Cisco Switching/Routing :: 3620 - Increased CPU Due To Firewall
Jun 20, 2012
I came across a interesting symptom. Refer to the following topology.
host 1 <-> R1 <-> R2 <-> FW<-> host2
host 1 is configured to send syslog to host2, however due to firewall ACL is not configured, this has caused a spike to 99% in R1 which already has 70% - 80% cpu.
My questions are :
1) Even if the firewall is sending RST back to host 1, it should not caused an 20% cpu increase in R1 cpu. Why this is so? Router model is 3620.
2) How do i prevent this from happening in future? This could potentially allow someone to send random traffic to hosts and cause network performance issue. Is there a way to turn off the RST response from the Firewall? This is an Cisco ASA.
View 1 Replies
ADVERTISEMENT
May 6, 2012
I just needed more insite into the function of the ip tcp adjust-mss command which can be used to adjust the MSS value in the tcp syn packet which passes that interface. But here is a question which I had. Consider that i have two sets of systems in my LAN one with an MTU value of 1300 ( MSS 1260 ) and with a MTU of 1500 ( MSS -1460 ). If I go ahead and put an ip tcp adjust-mss 1456 (for reducing the packet size from 1500 to 1496) on the WAN . Does the command only lower the MSS for the set of systems which have 1460 or will it also increase the MSS in the tcp syn packets send by systems with MSS of 1260 ( which can potentially break some communication ).
View 1 Replies
View Related
Feb 7, 2012
I have a Cisco 3620 router and I am trying to get internet access. My isp is comcast. All modem lights seem to be operational. But I do not have internet access. I can ping anything other then the router and I am on a home network.
View 47 Replies
View Related
Mar 28, 2012
I am have a little trouble setting up my home lab. I have a 3620 with two ethernet ports and a 3640 with four ethernet ports. I also have a 3500XL switch that I am using to connect the two together, but I can't seem to get each one to ping.
Here are my configs:
3500XL
3500XL-BottomSwitch#show run
Building configuration...
Current configuration:
!
version 12.0
[Code]......
View 14 Replies
View Related
Nov 1, 2011
I just finished setting up a bundle of (2) T1's in a multilink bundle and I'm having issues with one of the T1's not wanting to join the bundle.
The router I'm using on the remote office location is a 3620 router running code c3620-i-mz.121-1c.bin
The campus router which is a 7206 is setup the same exact way with multilink 240 and like I've said, serial 0/0 is joined to the bundle just fine, so we are running off one T1 connection.
The serial interface that is not working is: serial 0/1
Here is a show-run:
interface Multilink240
ip address 172.18.xxx.xxx 255.255.255.252
ip route-cache flow
ip ospf network point-to-point
service-policy output PhonesFirst
ppp multilink
[code].....
View 3 Replies
View Related
Mar 24, 2013
I have started to notice an increase in traffic from all my LAN workstations to the multicast address of 224.0.1.20, all with the same destination port (79). IANA shows this address as reserved for "experimental testing". Are there any typical applications or protocols that use this multicast address? My first thought was malware running on the hosts but it's a little tricky to prove.
View 5 Replies
View Related
Nov 1, 2012
We had 1.5 Mbps, but we just upgraded to 8 Mbps. Right away we noticed that we couldn't connect to the Playstation network on the PS3, and loading Google would take several tries. In some cases you couldn't even refresh the page to load Google, you would have to open a new tab. We would have bursts of good speeds from online speed tests, ranging from 8.6Mbps down to not being able to load the test, and everything in between. urls... live in Wisconsin and my ISP is Centurylink (formerly Centurytel), a technician came over yesterday and checked our box outside and inside and said that it was our Margin (db), if I remember correctly. Here is the info from my router: [code] The technician ended up lowering our speed to 6 Mbps, and said that everything looked good, and left. The Margin (db) was at 7.3 inside and 9.7 outside before he lowered it, and he thought that if we could hit 10, we would be fine. If that's the case then it seems like the margin is not the problem. If we are using too much speed could we set QoS on a router (would need a different router) to limit the bandwidth?
View 3 Replies
View Related
Mar 7, 2013
i just increased my band width from my provider to 50 down ..3 up ..I can get almost the 3 up while connected to my d link but only about 2.5 down ..when i bypass my d link i get mid 40's down and 2.8 up .. for some reason my d link is slowing down my speed . I have a DIR825 hardwear B1 Ferm wear 2.07 NA
View 5 Replies
View Related
Sep 10, 2012
Is it possible to bond two T1 lines for increased throughput and for possible failover situations? I currently have the second T1 as just a fail over.
View 3 Replies
View Related
Feb 7, 2013
A short while ago, I had my data backed up onto a new HDD, as the old one was showing signs of failing soon. When I got the computer back, I noticed a problem where I need to constantly hit "Diagnose" in the Wireless Network Connection Status to get my internet working again. When it gets into this stage, several websites continue to work, I don't lose my connection to them. Some websites I can still connect to without a problem. However, many websites, even google, keep giving an error that the host could not be found. It appears that it stops accepting new connections until I reset the wireless card. My Laptop (using wireless) and other PC (Connected directly) have had no issues at all with our wireless router.
View 4 Replies
View Related
Jan 21, 2012
Have been experiencing speeds of max 2.5 Mbps for transferring files between Windows 7 machines connected wirelessly to a Billion 800VGT router. A speed of maximum 18 Mbps was achieved. No matter what I did to adaptor settings it was the best possible. Have 6 wireless machines which I cross checked multiple times using Lan Speed Test by Totusoft.I then disabled the wireless security (WPA-PSK) on my Billion 800VGT router and secured the network by using the Wireless MAC address filter. My speed immediately increased to 11Mbps between wireless machines. Speeds to machines on fixed lan increased to 26 Mbps.
View 1 Replies
View Related
Feb 20, 2013
Some network pros have setup our Cisco 3620 many years back during implementation.
I've just added a new server, with new ip, wanted to change the ip of ip nat translation in this router.
I did a show run, the config is this;
interface FastEthernet0/0
ip address 57.31.132.116 255.255.255.240
no ip redirects
[Code]......
View 5 Replies
View Related
Mar 10, 2007
I have several cisco 3620 being used for PPPoE connections. I want to generate MRTG of the connections. Would anyone have the snmp OID to monitor the number of users?
View 11 Replies
View Related
Feb 1, 2011
Any example of router config for a terminal server.In fact I need a configuration for a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example,modems or console ports on routers or switches.With this router I would like to use a reverse telnet to connect with my devices using the serial connection.I find many examples on the Cisco web site but none with my router hardware configuration.My router is a 3620 router with a 8 port async (NM-8A/S) network module and I would like to use the 8 serial interfaces, each of them connecting a serial device.
Here is the show run and show ver :Router#show ver Cisco Internet work Operating System Software IOS (tm) 3600 Software (C3620-I-M), Version 12.3(25), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2008 by Cisco Systems, Inc.Compiled Mon 28-Jan-08 20:16 by alnguyen
ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router up time is 1 minute System returned to ROM by reload System image file is "flash:c3620-i-mz.123-25.bin"
[Code]...
View 1 Replies
View Related
Oct 31, 2011
Cannot get on internet. Loaded Windows XP on Acer Aspire 3620. I think the laptop was dropped. Try to get it onto the internet and use the computer primarily to check my e-mail and chat.
View 2 Replies
View Related
Oct 25, 2012
I have an acer aspire 3630 and i recently got it, so i decided to update all drivers and i stupidly didn't do a back up now the wifi isnt working, i tried uninstalling the cards, and tried doing what this thread saidi even tried installing all the drivers i could find (broodcom, foxconn, the drivers from the acer site) and nothing is working, my wifi light next to the switch keeps flashing on and off.
View 7 Replies
View Related
Jul 27, 2006
I config my E0/0 Interface with "ip ospf network non-broadcast" command, I want this interface to use uni cast to hello neighbor.
As I issue "neighbor x.x.x.x" under ospf process, it told me that: OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint networks. I am sure that there are no any typo, and show ip ospf interface e0/0 says it's been an NBMA interface, so what's wrong with this router?
IOS information:
(C3620-J1S3-M), Version 12.3(18), RELEASE SOFTWARE (fc3)
View 7 Replies
View Related
Jul 24, 2012
Since two weeks I have a problem with the VLANs who I started to configure. I hope together we find the way.I have 5 VLANS configured in a CISCO 3560G switch. In my windows server 2003 I configured DHCP scope for each VLAN.One of the requirement to connect vlans each other is to put the IP of each vlan as gateway in the clients.So, how can I do to access to internet?. The ip of my Firewall are in one of the VLAN´s.When the configuration of the LAN only had one DHCP scope the gateway was the ip of my firewall. But now i don´t know how to configure the DHCP server, or the firewall, or the switch, or all of them To get access to internet.
View 2 Replies
View Related
May 10, 2012
I have problem while implementing policy based routing with a firewall. Let me explain in detail.
I have 2 remote site(Site A-small , Site B - Big) , Site B is connected with HQ with Tunnels 1 and 2 , Site B and Site A is connected with Tunnel 9941.
What I want is: Scenirio for Communication :
1)Site A--------->VPN Router Site B-----------> FW-------------->VPN Router Site B------------------>Central Site
2)Central Site--------->VPN Router Site B-----------> FW---------->VPN Router Site B-------------->Site A
3)Site B--------->FW-------------------->VPN Router Site B------>Central Site
4)Central Site--------->VPN Router Site B-------------------->FW------>Site B
5)Site A--------->VPN Router Site B-----------> Site B(no firewall)
6)Site B--------->VPN Router Site B-----------> Site A(no firewall)
Tunnel 1: 10.13.199.1-2
Tunnel 2: 10.13.199.1-2
Tunnel9941: 172.22.99.1-2
Site A LAN- 10.99.41.0/24
Site B LAN- 10.99.0.0/16
Central LAN - 10.18.0.0/16
View 4 Replies
View Related
May 3, 2012
I have the rv042 vpn router which is the main gateway for our internet, connected to the vpn is one server for a software and then another computer is connected for a web server software, well i need to get these setup like so
Setup firewall rules that will block all inbound Internet access to the web server except port 443Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702These must be on two different internal networks
View 2 Replies
View Related
Feb 26, 2013
We purchased a cisco 1921 router to replace a software firwall not long ago. The router was sold as a firewall with the suggestion that an ASA would be unnecessary.Unfortunately a router does not replace/do the jobs a firewall does, so I looked online and noticed that Cisco do offer firweall security features in one of their IOS.How do I tell if this is implemented on my router?If not, does my IOS support this, or do I need to buy an extension/another version of the IOS?,The version of the IOS I have is: c1900-universalk9-mz.SPA.151-4.M4.bin.
View 3 Replies
View Related
May 6, 2013
I want to use 4506 to track link 1 so that if it fail the traffic will use link 2 to go to ASA firewall. Switch_1 and Switch_2 is configured to use VRRP where Switch_1 is the primary.Current configuration (which im not sure about it):Switch_1track 1 interface gigabitethernet2/3 line protocol.
View 4 Replies
View Related
Mar 8, 2013
I have a Cisco 2811 router and i want to experiment on the IOS firewall.The thing is, none of the commands that are proposed in online guides - like ip inspect, ip audit, etc. - seem to be working. I just get "unrecognized command" on a router that is supposed to support such features. I'm wondering if it has something to do with the IOS image.
My show version output is this:
Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.3(11)T9, RELEASE SOFTWARE (fc3)
Technical Support: [URL]
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 13-Dec-05 08:24 by ccai
[code]....
View 5 Replies
View Related
Nov 3, 2012
My book says there are two types of firewall supported on cisci ios routers:
Classic cisco ios firewall
Zone-based policy firewall.
zone-based policy firewall with configurations ?
What kind of firewall is supported on Cisco PIX 515E ? Is it Classic CIsco ios firewall or Zone-based policy firewall ?
View 3 Replies
View Related
Feb 19, 2012
WAN1 <-> LAN traffic
WAN2 <-> LAN traffic
WAN1 <-> WAN2 traffic?
Say, it is set DISABLED, what is / isn't blocked?
It reads: Multicast Pass Through IP Multicasting occurs when a single data transmission is sent to multiple recipients at the same time. Using this feature, the Router allows IP multicast packets to be forwarded to the appropriate computers.
View 1 Replies
View Related
Apr 18, 2012
I have a 1921 K9 with a 4 port 10/100/1000 EHWIC switch.
Interface 0/1 = 192.168.1.0
EHWIC = 192.168.5.0
I have Active Directory setup on the 192.168.1.0 network. When I attempt to join the domain from 192.168.5.0 it joins but I get errors. After some troubleshooting using portqry I have found that the services related to class map DomainTrafficUDP are being reported by portqry as being filtered regardless of policy map settings (currently set to allow).
Building configuration...
Current configuration : 18833 bytes
!
! Last configuration change at 11:20:25 NewYork Thu Apr 19 2012 by dave
! NVRAM config last updated at 13:56:45 NewYork Wed Apr 18 2012 by dave
!
[Code].....
View 2 Replies
View Related
Jun 19, 2012
I have to put an ACL Firewall in front of a public IP range.There's no routing so I want to do it with a transparent layer 2 Firewall. I found this document which descibes exactly that feature I need: [URL]
It seems to be a feature introduced in IOS 12.3.
My Questions:
1.) is it possible use this transparent firewall feature with the 3750 Switch instead of a "normal" IOS-Based router?
2.) I've seen there is no IOS 12.3 for the 3750 but rather 12.2 (currently installed) or 15.0.1. Is this Feature included in 15.0.1?
If the feature described above is not available, is there any other way to achieve my goal?
View 1 Replies
View Related
Jan 27, 2013
We have a new backbone in our LAN with two C3750X-24S 15.0(1)SE3. Since we change the model of our equipment we can't update NTP on this two switches.We try to update NTP with two firewall Juniper SSG-140 in version 6.3.0r12.0. The two switchs never arive to associate with firewall (we try with the comme ntp server and ntp peer)
So we configure ntp server on our distribution servers switchs (one 4900 12.2(54)SG and one stack of 3750G and 3750E 12.2(50)SE5). They have no problem to update NTP on the firewal.So we change our configuration ntp server on the backbone and we try to update it with the distributions servers switchs. With the command ntp server it doesn't work. With the commande ntp peer it works but not everytime. The core switchs are in "synchronized" state then "unsynchronized" then "synchronized" etc...When they are in "unsynchronized" state there is "x falseticker" raison behind the IP of the ntp peer.
Is it an IOS version problem on our core switch?
View 6 Replies
View Related
Nov 29, 2012
RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. How can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. When it is changed I would need to create interface VLAN 2 on 3560 Switches?
View 18 Replies
View Related
Apr 13, 2013
I have a 3750X four-switch stack acting as the core of a fairly simple LAN. All I need to achieve (and this seems inordinately hard, but it is entirely likely that I'm just being dense) is to get access to the internet through my core switch, through the firewall and out through my VSAT. I've spoken at some length with the firewall providers (Cyberoam) and they tell me all I need to do when I migrate onto my new system (Cyberoam is currently in place at the entrance to our existing LAN) is change the local IP address of the Firewall, plug in the new switch to the LAN port, and away I go. Tried that, didn't work, so obviously I'm missing something.
View 22 Replies
View Related
Nov 29, 2011
We currently have a HP blade platform which has two Cisco CBS30X0 switches built into it running Version 12.2(55)SE. These are connected to two Cisco C2960 aggregation switches running Version 12.2(44)SE6. According to this article I need to upgrade these to 12.2(25)FX: url...
1.)This will according to that article only allow me to create edge ports on them, is this a hardware limitation or am I just not finding what firmware I need to upgrade them to, in order to allow the creation of community VLANs? We have these aggregation switches conncted directly to multiple types of firewalls which take care of each of our clients networks including internet access etc. We are wasting many VLANs and IP addresses with our current setup so I am hoping to move over to using private VLANs. The setup of the private VLANs looks simple enough.
2.)When the private VLAN's try to communicate, all info will be sent directly to the layer 3 device I gather, which will not need to know anything about the private VLANs?
View 12 Replies
View Related
Mar 3, 2013
I'm having an issue accessing a clients router on the WAN interface with Cisco config pro. I can get CLI access with SSH without any issue. I have port 22 and 443 allowed as management access from my public IP - SSH working fine but config pro being refused connection, Possibly a certificate issue?
View 1 Replies
View Related
May 26, 2013
We have a setup of a firewall in between my Cisco 1841 router and Switch.
Cisco Router --> Meraki Firewall--> Switch
Client VPN is configured on the Meraki Firewall but then for the outside users to client vpn in to the network, I have to port forward or open the ports 500 and 4500 to the IP address of the Meraki Firewall 192.168.1.90. [code]
View 4 Replies
View Related
