I have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
View 21 Replies’m somewhat new to Cisco routers this is my first attempt at getting one to work. I work in an environment with multiple locations, most are using the Cisco Model: 2911/K9 or the Model: 2921/K9 routers running IOS Version 15.0.We just added a new small office and all I had in the way of a router was a Cisco C1841-IPBASE-M router, running IOS Version 12.4.When setting up the C1841 I kept the configuration pretty much the same as the others allowing for the differences in the OS. I can remote into the 0/0 (outside port) from over the network, I can ping to that port without fail, but I can’t send or receive traffic from the 0/1 (inside port).
View 1 Replies View RelatedI've just started a CCNA course and my lack of knowledge has me a bit stuck. My network is comprised of Cisco components and I'm semi familiar with them just from reading and looking through options. I currently am using a Cisco ASA 5520 on my network and I am trying to join another network via one of the interfaces. My network is 192.168.0.0 255.255.0.0 and my inside interface is 192.168.1.1 255.255.0.0. I enabled a second interface using a static ip of 10.0.0.1 with a subnet of 255.255.255.128. Connected to that interface, I have a Fortigate firewall at 10.0.0.2 255.255.255.128. I can ping just fine from the Fortigate network to the 10.0.0.1 interface on the Cisco ASA 5520 network, but I can not ping the 10.0.0.1 interface (or anything past it) on the ASA 5520 from any computer on the Cisco network. I've read that ACL's and NAT have to be done as well as enabling traffic between interfaces with the same security levels. (both interfaces have security levels of 100 and the option is checked to allow traffic).
Note: each network has it's own internet connection. The connection is to share information on servers on both networks with each other.
I am trying to connect a Control network that can not have access to the Internet, or any other network for that matter, to my Admin network so that I can retrieve trend data about the plant that goes into a database. Right now the process is print information, hand jam into excel spreadsheet, print again, and hand jam into another excel spreadsheet on the other network. Reports are printed automatically once a day, but would like a simplified way of getting data from one network to the other without having to re-enter data several times. Current policies stipulate no USB drives connected to Control systems. Even if we could loosen that, personnel needed to transfer data is not available and going to each individual machine would take more time than current system.Now that background is laid, I have two 2911 ISR routers with EIGRP configured, each with a 4 port EHWIC card. The 3 L3 ports on the router are setup as follows: interface G0/1 to the internet, interface G0/2 to a wireless back haul, and interface G0/0 for IT network. I then have 3 VLANs setup on the EHWICs for our Admin network. We will move the IT network to a VLAN on the remaining EHWIC port and connect the two 2911's through the G0/0 interface. I am going to have one computer on my Administration network dedicated to receiving the information and have a program that will take that data and import it to a database. I need to allow only that computer to receive traffic from the Control network and I need no traffic to flow back into the Control network. In other words I will transmit data from the control network to the admin computer using one protocol (TFTP more than likely) and block any other traffic coming out of and going into the Control network.
View 1 Replies View RelatedI have configured multicast(ip pim dense-mode) on two 2911 that are connected by a Multilink( 3 Mbps) Wan connection.The configuration works fine for awhile and sometimes all day but at some point one of the Multilink interfaces stops passing multicast traffic.I perform a SH Multilink 1 on the interfaces and one show multicast packets incrementing and one does not, it just stops.The problem acts like there is a buffer that gets full and after that happens it just stops working.
View 2 Replies View RelatedI would like to ask a question about the setup that I'm trying to implement.I've got two WICs, 3G and LTE, in the router, one has its static IP address using 3G network, and another one has negotiated IP address using LTE network.There is no physical circuit/connection coming in to this place.Let say 3G network is (A.A.A.A|Cellular 0/0/0), and LTE network is (Negotiated IP|Cellular 0/1/0).There are two different network coming to the router. Let say they are 10.1.1.0/24, and 10.1.2.0/24,I want to route 10.1.1.0/24 traffic using 3G Network A.A.A.A Cell0/0/0,and route 10.1.2.0/24 traffic using LTE network, Negotiated IP Cell0/1/0. We're talking about only the default routes here.
View 1 Replies View RelatedWe currently installed a 100Mbps fiber line with Ethernet hand-off. I purchased a Cisco 3925 ISR to be the gateway for this connection. I am not going to use it for any security purposes. I have an ASA5520 that will do that work. Right now I am currently just trying to get the router online.
I know the following
Laptop <--->GB 0/1((()))GB0/0<---->Ethern
et handoff from ISP.
I can ping and SSH to the outside interface of the router from outside the network. I can also ping and SSH to the router from the laptop that is directly attached to the routers GB0/1 port. From the Router's CLI I can ping IP addresses on the internet. From the laptop I can not. I can not access the internet through the router though. Here is my config.Building configuration...
Current configuration : 3724 bytes!! Last configuration change at 02:17:03 UTC Tue Jan 15 2013 by ggsis! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsis! NVRAM config last updated at 02:09:33 UTC Tue Jan 15 2013 by ggsisversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname XXXNAMEXXX!boot-start-markerboot-end-marker!!logging buffered 51200 warningsenable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX!no aaa new-modelmemory-size iomem 20!no ipv6 cefip source-routeip cef!!!!!no ip domain lookupip domain name XXXXXXXXXXXXXXDomainXXXXXXXXXXXmultilink bundle-name authenticated!!crypto pki token default removal timeout 0!crypto pki trustpoint TP-self-signed-XXXXXXXXXXXXXXXXenrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXXXXXrevocation-check nonersakeypair TP-self-signed-XXXXXXXXXXXXXX!!crypto pki certificate chain TP-self-signed-XXXXXXXXXXXXXXcertificate self-signed
[code]...
I am wondering if xconnect L2TPV3 feature could be done on multiple SVI interfaces on 871 router and 2911 router with built in 8 port switch?Like I need to extend two ethernet interfaces and can I use two SVIs on router built-in switch module on each side?
View 2 Replies View RelatedI have a problem accessing my wireless router through VLAN sub-interface on my Cisco 1841 router. My hardware:
Cisco Catalyst 2960 switch (192.168.100.4 /24)
Cisco Catalyst 3550 switch (192.168.100.6 /24)
Cisco 1841 router (192.168.100.7 /24)
Asus RT N66U wireless router (192.168.100.2 /24)
Here's my network topology:
I have two VLANs - 10 and 20. 2 DHCP pools are configured on 2 1841's interfaces - 192.168.1.0 /25 and 192.168.1.128/26 with default router sitting on 192.168.1.1 and 192.168.1.129 respectively. No issues with obtaining IP address from any of those pools.Laptop connects to L3 3550 switch (switchport access vlan 10), which, in turn, connects to 1841 router through trunk (with VLANs 10 and 20 allowed).3550 is connected to 2960 through trunk with VLANs 10 and 20 allowed.Wireless router is connected to 2960.I can successfully ping my wireless router and outside world from 1841 from fa0/1 interface, but not from fa0/1.10 or fa0/1.20 sub-interfaces - all packets got dropped. My laptop can obtain IP from both pools (depending on port I connect it to), but can't ping my wireless router and anything beyond it.
I attach my configs:Cisco Catalyst 3550:interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport port-security mac-address sticky speed 100!interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk!interface FastEthernet0/3 switchport access vlan 10 switchport mode access!interface FastEthernet0/4 switchport access vlan 20 switchport mode access!Cisco 1841:
ip dhcp pool Vlan10DHCP network 192.168.1.0 255.255.255.128 default-router 192.168.1.1 dns-server 208.67.220.220 domain-name home.local
!ip dhcp pool Vlan20DHCP network 192.168.1.128 255.255.255.192 default-router 192.168.1.129 dns-server 208.67.220.220 lease 0 12
interface FastEthernet0/1 ip address 192.168.100.7 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1.10 description VLAN10 Sub Interface encapsulation dot1Q 10 ip address 192.168.1.1 255.255.255.128!interface FastEthernet0/1.20 description VLAN20 Sub Interface encapsulation dot1Q 20 ip address 192.168.1.129 255.255.255.192!
Routing table on 1841:
[code]....
I am using Cisco 2911 & IOS version is 15.1. My problem is that after some days (e.g. 15-20 days), the routing table suddenly stops updating & then I have to enter the default route again to make it up. I am using Track 1 to track default route here. After primary link goes down, the Track is also going down but after coming the primary link up, the track is not coming up. So, I have to add the default route again to make it up.
View 2 Replies View RelatedI have VLans 20 and 21 set by ISP for Voice and Data respectively.What will happen if I already have VLans 20 and 21 in my Local network?
View 4 Replies View Relatedi have a cisco catalyst 2960g and for some reason out of the blue, some interfaces go down and then up. It started doing it after a power cycle.
View 1 Replies View RelatedI am using an Old 3500XL and I simply created a
interface VLAN 100
Description ***********
ip address 10.0.1.100 255.255.255.248
no ip directed-broadcast
no ip route-cache
shutdown
no matter what I do i cannot get it to come up, the rest of the switch is default config, I know I am just forgetting something, But I don't know what?
today I witnessed a cisco n5k that stopped playing fair. For a yet unkown reason several interfaces started to show output errors all begining within the same second. While i instantly thought this would be a wiring issue I began to ask myself what an output error actually means. Google usually brings up output drops, not regular output errors. So what is it and how can a 10G fiber interface even detect that there is a problem without receiving what it was sending?
View 2 Replies View Relatedi downloaded and transfered the new ios to the 2911, but no install routine started.
View 3 Replies View Relatedafter installation of demo versions of 2900-SEC-TEMP & 2911-2921-SSLVPN-TEMP & rebooting the 2911 router I do not have access SSL commands.Show license indicates that 2900-SEC-TEMP & 2911-2921-SSL-TEMP licenses are active but NOT IN USE.
View 1 Replies View RelatedI currently have a site to site VPN running connecting a branch office and the Main office using a ASA5510 and ASA 5505. currently PC's at the branch can access the network in the main office using interface 0/1, but we have added another ip range using interface 0/2 and I can't seem to route the traffic to both interfaces. I currently have 0/1 as inside 192.168.10.1 which works, and have added 0/2 as Inside2 192.168.20.1. I know I am forgetting something, any commands to route incoming VPN traffic so PC's at the branch office can connect to both IP ranges?
View 14 Replies View RelatedOur ASA 5520 firewall is running 8.0(4) IOS.I have an internal L2L VPN terminating on my firewall (from an internal remote site) on ENG interface.With the default "sysopt connection permit-vpn" command enabled, VPN traffic is allowed to bypass the ENG interface acl.The security level on the ENG interface is set at 50.The security level on the destination interface PRODUCTION is set at 40.Inbound VPN traffic bypasses ENG interface acl and since higher-to-lower security level allows VPN traffic to flow freely from ENG to PRODUCTION, it seems the only place to check/filter VPN traffic is an ACL placed on the PRODCTTION interface and set at INBOUND (outbound VPN traffic).
View 4 Replies View RelatedI am currently trying to setup a GRE tunnel on a cisco 861. As part of a configuration template provide by an outside source I am recommended to use a sub-interface on the router but the recommended configuration does not work.
View 1 Replies View RelatedI am trying to connect a 6509 switch to a 4503-E switch using single mode dark fiber over a distance of less than half a mile. Although a routine task, it does not work..We have a care 6509 switch where we concentrate all of our dark fiber connections for our remote sites. The 6509 switch already has 30 remote sites, most of them with 4503-E switches, connected in this way therefore it is a tested scenario. For the connections we use the GLC-LH-SM SFPs on both switches. Out of these 30 sites we had a similar problem with two of them, which we solved with the use of CWDM SFPs. With the CWDMs the fiber came up right away. However, I cannot keep using this solution because it is way too expensive! I had the losses of the fiber measured end-to-end and they are negligible (>0.5 dB).
In this latest case, like I said, we could not bring the connection up between the core 6509 switch and the 4503-E switch using the GLC-LH-SM SFPs. I then replaced the 4503-E switch with a 3560 and the link came up! Then I tried using a CWDM-SFP in the 4503-E, while keeping the GLC-LH-SM SFP in the 6509 and the link came alive again! Of course we already tried replacing the fiber patch cords with no luck. [code] I find it very weird for the link to work with the 3560 or with a CWDM in the 4503 but NOT with the SFP in the 4503!
I have a Nexus 5548UP that would be managed by two organizations. Is it possible to set IP addresses for mgmt0 and an SVI (or an L3 interface) without using the L3 daughter card? I don't want to route between VLANs, just to separate management traffic.
View 4 Replies View RelatedI just upgraded all of our switches on campus to Version 15.0(2)SG4 after about a month of testing. On two switches so far, we are seeing that clients can not connect, and the switch isnt detecting a link. I dont see anything out of the ordinary in int status, port-security, or errors on the interface. Plugging in a different computer does nothing. Only thing that works, is a shut, no shut of the interface. After that, its connected.
View 7 Replies View RelatedI'm working on my CCNA. I purchased an old router 2610 with two ethernet ports. I configured the IP addresses on the interfaces and added the default gateway. I configured NAT to go out my ATT DSL router to the internet. With the 2610, I'm able to ping the back end or internal DSL router, but I can't ping the front end, external router, or out to any internet site such as google.
View 10 Replies View RelatedWe did an upgrade from NX-OS 5.1.5 to 5.2.4 and found all M1 line card interfaces were stuck in initializing state for long time.'show module' status says ok. And we cannot execute shut/no shut command under the interface. N7K-M108X2-12L & N7K-M148GT-11 are the two M series cards. Only option was to downgrade back for the time being.
N7K01# sh int e1/1 | in down
Ethernet1/1 is down (initializing)
I have two switches (sanitized configs attached) and I am trying to bond int gi0/1 and gi0/2 between the two. Then I need int gi0/3 back to the main LAN switches. These are new Vlans created 982 and 983 for these switches. Question #1: do the configurations look correct? I haven't placed any laptops on the interfaces to test interconnectivity yet but I am wondering if it will work with no default routes.
The admin team needs these switches at location A for setup then they will be moved to Location B. The only thing that sucks for me is that the network admin before me created gateway interfaces for all the local Vlans on a main router as sub interfaces. For example, for these two subnets, I need to create subinterfaces below (at location A), which is why a gave the Vlan on the switches, ip addresses.
interface GigabitEthernet0/0.982
encapsulation dot1Q 982
ip address 10.98.2.1 255.255.255.0
ip flow ingress
no cdp enable
service-policy input mark-mplsqos-in
interface GigabitEthernet0/0.983
encapsulation dot1Q 983
ip address 10.98.3.1 255.255.255.0
ip flow ingress
no cdp enable
service-policy input mark-mplsqos-in
When I move the subnet to location B, I will also move the gateway. These two switches will be used mainly for a VMWare and HyperVisor environment so Vlan 982 is for VMA network and Vlan 983 is for management. The admin tells me the software needs to tag the packets, I am not sure if I care as the switches should handle that also.
Is the onboard interfaces on an ASR router (4x on ASAR1002, 6x on ASR1002-X) are fixed gigabit or are they 10/100/1000 ?
I assume the interfaces on the 8port Gigabit SPA module are fixed gigabit speed ports (why otherwise sell a 10/100 8port SPA module also ?) no ?
I need to bridge 2 subinterfaces; F0/0.301 and F0/0.302 on a single router.The router interfaces with a Cisco 2960 (LAYER-2) switch.QUESTION is, does a Cisco router support bridging on subinterfaces on the same physical interface?Currently this is NOT operational Spaiing-tree on F0/0.301 and F0/0.302 is down, switch side is forwarding for both Vlans.show ip interface brief shows up/down status of F0/0.301, F0/0.301 and BVI6 is down/down?
:
SETUP:
bridge irb
!
!
Interface F0/0
no ip address
[code]....
I have a Cisco 2911 Router and I need to split the traffic from my Lan (Gi0 / 0) by ISP1 (fa0 / 0) and that of my servers (Gi/0/0) by ISP2 (fa0 / 1). [code]My problem comes when wanting to communicate with my remote networks that reach the int Gi 0/1, because when my network to match the policy- route internet sends me all the way.
View 1 Replies View RelatedI am configuring my first 2911 using a SFP card but I dont know the interface name for this module.
show inv shows the card..
What is the interface number for this card or if it needs some config before it will recognize the interface?
I have installed a cisco 2911 router and the cisco usb console drivers on my pc, win 7 64 bit.however when I use putty and open the com port assigned it just goes blank, I am using the usb port on my laptop to connect and using the cisco usb console cable provided
View 1 Replies View RelatedI've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.
we are in the planning phase for a network upgrade. We have two C2960 Switches connected via one (L2) Etherchannel (4x1 Gbit/s) which works very well. In the next phase we would like to upgrade our router to an 2911 series which has 3 gb interfaces. and indeed we would like to create an etherchannel as well. our plan is to use 2 of the 2911 to connect to the first 2960 switch and the one left to the other 2960. i think we will achieve some redundancy with this config.
View 6 Replies View Relatedconnected DSL directly to 2900 series router , but as DSL public IP is not static (dynamic) its difficult to access Router when out of home, any other means to access router without static IP
View 2 Replies View Related