Cisco Switching/Routing :: 2921 Multiple Netflows From Same Router
Nov 15, 2012
What I’m looking to do is setup a net-flow monitor for traffic going across a PIX firewall. I know unfortunately I can’t do this directly from the PIX because it does not support net-flow.
I do have a 2921 router on the same network that I have net-flow enabled to monitor traffic across the MPLS Connection.
Since the traffic for the MPLS is going out a direct interface I have applied the IP Flow egress/ingress commands to that interface to obtain the net-flow data I need. The PIX firewall however is not a direct interface so this can’t be done. I have done a little reading and believe I could use a policy map to create a “filter” so that any traffic that meets the ACL associated with the Policy-Map would get sent to net-flow monitor.
My question is how do I set that up so that so I can have the two net-flow data “streams/sources” go to separate net-flow ports so that I can monitor them independently of each other or is that not possible?
Both devices are connected to a 3750X switch; however neither is connected to a 10GB port. To my understanding that means I can’t run net-flow on the switch itself.
View 3 Replies
ADVERTISEMENT
Mar 10, 2013
I have 2921 router and I have 3 very basic switches that I need to connect to the router. The switches have very basic default configurations and there is no way to edit them, so I only have one VLAN and one default gateway. I can't assign the same IP address to each LAN port. I'm not sure how to make this setup work.
View 12 Replies
View Related
Nov 21, 2012
the cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.
View 6 Replies
View Related
Dec 12, 2012
I have 2 links to 2 different departments switch with an up link of 10mb. I want to guarantee that both departments get at least 5mb, but can use part of the other 5mb that not in use. Is this possible?
View 3 Replies
View Related
Feb 12, 2013
I am configuring DHCP pool for voice vlan on cisco 2921 router.
Here is the setup.
2921 router -> 3750 -> 2960 PoE -> 7942 IP Phone
Router Config
ip dhcp excluded-address 10.146.54.1 10.146.89.50
!
ip dhcp pool VoiceVlan
network 10.146.54.0 255.255.255.0
subnet prefix-length 24
dns-server 10.144.68.32 10.144.68.33
option 150 ip 10.146.68.36
default-router 10.146.54.1
netbios-name-server 10.144.68.32 10.144.68.33
netbios-node-type h-node
[code]....
View 1 Replies
View Related
Nov 6, 2011
i have an 2921 connected to an Catalyst 3560. My router interface shows quite a lot of input queue drops. Load is not too much max 5/255.
View 1 Replies
View Related
Jul 4, 2012
We are in the process of switching our infrastructure of our routing/firewalls/vpns over to cisco. We are switching our first location and one of the issues I'm struggling with is windows authentication pass-through for internally hosted web pages. Meaning, user inside our network has the 2921 as their default gateway, they try to access a web page that is hosted on the internal network but is secured with windows authentication. In the past, because they are logged into the domain internally, the website authenticates and loads. After switching to the Cisco, it asks for a password even though they are logged in.
Because its the web server that actually authenticates I'm not sure why the router isn't allowing that to happen, but I can't think of anything else that could be causing this behavior.
View 4 Replies
View Related
Mar 9, 2010
Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies
View Related
Jan 12, 2013
i have a router 2921 with the aproprieted voice card for E1 and licenses. I would like to know how to configure it for incoming and outgoing calls. I already configured the ephone and SIP phones for internal calls. now i just need to configure it for send and receive external calls.
Router:
IOS: c2900-universalk9-mz.SPA.153-1.T
CME: 9.1
ISP from Brazil:
type: E1
signal: R2 Digital
Channels: 32
Phone Number Iniital: XXXX-9250 (main)
ephones-dn numbers: 9250 to 9280
View 5 Replies
View Related
Nov 20, 2012
I have bought DRAM MEM-2900-2Gb for 2921, and received the following error...
Validation failed for DIMM0
*****System halted*****
%SPD info: DIMM0: Invalid DIMM type (only UDIMMs are supported)
View 5 Replies
View Related
Jun 22, 2012
We have remote office where we have 2921 router with 6 layer 2 switches. We have few servers which need to be in specific vlan.
2921 router does not have switching engine we are using this to support VOIP.
So on 2921 router i created 6 sub interfaces for each vlan and assign them to their specfic vlans. Then I have trunk connection to switch 1. Now switch 1 connects to all other switches in the network. As our company design all layer 2 switches should be transparent mode. i tested them i can ping from one switch to all other switches.
Router vtp mode i set to transparent mode and from all switches i can ping the router sub interfaces.
View 4 Replies
View Related
Oct 2, 2012
I have a CISCO2921. I am not able to bring up its gi0/1 interface. It stays down down.
[URL]
I know that interface is not coming up because of "no media" below. Router#sh int gi0/1 | i media Auto Duplex, Auto Speed, media type is no media
I have tried media rj-45 and media sfp which have also not worked. The other end of this link is ethernet handoff. What is it that I have to do for the link to come up? If I change the connection to gi0/2, I think that will work because I see this for gi0/2:
Router#sh int gi0/2 | i media Auto Duplex, Auto Speed, media type is RJ45
View 10 Replies
View Related
Jun 10, 2012
configuring up a 2921 router for remote site which is fitted with 24 port Etherswitch module.As part of this setup I have defined 3 vlans on the router, but when I go onto etherswitch and for example set switchport access to access vlan 3 it is not aware of this vlan.Do I have to set up trunk inbetween Router and its etherswitch?Wish I had ordered seperate switch as it would have been easier or am I missing something.sho vlan-switch shows my vlans but on swicth sho vlan brief does not.
View 10 Replies
View Related
Oct 16, 2012
An interface on 2921 router is not coming up. When I shut/no shut the interface, I see this:
Router#sh log | i 0/2
Oct 17 08:55:06: %IP_VFR-7-FEATURE_DISABLE_IN: VFR(in) is manually disabled through CLI; VFR support for features that have internally enabled, will be made available only when VFR is enabled manually on interface GigabitEthernet0/2
Oct 17 09:00:35: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
[Code]...
View 3 Replies
View Related
Mar 21, 2012
This is for a short temporary time until I get cisco 3560s in place. I have a 2921 configured and it is connecting to an HP non managed non VLAN switch and I cant get any traffic to pass from my computer to the router (pings or anything). Here is brief configuration that should be enough. [code]
Here are my vlans 1-default, 2-management, 192-data, 92-voice, i believe its running rapid spanning tree protocol. Do i have to take off encapsulation on my data vlan to get it to work or make the data vlan default vlan for everything. I am lost as to why this is not working.
View 5 Replies
View Related
Sep 15, 2012
I have a 2921, and I have 4 network segments. In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.How can I do that?
View 7 Replies
View Related
May 28, 2012
Is it possible to configure a Cisco2951 and a Cisco2921 in HSRP?
View 1 Replies
View Related
Jun 30, 2012
I have a 2921 with 4 segments: [code] My DHCP server is 172.16.5.2 and I need to serve clients from 172.16.2.0/23 by MAC address and only to that segment.
View 2 Replies
View Related
Jul 16, 2012
got a RPS2300 with 4 cat3750g48ts on it (yeh I know - Cisco documentation allows only 2 of them ). What will happen if I connect an additional Cisco 2921 router?
View 0 Replies
View Related
Mar 8, 2012
I have a 2921 where I am shaping some traffic based on sub net on my lan. I have applied the shaping policy to the lan interface in the outgoing direction.
Topology is as follows:
ISP - ASA - ROUTER - LAN
Policy map:
Policy Map shape-lan
[code]....
I am seeing a lot of no-buffer drops on the policy and I am wondering what the best solution is to solve this:
Class-map: tc-class (match-any)
8730680 packets, 10803689863 bytes
5 minute offered rate 4453000 bps, drop rate 0 bps
[code]....
Should I just be increasing the queue-limit or should I be changing something else?
View 12 Replies
View Related
Jan 1, 2012
I have a 2921 router and want to use mpls feature. Right Now we are using c2900-universalk9-mz.SPA.151-4.M1 image but mpls static cross connect” is not working with this image. And will this image(c2900-universalk9-mz.SSA) be worked?
View 2 Replies
View Related
Oct 25, 2012
I can not find any information about management port of Cisco ISR 2911, 2921 and so on. There is management port in specification of 2911 and 2921 and I do not know if this port can be as a simple Ethernet port – forward traffic in/out on L3.
View 2 Replies
View Related
Oct 22, 2012
have a 2921 with 3 segments, let's say 172.16.0.1/24, 172.16.2.1/23 and 172.16.5.1/24
How can I browse for computers (in Network... Windows xp/7) from other segment?
View 7 Replies
View Related
Jun 9, 2012
On 2921, how do you quite service-module session and get back to the router?
View 3 Replies
View Related
Nov 9, 2012
I have a Cisco 2921 and a 3750 stack. I want to use both interfaces on the 2921 to connect to the 3750 stack switch 1 and 2. Is this possible using same ip subnet?
View 2 Replies
View Related
Feb 24, 2012
Now I have a 172.16.0.0/16 network with a def. gw. for internet where is a MS Forefront TMG 2010 with BSplitter for traffic shaping. I purchased an 2921, 2,5 GB RAM, security+data license and an EHWIC-D-8ESG.
I made 4 subnets in a test environment with some access-lists, nothing fancy yet. How can I use FF TMG for bandwidth management, where should I put it? For those 4 subnets the def. gw. is, normally, the 2921 router. TMG is splitting traffic by client IP.
View 1 Replies
View Related
Apr 4, 2013
I have a small network that i want to setup, i have 1 2900 router and i'd like to create subinterfaces for the internal. but more importantly i'd like to have the dsl modems connected to the router with traffic from one subinterface going through one modem and traffic from the other going through the other.
View 1 Replies
View Related
Feb 24, 2013
i have a question about multiple TACACS Groups. I want to archive the following:
A Cisco 888 is managed by me and a Provider Support Team. Since we both want to access our own TACACS Server, i want to create two TACACS Groups. Is it possible to me, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ? Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in V LAN 1.
The service technicians from the Provider are connecting to the external Interface or through a possible Lo. (another IP). I do not want to mix our 2 TACACS+ Server and theirs together in one Group. So have anybody tried this before ?
View 8 Replies
View Related
Aug 27, 2007
We have a customer that is relocating thier headquarters. They have a temporary requirement to bridge multiple vlans or a router T3 link to the new location as they cannot change the IP subnets. Setup is 3560 switch connecting to a 3845 then T3 to remote 3845 and 3560. I need to bridge multiple VLANs. I have seen a good example on how to do it over sonet but I don't see how to translate that to an HDLC or Frame Relay encapsulation for the T3 Link.
View 5 Replies
View Related
Oct 24, 2012
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies
View Related
Feb 15, 2013
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
View 20 Replies
View Related
Oct 23, 2012
I recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
ROUTER CONFIG
Building configuration...
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1
[Code].....
View 10 Replies
View Related
Dec 25, 2012
how to properly route multiple external IPs to internal ips assigned to several servers. Where I'm getting a bit lost is that I have two levels of routing - one from the outside into a comcast business class cable modem, which also creates its own internal network. Within that internal network, I have my RV180 router, which creates another separate internal network in which the servers live (don't want the servers to have access to other computers within the Comcast Modem's internal network). I want to map the external ips to servers within the RV180 second level network.
To diagram:
Comcast Cable Modem
/
RV180 Computer(s)
/
S1 S2
An internal IP is assigned to the RV180 router. Suppose it is 192.168.1.100.
The cable modem itself supports NAT as well. Do I use NAT twice (on both cable modem and RV180) to route the external IP to S1 and S2?
Or do I modify the routing table on the cable modem? Then use One to One NAT on the RV180 to map the external IPs directly to the internals?
View 2 Replies
View Related
