We help IT Professionals succeed at work.






A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

I have a customer that is going to 300Mbps internet soon. Needs a router that will keep up with it. Don't need wireless, VPN. Content Filtering or any bells and whistles. Just a good, solid internet router.
I would like to VPN into my company's Windows 2016 Server (just like my co-workers do), so that I can access documents while working on my Windows 10 laptop from home.  .  The office IT person has provided the VPN IP address that I need to connect to the Server.  I just need to set up a connection to the Server.

I have Spectrum internet in my home, which as a Sagemcom RAC2V1S router connected to a Spectrum cable modem.

My question is:  What ports do I have to enable/disable on my home router / firewall, in order to gain access to the Windows 2016 Server?
        I have a Asus RT-Acrh13 router that I am trying to tether to a Verizon Hotspot. The Hotspot has USB 3.0 so there no USB version conflicts should be causing this.

 What happens is this:
1:  I power on the Asus and let it get to ready.
2:  I plug in a ethernet cord to the 4th port on the system and connect it to my laptop.
3:  I then connect the Hotspot to the Asus. the Hotspot detects that a device has connected
4:  I start the Quick setup (for some reason I can't get to the setting otherwise ) and set the device as USB Modem and finish the quick setup.
5: I then go to the network map and see that the Hotspot is there but I have no internet connection.

Unplugging and reconnecting the Hotspot shows that it is dis/connected on the hotspot and on the router but nothing happens. I can set the Hotspot to USB and Wifi but that still does not let the USB connection work. Thinking that it could be the Hotspot that is the problem I tried my cell and it was the same result except that it says that the cable is unplugged ( which it is but that is not the point ) I did some research on it and as luck has it I have a phone that is just incompatible with this router: a Samsung S7. I borrowed a 10S from a co-worker and hers "worked" as in it gets a IP but I still can't get online from our systems.. I updated firmware and tried 4 different cables. the results are t he same. Any tips on this?
If I wanted to just add a PAN firewall to a DMVPN spoke site with an ISR, would it be fine for the ISR to sit NATted behind the firewall?

{INTERNET}-----[public IP]{PAN}[private IP}------[private IP]{ISR DMVPN}{private site IPs}-----{switch}

Currently the ISR has the public IP at its outside interface. The idea would be to give the public IP to the PAN and NAT to a new private IP on the outside of the DMVPN router. Would DMVPN work in that scenario?

Or would I be better off to configure the PAN as a virtual wire and retain the public IP address at the router?
What can we use to better avoid complications from lightning strikes?  All our equipment is on UPS and surge protection, but the lightning strike this morning that made the power go off and back on over a couple of seconds seems to have fried one of our routers and one of our switches. I thought having the router and the switch on UPS and surge protection would protect them, but that clearly wasn't enough.  What else can we use or install to guard against large spikes like that?  Both the router and the switch were on two different APC UPS units in different areas of the office.  There were also devices on those UPS's, but only the router and the switch fried. The other devices are fine.
On one of my DMVPN Cisco 3945 routers, show licenses revealed that HSECK9 was enabled. But the column to the right to it said "RightToUse" was No. How can a feature like hsecK9 be enabled but Right To Use be set to no? Is the feature enabled and available to the system or not??

VPN01#sho license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse
ipbasek9                 no           no          no             yes      no
securityk9               yes          yes         no             yes      yes
uck9                     yes          yes         no             no       yes
datak9                   yes          yes         no             no       yes
FoundationSuiteK9        yes          yes         no             no       yes
AdvUCSuiteK9             yes          yes         no             no       yes
LI                       yes          no          no             no       no
ios-ips-update           yes          yes         yes            no       yes
SNASw                    yes          yes         no             no       yes
hseck9                   yes          no          no             yes      no
cme-srst                 yes          yes         no             no       yes
mgmt-plug-and-play       yes          no          no             no       no
mgmt-lifecycle           yes          no          no             no       no
mgmt-assurance           yes          no          no             no       no
Have you ever fat fingered a command into a Cisco device - and then you're blocked
from entering anything further as the device attempts to resolve the "host" you've
typed. Is there any way to have the Cisco router or switch just tell you they don't
recognize the command you typed rather than assuming you want it to go on a hunt
 to resolve your mistake?

% Bad IP address or host name
Translating "sholog"...domain server (
Translating "sholog"...domain server (
Below is a snippet of sho crypto session on a DMVPN router. Altho the status of the session is down I can't get these entries to disappear from the router. I've tried "clear crypto session" and "clear crypto sa peer". Yet these keep showing up like a zombie. What's going on with this?

Interface: GigabitEthernet0/0
Session status: DOWN
Peer: port 500
  IPSEC FLOW: permit ip
        Active SAs: 0, origin: crypto map
  IPSEC FLOW: permit ip
        Active SAs: 0, origin: crypto map
  IPSEC FLOW: permit ip
        Active SAs: 0, origin: crypto map
I have an ASA adjacent to a router with the following redistribution into the EIGRP AS shared with the Cisco ASA:

redistribute eigrp 100 metric 100000 0    255    1      1500 route-map EIGRP100-TO-EIGRP10

When I look on the ASA route table it's showing an AD of 170 and a metric of 25856 for the routes in EIGRP 10 that were redistributed from EIGRP 100.

EIGRP Metric = 256 * ( (K1*Bw) + ( (K2*Bw) / (256-Load) ) + (K3*Delay) ) * (K5 / (Reliability + K4) ) )    {I'm assuming default K values 1 0 1 0 0 }

256*((1*100,000)+((0*bw/256-load))+(1*0)   *    (0/255+0) => 25,600,000
           K`1*BW            K2*Bw                    K3*dely    K5/Rel+K4

Anyhow the ASA is seeing traffic taking this route as 25856. I can not figure out where that number is coming from. The actual bandwidth between the ASA and router is 1Gbps.

Any insight appreciated!
  1. Etherchannel ON vs LACP

Any Expert to explain why we should use one link aggregation method and not the other. for instance, configure Etherchannel ON vs LACP

Thank you
If you Team TWO 1 gig NICs, will that double the speed for a file server migration?

I keep seeing references to increasing reliability / redundancy , but I'm trying to increase the SPEED for a file server migration (ROBOCOPY of 5 TB of data).

Any tips on that?

Vmware connection with Networking and Storage

on the above Diagram, I have represented the Vmware Infrastructure in regards to its connections with Networking and Storage..
This is approximate representation of the infrastructure. Please correct me where I am wrong.

All ESX hosts have 2 Physical Adapters each connected to different Network Switches and each Physical Adapter is in separate VLAN.

Switch 1 and Switch 2 have 2 ports Trunked to separte Routers, Router 1 and Router 2.

Routers can have HSRP configured for Redundancy.

Router 1 and Router 2 have each 2 Trunk connections to 2 separate switches Switch 3 and Switch 4.

ISCS Storage has 2 separate connections (Separate VLANs) to Switch 3 and Switch 4.

--- First, please let me know if this infrastructure makes sense or in real world it does not make sense

---How are the routers configured to route Vlans Traffic coming from ESX Hosts towards the Storage and how are configured to route traffic coming from ISCSI storage towards ESX Hosts. ?

I am attaching the Diagram File, and feel free to modify it to the right representation

Thank you
I have DMVPN with two hubs and an EIGRP relationship to a firewall (as well as to the spokes.)
The problem I am running into is that all of the DMVPN traffic is trying to egress Via one of the two VPN  hubs - HUB 1 - it's at capacity for passing encrypted traffic.

SPOKE----HUB 1----FW
SPOKE----HUB 2----FW

HUB1 is assigning a metric to the routes it learns from the spokes which is preferable to HUB2.
So that's why the FW is sending all the traffic to HUB1.

 redistribute eigrp 300 metric 100000 0 255 1 1500 route-map EIGRP300-TO-EIGRP100

 redistribute eigrp 300 metric 100000 10 255 1 1500 route-map EIGRP300-TO-EIGRP100

The firewall and the HUB DMVPN routers speak via EIGRP100. Hub to spokes via 300.

What I want to do is for the firewall to prefer one hub for half of the sites roughly. I could put in some static routes as a quick fix out of the traffic jam. I could remove HUB 1 from half of the spokes and that would make the HUB 2 the best path for half of the spokes. But surely there's a more elegant approach using route maps.

Something to the effect of..

If you match ACL SAVE-MY-DMVPN, you have a better metric than HUB 1. Otherwise you keep the same metric you have now and let HUB 1 keep doing its thing.

Cisco Native VLANs

I would like to now if  I have few switches that are configured with default Native VLAN 1 and few with Native Vlan 60
will the traffic still go through both native VLANs  without L3 Routing?

Thank you
is there any way to apply a feature license to a Cisco 1100 via a serial terminal? the instructions suggest you should use tftp to get the .lic file to flash. I’d rather just enter a code and finish configuration with the full crypto set.
I'm in a new gig and I want to understand what happens if a site's Internet link goes down what takes over for their default route.
The routing protocol is EIGRP.


So the switches in the OFFICE are learning their path to the Internet from the Cisco ASA which advertises
a default route inward via EIGRP. The ASA learned it has the default via OSPF from an edge router
outside of it. My guess is that the DATA CENER's default route would propagate over the WAN to
the OFFICE in the event the Cisco ASA stopped advertising the default route inward.

How could I find out the behavior of the lost default route without causing an outage?

Thank you.

I have a problem on cisco C892. At the moment I apply a ACL-IN ACL on external Dialer0 int, I lose the connectivity from LAN to internet (ping, dns, http, everything), which is unwanted. While I still have RDP access from internet network to internal server at
From LAN to INET I want to block just SMTP except from mail server.
From external network I want to allow access to everything.
From other internet addresses I want to allow only what is specified in ACL-IN access list. is my fixed public IP address I get on Dialer0 interface with pppoe connection.
(I have been said that the costumer has another 4 public IP addresses which are routed by ISP over address, but they are not in use - if relevant)
Any ideas would be more than welcome.

Here is a relevant part of router configuration:

ip cef
ip domain name domain.local
ip name-server
ip name-server
ip inspect log drop-pkt
ip inspect name WALL tcp
ip inspect name WALL udp
ip inspect name WALL tftp
ip inspect name WALL ftp
ip inspect name WALL realaudio
ip inspect name WALL icmp
ip inspect name WALL rtsp
ip inspect name WALL http
ip inspect name WALL https
ip inspect name WALL ssh
ip inspect name WALL sip
ip inspect name WALL h323
no ipv6 cef
interface FastEthernet8
 description ***INTERNET PPPoE***
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 load-interval 30
 duplex …
I want to connect a fresh Meraki switch to a Cisco ISR. By default the ports on the Meraki are native VLAN 1 and type Trunk. If I make the native VLAN 10 on the ISR's port attaching to the Meraki switch that would create a native VLAN mismatch - but still the two devices should be able to talk to each (assuming I have a DHCP scope on the ISR for VLAN 10).

If I have an ISR (say 4331) configured with inside trunked interface as follows:

Hostname(config)#interface FastEthernet0/1
Hostname(config-if)#no ip address

Hostname(config-if)#no shutdown

Hostname(config)#interface FastEthernet0/1.1
Hostname(config-if)#encapsulation dot1Q 1 native
Hostname(config-if)#ip address

Hostname(config-if)#interface FastEthernet0/1.2
Hostname(config-if)#encapsulation dot1Q 2
Hostname(config-if)#ip address

ip dhcp pool MGT
 domain-name acmefoo.com
ip dhcp pool DATA
 domain-name acmefoo.com

The meraki should pick up an address from DHCP for VLAN 10 owing
to the fact that those frames would be untagged despite the fact that the default
native vlan on the Meraki is on. Correct?
Hi support,
I should disable nat on a fritz avm 7590 router (I have a public subnet)
in the configuration menus I can't find the way.
Do you have any suggestions?
Thank you

We are looking into purchasing a replacement NAS for home.  My wife wants to get one that is less noisy than the QNAP TS-451+ 4 bay one we currently have.  I know that the disks are the noisiest part of any NAS, I can't really afford SSDs though, especially since I have currently used 8tb of space (RAID 5).  I was looking at the models of the Synology with 4-5 bays, NVMe slots for cache and are easily expandable.  Synology said that the only easy way to move my data to their NAS from the QNAP would be to have both up and running and map both as drives on a window computer and then copy all data from one to the other.

I guess my question is many-fold:
  • What is the best Quietest NAS (including the disks)?
  • What is the easiest way to transfer the files from one to the other?
  • Is there any way to do this that won't cost me an arm and a leg?

Just to be clear - this is because we are switching from a combination of Verizon FIOS and AT&T to Optimum Altice.  So the NAS has to be moved from its current location in my home office, into the living room because the Altice is a combined Cable box and Router.  If I could just connect via Wi-Fi, I could keep the current setup.

I started a list on amazon with new NAS devices in mind:
I want to change the Vlan assignments on port 7 on an HP Switch.

Currently this port has no untagged vlans.  But it does have 2 x Tagged Vlans.

I think that was done by mistake and currently when I plug ethernet cable into that port no data comes from it.  I think the solution is to change 1 of the Vlans on that port to be untagged.

I hope it is as simple as:

>Vlan ##<enter>
>untagged 7<enter>
>write memory<enter>

Can anyone confirm?

Or should I
>vlan ##<enter>
>no tagged 7<enter>
>write memory
>unstagged 7<enter>
>write memory<enter>
I have 3 cisco routers with gateway to gateway vpns setup. Location 2 can ping the local domain (mydomain.local which resides at Main Location1) and everything works just fine. Users can connect to the domain perfectly.

Location 3 cannot ping mydomain.local or the netbios name of the server at MainLocation1. I can ping the ip address of the server at MainLocation1.

MainLocation 1 (Where the server resides)
Location 2 (satellite office)
Location 3 (satellite office).

On the workstation at Location 3 I manually assigned dns 1 to the server's ip.

Other details: All of the routers are the same. Any help I can get would be much appreciated!
I've been converting a number of network sites from the use of wooden shelving to 19-inch rackmount.
I understand the rackmount post-mounting standards but didn't realize the wide variety of equipment manufacturer mounting bracket designs.
Also, I've done considerable web searches and don't find details for such seemingly mundane things.
To keep it simple enough here, I'm interested in L-brackets or "ears" that attach to the front corners of "19-inch" full-width devices: switches, routers, firewalls, etc.

Generally, the brackets are attached to the device with small flathead screws.
The simple question of "what size are those screws?" seems to be hard to determine.
Juniper Networks
I can imagine that there is variation in screw size within companies' product lines.  Is that a common situation?
What sizes?

Right now, I need a set of mounting brackets and screws for a Juniper Networks SRX340.  
Where can these be purchased?
Went on a call to a new client today, who has been having issues with their network.  They have a DSL modem with WiFi on channel 1 (Since disabled) cascading to a TP-LINK Archer c5400 (Upgraded firmware today).  They are working on getting the PPPoE (Centurylink DSL connection) so we can bridge the DSL modem and set the router up properly.  Some devices hardwired and wireless will not function because they are getting a DHCP address from the DSL modem.  I can log into the DSL modem on those computers.  Is this a malfunction in the TP-Link (It only happens less than 10% of the time and very random on devices)?  I have had very bad experiences with TP-Link switches, are their routers any better?  The owner said the problems have always been existant and the old IT company (who installed it), could never get it working 100%.  I am recommending replacement of router, but wanted to hear thoughts on this subject.  The client will be ordering their own new router, and won't have until Monday.  This should be a non-issue once the modem is bridged.

If I release the DHCP enough times, it will go back to the correct DHCP server of the router and start working properly.  The DSL modem is not accessible by devices connected when getting the working IP address.
Hi guys,
I found this switch that will be potential candidate for my lab.
can you give me confirmation on the technical details?

24 rj45 Port Giga Ethernet ?
4 SFP (not SFP+) port ?
Possibility to add 2 modules of 2 SFP+ 10GB port each?
Layer 3 routing?

I don't understand what type of pci-e card + sfp module I need for my server or workstation






A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.