I decided recently to switch out our border router (1841 12.4 advsecurity) with a shiny new 1941 (15.2 SEC/K9) as the CPU upgrade was needed.The core below acts as a VPN end point to various other remote offices we have, all of which have a similar network design at each end (and all entirely managed by me). All of these are still running 1841's with 12.4 advsecurity on them as well. These are all GRE tunnels with ipsec procection on them (not crypto maps). [code]
Everything else works fine (NAT, route-maps etc), it's just these IPSEC/isakmp tunnels that are not playing ballIt's definitely not an ARP issue (all arps were cleared) and ICMP appears to work fine (ie, I can ping the remote tunnel's public IP endpoint from the core using the loopback for that tunnel as the source). I am suspecting it's something strange with the stateful firewall config, but I did try and apply ipsec and isakmp-msft to the ip inspect list, with no success.
I have the task of replicating the router config on a 3825 router on a 3750 switch. Reason is we are taking out the router and replacing it with the switch to make use of the router for other functions.
Below is main part of the router config:
! ip source-route ip cef ! ! multilink bundle-name authenticated ! license udi pid CISCO3825 sn FCZxxxxxxx ! vlan internal allocation policy ascending
[code].....
The 3750 switch I have runs C3750E-UNIVERSALK9-M, Version 12.2(55)SE3 on a LAN BASE license.
The first thing I have done is to order for a license upgrade to IP BASE which would give the support for OSPF routing.I do not see much of an issue with the Interface configs, however, I am not too sure about replicating the routing config on the switch.
My question is can I run the commands as shown for the OSPF routing on the switch? If not, can I get suggestions on how best to set this up on the switch?
How to replace a defective redundant sup. I read on several articles that inserting new redundant sup should not be an issue as the active sup will always send its configuation to the standby. We are running SSO on the Sup720. Should I switch it to RPR before I install the redundant sup? I read a case wherein they switched it to RPR from SSO before inserting the new redundant sup. My concern is the IOS mismatch since Cisco doesn't always send the same IOS on RMAs.What I am planning is this.
1. Save/Backup configuration 2. Remove the redundant sup on slot 8 (since it is a 6513) 3. Insert the new redundant sup on slot 8. 4. Check if all the configurations were synced from slot 7 to slot 8. 5. Copy the IOS from sup-bootflash to slavesup-bootflash. (if the IOS are not the same) 6. Check show bootvar to see if the boot variables are correct. 7. If bootvar is the same, reload slot 8 to boot the new IOS.
Is this a good plan or am I missing something? I am worried with this document if the redundant sup has a different software. If i insert the card in slot8, according to Cisco, it will revert to RPR. If slot 8 boots and it has a different OS, then slot 7 will switch to RPR even if it's active. Would I still be able to access the slavesup-bootflash of slot 8? Is it going to boot 100%? I read that doing a force switchover will cause a flip and RPR would cause the line cards to reinitialize and I don't want that. Well I am not going to do a force switchover since i want slot7 to be active and retain slot 8 as hot.
I am replacing a faulty sup720 on a 6513. It s the backup/hot not the active sup. It has the same IOS on it. Is it correct that all I need to do is remove the faulty and replace it with the new sup and do a wr mem? Fromwat I have read their should be no down time all connectivity should remain stable?
We have sup engine 6L(WS-X45-SUP6L-E) on two 4506 switch. both switches connected in LAN (HSRP primary and Secondary).
We are going to replace it with Sup7LE. What is the best procedure to get this done with minimal outage?Any other important thing to be noted ? Note : We have Lincence for SUP 7LE
I'm due to replace a stack of 2 x 3750 switches very soon with 2 x 3750Gs. These 2 current switches are the VTP server for a small domain. I have put the config on the new switches switches and I made it a server and used the same VTP domain and password etc and got the VLAN info ported over.Now I did this a while back and noticed the switches are in transparent mode with a revision number of 0, I need to set this back to server and swap the switches out but the revision will be lower than the client switches (around rev 200), what do I need to do?
In my MDF I have a 4stack of the WS-3750-48P switches. Is it possible to replace one with a C3750X48PF-S with out causing any issues? Or would it be better to just have 3 stacked and trunk this one to the core 4506. Keeping in mind I bought this one to expand the port number for one of our remote offices.. I would hate to send them the gig switch when there isn't as much usage..Besides if I can get my CFO on this switch he might authorize me to replace the rest... He is reticent to believe it makes really all that much of a difference.
I have a 2801 router that I am replacing with a 2911. I know the ports on the 2911 are Gigabits and the 2801 are Fe. I read where the IOS would not support backup and restore on each other . I am attaching a show ver on both routers. I need to know if backup and restore would work and or what other changes would need to get done.
We currently have an environment with a 4507 as the core switch connected to four stacks of 3750e's in the wiring closets. A pair of Nexus 5548UP's also hangs off the 4507, but at the moment more or less dedicated to a certain purpose..The 5548UP's have the L3 daughter card installed.
My question is: Can a pair of Nexus 5548UP's do a C4507's job? Would we be able to decomission the 4507 and replace with the existing 5548UP's + FEXes?
We are planning to implement the 6509-E with two Sup 2Ts and a few 48 ports switches. We also want to make this the router for our network and replace the 7206VRX.
when replacing a line card on a 6500, i gather there is no config stored on the card, its all held on the sup, so when i put in another card the config will be the same?
I was wondering what general steps might be taken in order to "replace two(2) 3750 (stacked) with one (1) 3750X - Server Access". General steps and what I might have to do configuration wise. I know i'm copy pasting the existing configs into the new switch, but are there any caveats?
I have two 3750X in a stack. Each 3750X has one 10Gb uplink to primary core1 and one 1Gb uplink to backup core2 configured in 2 etherchannel groups. The member switch has bad ports, so I need to replace it. I have spare 3750X unit. Is it possible to connect the spare unit to the stack and then move the RJ-45 cables from the member with bad ports to the new member? That way I can minimize servers downtime to just a few seconds..If that would work, then the last step would be to move the 10Gb networking module from old member to the new one, as well as the secondary PSU. Is it doable? Also according to the documentation, all I need to add new member is matching IOS version, correct?
I have two 3750G switches stacked together however it's not in a full ring configuration:
Stack Ring Speed : 16G Stack Ring Configuration: Half Stack Ring Protocol : StackWise
And as shown below it's obvious which cable is not working:
show switch neighbors Switch # Port 1 Port 2 -------- ------ ------ 1 2 None 2 None 1
It's not flapping - it's like the cable isn't there at all. I'm going to try reseating the cable in there and perhaps an all out replacement if necessary. My question - is there any threat of a reboot of the switch stack or of partitioning of the switch stack by trying to get the 2nd cable working?
The stackwise marketing info states that when a failed member is replaced with a new switch the replacement switch "gets the exact configuration of the old device". I would figure it takes a little more than just disconnecting and connecting a new switch in the same spot on the stack. doing this with 3750 family switches? What are the steps to prepare the stack for a new member? what steps need to be taken on the replacement switch before insertion into the stack to make sure it gets configured like the unit it was replacing?
When two Routers Models 1941 (Main Router) and 1841 work connected with HSRP, and a second LAN card is added to each one of them If i connect the GE 0/1 and Fe 0/1 of each of one of them To FireWall1 (in cluster with FireWall2) AND i connect the second LAN (Added) of each one To FireWall2 (in cluster with FireWall1) If FireWall1 will failure , How can Router 1941 know, to move traffic from GE 0/1 to the second LAN card connected to FireWall2 (which is in charge now, by cluster definition)
I have a supervisor blade, (VS-S720-10G-3C), in a 6513 that is faulty and needs replaced. Do I need to replace the IOS on the new supervisor blade to make sure it is the same as the IOS image that is on the Active supervisor module, or will it synchronize automatically?
In the synchronization process, the active supervisor engine checks the standby supervisor engine run-time image to make sure that it matches its own run-time image. The active supervisor engine checks three conditions:
# •If it needs to copy its boot image to the standby supervisor engine # •If the standby supervisor engine bootstring needs to be changed # •If the standby supervisor engine needs to be reset
I was reading the above documentation that mentioned the active supervisor should copy the image if it detects a newly installed standby supervisor blade with a different image, is this correct or was it referring to synchronizing the configuration file?
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1 | Router | ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes ! ! Last configuration change at 05:18:56 UTC Mon Jun 25 2012 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption
I have this Cisco 1941 router with two Ethernet ports g0/0 and g0/1. The g0/0 is connected to office LAN with internet access. As my office LAN is DHCP, it will assigned a IP address for g0/0 since this g0/0 is configured as "ip address dhcp". Now my question is that i have a group of 5 pcs, namely PC1, PC2, PC3, PC4 and PC5 that is connected to the switch and one of the ports of this switch is connected to g0/1 of Cisco 1941. Is it possible that let say PC2 and PC3 (both DHCP enabled) could access the internet access from g0/0 and at the same time, the office LAN assigned IP address for PC2 and PC3 automatically?
Office Lan with internet access (DHCP) (Default gateway 10.0.0.1) | | g0/0 (DHCP enable) (DHCP assigned IP address 10.0.0.138) Cisco router 1941 g0/1 | | HP Switch | PC1 PC2 PC3 PC4 PC5
Is this operation possible? if possible, how to configure inside the router 1941 to achieve this objective?
I have just set up my Cisco 1941 router to my cable internet connection. I have access to everything, but I cant login successfully into Cisco CP.
I set up a new user with level 15 privileges and a secret password. I go to login via webbrowser and I put in my credentials, but I get rejected. I have tested the username and password via the CLI, and it works fine, I just cant seam to login to Cisco CP.
the IP next hop 10.84.23.254 is cascaded on my customer LAN . At nominal time the router advertsed the route in BGP
pjnb1376#sh ip bgp nei 57.213.169.169 ad Next Hop Metric LocPrf Weight Path *> 10.84.22.0/23 10.84.23.254 0 32768 i
When the lan interface of the router goes down , the router still advertise the route !!! Even if the IP next hop 10.84.23.254 is not reacheable anymore ....
The box is a Cisco 1941 using 1900-universalk9-mz.SPA.151-4.M1
I am having an issue accessing the internet from a PC on the LAN. I have configured the PC with the gateway of the router infront of the ISP to test. I can ping from the router to google or any other internet IP. From the PC I can ping to the GIG0/1 (Inside LAN IP) and the GIG0/0 (Outside WAN IP going to ISP) but I can't ping the Next Hop IP of the ISP or anything past that. If I do a trace route from the PC to the google IP address it hits the GIG0/1 Inside LAN IP Address but fails from there. Here is a cut down snap shot of the router configure
I have a Cisco 1941 router configured using Cisco Configuration Professional... SSH management works from the LAN IP 10.0.1.254 and 10.0.2.254 Also, SSH management works from the LAN using the external domain name which resolves to the public IP address.
The problem i have is if I try SSH from the internet to the public IP.. nothing happens.
cisco1941#show config Using 18498 out of 262136 bytes ! ! Last configuration change at 13:57:49 PCTime Tue Feb 14 2012 by admin
I bought a secondhand small business router (model 1941 Integrated Services Router) for personal use. It runs version IOS 15.0(1)M1 software, which seems to work well, but I'd like to download a firmware update that addresess some of the security flaws in this software. When I tried the download process it told me I need to buy a service contract first? Is this right, or am I doing something wrong?
Recently my company buy a EHWIC4ESG card and put into the cisco 1941. The reason we buy this card is because the in built two network ports of cisco 1941 are being used up. g0/1 is being connected to the internet and g0/0 is being connected to the office switch (192.168.5.x)
We have two servers (192.168.6.x and 158.55.33.x) that required to be connected to this router 1941 where the router will be configured as VPN for external user to access this server.
The EHWIC4ESG card is put into the router 1941 and after typing the "running-config" command, i could see it create a vlan 1 interface and
I have a 1941W that has a connection to my ISP (Gi0/1) and another connection to a remote lab (Gi0/0). Everything is working fine how it is setup. All my traffic from my internal networks can access the Internet and devices on the 192.168.201.0 /24 can access the Internet and the lab 10.89.0.0/16.
Now I want to have two devices (192.168.201.51 & .147) use Gi0/0 when accessing host 63.85.190.67. There is no route to this subnet since it reside in the remote lab. Here is what I have right now. How would I setup a PBR to have those two host use Gi0/0 when accessing 63.85.190.67
interface Vlan192 ip address 192.168.201.1 255.255.255.0 ip nat inside ip virtual-reassembly (code)
I have a new cisco 1941 router that I am setting up with pxe-booting. I have never setup pxebooting before and i have this setup so far ip dhcp pool Admin
-option 66 ip 192.168.1.4 -option 67 ascii pxelinux.0
and i can pull an ip but it keeps getting hung up when it comes to the TFTP part.
I have a Cisco router 1941 connected to a switch. I'm configuring the w LAN- AP and i need to have the wireless devices have an ip in the same range of the wired devices.Since i cant use the same ip range on the gig0/1 and the V LAN 1 for the wireless, i wanted to know how to config the giga0/1 connected to the switch to act as a layer 2 port and i keep the ip on the v LAN 1.
