Thanks for the help and sorry to waste everyone's time - I figured it out. It was a typo in my rsyslog config on the second log server only. "is equal" is not the same as "isequal".
Sorry - but thanks for the help
... View more
I'm just having a semi-annoying problem that I was hoping someone could help with In my SOHO network, I have a Catalyst 3560G, a 1812W and a ASA 5505 running and am using two Raspberry Pi's as syslog servers. In all three devices, I have added both log servers, with the ASA though ASDM, and the others though the CLI. The ASA works fine and sends each log generated to both log servers, however, both the 3560 and the 1812 only send their logs to the first log server on the list - not both servers simultaneously. I've been over every config document I could find and they all say the same thing - no problem, just add a "logging host <IP>" and the syslog will be sent to both servers - so, yeah...any ideas - are the 1812 and catsw not capable? 1812
logging origin-id hostname logging 192.168.1.50 logging 192.168.1.51
logging count no logging buffered
logging 192.168.1.50 logging 192.168.1.51
logging enable logging timestamp logging trap warnings logging asdm informational logging device-id hostname logging host inside 192.168.1.50 logging host inside 192.168.1.51
... View more
BTW - I have also tried to adjust the DHCP pool range to include the static address I want to reserve: dhcp address 192.168.1.2-192.168.1.50 inside but, same thing - my xxxx.xxxx.xxxx machine gets an address other than x.x.x.2 every time.
... View more
Hey everyone - I just have a quick question/observation that I was wondering if anyone had any input on: Cisco Adaptive Security Appliance Software Version 9.1(6) Device Manager Version 7.5(2) Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz, Internal ATA Compact Flash, 128MB BIOS Flash M50FW016 @ 0xfff00000, 2048KB This platform has a Base license. I have a single VLAN, single subnet home network behind a 5505 that receives a public, outside address via DHCP from as ISP; the ASA is my internal DHCP server. I understand that the ASA does not support address reservations and have tried to use a static ARP as a work-around - as suggested by many posts on the Goggle machine. dhcp-client client-id interface outside dhcp address 192.168.1.11-192.168.1.50 inside dhcp dns 126.96.36.199 188.8.131.52 interface inside dhcp enable inside arp inside 192.168.1.2 xxxx.xxxx.xxxx arp timeout 14400
It seems that even with the static ARP, the DHCP server overrides the layer 3 configuration and my xxxx.xxxx.xxxx machine receives an IP address in the DHCP pool regardless. I’m also perplexed by the fact that I’m trying to reserve an address outside the DHCP pool – the ASA is flat out ignoring the static ARP. Anyway, this is obviously extremely annoying and I was wondering if anyone else has seen this or has any suggestion. Thanks.
... View more
Ok thanks Andrew, that seems to be a much better direction; however, it still didn't work. First, I use Cable Internet from Comcast, not ADSL...I'm not sure that that matters, but I don't know all the PPP authentication information as its' local to the ISP's equipment they installed in my house, however I am digging for that info at this time. All of the 'ppp ipcp' commands you listed do not work and are not supported by my router. Also, I found out the hard way also, but Fa0 and Fa1 are the router ports and will not accept switchport access commands; so we can't assign Vlan 1 to Fa0. Other than those items, I had no issues and it seems to be configured much better now; still doesn't work but we are making some progress. Before I acquired this router, my configuration was as simple and un-secure as you can imagine, straight from the ISP's equipment to a wireless Cisco M20 with 4 pre-configured ports serving DHCP to every device I needed it to. I have inspected the wireless routers config and have not come up with any username or password information, only gateways and DNS servers, but I am still looking through all of my paperwork for that information. Here is the new configuration: Casino#sh run Building configuration... Current configuration : 2175 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Casino ! boot-start-marker boot-end-marker ! enable secret 5 $1$meWw$nsMTp6US7axi/uE0MWULK. enable password 7 06535E741C1B584C55 ! no aaa new-model ! ! ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 172.16.1.1 ! ip dhcp pool Casino import all network 172.16.1.0 255.255.255.240 default-router 184.108.40.206 dns-server 220.127.116.11 domain-name hsd1.co.comcast.net ! ! no ip domain lookup ip domain name hsd1.co.comcast.net ip name-server 18.104.22.168 ip name-server 22.214.171.124 ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! multilink bundle-name authenticated vpdn enable ! vpdn-group 1 request-dialin protocol pppoe ! ! ! ! ! archive log config hidekeys ! ! ! ! bba-group pppoe global ! ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1 no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Vlan1 ip address 172.16.1.1 255.255.255.240 ip nat inside ip virtual-reassembly ! interface Dialer1 description Logical ADSL interface ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 no ip mroute-cache dialer pool 1 dialer-group 1 ppp authentication chap pap callin ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat pool Casino 172.16.1.2 172.16.1.14 netmask 255.255.255.240 ip nat inside source list 1 interface Dialer1 overload ! access-list 1 permit 172.16.1.0 0.0.0.15 dialer-list 1 protocol ip permit ! ! ! ! ! ! control-plane ! ! line con 0 password 7 080E5916584B4442435E5C login line aux 0 password 7 013C135C0A59475A70191E login line vty 0 4 password 7 09635B51485756475A5954 login ! end Thanks again for your help, I appreciate it! Josh
... View more
Thanks for the help Andrew! You know, I think if this was two separate devices (switch and router) I think I would be up and running, but this integrated stuff is throwing me off, not to mention that the IOS is a much older version (I guess) than what I'm used to. They were throwing this 1811 in the trash can at work, so I just emptied the trash can. I have no documentation at all but I have since found the 1800 series documentation on Cisco.com and have tried to implement the basic configurations cited; with what seems like success, but still no joy. I did have to recover the password and did so with 0x2142, I bypassed the setup and compared the default configuration with what is listed in the documentation and they DO NOT match; I also tried to go through setup mode with the same indications. Additionally I've also learned that the 1800 series is pre-configured on certain options (DHCP, VLAN), which is new to me - I thought Cisco routers were not configured by default - isn't that kind of the point? (By the way, the below port status may not be correct since I now have all the ports unplugged) Anyway, here is the 'show run' command, the 'sh ip int brief' command, followed by the 'sh version' command: Show Run Casino#sh run Building configuration... Current configuration : 2006 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Casino ! boot-start-marker boot-end-marker ! enable secret 5 $1$meWw$nsMTp6US7axi/uE0MWULK. enable password 7 06535E741C1B584C55 ! no aaa new-model ! ! ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 172.16.1.1 ! ip dhcp pool Casino import all network 172.16.1.0 255.255.255.240 default-router 126.96.36.199 dns-server 188.8.131.52 domain-name hsd1.co.comcast.net ! ! no ip domain lookup ip domain name GinRummy.localhost ip name-server 184.108.40.206 ip name-server 220.127.116.11 ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! multilink bundle-name authenticated ! ! ! ! archive log config hidekeys ! ! ! ! ! interface Loopback0 ip address 172.16.1.1 255.255.255.240 ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1 ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Vlan1 no ip address ip nat inside ip virtual-reassembly ! interface Dialer0 ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 1 ppp authentication chap ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat pool Casino 172.16.1.2 172.16.1.14 netmask 255.255.255.240 ip nat inside source list 1 interface Dialer0 overload ! access-list 1 permit 172.16.1.0 0.0.0.15 dialer-list 1 protocol ip permit ! ! ! ! ! ! control-plane ! ! line con 0 password 7 080E5916584B4442435E5C login line aux 0 password 7 013C135C0A59475A70191E login line vty 0 4 password 7 09635B51485756475A5954 login ! end Show IP Interface Brief Casino#sh ip int brief Interface IP-Address OK? Method Status Prl FastEthernet0 unassigned YES NVRAM administratively down do FastEthernet1 unassigned YES DHCP up do BRI0 unassigned YES NVRAM administratively down do BRI0:1 unassigned YES unset administratively down do BRI0:2 unassigned YES unset administratively down do FastEthernet2 unassigned YES unset up do FastEthernet3 unassigned YES unset up do FastEthernet4 unassigned YES unset up do FastEthernet5 unassigned YES unset up do FastEthernet6 unassigned YES unset up do FastEthernet7 unassigned YES unset up do FastEthernet8 unassigned YES unset up do FastEthernet9 unassigned YES unset up up Vlan1 unassigned YES NVRAM up up Loopback0 172.16.1.1 YES manual up up Dialer0 unassigned YES manual up up NVI0 'show version' Casino#sh ver Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(15)) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 24-Jan-08 13:05 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YH12, RELEASE SOFTWARE (fc1) Casino uptime is 52 minutes System returned to ROM by reload at 17:09:25 UTC Fri Jul 1 2011 System image file is "flash:c181x-advipservicesk9-mz.124-15.T3.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to firstname.lastname@example.org . Cisco 1812 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of m. Processor board ID FHK120622J3, with hardware revision 0000 10 FastEthernet interfaces 1 ISDN Basic Rate interface 31488K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102 Thanks again for your help, Josh
... View more
I have a very basic level of understanding with Cisco products and I need help with what should be simple and even doable by me. I have a Cisco 1811 integrated router and am simply trying to use it on my home network. I can configure the router with an enable secret password, password encryption, VTY, aux, and cons logins with no issues. The router has 2 Ethernet interfaces, 0 and 1 and 8 switch ports. The idea is to bring Comcast ISP service into one of the Ethernet ports and then have three machines on the switch ports able to access the Internet. Also I have an off-the shelf wireless router that I thought I would just plug that into an available switch port and allow a wireless AP as well. This is so simply, that I can't believe I can't figure it out, but I can't. I set int F1 to DHCP, performed a 'no shut', and connected the ISP's router and have an up and up indication. I have setup a static network with my three machines on the switch ports and enabled all applicable ports and have up and up indications - however, no traffic flow, even amongst my static Layer 2 switched LAN - not even a 'ping'. By my understanding of Layer 2, this should work right now, whether the ISP service is working or not - WHAT AM I DOING WRONG? The addressing scheme I have ended up on is 172.16.1.0/28 Obviously without the first hurdle cleared, of why the switched LAN doesn’t work, I haven't got any deeper. Do I need to configure NAT? I don't think I would need to in the scenario right? All of my experience, and none at the CCNA level, has been with larger Cisco equipment. One thing I noticed on the 1811 was that when trying to create a new VLAN, it appears to work yet does not do anything and the 'sh vlans' output returns nothing, not even the VLAN1 I can see with 'sh ip int brief". Anyway, if anyone has time to help a newbie out I would appreciate it; I’m lost. Thanks, Josh
... View more