image naming convention:
w7 = autonomous
w8 = lwapp

To downgrade LWAPP to autonomous
1. plug a tftp server directly into AP
2. download latest c1140-k9w7.. rename to c1140-k9w7-tar.default
3. configure tftp server to
4. hold down mode button until red
5. AP will grab image and boot to autonomous

To upgrade autonomous to LWAPP
Pre 12.2 code – use upgrade utility

Newer APS:

1. Download latest LWAPP image from cisco website
2. Put laptop running tftp and access point on same network
3. Run the command below

AP# archive download-sw /overwrite /reload tftp://

router eigrp 100
no auto-summary

router bgp 65001
neighbor remote-as 32880
maximum-paths 2
address-family ipv4
redistribute eigrp 100 route-map EIGRP_to_BGP

route-map EIGRP_to_BGP deny 10  <–routes not to advertise
match ip address 10
match route-type internal

route-map EIGRP_TO_BGP permit 20 <– allow all other redistribution

access-list 10 permit

sla monitor 10
type echo protocol ipIcmpEcho interface outside
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 10 life forever start-time now
track 1 rtr 10 reachability

route outside 1 track 1
route backupisp 254

This example will redistribute vpn traffic into your eigrp network.

1. Turn on reverse route for your crypto maps

crypto dynamic-map Outside_dyn_map 20 set reverse-route <– for a remote access VPN
crypto map Outside_map 1 set reverse-route  <– for a L2L tunnel

2. Make route map and define traffic

access-list VPN-Redistribute standard permit  <– VPN traffic
route-map Redistribute permit 5
match ip address VPN-Redistribute

3. Define eigrp process, including your inside network

router eigrp 10
redistribute static route-map Redistribute

track 10 ip sla 10 reachability
delay down 5 up 5

ip sla 10
icmp-echo source-interface GigabitEthernet0/0.100
threshold 30
timeout 3000
frequency 3
ip sla schedule 10 life forever start-time now
ip sla logging traps

ip route track 10   <–install only when sla 10=true
ip route 100   <–otherwise use route with higher metric

In CUCM, sip redundancy is provided by either route groups/route lists or srv records.
The only method for sip redundancy on CME systems are srv records.

ip host
ip host

ip host srv 1 50 5060
ip host srv 2 50 5060

ip domain lookup
ip name-server
ip domain name


This example will use los angeles all the time unless unreachable, then use new york,
If I were to set both priorities to 1, they would load balance. The 50 is weight, so you could set 60/40 or whatever..

In this example, a route is installed when an address is NOT reachable..
Useful for backup routes, or automated turnups

ip sla 6
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now

track 101 ip sla 6 reachability
track 102 list boolean and
object 101 not

ip route track 102

In this example, a route is installed when an address IS reachable.
ip sla 6
timeout 500
frequency 3
ip sla schedule 6 life forever start-time now

track 101 ip sla 6 reachability

ip route track 101

If you do not have vCenter and you want to be able to collect performance stats past 1 hour, this option is greyed out in the vSphere client, however turning this on is pretty easy:

  1. SSH to the host
  2. Open the file “vi /etc/vmware/hostd/config.xml”
  3. Find the <historicalStatsEnabled> tag under <statssvc> and make this true
  4. Run “ restart”

We’ve all had those oh-shit moments when changing an ip, duplex or making other changes and losing connection with a device that will end up costing someone a trip on site and possible downtime.

The best way I’ve found is to cover yourself with this command:

“reload in 5”

If everything goes according to plan, cancel the reload and write mem, but if not, you’ve minimized downtime.


Ran into this bug in ASA 8.4 where access ASDM through vpn would not work, even through relevant management was correct and I was exempting my inside network from my vpn pool. The fix was adding “route lookup” to the end of the nat exemption.

nat (LAN,TWC) source static obj- obj- destination static obj-vpn obj-vpn route-lookup