Hi Experts,

This week I got a Panasonic ToughBook CF-33 and switched my ISP from Bell to Rogers.

Over Ethernet, using speed-test.net, download with Bell was 300Mbps, with Rogers is 500Mbps.

Over WiFi, the ToughBoook was 80Mbps and now <20Mbps.  On my iPhone, Rogers is getting 300Mbps.

Why is my ToughBook now  under 20Mbps?

One thing that I noticed now is that with Rogers my router is now Hitron CODA-4582U, and the SSID for 2.4GHz and 5GHz can't be the same, where on  Bell (Cisco) they were. The ToughBook now cannot detect the 5GHz SSID. Does the ToughBook CF-33 not support 5GHz?

To make matters even more interesting, my printer only has WiFi interface, which makes it on a different network because of the mismatched SSIDs

As I am typing this I am wondering should I purchase another Cisco router and make the Hitron only as modem?

Any help will be appreciated.

I'm looking for opinions about setting up DMZ VLANs on switches that are also used for internal networking vs. using separate physical switches for DMZs and internal networks.  Any concerns or benefits you can think of for one over the other.  Assume Cisco equipment.

hello experts
i have a Cisco 1852 AP, configured it to controller, several Cisco 1832 have no problem to join it, but i have two AIR-CAP1702I-D-K9, i can't get it joined, i already update the soft to same version with the controller, 8.4.100.0, from the console i got the following message, not sure why it is trying to load c3700... file.
please advice.
thanks

*Jul 20 05:58:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.89.19.78 peer_port: 5246
*Jul 20 05:58:01.255: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.89.19.78 peer_port: 5246
*Jul 20 05:58:01.255: %CAPWAP-5-SENDJOIN: sending Join Request to 10.89.19.78perform archive download capwap:/c3700 tar file
*Jul 20 05:58:01.327: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 20 05:58:01.331: Loading file /c3700...

We have a legacy XP machine  that has custom software that  it uses for data collection of devices. The software upgrade is out of budget so we decided to put a firewall in the mix.

If we have 1 ASA and need to retain the IP address of the legacy XP machine with ports 400, 900, and 950 what would that config look like?

We have Cisco Callmanagers and Unity Connections for voicemail.  Our problem is this:
We have a number, say 1234.  It is set so that when a user dials it and it is busy or not answered, it rolls to 5678, which if not answered or busy, forwards to voicemail.  

The problem is, if you dial 5678 it works properly, eventually going to the mailbox.  However, if you dial 1234, it does eventually roll to 5678, but if not picked up, it then goes to the system general message instead of the vm for 5678.

Hi Experts,

I am having a problem with my Cisco 897VA router and allowing access to internal servers from internal devices.

Any attempted access gets a not authorised response.  We can access it via IP or if placed in the host file on the user pc.  There is no issues accessing from external devices.

This however is a pain to do.  I do not wish to modify my internal DNS server at this stage or run a separate one for just one zone as this was working fine under a previous router, this has just happened since switching to the 897va.

Server we want to access has internal IP of : 192.168.0.254
External IP is: 114.xxx.xxx.153

This is my current sanitized running config:

Current configuration : 10024 bytes
!
! Last configuration change at 08:08:17 NZST Thu Jul 19 2018 by mike
! NVRAM config last updated at 21:35:34 NZST Wed Jul 18 2018 by mike
! NVRAM config last updated at 21:35:34 NZST Wed Jul 18 2018 by mike
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
!
hostname Gateway
!
boot-start-marker
warm-reboot
boot-end-marker
!
aqm-register-fnf
!
logging buffered 65535
logging console critical
enable secret 9 $9$3JnjQpR9JT50Sn$JLsMVFipNYhVK/xdt6uahIPXx87ZfnOiS8Yd36old6E
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp …

Hi All,

I am facing an issue while configuring soft zoning for host and 3 par.
when I activate zoneset on Switch1 , Switch2 zones deactivates and show 0 active path on storage and vice versa
only for 3 par. Other zones for other storage are still intact on those switch.

Dear Experts, we are moving our Data Center in the next 2 months. What should we consider and take note in order to move DC smoothly?

Our environment:
- 4 x Server ESXi6.5 (HP Gen9)
- 2 x Routers Cisco 3925
- 2 x Core Switch Cisco 3750/3560
- 1 x Firewall Sophos XG
- 10 x Access Switch Cisco CE500
- 5 x WAP Cisco Meraki MR18
- 5 x Physical Server IBM x3650

Many thanks!

I would like to know if I am on the right track.

I have a webserver directly connected to a DMZ interface on the active ASA5525X of the active standby failover pair. The failover is configured via another interface.

Right now, if the active ASA fails, the secondary will kick in but this webserver will not be accessible from the outside. What I plan to do is create a VLAN on a switch and plug in the webserver and the DMZ interfaces from both the active and standby ASAs into ports configured for that VLAN.

What am I missing? I do not plan on configuring an IP address for that VLAN or setup any sort of special routing. The only route on that switch is the ip route 0 0 gateway. The ASA DMZ interfaces are configured as ip address 172.16.1.1 255.255.255.248 standby 172.16.1.2. The webserver is 172.16.1.3. The webserver uses the 172.16.1.1 as the gateway.

When the active ASA is active, the webserver sees it as 172.16.1.1. What happens when the ASA fails over to the secondary? Will the webserver still see the ASA as 172.16.1.1? Or is there routing to be configured on the switch?

Thank you.

Dear Experts
We have hosted application on-premises which is behind the firewall.  the application runs on Ubuntu 16.4 server OS and with the components of apache2, mysql5.7, php7.x. This application has to be accessed from the external network( though the internet) which is located in other county from their office where the users will be behind the firewall.  we have to allow the access to them hence I have asked to share their gateway ip so that I can enable access only to this IP.  our hosted application by itself has authentication however we would like to add one more layer of authentication but the remote users will not accept any client software installing on to their local systems like vpn client or OTP SMS, or pass code call back.  They only prefer web based access to the hosted application and they are okay if we send the second level security pass-code to their official email so that finally we can achieve 2 level of authentication which is in additional to allowing their IP only to connect to our network.  Following were my recommendations
1.      Over internet (leased line circuit) Site to Site VPN between their firewall to our firewall so that end users will not have any additional efforts or vpn client not needed, this they denied as their IT policy does not permit to configure their side firewall
2.      Suggested MPLS VPN between their work location to our network but this also been rejected.
Now I am thinking of some solution like placing the Cisco ASA SSL VPN…