I'm attempting to set up a detector that fires when an application is seen. I've set up the flow monitor
2951-HQ#sho flow monitor AppWatch cache
Cache type: Normal
Cache size: 4096
[code]....
I'm runnig c2951-universalk9-mz.SPA.152-3.T2.bin
Cisco 2951 w/ HWIC-4ESW
IOS 15.0(1)M5
#sh ip flow int
Vlan533
ip flow ingress
ip flow egress
#
The SVI sends the flow data just fine, however I also continue to receive flow data from most other interfaces.
I have attached a screenshot of one of our netflow collectors indicating that many of the interfaces are sending flow data even though not configured to do so. We have two different netflow collectors, from different vendors and both confirm the same interfaces sending flow data.
Normally I wouldn't care and ignore it, however one of them uses a license limit by interface and is a bit problematic.
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
In 12.4(24)T4, I don't seem to have the SNMP detector in Advanced Security; however, it is present in Advanced IP Services.Is this a known pre-requisite? I can't seem to find any documentation or guidance from Feature Navigator that this should be the case.
Adv Sec (3845):
(config-applet)#event ?
application Application specific event
cli CLI event
config Configuration policy event
counter Counter event
[code]....
If you deploy a Cisco 1242 a/b/g access point as a rogue detector, can this be used for 802.11n wired detection as well.i.e Will the controller send the MAC addresses of the 802.11n clients and APs. url...
View 8 Replies View RelatedI'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies View RelatedEverytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
If I run show download info, I get:
context : context1
Interface Download-status
--------------------------------------------------------------
187 In Progress
199 Pending
Regex download optimization status : Couldn't get status[TNRPC Timed out]
It eventually seems to complete, but it takes a very, very long time. We are running Version A2(3.5) [build 3.0(0)A2(3.5)].
our customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
View 3 Replies View RelatedI have the situation with my new Cisco 2951 router. It has only one module on board - SM-D-ES3-48-P. I don't know what is wrong but I can't see any information about this module. When I connect my laptop to any port it's become green, but it's still green even after I disconnect PC from this port. Sh ip int brief command shows only built-in gigabit interfaces. I also connect my second PC to the router by console to monitor any changes when I connect or disconnect laptop to the module's ports. [code]
View 3 Replies View RelatedI'm setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin".
View 1 Replies View RelatedWe have an old 3725 router with a HSSI card connected to a DL3100, which in turn is connected to a subrate DS3 circuit. The plan is to replace the router with a new 2951 router and a NM-T3/E3 card.After the router was replaced, I configured the NM but the circuit remained dow/down. I'm sure it has to do with the fact that the DS3 circuit is channelized but I'm not sure how to configure this module to be channalized. Here is the configuration that I placed on the router: [code]
View 4 Replies View RelatedWe recently purchased the Cisco Router 2951 router with the IOS 15.0. I have tried to put in my VIC2-4FXO card in it. When I did show invetery, it detected the card.[code] When I tried to configure the voice port by typing voice port, it shows % Invalid input detected at '^' marker. I have tried to reset the cad and replace with another one.
View 3 Replies View Relatedsetting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin" and the only crypto options.
View 9 Replies View RelatedI recently installed a 2951 with a security plus license..I hate it (security featuers not router) and would like to put the asa back in place.how to integrate the asa with the 2951, I believe I need to run it in multi context mode.
View 3 Replies View RelatedWe have approx. 40 branch offices that connect to our core IOS Firewall (2951) over ipsec VPN Tunnel. One particular site has been facing issues over the past few days. This site will sporadically drop it's VPN Tunnel and reestablish after a few seconds. If I run debug crypto ipsec and crypto isakmp on the site that is dropping, it is constantly going through the DPD process. If I run these same commands on another site, they seem to run DPD at all.
Here is some of the output I am seeing on the site that is failing.
Jan 8 11:18:38.873 AST: %FW-6-DROP_PKT: Dropping tcp session 111.222.3.106:50083 96.16.47.144:80 due to Stray Segment with ip ident 54856 tcpflags 0x5004 seq.no 2154004347 ack 0
Jan 8 11:18:46.061 AST: ISAKMP (4028): received packet from 111.222.255.106 dport 500 sport 500 Global (I) QM_IDLE
Jan 8 11:18:46.061 AST: ISAKMP: set new node -1497488895 to QM_IDLE
Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing HASH payload. message ID = 2797478401
Jan 8 11:18:46.061 AST: ISAKMP:(4028): processing SA payload. message ID = 2797478401
[code]....
How to get a WLC on a SRE up and running. I have a WLC installed and running on a 2951 SRE connected to a L3 switch in a lab.
I've tried to follow the Cisco document:
[URL]...
My wireless clients could only receive a DHCP allocated IP address for the 55.XX subnets defined on the wireless lan controller and SRE (shown on page 12 of the pdf). All traffic seemed to be routed via the native vlan of the inside router trunk interface and all DHCP requests arriving at my DHCP server were from 55.XX. Because of this I didn't see the point of trunking
so I've changed it to a point to point routed connection, created a 55.XX DHCP scope on my DHCP server for the wireless clients and all routing works fine.I found the document rather misleading.
configuring my Cisco 2951 router. There are three routed interfaces that I need to configure: one for the internal LAN, the second for another private subnet that connects to a Data Centre and the third for the WAN connection. I have configured the Ge0/0 interface as the LAN interface with the internal network 10.17.0.0/24. I have also configured my WAN interface Ge0/1 for internet connectivity. Now, I need to configure the third interface Ge0/2 that will connect to the Data Centre. This will be a private point to point switched ethernet link. The Data Centre will host a secondary domain controlller. So, I want it to be on the same network as the internal LAN, i.e., 10.17.0.0/24. I want to be able to see all other devices that will be located at the Data Centre just like I would see all devices connected to the internal LAN.The problem I am facing is that Cisco 2951 does not allow me to configure two routed interfaces to be on the same subnet. Is there any way to work around this problem and configure both the internal LAN and the Data Centre private network to be on the same subnet.
View 6 Replies View RelatedI currently have a 50Mbps Internet Connection provided by an ethernet handoff for hosting some webservers. We are looking at adding an additional 10Mbps Internetn connection and route BGP between the two. For the 50Mbps connection, i'm using a Cisco 2951 router. I also have another 2951 router to terminate the 10Mbps connection. Does these router have enough horsepower to fully route BGP?
View 1 Replies View RelatedI'm just double checking here because I saw one doc that didn't mention the 2900 on the data sheet but, I ve seen the 2900 listed with on others. I don't see the 2900s listed in this with the interface.
[URL]
We have just installed our first 2951 router, and were suprised to see in our Netflow collector that Tunnel interfaces appeared even though we did not configure any, I have seen other posts talking about PIM tunnel when using Multicast, but we dont use multicast and the tunnel is GRE questions are, where do these interfaces come from? how do they pick up an IP address? can we shut them down? IOS is 150-1.M4 loopback interface ip address is 172.16.224.238 ( tunnel source) see output from sh int below
Tunnel0 is up, line protocol is up Hardware is Tunnel Interface is unnumbered. Using address of Tunnel1 (172.16.0.1) MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 99/255, rxload 1/255 Encapsulation TUNNEL, loopback not
[Code]......
configuring my Cisco 2951 router with Z0ne-based firewall. This is the scenario I would like to configure.
I have two ftp servers,S1 and S2, behind the router which needs to be accessed by two groups of users, G1 and G2, from the outside, i.e., from the internet.
I have two public IP addresses, 152.12.164.203 and 152.12.164.204. The WAN interface of the router is configured with IP address 152.12.164.203. G1 needs to access S1 on 152.12.164.203 and G2 needs to access S2 on 152.12.164.204.
What are the steps in configuring the router if I need the above scenario to be implemented?
We have 50 Mb Comcast cable conencted to 2951. There is another conenction to AT&T 20 Mb circuit which goes thru' an ASA 5510. Path to Internet is as below. [code]
As long as Comcast is up, 2951 sends Internet traffic out to Comcast and uses AT&T via ASA for backup.When traffic goes over Comcast, users complain about slow speed out to Internet. If we force traffic to AT&T via ASA, speed issue goes away.
We don't see any issue on 2951 router in terms of CPU or memory util.WHat can cause slow speed despite the fact that router resources are not maxed out and Comcast circuit has 150% more capacity than AT&T?
I have a new Cisco 2951 router and I am trying to configure it for external users to connect to an internal ftp server. I created a firewall and added rules so as to allow ftp connections from the outside to the internal ftp server. I configured NAT so as to allow incoming connections through the router. I have been unsuccessful so far in trying to make this ftp connection work.I am using a zone-based firewall and for the particular ftp rule, the action is inspect so as to allow stateful inspection of packets.
View 3 Replies View RelatedOne of the route maps doesnt want to work, all the other are fine -
route-map vlan23-out permit 40
match ip address 123
set ip next-hop 87.194.168.1
If it take the ip policy off interface gi0/0.123 the client can access the internet OK but over the wrong ISP?As soon as i add the policy all internet stops
Can Cisco2951 work as an MPLS router. If yes what will be needed to make it function as an MPLS router? Else which alternative router can function as an MPLS router.
View 1 Replies View RelatedI have a Cisco 2951 Router on which I configured routes for Zone-Based Firewall. I have a FTP server inside my network and I have allowed hosts from the internet to connect to it through the router. They, are however not able to connect or they are connecting but they cannot transfer files. I checked the logs on the router and the error message is as follows:
%FW-6-DROP_PKT: Dropping tcp session xx.xx.xx.xx:21 xx.xx.xx.xx:21766 on zone-pair ccp-zp-out-in class FTPInbound due to Invalid Seq# with ip ident 0
I have talked to two Cisco Reps via our distributor and explained our network to them both and asked for suggested equipment. Our infrastructure has 4 circuits coming into the data center from our remote sites. Two of the circuits are cat5 and two are DS3. I want to use two routers to support two circuits each (cat5 and DS3). Each circuit is around 30Mb servicing around 13 locations with T1 connections, 55 locations in total. They suggested at a minimum the cisco 2951 model because we are utilizing one NM-1T3/E3 module in each router, and suggested getting the cisco 3925 model to cover future growth. I asked for a data sheet that has suggested models of routers for the bandwidth of the incoming pipes. The technicians said they would email this information over but twice now I have not received it and cannot find this information anywhere online. We currently have a cisco 2851 utilizing one NM-1T3/E3 module and they purchased a cisco 2911 to replace this unit.
View 2 Replies View RelatedReport run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
View 6 Replies View RelatedPurchased and configured 2951 router based on Telco specs that required T3/DS3 card with coax connection for MPLS. When telco showed up to install DS3 they handed me a UTP copper connection.... Can I use one of the Gigabit ethernet connections on the 2951 as my MPLS interface into the provider's cloud?
View 2 Replies View RelatedI have a site to site ipsec tunnel setup between an ASA5510 and a 2951 Router. The ASA 5510 is on a 10.x subnet with a few vlans behind it. There are also 7 other ASA5505 that connect to this box with ipsec.
The 2951 is on a 10.x subnet with multiple vlans behind it (10.x and 192.x subnets).
When I had ACL to allow traffic from 10.20.0.0 (ASA) to 192.168.111.0 (2951 - voice vlan) the connection comes online and is stable.
The minute I add any of the following, the connection drops off with Phase 2 errors: 10.20.0.0 to 10.1.200.0 10.20.1.0 to 10.1.1.0
I can add a second 10.20.0.0 to 192.168.10.0 with no problem at all. The issue only seems to occur when attempting to add traffic from 10 to 10 on the tunnel.
I am looking to setup a solution for backing up a Metro Ethernet connection on a 2951 using an 1841 and 2 T1's in a Multilink. The Metro E will be primary, and if the BGP peer goes down, I want it to switchover to the 1841. Can it be done and is there an example of the BGP setup to work off of?
View 1 Replies View Related