Cisco Switching/Routing :: 2951 - IP Access-group In Command Not Allowing DHCP
Feb 27, 2013
I have a Cisco 2951 Router and I am trying to set it up to use DHCP and for security purposes I need to use the "IP Access-Group in" command. The DHCP will not work when I have this command on the interface that I need to run it through, DHCP works fine when I do not have the "IP Access-Group in" command in the configuration. When I check the log after the failed DHCP attempt it shows up as denied, as if it's being blocked. The IOS I have is c2951-UNIVERSALK9-m 15.0 (1) M3. Conf Reg 0x2102.
I have a 3945 with a basic DHCP configuration applied to it. This 3945 is connected into one of the access ports of my nexus switch. I'd like to simply have the 3945 hand ip addresses out to other clients connected to the nexus switch. I have zero experience with nexus & haven't been able to turn much up through searching the net.
I'm trying to configure my C3550 with fast ethernet port 0/48 assigned to vlan 2 in static access mode and SVI vlan 2 configured as dhcp client.
But I see command ip address dhcp is not available on interface vlan 2:
Cat3550(config-if)#ip ad Cat3550(config-if)#ip address ? A.B.C.D IP address Cat3550(config-if)#ip address
Could it be a problem related to the version running on the equipment (see below the output of sh version command not sure of what EA1 stands for)? I read here [URL] that this command was introduced in version 12.1(2)T
If it is a version problem is there any possibility to download upgraded version for free?
Cat3550>sh ve Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(20)EA1, RELEASE
I am trying to find a command for dhcp snooping rate-limiting on a CatOS. The PFC card is PFC. PFC3B is said to support that command. But there seems no this command.
-6k> (enable) sh ver
WS-C6509-E Software, Version NmpSW: 8.4(5) Copyright (c) 1995-2005 by Cisco Systems NMP S/W compiled on Aug 3 2005, 13:26:46
I am wondering if it has its own DHCP router and if theres a command to enable it?Also Random side question. it hands out ip addresses to other devices (the 2950 im using infront of a router) but when I hook up another switch to this switch it doesnt initialize the port or try to connect? why.
i bought a cisco 2950 series switch to play around with and im trying to set it up to SSH. I have google'd a bit on how to do this and i've sort of hit a wall... i have downloaded the cryptographic image from cisco's website, installed a TFTP server (think this is where my issue lies) but when i do the copy tftp flash global command i keep getting the error accessing "xxxx" message.I have tried allowing the server through windows firewall, disabling windows firewall, allowing access through the router..
i am not able to apply an access-list to FastEthernet 0 as the ip access-group is not supported in Interface mode but only in interface vlan mode.How can I stop traffic into the LAN network?
We recently purchased the Cisco Router 2951 router with the IOS 15.0. I have tried to put in my VIC2-4FXO card in it. When I did show invetery, it detected the card.[code] When I tried to configure the voice port by typing voice port, it shows % Invalid input detected at '^' marker. I have tried to reset the cad and replace with another one.
I am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work.
I configure HSRP on Router 2951 as a primary router, and Router 2811 as backup router. But when I am switching off my Primary router the backup router is taking 2 mins to take over form primary router.
on-plus see the device and allows CPE( imbedded) to start then never opens,,,tried genera connection and used that address supplied to open CCP no discovery.also seems onplus doesn't see a service contract or firmware, etc
I'm trying to set up a 2951 with a 24 port switch module. I want the ports to act similiarly to the ports on an 881 router - where I assign the VLANs on the router and I set the VLANs to the switchport interfaces.I would like to be able to create the VLANs on the router portion of the 2951 and then, enter the switch module and configure the Ports to the VLANs but, how do I logically connect router to the switch? Is it an internal logical interface - meaning how are the VLANs getting from the router to the switch?
We have purchased a new 2951 router with IOS version 2951-universalk9-mz.SPA.150-1 and we would like to upgrade to c2951-universalk9-mz.SPA.152-2.T.bin.
My company is doing an nationwide upgrade of it's leased 2951 routers. For security sake I need to wipe everyone of them before being sending them back to the leasing company. I would like to somehow boot to a USB drive and call it a day.
And I would like to ask some opinion on the best configuration for the above layout:
1. Configuration #1 - Using load sharing and automatic failover So I want to ask whether there's any link/url that provides details/guides on how to setup the load sharing and failover?
2. Configuration #2 - Workstations 1 - 35 will be routed through Line01 gateway and workstations 36 - 70 will be routed through Line02 As for this configuration, it's done now. However, I want to know whether there's any software (preferred web based application which allows me to change the gateway from line #1 to line #2 for all 70 computers instead of having to go to each workstation to update the gateway).
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
I recently saw it for a good price online, and required a new router (had a netgear that died, and my backup was a really buggy Belkin which I'm currently using).I'm having an issue with the internet, in that when I connect my ADSL modem to the WAN port it seems to work fine, however the PC can't connect to the internet. When I go into the settings it says that the WAN connection is OK and even shows my external IP. I have it set via the stardard DHCP setup.Should I have done anything specific to my ADSL modem before plugging it into the RV180W? The Modem (D-Link 320B) also has a DHCP server on it, however I assume that this causes no issues when connected to the RV180W.
i have to Bridge the AP to VLAN1 which has the DHCP pool. For some reason when I try to do this from iOS console it tells me that gig0 is not a bridgable interface. I am newb to Cisco iOS (24 hours new ). I got the Cisco Configuration Professional working and would like to fix my issue through there if possible? why my AP wont get anything but APIPA addresses?
version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
we've an infrastructure were the Access is based on Cat3750G Stacks connected to both Cores using L3 connections.On the Access Switches are implemented the following features DHCP Snooping, IP Source Guard and Dynamic ARP Inspection and all is working fine since years...the DHCP Servers are on a dedicated stack which act as a SFarm.
On the Access Switches the port configuration is the following:the Uplink Ports to both of the Cores are configured in TRUST for DHCP Snooping and ARP Inspection the Access Ports, where the end-device are connected, are UNTRUST for DHCP and ARP Inspection with IP Source Guard Active Right now I've to add a new L2 switch on one of the Access Port and I'm wondering if this is possible since I've to keep on the Stack Access Ports all the security feature active and I've also to implement DHCP Snooping on the new L2 switch to avoid rouge DHCP Server...
I suppose that the uplink to the L2 switch on the Stack Access Switch should be left as it is connected to an end device...but the uplink port on the L2 switch should be set up as TRUST...isn'it? Keeping in mind that I want to implement DHCP Snooping also on this L2 switch to avoid that Rogue DHCP Servers will impact the end-device connected to this L2 switch...is this scenario possible??? or I can't do that and should leave DHCP Snooping only on the Access Stack.
I'm using a 2601X router connecting to a broadband connections. The following NAT connections is working but I need to do NAT exemptions to set up my VPN appliance on the DMZ. I see a lot of documentation on how to use a pool of public addresses to do that, but I only have the one dhcp address from my isp.
! boot system flash:c2600-adventerprisek9-mz.124-25d.bin ! ! ! interface FastEthernet0/0
I have removed an embbedded service engine modole from an 2951 router, after reboot the rouiter. the service engine interface still appears; any command can I use to completely remove it.
I am using 3560.IP rouitng is being turned off on this.Curious to know if I will create etherchannel or port channel.I think etherchannel.Correct me if I am wrong.On connecting switches I have vlan10,20,30 to be allowed.I am sure I need to allow these all vlan in 10,20,30 which are on the trunk port on each side switch.Post that will add channel-port lacp and make it in active mode.Is that correct.This way traffic will be load-balanced/aggregated on minimum 2 ports who are the part of this.
Im facing with some DHCP lease issue and its like this,Our Cisco 2951 edge router is configured with local dhcp pool for a set of remote users when they connect through Cisco VPN which was working fine until we planned to change it to a Windows box that is configured for DHCP.The basic idea now is to relay the DHCP requests that are coming from the remote clients through Cisco VPN to the DHCP Windows server. So we added the scope on the server and changed the client config on the router as follows (highlighted is the dhcp relay config). [code]
On the Cisco forums, an example is shown for how to configure BVI and bridge-groups on an ASR1004 but the same command (bridge-group) is not available under the interface on our ASR routers. We are running version of code: asr1000rp1-advipservicesk9.03.06.00.S.152-2.S.bin
