Cisco WAN :: 1800 - VRF Lite Scalability
Feb 14, 2011
Imagine organization has about 300 partners. Currently data center has 100 Cisco 1800 routers to accept P2P connections for each partner.
Now organization proposal is:
- Use MPLS and use an extranet network. Advertise a certain unique route to each partner..
- Grant unique VPN ID for each partner and VRF Lite at the data center. Then bring each partner with separate tagged VLAN to the data center via MPLS.
Can VRF Lite scale to more than 300+ partners OK?
View 1 Replies
ADVERTISEMENT
May 31, 2011
I have three Hub routers that I'm wanting to compare DMVPN scalabiltiy capabilities (3825 versus 3945 and 3845). I know it must be there somewhere and I'm just not looking in the right place. But I've read and read and read about DMVPN designs and I'm not finding anything. This is turning into a time killer. What are the DMVPN limitations of these three routers are?
View 6 Replies
View Related
Aug 1, 2007
I am running a network comprising of Catalyst 6513's with SUP7203B's. at present we have 800 VLAN's as we make use of a VLAN per access layer switch model.
I know have a problem that as soon as I enable multicast routing my SUP720's CPU runs at 100% and the system goes into a slowdown.where I can find information on the scalability of Multicast?
View 15 Replies
View Related
Mar 31, 2013
Can Cisco 3945E support VRF-Lite ?
View 4 Replies
View Related
Jan 22, 2012
Using the VRF- Lite functionality on Cisco 3750G's (WS-C3750G-24T-S), I've got a situation currently with a set of 3750's running inter- v LAN routing for around 80/90 connected sub nets (140+ gig ports). I'm looking in the coming week at creating a new VRF and enabling OSPF for that VRF while leaving the existing routing arrangements in the Default IP Routing Table.
I'm in a situation where I can't replicate the live config into a lab to test the impact / implications of enabling / creating VRF's. I know the 3750's have a very small support for VRF's (24 if I recall) but I only plan on using 2 or 3 max currently.
View 6 Replies
View Related
Apr 2, 2012
How do I tell if my cisco 2960 has the Lan Base or Lan Lite image?
View 11 Replies
View Related
Apr 6, 2012
We want to deploy a NMS (Network Monitoring System), in this case SolarWinds, to monitor devices we have deployed at the customer site. We will make an IP VPN connection (ASA5510 with Cisco 800's) to the customer site. We have one primary NMS installation running in our datacenter. This NMS has to have a connection to all customer sites. We run into a problem when two customers use the same subnet. We want to use VRF-Lite to solve this problem but I am stuck in my design.
I have attached "VRF.jpg" to show the (basic) design I have made. The connection from customer to the router in the datacenter is not a problem. We can put the fa0.1 and vpn interface in the same VRF group. Via one physical cable we will go from router to NMS in which the NMS has multiple virtual interfaces. The datacenter router will route between the 192.168.x.x (NMS) and 10.1.1.x (Customer).What I can't seem to comprehend is how the NMS can decide how to get to Customer 1 or Customer 2. The customer can reach the NMS one-way but the NMS has no way to reply back because if it replies to 10.1.1.1 it can either use interface fa0.1 or interface fa0.2.
View 3 Replies
View Related
Nov 17, 2011
I'm having a rather bizarre and highly annoying problem with static NAT on an ME6524. I've created a virtual router (VRF CORPNET) which has one physical L3 interface, one SVI and one Loop back.This Virtual router has the sole purpose of Na Ting our internet-addressable IP addresses to another set of addresses on our Corporate WAN.
There are two NAT rules - a single 1-1 Static NAT, and an overload NAT for everything else, which uses the Loop back address. The 1-1 Static NAT is used to NAT our VPN ASA, which is used to establish a Site-Site VPN to one of our counterparts on the Corporate WAN. This works fine most of the time, however once or twice a day, the NAT just stops working, our Site-site VPN drops, and traffic is being seen on our counterpart's firewall with source address UN-NATed (They see 200.200.200.1, when they should see 30.30.30.65). When we go onto the 6524 and do a show ip Nat translations we get the following (200.200.200.1 is our VPN ASA - 200.200.200.10 is just user traffic):
ZR-BDG1-6524#sh ip Nat translations
Pro Inside global Inside local Outside local Outside global
udp 30.30.30.65:500 200.200.200.1:500 30.30.40.4:500 30.30.40.4:500
udp 30.30.30.65:500 200.200.200.1:500 30.30.40.4:500 30.30.40.4:500
[code].....
As you can see, for some reason we have multiple identical PAT entries for port 500. While this is the case, traffic from our VPN ASA is crossing the box without being Na Ted. If I issue a clear ip Nat trans * then the situation is immediately resolved, and the VPN reconnects without issue.
View 1 Replies
View Related
May 4, 2012
I am trying to “build up” a small home-network and using some of following Cisco equipment’s
ASA 5505 v8.4.3 witch base licenseCisco Catalyst 3750G with ipservices version 15.0.xand 1 qty of AP1142N I am not able to get internet access from any VRF’s.
From "MILAN (LAN) VRF, I am able to ping my gw: 10.45.45.1 but I am not able to ping for example: “linknett VRF”.
It seems that i am missing some NAT rules on ASA or ?
If i connect my laptop directly to the ASA, i am able to get internet access!
I am not feeling comfortable with a new ASA 8.4 code yet, so im not so sure which exact code's i am missing on ASA ...
attached digram including configuration files from ASA and 3750 sw.
View 17 Replies
View Related
Jul 1, 2012
Thinking of getting one of those 8-port 2960 for a CCNP study. Is the difference between the C2960-8TC-S and the C2960-8TC-L models in Hardware, or in IOS? or both? And if it's in IOS, is the S upgradable to L?
View 7 Replies
View Related
Apr 11, 2013
I am trying to test (if possible) the idea of having 2 6509-E switches connected directly to each other while using VRF-lite (Sup 2T). The idea is to have 3-4 separate networks. For example Net-A, Net-B,Net-C, Net-D. There is no PE router*, just these two switches. Also, there sin't any other access layer switches. All users connect directly to the 6509-E's via switch 48 port switch blades.
Net-A and Net-B on separate VRF's, but able to talk to each other. Net-C and Net-D* on separate VRF's without being able to talk to any other. Net-D* will have a PE since it comes from an external network. This is something I would like to test in a lab environment, but I am not familiar with VRF's.
View 1 Replies
View Related
Jun 6, 2013
we have inserted into a network with VTP a Cisco Switch 2960-S, not knowing that had installed IOS LAN lite.Now I discovered that it can handle up to 64 vlan. In the network there are currently configured 62 VLAN: what happens when we exceeded the max number (64) of VLAN for that switch?
View 6 Replies
View Related
Sep 1, 2007
I have a 1841 with 12.4(16) IOS.In my configuration I have to interfaces for internet access, without vrf:
interface ATM0/0/0
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
[code]....
This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection) Then, I have this interface in VRF named "lan123"
interface FastEthernet0/1.23
encapsulation dot1Q 123
ip vrf forwarding lan123
ip address 192.168.143.254 255.255.255.0
ip nat enable
Now the issue.If I write:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0
this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.
If I try to use:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0 global
there is an error indication.
View 3 Replies
View Related
Nov 9, 2012
Unable to access switch from outside the local network. Can get to all routers and PC's
View 2 Replies
View Related
Feb 6, 2012
We ordered 4x cisco 2960 switch with LAN Lite software by mistake. Can we upgrade them to Lan Base?When I change boot image I get Error: hardware not supported by firmware.
View 3 Replies
View Related
Jan 4, 2012
We are trying to setup a new configuration with 2960S as access switchs and a 4507 as a core switch.I want to protect the management IP VLAN of the swich using vrf on the 4507 so we :
SHUT VLAN 1 on every switch (2960 + 4507)
CREATE A NEW VLAN 289 (management vlan) -> IP network : 10.32.126.192/26
L3 VLAN on every switch
VLAN 289 in the VRF XXX on the 4507
create tunk between the switch and the 4507 :
switch mode trunk allowed vlan 200-230
sw trunk native vlan 289
so with this configuration on the 2960 the vlan 289 is UP/DOWN and UP/UP on the 4507 I can access to the 4507 using the IP in the VLAN 289 but i cannot access to the 2960 behind the 4507 CDP connectivity is ok?
View 14 Replies
View Related
Feb 10, 2013
I need to buy a cheap Cisco switch with DHCP server.Can you confirm that 2960-24-S, 2960-24TC-S and 2960-48TC-S be a DHCP server?
View 3 Replies
View Related
Jul 18, 2012
A quick one because I'm scratching my head trying to figure the difference between the 2960 LAN Base and LAN Lite IOS installs. I want to put a 2960 into a site which has as layer 2 link on dark fiber taking it elsewhere. This part I'm not concerned about - the WS-C2960--24TC will do what I need without issue - but I don't know if I can get away with LAN Lite, or if I need LAN Base.
I basically need V LAN's with associated SVI's, and a routed link on the up link port (I don't care if it's a switch port with an associated SVI or a no switch port and IP address), but it's got to be able to run OSPF. Can I do this with LAN base on this series switch? Or do I need to go for a higher series (3560?). I *could* get away with static routes, but my boss is walking death on them unless I can 100% prove they're necessary, so I'd rather not right that fight!
View 5 Replies
View Related
Apr 4, 2013
Do I need to run any special license (like IP SERVICES) on the Cisco Catalyst 4900M in order to run VRF lite?
View 4 Replies
View Related
Jun 20, 2012
I have some 2960 switches with Lan Lite ios in my infrastructure.And I try to configure them to support "trust device cisco-phone" and "switchport priority extend cos 0" on ports with cisco phones.But LAN Lite image does not support "mls qos trust device cisco-phone".can I use any workaround to trust cos of cisco phone and to remark PC traffic with cos 0?
View 1 Replies
View Related
Jun 11, 2012
I have a Linksys E3200 and I need a IP address to hook up to A Nintendo DS lite. it requires a WFC and I have trouble connecting to it .
View 6 Replies
View Related
May 15, 2013
setting up VRF-lite on redundant 6509-E chassis to account for chassis failure? Let's say I have 2x 6509-Es configured with HSRP for 2 vlans, ServerA and ServerB. So
6509-A#
!
interface Vlan10
description ServerA VLAN
ip address 10.10.10.2 255.255.255.0
ip flow ingress
standby 1 ip 10.10.10.1
standby 1 priority 105
[code].....
I now need to create an environment where the Server VLANs can be provided for two customers and they need to be wholly separate. On 6509-A, I make VRF CustomerA and VRF CustomerB and I assign Vlan10 to VRF CustomerA and Vlan20 to CustomerB. Do I create the SAME VRFs on 6509-B with the same logic?
View 1 Replies
View Related
Jan 26, 2013
I have a 2960 SI lan lite switch that I am configuring for admin and guest access. I have wireless AP's plugged into trunked ports 2 and 3. I am using two vlan's (in addition to the native VLAN). Vlan 5 for Admin and Vlan 10 for guest access. I have ACL configured on the router preventing guest users from accessing the Admin network. I want to prevent those on the guest network from seeing other hosts in the vlan however the lan lite software does not support port ACL's. Any way to accomplish this with this switch.
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
[Code]...
View 5 Replies
View Related
Sep 19, 2012
Cisco 1800 router SNR at 3db
View 3 Replies
View Related
Jan 23, 2011
My boss want me to configure a cisco router 1800 series to an IP VPN, but I don't know how to configure a router with an IP VPN...
View 2 Replies
View Related
Aug 28, 2012
I have an existing 1800 router that is using NAT and VPN to HQ. I now have a new ISP provider and so now i need to chane the Fastethernet1 IP address. I know how to do that but what else do I need to change to make everything continue to work?
View 10 Replies
View Related
Jan 25, 2011
How can I use a 1800 router as a firewall. I want also the router be able to make VPN.
View 1 Replies
View Related
Oct 15, 2012
I have a client that has 6 public IP addresses. He needs to use 3 of them. One for workstations which is currently working fine. It is using the default gateway IP. One for a email/web server which has a statis NAT and is also working fine. But we need an additional NAT but it is for 3 servers that all need to go out as the smae public IP. I am not sure and been unsuccessful getting those to go out as the same IP. I either cannot get them to exit the same IP or it breaks the workstation NAT.
Workstations would be 10.0.0.100 - 200 going oput the FE1 interface or I think x.x.94.122
Email would be 10.0.0.5 going out the statis NAT of x.x.94.123
I then need 10.0.0.2 - 4 to go out x.x.94.124
I removed some ACLs and IP info for security. Attached is the current config.
interface FastEthernet0
description $ETH-WAN$$FW_OUTSIDE$
ip address x.x.4.240 255.255.255.0
[Code]....
View 1 Replies
View Related
Nov 28, 2011
I don't know much about routers, but lately I've been playing around with router configuration and getting better but I am kind of stuck now.
The scenario is this.
I have 3 ip net from the ISP:
178.249.51.0/255.255.255.248 Gateway 178.249.51.1
178.249.51.8/255.255.255.248 Gateway 178.249.51.9
178.249.51.16/255.255.255.248 Gateway 178.249.51.17
[Code]....
I am also wondering - when we get more public IP net from the ISP, is this the correct way to do it?
View 5 Replies
View Related
Sep 24, 2012
My team already bought one 1800 Series router. And they setted some passwor.
Right now i am not able to login. I know the cisco password recovery method to reset the password.
Instead of password recovery method i want to try with total factory default setting.
is there is any method to do factory default without login
View 5 Replies
View Related
Jun 9, 2013
load balancing and automatic failover between two isp
View 13 Replies
View Related
Sep 3, 2012
What commands do I need to enter to correctly authenticate with my DSL PPPOE provider? I need to have the ID and Password entered into the router.
View 19 Replies
View Related
Aug 29, 2012
I have a cisco 1801 router that is not prompting for enable password.After loging into router thru telnet it puts direct into privelege mode without promting for enable password.Here is the configuration:
User Access Verification
Username: adminPassword:xxxxx#sh runBuilding configuration...
Current configuration : 2132 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname xxxxxx!boot-start-markerboot-end-marker!enable password 7 022F0A5D0208063555692B!no aaa new-model!!dot11 syslog!!ip cefno ip dhcp use vrf connectedip dhcp excluded-address 192.168.0.1 192.168.0.10!ip dhcp pool LAN import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.1!!!multilink bundle-name authenticated!!username admin privilege 15 password 7 112017031E1C02181Dusername user privilege 3 password 7 091D1C5A100B111B05051033!!archivelog config hidekeys!!!!!interface ATM0no ip addressno atm ilmi-keepalivepvc xxxxx
[code].....
View 7 Replies
View Related
