Cisco Switching/Routing :: 1921 To Replace A Software Firewall
Feb 26, 2013
We purchased a cisco 1921 router to replace a software firwall not long ago. The router was sold as a firewall with the suggestion that an ASA would be unnecessary.Unfortunately a router does not replace/do the jobs a firewall does, so I looked online and noticed that Cisco do offer firweall security features in one of their IOS.How do I tell if this is implemented on my router?If not, does my IOS support this, or do I need to buy an extension/another version of the IOS?,The version of the IOS I have is: c1900-universalk9-mz.SPA.151-4.M4.bin.
We want to puchase new Cisco ISR 1921/K9 . i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 172.16.1.2timeout 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability delay down 1 up 1 ! track 20 rtr 2 reachability delay down 1 up 1 ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
Im asking above question because we will need to enable ip-sla on the mentioned router. as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base support only IP-SLA RESPONDER feature nothing else. If Cisco-921/K9 does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ?
I have a 1921 K9 with a 4 port 10/100/1000 EHWIC switch.
Interface 0/1 = 192.168.1.0 EHWIC = 192.168.5.0
I have Active Directory setup on the 192.168.1.0 network. When I attempt to join the domain from 192.168.5.0 it joins but I get errors. After some troubleshooting using portqry I have found that the services related to class map DomainTrafficUDP are being reported by portqry as being filtered regardless of policy map settings (currently set to allow).
Building configuration...
Current configuration : 18833 bytes ! ! Last configuration change at 11:20:25 NewYork Thu Apr 19 2012 by dave ! NVRAM config last updated at 13:56:45 NewYork Wed Apr 18 2012 by dave !
I have a Cisco 1921 to replace our current router which is constantly freezing. We have a couple inside servers, one is a web server and application server which needs to be RDP'd to by a couple of clients outside of our network. I cannot get this to work no matter what. I know it's not the server's setup as when I plug the network back into the old router, it works just fine.
All clients have access to the internet, and I can successfully ping/resolve hosts from both the router and a client computer connected. I cannot, however, rdp using neither our public IP, nor our hostname. The hostname does resolve to our ISP assigned IP, but the server cannot be contacted, leading me to belive this is a NAT issue. [code]
We have 2 x Nortel 8600s (now Avaya) that are 6-7 years old. They have 96 1GB ports on each and we only use about 30 and the CPU average is around 2% and memory is 40% (256mb). Going into 8600s we have 8 x Nortel 5520 48port gig switches.
We want to replace the 8600s at some point and I wondered roughly what Cisco device would possible suit us. We are not after the best high end switches that we will never utilise, but ones that will aid us grow for the next 5 years.
I have problem with the standby supervisor in 6500 vss and need to replace the supervisor. I have follow how-to on the cisco web site url...
But when i boot the new standby sup720 it comes active and both supervisors is rebooting. I wonder if i can do the replacement without rebooting both active and standy supervisor.
I am replacing our 2 3750s which are in a stack and are running in VTP server mode for the domain with 2 new 3750Gs. There are 4 trunks to other switches which bare in client mode and 2 trunks to 2 ASAs which are in active/standby mode (one in each switch). Anyway what will happen to the VTP clients when I replace the stack as the revision number will be 1 on the server? The clients will ignore any VTP updates from the server ?
I have been tasked to replace a failed sup on a 6500 Sup32 running IOS. Now, the primary sup doesnt have a compact flash. I don't have any CF on me. The replacement sup i received also doesnt have a CF.From the cisco website it says that the moment I insert the secondary sup into the chassis. it will automatically download the IOS and boot details from the primary to the secondary sup.
I urgently want to replace a faulty line card WS-X6748-SFP with a new one. The switch concern is a 5609-V-E operating in Virtual Switching System mode.How long do you suggest the down time will be?
I want to replace an existing 3560 Switch with another switch of the same exact model and IOS. However, this switch that needs to be replaced is the VTP Server of my LAN at this location. When I replace the switch I will just use the same exact running config but I'm concerned about the vlan.dat file. Do I need to copy that file over to the new replacement switch and if so, what is the best way to do that?
I have a 2651 that has an adsl1-wic that I am using as my DSL router. I recently acquired a 2801 that I want to replace the 2651 with. I configured the 2801 the same way as the 2651 but on a reload I get the statement that says
Setup: New interface NVIO placed in shutdown state
When I do a show interface all of the interfaces show up except the NVIO and I don't have any connectivity to the outside world. I am using Nat since I have a /29 and using nat pool overload. What am I missing? I am running IPVOICEK9-M 12.4.25c on the 2651 and adventerprise 12.4.24.T on the 2801
We currently have a WS-C6506 chassis with a line-card WS-X6408A-GBIC. Currently we need to replace the chassis by a Ws-6504-E and also the line-card. My question is: What must buy line-card and meets the same specifications of WS-X6408A-GBIC?.
I have two like switches in a stack (WS-C3750G-48PS 15.0(1)SE2 C3750-IPBASEK9-M). Switch#1 is the master and is the one that needs to be replaced. Can I force Switch #2 to be the master, then power down switch#1, remove switch#1, insert the replacement, and then power on the newly added switch without shutting down or rebooting switch#2?
I have a stack of 2960S (c2960s-universalk9-mz.122-55.SE2.bin) and the master has failed (used to have a priority of 14). The second switch has become master (priority 1) as can be seen below: [code]
If I connect a new blank 2960S (same IOS) through the stack ports, will the master sync its config to the new one without causing problems?As I understand the new blank switch will also have a priority of 1 and will by default be numbered as 1. So if the config is correctly synced and I later on want to make switch 1 the master, I need to set the priority: [code]
I have a question. I have a 6500 with two supervosrs and they both have CATOS. One of them failed and I need to replace. As long as the hardware is the same does the CATOS have to be indentical or can this be different.
we have Supervisor Engine 720 10GE (VS-S720-10G) in slot 5 on Catalyst 6509-E. Slot 6 is free. We need to replace VS-S720-10G. Is it possible the following scenario
1. we will insert new VS-S720-10G into the slot 6 2. then we will remove the faulty VS-S720-10G from the slot 5
Will everything work without interuptions. Is any document where I can find step-by-step procedure how to replace VS-S720-10G ?
I need to replace a faulty fan unit on the catos WS-6509 switch. this Catos switch does not support show inventory so any other catos commands which will show me this part id?
I have the following config using a Cisco 1921. I am trying to get devices on the the native VLAN to get internet access via the gateway x.x.x.73.Any thing being routed from the other Vlans 15/20/30 can get access, but nothing from an internal IP address. Is there something I am missing.
The Xs replace the same 3 octets for each interface.I am trying to route from VLANs 15/20/30 to see VLAN 5. I have tried a few things, in terms of adding extra ip routes, but can't get anything to work. Each of those Vlans have another router on the other side of them, which I have also tried adding ip routes too, but nothing. One of the routers (Vlan15 is a Draytek 2830). [code]
I will be installing two Cisco 1921 Routers to connnect a T1 between two offices. We are changing out our current AdTran routers as we would like to bridge three VLAN's across the T1 link. I followed the instructions at (URL) shtml to the best of my ability and my two Gigabit Ethernet ports are tied into a bridged virtual interface (BVI1). I then assigned a IP to BVI1 and another to my Serial0/0/0 then made a route to get to the other side of the T1 and a defualt route out our proxy. What I want to do now is setup QoS to make sure my voice data gets priority.
I setup a QoS ACL called "Voice" with the TCP and UDP source and destination ports that our phone system uses. I then setup a QoS policy on the Serial0/0/0 outgoing interface called "VoiceTraffic" and under the "match" list I match DSCP 46 or my "Voice" access rule. For the action I turned on "Queuing" and set it up for LLQ at 50%. Does this sound about right? Is there anything els eI can setup? I tried ot setup something else on the ethernet side but because they have the BVI I can't. I read some article sin this forum that said I could still apply QoS to the GigabitEthernet ports even if they are in the bridge group but it doens't let me do that.
I am setting up a new 1921 for a public library and I am running into a problem and I bet I am missing something simple. All the internal stuff works and I can ping the outside IP on the 1921 but can't go any further to the internet. The 1921 has the 2 gig ethernet ports, 0/0 is connected to a DSL getting DHCP settings fine from the DSL modem. The other gig ethernet port 0/1 is running the inside network and its function fine, I have a server on it and other clients and they can ping and get dhcp settings etc.I've pasted the config output below and IP addresses of the main actors. [code]
I have already ordered a Cisco ISR 1921/K9. but as i read on Cisco website, it is written that Cisco 1921/K9 only support (IP SLA Responder) feature.
I don't know actually what is sla- responder. but our requirement is we will connect that Router 1921/K9 into 2-ISP links and i want to enable IP- SLA probes on that router so that it can track both the routes into those isp links. so my question is does CISCO 1921/K9 have the support for what i need ?How about Cisco 1921-SEC/K9 ?
I need to set up a L2 llink between my LAN and this 1921 router. I though IRB would do it but its not working yet. Here is the topology- I dont want to see another hop on this 1921 rtr so I hope I can just trunk it or something with IRB. Not working.
I have recently configured a cisco 1921 router for internal routing on my network. Here is what i am trying to accomplish:
Main network 10.65.1.0 mask 255.255.255.0- all office devies and computers. Second network 10.65.2.0 mask 255.255.255.0 - All plant equipment machinery and production lines
i have configure gig 0/0 for my company network and gig 0/1 for my plant network. I can ping the router from both networks but am unable to route traffic betwenn them. what am i missing?
Im having some major issues with my new setup. I have a Cisco Router (1921ISR) that is connected to the internet through a t1. In addition to that is another cable modem. Each of these are connected to my firebox through an external interface.My router is on the 10.1.10.X network. My internal network is 192.168.1.X I have several NAT statements on my router pointing to 10.1.10.X addresses. These addresses are defined on my firebox as seconday external addresses and I am SNAT'ing them to 192.168.1.X addresses on my local LAN.This is mostly working well for everything. However, there is an FTP I am connecting to through the a VPN on the cisco that will not connect. The source is a 192.168.1.X address.
The Cisco 1921 router has two routed adapters. One is GE0/0 which I am using for my WAN interface. It is working properly. The 2nd interface is GE0/1 which is being used as my internal adapter. It is running NAT. When I attempt to reach the internet it fails while checking the exit interface. Here is the report.
AttributeValueRouter ModelCISCO1921/K9Image Namec1900-universalk9-mz.SPA.151-3.T.binIOS Version15.1(3)THostnameBulldog Interface Details AttributeValueInterfaceGigabitEthernet0/1IP address192.168.1.1DescriptionNOC Link Test Activity Summary
I am trying to decipher the differences between the two models of the 1921 router. One has an IP Base IOS and the other has a Security IOS. I have an ASA so I don't think I need all the Security IOS bells and whistles on an internal router. Although, does the IP Base IOS allow for trunking and sub interfaces? I definitely need that and on CDW's website it says that the 1921-Sec/K9 w/ Security IOS includes 802.1Q and that spec is not listed on the 1921/K9 IP Base IOS model.
We recently got a 1921 for our main office and we have a dedicated 15/15 connection. We're running on an 1871 right now that is not under my control so I can't even see it's running config. OK! So when I set my gateway to be the 1871, we can get our upload to over 6mbit (we have 8 branches, so won't ever get full 15 since they're using it too). With the gateway set as the 1921, it seems like we're stuck at 1.5. I haven't seen it go higher than that. I've looked over the config but can't see anything that would imply some kind of bandwidth limit but I have copied the config here.
Building configuration...
Current configuration : 6688 bytes ! ! Last configuration change at 10:59:47 PCTime Thu Nov 29 2012 by admin ! NVRAM config last updated at 10:04:31 PCTime Thu Nov 29 2012 by admin ! NVRAM config last updated at 10:04:31 PCTime Thu Nov 29 2012 by admin version 15.1
I bought a cisco router last week. The reseller said it is a brand new one. However, when I try to set it with console cable connecting to PC, the default password does not work. I tried to use control+break to get access to rommon for password recovery. The tera term pro displayed nothing at all! In thin case, what should I do to setup the router? Dose the reset button in the back work to restore the router to factory setting(which means i can use default username and password)?
