I have a question about ACLs on Cisco 3800 router. I tried to configure extended IP access-list. However, I couldn't add more rules into some of the ACLs when the number of rules increase to about 120 rules. These extended IP access-lists are assigned to gigabit ethernet interface and sub-interface (VLAN interface).
Is this caused by some kind of maximum number of rules supported?
I remember there is one command which can tell you which memory slot has how much big memory in Cisco 2800 or 3800. But at this moment, I just couldn't recall this command. I checked "show diag" but didn't see any information about memory.
View 9 Replies View RelatedI tried to clear monitor session on 6500 and keep on getting the following error:
%Another session parameters or permit-list is being configured %Please wait for another configuration to complete.
how i can go about clearing the monitor session.
I couldn't access internet with route specified i know the problem with the route or nat.i have 2911 router [code]
i could ping from lan Ip's to ISP1 and ISP2 gateway IPS. but when i ping to any site llike example gmail.com packet s not moving out to the ISP1 or ISP2 interfaces. [code]
Last week we had some forwarding issues with our cat 6509e VSS pair, wherby clients could ping the gateway but couldnt route through it! we identified this as being core 2 in the vss pair, yesterday we rebooted the 2nd switch and now the issue has been resolved.
View 4 Replies View Relatedi have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies View RelatedI would like to isolate my wlan from the remaining network but with two exceptions. First it sould be possible to print from all devices in the wlan and second... my notebook should not be isolated
Therefore I did the followning steps:
1. Create vlan
2.Set access rules
Basically I blocked any inter-vlan-routing from the wireless vlan. I allowed all traffic from the wireless address range to the printer's ip address. I allowed all traffic from the notebook's ip address to the private vlan.
3. Set a static DHCP entry for the notebook
4. Set an IP/MAC binding entry for the notebook
For some reason I can reach any ip address from any wireless device.
I'm trying to configure a Cisco 3800 with a WIC-2AM-V2 to do DDR. I've gotten it to work before, but it was a while and now the config doesn't seem to work. I'm using an Lo0 interface and ip unnumbered on the Dialer interface. Using debug dialer and debug ppp and see nothing at all trying to dial out.
##############################################################
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DDR
[code].....
I am trying to configure cisco 3800 as NTP server for all Juniper MX router clients. Purpose is to server the clock to all Juniper routers. But i m facing weird issue.. All Juniper routers are getting synch with Cisco 3800 but there is difference of 30 min between client and server time.
Cisco config
ntp authentication-key 100 md5 11201D00163B0C1E 7
ntp trusted-key 100
ntp source Loopback1
ntp master
end
I'm having a problem on which i cannot find an answer. I have a VPN router 3800 series (DMVPN) with 2 VRF on it, we also use dual Nat to reach our data center behind the 3800 series isr.
I created the Nat rules and the acl's , but the Nat is just not working, is there a special configuration needed for Nat and VRF's?
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
View 8 Replies View RelatedI was just configured a 3800 router with this command. I cannot get to the ROMMON mode anymore. Cisco says you should press Break key within 5 seconds after the image decompresses during the boot. But mine is ignoring it and going to load running config directly.
View 7 Replies View RelatedI need to upgrade compact flash memory card for a 3800 router. Basically i want to upgrade code on this router and the current flash size (64Mb) cannot hold new image. I wanted to check if i swap the old flash (64 Mb) with a new one 256 mb, i will loose vlan.dat file since it's stored in flash. Is there a way i can copy vlan.dat to new flash which has new code before i change the boot statements and reload the router?
View 1 Replies View RelatedI inherited a 3845 router. I am hopeful that I can use it for my home practice lab and connect it to a Cablevision (Optimum Online) Cable Modem. If it is possible what interface card/config I would need? It currently has a T3/E3 card with 2 coaxial connections (was used with a Cogent DS3 connection). I'm guessing I would need to replace it with an Ethernet one (?). Granted - I suspect it may cost a pretty penny, nonetheless I'd like to look into it.It also has 2 dual-port vwic2-2mft-t1/e1 card installed. I am an absolute beginner with Cisco and networking.
View 2 Replies View RelatedI am using a Cisco ME 3800 switch with 24 Gig and 2 Tengigabit interface. But after configuring the Tengig int with ip add and negotiation it is no know visible in the switch. Instead TenGig I am seeing two (Gi0/1 and G0/2). Not even showing the Tengig in the running config.
View 3 Replies View RelatedI have a 3800 running 12.4 with a outbound shaped nest Qos tied to a subinterface G0/0.12 which is trunk downstream to a 3500. I am getting drops on the "sh policy-manager inter g0/0.12 so know that shaping which is 1.5mbps is dropping my packets. The 3500 looks clean
3800:
policy-map A
class-map A
bandwidth 30% etc..
[Code]....
the routing is that host goes up to the 3800 and out a wan link but if wan is down, it hairpins back down from 3800 to 3500 which has a backup link on one of the ports. when we test wan down, or even when it is up, I see shape dropping packets
I have a client who has Cisco 3800 series routers in their data centre with which they have QoS/CoS policies implemented. They wish to further manage traffic by limiting outbound traffic to their branch sites in line with the network access bandwidth each site has available. Is this possible whilst leaving the QoS policies in place? If so how?
View 1 Replies View RelatedIs there a way to be able to check from one computer on a network to another computer on the same network when both have been set up with NAT?
For example, computer 10.0.0.10 cannot ping 10.0.0.20 because NAT has been set up. Port forwarding does not seem to be an answer. Is it possible for NATted computers to be able to ping each other or not?
I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.
The ASA is: Cisco Adaptive Security Appliance Software Version 8.2(2)Hardware:
ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz The router is:Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9_SNA-M), Version 12.4(20)YA3, RELEASE SOFTWARE (fc2) Router Config:!version 12.4!card type t1 0 0!no ip cef!ip multicast-routing no ipv6 cef!crypto isakmp policy 10 encr 3des authentication pre-share group 2crypto isakmp key xxxxxxx address nn.nn.12.130!crypto ipsec security-association lifetime seconds 86400!crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac !crypto map NOLA 11 ipsec-isakmp set peer nn.nn.12.130 set transform-set 3DES-SHA set pfs group2 match address VPN-ACL!controller T1 0/0/0 fdl both cablelength long 0db channel-group 1 timeslots 1-24!interface Loopback0 ip address 1.1.1.1 255.255.255.252 ip virtual-reassembly no ip route-cache crypto map NOLA!interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45!interface
[code]....
I have Cisco 3800 series router it needs user name and password to access through terminal I don't have the user name and password. Need To reset the password.
Terminal screen shot is attached here you can see that.
I have a working 3800 router which runs on bgp pretty well. Existing setup has 2 serial ports for the bgp and 1 gigabit port for the LAN.Now, i want to add another 3800 as a standby router making it clustered - ACTIVE/STANDBY via hsrp protocol.
1.) What are the implications in adding another 3800. Do i need to reconfigure the ip addresses on my serial? or just the LAN
2.) Are there any additional requirements like firmware versions etc?
We're having some numbers ported over to us and we'd like to verify that we are in fact receiving all of the numbers at our SIP gateway. Since we have been getting more and more activity on this router, I'm becoming more concerned about using certain debug's for fear that the router maxes out CPU and drops.
What the best debug command would give me this information with minimal impact on CPU? In the past I've used 'debug ccapi inout' and a couple of others similar to that. With so much activity though sometimes it bombs the router. Also I am logging to the console directly, maybe there is a better method with less CPU impact. I just don't want to have to go back and forth to look for stuff 50 times either if I write out to a file or something, it could work though I suppose.
I have two Cisco Routers 3800 series for my internet traffic (2 ISP). I configure HSRP on the interfaces gigabitethernet and at the main router I put the multilink interface to track. When the connection drops to the main router traffic does not switch on my second router.
View 1 Replies View RelatedI have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
View 4 Replies View RelatedNeed the clarity on IKE version 1 with aggressive mode, I assume this is used for remote site VPN and not for site to site VPN.
Correct me I am wrong and also share the inputs on this.
Also required the inputs for disabling in Cisco 3800 series router.
I wanted to configure failover internet between two routers Cisco 3800 Series. Each router is connected to an ISP. I have configured HSRP protocol on my interfaces and my HSRP configuration works well. I want to configure my routers to switch my internet traffic in case of failure. For example,if the first ISP internet connection fails, traffic will switch at the second ISP. I want to know how I should proceed to do this.
View 4 Replies View RelatedI have a Cisco3800 with IOS Version 12.3(14)T2 and I have an HWIC-1GE-SFP module inserted on it.
I need to know if there is a command to verify optical power level in this module inserted in the Cisco 3800 router?
Something similar to the following command that I can execute in an Cisco ASR9K:
show controllers Te0/0/0/1 phy | i Rx
I have a tunnel between a PIX 515E version 7.2(2)and a Cisco 3800 version 12.3(11r). There is a mismatch somewere in the configs but I cannot find it. I have included the configs and the syslog errors.
View 5 Replies View RelatedI'm setting up a IPSec Tunnel between 3800 and 2600 routers over the internet.
Do I need to create a tunnel interface as they suggest in this document? [URL]
I just watched a couple of you tube videos saying I don't need to do that...
I couldn't recover my password so I just created a new account.I just recently bought the ASUS RT-N16 since I switched to a different ISP that provided only a modem.
The problem: Some computers in the house will connect no problem to the network and without trouble. Other computers will be able to connect to the network but it will be restricted. When you go to the internet browser it shows an Asus logo and says: "the cable for ethernet is not plugged in". All the computers are wireless and in fact I am writing this while connected to the RT-N16 (wirelessly). Also, sometimes a computer will boot, I will go into the browser, it will show me that message, I unplug the RT-N16, plug it back in and the internet works again. This happens everyday.
P.S. I would also like to note that I tried connecting to the internet network with a nexus and it showed me the same error while I tried connecting with a samsung galaxy S2 and everything worked just fine. Also we got like 5 computers at home and I'd say 1 computer always connects fine, some don't connect regardless of whether you restart the router or not and some computers work only when you restart the router so I have very mixed feelings about this one...
So I am having some major issues with my download speeds. I have been told that I am supposed to get 10-20mb down and 1mb up, which is fine normally. Yet I haven't been getting anywhere near that lately. I have been getting 30-50kbs for a speed lately on my linux server, and I am not sure how slow on my windows box.I have road runner internet, and I have a Linksys BEFSR41 router, and a ubee modem. I have done a little looking at the event log of the ubee modem and found that I am getting "Started Unicast Maintenance Ranging - No Response received - ..." every 3 -5 minutes. I don't know what that means but it says critical next too it. Something else I have found is that it has been raining for the last 3 day straight, don't know if that make a difference
View 6 Replies View RelatedWho is trying the ping www.dlink.com ? I have been used the model DIR-825 during 1 year, but I could not see that ping command in the log. I had experienced that my notebook alert that DIR-825's shareport has reconnected. Why the DIR-825 lost the private connection while I sleeping?Comment: DIR-825(IP: 10.10.100.97/28) is private using only. The internet gateway is setting to DIR-655(:192.168.90.97/29). [code]
View 1 Replies View RelatedI've recently noticed an issue with the D600. A few days ago, I could not get any IP address from the router (wireless connection) on one of my laptops. I checked the router and it did something never done before: It restarted automatically (orange lights). Everything seemed to work fine but now when one of my device connects to the network (ps3, iPhone, laptops...) no IP address is given by the router so everything is on limited connectivity which is really annoying. I have to turn it off/on to make it work. It happens most of the time.
Note that I already returned the router a couple a year ago or so (I cant recall what was the issue), so I have to say that the quality of this device is far behind my expectations.