Cisco Switching/Routing :: C2900 Inward NAT Failing
Nov 11, 2011
Previously posted as C2900 - inward NAT partial success...
Running C2900-UNIVERSALK8-M, Version 15.0(1)M3 RELEASE SOFTWARE (fc2)
I have several sets of inward NAT defined (51001-51007, 52001-52007. 53001-53007),all to various internal addresses. When I attempted to add another set, the new onesdo not work and get a "timeout" error.
When I tried port 51008, it gets a timeout. When I changed 51008 to 51010, the 51010 now gets a timeout, and 51008 now gets "connection refused" (which I expect).The original sets all work, the new ones (added at the end of the lists) do not.When I am on any of the internal machines, the target (192.168.1.21) works fine.When I am "in the router", I can connect via the ssh command, so I know that therouter can talk to 192.168.1.21 on port 22 as expected.
View 1 Replies
ADVERTISEMENT
Jan 15, 2011
We want to upgrade the IOS from 15.0(1) to 15.1 for some reason. Here is the output of my router's "show ver":
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 28-Oct-10 18:32 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE
[code]....
We have enabled the technology package license "uc" in the previous version, would it be loss after the upgrade?
View 5 Replies
View Related
Mar 20, 2013
I'm configuring a new 2911 running c2900-universalk9-mz.SPA.151-4.M4. In the config by default is "line 2" its not a vty, aux or console line and I can't remove it.
View 1 Replies
View Related
Oct 20, 2012
Imagine I am designing a small network with a C2900 router running OSPF and in the future BGP with service provider. Please see attached diagram.The router is connected to (2) C3750 Layer 3 distribution switches. Then one C3560 layer 2 switch to serve future IP phone users and desktops.
Question:
a)If I connect the router interface to the (2) 3750 switches, if I make the router interface fa0/0 and fa0/1 as a trunk to accomodate VLAN 200 and other future VLANs, don't I have a problem with overlapping networks between router interface fa0/0 and fa0/1?
b)Alternatively, I could make the Router1 fa0/0 and fa0/1 configured with IP addresses and advertised in OSPF. Then the SW1 fa0/24 and and SW2 fa0/24 I could make as 'no switchport and create a routed interface port' with IP addresses, also running OSPF. Question is, from a scalable design perspectie, would you create 2 management networks and use those when assigning the IP addresses for Router1 fa0/1 and fa0/2? Because again Router1 fa0/1 and fa0/2 obviously need to be placed on different networks to avoid overlapping. So my question is more about proper network planning design to make this scalable to accomodate future VLANs in the future.Using trunks between the Router1 and SW1 option:
Router1
int fa0/0
description connection to SW1
no ip add
int fa0/0.200
[code]....
View 3 Replies
View Related
Mar 19, 2013
I am having 2911 router running with C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)IOS and i have configured the following commands for eigrp
-router eigrp 100
-network 10.20.0.0
-no auto-summary
It takes all 3 commands but when i check through show run command i am not seeing no auto-summary command.
View 5 Replies
View Related
Jun 11, 2012
We are attempting to PXE boot from clients obtaining their DHCP lease information from DHCP pools configured on our 4506. The PXE server, and the client are configured in separate VLANs. We have configured option 66 to point to the PXE server IP address, and the bootfile option to point to the PXE boot configuration filename. On the client side SVI, we also have configured the ip helper-address command to point to the PXE server (which also acts as another DHCP server for redundancy).
The PXE boot continuously fails stating it is unable to find the configuration file. If we remove the DHCP pool from the 4506, and allow the client to receive their DHCP lease info from the secondary server (Windows 2k8 - same server as PXE server), they PXE boot with no issues.
We have no problem obtaining DHCP info, just completion of the PXE process.
View 6 Replies
View Related
Jun 11, 2013
We have an issue where switches are failing weekly in a switch closet. In the past month we have gone through several 3750G switches and a couple 4510s. The power supplies have eventually made a popping noise and had to be replaced. on the 4510s we've tried two chassis and gone through several power supplies.The switches have been behind UPS systems so should be receiving conditioned power.Could load from the PoE devices really be causing this? I wouldn't think it's power since they are behind a UPS.
View 5 Replies
View Related
Jun 5, 2012
I've just noticed an error I've never seen before in our switch logs. We have a stack of 6 Cat3750G-48TS-E switches. The first two in the stack have been up for just over a year and I've only just noticed this error. Thus far, I haven't noticed any symptoms - I just stumbled upon this error while checking for something else.
As far as I can tell, this has only popped up once and it was 2 days ago. Unfortunately, due to an incorrect firewall rule, our syslogs were not getting to our syslog server so I don't have any historical logs to check against, but it hasn't happened since.
The error I've seen is as follows:-
Jun 5 17:04:03.288: * ManagementInterfaceInitialized exception in port-asic 0 (N16FujitsuSwitch.com.au-2)
Jun 5 17:04:03.288: ***********************************************************
[Code].....
View 5 Replies
View Related
Nov 11, 2012
I'm facing a problem where certain port on my swtich keep grant and remove poe.
Nov 12 07:02:43.639: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/18: Power granted
Nov 12 07:02:44.399: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/18: PD removed
[Code].....
View 2 Replies
View Related
Feb 29, 2012
We have just under 500 switches in production (various models but for this discussion we'll stick with 3750's). All are currently running tar IOS (web based). We want to upgrade the IOS from c3750-ipbasek9-tar.122-55.SE1.tar to.122-55.SE5 but some of our switches do not have enough flash to upgrade successfully. We use CiscoWorks to distribute our software upgrades. I know you can lower the flash requirements on the IOS in CiscoWorks, which I have done (changed from 16Mb down to 12Mb) and the upgrade still fails.
1) How far can I lower the flash installation requirements in Ciscoworks and what are the ramifications?
2) If we decide to change from the tar IOS version to the bin IOS version because we don't even use the web based features anyway, is there an easy way to do this? (CiscoWorks will not upgrade an image from tar to bin)
View 4 Replies
View Related
Mar 30, 2013
I have a number of 3560CG-8PC-S switches. My intention for them is to act as kind of gateway L3 switches - one for each satellite site. My thinking was simply to have an L3 device at the gateway to each of those sites so that any inter-vlan traffic within each site can stay within the site rather than having to traverse the relatively slow radio links to get back to the 3750X stack in the core. They are also, however, going to be directly serving client devices
My issue is that for some reason, when connecting a new device (laptop etc) to one of the access ports on the 3560's, the port behaves as if it's being blocked. No DHCP addresses go through, the indicator remains orange, and the clients have no connectivity. However, if I wipe the config, I get a VLAN 1 IP address for my client no problems at all. And to make matters more confusing, only two out of my four 3560's are doing this. The other two have exactly the same config, but work perfectly.To that end, I'm loading the config below. I've followed that by the show running-config output, and show ip interface brief outputs.
configure terminal
hostname ASW34
!
enable secret *RuT1l3&
service password-encryption
username xxxx password xxxx
[code].....
View 17 Replies
View Related
May 2, 2012
I have a new 2911 that I am trying to bring up but local authentication is failing. I know I have typed the username and password correctly but no go. When I try to http in it is failing as well. I even create a "Cisco, Cisco" account. I have a console connection and even that is failing.
View 4 Replies
View Related
Mar 14, 2012
I am trying to run TDR tests on a 3750G (ver12.2). The switch ports have 3502 series access points attached to them. When ever I run the test the results all show "Not Completed". I understand that this means the test failed but this happens with any port I try.
View 1 Replies
View Related
Sep 9, 2012
Uhg. I deployed a 3560G a week ago and it was crashing... so I replaced it Sep 7 around 16:00 and now this one is crashing. Different logs.
Version 12.2(55)EX3
Sep 6 18:06:08: %PLATFORM-1-CRASHED: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)!
Sep 6 21:05:18: %PLATFORM-1-CRASHED: Data TLB Miss Exception (0x1100)!
Sep 7 04:12:43: %PLATFORM-1-CRASHED: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)!
Sep 7 05:35:09: %PLATFORM-1-CRASHED: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)!
Sep 7 08:21:37: %PLATFORM-1-CRASHED: Data TLB Miss Exception (0x1100)!
Sep 7 11:13:18: %PLATFORM-1-CRASHED: Data TLB Miss Exception (0x1100)!
Replacement Version 12.2(55)EX2
Sep 7 16:34:48: %PLATFORM-1-CRASHED: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)!
Sep 8 03:39:38: %PLATFORM-1-CRASHED: Data TLB Miss Exception (0x1100)!
Sep 8 18:26:06: %PLATFORM-1-CRASHED: Data TLB Miss Exception (0x1100)!
Sep 9 18:14:38: %PLATFORM-1-CRASHED: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)!
More detailed syslogs are in the attaced 'crash-logs.txt' file.
The device is running OSPF (it is in an NSSA). I have several other devices configured almost the same running the same IOS in my network and they are working fine.This does make the third out-of-box 3560C Cisco that has failed on me within a few days.
View 3 Replies
View Related
Feb 23, 2012
We have a vpn L2L with an ASA and C2900 and always stopping to ping each other but the vpn still UP and can each the others devices behind the peers.
Everytime we have to issue on router "clear cry isa peer" or on asa "clear ipsec peer" to start to ping each other but after seconds it's stopping to ping again.Is there something to fix it permanently? We did some debug crypto on asa but no information was logged.
View 1 Replies
View Related
Jan 19, 2012
I have 1 x C2900 router with 3 x ADSL WIC and UC500. I setup 3 x ADSL to access internet and UC500 is connected with 3 telephone lines (plugged into FXO ports). I have 2 x GE on my 2900. 1st GE is connected to switch and 2nd GE is connected to UC500.
I want to setup that traffic from UC500 (SIP) is going through 1 dedicated ADSL line and data (from computers & servers) is going through remaining 2 interfaces only. How I can set it up.
I would also like to know how I can load balance internet connection going through 2 dedicated data ADSL lines.
View 4 Replies
View Related
Jun 2, 2013
We are facing a strange issue with GRE tunnel. We are using this tunnel from a branch office to Hub office. All other tunnels terminated on Hub router are working fine. Issue with this tunnel is that whenever WAN connection goes down Line protocol on tunnel interface some times comes up and sometimes not (therefore we have to reset the tunnel interface and it comes up). IOS used on this router : c2900-universalk9-mz.SPA.152-1.T2
View 5 Replies
View Related
May 22, 2013
I have a mixed WAN environment with both eBGP and EIGRP routes. The BGP routes should always take precedence, when they exist. If no BGP routes exist I want the router to fail over to using the EIGRP routes. So far, this works fine.
The problem is, when the BGP route again becomes available (and the associated entry appears in the "sh ip bgp ... received-routes" output) the router is NOT relinquishing the EIGRP route. It remains in effect, showing as a "D" route int the route table even though there is a better ("B") route available. If I bounce EIGRP or the interface associated with it, the EIGRP route disappears and the BGP route reasserts itself, and everything will run correctly until the next time the BGP route disappears due to maintenance, line failure, etc.
My router is (C2900-UNIVERSALK9-M), Version 15.3(1)T
Here's the associated config
interface Tunnel101
description VPN backup WAN interface
bandwidth 7168
ip address 192.168.75.1 255.255.255.0
[code].....
View 7 Replies
View Related
Aug 29, 2012
There is nice c2900PortNumberOfLearnedAddresses table in C2900-MIB, but it's outdated and not supported by modern switches.Is there similar table for modern switches? Most interested in Catalyst 2960 and 3750.
View 2 Replies
View Related
May 31, 2012
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
View 1 Replies
View Related
Jan 13, 2011
When I select Job Broser I get the following crash, LMS 3.2, server has been restarted but I continue to get the error. [code]
View 4 Replies
View Related
May 1, 2011
I'm running a Cisco 891 it has both crypto maps and ipsec VTI's running on the external interface. The cryto maps are for sites that do not have a cisco router and the Tunnels are for the sites that use crypto maps work perfectly fine. But I much prefer using unnels as it gives a routable interface, ospf works ect.
The tunnel interfaces will periodicly fail (Line protocol down) at no set interval, they will then not come back up again. To bring them back up I either have to shutdown and then re-enable the interface or run "clear cry ses rem *.*.*.*"
Logging with isakmp and ipsec errors provides the following:
55801: *May 1 10:31:16.015: ISAKMP:(0):Can't decrement IKE Call Admission Control stat incoming_active since it's already 0.55802: *May 1 10:31:16.015: ISAKMP:
[Code].....
View 3 Replies
View Related
Nov 29, 2012
My VRF Collector job has started failing. I have attached the contents of the vnmcollector.log file after setting debug level to DEBUG.
View 1 Replies
View Related
Aug 5, 2011
I've got a fully working 877w that I'm trying to get to boot from tftp, but I just can't seem to get that going.I have a tftp server running and can copy images back and forth without any trouble.I have this in my config:boot-start-markerboot system tftp c870-advipservicesk9-mz.124-24.T2.bin 192.168.1.200boot-end-markerDuring the boot process I get an error message that says there is a missing or illegal ip but I really don't see how that can be as my tftp server is 192.168.1.200 just like my config says.
View 16 Replies
View Related
Oct 3, 2012
My tunnel had been running fine for a couple of months. Now, not so much.Here is some debug.
View 6 Replies
View Related
Mar 31, 2013
Any issues upgrading the IOS on a 921 router.How can i create a certificate for the new IOS? I've never had to do this for other IOS 15 upgrade?I've confirmed the IOS is not corrupt and if i upgrade the router in ROMMON the router boots correctly.
View 1 Replies
View Related
Mar 13, 2013
Im preparing a lab and I have 2 ASA 5520's. I have configured them for failover so the Primarys config will replicate over to the Secondary. They are connected via a 3560 switch. the switch ports are configured as access ports on vlan 1. Spanning-tree portfast is enabled
Firewall (Primary)
Cisco Adaptive Security Appliance Software Version 9.1(1) Device Manager Version 7.1(2)
Compiled on Wed 28-Nov-12 10:38 by buildersSystem image file is "disk0:/asa911-k8.bin"Config file at boot was "startup-config"
[Code].....
View 5 Replies
View Related
Sep 4, 2011
config collection is failing.in detail its partial success(config fetch is success but archieve is failed).
View 1 Replies
View Related
Mar 20, 2012
I'm currently unable to upgrade certain devices since Cisco Prime incorrect believes there is not enough room in the flash partition.For example.
Getting the following error messsage trying to upgrade some Cisco 871 routers: "Catastrophic - SWIM1200: Selected Flash partition requires minimum (28 MB) to upgrade selected software/image."The images are around 18 MB in size. Why does Cisco Prime thinks its 28 MB in size? Bug?
View 1 Replies
View Related
Jan 22, 2010
I have a rv016 that's been in 24x7 operation since I bought it a few years back. It is out of warranty. It is connected to three cable modems on WANs 1-3. Behind it are a bunch of PCs getting IPs via DHCP. There is a gateway to gateway vpn tunnel setup on wan3 to a rv082 at another site. There is a forwarding entry for http to an internal http server. Everything else is pretty much default.
The router is primarily used to aggregate bandwidth for uploading large numbers of photos. The systems behind the router initiate the uploads and the router automatically load balances the outgoing bandwidth.
This was all working fine until just recently. The ISP is Knology who is upgrading each of the 8m/768k cable modems to 25m/5m. They are also moving from DOCSIS 1 to DOCSIS 3. They are currently in the middle of this upgrade and have upgraded the modems to DOCSIS 3 as well as the speeds to 12m/2m. The problem is that the rv016 Network Service Detection, which is set to "Default Gateway" indicates that the modems fail randomly. Usually only one will be failed, but up to two will fail the Network Service Detection simultaneously.
Knology insists that there is nothing wrong with their modems. I have removed a modem from the rv016 when Network Service Detection indicates it is in a failed state and connected it directly to a computer. It will work, but it has a different IP address and default gateway. As soon as I connect it back to the rv016, it works there too, but on the original IP address and gateway. I've only tried this test this twice so far, so it is a bit inconclusive.
Speed tests behind the rv016 are the same as directly connected to one of the cable modems. The router works normally as it has for years. Nothing else is acting funny.
So my question is, is the rv016 failing or is the ISP having problems?
View 17 Replies
View Related
Jun 4, 2012
Backup failed on 2012/06/03 at 22:02:52. REASON: Unable to proceed with the backup operation as some files are being accessed by jobs. Reschedule the jobs such that the backup job does not coincide with other jobs.
Randomly the backup for lms 4.2 is failing. it has suceeded but majority of the time its failing. i have tried changing times but nothing seems to work. previously we were running 4.0.1 and had noproblems with the backup time.
Just found the bug
CSCtz29665
URL
View 14 Replies
View Related
Dec 4, 2012
I set up a connection from a laptop (Windows 7) that goes through a LAN proxy server to a secure ftp server (Windows Server 2003).The sftp server is assigned a public ip address.I opened the firewall at the destination and allowed port 22 traffic to the sftp server. Well, the connection is failing.I know for a fact the connection from the client laptop is making it to the sftp server.If I issue this command on the client laptop:
telnet sftpserver 22
The DOS screen clears and tells me the type of SSH server I'm connecting to. While this connection is still active, I logged into the destination sftp server and did a netstat command. I can see the address of the proxy server in the "Foreign Address" column of the netstat results. I also can see the proxy server address when I look at the Application Log on the sftp server, so I know the connection is making it to the sftp server.
I beleive the problem is the control port (return traffic) from the server back to the client. Something is being blocked or is misconfigured. I always thought the router negotiated the control port, and that the control port didn't need to be put into any firewalls.
View 1 Replies
View Related
Dec 16, 2012
For everybody else in the house the internet works fine on their devices, however, on my laptop and ipod it will often not allow me to connect for ages, but then finally connecting (without me changing anything)
View 3 Replies
View Related
