Cisco Switching/Routing :: 1760 / Make Router To Drop Packets Instead Of Rejecting Them?
Mar 31, 2012
I've got a 1760 router which uses port forwarding (25, 80 and 443) for my internal network services. If, let's say, I try to open a FTP connection on the router, of course the connection will be refused. Is there a way to make the router DROP the packets instead of rejecting them? My Linux iptables configurations drop packets who fail the firewall test, so I would like the router to perform that behavior.Commands for port forwarding:ip nat inside source static tcp 10.10.0.1 80 int f0/0 80 (these work fine)
View 4 Replies
ADVERTISEMENT
Apr 11, 2012
I put a QoS in a WS-C3560CG-8TC-S version 12.2(55)EX2. in our lab file upload or download speed much reduced and drop the packets with QoS everyting is fine without QoS
Here is the config: My question is why I speed reduced a lot and packets to be dropped with QoS.everything is fine WITHOUT QoS.
class-map match-any VoIP description Voice IP Phone RTPmatch access-group 157
class-map match-any WEB description Internal Web, SSL Web, DNS query, Pinnaclematch access-group 153
!
policy-map QOSMARK
class VoIP set dscp ef
class WEB set dscp cs3
[code]....
View 4 Replies
View Related
Nov 18, 2012
For the past few days I've been attempting to configure a data T1 on a Cisco 1760, but I'm stuck at:
Serial0/0 <our ip address> YES NVRAM up down
To provide a bit of background. This router used to be configured with a T1 via Frame-Relay; which worked fine. Now we recently change offices and providers, and the provider did not offer any information as to which encapsulation type to use, and if Frame-Relay which DLCI to use, etc.
Now I've been trying to setup the T1 connection and testing various settings such as encapsulation HDLC and PPP, but no luck. I also played around with the line codes and framing; which resulted in the following framing sf int down, line prot down, framing esf int up, line prot down. Regardless no luck.
Now I've been following several guides and examples mainly the following: [URL] In this guide they make mention of a WIC-1DSU-T1-V2, but as you can see in the show diag snippet at the bottom; we have a WIC-1DSU-T1 version 1.5. I dont' know if this poses a problem for us.
Throughout the entire process I've seen a few irregularities for example:
1. Router(config-if)#service-module t1 cablelength short 110ft
^
% Invalid input detected at '^' marker.
The IOS doesn't recognize any command with service module t1 ca , and the only recognized command with C is clock.
2. If I enter the following list of commands under the serial interface:
!
interface Serial0/0
ip address 10.0.0.51 255.0.0.0
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 timeslots 1-12 speed 64
[code]...
And I do a sh run all I get is the following:
!
interface Serial0/0
ip address 10.0.0.51 255.0.0.0
load-interval 30
!
Although i can do a show service-module s0/0 I can see all of the configured parameters (see below)
Module type is T1/fractional
Hardware revision is 0.128, Software revision is 0.2,
Image checksum is 0x73D70058, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is line,
Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536 Kbits/sec.
Last module self-test (done at startup): Passed
[code]...
View 19 Replies
View Related
Mar 1, 2012
I just got a new 1760 router, I have an issue.
My FastEthernet 0/0 interface uses DHCP and got 172.16.2.126 /16.
My Ethernet 0/0 interface is my internal interface, it has static 192.168.0.1 /24.
On the Ethernet 0/0 interface, I have a PC attached, IP 192.168.0.150 /24.
The router's gateway is set to IP 172.16.1.1
My PC can ping 192.168.0.1 and can ping 172.16.2.126 (both interfaces of my router).
My router can ping anywhere on the Internet.
But my PC cannot ping 172.16.1.1. Firewall disabled, all security disabled.
[code].....
View 1 Replies
View Related
Dec 10, 2011
I'm currently pursuing to take my CCNA and am currently studying for it, but have recently encountered a problem with one of my 1760 routers that I can not solve.Yesterday I went to boot up my router like normal, however when I went into hyperterminal I noticed the router was in Rommon mode. Thinking I could change the configuration registry, I tried to bypass the NVRAM by using confreg 0x2142. However this still causes the router to go into Rommon mode. I am getting an error that states that there is insufficient memory to load the IOS image. [code]
I have used the dir flash: command and can see the IOS image, and try to boot from it (boot flash:iosimagename) but it will still go back into rommon mode. I also just swapped the RAM from my other 1760 into this 1760 and it booted up and went into normal configuraiton mode without any issues. However, the other router now will not load it's IOS image and I get the exact same error.I'm at a loss here, and have searched to figure out where or how I can just wipe the router clean to try and start fresh, but cannot get out or Rommon mode. The only thing I can think of is that the RAM went bad since it wont boot up either machine.
View 1 Replies
View Related
Mar 13, 2012
I can not get dhcp to work.I can ping from the switch to both vlans...
here is my config for the router.....
Router is a 1760
Current configuration : 1379 bytes
!
version 12.4
service timestamps debug datetime msec
[Code]....
View 1 Replies
View Related
Aug 10, 2012
Got a problem with my 1760 router. Bought it from ebay and booted it on today and got this error,It has 180224K/16384K bytes of memory and 2 paritions of 32768K flash.I erased both partitions and put a different version of the IOS on (still 12.4) and there is no difference, still get the errors.These aren't on any of my other 1760 routers so I assume they are linked to the problem.
View 3 Replies
View Related
Oct 21, 2012
How to configure ASA not to drop packets with ip option 7 (record route)? According to the docs, ip inspect ip option will drop all ip option packets except 0,1,and 20 (EOOL, NOP, or RTRALT):
"If an IP header contains additional options other than EOOL, NOP, or RTRALT, regardless of whether the ASA is configured to allow these options, the ASA will drop the packet. "
Also, policy-map type inspect ip-options treats only these 3.
View 1 Replies
View Related
Apr 11, 2012
Would it be possible to make a socks proxy (not normal http) which dumps all outgoing connection/packets to a file then can change the file then re-send it?
View 1 Replies
View Related
Nov 1, 2012
My workstation(10.0.0.250) directly connected to 6509_1 switch. 6509_1 is gateway with ip 10.0.0.5/22. Sometimes routing stop working, but after 3-5 minutes all back to normal.When issue occur i can't ssh to 6509_1, but i connect to second 6509_2 (10.0.0.6) and i can ssh to 6509_1 from it.Then form 6509_1 i try to ping my workstation Wireshark on my workstation show that packet arrive. My workstation reply on it, but switch not accept it.How it possible? As I say after sometime all go back to normal without any changes. [code]
View 2 Replies
View Related
Aug 8, 2012
When you use the command switchport trunk allowed vlan add [vlan-id]There should be no drop in service to the existing VLANs, correct? I am trunking from a 7K to a 2960S via 2G PoCh.
View 2 Replies
View Related
Apr 23, 2012
We are currently experiencing random multicast data dropouts on ports that are connected to a 3750X in VLAN ports. A test PC was connected to a routed port and we do not have any dropouts of the multicast data.We also took a 2960G and plugged it into VLAN ports on the 3750X. Any test PC that is on the 2960G does not lose traffic. The traffic only drops on PCs that are connected to a port on the 3750X that is in a VLAN. The data drops are random and last approximatly 55-59 seconds before we start receiving multicast traffic again.
I do not see any input/output errors on the interfacessh platform port-asic stat drop also show no drops
CPU runs at about 50% on the 3750X
Below is the configuration of the 3750X
Building configuration...
Current configuration : 8454!!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-
[Code]......
View 2 Replies
View Related
Feb 25, 2013
I am running (cat4500-ENTSERVICES-M), Version 12.2(53)SG2 on the switch. I have a scenario where I have 3 end user equipments connected to a Cisco 4948 L3 switch. At the switch end port 1/46, 1/47, 1/48 are the terminating points for these 3 devices . I have added these three ports to VLAN140 (switch port access vlan140 on the gig interfaces).
The device connected to 1/46 is the one I'm testing some signalling features on. My requirement is to have intermittent packet drop on this interface so that my signalling associations would go down now and then. I'm trying to simulate a real-time network congestion/latency/packet drop in a simple manner.
I do not want to shut/no shut the 1/46 intf to cause this. Some way to achieve intermittent packet drop on this gig1/46 intf ?
View 3 Replies
View Related
Nov 24, 2012
We are seeing output drops on a C3560 switchport, this port does not have QoS enabled -- application does not need special qos treatment, as long as packets are not droppd, so I suppose all traffic will share the same queue? then how should I read the output of "show platform port-asic stats drop" which indicates that it is queue 3 weight 2 drop? I am wondering what is the best way to fix this? enable mls QoS and increase queue 3 bandwidth share on this interface or just increase the output queue depth?
switch#sh mls qos interface gi0/1
GigabitEthernet0/1
QoS is disabled. When QoS is enabled, following settings will be applied
trust state: not trusted
[Code]......
View 8 Replies
View Related
Dec 15, 2012
I am using Solawinds syslog and trying to get our Cisco routers send syslogs to our syslog server. I followed the procedure on Configuring Cisco Devices to Use a Syslog Server from [URL] Our Cisco swtches are all sending syslog messages but not the routers. I compared the config with our access switches but can't seem to find the problem:
Sample router config:
service nagleno service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryption!hostname WWF-RT1boot-start-markerboot-end-marker!security authentication failure rate 10 logsecurity passwords min-length 8logging buffered 4096logging rate-limit all 10logging console critical!aaa new-model!!
[Code] .......
is there a command that prevents the router from sending the syslog to the server?
View 2 Replies
View Related
Dec 29, 2011
I started having connectivity issues between my core 4506E (Sup7E) and Cisco 2960S. There were input and CRC errors on Te int (SFP 10Gb - LRM) on 2960S, which cause the interface to reset and drop connections. While troubleshooting this issue, I have replaced patch cords and also had the tech checking the fiber. He said that there was some residue on one of the connectors, so the light levels fluctuated in 1300nm, but worked fine in 850. Well LRMs are using 1300, so he re-polished the tips, which worked to stabilize the light levels. After all that, I was still receiving the input/CRC errors, but the connection was NOT dropping. As my last resort I swapped the SFPs between the core and 2960, thinking I should start having issues on the core end. Well, here's what happened: I stopped receiving input/CRC errors on 2960 (also no errors on the core), but 2960s started generating Rx power high alarms: [code]
View 1 Replies
View Related
Jul 25, 2012
I have users connected to a 2960-S running 12.2(53r)SE complaining of slow network, specifically Internet performance while the upstream 2960 on the same vlan has no such issues, so I don't suspect link congestion on the face of things.I'm planning on upgrading the code, but wanted to see what could be checked first. I'm seeing some drops but could use some tips on how to proceed from here as to what might be the issue. CPU is under 10% whenever I check it.
View 7 Replies
View Related
Nov 27, 2011
In my cisco 3845 router I can see output packet drop in some of the interfaces.I suspect that router is processing packet beyond its mix throughput limit. Moreover when i run show int fax/y switching command I can see packet drop by RP process.
View 11 Replies
View Related
Aug 28, 2012
I have a network that has a pair of 6500 switches on either end, running HSRP. In between each 6500 are two to three ruggedcom switches. They are connected to each other and the 6500's by trunk ports in a straight line. The 6500's see each other as CDP neighbors, and the 6500's can see the rugged- com as LLDP neighbors (ruggedcom only supports LLDP).
The issue is that randomly devices on the ruggedcoms will drop offline and then come back. The problem is that the devices that drop offline are all in the same VLAN, so it appears like a virus - i.e. one device drops off, then multiple. Eventually the HSRP starts flapping between the two 6500s and this causes havoc on the network.I'm almost to the point of taking a laptop and plugging it into one of the ruggedcom's to see traffic, but the issue is that the ruggedcoms are outside in cabinets that laptops shouldnt be exposed to.
View 2 Replies
View Related
Oct 19, 2011
I have a stack of 4 Cisco WS-C2960S-48FPS-L switches running c2960s-universalk9-mz.122-58.SE1 code. One of our network monitoring tools is indicating discards on a certain port on the switch. Upon further investigation I am seeing the Total output drops values change in a very odd manner.
The numbers seem to go from 573 to 1146 to 1719 then back down to 573 and it starts the same pattern over: [code]
The port utilization is quite low, the highest I've seen over the past 7 days is 3.5% with a polling period of every 30 seconds using Statseeker. Yet the discards are bouncing all over the place.
I've searched though the bugs for 12.2(58)SE1 and didn't see anything.
View 13 Replies
View Related
Jan 27, 2013
My network Infrastructure consists of 2 core switches(cisco 3950, 24 port) and 3 access switches (cisco 2960G, 48port). No distribution layer.Both Core switches are connected to the BVI of a VPN router.PVST is running in all switches. The STP results are all good. We have 3 VLAN's in the LAN an IP routing is enables in the core switch. The network diagram is attached.
The issue we are facing is that , we get intermittent packet drops while pinging towards the access switches, and there is always a higher latency towards these assess switches.These issues are present even with no other users using the LAN. But these issues are not present while pinging towards the GW.
I guess, it is because of this, we have issues the accessing file server in the LAN. How do we go ahead with the troubleshooting. Will upgrading the IOS resolve this.The present version details is..
WS-C2960G-48TC-L 12.2(44)SE6 C2960-LANBASEK9-M
View 2 Replies
View Related
Dec 26, 2011
So, brand new Inspiron n7110 lappy running Windows 7 Home Premium (64 bit). Got it home, fired it up and found that it could see the network, but refused to actually do anything with it, or even cough up a specific error message other than 'Windows was unable to connect to (networkname)'.Fiddled with it for a while, entered and re-entered the passkey, mucked about with settings, made sure that the network name and whatnot were all entered correctly, and eventually got annoyed and simply disabled security. Lo and behold, it worked beautifully... sometimes. Connectability was still badly erratic (didn't get any unplanned disconnects, but when it booted up, it was pretty much even odds as to whether or not it would connect). But as soon as I re-enabled security (WEP, in this case.I suppose I really should figure out how to get WPA to work, but one problem at a time >.<)The router is a Siemens SE567.
View 1 Replies
View Related
Feb 21, 2012
On a 3750 you can do a show platform port-asic stats drop command. Is there a corresponding command for 6500 chassis?
View 7 Replies
View Related
Dec 26, 2012
We have a customer who uses about 20 x c2960's switches for access layer and 2 x c3560e for distribution layer. C2960's uses C2960-LANLITEK9-M , Version 12.2(58)SE1. Everything was working fine. Now we got information, that sometimes there are problems with connectivity. Customer tries to reach internet.
SW11#sh int fa0/18
FastEthernet0/18 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.806a.4412 (bia e8ba.806a.4412)
[Code].....
View 7 Replies
View Related
Feb 21, 2012
I am seeing packets being ignored on GigabitEthernet0/0, but can't find any reason what the reason can be for that. So far calculated that about 3% of the traffic is being ignored. If it was caused by shortage of input buffers, I would expect to see increasing counters somewhere at no_buffer, but that is not the case. The average txload and rxload on the router is low all times.
#sh int g0/0GigabitEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is 0012.7f8a.8008 (bia 0012.7f8a.8008) Description: ;Link to NORISMP998 G5/2 Internet address is 151.175.19.102/30 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 2/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX output flow-control is XON, input flow-control is XON ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 8w2d Input queue: 0/75/522186/1117 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 11667000 bits/sec, 2319 packets/sec 5 minute output rate 9377000
[code]....
View 5 Replies
View Related
Mar 1, 2013
We have a 3750x 24s acting as a root switch for about 10 other 3750x's. Everything else seems fine, but the device stopped forwarding packets to the applied static route. [code]
View 3 Replies
View Related
Jul 23, 2012
router 7200 (12.2(33)SRE1)
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
[code]...
View 2 Replies
View Related
Nov 21, 2011
I have a stack of 2 C3750-switches (WS-C3750G-24TS-1U) with IPBASE-firmware (12.2(52)SE).
When I ping to a machine (in this case a virtual one), the replies are always received on the port where the machine is connected, but on the port-channel connecting to the stack of the 'pinging device' the reply comes only for certain initiators, and not for all.
Setting:
Gi1/0/6: Device/Server I want to connect too ; defined as access port
Gi1/0/25 + Gi2/0/25, as Port-Channel 1: The location of the devices I connect (read as: the uplink to the stack of the PC's), defined for Dot1Q-trunking
Monitoring setup: Source ports: Both: Gi 1/0/6, Po1 (or Po1 replaced by both interfaces)
For the machines which can ping the server I see 2 echo (ping) requests, followed by 2 echo (ping) replies ... So once seen on the Po1, and once seen on the interface Gi1/0/6.
However for other machines, the 2nd reply is missing ; which must be caused by the dropping of these packets in the switch. At least, I my opinion this must be the reason... But I can't see any (change of) output drops at int Po1, nor at Gi1/0/6. The CPU doesn't seem to have high usage, and even then, I don't think the error would be constant, as it's always failing for some PC's, and never for others... (at least for a certain time, a few hours it can be constant, the problem dissapears from time to time).
View 1 Replies
View Related
Oct 24, 2011
I have an Cisco 6500 CS and there is a Cisco Unified Communication Manger Server connected directly to the Core Switch.I tried to change duplex and speed ( fix and auto ) for both sides, but the same problem.
View 9 Replies
View Related
May 31, 2012
From everything I read it seems like DFC is for forwarding packets. When I hear packets I think of layer3. If my 6500s are just being used as a big layer2 only switch do I need a DFC? I am being told the 6500 looks at the layer 2 frame and the layer 3 patch header information before forwarding the frame. How true is this?
View 1 Replies
View Related
Oct 23, 2011
My C6500 is having relatively high CPU (no spikes, but constantly)
I'm under the impression that cef is causing this problem because alot of packets are being processed or send to/from the CPU. [code]
I did a netdr and I can see that the majority of packets going to the CPU are packets for which I have an entry in the CEF table.What can be a reason why those packets don't get hardware switches?I'm running Version 12.2(33)SXH5 - Sup720-10G.
View 4 Replies
View Related
Apr 20, 2012
I am having trouble with my Cisco SG300 switch big time. I have two servers with IP addresses 10.17.0.11 and 10.17.0.29 sitting on the same switch which is a Cisco SG300. I initiate a file transfer from 10.17.0.11 to 10.17.0.29. I could see lots of Dup Acks and retransmissions which means something is wrong in the connection. Further, I could see the session initiation a bit bizarre. I could see two SYN packets sent from 10.17.0.11 to 10.17.0.29 and also two SYN ACK packets returned by 10.17.0.29. The switch forms part of a network but since both the servers are sitting on the same switch I suppose the rest of the network doesn't come into play when one server talks to the other.
See also the number of Dup Acks and retransmissions. The two switch ports connecting the servers have speed and duplex set to auto negotiate, flow control is enabled. What could cause this sort of problem?Could it be any setting on the switch or the servers' NICs?Or could it be a bad switch that causes this?
View 4 Replies
View Related
Apr 17, 2012
i have several cisco 6500 switches, and user switched connected to them.in my example i have a global service vlan, where some access ports are directly connected on the 6500, and this vlan is also allowed on the trunks to the access switch.
now i am connected with ma laptop on a access switch, where my port is in the same vlan. when i do a show mac address-table on my access port, i can see my own mac-address, nothing else.when i start wireshark to see the traffic, all i should see is traffic from or to my MAC, or broadcasts/multicasts.
But i can see other unicast traffic with different source/destination mac than mine.It seem slike these packets get broadcasted over the whole VLAN, but its no broadcast MAC nor IP.
View 4 Replies
View Related
