Cisco Switching/Routing :: 2800 Router Physical And Sub Interface
Oct 25, 2012
I have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Current Config:-
Router 1:-
interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt
Router 2:-
interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP
Router 1:-
interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100
[ code]...
Router 2:-
interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100
[Code]...
View 3 Replies
ADVERTISEMENT
Dec 9, 2012
vlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
View 5 Replies
View Related
Jan 12, 2012
how to configure this. I did it in the past but kind of forgot how I did it.I have a stacked 3750 (two physical switches) connecting to a 2960.
I am creating trunk ports with limited access to VLAN 300, 600, and 700.
There is two interfaces connected from the 3750's(one on each physical stack member) to the 2960.I have the physical interfaces configured exactly the same.
3750 Config:
interface Port-channel2
!
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1, 300,600,700
switchport mode trunk
speed 100
[code]....
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
View 7 Replies
View Related
Apr 5, 2011
I have five 877 routers connected to ADSL circuits provided by Vodafone. Each has a VPN tunnel back to a PIX.
Occasionally one of the sites will lose it's connection to the PIX.
When we check the log, we find entries like these:-
Apr 5 01:31:54.085 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to downApr 5 01:33:19.344 UTC: %CRYPTO-
[Code].....
As you can see, the physical interface (ATM0) is not being reported as changing state to down, neither is the Dialer interface.
When the router is in this state we have to SSL to the public IP address of it and manually restart the ISAKMP SA.
When the router sees the ATM interface go down and subsequently come back up, the VPN connection to the PIX also recovers.
So - in a long winded way I think I'm asking....why does the Virtual interface go down and is there anything I can do to stop it happening?
View 3 Replies
View Related
Oct 16, 2012
Needing to upgrade IOS on 2800 router from c2800nm-advipservicesk9-mz.123-14.T7.bin to c2800nm-advipservicesk9-mz.124-15.T13.bin. I noticed ther are several other files on the old code that may needed for booting up router but Im running low on memory. The other existing files are ;
c2800nm-advsecurityk9-mz.124-3i.bin
securedesktop-ios-3.1.1.45-k9.pkg
sslclient-win-1.1.4.176.pkg
Do I need these files for the upgrade or can i delete them when upgrading to 124-15.T13.bin. ?
View 5 Replies
View Related
May 22, 2013
I have Router 2800 series Global nating is configured on it.
ip nat inside source list 111 interface Dialer1 overload
!
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
My object is that i want give internet access only for few users ip E.g IPs addresses from range 192.168.1.0-10 can acess intenet access other all are deny.How i do this with ACL .
View 2 Replies
View Related
Aug 19, 2012
I have 2800 series router which is directly connected to ISP. How can secure the router from outside access; I am totally new to the security concepts.
View 2 Replies
View Related
Jan 1, 2013
we have a 2800 series router functioning as our internet router and it will only forward packets to addresses with host entries in the routing table even if the network is directly connected.
View 18 Replies
View Related
Aug 16, 2012
I am trying to add WCCP to be configured for websense. My first option seems to be either purchase an IPServices license for the stack of 3750E switches, but i am thinking this will require us to license all three switches in the stack. The second option i am looking at is to do the WCCP configuration on the 2800 router we have on the edge. The problem is both Gig ports are in use, one going to the firewall and the second going to the ISP. My first question would be, which option is better in terms of manging as well as cost of implementing it.The second question is, if WCCP on the router is a better option, what is the add on module i should be looking to get to add the additional ports to hook up the Websense cache.
View 8 Replies
View Related
May 12, 2012
I got a Cisco 2800 router and am planning to use FastEthernet 0/1 to trunk in 802.11Q VLAN's to cater for some of our radio links. speed and operation of the sub-interface that will be created. Or explain it here. We got a radio link that we want to trunk into this Cisco 2800 and it is suppose to be connecting at 100Mbps but currently operating at around 80Mbps. Reports shows that the max in and out traffic for this link this year till today is 25Mbps. Will it not fail teh CPU etc ?
interface FastEthernet0/1
no ip address
!
[Code]....
View 11 Replies
View Related
Feb 19, 2013
I wan to migrate from a router 2800 to L3 switch 3750G , the thing is that we have several vlans and we use a router sometimes with each interface configure with correspoinding vlan subnet ip to route traffic between vlans there is no static or dynamic routing only directly connected interfaces on router routing traffic to each other ?How would i configure a L3 switch interface for simillar functionality , below is my current router configuration
!
ip domain name yourdomain.com
multilink bundle-name authenticated
!
vtp mode transparent
[code]...
View 15 Replies
View Related
Jan 20, 2012
I have setup DMVPN and EAZYVPN on one router. Tunnel interface on Spoke one and Spoke two are up/up and show crypto ISakmp sa shows both tunnels are in idle. However, tunnel to Spoke one(10.10.1.1) keep bouncing on and off(see below). Every 30 sec or so, the tunnel gone back to IKE phase while tunnel for spoke two(5.5.5.1) still leave active. THe configuration on the HUB side is the same for both spoke!! show crypto ipsec sec shows both side has the same life time(IOS default). Could that be an IOS debug on the spoke one?
Hub :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(3)T2, RELEASE SOFTWARE (fc1)
HUB#sh crypto ipsec security-association
Security association lifetime: 4608000 kilobytes/3600 seconds
Spoke one:
Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M), Version 12.4(8), RELEASE SOFTWARE (fc1)
[code]....
View 1 Replies
View Related
Mar 25, 2012
We have recently implemented Windows Deployment Services on our local network, but everytime we do a multicast image deployment the network get flooded to point of total saturation.
We have Netgear switches and a Cisco 2800 series router. IGMP Snooping has been enabled on all Switches, however, we are unsure on how to implement multicasting on the router.
The whole network is flat - no VLANs over than the default VLAN1. We only want multicasting to work within our local network and does not need to go out the other side of the router as that is the connection to the internet.
How to get the Cisco router configured properly to enable multicasting to not flood the network. It seems that even if we were to image 4 PCs using multicast this is enough to completely get the network flooded.
Also, am I right in thinking that IGMP needs to be enabled on all of the Switches?
View 5 Replies
View Related
Nov 15, 2011
I just read the Removing and Installing CompactFlash Memory Cards in Cisco 2800 Series Routers instructions and there was nothing said regading powering down the router. Are these CompactFlash cards hot swappable??
View 2 Replies
View Related
Jul 14, 2008
what is the best configuration betwen vmware ESX server with 10 Physical NIC card and cisco 6500 , This ESX Server host 12 vm with VLAN 100,150.200
View 10 Replies
View Related
Nov 13, 2012
Firewall: ASA 5510
Switch: Linksys SRW2048
Physical topology: PC - > VLAN99 - > SRW2048 - trunk - > ASA5510
Switch Setup:
I've been tasked with breaking up a network that has run out of IP's, and have decided to use VLANs to accomplish this. I have to use an ASA5510 to accomplish all the routing between hosts in different VLANs.Port 48 is trunked to the ASA eth0/0 interface, with VLAN 99 and VLAN 20 tagging packets, VLAN 1 Untagged. Hosts hooked up to appropriate ports on Switch.
View 2 Replies
View Related
Oct 18, 2012
Are there any physical characteristic differences between the 6509 and 6509-E chassis?
View 4 Replies
View Related
Mar 17, 2013
I have 2 ASA5510's acting as routers/firewalls, setup on a LAN, each one pointing to a different gateway (different ISPs), and the exact same VLANs set up as sub-interfaces on each of these. Both act as DHCP relays to a Windows Server 2008 DHCP server. All the Trunking has been setup and works. When I Untag a switch port, and point it to whichever gateway?
View 2 Replies
View Related
Jun 19, 2012
I am using cisco c3660 to act as Terminal Server for the communication of production machines in my company, recently there is a communication lost issue happen and its due to physical cable unplug from the machine. to troubleshoot for this issues i have to physically go inside my production area to check on it, as i understand from vendor we can check on the physical machine to see whether the LED light on the module is green or not, but in case of need to troubleshoot at night time, its time consuming as i need to travel back to company. is there any command that i can issue in the router c3660 to check on the physical connection between c3660 router and the production machine? the IOS version is IOS (tm) 3600 Software (C3660-I-M), Version 12.1(4)
View 3 Replies
View Related
Sep 28, 2012
WE got our ESXi servers recently moved from a 6513 to nexus 2000 FEXs uplinked to a nexus 5000s basically we have enhanced vPC and nics goin to 2 different FEXs and they uplink to 2 nexus 5000.
the Vswitch for VMs is setup in a VPC. Question is do the traffic from each vm going in/out of these nics in a vpc actually use both physical links? How can i tell from the switch?
View 8 Replies
View Related
Feb 3, 2011
I have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
View 4 Replies
View Related
Jun 5, 2012
I am preparing configuration (currently in lab) for Per-Tunnel QoS in DMVPN on ASR 1002F for one of our customers, and I came across one issue. According to restrictions for this feature, I cannot apply per-tunnel QoS in conjunction with interface based QoS. This means, I can provide shaping with hierarchical CBWFQ for each spoke, but I cannot guarantee anything on physical interface! What if there are services in native MPLS? I am also unable give reservations for BGP which is used on PE-CE link! How about monitoring spoke PE-CE links natively? I can only apply policy-map with class-default on physical interface. When I add anything related to queuing for that class (or any other non-default class) I get the message:
R1(config- pmap)class routing
R1(config- pmap-c)#bandwidth 16
service-policy with queuing features on sessions is not allowed in conjunction with interface based
[Code] ........
View 8 Replies
View Related
May 30, 2011
I enabled snmp config ASA 5505 with Version 7.2(4), the NMS/reporting system can give graphs for CPU & Memory usages. But I can't see any elements about physical interfaces.
View 1 Replies
View Related
Feb 15, 2012
I have my wan connection on the eth0. The bandwidth is 2mbps. I am running qos on that interface saying 192.168.200.0/24 can use 80% of the bandwidth and 192.168.201.0/24 can use 20% of the bandwidth. I Also have vtun VPN inteface to our branch office. I also wan to run some qos on that interface. How do i go about allocating the bandwidth on this interface? it is actually going via the eth0 interface, but the system actually see's it a an independent interface on its own right, so it requires it's own qos policy.
View 3 Replies
View Related
Dec 9, 2012
We have recently upgraded oor LAN and we are using couple of Nexus5548UP switches in the core with 2960 stacks as access switches. Each access switches stack is connnected to both core switches with link being port-chanels and VPCs. All is working fine, but our SolarWinds management platform (NPM) is being flooded with "Physical Address changed" events. Here is an example of messages:
NSW_Core_2 - Ethernet1/7 Physical Address changed from 000000003811 to 73616D653811
NSW_Core_2 - Ethernet1/7 Physical Address changed from 200B82B43811 to 000000003811
For each interface I have messages like these repeating.I am not sure what those messages means or if there is actually anything wrong. Performance of the network is good, there are no errors on any interfaces and I do not see anything related in the switch loggs.
View 4 Replies
View Related
Nov 14, 2012
What the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies
View Related
Jul 9, 2012
I've Nexus 7010 switch installed in my DC. I've conncected Cisco router to one of the Ports. On the same port I'm getting following error message and hence, unable to form EIGRP neighborship.
DR-CORE-SW-S01-NEXUS7K %MODULE-2-MOD_SOMEPORTS_FAILED:
Module 1 (serial: JAF*******NGK) reported failure on ports 1/2-1/2 (Ethernet) due
to R2D2 : Speed patch failed - no frames transmitted in device 143 (error 0xc8f0
1273)
View 1 Replies
View Related
Nov 29, 2012
We have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections. We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?
View 1 Replies
View Related
May 2, 2013
ASA have two context groups say admin and and x. Its interface gi0/2 has 6 subinterfaces from 1 to 6.3 subinterfaces ----0/2.1 to 3 are in admin and last 3 are in context x.when i went to system context it does not show where interface gi0/2 belongs to it only shows up up.how can i find which context group physical interface gi0/2 belongs?
View 4 Replies
View Related
Sep 18, 2012
The layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.
View 2 Replies
View Related
Feb 28, 2012
What are the pros and cons of configuring a Switch Virtual Interface (SVI) versus a routed physical port between layer 3 switches?For example, if I have two 4506s and have a need to run HSRP and route between them which feature is better and why?
switch_a
!
interface vlan 25
ip address 10.10.10.1 255.255.255.0
!
interface fa0/1
switchport mode trunk
[code].....
View 1 Replies
View Related
Apr 11, 2013
I've problem with IP SLA probes between two different routers.2900 (c2900-universalk9_npe-mz.SPA.151-4.M4.bin) here is set "ip sla responder" only and 2800 (c2800nm-advipservicesk9-mz.124-24.T2.bin) here is set two type of tests "udp-jitter" and "icmp-jitter" - temporary, used to check for availability of 2900 router.As a result, I've what udp-jitter doesn't work at the same time icmp-jitter test is OK.Here are the settings of IP SLA tests
ip sla 281
icmp-jitter 172.25.28.1 source-ip 192.168.28.6 num-packets 100
tos 128
frequency 120
ip sla schedule 281 life forever start-time after 00:05:45
[code]...
View 3 Replies
View Related
Dec 11, 2011
Is there any official Cisco reference to describe what is considered to be the highest acceptable production CPU load on 2800 routers? I found the document "Integrated Services Routers G2 - Performance Overview" that states at page 5,Most service providers set their CPU alarms to 60 or 65 percent. Many enterprise customers are comfortable running production networks with CPU around 70 or 75 percent.
View 3 Replies
View Related
