the IP next hop 10.84.23.254 is cascaded on my customer LAN . At nominal time the router advertsed the route in BGP
pjnb1376#sh ip bgp nei 57.213.169.169 ad
Next Hop Metric LocPrf Weight Path
*> 10.84.22.0/23 10.84.23.254 0 32768 i
When the lan interface of the router goes down , the router still advertise the route !!! Even if the IP next hop
10.84.23.254 is not reacheable anymore ....
The box is a Cisco 1941 using
1900-universalk9-mz.SPA.151-4.M1
The problem is that that the routers are not reachable form the corporate LAN after some time. Pinging the routers IP is not working anymore. When the network cable is unplugged and plugged in again the routers are responding again. The same applies when I connect my Laptop to the router. The interface is responsive right after I connect the cable. Also other devices on the network can ping the router. But after a few hours or sometimes 1,5 day the router is unreachable form the corporate network.
The problem first started a few weeks ago. The configuration did not change. The router 878 was not responsing and after changing all the cables and conncting it to another swith the problem remained. So I suspected a hardware failure and bought a replacement 888. After configuring the 888 it showed the same behaviour as the 878 router. The DSL connection is working all the time. I can even set up a vpn connection to the router and start a telnet session. than I can ping the internap IP of the router but pinging another device is not working.
What I noticed after the command sh int vlan1 is that the last input counter keeps increasing.whats causing this or how to debug?
My company has a Cisco IAD 2400 which is handling our phones and the internet (from Service Provider). We are adding a second router, a Cisco 1921, to our network,I think I have everything set up correctly. One department is using the 192.168.2.0/27 subnet. I can ping each computer within that subnet. Also, within this subnet, I can ping the router interface at 192.168.2.1. I can ping 192.168.1.2 successfully as well. This is the interface on the 1921 that goes to the 2400. However, if I try to ping 192.168.1.1 (interface on 2400), I get "Reply From 192.168.1.236: Destination Host Unreachable" I get the same thing if I ping 8.8.8.8.Within the 1921, I can ping 192.168.1.1 and 74.125.224.72 (random google ip) successfully.
While working at a client site today, I was troubleshooting some ICMP connectivity for a network we have created.I turned on 'debug ip icmp" on the 3550 switch int he middle, and was inundated with the following debug output:
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5 Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5 Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5 Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
[code]....
This output fires several times a second, and based on how often it is firing, I am curious if it may be a culprit with respect to the fact that the client has indicated that they have some slow internet.Should the next step be to look at the workstation at 172.16.1.5?
Today one of our 9 Cisco switches a "WS-C2950S" (we also got 2 other WS-C2950S on same network) stop responding icmp ping packages. When i tried to telnet the switch its network was unreachable but i was able to see its existance from other switches by "sh cdp neig". So i decided to fix the situation on a suitable night time work, checking by console cable or even rebooting the device.
Then i started to wonder... what this could possibly be about?We have like 40 clients behind that switch and there was no communication problem during the problem.
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1 | Router | ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes ! ! Last configuration change at 05:18:56 UTC Mon Jun 25 2012 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
I have this Cisco 1941 router with two Ethernet ports g0/0 and g0/1. The g0/0 is connected to office LAN with internet access. As my office LAN is DHCP, it will assigned a IP address for g0/0 since this g0/0 is configured as "ip address dhcp". Now my question is that i have a group of 5 pcs, namely PC1, PC2, PC3, PC4 and PC5 that is connected to the switch and one of the ports of this switch is connected to g0/1 of Cisco 1941. Is it possible that let say PC2 and PC3 (both DHCP enabled) could access the internet access from g0/0 and at the same time, the office LAN assigned IP address for PC2 and PC3 automatically?
Office Lan with internet access (DHCP) (Default gateway 10.0.0.1) | | g0/0 (DHCP enable) (DHCP assigned IP address 10.0.0.138) Cisco router 1941 g0/1 | | HP Switch | PC1 PC2 PC3 PC4 PC5
Is this operation possible? if possible, how to configure inside the router 1941 to achieve this objective?
I have just set up my Cisco 1941 router to my cable internet connection. I have access to everything, but I cant login successfully into Cisco CP.
I set up a new user with level 15 privileges and a secret password. I go to login via webbrowser and I put in my credentials, but I get rejected. I have tested the username and password via the CLI, and it works fine, I just cant seam to login to Cisco CP.
I am having an issue accessing the internet from a PC on the LAN. I have configured the PC with the gateway of the router infront of the ISP to test. I can ping from the router to google or any other internet IP. From the PC I can ping to the GIG0/1 (Inside LAN IP) and the GIG0/0 (Outside WAN IP going to ISP) but I can't ping the Next Hop IP of the ISP or anything past that. If I do a trace route from the PC to the google IP address it hits the GIG0/1 Inside LAN IP Address but fails from there. Here is a cut down snap shot of the router configure
I have a Cisco 1941 router configured using Cisco Configuration Professional... SSH management works from the LAN IP 10.0.1.254 and 10.0.2.254 Also, SSH management works from the LAN using the external domain name which resolves to the public IP address.
The problem i have is if I try SSH from the internet to the public IP.. nothing happens.
cisco1941#show config Using 18498 out of 262136 bytes ! ! Last configuration change at 13:57:49 PCTime Tue Feb 14 2012 by admin
I bought a secondhand small business router (model 1941 Integrated Services Router) for personal use. It runs version IOS 15.0(1)M1 software, which seems to work well, but I'd like to download a firmware update that addresess some of the security flaws in this software. When I tried the download process it told me I need to buy a service contract first? Is this right, or am I doing something wrong?
Recently my company buy a EHWIC4ESG card and put into the cisco 1941. The reason we buy this card is because the in built two network ports of cisco 1941 are being used up. g0/1 is being connected to the internet and g0/0 is being connected to the office switch (192.168.5.x)
We have two servers (192.168.6.x and 158.55.33.x) that required to be connected to this router 1941 where the router will be configured as VPN for external user to access this server.
The EHWIC4ESG card is put into the router 1941 and after typing the "running-config" command, i could see it create a vlan 1 interface and
I have a 1941W that has a connection to my ISP (Gi0/1) and another connection to a remote lab (Gi0/0). Everything is working fine how it is setup. All my traffic from my internal networks can access the Internet and devices on the 192.168.201.0 /24 can access the Internet and the lab 10.89.0.0/16.
Now I want to have two devices (192.168.201.51 & .147) use Gi0/0 when accessing host 63.85.190.67. There is no route to this subnet since it reside in the remote lab. Here is what I have right now. How would I setup a PBR to have those two host use Gi0/0 when accessing 63.85.190.67
interface Vlan192 ip address 192.168.201.1 255.255.255.0 ip nat inside ip virtual-reassembly (code)
I have a new cisco 1941 router that I am setting up with pxe-booting. I have never setup pxebooting before and i have this setup so far ip dhcp pool Admin
-option 66 ip 192.168.1.4 -option 67 ascii pxelinux.0
and i can pull an ip but it keeps getting hung up when it comes to the TFTP part.
I have a Cisco router 1941 connected to a switch. I'm configuring the w LAN- AP and i need to have the wireless devices have an ip in the same range of the wired devices.Since i cant use the same ip range on the gig0/1 and the V LAN 1 for the wireless, i wanted to know how to config the giga0/1 connected to the switch to act as a layer 2 port and i keep the ip on the v LAN 1.
I have a 1941 integrated services router that will not keep the configs. After several atempts of saving running config to the startup config, then rebooting the device. I am having to reload the configs manually from TFTP because they are gone. I have also tryed the "wr" command to see. Is there a proper way to shutdown this particular type of router?
I have a cisco router 1941 and i have uploaded before evaluation license , now i have already bought cisco security license .I have already installed on cisco router , but the problem the router is still using the evaluation license not the new license .
What is the procedure to reset a 1941 router to factory defaults? I just recieved my1 1941 router. I connected it up to my Mac using USB. I got loged in using the cisco/cisco login and it said it will only work once and that I should create a new account. So I entered the command as directed on the screen and it gave my an error about the command. I verified it three times and each time it rejected. While I was looking online for an answer the connection timed out and now I can't get back in.
I decided recently to switch out our border router (1841 12.4 advsecurity) with a shiny new 1941 (15.2 SEC/K9) as the CPU upgrade was needed.The core below acts as a VPN end point to various other remote offices we have, all of which have a similar network design at each end (and all entirely managed by me). All of these are still running 1841's with 12.4 advsecurity on them as well. These are all GRE tunnels with ipsec procection on them (not crypto maps). [code]
Everything else works fine (NAT, route-maps etc), it's just these IPSEC/isakmp tunnels that are not playing ballIt's definitely not an ARP issue (all arps were cleared) and ICMP appears to work fine (ie, I can ping the remote tunnel's public IP endpoint from the core using the loopback for that tunnel as the source). I am suspecting it's something strange with the stateful firewall config, but I did try and apply ipsec and isakmp-msft to the ip inspect list, with no success.
I don't have access to my config at the moment and I haven't had a chance to get to the console of this router as of yet.A little background info:This is a Cisco 1941 router in which I have multiple NAT inside interfaces for internal VLANs. Before my current problem I was using one NAT outside interface for Internet access with another NAT outside connecting to our corporate network that was in a shutdown state.The router is performing router on a stick and had layer 3 subinterfaces for each VLAN. I have ACLs filtering on each subinterfaces allowing only the traffic I need through.I also currently only have one static NAT port for an FTP server.The time finally came when I had to connect our corporate network to this router via an access port on a 2950 which trunks to the router.The problem comes when I send any traffic to the subinterfaces on the corporate network which is the second NAT outside interface on the router. The main point for this connection is to do a static NAT from this interface to a web server on another VLAN. Any traffic to this interface including just pinging from the outside causes connection to the router to fail for about 3-4 min.Like I said I haven't ha the chance to get to the console yet Sony cant tell everything that happens. Nothing shows up in the logs after I can get connection back and the router didn't reboot as a "show version" says the router has been up for a long time.The CPU is also usually very low as not that much traffic flows through this router at a time.I built a very similar network in packet tracer and it works just fine.
Router 1941 is installed with additional 4 Gig-interfaces card; we have 4 ADSL Router with 4 MB connections. I need to connect all the ADSL connection to the router 4 port and combine them into 16 MB, is there any way to combine 4 Gig interfaces?
Here is my current config, how to enable and setup NVI on a cisco 1941 router.i think it would fix my issue but i'm unclear on how to implement it to test.
i would like to be able to access an internal server from an outside address.
I have an IPSec tunnel configured on my Cisco 1941. The other device is an ZyXEL router.I can see the tunnel is up but there is no traffic.This comes out the show crypto ipsec sa
interface: Dialer1 Crypto map tag: CMAP_AVW, local addr 10.10.10.89 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0) current_peer 20.20.20.161 port 500
I have a 1941 router tt needs to be setup with the range of WAN ip addresses ip nat inside outside don't allow me to use it..How can i configure on the router to ensure from outside i'm able to access to firewall (129.2.1.2) ?
We have a Cisco 1941 with the 8 port EHWIC (with 8 layer 2 gig ports). We are trying to do something very basic .We need to set up 2 VLANs (vlan 10 & vlan 20) to connect to 2 networks - Server & Users.The Internet connection (via a comcast modem) is connected to the G0/0 port of the 1941 and it just gets a DHCP address.
I'm setting up a lot of small remote sites that are only reachable via VHF ethernet radios that operate at 32k. I'm going to be using 2 of these radios shooting to two seperate base station radios to provide diversity. I'm going to have a Cisco 1941 sitting between the two radios and the way I have it configured now is to only use one radio and the second is only sitting there in case the primary fails. I was thinking though that I could load balance them to give a little more throughput. The devices at these sites are really low speed but we like to use snmp to monitor everything that is ethernet so I wanted to give as much bandwidth as I can.
Will load balancing work in this situation? What would the basic configuration be? This is all internal to our network so there are no ISPs to deal with. We're using C1900-UNIVERSALK9-M IOS will that work or will I need to change that?
I have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
I'm trying to upgrade NBAR protocol pack on my Cisco 1941 router, so i downloaded new NABR protocol pack (version 4.0.0) and transferred it into router flash via tftp. When i try to apply new protocol pack with command : ip nbar protocol-pack flash:[protocol-pack-name]
i got this error : % NBAR Error : Advanced Protocol Pack can not be loaded on top of Standard Protocol Pack
The router is running IPBASE IOS with Security License, IOS image is c1900-universalk9-mz.SPA.153-1.T.bin. Does NBAR2 packages works on IO BASE images?
