Cisco Switching/Routing :: 2911 Static / Reserved IP Based Off Of MAC
Feb 12, 2013
I have a Cisco 2911 router and a Cisco 2960 switch at a remote location.I have a user who will work out of this office a few days out of the week and will need to obtain the same IP address everytime the user visits this office. This office has no file server, no dhcp server. I have the user's MAC address and for now, the user is getting an IP address that is leased for 30 days. I'm trying to find the best way to configure either the router or switch or both so that each time this user connects to this office, that user device will always pull the same IP address and of course no other device will use that IP.
I've did some research in creating a small vlan possibly, and assigning it specifically to the port# that the user's desk is at, but not sure if that's the best way or exactly sure how it'll work. I'm currently studying for my CCNA so this is all new to me and I'm trying to do research and test without obviously causing production issues especially given this is a remote site and I access these devices via putty. I can however drive to the site if needed for testing, but I'd like to have a good grasp on what method I'll be using that will work before I actually make the trip.
View 3 Replies
ADVERTISEMENT
Mar 18, 2013
I have setup a basic PBR config to route Http and Https out of a different interface (fa0/0/0) but for some reason http traffic is still going out of the Gi0/1 interface.
Config attached minus the crypto stuff and the publics have been changed.
View 17 Replies
View Related
Aug 13, 2011
I have 2 connections a single T1 for voip traffic only and a DSL line for data traffic.the dsl was migrated to a 2811 with out any issues now comes the time to move the T1 over.
on the T1 side I am able to ping the WAN router and the LAN router IP address but nothing behind it.
currently this is the only statment on the router:
ip route 0.0.0.0 0.0.0.0 Dialer1
as a quick a dirty to remove the above i tried:
no ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 66.55.110.0 255.255.255.0 Dialer1
but the DSL side dropped. we have a 66.55.110.152/29
for the T1 i would use the following statement.. we have a 209.98.53.192/27
ip route 209.98.53.0 255.255.255.255 65.32.70.177
View 12 Replies
View Related
Mar 25, 2013
I have a 2911 router connected to two different ISP. Is it posible to route traffic based on what interface the traffic came first?Lets say I have the deault route to use interface gig0/0(ISP1), but a certain ip packet reach the router by interface gig0/1(ISP2). Is there any way (if possible without using source NAT) that I could route traffic back to that ip address using interface gig0/1. The source Ip addresses are not fixed, so I can not use Policy Based Routing.
View 1 Replies
View Related
Jun 26, 2012
I have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
This is a single point of failure and what I need is a way to mitigate that. Under:
redundancy
application redundancy
group 1
control <interface> protocol 1
only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?
View 1 Replies
View Related
Jun 3, 2012
why this static nat is invalid The following is config
ip nat pool wan xx.xx.xx.xx netmask 255.255.255.240
ip nat source static tcp 192.168.2.5 5555 xx.xx.xx.xx 5555 extendable
ip nat inside source route-map office pool wan overload
penghai#show ip nat trans
Pro Inside global Inside local Outside local Outside global
udp xx.xx.xx.xx:31 192.168.2.5:137 192.168.2.255:137 192.168.2.255:137
udp xx.xx.xx.xx:32 192.168.2.5:138 192.168.2.255:138 192.168.2.255:138
tcp xx.xx.xx.xx:3648 192.168.2.5:3648 23.11.206.176:443 23.11.206.176:443
tcp xx.xx.xx.xx:3652 192.168.2.5:3652 23.11.206.176:443 23.11.206.176:443
udp xx.xx.xx.xx:40 192.168.2.11:137 192.168.2.255:137 192.168.2.255:137
View 8 Replies
View Related
Oct 18, 2011
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
View 5 Replies
View Related
May 6, 2012
I need to open a port in a Cisco 2911 router to permit the conexion to an equipment that is inside the LAN, but I my configuration doesn't workt.
I have 3 interfaces configured: two WAN interfaces (one is a backup of the other) and a LAN interface. The configuration is this (public IPs are changed):
track 1 ip sla 1 reachability
!
!
interface GigabitEthernet0/0
description backup
ip address 176.55.25.25 255.255.255.252
ip nat outside(code )
View 16 Replies
View Related
Aug 9, 2011
I am using Cisco 2911 router , i configured remote client in that . i need to provide the static ip to the remote users instead of providing from the dhcp pool. is it possible? if it is how we can do that.
View 5 Replies
View Related
Apr 19, 2012
Cisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies
View Related
Feb 26, 2012
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
View 3 Replies
View Related
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Oct 17, 2011
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
View 5 Replies
View Related
Jan 28, 2013
In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
View 16 Replies
View Related
Apr 17, 2012
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
View 16 Replies
View Related
Sep 5, 2012
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
View 10 Replies
View Related
May 10, 2012
I have problem while implementing policy based routing with a firewall. Let me explain in detail.
I have 2 remote site(Site A-small , Site B - Big) , Site B is connected with HQ with Tunnels 1 and 2 , Site B and Site A is connected with Tunnel 9941.
What I want is: Scenirio for Communication :
1)Site A--------->VPN Router Site B-----------> FW-------------->VPN Router Site B------------------>Central Site
2)Central Site--------->VPN Router Site B-----------> FW---------->VPN Router Site B-------------->Site A
3)Site B--------->FW-------------------->VPN Router Site B------>Central Site
4)Central Site--------->VPN Router Site B-------------------->FW------>Site B
5)Site A--------->VPN Router Site B-----------> Site B(no firewall)
6)Site B--------->VPN Router Site B-----------> Site A(no firewall)
Tunnel 1: 10.13.199.1-2
Tunnel 2: 10.13.199.1-2
Tunnel9941: 172.22.99.1-2
Site A LAN- 10.99.41.0/24
Site B LAN- 10.99.0.0/16
Central LAN - 10.18.0.0/16
View 4 Replies
View Related
Mar 4, 2012
I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.Currently set my default static route 0.0.0.0 0.0.0.0 10.1.18.71 to my Firewall A Currently all of the VLAN for will be routed to 10.1.18.71
I've created a new VLAN 2 for my 10.1.2.0/24 network with the VLAN interface 2 ip address 10.1.2.10, my intention is to route 10.1.2.0/24 traffic to my 10.1.2.1 by creating the access list and route-map.
I've configure my test pc with a static ip and my gateway pointing to 10.1.2.10 (VLAN 2 gateway) , i'm not able to route to 10.1.2.1.
View 7 Replies
View Related
Mar 11, 2012
I am having a problem with PBR done on a 7604-S router - It seems like it is not done in harware. I have an Iperf client and an Iperf server, and would like to test the performance of 7600 router for PBR, supervisor is RSP720-3C-G and used interface card is 7600-ES20-GE3C ESM20G.
I have read numerous discussions about PBR that is supposed to happen in hardware when you use it with matching access-list and set ip next-hop.Although, when I start the iperf, the 7600 cpu is hitting the 80-90 % boundary, and transfer bandwidth can't go over 120-130 Mbit/s.The IP Policy is applied on an interface part of vrf ONE maybe this is casing the problem... ?
The diagram and configuration follows:
Configuration:
c7604#sh run
boot system flash disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin
!
ip vrf one
[Code]...
View 8 Replies
View Related
Jan 8, 2012
I've been implementing a setup where a remote office has a Cisco 1900 router. There are 2 GRE/ IP SEC tunnels to the headquarters, 1 over public internet, 1 over a private cloud. Because of some MTU issues we have to clear the DF bit for some of the traffic, but we also want to use PBR to send https traffic over the "public internet" tunnel and the rest of the traffic over the "private cloud" tunnel. I'm able to clear the DF bit and to do the PBR with route-maps, but I'm not able to implement both functionality at the same time.
View 1 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Dec 2, 2012
I have 2 ISP connected to Router A and Router B.Both the routers are connected to the core 3750 switch.. I want to send the traffic from the switch that goes to router A to router B..[code]
View 10 Replies
View Related
Mar 6, 2012
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies
View Related
Oct 2, 2012
I am using Cisco 2911 & IOS version is 15.1. My problem is that after some days (e.g. 15-20 days), the routing table suddenly stops updating & then I have to enter the default route again to make it up. I am using Track 1 to track default route here. After primary link goes down, the Track is also going down but after coming the primary link up, the track is not coming up. So, I have to add the default route again to make it up.
View 2 Replies
View Related
Dec 12, 2011
i downloaded and transfered the new ios to the 2911, but no install routine started.
View 3 Replies
View Related
Nov 19, 2012
after installation of demo versions of 2900-SEC-TEMP & 2911-2921-SSLVPN-TEMP & rebooting the 2911 router I do not have access SSL commands.Show license indicates that 2900-SEC-TEMP & 2911-2921-SSL-TEMP licenses are active but NOT IN USE.
View 1 Replies
View Related
Apr 23, 2012
The 3750-12S-S comes with IP based IOS. I know it is possible to upgrade the IOS on a 3750X-48P-L from LAN based to IP based IOS. However, can the IOS on the 12-S be downgraded to the LAN based IOS?
View 2 Replies
View Related
Apr 9, 2012
I would like to configure few routings on my Cisco router 871 in order to allow my employees to have access only to specific websites.However, since some websites have dynamic IPs propably the route that I will create will not work.
My question is, can I configure a route or is there any other way to configure this permission based on the hostname/domain? For example, if I want to permit access to this website www.surveymonkey.com (75.98.93.51) instead of configuring:
ip route 75.98.93.51 255.255.255.255 192.168.10.250
is there any way to configure based on the url.. in order to be able to recognise this host correctly??
View 2 Replies
View Related
Apr 19, 2012
I am configuring my first 2911 using a SFP card but I dont know the interface name for this module.
show inv shows the card..
What is the interface number for this card or if it needs some config before it will recognize the interface?
View 6 Replies
View Related
Nov 15, 2011
I have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
View 21 Replies
View Related
May 19, 2013
I have installed a cisco 2911 router and the cisco usb console drivers on my pc, win 7 64 bit.however when I use putty and open the com port assigned it just goes blank, I am using the usb port on my laptop to connect and using the cisco usb console cable provided
View 1 Replies
View Related
Nov 13, 2011
I've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.
View 1 Replies
View Related
Aug 2, 2012
we are in the planning phase for a network upgrade. We have two C2960 Switches connected via one (L2) Etherchannel (4x1 Gbit/s) which works very well. In the next phase we would like to upgrade our router to an 2911 series which has 3 gb interfaces. and indeed we would like to create an etherchannel as well. our plan is to use 2 of the 2911 to connect to the first 2960 switch and the one left to the other 2960. i think we will achieve some redundancy with this config.
View 6 Replies
View Related
