And I would like to ask some opinion on the best configuration for the above layout:
1. Configuration #1 - Using load sharing and automatic failover So I want to ask whether there's any link/url that provides details/guides on how to setup the load sharing and failover?
2. Configuration #2 - Workstations 1 - 35 will be routed through Line01 gateway and workstations 36 - 70 will be routed through Line02 As for this configuration, it's done now. However, I want to know whether there's any software (preferred web based application which allows me to change the gateway from line #1 to line #2 for all 70 computers instead of having to go to each workstation to update the gateway).
I'm trying to configure policing and/or shaping on a setup of 2 x ASA 5505 Sec Plus. The units are placed in office A and office B and each have a ISP connection to the internet and a leased line with a capacity of 4/4 Mbit/s for interoffice communication.
On each ASA there's four subnets. VLAN 200 is used to connect the offices through the leased line.
I've read a lot of articles and posts about shaping and policing on the ASA but still can't get it to work like I wan't to. I'm trying to limit all traffic besides IP-telephony traffic to 3 Mbit/s and thus reserving 900 Kbit/s for voice traffic. I tried setting a service-policy on the linknet interface on each ASA and set Traffic match to Any traffic and QoS settings for both input and output.
I can see traffic passing the policy when I run the "show service-policy police" command but it never seems to be high enough to be policed which is strange since the ASDM monitoring shows that I'm pushing 3900 kbit/s. I file transfers verifies that policing does'nt work.
#sh run | inc user ! username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password ! #sh run | inc aaa ! aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common ! #sh run | begin line vty ! line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
I have the requirement to provide a Cisco Router with 3 x ADSL lines (768k) to increase the internet speed.PPP multilink is not supported from the ISP.
Is it possbile to distribute the traffic between this three ADSL lines?How can I configure this?
I have the following hardware configuration:
1 x CISCO1921-SEC/K9 2 x EHWIC-VA-DSL-B
The third ADSL line is connected over an ADSL modem at one fixed Router Gigabit interface.
What is the purpose of these default configuration lines? What do they mean? I can't find an explanation of them anywhere. I believe some are written to the config when FCoE is enabled..
I would like to know exactly what they are doing.
class-map type qos class-fcoe class-map type queuing class-fcoe match qos-group 1
I configure HSRP on Router 2951 as a primary router, and Router 2811 as backup router. But when I am switching off my Primary router the backup router is taking 2 mins to take over form primary router.
on-plus see the device and allows CPE( imbedded) to start then never opens,,,tried genera connection and used that address supplied to open CCP no discovery.also seems onplus doesn't see a service contract or firmware, etc
I'm trying to set up a 2951 with a 24 port switch module. I want the ports to act similiarly to the ports on an 881 router - where I assign the VLANs on the router and I set the VLANs to the switchport interfaces.I would like to be able to create the VLANs on the router portion of the 2951 and then, enter the switch module and configure the Ports to the VLANs but, how do I logically connect router to the switch? Is it an internal logical interface - meaning how are the VLANs getting from the router to the switch?
We have purchased a new 2951 router with IOS version 2951-universalk9-mz.SPA.150-1 and we would like to upgrade to c2951-universalk9-mz.SPA.152-2.T.bin.
My company is doing an nationwide upgrade of it's leased 2951 routers. For security sake I need to wipe everyone of them before being sending them back to the leasing company. I would like to somehow boot to a USB drive and call it a day.
I have removed an embbedded service engine modole from an 2951 router, after reboot the rouiter. the service engine interface still appears; any command can I use to completely remove it.
I have a Cisco 2951 Router and I am trying to set it up to use DHCP and for security purposes I need to use the "IP Access-Group in" command. The DHCP will not work when I have this command on the interface that I need to run it through, DHCP works fine when I do not have the "IP Access-Group in" command in the configuration. When I check the log after the failed DHCP attempt it shows up as denied, as if it's being blocked. The IOS I have is c2951-UNIVERSALK9-m 15.0 (1) M3. Conf Reg 0x2102.
Im planning to do a LAN for internet/file sharing and of course LAN game There are people that living far from each another like 1 mile away.... thats a problem.Cat5 Ethernet cables are not made for long distance connectivity ( 100 meters of length max, otherwise bad connection).So because i need a connectivity between pc's for long distance I can use Wireless, expensive, and because I prefer wired and I heard that there is a way to convert CAT5 cable into phone line, because phone lines can be used for long distance connectivity without problems.So I wonder if there is a way to do that LAN connectivity using phone lines.RJ45 to phone line, do they exist these adapters? if yes, will this work for me
Our work building currently has 2 separate DSL lines feeding into it, one on each end of the building. The reason for two lines was so each one would have its own bandwidth, thereby supporting more simultaneous users. There is a router connected to the DSL jack at each end of the building, broadcasting its own wireless network: let's call them Work 1 and Work 2.Is there any way for me to connect the Work 1 and Work 2 wireless networks, so that they appear to the end user as one contiguous network?
Obviously you do not want your cat6 lines running too close to your power lines especially when in parallel. The question though is how close can it be without causing interference?In my situation the wall I want to connect my main router to has a power outlet in the middle of it which honestly is where I would have preferred my network ports. Will I be OK if I run my cat6 in the wall channel directly next to the channel that contains the power line? It would be a standard U.S. interior wall residential power line. I should be able to get from 12 to 24 inches of distance between my cat6 and power line while still keeping my network outlet in a semi-central location.
I have a Cisco 2951 Router on which I configured routes for Zone-Based Firewall. I have a FTP server inside my network and I have allowed hosts from the internet to connect to it through the router. They, are however not able to connect or they are connecting but they cannot transfer files. I checked the logs on the router and the error message is as follows:
%FW-6-DROP_PKT: Dropping tcp session xx.xx.xx.xx:21 xx.xx.xx.xx:21766 on zone-pair ccp-zp-out-in class FTPInbound due to Invalid Seq# with ip ident 0
I have one of my customer have cisco 2951 Router with two ISP and two ADSL module .i already configure one ADSL module.rit now customer want secondISP ( ADSL) module configuration separate netwok because customer have Access pont they want connect directly to router is it possible
1st ISP already running but customer requirement 2nd ISP superate network with Access pont not redundancy
I have a cisco 2911 set up at one of my sites and it is configured with sub-interfaces as this provides a default gateway to each of the offices.I have just had a 100mb leased line put in and i have a couple of questions regarding the config.let me start by telling you how it is set up .I have 3 HP Procurve switches connected together then that connects to the Cisco and the Cisco connects to a Zywall
HP Switches > Cisco 2911 > Zywall > Internet
We are wanting to remove the Zywall and connect the Cisco to the Leased line box
HP Switches > Cisco 2911 > Leased Line > Internet
The config of the cisco is
G0/0 - is up but no cable connected as this holds the sub-interfaces G0/1 - Connects the Zywall - 192.168.1.1 (this has firewall rules to forward traffic through) G0/2 - Leased Line
The way i have configured the sub interfaces is with its own DHCP pool and default router, some of the offices have there own ADSL router and hold there own Internet connection and the default gateway for that is 192.168.xxx.253 and the offices that use the Cisco use default gateway of 192.168.xxx.254
Now my question is how would I move everyone onto the Leased line and get rid of the Zywall ? Would it be as simple as giving the leased line an address and put in a static route to forward all traffic through that connection ? Or am i missing a trick or 2.
I have remote access as I work at home on a government laptop that has Entrust( for security). My IP lapse time is set for 1 hour and every hour I am losing full connection due to having to sign back into Entrust. I need to be able to lenghten my lapse time on my work computer. My other two personal computers are fine with 1 hour as there is no Entrust on either of those laptops.....is it possible for me to change the lapse time to say 12 hours, 1 weeks, whatever??
my company has a 4mbps leased line from TTSL . we are getting 2 WAN IP and 2 LAN IP. in Addition we are also getting 12 additional IPs .-what is additional IP, their uses?-how are the 2 wan ips configured? & how they are distributed in network? -is 1 IP from the ISP sufficient if i have a 1:1 internet bandwidth connection?
I got following IP address from BSNL to configure Internet leased line.OFC cable was terminated at our premises. it has to connect Ethernet port.Say eg.Wan IP : 192.168.1.6 255.255.255.252Public address pool : 172.168.10.6 to 12if i configure one address on Ethernet port1 as nat outside 192.168.1.6 255.255.255.252.the ip address given for wan & pool are different.Then how can i configure pool and how to configure nat inside eg 185.168.10.1 to 255the above ip are not actual ips just given for example.
Leased line is between dammam to dubai and the dammam office is getting internet from dubai.The ip address of Dammam office is class A (Public IP) x.x.x.x and for dubai it is y.y.y.y which we are using as proxy for accessing internet.I purchase the local DSL direct line connection through cable from Local Provider and this ip address range is 192.168.1.0 - 192.168.1.254.Is it possible to use the DSL line as failover, so if one line goes down the user should remove proxy and can use local internet.The router which is using is cisco 1800.
I believe that failover is possible, 100%, but would like to know how I can do it and requesting for sharing more inputs about failover in this case.
