Cisco Switching/Routing :: 3350 - Network Based Application Fails To Open During The Day
Jan 21, 2013
I work at a hospital and one of our department uses specialized software created by Varian Medical Systems. It has been brought to my attention that one of those applications has trouble opening during the day. I had the users demonstrate the issue and from what they explained to they are supposed to be able to open the application, log in, and be presented with a list of radiology images to choose from. Unfortunately, during the day this fails often and they have to try 3 or 4 times before it actually works. It behaves differently after 4 pm, and seems to work after the 1st or 2nd time at that time of the day. According to what I've been told this has been an issue as long as they can remember.
Varian has told me that they have done a number of things on their side to rule out their software and they think it is a network issue. We used Solar winds Engineer's Tool set (specifically the Network Performance Monitor) to monitor their switch and it is reporting no errors and the utilization graphs show that the ports involved have very little utilization. The most heavily utilized port is hovering between 10 and 5 person (Fa0/40). I've included a network diagram, but basically we have 1 10/100 Cisco 3350 switch (c3550-ipservices-mz.122-25.SEB4.bin), 4 clients, and 2 servers involved. They all are connected to the same switch at A-Full/A-100mbps. Although the Network Performance Monitor doesn't show any errors or over utilizaton of the ports in the the CLI I do see 35 output buffer failures and 35 under runs on the port connected to one of the servers (Fa0/40). They were a little higher and I cleared them about two weeks ago and then rebooted the switch, because I found that it could alleviate these types of errors.
They say the software use ports 5000, 55000, 55010, and 55020. We tried a packet capture, but I didn't have enough experience/knowledge to get anything useful out of it. I also checked the event logs on the clients and servers and nothing there indicates a issue in the software. They want us to replace the switch with a gigabit switch, but we have a REALLY limited budget and I would rather not if it isn't necessary. What I could try in order to rule out the network?
View 4 Replies
ADVERTISEMENT
Jun 2, 2011
I have been trying to addACE20-MOD-K9 in ANM 4.2 (0) but when I try to import it times out and I get
""Failed to import ACE configuration: Device discovery failed: Connection timed out.""
I have double-checked credentialn and access rules on the module and they seem OK. I am trying to add the module with the Admin credentials and ssh/telnet access is permited.
Is this the right way or I'm missing something. Module version is A2(3.2a)
View 5 Replies
View Related
Mar 18, 2013
Recently had an external security scan done on my DIR 655 and scan results are stating I have an accessible TFTP Server running. i've been through all the settings, and even upgraded to the latest firmware. Yet security scans are telling me I've got a TFTP Server running. Why would one be showing on the external interface, and how can I stop it?
View 7 Replies
View Related
Oct 18, 2011
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
View 5 Replies
View Related
May 31, 2013
I have a problem accessing my wireless router through VLAN sub-interface on my Cisco 1841 router. My hardware:
Cisco Catalyst 2960 switch (192.168.100.4 /24)
Cisco Catalyst 3550 switch (192.168.100.6 /24)
Cisco 1841 router (192.168.100.7 /24)
Asus RT N66U wireless router (192.168.100.2 /24)
Here's my network topology:
I have two VLANs - 10 and 20. 2 DHCP pools are configured on 2 1841's interfaces - 192.168.1.0 /25 and 192.168.1.128/26 with default router sitting on 192.168.1.1 and 192.168.1.129 respectively. No issues with obtaining IP address from any of those pools.Laptop connects to L3 3550 switch (switchport access vlan 10), which, in turn, connects to 1841 router through trunk (with VLANs 10 and 20 allowed).3550 is connected to 2960 through trunk with VLANs 10 and 20 allowed.Wireless router is connected to 2960.I can successfully ping my wireless router and outside world from 1841 from fa0/1 interface, but not from fa0/1.10 or fa0/1.20 sub-interfaces - all packets got dropped. My laptop can obtain IP from both pools (depending on port I connect it to), but can't ping my wireless router and anything beyond it.
I attach my configs:Cisco Catalyst 3550:interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport port-security mac-address sticky speed 100!interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk!interface FastEthernet0/3 switchport access vlan 10 switchport mode access!interface FastEthernet0/4 switchport access vlan 20 switchport mode access!Cisco 1841:
ip dhcp pool Vlan10DHCP network 192.168.1.0 255.255.255.128 default-router 192.168.1.1 dns-server 208.67.220.220 domain-name home.local
!ip dhcp pool Vlan20DHCP network 192.168.1.128 255.255.255.192 default-router 192.168.1.129 dns-server 208.67.220.220 lease 0 12
interface FastEthernet0/1 ip address 192.168.100.7 255.255.255.0 duplex auto speed auto!interface FastEthernet0/1.10 description VLAN10 Sub Interface encapsulation dot1Q 10 ip address 192.168.1.1 255.255.255.128!interface FastEthernet0/1.20 description VLAN20 Sub Interface encapsulation dot1Q 20 ip address 192.168.1.129 255.255.255.192!
Routing table on 1841:
[code]....
View 19 Replies
View Related
Apr 19, 2012
Cisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies
View Related
Feb 26, 2012
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
View 3 Replies
View Related
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Oct 17, 2011
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
View 5 Replies
View Related
Jan 28, 2013
In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
View 16 Replies
View Related
Apr 17, 2012
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
View 16 Replies
View Related
Sep 5, 2012
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
View 10 Replies
View Related
May 10, 2012
I have problem while implementing policy based routing with a firewall. Let me explain in detail.
I have 2 remote site(Site A-small , Site B - Big) , Site B is connected with HQ with Tunnels 1 and 2 , Site B and Site A is connected with Tunnel 9941.
What I want is: Scenirio for Communication :
1)Site A--------->VPN Router Site B-----------> FW-------------->VPN Router Site B------------------>Central Site
2)Central Site--------->VPN Router Site B-----------> FW---------->VPN Router Site B-------------->Site A
3)Site B--------->FW-------------------->VPN Router Site B------>Central Site
4)Central Site--------->VPN Router Site B-------------------->FW------>Site B
5)Site A--------->VPN Router Site B-----------> Site B(no firewall)
6)Site B--------->VPN Router Site B-----------> Site A(no firewall)
Tunnel 1: 10.13.199.1-2
Tunnel 2: 10.13.199.1-2
Tunnel9941: 172.22.99.1-2
Site A LAN- 10.99.41.0/24
Site B LAN- 10.99.0.0/16
Central LAN - 10.18.0.0/16
View 4 Replies
View Related
Mar 4, 2012
I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.Currently set my default static route 0.0.0.0 0.0.0.0 10.1.18.71 to my Firewall A Currently all of the VLAN for will be routed to 10.1.18.71
I've created a new VLAN 2 for my 10.1.2.0/24 network with the VLAN interface 2 ip address 10.1.2.10, my intention is to route 10.1.2.0/24 traffic to my 10.1.2.1 by creating the access list and route-map.
I've configure my test pc with a static ip and my gateway pointing to 10.1.2.10 (VLAN 2 gateway) , i'm not able to route to 10.1.2.1.
View 7 Replies
View Related
Mar 11, 2012
I am having a problem with PBR done on a 7604-S router - It seems like it is not done in harware. I have an Iperf client and an Iperf server, and would like to test the performance of 7600 router for PBR, supervisor is RSP720-3C-G and used interface card is 7600-ES20-GE3C ESM20G.
I have read numerous discussions about PBR that is supposed to happen in hardware when you use it with matching access-list and set ip next-hop.Although, when I start the iperf, the 7600 cpu is hitting the 80-90 % boundary, and transfer bandwidth can't go over 120-130 Mbit/s.The IP Policy is applied on an interface part of vrf ONE maybe this is casing the problem... ?
The diagram and configuration follows:
Configuration:
c7604#sh run
boot system flash disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin
!
ip vrf one
[Code]...
View 8 Replies
View Related
Jan 8, 2012
I've been implementing a setup where a remote office has a Cisco 1900 router. There are 2 GRE/ IP SEC tunnels to the headquarters, 1 over public internet, 1 over a private cloud. Because of some MTU issues we have to clear the DF bit for some of the traffic, but we also want to use PBR to send https traffic over the "public internet" tunnel and the rest of the traffic over the "private cloud" tunnel. I'm able to clear the DF bit and to do the PBR with route-maps, but I'm not able to implement both functionality at the same time.
View 1 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Mar 13, 2013
I dont understadn how this works but basically I have enabled dhcp or so I thought bu clients dont get a lease. The vlan does but clients connecting to the switchports attached to the vlan do not get a lease and cant connect to anything. If I static the ip or use my server to issue dhcp then it's fine still some issues since I am cluceless but I dont understand what I have to do to get dhcp to work on the fa0-3 ports.
Router#sh running-config
Building configuration...
Current configuration : 1015 bytes
!
[Code]......
View 2 Replies
View Related
Dec 2, 2012
I have 2 ISP connected to Router A and Router B.Both the routers are connected to the core 3750 switch.. I want to send the traffic from the switch that goes to router A to router B..[code]
View 10 Replies
View Related
Mar 6, 2012
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies
View Related
Apr 3, 2012
I have 2 basic questions I am having doubts about it and would love to have some clarifications:
1) I configure in one ACE4710 (running 4.2.2) context a bridged interface and in another context the same interface, like here below : [code] Then I move to the Juniper context and I try to create an interface (either L-2 or L-3) but it doesn’t work: [code] So if I configure an interface as bridged in one Context, I cannot configure it in another context??
2) If I want to migrate in context Microsoft from One-armed to inline (L-2 bridged), can I migrate one service at the time ( I.e. the config i showed above for context Microsoft, would it work also for one-armed based???)
View 1 Replies
View Related
Jul 23, 2012
We have ACE 4710, It is configured with IP based stickiness and working fine for a web application server (BMC Remedy). We tried configuring cookie based stickiness for the same server. Server application is having JSESSIONID.But after configuring cookie based stickiness, there is an issue that the first page is coming for entering login credentials and after entering it the page is blank or not responding. What is the pre-requirement for configuring cookie based stickiness in ACE for BMC Remedy web application and which type of cookie based stickiness is suitable or possible?
View 8 Replies
View Related
Jul 5, 2011
I have a requirement to select a farm based on source IP address. I tried creating a match all class-map that matches on the virtual-address and source address but I get this message.LB01/Admin(config-cmap)# match source-address x.x.x.75 255.255.255.255 Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type To me this is the only place where it makes sense to set the source match criteria.
View 2 Replies
View Related
Nov 15, 2011
I am trying to configure ACE 4710 to load balance base on the URL, If it matches the specific URL ( /456/ ), the traffic will be sent to server farm 456 else the traffic will be sent to server farm 123.
I attached an image of the topology.
Ace Config:
rserver host SRV01_123
ip address 192.168.1.101
inservice
[Code].....
View 4 Replies
View Related
Oct 29, 2012
i don't know why cu need this feature, he want stickiness based on source ip and source port. Does CSS 11500 support stickiness based on source IP and source port?or is there any other method to support stickness based on source ip and sourceport?
View 12 Replies
View Related
Nov 29, 2011
I recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
lb-1# show run service sunbird-http-7025-test
!************************** SERVICE **************************
service sunbird-http-7025-test
port 7025
ip address 141.211.229.168
[code].....
View 2 Replies
View Related
Oct 14, 2012
I've done a lot of ACE work over the years but this is the first time this has ever come up.
I have a request from an application group where I have 3 rserver in the server farm but they want all traffic to only go to the first server unless that server fails. If the first server fails, only then do they want traffic to go to the 2nd server instead and if that fails, then traffic goes to the 3rd.
I've read through the documentation but haven't figured out a way to do this. What to do this type of failover configuration?
View 4 Replies
View Related
Jan 18, 2012
How do I...add a dos based computer to a network running windows 2003
View 1 Replies
View Related
Feb 3, 2010
We've been mocking up a test lab to test VSS on two 6500's. Each 6500 has one sup720 and a 6708-10ge blade and we've established the two 10ge links between the two chassis; the first from the each chassis' sup and the second from each 6708.My question is, what happens when the supervisor fails on one of the chassis?
View 10 Replies
View Related
Aug 30, 2012
Just checking if any switch reset after one PS failure (configured in default redundant mode). No crash file has been generated. Switch is running IOS 12.2(44)SG and PWR-C45-1400AC. After the switch went online we found that PS1 has gone bad. Haven't found any bug in the tool kit. [code]
View 5 Replies
View Related
Apr 23, 2012
The 3750-12S-S comes with IP based IOS. I know it is possible to upgrade the IOS on a 3750X-48P-L from LAN based to IP based IOS. However, can the IOS on the 12-S be downgraded to the LAN based IOS?
View 2 Replies
View Related
Apr 9, 2012
I would like to configure few routings on my Cisco router 871 in order to allow my employees to have access only to specific websites.However, since some websites have dynamic IPs propably the route that I will create will not work.
My question is, can I configure a route or is there any other way to configure this permission based on the hostname/domain? For example, if I want to permit access to this website www.surveymonkey.com (75.98.93.51) instead of configuring:
ip route 75.98.93.51 255.255.255.255 192.168.10.250
is there any way to configure based on the url.. in order to be able to recognise this host correctly??
View 2 Replies
View Related
Nov 18, 2012
in my simple network setup, I cannot resolve DNS queries from inside my NATted network. On the router I can ping both IP-addresses and names. Ping from the local machine works for IP-Adresses but not for names. When doing nslookup, addresses are not found and a SERVFAIL message is returned. I use a Cisco ISR 861 Router to connect our local LAN to the Internet (The WAN of the 861 is connected to another DHCP/NAT-Router, which in turn connects to the ISP-Modem). Addresses in the local LAN are DHCP-distributed, the DNS-Servers from my ISP are configured on the Router and the DNS-Information is distributed correctly to my local LAN machines (as I can verify by doing nslookup on Linux).
View 21 Replies
View Related
