Cisco Switching/Routing :: Inbound Traffic On 7606?
Jan 17, 2013
I have two Cisco 7606 routers using BGP to connect our customers to the internet. Recently we added a new 1G circuit in addition to an existing 1G circuit and all traffic inbound is now on this new 1G circuit. We would like to shift some of the inbound traffic over to the other 7606. Our Tier provider has the same AS number for both paths. One path goes directly to New York and the other goes to Boston then New York.
View 1 Replies
ADVERTISEMENT
Nov 1, 2012
I have a VPN on my ASA 5510 between (A)192.168.255.0/24 and (B)172.20.2.0./24. The purpose of the tunnel is to send kerberos tickets from our domian controller on the A side, across to a server at B, and receive a respose. I want to lock down inbound traffic to the A network, but not sure of best method.
I initially tried using an ACL filtering on ports, but soon realised the incoming traffic uses a wide range of ports so this is not really possible.Seeing as the A side will always be initiating the conversation, I was wondering if I could use the 'established' option on the inbound ACL for the ASA at A side, so that it would block any flows that are not initiated by the A side.
View 3 Replies
View Related
Mar 2, 2012
We are using Cisco 3750 switches in our environment as distribution switches.We currently use to police inbound traffic, but we need to find a solution to limit inbound traffic per IP.Something like this “Inbound traffic for each IP can be maximum 1 Mbps” This can be done having, one ACL and one class-map for each IP, but in my situation is not a practical solution, because we have more than 500 IP’s on that site.
Is any way to accomplish this without writing 500 ACLs and 500 class-map?
View 2 Replies
View Related
Mar 19, 2013
We have a Cisco 2811 running ITP IOS. On that router we run the SMPP service. A client on the network connects to this service, and we need to capture the traffic for debug.
I've tried traffic-export, but I cannot see any outbound traffic.I'm guessing that this is due to the fact that the outbound SMPP traffic is not transit traffic as it is generated by the router itself.
Is there any way to capture the outbound traffic?
View 4 Replies
View Related
Jun 2, 2013
I have made an etherchannel between 6509 and 7606 with two giga interfaces on eatch one to have more bandwidth (2Go), but the Etherchannel does not exceed 1 GB (Below is a capture for Etherchannel taken from Solarwinds).the both 6506 and 7606 use ws sup 720 3bxl
View 8 Replies
View Related
May 15, 2012
I have a Cisco 7606 running 12.2. I want to limit the interface that is used by one of our customers to 30M.
View 3 Replies
View Related
Jan 28, 2013
its a hardware problem or just not get power to module 1 for module WS-X6748-GE-TX? this is the capture from show module and sh log :
------------------ show module ------------------
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx
5 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE xxx
Mod MAC addresses Hw Fw Sw Status
[code].....
View 4 Replies
View Related
Jun 3, 2012
Our router suddenly reloaded. Below are the crashinfo obtained:
1st crashinfo:
7606_Router#more sup-bootflash:crashinfo_20120604-02260500:00:05: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor
00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.
00:00:05: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor
00:00:05: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output.
[code]....
We are running s72033-advipservicesk9_wan-mz.122-18.SXF9
View 14 Replies
View Related
Nov 6, 2011
following errors.
Nov 7 21:34:50: %EARL_NETFLOW-SP-STDBY-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [99%]
Nov 7 21:44:44: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [91%]
I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
[1] sh run | in mls
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
[code]....
View 1 Replies
View Related
Jan 15, 2012
I have my router 7606-S rebooted by itself. According to output of show version command it's rebooted by software bug.
================ Snipped from crashinfo file =================
Jan 14 05:33:50.822 GMT+7: %C7600_MEM_ECC-2-MBE: Multiple bit error detected at 0xC09F4D38
Jan 14 05:33:50.822 GMT+7: %C7600_MEM_ECC-3-SYNDROME_MBE: 8-bit Syndrome for the detected Multi-bit error: 0x0
05:33:50 GMT+7 Sat Jan 14 2012: Unexpected exception to CPU: vector 1500, PC = 0xB7922BC , LR = 0xB792250
==================== Show Version ======================
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 10-Feb-11 19:27 by prod_rel_team
ROM: System Bootstrap, Version 12.2(33r)SRD5, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
[Code]...
View 3 Replies
View Related
Feb 28, 2012
I have a cisco 7606-S with dual RSP720-3CXL. Devices reloaded and now none of the RSPs are booting.When I have tried to take the console using only one RSP, card going to rommon mode after that it hangs. I guess its firmware is corrupted.
View 4 Replies
View Related
Nov 13, 2012
I have one Cisco 7606 and i need to install a WS-X6748-GE-TX with WS-F6700-DFC3CXL.When I install the WS-X6748-GE-TX the module is powered off with the following warning:
00:01:45: %C6KPWR-SP-4-UNSUPPORTED: unsupported module in slot 1, power not allowed: Unsupported baseboard/earl combination. [code]
View 1 Replies
View Related
Mar 25, 2012
I faced with problem while i was attemping to upgrade CISCO7606 (R7000) from 12.2(33)SRE1 to 12.2(33)SRE6.
rommon 2 > boot c7600s72033-advipservices-mz.122-33.SRE6.bin
Loading image, please wait ...
Invalid device specified
Booting from default device
Initializing ATA monitor library...
string is bootdisk:c7600s72033-advipservices-mz.122-33.SRE1.bin
[code].....
View 3 Replies
View Related
Aug 22, 2012
I am having difficulties with getting SPAN traffic over my WS-X6704-10GE (CFC).
CISCO7606
ios 12.2(33)SRE6, SUP720-3BXL
Trying to use the span feature, put the commands listed below in and they entered successfully, but the port is not being mirrored.
interface TenGigabitEthernet1/1
description PUBLIC
dampening
mtu 9216
ip address x.x.x.x x.x.x.x
[Code]....
View 1 Replies
View Related
Dec 6, 2012
I have two ISP, I want to divide Inbound to ISP1 and Outbound to ISP2.
View 3 Replies
View Related
Jul 22, 2012
6509 - Not working
1 6 Firewall Module
2 8 Intrusion Detection System
3 1 Application Control Engine Module
[Code].....
The Policy applied to the interface is just completely ignoring the configuration.
I am sure it is related to the 6500 architecture in some way. Same config is fine on the switch with the higher version on the sup card.
View 3 Replies
View Related
Sep 17, 2012
I have a remote office with a 1.54mb circuit connected to our private MPLS network. Our main office has a 20mb conneciton to said network. I want to set a QoS policy for traffic from the remote office to our Avaya subnet within the main office. This policy is to give priority to all traffic to the Avaya G350.
I have set up the outbound traffic policy on our remote office router using a policy map as follows:
access-list 101 permit ip any 192.168.0.0 0.0.255.255 (this represents the Avaya subnet)
class-map match-all voice_outbound
match access-group 101
policy-map voip_outbound
class voice_outbound
priority percent 50
interface Serial0/3/0
service-policy output voip_outbound
This works fine for outbound traffic. Now how do I give priority to inbound traffic from the 192.168.0.0 network? When I try to do similar command it says CBWFQ is only configurable as output, not input.
I'd just limit it at the far end, but that has a 20mb pipe. All other traffic from our corporate datacenter, as well as internet traffic, flows from the main office to the remote office. Should I just rate limit everything else destined for the remote office subnet, and if so, what's the best method?
View 4 Replies
View Related
Jun 9, 2013
ON switch 6500 i have configured an interface vlan x and applied policies on inboud and outbound directions as per below: [code] But the problem i am facing is that the policy outbound works ok , but the policy inbound doesnt work at all. specifically it doesnt match anything. [code]
View 1 Replies
View Related
Feb 12, 2013
I have 5x Cisco 2960 and 1x Cisco 2960G. All of them are using IOS Version c2960-lanbasek9-mz.122-55.SE6.bin I'm having poor inbound speed with ALL of the Cisco 2960 (except 2960G) although the outbound speed is normal. The port is 100Mbps Full-Duplex, but the max inbound speed on a single connection is around 35Mbps. With the 2960G, I can get max 1Gbps inbound speed on a single connection.
I checked everything and still not know why the 2960 switches can't get max 100Mbps inbound.
View 5 Replies
View Related
Dec 15, 2011
I have a non-cisco router with a public WAN address. This is conencted to a 3750 switch internally. The switch is the default gateway for all VLANs, and the gateway router has static routes back to the 3750. The Router provides NAT, no NAT is done on the switch.My requirement is to port forward port 29 000 so that I can access a server on VLAN4 via this port.
So, I have: Router: Port 29000 map to 192.168.4.1 (Switch VLAN4 address)
The question is, how do I route port 29000 from the 3750 to the server on 192.168.4.42 ? what exactly I should add in order to port forward port 29000 incoming form my router, to my server on 192.168.4.42.
View 17 Replies
View Related
Dec 11, 2012
dont seem to be able to get policing working inbound on a port 3750X v 15.0(2)
Config is below:
ip access-list extended SMB
permit tcp host 192.168.1.14 host 172.16.1.30
permit tcp host 192.168.1.14 host 172.16.1.31
[Code]....
View 6 Replies
View Related
May 28, 2013
CE IP - 172.18.10.10 /30PE IP - 172.18.10.9/30 I had configured some floating static route on the PE towards CE .The routes were installed correctly till PE - CE link was UP as next hop IP was showing as connected .Now the link has been removed and I am receiving a supernet of 172.16.0.0/12 from PE2 via MPBGP. Although the 1st static route for 10.10.0.0 is showing in routing table, the other 2 ( 172.17.0.0 & 172.24.0.0 ) donot show. I believe that as both the routes and next hop fall under the supernet , the static route is not installing. But I don't know why is this behaviour. I tried to remove the distance 250 from both the routes , but still the static route does not install. I tried this on GNS3 but got the same results .
View 14 Replies
View Related
Apr 6, 2013
I have a working L2L between two locations. Location A and Location B.
Location A: 172.16.16.0/24
Location B: 192.168.0.0/24
I would like to block anything inbound to Location A from Location B that isn't initiated from Location A. The block should be done on the ASA5505 at Location A. Location B uses an ISR G2 router. i.e. Location A can start an SSH session to a server in Location B Location B cannot start an SSH session to a server in Location. .
I tried using a VPN filter on the ASA5505 but it isn't stateful, I cannot pass any traffic when using it.
Config on my ASA:
access-list vpn-traffic extended permit ip 172.16.16.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list block-vpn-to-local extended deny ip 192.168.0.0 255.255.255.0 172.16.16.0
[Code]....
I also have an AnyConnect VPN setup for the ASA5505 and it is running 8.2(5).
View 4 Replies
View Related
Mar 16, 2012
I use a mail filtering service that delivers mail to me via SMTP on standard port 25 on one of my 5 static external IP's. I wish to restrict this to their IP's only (they have two) and I am unsure on how to do so? As it stands now, anything on the net can talk to my mailserver and my logs are filling quickly with failed attempts as a result. Here's my setup and what I am trying to accomplish:
mail filtering service -> my public ip:25 -> internal mailserver at 10.0.10.2:25, deny everything inbound except traffic from the mail filtering service, I am thinking an ACL would fit the bill here, but unsure of how to implement. Router is an 1811 with version 15.1(4)M3 IOS. WAN is on fa0, lan is on fa1.
View 3 Replies
View Related
Dec 25, 2012
We have a L2L VPN with a vendor and our outbound traffic (our local network is 192.168.0.0) NATs over one of our public IP addresses x.x.x.164 to their public IP address 128.x.x.x. In the beginning all our traffic was outbound (port 23) to the vendor and now we need to allow inbound from the vendor to specific 192.168 addresses on our network using port 9100. I’m uncertain as to what I should do to allow their inbound traffic to these IP addresses since we are NATing our entire network over one IP address. Note, the .164 public IP is also used to NAT to other vendors we have L2L VPN with. The VPN terminates to our ASA 5580 version 8.2.
View 5 Replies
View Related
Nov 7, 2012
I have an ASA5510 with 8.3 and a Cisco PIX525 (retiring). The ASA was for VPN traffic only while the PIX was for all other Internet traffic. I'm trying to move all the traffic to the ASA5510 so I used the PIX to ASA migration tool. I migrated the PIX rules over to the ASA5510, however we can't receive email and there is no external access to our internal websites. But the VPN connections remain intact and internal users can get out to the internet.
When I run Packet Tracer on my outside (incoming rules) the packets are dropped at the inside interface. What am I missing?
View 1 Replies
View Related
Oct 9, 2012
We want design a topology based on transparent proxies using WCCP. Our proxies can do spoofing of user ip addresses. So, the HTTP request will go out our network with the user ip address as source ip. The HTTP Response will arrive with destination address the user ip address. We want use WCCP to redirect inbound and outbound traffic because we have c3750 with L2 WCCP support. The outbound redirection, when the packet is going out our network is simple. But, the problem is the inbound redirection. How we redirect this packets to proxies by WCCP?. Is it possible?. This redirection is done by c3750 using TCAMs/hardware?. Our throughput could grow until 2-3Gbps and we are worried about the performance.
View 1 Replies
View Related
Oct 5, 2011
How to configure the 825 to block inbound traffic from a specific internet IP address ?i noticed an IP and MAC that i don't recognize that is listed as a connection to my NAS's media server ...i blocked it in the NAS configuration page, but i don't want any unsolicited traffic into my network.
View 3 Replies
View Related
Feb 11, 2013
How filter inbound routes in Cisco ASA OSPF? Because Cisco ASA has no "distibute-list" command for OSFP process configuration, I try to use "filter-list" command in area definition. So, I try to use next configuration:
R1 (Cisco 3660):
skip
!
router ospf 1
[Code].....
View 2 Replies
View Related
Apr 5, 2013
I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly.
View 2 Replies
View Related
Nov 3, 2011
I have a client that has an ASA 5520 that has two internet connections, FIOS and Comcast. The ASA is configured to failover from the FIOS to the Comcast if the FIOS fails. This works perfectly fine. However, I was wondering if VPN and other inbound traffic will come into the secondary connection when it is active. I think VPN will work inbound when the FIOS connection fails, but I am not sure about the other inbound connections.
View 1 Replies
View Related
Feb 21, 2013
I'm intending to purchase a switch for work,and I need to limit the bandwidth of one of the ports to 25 Mbit upload and 25 Mbit download (we have 100/100 Mbit connection and the customer is only paying for 25). I been trying to find information on how this could be "properly" done and what kind of switch I need to buy. As far as I have understood, most L2+ switches support outbound rate limiting, but not inbound, and as I only want the customer to have 25 mbit up and down, I need both.
I been looking at a Cisco Catalyst 3560 switch, and I'm first and foremost wondering if I can limit the inbound AND outbound bandwidth on this switch? Perhaps it can even be done on a simpler, cheaper, switch - as I rather not spend more money then necessary?
Lastly, how to do it, limit the inbound and outbound bandwidth on a single port (perhaps on the above mentioned switch, if possible), to 25 Mbit?
View 3 Replies
View Related
Dec 25, 2012
I have been trying to figure out a NAT issue on my 2811 and the inspect engine.I have 'ip inspect FW out' on my outside interface. If I turn it off, I also have to remove the access-list applying to inbound traffic on that same interface. Why is that? This whole thing centered around SIP registrations from devices on my LAN to my provider. The provieder is showing that I am registering from a high end port (1024 or something crazy). He said that it sounds like some type of SIP ALG or something on my router. For the life of me, I can't figure out what would be causing it. I am just using a standard route-map that points to the outside interface using 'overload'.
View 6 Replies
View Related
