 09 2012 09:33 AM Automatic

10.10.10.52 0100.026f.4c86.2d Oct 09 2012 09:33 AM Automatic

income#

income#sh ip dhcp pool users

Pool users :

Utilization mark (high/low) : 100 / 0

Subnet size (first/next) : 0 / 0

Total addresses : 254

Leased addresses : 9

Pending event : none

1 subnet is currently in the pool :

Current index IP address range Leased addresses

10.10.10.53 10.10.10.1 - 10.10.10.254 9

income#

cadet alain · ‎10-08-2012

Hi,

ok what about the debug output when renewing ip from wireless device ?

Regards.

Alain

Don't forget to rate helpful posts.

prompt2k2 · ‎10-08-2012

Hi Alain,

Each PC were able to do the ipconfig /release and /renew command, like I said earlier, I realised they can access the internet when connected to the switch using a cable, but will not identify a network when connected to the Access Points.

I had to reconfigure each Access Points again with a newer SSID for other systems to be able to connect to the Internet.

At this moment, I can connect them using 2 AP, while I think I will reconfigure the other 2 APs.

With this capacity, I can manage the systems to work, while I sort out the pending issues.

I will send you a PM for the network as initially discussed, so you can help take a look.

Cheers.

Wizard4777 · ‎06-21-2023

does not work

sriramvaithianathan · ‎02-16-2015

dear cadet,

it's does not work out.

Blocking Unwanted website using CLI on Cisco 1941