an online resource to assist
people who are preparing to be or already are network
engineers. This website provides a place to learn and
share real Cisco troubleshooting network problems. It
contains many valuable articles, cases, tools and
examples of how to configure Cisco PIX/ASA,
Router, Switch, VLAN, VPN and Wireless.
want to check these useful pages first:
We have a collection of explanations and suggestions on
how to resolve Cisco issues and will continue to add
For those network engineers who would like to share
insights, concerns and solutions, they can visit this
forum. Besides Cisco, this network forum is also a place
to discuss the issues of Windows OS, computer network,
Internet access, remote access and wireless.
VLAN access to another VLAN
We have 3 VLAN in our Cisco 3750G switch. VLAN 1
10.0.0.0/16 for domain network, VLAN 2 10.2.0.0/24 for
student and VLAN 3 10.3.0.0/24 for public
server access a printer in different VLAN
Here is the current configuration.
Two Firewall modes in Cisco ASA Cisco ASA can be configured
as routed firewall mode or transparent firewall mode
How to prevent loops in Cisco ASA To prevent loops using the
spanning tree protocol.
Cisco ASA default configuration The DHCP server is enabled
on the ASA
How to Upgrade License for an ASA Failover Pair
What's Cisco ASA inside VLAN 1 default IP and interface The
VLAN 1 IP address and mask are 192.168.1.1 and 255.255.255.0
What are ASA outside VLAN 2 interface and how to assign IP
Cisco ASA outside VLAN 2 interface uses the Ethernet 0/0 switch
What's Cisco ASA firewall can do
How to restore Factory Default Configuration on Cisco ASA
What's TCP normalization feature on Cisco ASA Cisco ASA TCP
normalization feature identifies abnormal packets when they are
MPF CLI command "set connection advanced-options"
How to upgrade Firmware on Cisco SG switch Login Cisco
Switch and navigate to Administration>File
Upgrading Cisco SG switch gets "illegal format"
upgrade the boot loader first before attempting the firmware
Where to enable/disable
Telnet, SSH, HTTP, HTTPS in Cisco SG300 Switch Navigate to
Security>TCP/UDP Services. You have options to setup Telnet,
SSH, HTTP, HTTPS.
Where to manage Access
Authentication in Cisco SG300 Navigate to Security>Mgmt
Access Method>Management Access Authentication.
Where to setup System
Time on Cisco SG300 Switch Navigate to Administration>Time
What's default username & password for Cisco SG300 switch
The default username is Cisco and the default password is cisco.
Cisco switch still runs old version after upgrade After
upgrade, the new image only replaces the image identified as the
How to manage ASA Failover - Step by step with screenshots
Click Device Management.
Do I change IP address when re-connect upgraded ASA No, you
How do I re-connect upgraded ASA back to Failover The
correct way to do is plug the failover cable first and make sure
both ASA sync and failover status OK
Can't access ASA after upgrading If you upgrade the
standalone ASA that used to be Failover ASA
Access problem when Upgrading failover ASA you need to
unplug all cables, outside and DMZ.
How to upgrade Failover
Cisco ASA from 8.2 to 8.4
Can't access Web
server behind NAT - Step by step with screenshots You
need to cerate Access Rule on outside
How does ASA handle NAT incoming and outgoing traffics By
design, all outgoing traffics go out via generic PAT,
How to create Access Rule in
Cisco ASA using ASDM - Step by step with screenshots
Click Add and select Add Access Rule.
How to create
Static NAT Rule in Cisco ASA using ASDM - Step by step with
How to create a Network Object in Cisco ASA using
ASDM- Step by step with screenshots In the right
pane, click Add under Address.
How to configure 1-to-1 NAT
on Cisco ASA for a web server - Step by step with screenshots Web
server uses DMZ default gateway and the Cisco ASA will take care
of the translation.
How to modify boot
order in Cisco ASA - Step by step with screenshots click
edit to change the image Boot Order.
How to upgrade ISO on Cisco ASA - Step by step with screenshots click
Tools and select Upgrade Software from Local Computer.
Can't run Cisco ASDM after upgrading ASA ISO You need ASDM
6.4(3) and later
Table of ASA and ASDM Compatibility
can I switch between Primary and Secondary ASA The "no
failover active" command is entered on the active unit, or the
"failover active" command is entered on the standby unit.
Can't access ASA using https http server enable
Cisco ASDM hangs ASDM is 32-bit so it needs the 32-bit JRE -
How to install
Xenapp Virtual Delivery Agent for Windows Server - Step by step
with screenshots In Core Components, check Citrix Receiver
and then Next.
What's DMZ in network?
How to change IP address on HP
switch without restarting - Step by step with screenshots
The DHCP server will assign the IP to the switch without
Where is encapsulation used in OSI model Layers in the
Communications model best describes network operation DoD
(Department of Defense)
SMTP, FTP, TFTP, ICMP, ARP ARE application layer or 7.
Key piece of information on which routing decision routing
decisions are based is destination network layer or layer 3
Hub, repeater, bridge and router hub and repeater are layer
1, bridge is layer 2, router is layer 3.
Placement of DTE and DCE in WAN
Common WAN services supported by Cisco
Four general rules of OSI model Created dada move down.
The Application Layer is Layer 7 which provides
communication functionality such as SMTP.
The Presentation Layer is Layer 6 which is readable and in
the proper format such as ASCII, MPEG, JPEG and GIF.
The Session layer is Layer 5 which requests and responses
between two or more stations
OSI (Open System Interconnection) 7 Layer Model
What's OSI stand for OSI is stand for Open System
What's the PDU stand for PDU is stand for Protocol data unit
It doesn't show the new VLAN You need to end the
configuration mode first and run show command.
Can you use space for VLAN name? No, you can't. Or you give
a quotation, for example "this is a test"
Operation mode down and err_disable: psecure-violation was
To fix it, run shutdown and no shutdown.
How to cerate Voice VLAN in Cisco switch switchport voice vlan vlan-id
The Transport Layer is Layer 4 Layer is establishing end-to-end
connection oriented communications.
layer 3 or network Layer is routable Protocol Routable Protocol is
different from Routing Protocol. Routing Information Protocol (RIP) and Open
Shortest Path First (OSPF) are the example of Routing Protocol.
What's LLC stand for LLC is top sub-layer of Data Link Layer or layer 2.
What's MAC stand for MAC is sub-layer of data Link layer or layer 2.
What's TCP/IP stand for TCP/IP is stand for Transmission Control
How to restrict some user to access Cisco VPN The simple solution is use
dial-in in Active Directory users and computers or NPS network policy.
Network devices keep losing connection restart all Cisco switches.
How to connect Cisco and HP switches using Fiber
Transceiver - Step by step with screenshots In the port of Cisco
switch, run these command to configure trunk.
Example of HP ProCurve Switch configuration -
Step by step with screenshots Configuration VLAN and Trunk
How to configure trunk in HP ProCurve
Switch - Step by step with screenshots Highlight the
Port you want to configure trunk and click Modify Selected Ports.
How to enable/disable a port in HP ProCurve
Switch - Step by step with screenshots Highlight the Port you want
to enable or disable.
Cisco VPN client can't establish VPN after rebooting router Run xlate to
clear translation & connection
How to clear translation & connection cache in Cisco device run the
"clear xlate" command in privileged EXEC mode
How to configure Cisco switch login using Local User
How can I hide the password in Cisco configuration?
The Cisco Three-Layered
Connectivity Hierarchical This layer is
considered the backbone of the network and includes the high-end switches
and high-speed cables such as fiber cables.
An interface whose trunk encapsulation
is "Auto" can not be configured to "trunk" mode with screenshot when
attempting to configure trunk mode in Cisco switch,
Trunk mode shows desirable with
screenshot when running show interface trunk,
How to modify date and time
on Cisco WLC -
Step by step with screenshots Login Cisco WLS Controller.
Can't delete IP Address from Cisco ASA
because is used - Step by step with screenshots When attempting to
delete a IP Address from Cisco ASA Firewall, you may receive this message:
Can't delete Network Objects/group
from Cisco ASA because is used - Step by step with screenshots When
attempting to delete Network Objects/Group from Cisco ASA Firewall,
Cisco Wireless AP is not stable
iPad can't access Cisco 1310 AP
because of WPAv2 - troubleshooting with screenshots The client was
setup their Cisco 1310 AP to using WPAv2.
Can't login some admin accounts
- troubleshooting with screenshots but only default admin account can
login web utility.
Cisco Wireless AP is
not stable Situation: the client has 6 Cisco 1241
wireless APs with 3 SSIDs in the building.
Cisco AP IOS update using Cisco WLC We have 25 1421 AP running IOS
version 12.4(18a)JA managed with Cisco 2504 WLC version 184.108.40.206.
Wireless client can't get IP address from DHCP As I understand from the
case description you a have 1242AG AP configured with three SSIDs on three
different VLANs, but only wireless clients connecting to the SSID on VLAN
300 are not getting an IP address from the DHCP server.
Can't change the Public Interface
using Cisco ASDM
A client tries to modify an access rule and he wants to change outside to a
public IP address in the access rule source.
Issue copy running-config tftp: command.
Backup/restore switch configuration using TFTP
Allow all VLANs access DMZ in
Cisco ASA A client have multiple VLANs in tier network. They setup rule
on Cisco ASA to allow LAN 1 to access the DMZ only. Now, they want to allow
all VLANs to be able to access the DMZ.
Wireless Devices can't
access the Internet - Resolution with screenshots The wireless signal is
strong and wireless devices can get IP address, but no devices can't access
to the Internet.
How to configure Cisco RV180W - Step by step with screenshots You
will have options to Run Setup Wizard, check the Status, setup VPN and
How to configure NAT in Cisco RV180W -
Step by step with screenshots Login RV180W Router using IE.
for multiple public IP
addresses go into LAN
client has a Cisco
Web Server RV042 We have setup a new
server so now we have two
server and both or hosting sites on port 80.
to VLAN in HP ProCourve Switch - The client
to setup VLAN on
After rebooting HP ProCurve switch, I lost the settings I configure HP
ProCurve Switch and applied the settings.
Copy HP ProCurve Switch configuration to another switch We bought 20 HP
ProCurve Switches and have configured one swicth
How to run ping test in HP ProCurve Switch - Step
by step with screenshots: Click Diagnostics and then
How to Upload /Download Configuration File in HP
ProCurve Switch - Step by step with screenshots:
1. Login HP Switch using Web Browser Interface.
Initial configuration of HP switch We just bought some
switches. How can we find IP and configure it?
How to configure HP Switch talks to Cisco Switch:
In this example, Cab 5 cable connects between port 1 of Cisco switch and
port 1 HP switch.
How to configure a VLAN port in HP ProCourve
Switch - Step by step with screenshot: Configure a VLAN in HP ProCurve Switch using Web
Configure Access Control Lists on Cisco WLC:
Click Security>Access Control Lists.
How to create a WLAN on Cisco WLC:
Select Create New and
How to configure multiple SSID using one port on Cisco WLC
Enter the Interface Name
and VLAN ID. In most cases, the VLAN ID is 0 or
Web Auth doesn't work: We are
running Cisco WLC 2504. I follow this article to enable Web Auth.
How to use CLI to upload/download configuration in Cisco WLAN Controller:
Enter the login information and upload (download) commands command as below.
How to use GUI to upload/download
configuration in Cisco WLC: You may receive a warning: The
Configuration File encryption snot enable if you don't check the
Configuration File Encryption. Click OK to start the upload.
Cisco AP disappears from the WLAN
Controller The client tries to add Cisco AP to their new Cisco WLAN
All wirelesses work except enterprise
wireless The client tries to create a multiple SSIDs on Cisco WLC by
following this link:
Can't convert Cisco 1300 AP to a lightweight AP The client tries to
convert their Cisco1300 outdoor AP to a lightweight AP, but it popup "Ceck
username password, enable password and re-try".
Can't convert Cisco Non-root AP to Lightweight AP the client tries to
convert their 1300 Cisco Non-root Outdoor AP to Lightweight AP. It said
Upgrade process completed, but it doesn't and it is still regular AP not
How to configure multiple SSID on Cisco WLC:
Enter the Interface Name and VLAN ID. In most cases, the VLAN ID
is 0 or Untagged.
AP problem after adding Cisco WLC V7 to
a network Situation: After enabling the DHCP Proxy in Cisco WLC by
following this instruction:
How to Enable or Disable DHCP Proxy in
Cisco WLC V7: Double click on the AP you want to manage.
How to Monitor and Manage WLC in Cisco
Wireless Control System Select Controller.
How to Setup WLC Telnet and SSH in Cisco
Wireless Control System Click Configure.
How to Monitor and Manage APs in Cisco Wireless Control System
Click Monitor or Configure.
How to Manage Cisco Wireless Control System
You have these options to manage: Monitor, Reports, Security, Mesh, ClearAir, and ContextAware.
How to Configure AP High Availability on
Cisco Wireless LAN Controller
Click WIRELESS or MONITIR.
How to Configure AP on Cisco Wireless LAN Controller
How to Add and Configure AP on Cisco Wireless Control
System Login WCS.
How to Configure Cisco Wireless LAN Controller Web
Authentication for Public Access: Create a VLAN
Interface, refer to this page:
How to configure interface in Cisco WLC:
Login Cisco WLC.
with AP behind firewall talking to WLC a. Make sure the FW is open
for udp 5246 and 5247 ports required for the capwap process.
A Cisco 1250 AP is not able to join the controller Solution: This is
because the Cisco 1250 series LAP is not supported on version 4.1.
Troubleshoot tool for AP can't join Cisco WLC You may try to use Syslog
Servers to Troubleshoot the LAP Join Process
DHCP issues on Cisco WLC With the DHCP server address being 220.127.116.11
(typical virtual IP address on a controller), the controller can intercept
that packet and quickly respond to Windows.
it possible run a Cisco WLC without a WCS? The WLC can be
completely configured and operated without the WCS
How to reset Cisco WLC The Reset button is located on the front panel of
the Cisco Wireless LAN Controller
and WCS Issues
Cisco WLC and WCS How to
Cisco WCS License invalid I just installed Cisco WCS license on our WCS
V7, but the License Center says the license is invalid. Why?
Cannot add WLC to WCS I have just installed WCS demo, and am trying to
add a WLC to it. I keep getting the error :-
Cisco WLC: No response from device When attempting to add Cisco WLC on
Cisco WCS, you may receive this message:No response from device, check SNMP
communities, version or network for issues.
Can’t add Controller over VPN in WCS v18.104.22.168 I use WCS
v22.214.171.124 to manage my 4402 and 2106 controller both running version
Management Interface in Cisco WLC: The management interface is the
default interface for in−band management of the controller
Virtual Interface in Cisco WLC: The virtual interface is used to support
mobility management, DHCP relay,
Setup Cisco WLC 2504 Using Startup Wizard System Name [Cisco_e2:6d:84]
(31 characters max): WLC2504
How to reset Cisco WLC to factory defaults I have Cisco WLC 2504 and try
to reset to factory defaults. But it always ask me the user and it doesn't
How to View the status of port security Once you've configured port
security and the Ethernet device on that port has sent traffic,
How to Configure port security Configuring the Port Security feature is
What's Cisco Port Security In its most basic form, the Port Security
feature remembers the Ethernet MAC address connected to the switch port
Connecting Cisco WLC Console Port: Before you can configure the
controller for basic operations, you need to connect it to a PC that uses
Required Tools and Information for configuring Cisco WLC: You will need
the following tools and information before you can install the controller:
WCS root password: You may try this procedure:
How to copy configuration
one AP to another through
WCS: From the WCS GUI, Configure > Access Point >
Copy and Replace AP
HTTP Status 404 - /webacs/welcomeAction.do : We are
running WCS V4 on Windows 2003. We can't access WCS website with this error:
HTTP Status 404
Failed to install WCS 2.2: Situation: The client tries to
install Cisco WCS 2.2 on Windows 2003. It failed to install it.
Can't see Cisco WCS Programs group in Start: This can be
because the user is logged on with a different user account than
the one used to install WCS as a service
Cisco WCS stops running: Here are collections of the
Cisco WCS fails to start up.
How to add a Cisco WLS
Controller to WCS: Go to Configure>Controllers.
How to install license in
Cisco WCS: Go to Help>Licensing.
How to Install Cisco WCS:
This installation is based on version 4.2.128.
How to Upgrade
Cisco Aironet 1200 AP to Lightweight Mode: Download
c1200-rcvk9w8-tar.123-11JX1.tar from Cisco.
How to Save
Cisco WLS Controller Configuration: Login Cisco WLS
Does Cisco WLS Controller support 1231 AP: We have over 30
Cisco 1231 AP. We would like to buy a Cisco Wireless Controller
2501 to manage all APs.
VPN users can't access OWA or Outlook: The client was
working on the Failover Exchange and added CAS servers to a new
VLAN. After that, VPN users have a problem to access OWA or
Outlook. Internet user opens OWA no problem.
How can I add two IP addresses to Access Rule in Cisco ASA:
I have follow this
to create a access rule
in our ASA5510.
How to configure
Access Rule in Cisco ASA: Login ASDM.
Can't assign public
IP address to an access rule on Cisco ASA: A client tries to
modify an access rule and he wants to change outside to a public
IP address in the access rule source.
VTP VLAN configuration not allowed when device is in CLIENT:
:When attempting to add a vlan to local database, you may
receive this message:
Some VLANs don’t on some switches: We have over 30
switches and over 10
on our network.
Can I setup banner in Cisco ASA: To configure the
ASDM, session, login, or message-of-the-day banner,
Laptop can't access Wireless Bridge: Our client
follows this instruction How to configure Cisco Wireless Bridge
to setup Non-Root Bridge:
I get the error: "Set Infrastructure SSID'
must be configured in order to set the 'Role in Radio Network'
How to configure Cisco
Wireless Bridge: Follow this link to assign IP
address to the Cisco Wireless AP
Some wireless SSID don't work: The client has some Cisco
1200 and 1300 wireless AP configured 2 SSID, Private (WPA
Enterprise and Pubic.
How to enable RADIUS
authentication on Cisco switches: RADIUS authentication
allow domain users to login Cisco Switch and read and/or edit
the configuration based on their group rights.
Cisco VPN requirement for Android devices: Cisco ASA
New features in 8.4(2)
Cisco VPN Reason 429: Unable to resolve server address:
The Cisco VPN client can't establish the VPN connection with
this message: Reason 429: Unable to resolve server address.
Cisco VPN client
errors: Another VPN client activates and the router limits only connection.
This table lists and describes
reason messages with troubleshooting.
Cisco VPN Reason 429: Unable to resolve server address:
The Cisco VPN client can't establish the
Cisco Switch: Unexpected BPDU
received. Port has been Disabled: “This
feature was first implemented to handle special collision
situations in which the switch detected excessive or late
collisions on a port. Excessive collisions occur when a frame is
dropped because the switch encounters 16 collisions in a row”.
Cisco Wireless is not stable:
The client has 5 Cisco APs in their Cisco Wireless LAN Controller. The
wireless keeps dropping and no stable
NAP with Cisco Routers: I have some users, which are connected to my
network via VPN. VPN terminated on Cisco router. Users use PPTP VPN to
connect to the office network. I want to use NAP for this clients. Does any
one tried this?
W2k8 NPS as a RADIUS server for a Cisco router: I currently have W2k3
IAS configured as a RADIUS server for our VPN clients connecting to a Cisco
Find out which device is using public IP address: the client
has over 30 public IP addresses. They can ping all IP addresses,
but they don't think they use all of them. They would like to
find out which devices are using them.
Enterprise Wireless keeps popup for credentials: The client
follow this "How to set up a Cisco Enterprise Wireless Using NPS
in Microsoft Active Directory"
Cisco Enterprise Wireless doesn't work:
but can't make it work. The wireless keeps popup for
credentials. The problem is he doesn't know this Cisco AP
configuration issue or IAS issue.
How to set up a
Cisco Enterprise Wireless Using NPS in Microsoft Active
Directory: Configure Cisco 1242 AP by following this
How to configure a new Cisco 1242 wireless AP
The example of Initial
configuration on Cisco PIX using ASDM: The Adaptive Security
Device Manager (ASDM) is web-based design connect to and manage
a PIX/ASA using a web browser.
The example of Initial
configuration on Cisco PIX version 5.1:
In our example, the outside IP address of the PIX is 126.96.36.199; inside IP
address inside is 10.0.0.2; the outside LAN/WAN IP range 192.168.0.0/24 and
inside is 10.0.0.0/8; the admin workstation IP is 10.0.0.10, Exchange server IP
is 10 10.0.0..3, telnet client IP is 10.0.0.11.
How to backup/restore HP swicth config using TFTP: To
backup HP ProCurve witch configuration using TFTP, please follow
How to configure a VLAN port in HP
ProCourve Switch using Web Utility:
Select the port and Mode to Untagged, which is the port that
will be used the specified VLAN, port 4 and VLAN 100 in our
How to configure VLAN in HP
ProCurve Switch: In this example, we will configure port 21 for VLAN 100
Cisco Switch Initial Configuration:
Here are the example of configuring Cisco switch 2995
How to configure channel in Cisco AP:
Q: All our Cisco 1200 AP are setup to use lease congested Frequency.
However, our security want to use clear channel 1 to 6. How do you configure
Cisco AP to use channel 9?
Can't connect Cisco 2955 to 3560G switches:
The client wants to configure Cisco switch 2955 to access one of their 3560G
switch. However, it doesn't work and the 2955 can't access the 3560.
Can't establish Cisco VPN with HASH payload can't be verified:
Situation: when trying to establish the VPN, the user receives this error: Sev=Warning/3
IKE/0xE3000056. The received HASH payload cannot be verified
How to configure channel in Cisco AP:
Q: All our Cisco 1200 AP are setup to use lease congested Frequency. However,
our security want to use clear channel 1 to 6. How do you configure Cisco AP to
use channel 9?
Configure Cisco Switch for Dell NIC Teaming: We created NIC Teaming in Dell
PowerEdge R710 server. The two NICs are connecting to the Cisco switch 3560G
without any issues. If we unplug one cable, the server still works and connects
to the network. Do we need to configure EtherChannel on those two ports.
Cisco: Wireless client can't receive the IP: Situation: The
client tries to setup Cisco wireless 1310 bridge. The client can receive the
signal but can't logon the domain. Ipconfig shows the client can't receive IP
from the DHCP server and the IP is 169.254.x.x.