Cisco Switching/Routing :: 3945 PBR Doesn't Appear To Be Working
May 1, 2013
I have a 3945 router with two interfaces connected to my firewall, one to the management interface and another to my dmz. I'm running eigrp between all my network devices. The problem I'm running into is when I try to ssh to the management interface of the 3945 the traffice hits the firewall, then goes right to the management interface as it should, but the return traffic is trying to use the dmz interface since that is how the router knows to get back to my computers network. I created 2 route-maps to try and address this issue. [code] I've applied the MANAGE_IN route-map to all interfaces that might have inbound traffic destined for the management network and applied the MANAGE_OUT route-map to the management interface. The MANAGE_IN policy appears to be functioning correctly, the MANAGE_OUT doesn't appear to be functioning correctly. When I look at traffic from my host going to the management interface I see it still trying to return through the dmz interface.
View 11 Replies
ADVERTISEMENT
Apr 1, 2012
I just installed two of the HWIC-1GE-SFP cards in the CISCO3945 router but they are not recognized... I don't see any messages on the console output. I don't see them in the "show diag" command. I don't see new ports in the "show run" either... Is there some command I need to put in to activate them? Here is show version of my router:
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[Code]....
View 1 Replies
View Related
Nov 26, 2012
I currently have a Cisco 3945 router deployed and I am reaching the CPU's max during peak usage. The 3945 supports ~500Mbps Fast/CEF Switching and I need something at least double that capacity.
I need the ability to have at least 8 RJ-45 10/100/1000 connections. I also need the ability to NAT.
View 13 Replies
View Related
Dec 2, 2012
the router IPSec VPN config for remote users using Cisco VPN Client 5.0.07
Router 3945 IOS C3900-UNIVERSALK9-M Version 15.1(4)M4
Here is VPN related config part and log from router and client.
aaa new-model
!
!
aaa authentication login default none
aaa authorization network default none
!
!
crypto isakmp policy 5
encr aes 256
authentication pre-share
[Code]...
I highlighted strings with possible problems of of unabling to connect but doesn't know what to do with it.
View 4 Replies
View Related
May 20, 2013
if the Cisco 3945 router requires any license for it to run HSRP. Also advise which IOS runs HSRP on the 3845 router.
View 3 Replies
View Related
Jan 30, 2013
terms of Performance for 3925, 3925E and 3945.
didn't see much different between 3925 and 3925E except an additional port.
View 5 Replies
View Related
May 20, 2010
I understand that the password has to be changed the first time we login to Cisco 3945 router but i failed to do that and its not allowing me to connect using default username/password.
View 7 Replies
View Related
Jan 11, 2012
CBWFQ kicks in when the interface becomes congested and there is no available space in the queue but I need to find a solution to the scenario below:Im using a Gigabit interface on the 3945 Router that connects to the ISP. The ISP limits bandwidth to 60Mb so I need to make sure when I reach the limit of the 60Mb the router starts using the BW percentages defined in the policy-map using classes. any kind of traffic go out as it wants but as soon as the 60Mb limit is reached, the priorities defined by the traffic classes will kick in just as if the interface ran out of queues (as CBWFQ usually works).
View 7 Replies
View Related
Jun 29, 2012
We are having problems with a two router 3945 in HSRP and a switch 2960.The two routers are connected to the switch 2960 through differentes ports. The problem is that we loose connection between the router and the switch.When we excute the command: show cdp neighbor at router, it shows nothing.If we try to make ping to the 2960 switch it is no reachable.If we make ping to the other router 3945 it is not reachable.All other function of the router are o.k.We are attaching the IOS of the routers and switch 2960 and a document in which make reference to a BUG in which mention about arp overwrite due arp attack which produce DoS.
View 2 Replies
View Related
Apr 10, 2012
I am using DHCP/TFTP to autoconfigure a 3945 router. The router properly obtains an IP address and finds the correct TFTP server. The issue lies in the download of the configuration file from the TFTP server. The router downloads the file, gives the "Ok" message, and prompts you to press Return to get started. When I view the running-config, several commands are missing from the Serial 0/0/0 section (HWIC-2T). If I modify the config file on the TFTP server to use Serial 0/0/1 instead and repeat the process, the configuration file loads without any issues and Serial 0/0/1 has all of the commands.
I also tried moving syntax around in my config file, but the end result is still the same. If I use Serial0/0/0 - I don't get all of the commands. If I use Serial 0/0/1, I do.
View 1 Replies
View Related
Aug 4, 2012
connecting a Cisco 3945 Router to an Ethernet WAN Link. The service provider has provided a 100M Ethernet Single Mode Fiber handoff to the customer premises with SC Connector. The CPE configuration proposed for this setup is like this. [code]
Since the SFP has LC Connector, i suppose i need to have an SC-LC Cable for connecting the Ethernet link. Do i need anything else, apart from above?
View 1 Replies
View Related
Feb 17, 2012
url..This says an ISR G2 3945 can achieve 502.78 Mbits when CEF fast switching. Is this per port or total for the whole box? Since the router will hold dozens of switch ports and several gig routed ports I don't understand what this half gig switching speed means.
View 5 Replies
View Related
Jul 2, 2012
Our 871 no longer allows us to make changes to it. I was told the contract ran out, so I renewed it and Cisco support then added the contract to my serial number. What now? Is there a step required to have the router check in with Cisco so that it becomes "unlocked" for me to make changes?
View 1 Replies
View Related
Oct 11, 2011
We have Cisco 3945 Router with SM-ES3-24P Switch Module. when we tried to configure routing in Router and Layer 3 ports on Switch module, the inter-communicaiton is not working?
how we can use routing in 3945 with SM-ES3-24P module?
View 2 Replies
View Related
Apr 30, 2012
I've a 3945 with SM-ES3G-24-P module installed and tried to configure some routing but it doesn't work .
1. L3 interface on the switch modules (with ip address configured)
2. OPSF on the router with connected interface redistribute (which includes the switch module L3 interfaces)
I don't see any of the switch module L3 interfaces routes in the router, not even the connected interface.
SM
-----
int g0/1
no switchport
ip add 1.1.1.1 255.255.255.0
Router
---------
int g0/0
ip add 2.2.2.2 255.255.255.0
router ospf 1
redistribute connected
network 2.2.2.2 0.0.0.0 area 0
View 4 Replies
View Related
Jun 11, 2012
I have a problem with an etherchannel between a cisco 2950 and a couple of catalyst 4506. The cisco 2950 is connect via an etherchannel to the catalyst 4506A. The channel consist of two port on both side and is in trunk mode, encapsulation dot1q.Now i have the necessity to connect the 2950 to the other catalyst, 4506B. So, i copy the same configuration on the 4506B, but when I unplug the two rj45 cables from the catalyst 4506A to plug them in the 4506B the etherchannel doesn't go up in any way.
View 8 Replies
View Related
Jan 9, 2013
I created the configuration below to limit the bandwidth, but doesn't work
Qos - 3750
!
mls qosmls qos map policed-dscp 10 to 8!class-map match-all Testmatch access-group name ACL!policy-map QOSdescription Limit 10M set ip dscp af11 police
[Code]....
View 6 Replies
View Related
Mar 25, 2012
we have a WS-C6509-E WITH SUP VS-S720-10G, and IOS s72033-advipservicesk9_wan-mz.122-33.SXI5.bin. [code]
From, what we can see, whenever we try to clear arp-cache, it doesn't remove the IPs from the ARP. We've checked a bug in the IOS 12.2(33)SXH4 with the same issue, in version SXI4 is solved, but I have version SXI5, it is supposed to be fixed, from this caveat CSCtf16300, since it says it was fixed on 12.2(33)SXI4, it should be fixed on SXI5, right ?
View 2 Replies
View Related
Aug 11, 2011
I was wondering if I could use the CISCO3945 Integrated Gigabit Ethernet WAN ports for routing, I need to enable BGP and I was willing to use one of those ports.
View 2 Replies
View Related
Apr 16, 2013
I have PC_A and PC_B connected to the same switch, and are put in the same vlan. PC_A is the master (source) and PC_B is the destination (client). IGMP Snooping is enabled by default.
Is there any reason why this should fail? There is no RP or any interface with PIM enabled. Its a flat network with a source and client in the same vlan...
IH-3750-LOADTEST-101#show ip igmp snooping vlan 724
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
[Code].....
View 19 Replies
View Related
Jul 10, 2012
I'm configuring a catalyst 3500XL, but I'm having a problem, when I connect an ip phone it works just fine but if I connect a computer to the pc port in the phone the computer doesn't get an ip address. The switch is configure with two vlans Voice and Data and is connected from fa0/24 to a Catalyst 3560 fa0/46. I did configure both ports as trunk.
View 9 Replies
View Related
Jun 11, 2012
I am building up vPC on 2 x Nexus 3048 and found that it did not work properly.The current config as follows,
1. OS: n3000-uk9.5.0.3.U2.2.bin
2. Peer link: 10 x 1G (E1/1 - E1/10) on both devices (I am wondering that 1G interface supports vPC Peer-Link. I heard that upgrading to U3.2 image will work for 1G rather than 10G... )
3. They can ping each other via management IPs
4. Edge switches vPC have not been built yet (I am focusing on Peer-Link and vPC role selection)
[code]....
View 1 Replies
View Related
Aug 13, 2011
c3750e-universalk9-tar.150-1.SE on 3750x
username cisco privilege 15 secret cico
aaa new-model
aaa authentication login default local
[Code]....
Console and telnet don't seem to auto authorize to level 15, I end up at level 1, I'm forced to use enable command.
Rolling back to c3750e-universalk9-mz.122-58.SE2 fixes it. Going back to c3750e-universalk9-tar.150-1.SE breaks it again.
is there some new behavior in cat 15 code (couldn't find it in config guide)? maybe a bug (couldn't find one)?
View 9 Replies
View Related
Apr 22, 2013
my client to setup their network and he want me to limit user access internet bandwidth to 2 Mbps and the topology show below.
Users ---> Switch ---> NAT Router ---> (int gi1/0/24 - qos apply) Edge Switch ---> INTERNET ROUTER (12Mbps) --->> INTERNET
This is my configuration, but it doesn't work, the end user still able to get more than 2Mbps internet speed.
access-list 100 permit ip any any dscp default
class-map match-all QoS_Floor_Limit
match access-group 100
!
!
policy-map QoS_Floor_Limit
[Code]......
View 6 Replies
View Related
Apr 29, 2012
I've been working on a 3560 that doesn't seem to map dscp values to a new value: mls qos map dscp-mutation ToR1 22 24 to 46
[Code]....
On the router on the other side, I created an acl that matched on dscp 46, but it doesn't match on it. I've tried moving the mutation map to the ingress interface and I've tried setting dscp with a service policy instead of marking COS and using internal dscp. Where is the mutation map supposed to be placed: ingress or egress? Also, I added an entry in the acl on the router to see if I was mapping to dscp 24, and I am:
[Code]....
So it seems like the mutation map is being ignored completely. Any reason why?
View 7 Replies
View Related
Dec 11, 2011
My network has two connections to a third party via links on two seperate ASA , one in location A and one in location B. The link in location A is the primary connection and the other in location B should be used by only two terminals (term1, term2) in location B. ASA are running OSPF and are redistributing static routes as metric-type 1 in OSPF. In order to achive the aforementioned goal, I have configured a route-map on ASA location B, that sets the metric for the route towards the third party to a high value (100). This way, all routers, even those in site B prefer the exit through location A (metric about 24).
I have checked that my routers correctly have the route to the 3rd party through location A, and the OSPF database has records for the network from both locations.In location B, I have configured the following route-map (on 6509)
route-map PREFER-LOCAL-ROUTER permit 10
match ip address XXX
set ip next hop locationB-ASA
int vlanYYYY
ip policy route-map PREFER-LOCAL-ROUTER
[code]....
From the terminals (term1 and term2) I have tried a traceroute towards the 3rd party's subnet, but I don't get any match neither on the access-list nor on the route-map. Unfortunately I have no other way to test that my configuration is correct, since the application on the terminals, that should access the 3rd party network, is not currently running.
I also addedd the statements below to the access-list, because of the test with tracert:
permit icmp host term1 route_to_3rd_party 0.0.255.255
permit icmp host term2 route_to_3rd_party 0.0.255.255
Nothing changed...Is there something wrong with the above config? Is there a chance that there is a problem with the IOS, that simply doesn't show any hits?
View 9 Replies
View Related
Mar 9, 2012
I have upgraded my C3560-PS-S switch to the latest IOS version 12(2)55-SE4 and it is not providing PoE anymore? It used to work before this upgrade? I searched Cisco bugtrack and there is bug defined for this IOS/Switch.
Switch(config-if)#do show power inline Available:370.0(w) Used:0.0(w) Remaining:370.0(w)
Interface Admin Oper Power Device Class Max
(Watts)
--------- ------ ---------- ------- ------------------- ----- ----
Fa0/1 auto off 0.0 n/a n/a 15.4
Fa0/2 auto off 0.0 n/a n/a 15.4
Fa0/3 auto off 0.0 n/a n/a 15.4
Fa0/4 auto off 0.0 n/a n/a 15.4
Fa0/5 auto off 0.0 n/a n/a 15.4
Fa0/6 auto off 0.0 n/a n/a 15.4
Fa0/7 auto off 0.0 n/a n/a 15.4
Fa0/8 auto off 0.0 n/a n/a 15.4
Fa0/9 auto off 0.0 n/a n/a 15.4
Fa0/10 auto off 0.0 n/a n/a 15.4
Fa0/11 auto off 0.0 n/a n/a 15.4
Fa0/12 auto off 0.0 n/a n/a 15.4
Fa0/13 auto off 0.0 n/a n/a 15.4
Fa0/14 auto off 0.0 n/a n/a 15.4
Fa0/15 auto off 0.0 n/a n/a 15.4
Fa0/16 auto off 0.0 n/a n/a 15.4
Fa0/17 auto off 0.0 n/a n/a 15.4
Fa0/18 auto off 0.0 n/a n/a 15.4
Fa0/19 auto off 0.0 n/a n/a 15.4
Fa0/20 auto off 0.0 n/a n/a 15.4
Fa0/21 auto off 0.0 n/a n/a 15.4
Fa0/22 auto off 0.0 n/a n/a 15.4
Fa0/23 auto off 0.0 n/a n/a 15.4
Fa0/24 auto off 0.0 n/a n/a 15.4
View 3 Replies
View Related
Oct 31, 2011
I've 3750X switch that isn't loading email. then I went to rommon mode and accidently for "format flash". after that I loaded 15.0 SE2 s/w on it using tftp server but it doesn't boot up with that image. flash had only .bin file after I loaded it from tftp server.
since it wasn't booting up, I did format flash again and thought to load image again from tftp server but now, it doesn't load image from tftp server.
View 9 Replies
View Related
Apr 26, 2013
I am working with 3750 switch.I console the switch and turn it on and it doesn’t show text in hyper terminal with any BAUD (I tried all the speeds). The hyper terminal works with other switches so the problem is not with the hyper terminal.when I tried to break the password it stuck after I was writing "flash_init" and when I entered or typed text it show only garbage characters. I tried to break the password with all the speeds and it shows garbage output. I tried to turn on the switch and hold control + break and it showed the text only with the speed 115200, but after I left holding and tried to type it showed only garbage again. Also I tried to copy text from the notepad to the hyper terminal.
View 6 Replies
View Related
Dec 13, 2011
We have 10 ADSL lines and 5 of them goes in the load balancer (One gateway) and the rests are used as default gateways for internet access. We use ADSL routers as access points for internet, but those routers should be part of our network and should be given an address in order for them to act as default gateways for internet access. I'm facing a real prob with the ADSL routers Linksys WAG54G2 because they doesn't support a subnet mask 255.255.0.0 Any recommendation for an ADSL router model that support a netmask 255.255.0.0 ?
My cisco 2811 router interface configuration ip address: 172.20.0.1 255.255.254.0.Load balancer output lan ip address: 172.20.0.5.My ADSL routers will be in the following range : 172.20.0.6 - 172.20.0.10
View 1 Replies
View Related
May 21, 2012
we have three separated network segments going to one Cisco 3750 switch all is L2 .. from this switch is 100 mbit uplink.we need to apply some Qos mechanism not to saturate line by traffic from one network.. Configuration from various reason CANNOT be done on switch where 100Mbit line is terminated.. so all must be done on SW1,2,3..Correct me if iam wrond but as switches doesnt see traffic from other network iam affraid only think we can do is limit bandwidth on links going into SW1,2,3 to 33 Mbit.I found commad srr-queue bandwidth limit.But links going to SWs are 1Gbit so if i force bandwidth to 10% (minimum what command allows) its 100 Mbit..If I force speed on those links to 100Mbit and than apply srr-queue bandwidth limit to 30% doest it work.??. Will srr-queue bandwidth limit speed to 30Mbit?? Or srr-queue bandwidth limit is calculated from maxim speed of interface?
View 1 Replies
View Related
Oct 27, 2012
we can't start WS-X6708-10G-3CXL on WS-C6506-E. [code] we did try on conf t mode "power enable module 3" and it didn't work. [code]
View 2 Replies
View Related
Apr 22, 2013
Due to a problem with POE+ i have tried to upgrade the IOS to Version15.0.2SE2, from 12.2.58. unfortunatly the Switch doesn't boot up anymore. It starts to decompress and install the IOS 2 Times, after the Second try it displays "unable to boot" and the switch goes in Bootloader-mode. When i look at the version i See that bootloader is still the old version 12.2.58. It seems that the bootloader doesn't geht upgraded and that's why the Switch can't Boot the new Image.
View 8 Replies
View Related
