Cisco Switching/Routing :: 1941/K9 - Temp Sec License / How To Manage Firewall
Dec 9, 2011
I have a Cisco 1941 router... ipbasek9. I want to use this at home for my primar LAN->WAN interface. So i need the Security license enabled.I have enabled the Security temp/eval license but can not find a way to manage it.I have tried downloading the Cisco Configuation Assitant, but this errors with "Unsupported Device type"
License output and config outbout below (no WAN interface on 10.0.x is just internal testing WAN IP. This device is not yet directly connected to the internet.
cisco1941#show lic
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
I have a cisco router 1941 and i have uploaded before evaluation license , now i have already bought cisco security license .I have already installed on cisco router , but the problem the router is still using the evaluation license not the new license .
I currently purchased, Cisco 1941/K9 with 2 onboard GE, 2 EHWIC slots, 1 ISM slot, 256MB CF default, 512MB DRAM default, IP Base.
Questions
1. With IP Base License, will I be able to run Frame Relay? I really need reference on what works and what doesn't between these different technology package licenses ? Actually frame relay is running on it right now, hope it doesn't suddenly stop after 60 days...
2. As I understand in order to run MPLS, I will need to upgrade to Data License "SL-19-DATA-K9". Since, I already have a Cisco 1941 to upgrade it, I need to order a spare license / paper PAK?
3. Does the IP Base License support site to site IPSEC VPN or do I need to purchase a security license "SL-19-SEC-K9"
4. Can I have both security and data license activated on the same device ?
5. If I do activate security or data license will I be able to use the IP Base features at the same time?
6. If I purchase a new Cisco 1941 with Data or Security License do I need to purchase the IP Base License then upgrade the license?
7. Is the 1941 suited for voice application routing ?
I have recently purchased 2 x 1941 routers with 2 L-SL-19-SEC-K9= and 2 L-FL-SSLVPN10-K9= licenses. I've installed the licenses through Cisco Configuration Pro ver 2.5 and installation did not generate any errors. After saving config and reloading the device, on the License dashboard, the deploy status for the SSL VPN is "Not deployed" and I have no way of deploying it. The state also says "Active, Not in use". I have tried reinstalling the license via command line but get error "license duplicate - already installed" suggesting the installation was OK. The sec license deployed without any issues. Is there any way to manually deploy this SSL_VPN license?
I have 1941, 2901 ISR routers. I will use 3G backup when primary link (metro ethernet / G.SHDSL) goes down. Do I have to use Data License (SL-19-DATA-K9 / SL-29-DATA-K9) in order to switch back to 3G when primary link is not reachable) ?
Within our small lan we have a core 3750, that handles our intervlan routing and is the core of the network. I recently looked into multicasting and set up a lab test with a 3550 with an EMI image and got the config to multicast to all vlans from one vlan, ready to go, at which point I found that our 3750 is IPBASE and doesn’t support multicasting. Currently upgrading the switch or image is not an option due to funding. My question is would it be possible and advisable to install our lab 3550 as a leg off the core, and in some way route multicasting traffic through that?I just cant get my head around the concept of having a core switch essentially routing all vlans, and then having another switch route the same vlan traffic again for multicasting to all the vlans again.
My understanding is that even layer 2 switches like the Cisco 3500XL can have 1 IP address for management. However, I cannot seem to figure out how to configure it to get it working in a router on a stick setup. I can manage the router through SSH, but I cannot SSH to the switch.
I have a client whom has asked me to enable web management on some of his 2960 switches. I did not think this was going to be an issue, and so I told the customer I would set this up for him.
Much to my dismay, I have been able to get http and https enabled, and then authenticating locally for the HTTP access. I then come to the screen once authenticated which is shown below:
The issue is that when I select "Web Console", it gives me a "Web Page Cannot be found".
I have three 4506 switches with vlan 4 set as the management vlan. Switch 1 is connected to switch 2 and switch 3.
I can access switch 1 and 2 using telnet from the management vlan and both switches reply to pings. But from switch 1 or 2 I cannot ping or telnet switch 3. If I plug into switch 3 and I can ping and telnet switch 3 but not switches 1 or 2.
It is as if the management vlan 4 is not being passed to/from switch 1 and 3. The configs for the uplinks from switch 1 to 2 and 3 are the same. And the configs for switches 2 and 3 look the same apart from the port settings.
I have over 40 vlans running all that work fine between all the switches.
1. How I can manage those devices, the Switch and the router? What is the BEST SOLUTION to manage this devices?
2. I want to monitor the traffic on this environment, how I can do it? How I can monitor the traffic from customer A, Customer B, and my own LAN traffic, in terms of bandwidth that has passed throught my devices? Is it possible to monitor on MY LAN, or I have to monitor from the EXTERNAL switch?
3. How I can limit the bandwidth? I was trying to configure it using access list, with policy-map, etc....and limit this on each interface. [code]
The interface does not support the specified policy configuration and/or parameter values.Assigning a policy map to the output side of an interface not supported.With I few reading, I could see that the SWITCH 3750 doesnt support this configs.My INTERNET LINK is 30 Mbps, the ports on the Switch (WS-C3750X-48P-L) are Gigabit Ethernet.How I can limit the bandwidth here? For example, How I can limit a interface to 3Mbps..I was thinking about this:
- Limit the interface to 10Mbps: speed 10
- and limit the interface with 30% of this speed: srr-queue bandwidth limit 30
Does this work for both UPLOAD and DOWNLOAD?When the packets passes that 3Mbps limitation, will they be droped?
For my Lan, I have created two Vlan; Vlan 10 = for Users and Vlan 20 = For Database Servers,There are 15 Lan computer/laptop and 5 SQL database server (Dell Server) connected through same 24 port cisco 2960 switch. Means, 15 + 5 port occupied.
I have applied access list on cisco switch to restrict communication between vlan 10 and vlan 20.But My main purpose to create two Vlan is not for any kind of communication or restriction. My main Purpose is that Users traffic do not distrub or choke or affect the Database servers. then what will i need to do for that is VLAN Concept is sufficient for my concern OR I will need to buy seperate Cisco Switch to connect 5 database servers OR Else ?
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1 | Router | ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes ! ! Last configuration change at 05:18:56 UTC Mon Jun 25 2012 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
I have this Cisco 1941 router with two Ethernet ports g0/0 and g0/1. The g0/0 is connected to office LAN with internet access. As my office LAN is DHCP, it will assigned a IP address for g0/0 since this g0/0 is configured as "ip address dhcp". Now my question is that i have a group of 5 pcs, namely PC1, PC2, PC3, PC4 and PC5 that is connected to the switch and one of the ports of this switch is connected to g0/1 of Cisco 1941. Is it possible that let say PC2 and PC3 (both DHCP enabled) could access the internet access from g0/0 and at the same time, the office LAN assigned IP address for PC2 and PC3 automatically?
Office Lan with internet access (DHCP) (Default gateway 10.0.0.1) | | g0/0 (DHCP enable) (DHCP assigned IP address 10.0.0.138) Cisco router 1941 g0/1 | | HP Switch | PC1 PC2 PC3 PC4 PC5
Is this operation possible? if possible, how to configure inside the router 1941 to achieve this objective?
I have just set up my Cisco 1941 router to my cable internet connection. I have access to everything, but I cant login successfully into Cisco CP.
I set up a new user with level 15 privileges and a secret password. I go to login via webbrowser and I put in my credentials, but I get rejected. I have tested the username and password via the CLI, and it works fine, I just cant seam to login to Cisco CP.
the IP next hop 10.84.23.254 is cascaded on my customer LAN . At nominal time the router advertsed the route in BGP
pjnb1376#sh ip bgp nei 57.213.169.169 ad Next Hop Metric LocPrf Weight Path *> 10.84.22.0/23 10.84.23.254 0 32768 i
When the lan interface of the router goes down , the router still advertise the route !!! Even if the IP next hop 10.84.23.254 is not reacheable anymore ....
The box is a Cisco 1941 using 1900-universalk9-mz.SPA.151-4.M1
I am having an issue accessing the internet from a PC on the LAN. I have configured the PC with the gateway of the router infront of the ISP to test. I can ping from the router to google or any other internet IP. From the PC I can ping to the GIG0/1 (Inside LAN IP) and the GIG0/0 (Outside WAN IP going to ISP) but I can't ping the Next Hop IP of the ISP or anything past that. If I do a trace route from the PC to the google IP address it hits the GIG0/1 Inside LAN IP Address but fails from there. Here is a cut down snap shot of the router configure
I have a Cisco 1941 router configured using Cisco Configuration Professional... SSH management works from the LAN IP 10.0.1.254 and 10.0.2.254 Also, SSH management works from the LAN using the external domain name which resolves to the public IP address.
The problem i have is if I try SSH from the internet to the public IP.. nothing happens.
cisco1941#show config Using 18498 out of 262136 bytes ! ! Last configuration change at 13:57:49 PCTime Tue Feb 14 2012 by admin
I bought a secondhand small business router (model 1941 Integrated Services Router) for personal use. It runs version IOS 15.0(1)M1 software, which seems to work well, but I'd like to download a firmware update that addresess some of the security flaws in this software. When I tried the download process it told me I need to buy a service contract first? Is this right, or am I doing something wrong?
Recently my company buy a EHWIC4ESG card and put into the cisco 1941. The reason we buy this card is because the in built two network ports of cisco 1941 are being used up. g0/1 is being connected to the internet and g0/0 is being connected to the office switch (192.168.5.x)
We have two servers (192.168.6.x and 158.55.33.x) that required to be connected to this router 1941 where the router will be configured as VPN for external user to access this server.
The EHWIC4ESG card is put into the router 1941 and after typing the "running-config" command, i could see it create a vlan 1 interface and
I have a 1941W that has a connection to my ISP (Gi0/1) and another connection to a remote lab (Gi0/0). Everything is working fine how it is setup. All my traffic from my internal networks can access the Internet and devices on the 192.168.201.0 /24 can access the Internet and the lab 10.89.0.0/16.
Now I want to have two devices (192.168.201.51 & .147) use Gi0/0 when accessing host 63.85.190.67. There is no route to this subnet since it reside in the remote lab. Here is what I have right now. How would I setup a PBR to have those two host use Gi0/0 when accessing 63.85.190.67
interface Vlan192 ip address 192.168.201.1 255.255.255.0 ip nat inside ip virtual-reassembly (code)
I have a new cisco 1941 router that I am setting up with pxe-booting. I have never setup pxebooting before and i have this setup so far ip dhcp pool Admin
-option 66 ip 192.168.1.4 -option 67 ascii pxelinux.0
and i can pull an ip but it keeps getting hung up when it comes to the TFTP part.
I have a Cisco router 1941 connected to a switch. I'm configuring the w LAN- AP and i need to have the wireless devices have an ip in the same range of the wired devices.Since i cant use the same ip range on the gig0/1 and the V LAN 1 for the wireless, i wanted to know how to config the giga0/1 connected to the switch to act as a layer 2 port and i keep the ip on the v LAN 1.
I have a 1941 integrated services router that will not keep the configs. After several atempts of saving running config to the startup config, then rebooting the device. I am having to reload the configs manually from TFTP because they are gone. I have also tryed the "wr" command to see. Is there a proper way to shutdown this particular type of router?
What is the procedure to reset a 1941 router to factory defaults? I just recieved my1 1941 router. I connected it up to my Mac using USB. I got loged in using the cisco/cisco login and it said it will only work once and that I should create a new account. So I entered the command as directed on the screen and it gave my an error about the command. I verified it three times and each time it rejected. While I was looking online for an answer the connection timed out and now I can't get back in.
I decided recently to switch out our border router (1841 12.4 advsecurity) with a shiny new 1941 (15.2 SEC/K9) as the CPU upgrade was needed.The core below acts as a VPN end point to various other remote offices we have, all of which have a similar network design at each end (and all entirely managed by me). All of these are still running 1841's with 12.4 advsecurity on them as well. These are all GRE tunnels with ipsec procection on them (not crypto maps). [code]
Everything else works fine (NAT, route-maps etc), it's just these IPSEC/isakmp tunnels that are not playing ballIt's definitely not an ARP issue (all arps were cleared) and ICMP appears to work fine (ie, I can ping the remote tunnel's public IP endpoint from the core using the loopback for that tunnel as the source). I am suspecting it's something strange with the stateful firewall config, but I did try and apply ipsec and isakmp-msft to the ip inspect list, with no success.
I don't have access to my config at the moment and I haven't had a chance to get to the console of this router as of yet.A little background info:This is a Cisco 1941 router in which I have multiple NAT inside interfaces for internal VLANs. Before my current problem I was using one NAT outside interface for Internet access with another NAT outside connecting to our corporate network that was in a shutdown state.The router is performing router on a stick and had layer 3 subinterfaces for each VLAN. I have ACLs filtering on each subinterfaces allowing only the traffic I need through.I also currently only have one static NAT port for an FTP server.The time finally came when I had to connect our corporate network to this router via an access port on a 2950 which trunks to the router.The problem comes when I send any traffic to the subinterfaces on the corporate network which is the second NAT outside interface on the router. The main point for this connection is to do a static NAT from this interface to a web server on another VLAN. Any traffic to this interface including just pinging from the outside causes connection to the router to fail for about 3-4 min.Like I said I haven't ha the chance to get to the console yet Sony cant tell everything that happens. Nothing shows up in the logs after I can get connection back and the router didn't reboot as a "show version" says the router has been up for a long time.The CPU is also usually very low as not that much traffic flows through this router at a time.I built a very similar network in packet tracer and it works just fine.
Router 1941 is installed with additional 4 Gig-interfaces card; we have 4 ADSL Router with 4 MB connections. I need to connect all the ADSL connection to the router 4 port and combine them into 16 MB, is there any way to combine 4 Gig interfaces?
