Cisco Switching/Routing :: 2911 / 2960 - Putting ASA On Edge
Dec 29, 2011
Today I'm going to be re-organzing my network, kind of and I just wanted to get a second opinon. Right now I have an ASA 5510 and a Cisco 2911 and a Cisco 2960 (and I have two more 2911s and 2960s that handles our phone network).
Router 2911 is on the edge Gi0/0 has the public IP and Gi0/1 is not used and then I have 5 individual VLANs (Gi0/1.100, 1.200, 1.300, 1.400, 1.500) VLAN 100 is our internal network 10.10.18.1/24 (router is 10.10.18.1)And the 2960 is used for swichport access, the ASA is on the side and only used as a VPN.
What I want to do is put the ASA on the edge so I can dump all the access-lists and everything then 2911 will only be used to route the traffic. Now I know I will have to reconfigure the VPN, which isn't a problem. My question is when putting the ASA on the edge do I just put the public IP on the ASA's e0/0 and then plug the 2911 into the e0/1 of the ASA and give the Gi0/0 of the 2911 the ip address of 10.10.18.1 or do I just shut it down? The reason behind this is because I would actually like to use the ASA for more than just the VPN passthrough.
View 6 Replies
ADVERTISEMENT
Jul 31, 2012
I am trying to upgrade my 2960 edge switch through tftpd...i have configured vlan 1 with IP address 172.16.10.1 and tftpd as 172.16.10.2 I am trying to ping tftpd, but I couldn't, but when I try to ping vlan 1 from tftpd, i can?
View 6 Replies
View Related
Aug 2, 2012
we are in the planning phase for a network upgrade. We have two C2960 Switches connected via one (L2) Etherchannel (4x1 Gbit/s) which works very well. In the next phase we would like to upgrade our router to an 2911 series which has 3 gb interfaces. and indeed we would like to create an etherchannel as well. our plan is to use 2 of the 2911 to connect to the first 2960 switch and the one left to the other 2960. i think we will achieve some redundancy with this config.
View 6 Replies
View Related
Mar 28, 2012
I have a Catalyst 2950G when I activate the switchport port-security, but I want to empty the black list of mac address because every time I connect a device, the port is automatically désacative, here is the port configuration:
!
interface FastEthernet0 / 2
switchport access vlan 17
switchport mode access
switchport voice vlan 51
[code]....
I tried the following commands to clear the blacklist mac address of that port, but the problem is still relevant:
# Clear mac-address-table dynamic int fa0 / 2
# clear port-security all int fastethernet 0/2
# clear errdisable interface fa0 / 2 vlan
View 17 Replies
View Related
Feb 12, 2012
I have a couple of WS-C3750X-48T-L and a couple of WS-C3750X-12S-S, I want to stack all four of them together into a single stack. WS- C3750X-12S-S are running c3750e-universalk9-mz.122-58.SE2 whereas WS-C3750X-48T-L are running c3750e-universalk9-mz.122-55.SE3.I have got a couple of queries as under:What are the options to achieve putting all these 4 switches into a single stack? Can the LAN Base switches upgraded to IP Base?
View 3 Replies
View Related
Jan 13, 2012
I have a number of existing 4506 chassis type switches (the older non -E version) that I would like to roll out IP phones to. Instead of replacing the entire chassis, I would like to just replace the line cards in the switches with WS-X4548-GB-RJ45V. What or how much power supplies should I have in each switch to be able to power the 5 poe line cards (each port per line card will power an ip phone)?
View 6 Replies
View Related
Sep 4, 2012
i have a problem with a cisco cat. 4507 edge switch as when i have a login ssh session to the switch the supervisor engine restart and the redundant Sup. engine becomes the active and so on this problem mainly happen when i have multible SSH session to the switch and it happened very rarely with a single ssh login
the ios version i use is cat4500-entservicesk9-mz.122-54.SG which im using on all my edge switch and they are all working fine excpt this one
View 1 Replies
View Related
Mar 25, 2013
i have 2 no of 3560G in our core, now my requirement is to establish the redunent network like for the edge 2960G using stack or some other way ...
View 6 Replies
View Related
May 13, 2012
I need to make some changes on our network. We currently have two sites 150 miles apart we join both by way of fiber and on each side we have Cisco 3750 stack switches, configure trunking for all V lans on one port in site one then through the the long haul fiber to site two with site one using 10.1.1.30 and site two using 10.1.1.40 as their default gateway, with static routing all V lan sub nets to the other sites default gateway life is good.
My question - seeing how we have sites using the same sub net 10.1.1.x to trunk all data to each site through switches; we need to now change the network and add each site to the MPLS network, site one switch 1 IP address 10.1.1.30 going to MPLS router one with FA0/0/0 using IP 10.1.1.31, site two having switch 1 IP address 10.1.1.40 going to MPLS router one with FA0/0/0 using 10.1.1.41. I need to know will this work.
We have the same sub net in each site 10.1.1.x to the MPLS routers then the external router interface connecting each site to local switches, will this cause any problems by using the same local sub net for each site?
View 1 Replies
View Related
Feb 7, 2012
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
View 12 Replies
View Related
Feb 11, 2013
I have a 24 port 2960-S that is not communicating with a 2960-LST that it is directly connected to over fiber. The link is up on the LST but will not come up on the -S. What command should I use to bring up this link? I have tried no shut from the (Config-if)# prompt.
View 3 Replies
View Related
Jan 10, 2013
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
View 4 Replies
View Related
Jan 18, 2013
From My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies
View Related
Oct 2, 2012
I am using Cisco 2911 & IOS version is 15.1. My problem is that after some days (e.g. 15-20 days), the routing table suddenly stops updating & then I have to enter the default route again to make it up. I am using Track 1 to track default route here. After primary link goes down, the Track is also going down but after coming the primary link up, the track is not coming up. So, I have to add the default route again to make it up.
View 2 Replies
View Related
Dec 12, 2011
i downloaded and transfered the new ios to the 2911, but no install routine started.
View 3 Replies
View Related
Nov 19, 2012
after installation of demo versions of 2900-SEC-TEMP & 2911-2921-SSLVPN-TEMP & rebooting the 2911 router I do not have access SSL commands.Show license indicates that 2900-SEC-TEMP & 2911-2921-SSL-TEMP licenses are active but NOT IN USE.
View 1 Replies
View Related
Apr 19, 2012
I am configuring my first 2911 using a SFP card but I dont know the interface name for this module.
show inv shows the card..
What is the interface number for this card or if it needs some config before it will recognize the interface?
View 6 Replies
View Related
Nov 15, 2011
I have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
View 21 Replies
View Related
May 19, 2013
I have installed a cisco 2911 router and the cisco usb console drivers on my pc, win 7 64 bit.however when I use putty and open the com port assigned it just goes blank, I am using the usb port on my laptop to connect and using the cisco usb console cable provided
View 1 Replies
View Related
Nov 13, 2011
I've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.
View 1 Replies
View Related
Feb 19, 2013
connected DSL directly to 2900 series router , but as DSL public IP is not static (dynamic) its difficult to access Router when out of home, any other means to access router without static IP
View 2 Replies
View Related
May 8, 2011
I have 2 2911 routers that will be connected via fiber with an ethernet Gig handoff to each router. Each router will then be connected to local networks on a second ethernet interface on the router. I have always connected routers via serial connections so this is new to me. Outside of the usual ethernet interface addressing configuration, is there anything else that would need to be configured on the 2 routers?
View 1 Replies
View Related
Feb 29, 2012
i want to check if cisco2911-sec/k9 can support IP service image? what PAK(license) can be bought to activate the IP service feature set?
View 1 Replies
View Related
Dec 8, 2011
we have bought 2911 router recently has to set up VOIP line seperately for the network we have two two broadband service provider:
1. how can i use 1 line as an active and other line as a failover(when 1 line is down other line should automatically bear the traffic).clear config will be useful. NATTING using MAtch address objects( roughly )
broadband service provider 1: 97.89.X.X 255.255.252.0
broadband service provider 2: 10.0.x.x 255.255.240.0
2. there are only 20 users to set up a voip line now. here we have telecom provider where they should route the traffic to make any international calls( say telecom public ip 200.200.109.110)from lan - wan everything is allowed from wan -lan we have to allow only telcom provider IP(200.200.109.110)
View 7 Replies
View Related
Apr 18, 2012
Need to confirm about 2911 isr, what interface numbers are given to a 9esw when placed in the far left hwic slots (hwic slot 2+3).
I need to build some configs but its going to be a few more weeks before the kit arrives.
View 1 Replies
View Related
Mar 12, 2013
I would like to ask if how can we determine by mear physical inspection if the power supply of a CISCO2911/K9 router is AC, POE or DC? Do we have images of the actual spare power supply?
View 3 Replies
View Related
Feb 12, 2013
We have purchased a number of 2911 routers.We got Base & security license as we wanted to enable encryption. However we probably wont use the security.We are replacing 2811 routers.Unfortunately the 2811 routers have FXS ports with 2 - 4 POTS handsets - I completely forgot about these ports when I was ordering.Now I have VIC3-FXS cards which are ok in the 2911 but unfortunately I cant get them to work.I am missing PVDMs (well adapters anyway), and even if I got them the router wont take any commands relating to voice due to the license.Is is possible to 'rehost' the security and turn it into a UC ?I am new to these 2911 and Licensing.
View 1 Replies
View Related
Feb 12, 2013
I have a Cisco 2911 router and a Cisco 2960 switch at a remote location.I have a user who will work out of this office a few days out of the week and will need to obtain the same IP address everytime the user visits this office. This office has no file server, no dhcp server. I have the user's MAC address and for now, the user is getting an IP address that is leased for 30 days. I'm trying to find the best way to configure either the router or switch or both so that each time this user connects to this office, that user device will always pull the same IP address and of course no other device will use that IP.
I've did some research in creating a small vlan possibly, and assigning it specifically to the port# that the user's desk is at, but not sure if that's the best way or exactly sure how it'll work. I'm currently studying for my CCNA so this is all new to me and I'm trying to do research and test without obviously causing production issues especially given this is a remote site and I access these devices via putty. I can however drive to the site if needed for testing, but I'd like to have a good grasp on what method I'll be using that will work before I actually make the trip.
View 3 Replies
View Related
Aug 8, 2012
The layout of the equipments are as such,other equipment <--> 2911 Router <--> Ether-Switch/3925 Router <--> 7206 <--> Internet,During certain times at night, the 2911 exhibits cpu load, high packet loss and an increase in bandwidth of at least twice it's normal amount. this results in packet loss in all the other equipment. I am attempting to locate who was demanding such a high burst but so far the graphs display normal rates for all the other equipment.Because the 2911 demands an increase from the 7206, the 7206 is able to accommodate this as it still has balance BUT my other equipment that are connected to the 7206 takes a drop in bandwidth as well. the graph shows that when the 7206 bursts higher, the rest of my other links take a slight drop in bandwidth.Also, the graph from Ether-switch to 2911 indicates the bandwidth hike BUT the graph from 2911 to ether-switch does not display the same thing as due to the cpu load, the data is somehow not captured properly.
View 2 Replies
View Related
May 7, 2013
I have a 2801 router that I am replacing with a 2911. I know the ports on the 2911 are Gigabits and the 2801 are Fe. I read where the IOS would not support backup and restore on each other . I am attaching a show ver on both routers. I need to know if backup and restore would work and or what other changes would need to get done.
View 1 Replies
View Related
Feb 21, 2013
’m somewhat new to Cisco routers this is my first attempt at getting one to work. I work in an environment with multiple locations, most are using the Cisco Model: 2911/K9 or the Model: 2921/K9 routers running IOS Version 15.0.We just added a new small office and all I had in the way of a router was a Cisco C1841-IPBASE-M router, running IOS Version 12.4.When setting up the C1841 I kept the configuration pretty much the same as the others allowing for the differences in the OS. I can remote into the 0/0 (outside port) from over the network, I can ping to that port without fail, but I can’t send or receive traffic from the 0/1 (inside port).
View 1 Replies
View Related
Nov 27, 2012
Two c2911 routers are connected to LAN and have HSRP configured. HSRP is negotiating successfully (active/standby), but LAN switch Enterasys Matrix E1 has problems accessing the virtual HSRP address. The switch can ping HSRP IP, and the virtual HSRP MAC is visible in its MAC table. But the static routes configured on the switch towards the HSRP IP seem to refuse working. Workaround to enable users to access network was to direct the static routes to the physical IP of one router. Is there a known incompatibility between Enterasys with Cisco HSRP?
View 1 Replies
View Related
May 3, 2013
I attached the terminal to the console port to watch the bootup sequense, but nothing appear the same cable used on athor switches and router without any issue.procedure to access the router noting that Giga ports not working also.
View 2 Replies
View Related
