Cisco Switching/Routing :: 3945 PBR Doesn't Appear To Be Working
May 1, 2013
I have a 3945 router with two interfaces connected to my firewall, one to the management interface and another to my dmz. I'm running eigrp between all my network devices. The problem I'm running into is when I try to ssh to the management interface of the 3945 the traffice hits the firewall, then goes right to the management interface as it should, but the return traffic is trying to use the dmz interface since that is how the router knows to get back to my computers network. I created 2 route-maps to try and address this issue. [code] I've applied the MANAGE_IN route-map to all interfaces that might have inbound traffic destined for the management network and applied the MANAGE_OUT route-map to the management interface. The MANAGE_IN policy appears to be functioning correctly, the MANAGE_OUT doesn't appear to be functioning correctly. When I look at traffic from my host going to the management interface I see it still trying to return through the dmz interface.
I just installed two of the HWIC-1GE-SFP cards in the CISCO3945 router but they are not recognized... I don't see any messages on the console output. I don't see them in the "show diag" command. I don't see new ports in the "show run" either... Is there some command I need to put in to activate them? Here is show version of my router:
I currently have a Cisco 3945 router deployed and I am reaching the CPU's max during peak usage. The 3945 supports ~500Mbps Fast/CEF Switching and I need something at least double that capacity.
I need the ability to have at least 8 RJ-45 10/100/1000 connections. I also need the ability to NAT.
I understand that the password has to be changed the first time we login to Cisco 3945 router but i failed to do that and its not allowing me to connect using default username/password.
CBWFQ kicks in when the interface becomes congested and there is no available space in the queue but I need to find a solution to the scenario below:Im using a Gigabit interface on the 3945 Router that connects to the ISP. The ISP limits bandwidth to 60Mb so I need to make sure when I reach the limit of the 60Mb the router starts using the BW percentages defined in the policy-map using classes. any kind of traffic go out as it wants but as soon as the 60Mb limit is reached, the priorities defined by the traffic classes will kick in just as if the interface ran out of queues (as CBWFQ usually works).
We are having problems with a two router 3945 in HSRP and a switch 2960.The two routers are connected to the switch 2960 through differentes ports. The problem is that we loose connection between the router and the switch.When we excute the command: show cdp neighbor at router, it shows nothing.If we try to make ping to the 2960 switch it is no reachable.If we make ping to the other router 3945 it is not reachable.All other function of the router are o.k.We are attaching the IOS of the routers and switch 2960 and a document in which make reference to a BUG in which mention about arp overwrite due arp attack which produce DoS.
I am using DHCP/TFTP to autoconfigure a 3945 router. The router properly obtains an IP address and finds the correct TFTP server. The issue lies in the download of the configuration file from the TFTP server. The router downloads the file, gives the "Ok" message, and prompts you to press Return to get started. When I view the running-config, several commands are missing from the Serial 0/0/0 section (HWIC-2T). If I modify the config file on the TFTP server to use Serial 0/0/1 instead and repeat the process, the configuration file loads without any issues and Serial 0/0/1 has all of the commands.
I also tried moving syntax around in my config file, but the end result is still the same. If I use Serial0/0/0 - I don't get all of the commands. If I use Serial 0/0/1, I do.
connecting a Cisco 3945 Router to an Ethernet WAN Link. The service provider has provided a 100M Ethernet Single Mode Fiber handoff to the customer premises with SC Connector. The CPE configuration proposed for this setup is like this. [code]
Since the SFP has LC Connector, i suppose i need to have an SC-LC Cable for connecting the Ethernet link. Do i need anything else, apart from above?
url..This says an ISR G2 3945 can achieve 502.78 Mbits when CEF fast switching. Is this per port or total for the whole box? Since the router will hold dozens of switch ports and several gig routed ports I don't understand what this half gig switching speed means.
Our 871 no longer allows us to make changes to it. I was told the contract ran out, so I renewed it and Cisco support then added the contract to my serial number. What now? Is there a step required to have the router check in with Cisco so that it becomes "unlocked" for me to make changes?
We have Cisco 3945 Router with SM-ES3-24P Switch Module. when we tried to configure routing in Router and Layer 3 ports on Switch module, the inter-communicaiton is not working?
how we can use routing in 3945 with SM-ES3-24P module?
I've a 3945 with SM-ES3G-24-P module installed and tried to configure some routing but it doesn't work .
1. L3 interface on the switch modules (with ip address configured) 2. OPSF on the router with connected interface redistribute (which includes the switch module L3 interfaces)
I don't see any of the switch module L3 interfaces routes in the router, not even the connected interface.
SM ----- int g0/1 no switchport ip add 1.1.1.1 255.255.255.0
Router --------- int g0/0 ip add 2.2.2.2 255.255.255.0 router ospf 1 redistribute connected network 2.2.2.2 0.0.0.0 area 0
I have a problem with an etherchannel between a cisco 2950 and a couple of catalyst 4506. The cisco 2950 is connect via an etherchannel to the catalyst 4506A. The channel consist of two port on both side and is in trunk mode, encapsulation dot1q.Now i have the necessity to connect the 2950 to the other catalyst, 4506B. So, i copy the same configuration on the 4506B, but when I unplug the two rj45 cables from the catalyst 4506A to plug them in the 4506B the etherchannel doesn't go up in any way.
we have a WS-C6509-E WITH SUP VS-S720-10G, and IOS s72033-advipservicesk9_wan-mz.122-33.SXI5.bin. [code]
From, what we can see, whenever we try to clear arp-cache, it doesn't remove the IPs from the ARP. We've checked a bug in the IOS 12.2(33)SXH4 with the same issue, in version SXI4 is solved, but I have version SXI5, it is supposed to be fixed, from this caveat CSCtf16300, since it says it was fixed on 12.2(33)SXI4, it should be fixed on SXI5, right ?
I was wondering if I could use the CISCO3945 Integrated Gigabit Ethernet WAN ports for routing, I need to enable BGP and I was willing to use one of those ports.
I have PC_A and PC_B connected to the same switch, and are put in the same vlan. PC_A is the master (source) and PC_B is the destination (client). IGMP Snooping is enabled by default.
Is there any reason why this should fail? There is no RP or any interface with PIM enabled. Its a flat network with a source and client in the same vlan...
IH-3750-LOADTEST-101#show ip igmp snooping vlan 724 Global IGMP Snooping configuration: ------------------------------------------- IGMP snooping : Enabled
I'm configuring a catalyst 3500XL, but I'm having a problem, when I connect an ip phone it works just fine but if I connect a computer to the pc port in the phone the computer doesn't get an ip address. The switch is configure with two vlans Voice and Data and is connected from fa0/24 to a Catalyst 3560 fa0/46. I did configure both ports as trunk.
I am building up vPC on 2 x Nexus 3048 and found that it did not work properly.The current config as follows,
1. OS: n3000-uk9.5.0.3.U2.2.bin
2. Peer link: 10 x 1G (E1/1 - E1/10) on both devices (I am wondering that 1G interface supports vPC Peer-Link. I heard that upgrading to U3.2 image will work for 1G rather than 10G... )
3. They can ping each other via management IPs
4. Edge switches vPC have not been built yet (I am focusing on Peer-Link and vPC role selection)
I've been working on a 3560 that doesn't seem to map dscp values to a new value: mls qos map dscp-mutation ToR1 22 24 to 46
[Code]....
On the router on the other side, I created an acl that matched on dscp 46, but it doesn't match on it. I've tried moving the mutation map to the ingress interface and I've tried setting dscp with a service policy instead of marking COS and using internal dscp. Where is the mutation map supposed to be placed: ingress or egress? Also, I added an entry in the acl on the router to see if I was mapping to dscp 24, and I am:
[Code]....
So it seems like the mutation map is being ignored completely. Any reason why?
My network has two connections to a third party via links on two seperate ASA , one in location A and one in location B. The link in location A is the primary connection and the other in location B should be used by only two terminals (term1, term2) in location B. ASA are running OSPF and are redistributing static routes as metric-type 1 in OSPF. In order to achive the aforementioned goal, I have configured a route-map on ASA location B, that sets the metric for the route towards the third party to a high value (100). This way, all routers, even those in site B prefer the exit through location A (metric about 24).
I have checked that my routers correctly have the route to the 3rd party through location A, and the OSPF database has records for the network from both locations.In location B, I have configured the following route-map (on 6509)
route-map PREFER-LOCAL-ROUTER permit 10 match ip address XXX set ip next hop locationB-ASA int vlanYYYY ip policy route-map PREFER-LOCAL-ROUTER
[code]....
From the terminals (term1 and term2) I have tried a traceroute towards the 3rd party's subnet, but I don't get any match neither on the access-list nor on the route-map. Unfortunately I have no other way to test that my configuration is correct, since the application on the terminals, that should access the 3rd party network, is not currently running.
I also addedd the statements below to the access-list, because of the test with tracert: permit icmp host term1 route_to_3rd_party 0.0.255.255 permit icmp host term2 route_to_3rd_party 0.0.255.255
Nothing changed...Is there something wrong with the above config? Is there a chance that there is a problem with the IOS, that simply doesn't show any hits?
I have upgraded my C3560-PS-S switch to the latest IOS version 12(2)55-SE4 and it is not providing PoE anymore? It used to work before this upgrade? I searched Cisco bugtrack and there is bug defined for this IOS/Switch.
Switch(config-if)#do show power inline Available:370.0(w) Used:0.0(w) Remaining:370.0(w)
Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Fa0/1 auto off 0.0 n/a n/a 15.4 Fa0/2 auto off 0.0 n/a n/a 15.4 Fa0/3 auto off 0.0 n/a n/a 15.4 Fa0/4 auto off 0.0 n/a n/a 15.4 Fa0/5 auto off 0.0 n/a n/a 15.4 Fa0/6 auto off 0.0 n/a n/a 15.4 Fa0/7 auto off 0.0 n/a n/a 15.4 Fa0/8 auto off 0.0 n/a n/a 15.4 Fa0/9 auto off 0.0 n/a n/a 15.4 Fa0/10 auto off 0.0 n/a n/a 15.4 Fa0/11 auto off 0.0 n/a n/a 15.4 Fa0/12 auto off 0.0 n/a n/a 15.4 Fa0/13 auto off 0.0 n/a n/a 15.4 Fa0/14 auto off 0.0 n/a n/a 15.4 Fa0/15 auto off 0.0 n/a n/a 15.4 Fa0/16 auto off 0.0 n/a n/a 15.4 Fa0/17 auto off 0.0 n/a n/a 15.4 Fa0/18 auto off 0.0 n/a n/a 15.4 Fa0/19 auto off 0.0 n/a n/a 15.4 Fa0/20 auto off 0.0 n/a n/a 15.4 Fa0/21 auto off 0.0 n/a n/a 15.4 Fa0/22 auto off 0.0 n/a n/a 15.4 Fa0/23 auto off 0.0 n/a n/a 15.4 Fa0/24 auto off 0.0 n/a n/a 15.4
I've 3750X switch that isn't loading email. then I went to rommon mode and accidently for "format flash". after that I loaded 15.0 SE2 s/w on it using tftp server but it doesn't boot up with that image. flash had only .bin file after I loaded it from tftp server.
since it wasn't booting up, I did format flash again and thought to load image again from tftp server but now, it doesn't load image from tftp server.
I am working with 3750 switch.I console the switch and turn it on and it doesn’t show text in hyper terminal with any BAUD (I tried all the speeds). The hyper terminal works with other switches so the problem is not with the hyper terminal.when I tried to break the password it stuck after I was writing "flash_init" and when I entered or typed text it show only garbage characters. I tried to break the password with all the speeds and it shows garbage output. I tried to turn on the switch and hold control + break and it showed the text only with the speed 115200, but after I left holding and tried to type it showed only garbage again. Also I tried to copy text from the notepad to the hyper terminal.
We have 10 ADSL lines and 5 of them goes in the load balancer (One gateway) and the rests are used as default gateways for internet access. We use ADSL routers as access points for internet, but those routers should be part of our network and should be given an address in order for them to act as default gateways for internet access. I'm facing a real prob with the ADSL routers Linksys WAG54G2 because they doesn't support a subnet mask 255.255.0.0 Any recommendation for an ADSL router model that support a netmask 255.255.0.0 ?
My cisco 2811 router interface configuration ip address: 172.20.0.1 255.255.254.0.Load balancer output lan ip address: 172.20.0.5.My ADSL routers will be in the following range : 172.20.0.6 - 172.20.0.10
we have three separated network segments going to one Cisco 3750 switch all is L2 .. from this switch is 100 mbit uplink.we need to apply some Qos mechanism not to saturate line by traffic from one network.. Configuration from various reason CANNOT be done on switch where 100Mbit line is terminated.. so all must be done on SW1,2,3..Correct me if iam wrond but as switches doesnt see traffic from other network iam affraid only think we can do is limit bandwidth on links going into SW1,2,3 to 33 Mbit.I found commad srr-queue bandwidth limit.But links going to SWs are 1Gbit so if i force bandwidth to 10% (minimum what command allows) its 100 Mbit..If I force speed on those links to 100Mbit and than apply srr-queue bandwidth limit to 30% doest it work.??. Will srr-queue bandwidth limit speed to 30Mbit?? Or srr-queue bandwidth limit is calculated from maxim speed of interface?
Due to a problem with POE+ i have tried to upgrade the IOS to Version15.0.2SE2, from 12.2.58. unfortunatly the Switch doesn't boot up anymore. It starts to decompress and install the IOS 2 Times, after the Second try it displays "unable to boot" and the switch goes in Bootloader-mode. When i look at the version i See that bootloader is still the old version 12.2.58. It seems that the bootloader doesn't geht upgraded and that's why the Switch can't Boot the new Image.
