I have a customer with a unique configuration. They have two point to point connections - one using a laser link between buildings, and a backup fiber connection running ospf. Issue is when the laser link goes down, there is loss/no forwarding during the reconvergence, causing issues with transffering video feeds.
View 7 Replies
We have 2 sites, each with 2 x 4506 switches which will be connected togther using an etherchannel. The switches will provide access ports for client devices and will be configured with HSRP to provide gateway redundancy. SW1 will be HSRP active.2 metro ethernet links will be installed in each site which will connect back to our HQ sites. OSPF will be used over the backbone to provide resiliency and to allow shortest path routing to each HQ and to prevent traffic over the HQ to HQ link.
The 4506 will be trunked togther with an SVI for providing OSFP adjacency.For the traffic flow from SW2 to HQ2, traffic will hit SW1 and then route back to SW2 and then to HQ2. Is this the best way to do this? Should a second link be connected between switches just for routing or should something like GLBP be used?
i have two Cisco 3845 routers connected to 3 different ISPs ,
-ISP 1 with link bandwidth of 24 Mbps
-ISP 2 with link bandwidth of 16 Mbps
-ISP 3 with link bandwidth of 8 Mbps
i have a public AS from a ripe along with 2 Class Address (Public independent)
1) what is the best design and configuration to utilize the 3 Links ,outbound and inbound (since we have our public address along with AS) my boss told me,all These 3 links must be active
2)what is the recommended design and configuration for the whole topology , pls share the best gotchas
3)what is the need of iBGP?why we need it when we run bgp?
I have a cisco 1841 router in place. I also have a ADSL module which fits into the cisco router. My understanding is that if configured correctly, If the primary circuit were to fail (Ethernet Circuit MPLS), the ADSL would take over services until such time the ethernet link becomes available.
Therefore the ADSL circuit is used as a resilient link. If this is possible, can the Cisco 1841 be setup to automatically switch over to the ADSL? Would there be some sort of heart beat between the ethernet circuit and adsl circuit?Also from the other end of the Cisco router, the connection goes into a firewall. If the Cisco handles the failover, I assume I would not need to configure anything on the firewall.
The end users beyond the firewall, should be able to continue, however the performace would be degraded?
Possible to assign reslient WLCs to an OEAP 600?
The web GUI of the OEAP itself only has a single field to enter the address of a single controller.
But, I wonder if once the OEAP is talking to your WLC across the Internet, you can allocate HA settings to the OEAP so that it can fall back to a secondary WLC if your main WLC fails.
This is sort of hinted at in the docs I have read, but I have not been able to find it explicitly stated anywhere.
It would be nice to have 2 DMZ-based WLCs at two different data centres to allow remote users to have a fail-over solution, but I need to be sure that this is supported before implementing.
Will Resilient Ethernet Protocol (REP) run on all Cisco switches (2960S and 3010) or is it only available on Service Provider switches like the ME3400E?
View 2 Replies View RelatedIs GET VPN be a better choice than DMVPN in order to support VoIP, Video over IP, Advanced QoS and Multicast? I think it should be the better choice based on what is described as the benefits and how it works but I just want an expert opinion.
Can separate groups be created using the same key serves? I need to protect two functionally separate WAN segments that terminate on the same DC core routers. However I want the separate WAN segments to have different encryption policies. Is this possible?
It is stated in the deployment guide for GET VPN that "Network Address Translation (NAT) is not supported by GETVPN. NAT must be performed before encryption or after decryption when GET is used." However the NAT capability is required on all the routers.
The 2900 series routers has embedded hardware encryption but according to the router perfomance guide, with a mix of traffic such as NAT, QoS and IPSec VPN they are unable to provide 100 mbps of throughput. Does the new ISM VPN modules would allow the routers to achieve 100 mbps of throughput with the services mentioned above?
we have anew office and have a 2800 router as a WAN router it has a 3G card and a DSL link. We have a ASA which has to be configured to 2800 router. we want that ASA shd have a VPN link with pirmary site over DSL if DSL fails it shd automatically fall to 3G....what we really need and how it would be done interims of IP addressing do we need any special IP from service provider.?
View 2 Replies View Relatedand this router will connect to 18 access point.and each access point need 30 usable host...how to design this netwotk, what subnet should i use...there is only 1 router, so just have only 1 default gateway,it is if the network have too many host, the speed will slow down, because they need wait others host to broadcast?
View 11 Replies View RelatedI have configured four E1 links between two locations on my 3745 using WIC-2T cards. At both ends all the serial links are configured as ip unnunmbered fastethernet 0/0 encapsulation ppp OSPF is enabled without CEF I would like to know how load balancing will occur in this scenario?Will all my links be utilised at the same time? Will multiple links be used only when the need (in terms of bandwidth) arises?
View 3 Replies View RelatedI will be configuring all the MEC links on my 6500 VSS chassis tomorrow morning and one thing I am a bit confused about.According to the best practices guide they suggest you configure all etherchannels trunks to be in desirable mode. All the trunks are using LACP active - active right now but that's only to one chassis.Should I change all my MEC etherchannel trunks to desirable mode or just leave them active-active?
View 6 Replies View RelatedI got a Cisco 870 router. running C870-ADVSECURITYK9-M), Version 12.4(15)T7, does this support two link from different ISP.
View 2 Replies View RelatedI purchased a Cisco 520 and am trying to set it up on my home network.Its ADSL PPPoA for WAN.I am trying to setup 2 LANS. One General Network,One DMZ for webhosting.Now, since this router has 4 ethernet ports, i assumed i did not need VLANS. Except when i try configure an interface with an IP address i get this error: % IP addresses may not be configured on L2 links.Now. Ive looked around on the internet about this error. And it seems that since these interfaces are not Layer 3 interfaces,they need to be associated with VLANS.This would be OK. Except this requires an IP address on an interface on the router! Back to square one.
View 6 Replies View RelatedI'm working on a new network design for my company. We're expanding and opening some more offices and satalite sites. We're a UK based company but opening some US sites.We have a main UK office (Office A on the diagram) a call centre (Office B) and then two buildings on another site (Office C). The USA offices will be very small and only require a couple of computers, hence the small IP allocation. I have marked the IP addresses of the links on the diagram, I intend to use 3560 switches for all the switches marked and all links will be layer 3 to route multiple VLANs from each site to each site (where permitted). question is this: How do I achieve this in the switches? I'm thinking that OSPF is the way forward, is this right? I want to do as little configuration on the switches as possible to allow for dynamic updates of the network (i.e. I don't want to add static routes for everything).
View 7 Replies View RelatedLocal LAN is connected with cisco 2800 router and SRX 210 Firewall, currently all LAN segment will go to my Data Center via ISP A and all internet traffic from LAN segment will go to internet via SRX firewall, there is no relation/connection between cisco router and SRX firewall. I have separate AS no. s for both the ISP
I am having attached scenario. based on current one I would like to do following.
1. I need to use PBR at LAN Switch ( its L3 Switch) such that in normal scenario - local VLAN traffic is equally distributed on both ISP.
2. dedicated internet traffic will flow through ISP B only and if WAN link of ISP B goes down, the internet traffic will pass through ISP A.
( in normal scenario, ISP A will utilized 100 % for LAN traffic to reach it to DC but once ISP B link goes down, the b/w of ISP A will be divided to route 50% traffic for LAN segment to DC and rest 50% traffic of LAN segment to internet)
The regular problem with the LMS topology and WAN Links when you see the branches are disconnected from the HQ BUT in my case the branches are already connected via Layer2 links but unfortunately some intermediate layer2 modem/switch exist in some branches which prevent CDP discovery but you will find both HQ and branch router in the same subnet .
View 1 Replies View RelatedWe have a 3845 router at one of our remote sites. We want to connect the router to our central office using the two gigabit ports. One link would be the primary and the other would be the secondary (backup).
The router is running EIGRP and the two ports would have different ip addresses. How can we set up the router to use gi0/0 as the primary port and gi0/1 as the secondary (backup) port? The backup port would only be used if there was congestion on the primary port or if the primary port went down. Is there a way to force the router to make the primary link the best route?
Remote Router Sample Config:!
int gi0/0
desc primary link to Central Office
ip addr 10.0.1.84 255.255.255.0
[code]....
I have two Internet links:ISP1: only Site 2 Site VPNsISP2: only HTTP/HTTPS traffic and incoming remote access VPNs With the security plus license I could correctly configure them both as active at the same time on the same ASA device. Also, I've successfully accomplished the following traffic separation:
Site to Site VPNs goes out through ISP1HTTP/HTTPS traffic goes out through ISP2 The customer request is that, when ISP1 fails the S2S traffic is relayed through ISP2 -> This is working fine, I've already tested!But when ISP1's service is restored and that link is working fine, I want that the S2S VPN traffic gets relayed through it again automatically, which didn't happen. My question is: using SLA will the S2S traffic be relayed through ISP1 again automatically when it's services are restored? If not, which technology should I use to accomplish this?
PS: This is all configured on only 1 ASA 5505 whose license was upgraded.
a few of my links (all BT ADSL on Cisco IAD887s) suffer from drops in PPP, the physical circuit doesn't drop out, just the PPP and LCP
000489: Aug 12 12:13:22.085: Vi2 PPP: Missed 5 keepalives, taking LCP down
000490: Aug 12 12:13:22.085: Vi2 PPP DISC: Missed too many keepalives
000491: Aug 12 12:13:22.085: Vi2 PPP: Sending Acct Event[Down] id[19]
000492: Aug 12 12:13:22.085: Vi2 IPCP: Event[DOWN] State[Open to Starting]
000493: Aug 12 12:13:22.085: Vi2 IPCP: Event[CLOSE] State[Starting to Initial]
i need to design a site-to-site VPN and VPN for remote users. I have attach a drawing, need to know if this is good setup. Mostly my concern is security. Im using ASA5520 for edge firewall and Linux firewalls are for additional security.I have to create 5 site-to-site VPN using IPSEC and 5 remote VPN clients. Site-to-site VPN are for trusted Office and remote VPN clients are only for our staff use.
From the diagram ASA5520 is configured as followed
outside interface is set to security 0 and connected to boder router to internet, inside interface is set to security 100 which is connected to a linux firewall which then goes to our internal lan.DMZ interface is set to security 50 which is connected to DMZ segment ,I decided to use the 4th interface for all VPNs which is set to security 100, and for this 4th interface i have created two sub interfaces vlan 400 (for site-tosite VPN) and vlan 500 (for remote access VPN). I did this because i have to use two separate linux firewall box. Linux firewall box for Site to Site VPN is configured with NAT but Linux firewall box for remote access VPN users are configured without NAT. I also want to know do i need to create a CA server or can i use pre-shared key with XAuth for remote access VPN users?
We have a site to site VPN from one client location to our production center in offshore. At the client side we have a PIX 515 used for the tunnel. Since the client requires a backup VPN over a different ISP we will have to add the ISP to the same PIX and then create the secondary VPN.
how we can acheive two ISP's on one PIX since only two Ethernet ports are availble.
PIX Details:
Cisco PIX IOS 7.2(2)
PIX-515E, 128 MB RAM
i have two links between two sites in my company. The second one is new and uses IPVPN connection. I am searching a way to use both of them. I don' t want to load balance. I want to send some protocols from the first link and some other from the second. ex. rdp from link 2 and everything else from link 1
View 3 Replies View Relatedi want complete details about ethernet design and technologies
View 1 Replies View RelatedI have gotten the assignment of constructing a fictional network for my school.. and i cannot quite agree with myself upon which equipment i should choose.. its supposed to be all cisco. i need to supply 5000 users all in all, but only 300 on this site. i need to know which connections would be the most reasonable to use and of course which routers "if any" and switches i need.. (+ additional modules if needed) i have tried to make a visio representation, but i just think something is way off.
View 6 Replies View RelatedAny good way of depicting serial links in Visio? Manually drawing is pretty clunky and quick searches in google isn't turning up much.
View 10 Replies View RelatedI have a new project coming up that will require more IPs added to an already quite full class C network. My other issue stems from foolishly putting all hosts in the crowded C network onto the management VLAN. In turn, I have to make each port a trunk.Moving forward I'm wondering what's best for design.or if I should just attempt to change the subnet mask across the board.?
View 5 Replies View Relatedcan a Cisco 2811 router bundle 2 or 4 ADSL lines ? Reason am asking, we need a device that would be able to bundle 2 or 4 ADSL lines from ISP so that we can you it as backup link in-case the company Internet link does down.
View 5 Replies View RelatedI am using Cisco 861 router for simple network access. I have configured the router correctly with support from few folks of this community but now I am facing a different problem. I am able to ping, tracert and nslookup any internet destination. I am also able to brows secure sites like [URL] but normal URLs like [URL] is not working. I have tried to debug IP TCP Packet Port 80 but it is not showing any results.
View 2 Replies View RelatedI am in the process of planning our new network. Our business is changing from hosting its own data centre, to moving it to a professional facility. We have 120 users, over 100 servers (physical and virtual) and three sites (main premise, data centre, dr site). The new network will connect all three. Our new WAN links are almost ordered. We will be making use of a managed MPLS IP VPN, with a 100M access rate at each site. I am currently focusing on the desing of the network at the main business premise. We have a significant investment in Cisco 2960 & 3750 switches and Fortinet firewall appliances. I plan to re-use these in the design.
Our current LAN is very flat and I want to segment the network. My plan is to create a number of VLANs, enable the Inter VLAN routing on the 3750 and then attach the 3750 to the Fortinet appliance which will provide stateful firewalling and traffic policin based on the VLAN (subnet) addresses. It is important that the traffic be routed as quickly as possible from this site to our prod and dr data centres.The 2960's act as the access layer, the 3750 as the distribution layer. The 2960's will connect via port channels (layer 2) to the 3750's and the VLAN interfaces will be configured on the 3750.
I was then planning on creating a VLAN on the 3750 to connect to the Fortigate appliance with a /29 address to limit the addresses used whilst also providing some flexibility for any future design changes.I want to implement a little security between the VLANs on the 3750 switches. I have a question about this coming up.I then plan to use the Fortigate appliance to do basic traffic policing based on source/destination addresses.
The WAN routers will connect to the Fortinet appliance on a Gigabit copper interface. The WAN routers will run HSRP between themselves and only one router will be active at any one time. The failover will be managed by the Fortigate and Cisco routers.I plan to define those addresses hosted at the other data centres and associate them with the interface associated with the WAN.I will then define the routing on the firewall for the two other data centres through summary routes for each of the sites. We will run static routing from the Cisco 3750 to the Fortigate and Fortigate to WAN router. We have no other networks/sites and won't have any others in the future.
If I have five iBGP routers in AS 64512 and one of the iBGP router has an eBGP peer to a different AS, which iBGP router (r1, r2, r4, r5, or r8) should I chose to be my route reflector and why? Also, what happens if the route reflector router fails? Do I designate a backup route reflector? I'm new to BGP.
View 4 Replies View RelatedI have a pair of SRP527W-U units, which each connect to a seperate ISP by ADSL2+I am attempting to use each simulatenously as follows:ISP-A via CiscoA for general traffic, and to run HTTP server X,ISP-B via CiscoB to run HTTP server Y,HTTP servers X and Y are on one machine, but binding to two seperate IP addresses eg x.x.x.3 and x.x.x.4,In a situation like this, I would normally configure CiscoA and CiscoB with x.x.x.1 and x.x.x.2 respectively,CiscoA would run DMZ to x.x.x.3 and CiscoB DMZ to x.x.x.4,The server would use x.x.x.1 as the default route.Then I would set CiscoA to have a policy route catching source address x.x.x.4 and sending it to next-hop/gateway x.x.x..
View 5 Replies View RelatedI have two sites with identical asa 5505's and each has the dual wan/ISP links and are set for failover using sla monitor tracking. I would like to create a vpn between these two sites that stays active regardless of which ISP link is online. Do I simply make two crytpo map statements10 and a 20 inside each of the asa's to each of the other ASA's STATIC PUBLIC IP's? [code]
View 6 Replies View RelatedI work with the topology view in LMS 4.1. I can see all the links between the differrent switches (N7K, 3750, 3040).I miss only the links between the different N7K's. This links have one special thinks: they are configured as " rate-mode dedicated force" In the N7K cli this interfaces are displayed with the SN too.
sw-bb13# show cdp ne.The links to sw-bb11 and sw-bb21 are not painted in the topoloyview.
