Our 871 no longer allows us to make changes to it. I was told the contract ran out, so I renewed it and Cisco support then added the contract to my serial number. What now? Is there a step required to have the router check in with Cisco so that it becomes "unlocked" for me to make changes?
View 1 RepliesI have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
Contrary to the information contained in the link above, these two parts do not play well together. I purchased both and plugged them in and no go. It doesn't even light anything on the WAP. It worked fine when it was on its own 12V DC adapter but not plugged into this injector. What I don't understand is why Cisco doesn't just make a Universal power injector that is essentially a 1 port switch and is 802.3af or 802.3at compatible. Its maddening. It looks like I'm going to have to get an SD208P and waste 6 ports just to get one with the correct POE for the WAP4410.
View 2 Replies View RelatedI have two 3560s that i would like to upgrade. But first i would like to make -absolutely- sure i dont wind up in a situation where i have to roll back over a console connection.to the day i still cant understand why oh why someone removed (or chose not to implement it everywhere) tftpdnld from rommon ;)
View 8 Replies View Relatedi read alot about password recovery , but when i apply it to cisco 7604 it fails ?i went to rommon mode and typed# confreg 0x2142 then i typed reset when the router startup it request a password form me ,i can enter the user mode , and when i type sh ver command i note that the config resgitser is 0x2102 , not 0x2142 !!!!
i could enter the privilage mode !!!! and seems no thing changed ! does this router has a specific password recovery procedure ? which differes than the classic procedure?
Currently have two routers inside our network.
One is the default GW 10.1.1.13
One is Jump Router for ATT 10.1.1.12
Both connected to HP Procurve L2 switch
The ATT Router is 10.1.1.2Want to replace GW and Jump with one 3750 L3 switch.icomplish this with only one port g0/1 connected to HP Procurve?Can I make the switchport 10.1.1.13 and then create a ip vlan999 10.1.1.12?route all to 10.1.1.2Or do I just connect two ports, and hardcode them with an ip?
I've got a 1760 router which uses port forwarding (25, 80 and 443) for my internal network services. If, let's say, I try to open a FTP connection on the router, of course the connection will be refused. Is there a way to make the router DROP the packets instead of rejecting them? My Linux iptables configurations drop packets who fail the firewall test, so I would like the router to perform that behavior.Commands for port forwarding:ip nat inside source static tcp 10.10.0.1 80 int f0/0 80 (these work fine)
View 4 Replies View RelatedI am begining to work to apply Qos on switchs (C2960 & C6500), and I still have a doubt about the necessity to consider the cos value. I indeed want to apply Qos for ToIP, Video, perhaps create a scavenger class, ans in all cases, I classify my packets with TCP/UDPB port and mark them with DSCP. So is it really necessary to study all the DSCP/CoS mapping problematics ? Is it not possible to make the configurations only on the base of the DSCP field?
View 3 Replies View RelatedAny example, tested on 3750-24/48TS and 3750G-24TS to remove the fan to make the switch more silent. I'm not interested in replies telling that is risky, I'm interested to know how is the switch acting. Has shutdown at overheating? I will use the switches only for my CCIE studies, a couple of hours per day, no heavy load.
I tested with 2950 switches are there were absolutely no problems, the devices were even in production.
i have 300 user in network in 2 building and firist buiding 5 flors.i use subnet /22.i have core switch 3500xl fiber and 8 swith 3560 and my network have 2 router one for adsl and other for mpls so i want upgrade it to make voip network and wireless
so if i need replace switch what i model and how many?
My Linksys WRT110 doesn't seem to have the range to make it to the other side of the house. What range expander is compatible?
View 5 Replies View RelatedI have cisco 4510R L3 switch with installed 2 Sup on slot 5 and 6. the current active Sup is in Slot5 i want to make active Sup6 in slot 6 which is currently standby sup in chassis. Is there any way to make standby Sup to ACTIVE without reloading any of the Supervisor. however there is two way as per my understanding -
1. we can reload the active Sup so that standby Sup will take charge. - (redundancy reload shelf)
2. we can focefully switchover the state of Sup's by (redundancy forcefully swithover) but in above both cases reload will be performed by one of the supervisor. which i don't want.
I am using Solawinds syslog and trying to get our Cisco routers send syslogs to our syslog server. I followed the procedure on Configuring Cisco Devices to Use a Syslog Server from [URL] Our Cisco swtches are all sending syslog messages but not the routers. I compared the config with our access switches but can't seem to find the problem:
Sample router config:
service nagleno service padservice tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msec localtime show-timezoneservice timestamps log datetime msec localtime show-timezoneservice password-encryption!hostname WWF-RT1boot-start-markerboot-end-marker!security authentication failure rate 10 logsecurity passwords min-length 8logging buffered 4096logging rate-limit all 10logging console critical!aaa new-model!!
[Code] .......
is there a command that prevents the router from sending the syslog to the server?
I have 4 cisco 2960 switches to which many users are connected. No vlans are the only default vlan 1 is there. Now I want to make ether channel on switch 1 whcih has 24 fast etherenet ports. Can I make port 1- 8 as one ether channel which are connected to users or i can only make ethere channel of ports that are connectd to other switchs. If I can, how the other switchs will comnicate with the switch ports bundalled in the ether channel in switch 1.
View 6 Replies View RelatedI have a 3945 router with two interfaces connected to my firewall, one to the management interface and another to my dmz. I'm running eigrp between all my network devices. The problem I'm running into is when I try to ssh to the management interface of the 3945 the traffice hits the firewall, then goes right to the management interface as it should, but the return traffic is trying to use the dmz interface since that is how the router knows to get back to my computers network. I created 2 route-maps to try and address this issue. [code] I've applied the MANAGE_IN route-map to all interfaces that might have inbound traffic destined for the management network and applied the MANAGE_OUT route-map to the management interface. The MANAGE_IN policy appears to be functioning correctly, the MANAGE_OUT doesn't appear to be functioning correctly. When I look at traffic from my host going to the management interface I see it still trying to return through the dmz interface.
View 11 Replies View RelatedI have a problem with an etherchannel between a cisco 2950 and a couple of catalyst 4506. The cisco 2950 is connect via an etherchannel to the catalyst 4506A. The channel consist of two port on both side and is in trunk mode, encapsulation dot1q.Now i have the necessity to connect the 2950 to the other catalyst, 4506B. So, i copy the same configuration on the 4506B, but when I unplug the two rj45 cables from the catalyst 4506A to plug them in the 4506B the etherchannel doesn't go up in any way.
View 8 Replies View RelatedI created the configuration below to limit the bandwidth, but doesn't work
Qos - 3750
!
mls qosmls qos map policed-dscp 10 to 8!class-map match-all Testmatch access-group name ACL!policy-map QOSdescription Limit 10M set ip dscp af11 police
[Code]....
we have a WS-C6509-E WITH SUP VS-S720-10G, and IOS s72033-advipservicesk9_wan-mz.122-33.SXI5.bin. [code]
From, what we can see, whenever we try to clear arp-cache, it doesn't remove the IPs from the ARP. We've checked a bug in the IOS 12.2(33)SXH4 with the same issue, in version SXI4 is solved, but I have version SXI5, it is supposed to be fixed, from this caveat CSCtf16300, since it says it was fixed on 12.2(33)SXI4, it should be fixed on SXI5, right ?
I have PC_A and PC_B connected to the same switch, and are put in the same vlan. PC_A is the master (source) and PC_B is the destination (client). IGMP Snooping is enabled by default.
Is there any reason why this should fail? There is no RP or any interface with PIM enabled. Its a flat network with a source and client in the same vlan...
IH-3750-LOADTEST-101#show ip igmp snooping vlan 724
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
[Code].....
I'm configuring a catalyst 3500XL, but I'm having a problem, when I connect an ip phone it works just fine but if I connect a computer to the pc port in the phone the computer doesn't get an ip address. The switch is configure with two vlans Voice and Data and is connected from fa0/24 to a Catalyst 3560 fa0/46. I did configure both ports as trunk.
View 9 Replies View RelatedI am building up vPC on 2 x Nexus 3048 and found that it did not work properly.The current config as follows,
1. OS: n3000-uk9.5.0.3.U2.2.bin
2. Peer link: 10 x 1G (E1/1 - E1/10) on both devices (I am wondering that 1G interface supports vPC Peer-Link. I heard that upgrading to U3.2 image will work for 1G rather than 10G... )
3. They can ping each other via management IPs
4. Edge switches vPC have not been built yet (I am focusing on Peer-Link and vPC role selection)
[code]....
c3750e-universalk9-tar.150-1.SE on 3750x
username cisco privilege 15 secret cico
aaa new-model
aaa authentication login default local
[Code]....
Console and telnet don't seem to auto authorize to level 15, I end up at level 1, I'm forced to use enable command.
Rolling back to c3750e-universalk9-mz.122-58.SE2 fixes it. Going back to c3750e-universalk9-tar.150-1.SE breaks it again.
is there some new behavior in cat 15 code (couldn't find it in config guide)? maybe a bug (couldn't find one)?
my client to setup their network and he want me to limit user access internet bandwidth to 2 Mbps and the topology show below.
Users ---> Switch ---> NAT Router ---> (int gi1/0/24 - qos apply) Edge Switch ---> INTERNET ROUTER (12Mbps) --->> INTERNET
This is my configuration, but it doesn't work, the end user still able to get more than 2Mbps internet speed.
access-list 100 permit ip any any dscp default
class-map match-all QoS_Floor_Limit
match access-group 100
!
!
policy-map QoS_Floor_Limit
[Code]......
I've been working on a 3560 that doesn't seem to map dscp values to a new value: mls qos map dscp-mutation ToR1 22 24 to 46
[Code]....
On the router on the other side, I created an acl that matched on dscp 46, but it doesn't match on it. I've tried moving the mutation map to the ingress interface and I've tried setting dscp with a service policy instead of marking COS and using internal dscp. Where is the mutation map supposed to be placed: ingress or egress? Also, I added an entry in the acl on the router to see if I was mapping to dscp 24, and I am:
[Code]....
So it seems like the mutation map is being ignored completely. Any reason why?
My network has two connections to a third party via links on two seperate ASA , one in location A and one in location B. The link in location A is the primary connection and the other in location B should be used by only two terminals (term1, term2) in location B. ASA are running OSPF and are redistributing static routes as metric-type 1 in OSPF. In order to achive the aforementioned goal, I have configured a route-map on ASA location B, that sets the metric for the route towards the third party to a high value (100). This way, all routers, even those in site B prefer the exit through location A (metric about 24).
I have checked that my routers correctly have the route to the 3rd party through location A, and the OSPF database has records for the network from both locations.In location B, I have configured the following route-map (on 6509)
route-map PREFER-LOCAL-ROUTER permit 10
match ip address XXX
set ip next hop locationB-ASA
int vlanYYYY
ip policy route-map PREFER-LOCAL-ROUTER
[code]....
From the terminals (term1 and term2) I have tried a traceroute towards the 3rd party's subnet, but I don't get any match neither on the access-list nor on the route-map. Unfortunately I have no other way to test that my configuration is correct, since the application on the terminals, that should access the 3rd party network, is not currently running.
I also addedd the statements below to the access-list, because of the test with tracert:
permit icmp host term1 route_to_3rd_party 0.0.255.255
permit icmp host term2 route_to_3rd_party 0.0.255.255
Nothing changed...Is there something wrong with the above config? Is there a chance that there is a problem with the IOS, that simply doesn't show any hits?
I have upgraded my C3560-PS-S switch to the latest IOS version 12(2)55-SE4 and it is not providing PoE anymore? It used to work before this upgrade? I searched Cisco bugtrack and there is bug defined for this IOS/Switch.
Switch(config-if)#do show power inline Available:370.0(w) Used:0.0(w) Remaining:370.0(w)
Interface Admin Oper Power Device Class Max
(Watts)
--------- ------ ---------- ------- ------------------- ----- ----
Fa0/1 auto off 0.0 n/a n/a 15.4
Fa0/2 auto off 0.0 n/a n/a 15.4
Fa0/3 auto off 0.0 n/a n/a 15.4
Fa0/4 auto off 0.0 n/a n/a 15.4
Fa0/5 auto off 0.0 n/a n/a 15.4
Fa0/6 auto off 0.0 n/a n/a 15.4
Fa0/7 auto off 0.0 n/a n/a 15.4
Fa0/8 auto off 0.0 n/a n/a 15.4
Fa0/9 auto off 0.0 n/a n/a 15.4
Fa0/10 auto off 0.0 n/a n/a 15.4
Fa0/11 auto off 0.0 n/a n/a 15.4
Fa0/12 auto off 0.0 n/a n/a 15.4
Fa0/13 auto off 0.0 n/a n/a 15.4
Fa0/14 auto off 0.0 n/a n/a 15.4
Fa0/15 auto off 0.0 n/a n/a 15.4
Fa0/16 auto off 0.0 n/a n/a 15.4
Fa0/17 auto off 0.0 n/a n/a 15.4
Fa0/18 auto off 0.0 n/a n/a 15.4
Fa0/19 auto off 0.0 n/a n/a 15.4
Fa0/20 auto off 0.0 n/a n/a 15.4
Fa0/21 auto off 0.0 n/a n/a 15.4
Fa0/22 auto off 0.0 n/a n/a 15.4
Fa0/23 auto off 0.0 n/a n/a 15.4
Fa0/24 auto off 0.0 n/a n/a 15.4
I've 3750X switch that isn't loading email. then I went to rommon mode and accidently for "format flash". after that I loaded 15.0 SE2 s/w on it using tftp server but it doesn't boot up with that image. flash had only .bin file after I loaded it from tftp server.
since it wasn't booting up, I did format flash again and thought to load image again from tftp server but now, it doesn't load image from tftp server.
I am working with 3750 switch.I console the switch and turn it on and it doesn’t show text in hyper terminal with any BAUD (I tried all the speeds). The hyper terminal works with other switches so the problem is not with the hyper terminal.when I tried to break the password it stuck after I was writing "flash_init" and when I entered or typed text it show only garbage characters. I tried to break the password with all the speeds and it shows garbage output. I tried to turn on the switch and hold control + break and it showed the text only with the speed 115200, but after I left holding and tried to type it showed only garbage again. Also I tried to copy text from the notepad to the hyper terminal.
View 6 Replies View RelatedWe have 10 ADSL lines and 5 of them goes in the load balancer (One gateway) and the rests are used as default gateways for internet access. We use ADSL routers as access points for internet, but those routers should be part of our network and should be given an address in order for them to act as default gateways for internet access. I'm facing a real prob with the ADSL routers Linksys WAG54G2 because they doesn't support a subnet mask 255.255.0.0 Any recommendation for an ADSL router model that support a netmask 255.255.0.0 ?
My cisco 2811 router interface configuration ip address: 172.20.0.1 255.255.254.0.Load balancer output lan ip address: 172.20.0.5.My ADSL routers will be in the following range : 172.20.0.6 - 172.20.0.10
we have three separated network segments going to one Cisco 3750 switch all is L2 .. from this switch is 100 mbit uplink.we need to apply some Qos mechanism not to saturate line by traffic from one network.. Configuration from various reason CANNOT be done on switch where 100Mbit line is terminated.. so all must be done on SW1,2,3..Correct me if iam wrond but as switches doesnt see traffic from other network iam affraid only think we can do is limit bandwidth on links going into SW1,2,3 to 33 Mbit.I found commad srr-queue bandwidth limit.But links going to SWs are 1Gbit so if i force bandwidth to 10% (minimum what command allows) its 100 Mbit..If I force speed on those links to 100Mbit and than apply srr-queue bandwidth limit to 30% doest it work.??. Will srr-queue bandwidth limit speed to 30Mbit?? Or srr-queue bandwidth limit is calculated from maxim speed of interface?
View 1 Replies View Relatedwe can't start WS-X6708-10G-3CXL on WS-C6506-E. [code] we did try on conf t mode "power enable module 3" and it didn't work. [code]
View 2 Replies View RelatedDue to a problem with POE+ i have tried to upgrade the IOS to Version15.0.2SE2, from 12.2.58. unfortunatly the Switch doesn't boot up anymore. It starts to decompress and install the IOS 2 Times, after the Second try it displays "unable to boot" and the switch goes in Bootloader-mode. When i look at the version i See that bootloader is still the old version 12.2.58. It seems that the bootloader doesn't geht upgraded and that's why the Switch can't Boot the new Image.
View 8 Replies View Related|_voip PBX___|-----|__3650___|------fiber-------------|__3650_____|------|_voipphone__| I have a case where voipphone is registered on the voippbx but peaple on both end can't hear each other . No ACL on both 3650 , no firewalls between them , distance is about 2 miles . I tried to make telnet x.x.x.x 1720 or 1719 or 1721 (h323 ports) to opposite switch -connection refused . How can test if ports are open on the 3650 ? Is it coorect If I create allowing acl and apply it on both 3650 on the interfaces connected one switch to voippbx "IN" , second switch on the interf connected to voipphone "IN" ?
View 3 Replies View Related