Cisco Infrastructure :: 7609 Logging Discriminator With Multiple Statements
Oct 10, 2011
I am trying to set a logging discriminator that will drom any message contans the mnemonics etc. "ABC" and "XYZ". As fists step I configure this:logging discriminator nolog mnemonics drops ABC
but when I am trying to add a second statement.logging discriminator nolog mnemonics drops XYZ
in the same discriminator (nolog) it replaces the first statement with the last. So in the show run I have always one statement for discriminator "nolog". Finally, how can I configure a logging discriminator with more than one statement? I am using IOS Version 12.2(33)SRD4 on a Cisco 7609.
View 5 Replies
ADVERTISEMENT
Mar 14, 2012
I found a new bug in cisco IOS 15.1(4)M3 when running EEM script with syslog event detector.If system logging performed using the "logging discriminator" and run concurrently EEM script with syslog event detector, then Cisco router crash and goes to reboot.
Cisco ISR G2 3925E.
View 4 Replies
View Related
Jun 12, 2013
I would like to config "when host X on v lan X goes to a network that is across an ip sec tunnel, for which v lan X network is not in the encryption domains, translate host X address to that of the asa in a network that is part of the crypto domain".
Interface vlan544 (172.16.80.0/24) is the local encryption domain, and 10.1.0.0/29 holds some monitoring servers that should not be part of the encryption domain, but rather get it's source address translated to that of the firewall in 172.16.80.0/24. Here's how I did:
# Vlan522 for 10.1.0.0/29, need to somehow have a specific nat here I guess that falls between the no nat and the generic "nat the rest to the global)
[code]...
This obviously didn't work, the second (number 2) rule is never hit. What am I doing wrong?
View 2 Replies
View Related
Jan 27, 2013
I need to increase the link capacity of 10GE to 20GE between two Cisco7609, so I feel the need to configure port channel between them, my little problem is that I have a SCE 8080 in the middle of both 7600 currently is configured inline. The SCE has 4 modules 1X10GE-L-V2 (currently in use 2), I was investigated and the truth is that I not found anything concrete about how to configure the SCE to "pass" etherchannel through it? What the SCE needs to support 20GE of traffic? (configuration and software)
I have two 10GE ports available on the SCE
View 1 Replies
View Related
Dec 13, 2006
We have Cisco 7609 routers in our network. We are using ppp multilinks between the sites. Because of the high traffic volume, we have to use multiple multilinks. 7609 router doesn't allow ppp multlink to span SIPs, so we use multiple mulitilinks between sites on different SIPs. OSPF for load balancing will be used. THE PROBLEM IS: when we define the second ppp multilink between two 7609 routers, the new multilink stays "inactive". Can we use multiple multilinks to the same router? We have enabled the command IP CEF DISTRIBUTED, but we still face the same problem". IOS used is: 122-18.SXF6
View 21 Replies
View Related
Jun 19, 2011
Is it possible to configure the ASA to:
log syslog informational to one host
and
log syslog critical to a different host
It seems that the ASA allows you to only specify 1 logging severity level for all syslog hosts..
View 1 Replies
View Related
Nov 16, 2011
I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
View 1 Replies
View Related
May 27, 2012
The config is from our MPLS router located in HeadOffice, ^controlled-ospf ^ whats its function^ routes_in ^ whats its functionhow to change standard acl to extended acl.
View 5 Replies
View Related
Aug 21, 2012
The configuration for the natting is something like this [code] If I understand the config statements 10.232.50.98 is natted to 32.x.x.66 and 10.232.50.99 is natted to 32.x.x.69 , but do we need reverse natting stements as well to work this ?
View 1 Replies
View Related
Feb 19, 2012
have 2 inside networks:
object network INSIDE_10.6
subnet 10.6.0.0 255.255.0.0
object network INSIDE_192.168
subnet 192.168.0.0 255.255.255.0
I grouped these 2 into 1 object-group:
object-group network INSIDE
network-object object INSIDE_10.6
network-object object INSIDE_192.168
Public IP address used for PAT:
object network PAT
host 152.x.x.x
I used the following statement to create Dynamic PAT to public IP address:
object network INSIDE_10.6
nat (any,any) dynamic PAT
object network INSIDE_192.168
nat (any,any) dynamic PAT
Is that correct? Also I'm using one public address to PAT both inside networks. Is there any dvantage of using 2 different ones, so each inside network would be PAT to its own address?
View 1 Replies
View Related
Oct 3, 2012
I have a Cisco ASA running 8.2 in routed mode.The ASA has three interfaces, inside, outside and DMZ. They connect to the following three networks:
Inside: 10.1.1.0/24
Outside: 10.1.2.0/24
DMZ: 100.1.1.0/24
I have the following dynamic PAT configuration:
nat (inside) 1 10.1.1.0 255.255.255.0
global (outside) 100.1.1.1
nat control is turned off.
By my understanding any traffic from the inside to outside interface will be PATted to 100.1.1.1. However, communications between inside and the DMZ will not be PATted, and should work with no problems.This seems to be corroborated by this document: [URL]Which states:"The adaptive security appliance translates an address when a NAT rule matches the traffic. If no NAT rule matches, processing for the packet continues."EDIT: I may have misunderstood the above statement.I found this guide to configuring NAT/PAT: [URL]It states:"When you specify a group of IP address(es) in a nat command, then you must perform NAT on that group of addresses when they access any lower or same security level interface; you must apply a global command with the same NAT ID on each interface, or use a static command. NAT is not required for that group when it accesses a higher security interface because to perform NAT from outside to inside you must create a separate nat command using the outside keyword. If you do apply outside NAT, then the NAT requirements preceding come into effect for that group of addresses when they access all higher security interfaces. Traffic identified by a static command is not affected."My problem is that packet tracer does not seem to bear me out. It tells me the packet is dropped due to "no matching global" when I source traffic from the inside interface and send it to the DMZ.
View 3 Replies
View Related
Jan 25, 2012
As long as I have been doing this stuff, I have never had a clear understanding of all of the 6500 boot images and statements. The more I read online, the more I get confused.
1. What is the boot image "boot-mz" for? Where should it be placed (i.e. bootflash)? what command do I need to issue in order to use the boot image I want?
2. What is the IOS rommon image for? I thought the rommon image was the boot image but apparently these are two different images. Where should it be placed (i.e. bootflash, sup-bootflash, etc). What command do I use to ensure that I am using this IOS rommon image?
View 3 Replies
View Related
Sep 10, 2012
Is there a cisco best practice on the maximum number of NAT statements on a Cisco ASA? We have a 5520 and a coworker is adding static NAT policies so a vendor can monitor around 1,029 nodes. The problem is each node inside is a 10.X.X.X and to keep the IPs from overlapping with other customers the vendor monitors they would like us to NAT to a 172.16.X.X scheme.
View 3 Replies
View Related
Jan 29, 2012
I have a 6509 running s72033_rp-ADVIPSERVICESK9_WAN-M version 12.2(33)SXH5. Four incorrect bgp aggregate-address statements were entered in which overlap. Attempted to remove the statements but they won't come out.
aggregate address 16.37.31.0 255.255.224.0 summary-only
aggregate address 16.37.30.0 255.255.224.0 summary-only
aggregate address 16.37.29.0 255.255.224.0 summary-only
aggregate address 16.37.26.0 255.255.224.0 summary only
I have entered in the correct statements and have no problem getting those in, removing them, and reentering them.
View 2 Replies
View Related
Oct 16, 2011
I have a asa 5520 with an outside and backup interface. I am trying to configure two static nat statements from the inside to the outside and backup interface. Here is what I have configured so far.
object network obj-10.1.1.254
host 10.1.1.254
object network obj-10.1.1.254
nat (inside,outside) static 172.25.10.3
I want to also use nat (inside,backup) static 172.25.10.3
View 3 Replies
View Related
Jul 11, 2011
I have a scenario with 2 7609s connected through a MPLS service with 10 GE. In each7609 we have a 24 port channelized T1 Circuit Emulation Over Card.
The requirement is in 2 parts. First, we need to provide a T1 emulation service between the 2 7609s T1 cards.
The second requirement is that in one end there is an OC3 port, so the customer wants to send the traffic from this emulated T1 onto the OC3.
View 3 Replies
View Related
Aug 30, 2012
I am currently setting up a new VRF on a Cisco 7609 which is advertising (as a RR-Client) an iBGP route to a Juniper MX960. This route is then getting sent back to the default route table on the 7609 but rejected due to the cluster-id loop prevention. Although not ideal I need this route to be visible in both tables.Is there a way of changing the bgp cluster-id per VRF rather than just globally?
View 2 Replies
View Related
Jan 15, 2012
What are the prerequisites before doing this? I have to upgrade a router this week if there is an opportunity to move it to a code that is more current that the one the client is currently running which is 12.2(33)SRD4. I see on the Cisco Support site that after this code, everything moves to 15.
View 2 Replies
View Related
Feb 20, 2011
We have a router 7609 with Supervisor Engine 720 (WS-SUP720-3B) (Policy Feature Card 3 and MSFC3 Daughterboard) and We have to configure QoS over a FastEthernet interface on a WS-X6148-RJ-45. When I try to apply the policy command I get the next log:
#service-policy output TEST_QOSbandwidth percent command is not supported in output direction for this interfaceConfiguration failed on: FastEthernet1/2 What kind of hardware and software requirements I need on my router to perfom QoS over ethernet interfaces?
View 1 Replies
View Related
May 7, 2008
Configuring MPLS over GRE tunnels. I did not find any proper configuration example. I need to do this for encrypt the traffic between two PE routers. I have 7609 routers.
View 20 Replies
View Related
Aug 10, 2011
I have a hight CPU utilisation problem in my CISCO7609-S routers. the cpu utilisation can rise 99% et this is usually. In the moment of hight CPU the the process CPU give the following:
the show processe cpu history give: show version
View 1 Replies
View Related
Sep 6, 2011
i have a problem of high cpu on my CISCO 7609 cased by LMS 3.2. I have captured the trafic flowing between LMS and the router,
View 2 Replies
View Related
Dec 12, 2011
First and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block. I used VRRP for my internal nework and failover have been tested working.
Even tried to remove link of 7204-A and 7609, the failover works perfect. If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works, but pings from internal network to internet is only 50% success....alternate 4 ping reply and 4 time out.
View 6 Replies
View Related
Jan 30, 2011
I have to do a migration of sup32 to RSP720 for which I need to know if you can operate the equipment connected with the 2 supervisors at the same time??? and it still working ?
View 1 Replies
View Related
Jan 17, 2012
I have a router CISCO 7609-S with two RSP 720 engines,and other cards are 7600-ES+20G3C,7600-ES+40G3C.One day it has a error cord " %XDR-6-XDRIPCNOTIFY: Message not sent to slot 4/0 (4) because of IPC error queue flush. Disabling linecard. (Expected during linecard OIR)" and the card resets.Cisco TAC told us it is a bug which is CSCtj05576.and I want to upgrade the ios from c7600rsp72043-advipservices-mz.122-33.SRD4.bin to c7600 rsp 72043-advipservices-mz.122-33.SRE5.bin.Now I want to know this:1, Is it right to upgrade to this new ios? Is the new ios suitable for the cards?2,I want to know the right way to upgrade ios in two engines.
Atfer I copy the new ios to the master engine and slave engine,and then change the bootvar and save config.Is it auto copy the config to de slave engine?Atfer do this ,I want to know how to apply the new ios,Does it reload the slave engine first and then force-switchover the master engine to slave engine. Or Atfer do this,I reload the router on active engine directly?
View 1 Replies
View Related
Feb 3, 2013
In my existing production router 7609 of my company, sup-engine already fixed in slot 5 with SRC2 12.2(33) IOS and I need to insert another sup engine in slot 6 with SRE7 IOS code image and after this, again sup engine in slot 5 must be with SRE7 IOS image...(also I have extra sup engines with SRE 7 code image ready with me) Query:i am going to offload router before proceed for this activity?i will insert new sup engine in slot 6 with SRE 7 ios image and now i need to re-install spare sup engine with SRE 7 code readily available with me by removing existing sup engine from slot 5 (Active) so what will be the proceedure to insert new sup engine with SRE 7 code in slot 5 and slot 6 with minimum downtime of router?
existing setup sup engine in slot 5 with SRC2 12.3 (old hardware) slot 6 is EMPTY
final result should be like this: sup engine in slot 6 with SRE 7 (new hardware)
sup engine in slot 5 with SRE 7 (new hardware)
View 3 Replies
View Related
Feb 4, 2012
Yesterday, myself and local support team has been engaged to perform troubleshooting the issue of some web site accessing .Mos of this case is cased by MTU issue, So, I've tried to configure the following configuration on interface tunnel 0.Device: Cisco 7609 with IOS s72033-adventerprisek9_wan-mz.122-18.SXF8.bin
I've tried to figure out what the supporting command after 'ip tcp' in tunnel 0 and following likes..ip tcp ?compression-connections Maximum number of compressed connectionsheader-compression Enable TCP header compression.there is no such command about 'ip tcp adjust-mss.So, my questions is that what is the replace command for 'ip tcp adjust-mss' ? Is this only support on Router? such as Cisco 7200. or not, to take effect same functional on C7609, what is the command for that?
View 3 Replies
View Related
Jun 28, 2011
I have a cisco 7609 running IOS version c7600rsp72043-advipservicesk9-mz.122-33.SRE0a.bin with the following modules..
sh mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
3 20 7600 ES+ 7600-ES+20G3CXL
[Code]....
The circuit has been tested as clean , so for the moment we have to assume that it is not a circuit issue We also have another idential 7600 in another POP with similar config that does not display the same problem
View 3 Replies
View Related
Mar 25, 2012
I have a 7609 with a Flexwan module with a PA-POS-1OC3. Is there a command to determine they type of SFP in the module ? sho controllers POS didn't provide the SFP type.
View 2 Replies
View Related
Aug 3, 2011
Im having this error on the 7609, but for other policy its working.
Code...
View 3 Replies
View Related
Aug 27, 2011
We have Cisco 7609 Router and one 6 Mbps link which is on ethernet . When we are trerminating on Gigaethernet of 7609 router it is not coming up. While same link is showing up and working fine on other routers which is having Ethernet interface.
View 1 Replies
View Related
Jan 20, 2011
Have high cpu utilization on Cisco 7609 router. when i check output "Sh proc cpu sort".
View 2 Replies
View Related
Jan 1, 2013
Is the 7600-SIP-400= & SPA-1XOC12-POS still supported in the old models of the Cisco 7609 i.e.;
CISCO7609SUP32-GE-3B7609-S323B-8G-RS7632ISK9-12218SXF
View 5 Replies
View Related