I am planning to implement SSL-VPN (Any Connect) on an ASR 1002 router running IOS-XE Software Version 15.1(3)S2. I need to use LDAP for user authentication, and need to understand what are RADIUS/ TACACS requirements to use LDAP. Do I need to use Cisco ACS or can I use something like Microsoft IAS or Free Radius?
View 6 RepliesI would like to know the technical Specification regarding the AC power supply for ASR1002.
I need to know the following:
Voltage
Amp
BTU
Watt
BTU and AMP for ASR 1002?
I have one ASR 1002 router and one GSR router. when i insert SFP-OC48-IR1 module with GSR and connect 100 Mb link that comming from MUX then the GSR port is up but when the link is connect with ASR with same module the port not going up.i had cross check the module GSR to ASR but the problem remain same.
View 1 Replies View RelatedI have Cisco router ASR 1002-F on which I have created two subinterface, Gigabitethernet 0/0/1.333 and Gigabitethernet 0/0/2.111. I try to bridge those two subinterface but no success. I can create bridg-group and everything needed but I can not add subinterface to specific bridge-group. If I try write command bridge-group on subinterface there is not even possible to chose this command.
View 1 Replies View RelatedOK ran into a little problem with getting this to work. Only group members participate in the encryption process, correct?
I have numerous remotes all coming into one central location. I set up a KS and have currently only 2 of the remote routers set up as GM's, with the intention of the others coming into play as I move forward. Here is basically what I have in my KS and GM's:
KS
crypto isakmp policy 10 encr aes authentication pre-share group 2crypto isakmp key testkey address [code].........
GM's
crypto isakmp policy 10 encr aes authentication pre-share group 2 lifetime [code]....
So I applied the crypto map to the serial interfaces on my routers on either side of the cloud (central-ASR1002 and remote-ISR1841). When I did this, ALL the remotes went down and I'm not sure why. Even the ones that didn't have anything to do with gdoi. Ya, it wasn't good. I thought that only the group members would be affected.
Is it the fact that my acl is encrypting any to any? Surely I don't have to reverse that and have two statements with the same syntax. I'm basically just trying to encrypt all traffic from specific remotes back to the central side. However, I'm trying to do it without taking down the rest of my network .
We are running LMS 3.2 with IPM 4.2 installed....and we are looking to do IPSLA monitoring on a couple of our Cisco ASR's with IOS-XE code installed.
I looked at the IPSLA feature mapping and it only talks about supported IOS code....do we need to upgrade our current IPM module to a current version?
in LMS (4.1) installing guide, table 'Software and Hardware Requirements for Soft Appliance', it is stated Memory and CPURequirement:
• 4 GB, 2 virtual CPU (< = 500 devices)Host CPU Core clock speed:
• Minimum 2.26 GHz Minimum Virtual CPU Reservations: Number of recommended virtual CPUs x 2.26 GHz:
• 4520 MHz (< = 500 devices)
I have HP server with 6 core CPU 2.0GHz - does it mean it does not meet the minimum system requirements (2.26Ghz)? Will I be able to go pass the installation?
According to the Installation notes for ACS 5.3 we need 500GB of storage for a working installation - if not it defaults to taking 60 GB of disk space for an eval version.
View 1 Replies View Relatedhow to setup 802.1x on the Cisco 500 Series Switches.I have done the whole implamentation in the past with Catalysts and ACS.But would like to see a guide for the 500 series.Do we need the Cisco ACS or can we use RADIUS on Windows?
View 1 Replies View Relatedregarding the power requirements. I have this Cisco 6503-E switch and I need to know what I need in terms of power.
The manual says if using 120VAC, I will need 16A. If using 230VAC, the unit will require 8A.
I have 2 dedicated 20amps circuits both at 120V. Am I correct on plugging each of the power supplies of the cisco unit to each of these circuits?
Another question will be, do I really need to dedicated 2 dedicated 20amps circuits for the unit? Can't I just use one dedicated 20amps circtuis and connect both power supplies to it?
I am reading up on the ACS VMware appliance installation instructions and am a bit confused on the disk space requirements. It says 60Gb is required and then goes on to talk about 500GB for the secondary instance. Do I need more than 60gb? Is the secondary instance a separate machine or part of the same one?URL
View 5 Replies View RelatedAm currently running BT Voyager 2091 wireless ADSL router with BT Voyager 1055 wireless USB adapter. What system requirements does one need to upgrade to 802.11n. The OS is XP Pro x32 bit x86 based PC
View 1 Replies View RelatedI have route-map defined on my ASR 1002 12.2(33)XNE and applied to my gi0/0/1 interface. I need to change the IP address defined on the "set ip next-hop ..." line. My question is, when I make the change in just the route-map definition, does the change take effect immediately, or do I need to remove and re-apply the "ip policy route-map ..." statement on the interface? If I do have to remove and re-apply, will this be service-affecting for all the traffic flowing through the interface? I'm just not sure what to expect.
View 2 Replies View RelatedI have Cisco ASR 1002, code XE 3.4.1 doing site-2-site VPN with an ASA managed by another company that I have no control over running 8.3 (I think).the site-2-site vpn is very easy straight forward as follows.
View 4 Replies View RelatedI have a pair of physical ASR 1002 routers, called ASR-1 and ASR-2. I setup HSRP on both ASR-1 and ASR-2 on both g0/0/0 and g0/0/1 interfaces, nothing complicated, just straight forward HSRP.
Now Cisco TAC told me that HSRP is NOT supported between physical ASR routers. WTF!
Furthermore, they told me that HSRP only supported within a single ASR because of multiple routed processors. In other words, you can setup HSRP with a single physical ASR but not with two physical ASR routers.
HSRP can not supported with two physical ASR routers?
I have 2 sub net directly connected to a ASR 1002. This is the configuration
interface GigabitEthernet0/0/0
ip address 193.145.14.114 255.255.255.252
negotiation auto
[Code] ....
The interface gi0/0/0 is connected directly to 193.147.14.113/30 in another router. And the Gi0/1/1 is connected to my internal infra structure. From my router I can ping 193.145.14.113 . So. I configure my PC with default-gateway 193.147.107.3 (ASR).
From my PC
I can ping 193.147.107.3 (gi 0/1/1)
I can ping 193.145.14.114 (gi 0/0/0)
But I can not ping 193.145.14.113 (the other point connected to gi0/0/0)
Why???? It is a IP inside of a sub net directly connected to the ASR. Why the ASR is not doing routing? ip routing is enable.
I'm trying to upgrade the ASR 1002 we just purchased and am having some issues (this is a new device and is not in service). I first tried upgrading the ROMMON using the upgrade rom-monitor filename bootflash:asr1000-rommon.150-1r.S.pkg all command, but the upgrade didn't seem to work completely. When I do a sh platform I get the below output showing 15.0(1r)S: [code]
no valid BOOT image foundFinal autoboot attempt from default boot device...Rommon upgrade requestedMaximum upgrade attempts exceeded, continuing with old Rommon...
I've also tried upgrading the IOS, but that is not working either. I tried "boot system flash:asr1000rp1-advipservicesk9.03.02.00.S.151-1.S.bin" command, but that did not work. I made sure the image was good using the "verify" command and made sure to set "config-register 0x2102". After I do a wr me and reload the router I get the below errors. [code]
We have a 7604 chassis with the following equipments:
1. RSP720-3C-10GE
2. 7600-SIP-400
3. SPA-1X10GE-L-V2
We would like our SPA to support XFP transceiver having part number XFP-10GZR-OC192LR.
Got a question regarding 2921 modules. Can I use VWIC2-2MFT-T1/E1 along with NM-HDV2-2T1/E1 on 2921 and what is the minimum requirements for IOS image?
As I understand, NM-HDV2-2T1/E1 is supported on 2921, however VWIC2-2MFT-T1/E1 is not, VWIC-2MFT-T1/E1 only. But VWIC-2MFT-T1/E1 is not supported on 2921.
What are the VMware requirements to run ACS4.1.4? Im trying to use a VM this as the migration server. According to the cisco docs, it states that: "ACS 4.1 has been tested on the VMWare ESX server with the following configuration:
•VMWare ESX Server 3.0.0
•16 GB of RAM
•AMD Opteron Dual Core processor
•300 GB hard drive
•Four virtual machines
•Windows 2003 Standard Edition
•3 GB of RAM for the guest operating system"
I understand it will work as it "has been tested" with those specs, but the doc does not state the minimum requirements for the virtual machine. I dont want to use/find 300GB of space if I only need 20GB(as an example) to make it work.
I need to choose router for my network. I don't have any special need, besides Internet connection and DHCP for some guest clients.There are around 30 IP phones (static IP), 30 PCs (static IP), and 10 wireless APs (users get dynamic IP). Maximum load is 5 phones, 5 PCs and 20 phones/laptops connected via wi-fi.
I guess I should go for Cisco 800 series. Would model 861 be good or I will need 881 or even 891?
I have a Cisco SG500-52P along with an older SGE-2010P, am I correct that in order to stack they must be the same series?
View 1 Replies View RelatedWe have a scheduled office move where we are consolidating 2 remote offices into one. I’ve been asked to spec out the correct size UPS to support all of the network equipment for this new office.I went to the Cisco website and I see on the datasheet for the switches and router where they talk about the wattages and BTU’s but how can I go about deciphering from that information what my total wattage and BTU will be for each switch and router?What numbers should I be looking at? For instance, we have 3 3750 48 port PoE switches. So if I look at the datasheet for that switch they have 4 different columns, one for 100% throughput power consumption, one for 5% throughput, another one for 100% throughput for max PoE load and one for 5% throughput with 50% PoE loads?Is there a common method for deremining UPS requipments? For the switches I pretty sure I need to assume max PoE load in the event every port has a phone plugged into each port.
View 3 Replies View Relatedhow can I monitor and prioritise traffic on a ASR 1002? Currently we have allowed another organization to use our 1GB link and we would like to monitor what sort of traffic flows through it and want to prioritise the traffic depending on the applications.
View 1 Replies View RelatedAs soon as I connected my ASR 1002s to the Internet and digested the Internet BGP table, I began receiving this message. I’ve google’d and turned up nothing so far. I assume I need to allocate more memory to this process.
%PLATFORM-4-ELEMENT_WARNING: R0/0: smand: ESP/0: Committed Memory value 312% exceeds warning level 310%
Here's a sh mem:
#sh mem Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)Processor 3008A008 1758530508 647878488 1110652020 1110104020 1109994164lsmpi_io 98FEB1D0 6295088 6294120 968 968 968
I need to know, can i create svi on the ASR 1002 ?
View 2 Replies View RelatedI've been working with a company in the UK to get a PTP connection setup between Minneapolis, MN and Chicago, IL. At each site with have a ASR1002. The connection is made via a fiber connection from Level 3. Level 3 is just handling layer 2 and we are to take care of everything else. As of right now they can see the mac address of the Minneapolis port in the Chicago router. But, I can't see theirs. Nor can I ping the Chicago router. The config that was give to me by the higher engineers is simple enough.
View 3 Replies View RelatedSince a upgrade in IOS XE 3.0.9, our ASR 1002 have a problem with the DHCPDISCOVER.
View 1 Replies View RelatedI am working up a configuration template for an install I am doing in a couple weeks and wanted to take a look at the base config of an ASR1002.
View 1 Replies View RelatedI have a cisco ASR 1002 I have plugged a host into an addressed port and the port comes up however the host cannot ping the router and the router cannot ping the host. Neither can router ping its self. I do the same on a cisco 2800 router and it works fine. What's goin on. Is it the fact that this is a ASR router ?
View 5 Replies View RelatedI have implement MPLS L3VPN on my network to provide service to customer and right now we plan to have service VPLS on our same router. What is needed to run the VPLS in our MPLS network ? I heard that we need addictional switching module and upgrade my IOS to support it but I am not sure.
View 2 Replies View RelatedI want to terminate the IP Sec VPN tunnel on the Cisco ASR 1002 router, but it shouldn't have be bedirectional traffic to the other end., and it should be answer only, We don't run tunnle over GRE (no IPSec profile), just IPSec only. I found there is a command "crypto map *** client configuration address respond" but it looks it is global command and we have lots of VPN terminated on the Cisco ASR 1002 router, How can we configure the "Answer Only" for only one specific VPN tunnel and it won't impact the others?
View 2 Replies View RelatedI get this error when updating the IOS on our ASR 1002 router:
Calculating SHA-1 hash...done
validate_package: SHA-1 hash:
calculated e581b06d:923b1cc8:e5497571:66f9de35:70fd0ac8
expected aedab318:d8f213f5:36e12355:f70fa900:5c12d08c
SHA-1 hash doesn't match
boot: error executing
Is there someplace where I can configure the expected SHA-1 hash?