Cisco Switching/Routing :: Configuring PBR On 300 Series
Jun 1, 2013
Configuring an application using routing mode on cisco ace clients ---asa--3750--cisco ace--- servers behind vip,visa card transaction servers.i am able to setup a vip on ace using routing mode on ACE,as the servers need to see the client ip ,so we are not performing SNAT,this part is working fine,when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.but if the transaction from the servers need to go to the visa card transaction servers ,how can we achieve this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly.
I have configured Cisco 870 router ATM interface with following configuration
interface atm 0 ip address public ip 255.255.255.254 ip nat outside pvc 0/38 encapsulation aal5snap no shutdown
But when I check ATM interface it is still down and line protocol is down. how to make it up and up so that internet service could be used.Also I want to know that the provider has also given username and password for internet in their device.We want to replace that device with the router and facing problems.
We have an MPLS network to a half dozen remote sites. At our main location we have a 2800 series router. In the routers config are the following lines for QOS. When I go to the routers on the other end of the MPLS, none of them are configured with these same policies. Would these not be in the running config of the 1800 series routers, or is this not setup correct and this should be removed?
I recently purchased a Ciso 1200 Series WAP and I want to bridge this to my existing Cisco Wireless Router So I can extend my coverage. I have done some research but keep coming up short as to where I need to start. Note*(I do not want a physical connection to the WAP, I simply want to be able to bridge the connection from my existing Wireless router to my WAP.
I'm trying to configure intervlan routing between a cisco 2801 router and HP/Amer switches. Using int fa0/1 and subinterfaces I was sure I had it configured correctly, but I cannot ping the default gateways when I place a host in a particular vlan. Below is what I have configured.
HP switch - port 9 connects to fa0/1 on 2801 ip default-gateway 10.1.100.1 trunk 9 Trk1 trunk trunk 10 Trk2 trunk - to another switch
We have 4 1142N LAPs that I want to divide between an internal wireless and a guest wireless network using the controller. Currently all of the APs are on an established internal network, but I want to migrate one over to a test guest network before buying more LAPs to augment the networks further. Currently the port connecting to the WCS from the 3560 switch is configured as an access port using VLAN 10. Whenever I make it a trunk port carrying VLAN 10 as well as the other ports we will be using for the guest and ap-manager networks, I lose connection with the controller. To me this implies that the port on the controller is configured as an access port as well. In the documentation I found for the controller it states that by default the ports are al configured to be trunks, but it appears as though something was changed by the previous tech. All of the APs are connected to other switches, not to the controller itself.
1) How can I get the port on the controller back to being a trunk port
2) Can I use the internal DHCP server for the guest network if the subnet is different than the management subnet, or will I have to use another external server and relay/proxy it through the controller to give guest clients IP addresses?
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
I currently have a Cisco 891 running with a FTP running on port 21. I currently have the NAT from external IP to and internal IP 192.168.12.6 for port 21. And the firewall allowing that traffic through and client software is working fine. However I need this FTP to be running on port 990 and anytime I change the NAT and the firewall, the external FTP clients connect but then drop when recieving the directory listing.
I have IP phones connected to 2960 i want to segregate traffic traffic comming from IP phones which has a COS value of 5 and want to allocate a band width of 200 MBPS for those traffic .
Can any one share sample QOS configuration for achiving this in 2960 ?
I'm looking for some input on configuring vPC on the Nexus 3048.I know that it's supported to use 1G interfaces for the vPC Peer-Link, but using 2x1G for the Peer-Link would make the Peer-Link a bottle-neck if the 10G ports are used in a vPC. What about using 2x10G ports for the Peer-Link and using the remaining 10G ports in one, or potentially two vPCs. Should that work or is it in any way not recommended? The reason I'm asking is that the 10G ports are called "Uplink" ports in the data sheets for the 3048.
We are planning to connect some servers to the 3048s using vPC with each server connected by 4x1G interface (2x1G for each switch), and then we want to connect a Netapp storage system with two controllers using 2x10G each (the controllers are active/passive, so you can think of it as two separate systems). We would connect controller A with vPC 1x10G to each switch, and controller B in the same way with vPC 1x10G to each switch.
I am about to configure 4 Gig ports for EtherChannel. I've been reading about EtherChannel and it seems easy enough to configure. I have a host (server)which I am going to connect to these 4 - gig ports. This is new for me and would like some feedback for those that have used EtherChannel on their layer 2 switches. The gig ports will be an access port with VLAN XX.
We upgrade our Internet service in our India office which required a new router. The local vendor suggested an 1841, so that is what we have. It has two fastethernet ports on it.
The ISP (Airtel) provided the following IP address information:
Public WAN IP : 122.181.23.200/30 WAN IP : 122.181.23.202SUBNET MASK : 255.255.255.252GATEWAY : 122.181.23.201Pri DNS : 125.22.47.125Sec DNS : 202.56.250.5
I need to choose router for my network. I don't have any special need, besides Internet connection and DHCP for some guest clients.There are around 30 IP phones (static IP), 30 PCs (static IP), and 10 wireless APs (users get dynamic IP). Maximum load is 5 phones, 5 PCs and 20 phones/laptops connected via wi-fi.
I guess I should go for Cisco 800 series. Would model 861 be good or I will need 881 or even 891?
Configuring OSPFv2 on a Nexus 5K switches, after configuring area 0 or area 10 it shows as 0.0.0.0 or 0.0.0.10 instead, I'm planning to uplink a couple of ASAs with OSPF enabled, just wondering if the area format showing will be a problem, is this how is supposed to look in the Nexus 5K? and will the 5K be able to form adjacensies with other non-Nexus devices that have area 0 and 10?
i got some problem configuring my cisco 887VAW internet access point.I want to be able to manage it thru ssh console with the service-module wlan-ap0 session mode. And i want to access thru http but it's not working too I show you my config
This is my config :
Current configuration : 3281 bytes ! ! Last configuration change at 21:43:11 UTC Fri May 18 2012 by jon ! NVRAM config last updated at 21:46:05 UTC Fri May 18 2012 by jon ! NVRAM config last updated at 21:46:05 UTC Fri May 18 2012 by jon version 15.1
getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
We're trying to configure our Cisco 4507 (Supervisor Engine IV) to allow a new Dell server with a pair of Broadcom 5708 GigE NIC's to aggregate its NIC's to give us a 2gbps link to the switch.
So far we seem to have got the team and LACP up and enabled, but the adaptor that the Broadcom Admin Util creates for the team is only showing a 1gbps connection where I would have expected it to show as 2gbps.
The individual NICs show as connected at 1gbps. We're not Cisco experts so are struggling on how to get the 2 NICs to aggregate.
On the server side we've done nothing other than create a team using 802.3ad LINk Aggregation using LACP.
This is what I think the relevent output from "sho conf" is, more available if needed.
version 12.2 boot system flash bootflash:cat4000-i9s-mz.122-18.EW1.bin ! interface Port-channel2
We just received a new C2911 G2 ISR and have been trying to configure the EtherSwitch SM-ES2-24-P module on it. Through the router console, I tried assigning an IP address to the router Gi1/1 interface which I assume is the link to the Etherswitch module but all I'm getting is "IP addresses may not be configured on L2 links" - as per the docs, I should be able to assign an IP address on that "logical" interface link. Any other way for me to configure the ports on that switch module?
I want to configure management for some Nexus 5548's?I wanted to manage the switches via an SVI. I have read the following document which gives details about the Management SVI but doesn't answer all questions.[URL]I am not running any layer 3 functionality on the switch, no layer3 license (which it mentions in the above link) Will I still be able to create a management SVI. I know I will need to enable the feature 'interface-vlan' to setup a Management SVI, does that require a license?
IOS we used for limiting access for a group we used configuration of snmp-server views like following
snmp-server group backupgroup v3 priv read backupview write backupview access 20 snmp-server view backupview ccCopyTable included could not find out how to achive this config in NX-OS on Nexus5500
problem to configure MWAM. I have installed MWAM module in 6506-E slot 2 with sup720-3B. After installing MWAM the Status is PwrDown. I tried to turn on the power but its not happening. MWAM is installed in slot 2 and here is the result of show module 2 My Sup720-eB IOS image is s72033-advipservicesk9_wan-mz.122-33.SXJ1.bin
6506-E#show module 2 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 2 3 MWAM Module WS-SVC-MWAM-1 SAD081203GK Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 2 0003.feae.bb8c to 0003.feae.bb93 3.0 Unknown Unknown PwrDown Mod Online Diag Status ---- ------------------- 2 Not Applicable
I have a Nexus 7000 plus 6 boxes NX2000 on backbone.I have configured on 7000 :
conf t system jumbomtu 9000 exitERROR: Ethernet111/1/1: requested config change not allowed ... ERROR: Ethernet122/1/48: requested config change not allowed 1/111/14 is a NX2000 port conf tinterface ethernet 1/111/14 switchport mtu 9000 exit
I have gotten this message : Error: MTU cannot be configured on satellite port(s) - Eth122/1/11 ?I have tried on a NX7000 TP port:ERROR: Ethernet10/45: MTU on L2 interfaces can only be set to default or system-jumboMTU ?Does JUMBOMTU configuration can be done only when there are no NX2000 configured ?
We have 2x WS-C3560X-48 with the 10Gb SFP C3KX-NM-10G module.I want to use the 10Gb SFP (with a redundant 1Gb link) between each of the switches.Below is the configuration what I think I should use. Is this correct?
SWITCH1 int TE1/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active
[code]....
We also want to utilise Link Agrrigation for the servers that attach to the switch. Would this config be correct?
port-channel load-balance src-ip int range x switchport mode access switchport access vlan 1 (They are all on the default vlan) spanning-tree portfast channel-group x mode active
(Then I would configure the LACP config on the server) Is there anything I am missing?
I have a 3560 8 port switch. Int gi0/9 is trunked to another switch downstream. When I try to configure int gi0/10 to trunk to a switch upstream the interface on the switch goes down and I have to either reboot the switch or plug directly into the switch and telnet into it to turn off trunking on the interface. When I configure trunking on the interface on the upstream switch that connects to this interface the same happens on that switch. The upstream switch is a 3750 with 12 sfp ports. Several interfaces are trunking to other switches from this switch. Spanning tree is not configured on the 3750 at all , and is not configured on either gi0/10 or gi0/9 on the 3560. I was consoled into the 3560 during a reboot after the interface went down, a message came up that said something like "Spanning Tree returning gigabit ethernet 10 to constant state" Why would I get this message if spanning tree is not enabled on the gig ports on either end of the trunk? There is no loop to require spanning tree to shut down an interface. I have several other 3560's configured as I would like to configure this switch and they are trunking without issue.
Is there any in depth documentation on how to configure a VWIC3-4MFT-T1/E1 card? It will sit in a CISCO2911/K9. The network is point to point T1s - a quantity of four coming into this router.
Is it posible to config port forwarding on cisco 2950 or other switchs.if such a option is there ple let me know ho to config port forwarding on cisco 2950 switch..