Cisco Switching/Routing :: 3825 - GLBP Is Not Working
Feb 22, 2010
I have 2*3825 routers configured with GLBP, but traffic is moving only with one router it only fallback on other router when the 1st router is isolated.
diagram: LAN=======>ASA(Routed mode with active-standby)======>one Cisco L2 switch========>2 *3825 Router
When trace route from LAN PC show that traffic is only taking via single router. LAN gateway is defined as ASA inside address and in ASA a default route pointed to GLBP address.
RTR1 config:
==========
int g0/0
ip address 1.1.1.2 255.255.255.0
glbp 1 ip 1.1.1.1
glbp 1 preemt
RTR2 config:
==========
int g0/0
ip address 1.1.1.3 255.255.255.0
glbp 1 ip 1.1.1.1
glbp 1 preemt
So I have 2 routers (cisco 3640) that each go to their own ISP and then back to the same switch. I have setup ospf and glbp, and now have pretty good redundancy. If either internet connection or routers go down everything is still golden.
So I was thinking that if an interface went down then the router would not be load balanced with glbp which got me thinking whats the best way to get interface redundancy (and I was going to add a 2nd switch with the second interface).
1) Setup BVI on the 2 interfaces. 2) Setup a 2nd interfaces (on each router), I would have to split the subnet, for instance: [code]then the machines could be on the subnet 192.168.0. 0/23 and setup glbp for 1 ip across all 4 interfaces (I'm not even sure if you can do this but think it would work). 3) Is there a way to utilize etherchannel or anything like this
A negative to option 2 would be that if 1 of the interfaces went down, all the sudden 2/3 (or so) of your traffic would be going through 1 router.
I have a router cisco 3825, it is configured with netflow for monitoring traffic with WhatsUpGold, but I can't monitor this router I don't know what is the problem.Device: Router Cisco 3825 IOS: C3825-ADVENTERPRISEK9-M 12.4. [code]
I have a switch4500 12.2 and a router 2801 IOS 15.1 and this device work well with the WhatsUp but these devices have the same configuration.I see diferents ouputs when I use show ip flow export, this output is for a router that work well with WhatsUp. [code]
- Second question is about EIGRP, when I configure EIGRP on the main switch that is AVG with the following commands, will I also have to run the same commands on the second 4948 E too?
I have two routers at our core data center, a 3845 and a 3640. These are configured with GLBP. There are 4 remote sites:
Site #1: One T1 link to the 3825 Site #2: One T1 link to the 3825, and One T1 link to the 3640 Site #3: One T1 link to the 3825, and One T1 link to the 3640 Site #4: One fractional T1 link to the 3825, and One T1 link to the 3640.
My question regards site #4. If i understand correctly, GLBP works on the premise of "host" balancing, and not true "load" balancing. The reason I ask is that the large majority of our WAN traffic is from our Exchange server to our remote sites. In the case of site #4, our exchange server is sending traffic on the fractional T1. Is there any way with GLBP to either split this traffic from a particular host across two links in a round-robin fashion, but leave other hosts to travel wherever the router sends them, or, to force at least our exchange server to use the full T1, rather than the fractional?
I've read up on the weighting mechanism, and it appears that tracking an interface has nothing to do with bandwidth use. If I understand correctly, if I were to track the Site #4 PPP to the 3640, and give a weight of 10 to glbp on there, it would really only take affect if the interface is down. It will have nothing to do with host AVF election.For the record, exchange traffic is constant to this site, so there is no chance for the host connection to reset and potentially elect to use the larger pipe. I would like to "tweak" this to make better use of available bandwidth.
I have the task of replicating the router config on a 3825 router on a 3750 switch. Reason is we are taking out the router and replacing it with the switch to make use of the router for other functions.
Below is main part of the router config:
! ip source-route ip cef ! ! multilink bundle-name authenticated ! license udi pid CISCO3825 sn FCZxxxxxxx ! vlan internal allocation policy ascending
[code].....
The 3750 switch I have runs C3750E-UNIVERSALK9-M, Version 12.2(55)SE3 on a LAN BASE license.
The first thing I have done is to order for a license upgrade to IP BASE which would give the support for OSPF routing.I do not see much of an issue with the Interface configs, however, I am not too sure about replicating the routing config on the switch.
My question is can I run the commands as shown for the OSPF routing on the switch? If not, can I get suggestions on how best to set this up on the switch?
I have a 3825 router that I have setup with the following: [code]
Its on a trunked port to my 3750 switch. I am new to this compnay and havent changed it over to IP routing on the switch quite yet.Both Vlans are setup on the 3750 without an SVI. All hosts on VLAN 1 can ping both interfaces without issue.
If I put a host on the 172 VLAN it cannot ping anything on the router. If I put another host on the VLAN they can ping each other. If I put an SVI on switch the 172 VLAN hosts can ping the switch, but still not the router. ONce I put the SVI on the switch, it can no longer ping the router. I am giving the SVI ip 172.22.1.5/24.
I have verfied with TAC that the trunk is allowing the vlans to the router.
I have been working with TAC. They have asked me to update the code on the switch, but I think they are just punting. [code]
I have a cisco 3825 router with two GE interfaces. GE0/0 is connected to a switch through ethernet cable. I have configured the GE0/0 interface with IP address. I have also configured static route for the local network. However, now I can only ping the GE0/0's own IP from the router. Here are the running-config:
hostname Router ! boot-start-marker boot-end-marker ! !card type command needed for slot 2 enable secret 5 $1$4gxa$sykc0mcaxpCIrGc86i1ZE.
[code]...
The 10.1.52.1 is the current gateway on the 10.1.52.x LAN.
After formatting the CF, the router is able to see the flash without a problem. I copied files to the flash - still able to see the contents okay. The problem ia that if i restart the router with the new flash, i get this error:
Jan 22 17:44:12.454 MSK: %SYS-5-CONFIG_I: Configured from console by bt_admin on vty0 (10.10.10.44) Jan 22 17:45:41.847 MSK: %SYS-5-RELOAD: Reload requested by bt_admin on vty0 (1 0.10.10.44). Reload Reason: Reload Command. System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Technical Support: [URL]
I have a Cisco 3825 router with a sfp module .(multi mode Cisco sfp ) connected to a Alcatel switch with fiberxon sfp. On a Cisco router the sfp card is been recognized and is seen when i used " show ip int brief " or show inventory commands. However the line protocol is down.
is their any compatibility issue with one side Cisco sfp and other side fiberxon sfp ? we have tested Cisco sfp -------Cisco sfp works fiberxon ----------------fiberxon works .
when the client get an ip from the DHCP works for same day and all of suddenly ip get released while user working and again it doesn't ip,if the same is assigned manually it works. [code]
We have one 3825 router used as voice gateway. For redudancy, we want to connect it to two different switches which has STP and HSRP running. Can I create a port-channel with two Giga interfaces in 3825 and connect to two different switches? Should I configure port channel in switch with only one port in each port-channel? I know server can be connected to different switches with NIC teaming. I just want to mimic that kind of setup. I did one time for port-channel in 3825, but it was connected to a stacked 3750X. So it's different case now.
I just ran into an interesting issue. VG Cisco 3825 crashes regularly with the following message in a crashinfo.
%ALIGN-1-FATAL: Illegal access to a low address 16:26:07 CET Tue Dec 11 2012 addr=0x0, pc=0x603EFF38z , ra=0xFFFFCC41z , sp=0x702E3C28 %ALIGN-1-FATAL: Illegal access to a low address 16:26:08 CET Tue Dec 11 2012 addr=0x0, pc=0x603EFF38z , ra=0xFFFFCC41z , sp=0x702E3C28 16:26:08 CET Tue Dec 11 2012: TLB (store) exception, CPU signal 10, PC = 0x603F32F8
I thought I saw a post/question in regards to "how to" configure a Broadband backup for a MPLS circuit.. What I am trying to do is use a cable/dsl/ broadband (secondary) connection as a backup to a MPLS circuit (primary). I have EIGRP and BGP configured on both the branch endpoint and the tunnel headend. The tunnel is used by the interface that connects to the secondary circuit. The branch location router is a 1841 and the "headend" tunnel router is a 3825. I am wondering about the configuration/syntax of a "weight" or static route that can be used to have data flow over the tunnel when the MPLS circuit goes down - and then switch back to the MPLS circuit when it comes back on line.
I have a peculiar issue with a router whering I get the message in the Show Environment as below.
sh environment out Redundant Power System is not present.
SYS PS1 is present. Type: AC
AUX(-48V) PS1 is absent.
Fan 1 OK Fan 2 OK Fan 3 OK
Fan Speed Setting: Normal
Alert settings: Intake temperature warning: Enabled, Threshold: 55 Core temperature warning: Enabled, Threshold: 70 (CPU: 95)
Board Temperature: Normal Internal-ambient temperature = 22, Normal CPU temperature = 37, Normal Intake temperature = 22, Normal
Voltage 1(3300) is Normal, Current voltage = 3300 mV Voltage 2(5150) is Normal, Current voltage = 5210 mV Voltage 3(2500) is High/Low, Current voltage = 2168 mV [Code]...
We are using 3825 Cisco router with IOS version 12.4(24)T2. The unknown protocol drops on our GigabitEthernet0/1 interface is increasing. This interface is connected to our modem. What could be causing this unknown protocol drops?
cnshaccent-gw-2#sh int GigabitEthernet0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is BCM1125 Internal MAC, address is ffff.ffff.ffff (bia ffff.ffff.ffff)
I have reconfigure my Cisco 3825 for ssh after we lost the config sue to a power faliure. I have reconfigure the same way it was configured before and working properly.
when I try to access the router using Putty ssh, I get to the authentication screen but after entering uername and password (enable secrete and line password the same) i get access denied.
Below is the ssh and line configuration on the router. I have seen the pdf that has been recommended here at Netpro and have followed that document but still having problem:
Our ISP hands us an ethernet link. ISP router has one address of (for argument sake) 1.1.1.0/30 net, - let's say they have 1.1.1.1 we have the other usable address of 1.1.1.2/30 assigned to our 3825 router. Is it possible to use hsrp or vrrp if there is not two valid/unique "wan" IPs to assign to our routers? For example, if we had a pair of 3825 routers? are we stuck with basically a manual failover or requesting our isp to provide a larger address wan block?
We were unable to login to a 3825 with a known good password, so we used Cisco's Password Recovery Procedure for that device. We were successful in resetting the password, and had access to the CLI. However, when we logged out of the router, then attempted to log back in, the 'Invalid Password' prompt again came up.We have to use password recovery each and every time we need to access the CLI. Might this be an NVRAM problem?
Show version for this device is: C3825-advsecurityk9-m 12.4(3a).
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
We have 7200 router on which two links from different ISPs are terminated. Right now one link is primary and the second one is redundant.Now we have procured our own IPs and plan to run BGP with both the service provider. Can we configure GLBP on the router so that both the links can be simultaneously used and when one goes down the other takes the full load.
I have 30 branch all over the country.There we have Cisco 3825 Series router at HO, and 892/k9m 1841 and 1811 routers in BO.My branches are being connected to HO via dual link which has been linked with two ISPs,both are Layer 2 link provided by the service provider,
usually i have the route pointing to HO ip from each branch routers. [code] Where, there are four branches acting as the gateway for the branch router 172.20.0.13. What cause the problem,and how can I solve this issue permanently?
I try to setup a ASA5510, but without success. Actually, I have Cisco1800(192.168.96.1/21) from my ISP connected to a Cisco 3825 (via port with IP 192.168.96.2) all is working good. Now I want to insert a asa firewall between ISP router and 3825.
For that, I tried a more simple config : ISProuter (192.168.96.1/21) ---- ASA outside port(192.168.96.2/255.255.255.248) ASA INSIDE port (192.168.100.1/255.255.255.0) --- a pc with IP 192.168.100.2, netsmask 255.255.255.0, gateway 192.168.100.1 From my ASA, I can ping 192.168.96.1. but a "ping INSIDE 192.168.96.1" fail from py pc, can ping 192.168.100.1, but not 192.168.96.1 Here, my ASA config :
ASA Version 7.0(8)host name cisco asa enable password 8Ry2YjIyt7RRXU24 encrypted password 2KFQnbNIdI.2KYOU encrypted names dns-guard ! interface Ethernet0/0 shutdown no nameif no security-level no ip address [code]....
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
I am using a cisco 3750 in my network as a gateway, and above it I use a squid machine for caching my internet. My network is like this:
Basically I have two VLANs on my network which are VLAN10 and VLAN100, VLAN10 is the cooperate network of my office. VLAN100 is the management VLAN which i use for the switches. I keep the squid as well the client in VLAN10.
squid (192.168.1.50)---->cisco 3750(192.168.1.123)---->Distribution Switch(cisco 2960)---->client PC (192.168.1.5)
I have done nating on squid and internet is working pretty fine when I use the client gateway as the squid, but when I use the cisco 3750 as my gateway after adding route maps for forwarding the internet traffic coming to the cisco 3750 to squid it disconnects me from internet as well I cannot even reach the switches from the corporate network. These are the only Lines I used for the routing:
! route-map proxy-redirect permit 10 match ip address 110
Basically I have 3 VLAN’s. Office VLAN (for cooperative usage) which is VLAN 999 which has a defined IP address of 192.168.1.123 and Guest VLAN (for the guests who visits our hotel, most of it are wifi AP’s) VLAN 20 which has an IP address of 10.172.4.1. All these SVI are defined on the core switch.
Is there any way I can introduce a new VLAN lets say VLAN 40 and use PBR to route the packets going to VLAN 40 in the IP range 192.168.1.x to VLAN 999 and 10.172.4.1 to VLAN 20? I have tried this already and it is not working. Here are the configurations I have used.
Access-list 110 permit ip 10.172.4.0 0.0.0.255 any access-list 120 permit ip 192.168.1.0 0.0.0.255 any route-map INT_RVLAN permit 10 match ip address 120 110 set ip next-hop 192.168.1.123 10.172.4.1 interface VLAN 40 ip policy route-map INT_RVLAN
