I have 2921 router and I have 3 very basic switches that I need to connect to the router. The switches have very basic default configurations and there is no way to edit them, so I only have one VLAN and one default gateway. I can't assign the same IP address to each LAN port. I'm not sure how to make this setup work.
View 12 RepliesWhat I’m looking to do is setup a net-flow monitor for traffic going across a PIX firewall. I know unfortunately I can’t do this directly from the PIX because it does not support net-flow.
I do have a 2921 router on the same network that I have net-flow enabled to monitor traffic across the MPLS Connection.
Since the traffic for the MPLS is going out a direct interface I have applied the IP Flow egress/ingress commands to that interface to obtain the net-flow data I need. The PIX firewall however is not a direct interface so this can’t be done. I have done a little reading and believe I could use a policy map to create a “filter” so that any traffic that meets the ACL associated with the Policy-Map would get sent to net-flow monitor.
My question is how do I set that up so that so I can have the two net-flow data “streams/sources” go to separate net-flow ports so that I can monitor them independently of each other or is that not possible?
Both devices are connected to a 3750X switch; however neither is connected to a 10GB port. To my understanding that means I can’t run net-flow on the switch itself.
configuring up a 2921 router for remote site which is fitted with 24 port Etherswitch module.As part of this setup I have defined 3 vlans on the router, but when I go onto etherswitch and for example set switchport access to access vlan 3 it is not aware of this vlan.Do I have to set up trunk inbetween Router and its etherswitch?Wish I had ordered seperate switch as it would have been easier or am I missing something.sho vlan-switch shows my vlans but on swicth sho vlan brief does not.
View 10 Replies View RelatedIs it possible to configure a Cisco2951 and a Cisco2921 in HSRP?
View 1 Replies View RelatedIs it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies View RelatedI was wondering why can't we no longer use the multiple ports within an extented ACL like I use to do it in a CAT3750E.I have IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.02.00.SG.I wanted to create an ACL like so [code] But when I do, it tells me that I cannot do it.... I can only add 1 tcp port to my ACL line. I tried to search the "object-group" concept also but it's not implemented in this IOS.Can this be done in IOS-XE ?I'm migrating my enviroment from a CAT3750E stack to a C4510-E.
View 1 Replies View RelatedI've got a recurring them developing across several deployments of Catalyst 3750X series switches, I'm seeing large amount of output drops across multiple ports but there are is no QoS deployed on any of these switches. (standard FiFO). As it happens the ports in question are a member of EtherChannel groups which are connected to ESX Hosts.I've also seen this behaviour also unexplained on another 3750X at a different site, however it's a single port and connects to an Upstream firewall.However in both cases neither switch has any QoS or non-standard configuration, literally a couple of VLAN's and some EtherChannel groups.Here's some output from the case involving the ESX servers.
View 5 Replies View RelatedI've got a recurring them developing across several deployments of Catalyst 3750X series switches, I'm seeing large amount of output drops accross multiple ports but there are is no QoS deployed on any of these switches. (standard FiFO).
As it happens the ports in question are a member of EtherChannel groups which are connected to ESX Hosts.I've also seen this behaviour also unexplained on another 3750X at a different site, however it's a single port and connects to an Upstream firewall.
However in both cases neither switch has any QoS or non-standard configuration, literally a couple of VLAN's and some EtherChannel groups.Here's some output from the case involving the ESX servers:
Port-channel6 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 1cdf.0f82.1607 (bia 1cdf.0f82.1607)
Description: EC to xxxx
MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
[Code]...
How I can attempt to identify what traffic is being dropped?
How i can configure the SFP Ports on my 4500 SERIES CHASSIS with other SFP ports on the connecting switch. I want to connect 15 switches via GLC=SX=MM to my 4506E sfp card.
View 4 Replies View RelatedI'm trying to forward ports for SQL and VNC using these commands in the CLI:
ip nat inside source static tcp 192.168.1.150 5900 interface GigabitEthernet0 5900
ip nat inside source static tcp 192.168.1.150 5800 interface GigabitEthernet0 5800
ip nat inside source static tcp 192.168.1.150 1433 interface GigabitEthernet0 1433
where 192.168.1.150 is my server (that hosts SQL server and that I want to be able to connect to remotely using VNC) and GigabitEthernet0 is my configured WAN interface.
When I try to connect from an external client I get the error: "Failed to connect to server..." Is this a firewall issue? How do I get round it? The 819 is the only router/firewall in my network.
i would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?
View 3 Replies View RelatedDoes Nexus 7K support Multiple VDCs sharing ports on a single line card. One of our cisco parnter engineers stated that cisco doenst recommend using same line card for multiple VDCs.The second VDC (Non-Default VDC) will be used four our Outside, and DMZ Segment, and to phyiscally segregate our Firewall from our Internal/Inside Core Switch without using a physical DMZ Switch.I know Cisco used the Nexus in this way in their PCI DSS 2.0 Compliance Document. Module is N7K-M148GT-11L
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
Have our public IP address space masked on /24 at our Internet Router. The router portion of 3845 connects to Internet, while the internal switch connects to my internal network and seeds it with the public address space. The switch had a port configured no switchport (L3) with an ip address with /24 (ie 67.63.145.1 /24) this connects to internal IPS/IDS then to Firewall which NATs to internal, then packet shaper, web filter etc etc etc. I need to test my ISP speed so I need to "break in" to the link between the switch and the IPS/IDS. I figured I could configure another port on the switch on the 3845 but my problem is the port to my network is routed and is masked on entire /24. I tried to configure a port on VLAN 1 and give myself an available address in the L3 address space and this did not work (figured it would not but gave it a try)
Any way to get two ports configured to use the same subnet while one is a L3 routed port and the other is just part of that layer 3 routed network?
As per the attached diagram: How do I configure the 2 ports on the 3560 (Ports 6 & 7) and the connected ports on each of the 2960 switches (Port 25) to provide redundancy.
If the up link from Switch A dies then I need the traffic to flow through the trunk and utilize the up link on Switch B with minimal delay (milliseconds).
We have upgraded our gateway router from a Cisco Linksys RVL200 to a Cisco 861, this is a big jump from a GUI driven system to IOS CLi and i'm having issue finding my feet. I tried the Cisco CP system but it didn't work so I'm going to configure it with IOS commands. I wish to replicate the current configuration on the 200 with the following setup.
I have created a DHCP pool but i am unable to configure the FastEthernet ports to hand out address automatically, the pool is called USERS with range 192.168.1.30 -> 192.168.1.253.How do I work out the client-identifier for a DHCP client, I don't want to plug this into the network and manual reconnect all the PC's just to get the ID then make a static route.
Can i configure access ports into port channel on Nexus 7K switch.If possible then provide the complete configuration.....
View 2 Replies View Relatedthe cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.
View 6 Replies View RelatedI have 2 links to 2 different departments switch with an up link of 10mb. I want to guarantee that both departments get at least 5mb, but can use part of the other 5mb that not in use. Is this possible?
View 3 Replies View RelatedI need to configure cisco router 2921 for snmp v3,
View 5 Replies View Related we recently aquired a managed services job and have to do a overhaul of the vlan configs and have a whole dozen WC2948G's trunk between a set of ports as well as trunk out a LAG channel setup to non cisco equipment. the deal is the lacp-channel works properly on both ends but no routing of vlans between ports and between the lag trunk are working.
theres alot of settings in the config and im planning on clearing it and starting from scratch but before i do i want to know where my problem lies.
[code]...
I am configuring DHCP pool for voice vlan on cisco 2921 router.
Here is the setup.
2921 router -> 3750 -> 2960 PoE -> 7942 IP Phone
Router Config
ip dhcp excluded-address 10.146.54.1 10.146.89.50
!
ip dhcp pool VoiceVlan
network 10.146.54.0 255.255.255.0
subnet prefix-length 24
dns-server 10.144.68.32 10.144.68.33
option 150 ip 10.146.68.36
default-router 10.146.54.1
netbios-name-server 10.144.68.32 10.144.68.33
netbios-node-type h-node
[code]....
i have an 2921 connected to an Catalyst 3560. My router interface shows quite a lot of input queue drops. Load is not too much max 5/255.
View 1 Replies View RelatedI am not able to configure Service policy output command in Cisco 2921 router.While configuring I am getting below error.Same config is working fine in Cisco 3845 router.I am suspectting the problem with license in IOS.
View 3 Replies View RelatedWe are in the process of switching our infrastructure of our routing/firewalls/vpns over to cisco. We are switching our first location and one of the issues I'm struggling with is windows authentication pass-through for internally hosted web pages. Meaning, user inside our network has the 2921 as their default gateway, they try to access a web page that is hosted on the internal network but is secured with windows authentication. In the past, because they are logged into the domain internally, the website authenticates and loads. After switching to the Cisco, it asks for a password even though they are logged in.
Because its the web server that actually authenticates I'm not sure why the router isn't allowing that to happen, but I can't think of anything else that could be causing this behavior.
i would like to "team" two ethernet ports on a 2921 router into a single redundant link to a switch, similar to how an HP server teams multiple NICs to a single IP address. is port-channeling the best/only way to do this? i don't necessarily need the two links to be load balanced or bonded, considering the serial side of this router is just a single T1. i just want the links redundant, so in case something goes wrong with one cable or switchport, traffic will go over the other link.
View 6 Replies View RelatedHow many routed ethernet ports do they support when using HWIC-1FE and HWIC-2FE modules? On the Cisco site for the two interface modules and in the corrseponding PDF of supported interfaces for 29xx routers a maximum number of 2 2port modules(HWIC-2FE) and 2 1port modules(HWIC-2FE) is written.Does this mean, that I can put in 4 L3 HWIC modules into one Cisco 2921 router by combining these two HWIC modules resulting in a total number of 7 interfaces for this router?
View 3 Replies View RelatedI am getting the new Cisco 2921/K9 router, which comes by default with 3 Integrated 10/100/1000 Ethernet ports. I have Comcast Cable as the ISP, so can I connect the ISP RJ45 Copper cable directly to one of the integrated ports or do I have to buy another WAN Interface Cards for the ISP.
View 3 Replies View RelatedMy internet is running through a D-Link DIR-655 router at home it's giving me some problems at the moment.Me and my roomie both play World of Warcraft and we both have to have the ports open for updates, and it won't let me.It will only let me open the ports for 1 IP, if i try to open it for more it 'conflicts', it's only passing through the port in the router, it's not dedicated to one IP.
View 6 Replies View Relatedi have a router 2921 with the aproprieted voice card for E1 and licenses. I would like to know how to configure it for incoming and outgoing calls. I already configured the ephone and SIP phones for internal calls. now i just need to configure it for send and receive external calls.
Router:
IOS: c2900-universalk9-mz.SPA.153-1.T
CME: 9.1
ISP from Brazil:
type: E1
signal: R2 Digital
Channels: 32
Phone Number Iniital: XXXX-9250 (main)
ephones-dn numbers: 9250 to 9280
I have bought DRAM MEM-2900-2Gb for 2921, and received the following error...
Validation failed for DIMM0
*****System halted*****
%SPD info: DIMM0: Invalid DIMM type (only UDIMMs are supported)
We have remote office where we have 2921 router with 6 layer 2 switches. We have few servers which need to be in specific vlan.
2921 router does not have switching engine we are using this to support VOIP.
So on 2921 router i created 6 sub interfaces for each vlan and assign them to their specfic vlans. Then I have trunk connection to switch 1. Now switch 1 connects to all other switches in the network. As our company design all layer 2 switches should be transparent mode. i tested them i can ping from one switch to all other switches.
Router vtp mode i set to transparent mode and from all switches i can ping the router sub interfaces.
I have a CISCO2921. I am not able to bring up its gi0/1 interface. It stays down down.
[URL]
I know that interface is not coming up because of "no media" below. Router#sh int gi0/1 | i media Auto Duplex, Auto Speed, media type is no media
I have tried media rj-45 and media sfp which have also not worked. The other end of this link is ethernet handoff. What is it that I have to do for the link to come up? If I change the connection to gi0/2, I think that will work because I see this for gi0/2:
Router#sh int gi0/2 | i media Auto Duplex, Auto Speed, media type is RJ45
An interface on 2921 router is not coming up. When I shut/no shut the interface, I see this:
Router#sh log | i 0/2
Oct 17 08:55:06: %IP_VFR-7-FEATURE_DISABLE_IN: VFR(in) is manually disabled through CLI; VFR support for features that have internally enabled, will be made available only when VFR is enabled manually on interface GigabitEthernet0/2
Oct 17 09:00:35: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
[Code]...