Can the encryption module (DES/ 3DES/AES/SSL VPN Encrytion/compression) for Cisco Router 3845 able to support the external connection from other high end router, for example cisco 7200? What is the maximum bandwidth, load and concurrent connection it can support?
View 1 RepliesTo configure the GRE tunnel over IPSEC with OSFT via Encryption module from Cisco Router 3845, I have few queries:
1. Does the router 3845 support hot swap for encryption module?
2. Does the router require to be rebooted after plug in encryption module?
3. Any samples configuration for GRE tunnel over IPSEC?
How to reconcile what I've observed on our routers on a tunnel interface. The maximum amount of data I can get across the tunnel is 1339 bytes, which seems just a little bit too small. Background: we have two 3845 routers with IOS 12.4(3a) advanced ip services. I have tunnel interfaces on both routers, interface configs are below.
crypto ipsec transform-set MY_TSET esp-3des esp-sha-hmac comp-lzs crypto ipsec profile MY_VTIset transform-set MY_TSET
[ Code]..
When I test the mtu of the source destination interfaces I get 1500 bytes, as you would expect from an Ethernet connection to a service providers MPLS network. See output below:
Router1#ping ip 10.252.0.18 df-bit size 1500
[Code]...
When I test the mtu of the tunnels I get 1339 bytes, see the output below.
router1#ping ip 10.1.40.133 df-bit size 1340
Type escape sequence to abort.Sending 5, 1340-byte ICMP Echos to 10.1.40.133, timeout is 2 seconds:Packet sent with the DF bit setM.M.MSuccess rate is 0 percent (0/5)
[Code]...
That comes to a total of 1420, which is 80 bytes short of the mtu of the source/destination interface of the tunnel.
Is there any risk to install an HWIC-2FE card into a production 3845 router while it is in a powered up state? Is it recommended to power it down first, then install it?
View 3 Replies View RelatedWe had a fan fail on our 3845 edge router. No big deal; the other two fans kept the temperature easily within spec, and the module is a two minute hot swap. I opened a ticket, they sent me a replacement. Simple. (In fact, the router install docs note that the fans are essentially a "consumable" part, and will fail within a few years, depending on how hot and dusty your environment is.)
The fan module is actually the whole face plate of the router, blue plastic with a steel backing, status LEDs, and the three fans.That is all fine. But, Cisco won't take the failed part back for refurbishment, which in this case would be simply to replace the fans!
The replacement part came with the standard Cisco return packaging: a sticker with an RMA #, a "manual" paper UPS label, and instructions to use their on-line tool [URL]. But, when I entered the RMA number, I got a pop-up saying it was invalid, and I should call Cisco Asset Recovery, whose 800 number is also on the sticker.
They told me that this part is not returnable; that the RMA is only to ID the shipment so they can confirm I got it. They told me to just throw it out. They would not provide a printable return shipping label.
I'd feel bad throwing out even the substantial cardboard and foam packaging of this part, let alone the assembled unit!
Hasn't Cisco heard that there is a general industry movement to cut down on electronic waste? With the removal of six screws, I could swap the failed fan out of this assembly and replace only the fan. I'm glad Cisco didn't ask me to do that level of repair, but I certainly think they should -- I'd assumed that the replacement unit I'd received was a return "refurbished" with new fans.It seems a complete waste to just chuck out this whole thing.
Heck, even the tiny power supply bricks for the Aeronet APs have a little "no trash" sticker on them, with a link to [URL]. Why do they just dispose of router faceplace assemblies when the only issue is a fan that was expected to fail in the first place?
Attached photo shows the 3845 front piece, which is the fan assembly, and the package the replacement came in, which could be used to return this part, and then be reused. For comparison, the little black thing in front is an Aeronet 1131 power module, which has a Cisco Recycles sticker.
will encrypting traffic: esp-aes 256 esp-sha-hmac across a WAN circuit drop a nics performance by half?
View 6 Replies View RelatedWhen will the WS-4500X-32 support the TrustSec MACsec Encryption ?
View 1 Replies View RelatedI have a 3845-Mb that has a username and password already on it. This needs to be wiped as its a sold unit. However i cannot break into teh IOS in Hyperterminal using Ctrl-Break either as it boots or after teh IOS image has loaded (after it shows Decompressed image {ok} etc). I have tried several break key combinations such as ctrl+F6+break and they dont work either. On boot the unit does show Password recovery Functionality is disabled. IOS image is 12.4(13r)T.
View 6 Replies View RelatedWhen I try to add an IP address to a port-channel interface on a 3845 ISR I am getting an error that seems to imply that only L2 etherchanneling is possible. Am I missing something?Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(24)T8,
sfo-c3845-1#sho run int port-channel 1
Building configuration...
Current configuration : 31 bytes
!
interface Port-channel1
end
[code].....
We have a Cisco 3845 router configured as a voice gateway with multi SIP trunks. But when it reachs 200 calls traffic, the CPU increase to 60-70% and caused by CCSIP_SPI_CONTROL process.
CPU utilization for five seconds: 46%/30%; one minute: 54%; five minutes: 58%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
377 400729448 171017979 2343 6.31% 10.71% 12.44% 0 CCSIP_SPI_CONTRO
[Code].....
I found cpu load around 90 - 100% on cisco 3845, so I show tech-spec and show log on router and found process "Virtual Exec" use high load. I'm not sure this situation make high latency time on my network.
View 3 Replies View RelatedWe have a number of 3845 routers, some running IOS 12.4(22)T2 and earlier and some running 12.4(24)T4. On the ones with 12.4(22)T2 and earlier, gigabit interface g0/1 shows interface down/line protocol down when there is no cable connected to the interface and the interface is not in shutdown state. On the ones with 12.4(24)T4, gigabit interface g0/1 shows interface up/line protocol down when there is no cable connected to the interface and the interface is not in shutdown state. Interestingly in both cases, the "show controller g0/1" command shows " network link is down (NO CARRIER)" when there is no cable attached. It makes sense to us that the interface status would be down/down when there is no cable attached. It does not makes sense to us that the interace would be up/down. Did Cisco at some point change their philosophy on whether an interface should show down/down or up/down when there is no cable attached, or is this a bug?
View 1 Replies View RelatedI have a router 3845 with c3845-advsecurityk9-mz.124-24.T6.bin software . Frequently we are facing problem in logging to the device .Inorder to resolve we need to reboot the router . Yesterday fortunately i have got the console access for some time so i came to know that TPLUS process is consuming 99.9% percentage cpu.
View 1 Replies View RelatedI have installed NM-1T3/E3 IN A CISCO 3845 WITH IOS c3845-advipservicesk9-mz.124-9.T3.bin AND 512 MB RAM .WHEN I ENABLE THE CARD THE CPU PROC HISTORY SHOWS 100% WHEN DISABLED IT COMES DOWN TO 10%
Slot 0: C3845 Mother board 1GE(TX,SFP),1GE(TX), integrated VPN and 4W Port adapter, 7 ports Port adapter is analyzed
Slot 2: NM-1T3/E3 (clear/subrate) Port adapter, 1 port Port adapter is analyzed
I change only a chasis in a router 3845, but the "show version" command should be the same , except for the serial number and other parameter of time.. however, the number of serial interface change from 4 up to 2.The hardware module of 3845 are 3.
1.- VWIC E1/T1 with 2 port
2.- Fastethernet 36 port
3.- Supervisor engine with 2 Gigabit port
I realize what the error message says but I was not aware that there is a class-map limit? This is on a ISR 3845 router.Is there a limit on the amount of class maps that can be configured on the router?
Is it the amount of times class maps are used (as I do not think my client has 1023 class maps but they are used several times each)?
I have a cisco router 3845 with Etherswitch modules and one Vlan configured "172.16.6/24", many switch ports are assigned to this vlan. i would like to translate one IP address 172.16.6.200 to a new one "172.25.42.10" but need to keep the other IPs from "172.16.6/24" without changes. below is the configuration of vlan interface and switch port. [code]
View 8 Replies View RelatedI have a Cisco 3845 Integrated Service Router and I have installed a Service Module. I want to use the integrated Gigabit ports as switch ports and put ports in the Service Module and Gigabit port in a VLAN.
Is this possible? can it be done by setting internal Gigabit link as trunk and how? Below is the somewhat the setup i am looking for
Service module
fa0/1 |
fa0/2 | Vlan X
fa0/3 |
[Code]....
I'm trying to have a standard equipment for our POP deployment. Basically this edge router will connect to our customers and pass data and or voice traffic, capable of BGP and good enough to accomodate up to 4 clients.
We have on hand a 3845 Router, and ME3600X. The 3845 is EOS and replacement is 3945. The ME3600X is a fixed configuration so would you recommend a 3945 or a much higher model like a 7300.
I have a 3845 router which got reloaded immediately and need to know the reason for the reload .Router have created crash info detail .
View 3 Replies View RelatedIn my cisco 3845 router I can see output packet drop in some of the interfaces.I suspect that router is processing packet beyond its mix throughput limit. Moreover when i run show int fax/y switching command I can see packet drop by RP process.
View 11 Replies View RelatedI am looking into bringing MetroE into our data center. I currently have a 3845 router and would like to find out if it can support a 300-500M MetrE link.
Also would you recommend a router or a switch that can handle 300M - 500M MetroE link ? Do you typically terminate MetroE link on a router or a switch ? can I terminate it directly to a routed port on a Nexus 7K ?
I have this card installed onmy 3845 running version 12.4(18). But this card fails to show up.
here is what I found in a show tech.
WIC Slot 0:
Unknown WAN daughter card
WIC module not supported/disabled in this slot
Hardware Revision : 2.0
Top Assy. Part Number : 800-27738-02
Part Number : 73-10677-02
Board Revision : B0
Deviation Number : 0
Fab Version : 02
PCB Serial Number : FOC********
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : HWIC-2FE
Version Identifier : V01
CLEI Code : COUIAFUCAA
Base MAC Address : 001a.6c70.260b
MAC Address block size : 2
Connector Type : 01
EEPROM format version 4
EEPROM contents (hex):(code)
We have a customer that is relocating thier headquarters. They have a temporary requirement to bridge multiple vlans or a router T3 link to the new location as they cannot change the IP subnets. Setup is 3560 switch connecting to a 3845 then T3 to remote 3845 and 3560. I need to bridge multiple VLANs. I have seen a good example on how to do it over sonet but I don't see how to translate that to an HDLC or Frame Relay encapsulation for the T3 Link.
View 5 Replies View RelatedI have two routers at our core data center, a 3845 and a 3640. These are configured with GLBP. There are 4 remote sites:
Site #1: One T1 link to the 3825
Site #2: One T1 link to the 3825, and One T1 link to the 3640
Site #3: One T1 link to the 3825, and One T1 link to the 3640
Site #4: One fractional T1 link to the 3825, and One T1 link to the 3640.
My question regards site #4. If i understand correctly, GLBP works on the premise of "host" balancing, and not true "load" balancing. The reason I ask is that the large majority of our WAN traffic is from our Exchange server to our remote sites. In the case of site #4, our exchange server is sending traffic on the fractional T1. Is there any way with GLBP to either split this traffic from a particular host across two links in a round-robin fashion, but leave other hosts to travel wherever the router sends them, or, to force at least our exchange server to use the full T1, rather than the fractional?
I've read up on the weighting mechanism, and it appears that tracking an interface has nothing to do with bandwidth use. If I understand correctly, if I were to track the Site #4 PPP to the 3640, and give a weight of 10 to glbp on there, it would really only take affect if the interface is down. It will have nothing to do with host AVF election.For the record, exchange traffic is constant to this site, so there is no chance for the host connection to reset and potentially elect to use the larger pipe. I would like to "tweak" this to make better use of available bandwidth.
I am trying to configure two 3845 routers to act as dhcp server and dhcp relay. Clients are connected to the router that relays all dhcp requests to the vrf instance which is used to connect it to the router wich is running dhcp server.
Router1
ip vrf dhcp_dns
rd 8:1
int gi0/0
ip vrf forwarding dhcp_dns
ip address 192.168.200.5 255.255.255.248
[code]...
So far I can see dhcp requests coming from the R1 and dhcp server on R2 replies with the dhcp offer but PC is not getting any ip.
I have NM-16ESW card installed in one of my 3845 router. Below is the sh inventory output
NAME: "16 Port 10BaseT/100BaseTX EtherSwitch", DESCR: "16 Port 10BaseT/100BaseTX EtherSwitch"
PID: NM-16ESW , VID: V01 , SN: FOC11482484
NAME: "Gigabit(1000BaseT) module for EtherSwitch NM", DESCR: "Gigabit(1000BaseT) module for EtherSwitch NM"
PID: GE-DCARD-ESW , VID: V01 , SN: FOC11454FW6
Is the Gig port available here can be used for uplink?I found following comment at
[URL]...
"GE-DCARD-ESW: This optional 1000BaseT Gigabit Ethernet port for NM-16ESW and NMD-36-ESW can be used for a gigabit connection for a file server or for intra-chassis stacking of the Cisco EtherSwitch module. Stacking is supported in Cisco IOS release 12.2(11)T and beyond"
I have a Cisco 3845 with the archive command configured:
archive
path tftp://x.x.x.x/$h
write-memory
time-period 60
The archive command works with the execution of the write mem, but with the "time-period" doesn't work.This is the show version of my 3845:
NTP_Server#SH VER
Cisco IOS Software, 3800 Software (C3845-SPSERVICESK9-M), Version 12.3(14)T7, RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Thu 23-Mar-06 01:59 by pwade
[code].....
I have a 3845 router. Setup SSH Version 2generated rsa keys (1024)set login localtransport input ssh and telnet is enabled since I can't get ssh connection working When I connect using SSH, I get the following error. server refused authentication protocol.
View 21 Replies View Relatedi have a cisco router (3900 series) and a add on module (4 x 1 Gig port module). For some reason i cant seem to port channel them and cant do routing (can set an ip address on those ports). I can do port channel and routing on on-board ports. Do i have to enable any commands to do this ?
View 3 Replies View RelatedWas wondering if anyone has ever hot ADDED, not swapped, an expansion module in a 5548up. Is a switch reboot required?I looked at the H/W install guide and it does not mention anything.
View 3 Replies View RelatedMy C6506 USING ws-sup720-3B, i upgrade the IOS to the latest release of 12.2(33) SXJ1 IOS version. After upgrade and reload the machine got one module cannot be detect..WS-X6416-GE-MT, 16 port 1000mb MTRK ethernet module. The version of this are:
-HW 1.0
-FW 5.3 (1)1
-SW 8.5 (0.46) RFW
Question 1: Any tools available on cisco to check out the hardware/software compabiity feature?
Question 2: Any release note, compability matrix table etc resources.
Recently we ha a Nexus 7010 with a module frozen that was OIR (Online Remote and Insert) but do not work until reload the Nexus 7k.The command "show tech-support" has the following:
exception information --- exception instance 64 ----
Module Slot Number: 1
Device id : 147
Device Name: 0x93
Device Errorcode: 0x9329201
[code].....
Was is Excessive Interrupt Events? Can this "Minor Error" frozen the system?Is the port 42 on module 1 affected? o was 42 ports?