I have a Asus RT-N18U router. (but can buy another one), with DD-WRT firmware DD-WRT v3.0-r32170 std (06/01/17)
I want:
Hotspot for Restaurants that:
-People connect (no password) to WIFI
-they get a webpage (can be on router or in internet)
-webpage ask for emailadress
-once introduced emailadress and send it (to a server in internet with its MAC address) they get granted lets say 2 hours of internet
-after 2 hours they have to come back to the login page again (or better they get blocked for 10 hours with error webpage and after to login page again)
-no other service (not free and not payed) should be used

-the router mentioned offers dd-wrt with onboard radiusserver (I tried it and works), chillispot or nocatsplash (both I didn't get to work)
The router should be configured (WAN) as DHCP automatic conection and he should use his own network with his own DHCP server (so it is easy to connect him to an existing network)

I need somebody who configures the router and tell me how the configuration works. (where are modifyable files)

Need to refresh DHCP IP address reassign Needed to command

Which traffic will use the next hop in the PBR? The DENY traffic or PERMIT traffic under the ACL? I am pretty sure it means the PERMIT traffic will use the PBR but just want to double check

ip access-list extended PBR
 deny   ip 10.90.28.224 0.0.0.15 any
 deny   ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
 permit ip 10.0.0.0 0.255.255.255 any


route-map PBR permit 10
 match ip address PBR
 set ip next-hop 10.255.14.1

Select all Open in new window

Hello Everybody ,
 
 need you support RnS Expert Engineer

my scenario , the requirement are the router automatically move the the traffic flow based  link delay by using PFR with active/ active  by using Active/ Active ISP link utilization .

 here  are requirement and configuration    

LAN subnet :-
 188.117.100.172/29
 188.117.124.36 /29
my goals  to measure the traffic over all the available ISP
the  primary path of the first subent  is  ISP 0A, primary path of the 2nd subnet is ISP02
if the any ISP link experiencing any delay the  inbound and outbound shift the traffic automatically .

MY BGP configuration  
ip bgp-community new-format

outer bgp 7770
 bgp log-neighbor-changes
 timers bgp 10 30
 neighbor 172.21.8.169 remote-as 41176
 neighbor 172.21.8.177 remote-as 41176
 !
 address-family ipv4
 
  network 188.117.100.172 mask 255.255.255.252
  network 188.117.124.36 mask 255.255.255.252
 
  neighbor 172.21.8.169 activate
  neighbor 172.21.8.169 send-community both
  neighbor 172.21.8.177 activate
  neighbor 172.21.8.177 send-community both

ISP's BGP Configuration

neighbor 172.21.8.170 send-community both
  neighbor 172.21.8.170 default-originate
  neighbor 172.21.8.170 soft-reconfiguration inbound
  neighbor 172.21.8.170 prefix-list  PFR out
  neighbor 172.21.8.170 route-map BGP_COMM in
  neighbor 172.21.8.178 activate
  neighbor 172.21.8.178 send-community both
  neighbor 172.21.8.178 default-originate
  …

Hi Folks:

     I am somewhat familiar with working with the Zyxel USG line of products, but have not done things like having multiple LAN segments, VLANS and setting bandwidth rules. I am setting up a ZyXEL USG40W for a client and need to accomplish the following:

Setup requirements:

1) Set up for Cable modem in bridged mode - This is DONE

2) Have separate LANs for computers and VOIP phones - Computers on LAN1 and VOIP phones on LAN2 (Have two separate unmanaged switches - (D-LINK) one for phones and one for the computers.

     -  I have done this by setting P2 to LAN 1 and P3 to LAN 2 under "Interface > Port Role" and then under "Interface >Ethernet" setting the IP Address for LAN2 to be 192.168.2.1 as opposed to 192.168.1.1 for LAN1. I assume this is the correct way to handle this issue. (Confirmation?)


3) Create bandwidth management rules to guarantee LAN2 a minimum amount of bandwidth over the WAN (in and out) - essentially anything on LAN2 is VOIP and needs QoS.

     - not sure how to accomplish this. Should it be done by setting the Egress and Ingress  bandwidths under the "Interface > Ethernet" settings for each of LAN (given that the VOIP phones and Computers are on separate unmanaged switches? Or do I still need to enable BWM and set rules?

4) Set up wireless so that devices connect on separate VLAN for purposes of possible bandwidth management - but possibly allow specific wireless users access to LAN1 for connection to the network server …

First, If I am correct:
Standard Access-list  can match traffic based on Source IP address only
Extended Access-list can match traffic based on Source/Destination IP address , port number, protocol, etc...

well, there is also  Named Access-list. We can have Standard Named Access-list and Extended Named Access-list
  Is Standard Named Access-list similar to Standard Access-list, it can match traffic based on Source IP address only ?
Is Extended Named Access-list  similar to Extended  Access-list ,it can match traffic based on Source/Destination IP address , port number, protocol, etc. ?

Thank you

I am remodeling four homes.  I have  installed eight port structured wiring systems in all four.  Each wall jack (room) includes one ethernet jack, one cable jack, and one phone jack.  Everything is homerun to the utility room in the basement. Within the wiring cabinet located there, are punch down blocks and patch panels for all wires and cables. I would like to install  in each cabinet, an eight port router or switch to include an integrated DHCP server, and POE  jacks. One of these Jack's will be wired to a ceiling mounted Wi-Fi access point on the third floor in the center of the home. This device should be dual band AC 1200  or greater. Ultimately, the router or switch will be plugged into a cable modem providing Internet and telephone service. I am having trouble finding the router or switch, which needs to be small enough  to fit inside the wiring panel.  I also need an inexpensive access point device.  The cable modem will be mounted by the cable service provider outside the panel.  This arrangement will allow plug-and-play of any wired or wireless device in the home without the need for a PC  based DHCP server arrangement. Has anyone done this? Any recommendations? I need to keep this reasonably inexpensive.

I have a watchguard M400 (Fireware XTM 11.10) Firewall/Router with about 14 Branch Office VPN'c coming into it. We have a new software these BOVPN's need to access. There are two application servers running the software. I would like to load balance the connections to these servers. Can someone point me in the correct direction?

I have a remote client with an ASA 5200. They are going to get fiber, but for now are using their building's internet. The ASA config is below (edited for anonymity). It is able to ping the gateway (10.133.30.177), as well as 8.8.8.8 and other IPs. When attached to the 0/2 interface, a machine gets an IP in the 192.168.220.0/24 and can ping 192.168.220.1, but no further (not even 10.144.30.190). I've run "packet-tracer input inside icmp 192.168.220.102 8 0 8.8.8.8 detailed"

Here is my config:

    ASA Version 8.3(2)
    !
    hostname NY-ASA5200
    names
    !
    interface GigabitEthernet0/0
     shutdown
     nameif FIBER
     security-level 0
     ip address 172.16.0.1 255.255.255.0
    !
    interface GigabitEthernet0/1
     nameif INET
     security-level 0
     ip address 10.144.30.190 255.255.255.240
    !
    interface GigabitEthernet0/2
     nameif INSIDE
     security-level 100
     ip address 192.168.220.1 255.255.255.0
    !
    interface GigabitEthernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    !
    interface Management0/0
     shutdown
     no nameif
     no security-level
     no ip address
    !
    ftp mode passive
    dns server-group DefaultDNS
    object network inside-subnet
     subnet 192.168.220.0 255.255.255.0
    object network outside
     host 10.144.30.190
    access-list inside_out_acl extended permit ip any any
    access-list inside_out_acl extended permit icmp any any
    pager lines 24
    

Select all Open in new window

…

Hi All,
We currently manage and maintain a SMB that consists of;

Main Site
---------------
-2x ADSL2+ Connections totaling approx 32Mbps download and 1.6Mbps Upload running through a client side network load balancer.
-Ethernet Smart Switches. No VLan. No Jumbo.
-HP ML350P Hyper-V consisting of 4 VMs. Domain Controller, Exchange, Files, RDS.
-Backup Physical DC server
-Currently we have rules in place to minimize the use of the primary ADSL connection from staff at the main site to keep the bandwidth available to staff who remote in via SSL gateway RDP.

3x Remote Sites
------------------------
-Each site has its own ADSL2+ connection with varying bandwidth from 16Mbps download and 0.8 Mbps Upload.
-Users connect remotely using SSL gateway RDP access.


Current Issues
----------------------
-Remote user experience is poor and impacted by staff internet use.
-Remote user experience can be impacted by users at the main site and remote sites internet access habits. Example. If a user downloads via web browser on the RDS this effects the available bandwidth for RDS remote connections. We have rules in place to prevent this but as per all router bandwidth rules these are best effort and only in place when 80% load is placed on the connection.


Suggested Changes
------------------------------
-Add a 10/10Mbps connection to the main site. (Only recently become available)
-Add a further ADSL2+ connection to any remote sites with more than 5 staff. This …

In the example below, which wildcard mask will cover  the 4 subnets only
192.168.146.0
192.168.147.0
192.168.148.0
192.168.149.0

I though 0.0.7.255 is correct, but it will cover more than those 4 subnets.

Any wildcard mask calculator link, will be helpful.


Thanks

Which VLAN   to enable ARP inspection

I would like to know which VLAN to enable ARP Inspection. Is it going to be on the same VLAN where the Trusted DHCP server resides on ?
Or on every VLAN in the network ?

Switch(config)#ip arp inspection vlan <VLAN Name>



I also wants to know about the DHCP Option 82 configuration.
Using IP helper-address <IP address> is enough or  we need to add:
ip dhcp relay information option

Thank you

hi experts,

 user's can't get to this website www.spotify.com. i already checked firewall and web filter and it's not blocked there. I ran out of ideas