Cisco WAN :: 1841 / How To Test ICMP Time-exceeded
Oct 28, 2012
i had a client request to block ICMP request on their 1841 WAN link. i've got ACL hits for ACE 170 but not for 171.
how to test or simulate for ICMP time-exceeded? is this TTL related and is there a DOS command or any way to produce ping packet with a less TTL count that would hit the ACL log? below is the config.
interface FastEthernet0/0
ip address 202.42.x.y 255.255.255.252
ip access-group IDS_Fastethernet0/0_in_0 in
ip access-list extended IDS_Fastethernet0/0_in_0
[code]....
View 2 Replies
ADVERTISEMENT
Jun 20, 2012
I've just installed an SG300-28 (v01) switch configured in layer 3 mode with 1.0.0.27 firmware. It's working just fine except that when running a traceroute across the switch, it does not respond with an ICMP-11 time exceeded packet. Does this behavior persist in the current 1.2.5 firmware?
View 1 Replies
View Related
Oct 17, 2011
when do we get Desteination host Unreachable and time to live exceeded while trying to ping .
From 10.1.1.1 icmp_seq=2 Destination Host Unreachable
From 10.1.1.1 icmp_seq=4 Destination Host Unreachable
From 10.1.1.1 icmp_seq=7 Destination Host Unreachable
View 1 Replies
View Related
Dec 31, 2011
I ran autosecure on my 1841 routere and now I cant do ping or traceroutes. What should I do to enable the pings and traceroutes after auto secure is done.
View 1 Replies
View Related
Jun 3, 2013
I have two 1841's, setting up a Lab WAN in Packet Tracer. I have one of the 1841's run to a DSL modem, then out to the cloud and the same setup on the other end... from the cloud to the DSL modem and to the 1841 on that end... I have all green lights, so that tells me layer 2 is up, but I'm trying to figure out
what IP to assign the routers to test pinging and getting traffic flowing. but the DSL Modem's have the public IP's and dynamically assign an IP to the routers? I've also tried setting up a static IP on the routers fa0/0 interfaces and the pings fail.. Wondering what I am missing to get these two talking.
View 2 Replies
View Related
Mar 13, 2011
I am in the process of installing a 3750x (IOS 12.2 (53r) SE2 IP Base) Cisco Catalyst switch in a new network of just 2 PC's (2 hosts, OS windows7 64Bits). I have enabled SVI interfaces with the both hosts installed in 2 different network segments. We then start connectivity test. The response time for the PING command between both hosts remain below 1 millisecond, whereas the response time between the hosts and their correspondent SVI interface is variable, and at all time is higher than 1 millisecond, sometimes it reaches 17 milliseconds. (Note that the switch CPU usage is only 8% at the time of testing) We have performed this same connectivity test changing the 3750x switches and in two different locations obtaining the same results.
View 2 Replies
View Related
Jul 24, 2012
I am in the process of setting up a site to site VPN connection with a Cisco 1841 with the AIM-VPN-SSL-1 module and an NEC IX2015. We are using a GRE tunnel with IPSec.The problem we are having is the NEC router will not repsond to ICMP packets (and there isn't a way to make it respond). Will this cause any problems with the tunnel?
View 2 Replies
View Related
Mar 4, 2012
I have cisco 1841 router in my office.In that router we configured MPLS bgp with two different service provider. [code] We can't able to use the different service provider at the sametime.Cisco 1841 is support two different AS ???
View 12 Replies
View Related
Mar 8, 2012
In cisco 1841 clock time is not stable.Every time the clock time is changed.
View 4 Replies
View Related
May 3, 2011
Question re: DIR-655; Hardware ver A4; Firmware version 1.32NA
During bandwidth tests to several sites (principally speedtest.net) I get ping times of 10-11 ms, download speeds of 12+ to 17+ mbps but failure on upload tests using my DIR-655.
When I bypass the 655 and test directly with my cable modem, all (including upload) tests work reliably and consistently.
I have swapped the two ethernet cables involved as well as replacing both with new cables but the results are the same (uploads fail with 655 and work without it)
I have seen several postings over the the last year with this same problem but have never seen any comment from D-Link, or a solution from any reader.
Not that it should have any bearing, but I have TA785GE-128M motherboard and am running Windows 7 (patch current) on COMCAST
is this problem acknowledged by D-Link and is there a solution?
View 14 Replies
View Related
Jul 26, 2012
Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting.works fine, but some Yahoo sites don't.Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.
View 0 Replies
View Related
Jun 3, 2013
Branch office has 881 VPN router. Services that ignore MSS in packets don't work. Adjusting MSS has no effect since the services are ignoring that setting. Example: www.google.com works fine, but some Yahoo sites don't.
Found a workaround for exceeded MSS for PIX and ASA (link below), but can't find anything for VPN routers.url...
View 3 Replies
View Related
Sep 28, 2011
I thought that in the past I had problems with my ASA5505 because I had to reboot a number of times, now that I have logging enabled I can see the following: -Deny traffic for protocol 17 src inside, licensed host limit of 10 exceeded.Does this mean that I can not have any more than 10 inside host going out of the outside interface at any time, if not what this means and how I can solve it.
View 16 Replies
View Related
Feb 21, 2012
I have had several complaints from around the firm where by mobile devices are being bumped off the PSK secured network (All other SSID networks are operating A-OK). Both Android and iPhone devices are being affected, the device will just loop until it reconnects, sometimes up to 20 minutes of trying to establish a connection. It will eventually connect so the key is not the issue.I've attached a debug of a device which fails to connect and then shortly after is successful.
Controller 5508 v7.0.116.0
AP 3502i IOS 12.4(23c)JA2
View 4 Replies
View Related
Nov 30, 2011
I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL) The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume. The MPLS forwarding table is very small however. [code]
I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl" There aren't any ACL's applied to any of the interfaces, or policy-maps. The only ACL's in use are for SNMP, ntp, and VTY. These are very small any way. Interface Gi1/22, and 1/1 have tag switching enabled. [code]
The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer. The CPU utilisation seems fine, as is memory usage. CEF seems to be running okay. It's currently running [code] Are prefix lists part of TCAM? Is the router over-resourced holding a full bgp routing table?
View 1 Replies
View Related
Jul 6, 2010
I've just installed ACS 5.1 and noticed that it seems to count managed devices differently than previous versions.
I have a 500 count license which should be fine as I have about 100 devices which will use ACS for TACACS. On ACS 3.x and 4.x, I would set up AAA clients by using a wild card for the subnets that host our routers/switches, say 192.168.1.0/24, 172.16.1.0/24 and 10.1.1.0/24. when I do this with ACS 5, I get a Managed Device Count Exceeded error messasge becasue of the potential of more than 500 AAA clients. It seems to be counting every IP address in the subnet as a managed device, even if there are only a handful actually in use. Is there a way around this short of having to manually enter (and maintain) the exact IP Address of every managed switch and rotuer which will use the ACS server for TACACS?
View 10 Replies
View Related
Feb 22, 2011
I have an ASA 5520 running version 8.2(1) and I am having an issue with ASDM sessions.I can SSH into the ASA and have tried to clear the sessions but they do not clear as per below.
largoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW# confi tlargoGW(config)# asdm disconnect 0largoGW(config)# asdm disconnect 1 largoGW(config)# asdm disconnect 2largoGW(config)# asdm disconnect 3largoGW(config)# asdm disconnect 4largoGW(config)# exitlargoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW#
An interesting point: the host dguselnx is my linux based computer that I am using to SSH to the ASA. I do not connect via ASDM from this device so it is strange that the hostid for the asdm sessions is showing as my linux host and not my Windows laptop (that I am trying to connect via ASDM from).
View 5 Replies
View Related
Nov 6, 2011
following errors.
Nov 7 21:34:50: %EARL_NETFLOW-SP-STDBY-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [99%]
Nov 7 21:44:44: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [91%]
I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
[1] sh run | in mls
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
[code]....
View 1 Replies
View Related
Apr 6, 2011
This is the error message I am getting on our ACS 5.1 appliance - is there anyway to purge the database or compact the file?
View 1 Replies
View Related
Jan 4, 2011
I have one 2621 router i want to creat time base access list so that one of my subnet user(10.128.194.0 255.255.255.128) use only internet between 11am to 2pm.
View 15 Replies
View Related
Jul 8, 2012
I just bought a WAP321 Wireless AP. I wonder why it cannot sync with our time server automatically. Every time I reboot it, the system time become "Fri Dec 31 1999 12:00:00 UCT". I have to do the sync manually by clicking on the "Save" button under the menu Administration > Time Setting.
View 5 Replies
View Related
Dec 13, 2012
I get on-line, and the internet all-of-a sudden starts to show that I've downloaded my limit of 250MB. Now, I am on Hughesnet for internet service, can not get on DSL, wont happen already asked. Now, I am running a router, only way my wife and son can access the internet. They have laptops windows 7 and build-in Wireless Cards. I have a desktop windows 7. My updates are scheduled in the morning hours about 5AM so their is no reason for the computer to update. Same goes for my wife and son, their are set for early morning hours as well. I get an error message as soon as I click on my webpage that I want to browse, Internet Can Not Display The Webpage or something to that effect.
View 8 Replies
View Related
Jun 29, 2011
Ciso 1941 router frozen once a day, sometimes after 2 to 7 days. When the router frozen, no internet connection and cannot login/ping ethernet ports. I can login to console port and copy the error messages below. Reload the router and it will return back to normal operation. Re-installed IOS but still the same.
IOS Version 15.1(2)T2,
Cisco CISCO1941/K9 (revision 1.0) with 487424K/36864K bytes of memory.
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
[code]...
View 5 Replies
View Related
Oct 26, 2011
I have WRT54G2 router. All settings are more-less default and the behavior is following.You start up the router. If you do not connect wireless device within 10 minutes, then you have to restart the router.You have assigned IP via wifi, and when you connect cable device to the router, the wifi PCs are disconnected.
View 3 Replies
View Related
May 1, 2012
I recently purchased a X2000 ADSL modem/router combination. For some reason the current time will not stay set to the time zone. Rebooting clears the discrepancy for a short time before it drops an hour exactly. I'm in the central time zone and the setting are correct on the basic setup.?
View 1 Replies
View Related
Jan 17, 2012
Is the WAG320N iPv6 compatable ? ,or could it be with a firmware update ?.Is the X2000 in the same boat in iPv6 terms as th WAG320N ?.Is there a way of retrieving "UPTIME" / "DSL connection time" information from the WAG320N and also line attenuation stats etc.Wouldn't need the above but poor isp needs keeping an eye on.
View 3 Replies
View Related
Jan 10, 2012
AI have a Dir-825 router. The 5GHz is turned off and the wirless is on G/N. I have shawcable for my isp and my firmware is 2.06 and its a Rev B Router. I also have Qos Engine on for allowing me to have 2 xboxes on Open NAT.problem is my wireless signal for some wired reason is VERY weak. A while ago it used to work really far way outside. It was around 150ft distance at 4 bars. Now for some reason I can't even go upstairs without getting a 1 or 2 bar signal.
View 3 Replies
View Related
Sep 1, 2011
i have had my dir-655 one year now, have never had wireless problems with it until now.my notebook's internet gets very slow somedays, i just restart my router and then internet speed works normally.i have:
Hardware Version: A4 - Firmware Version: 1.32EU
View 5 Replies
View Related
Jan 26, 2012
I cannot seem to ping between devices on two networks hanging off a 5520 unless I use the same-security interface command. I have the relevant ACL's set up between the interfaces, but it just doesnt work unless I have that command in - if I use that command, it bypasses the ACL.
Config
interface GigabitEthernet0/0.224
description NMS
vlan 224
nameif NMS
security-level 100
ip address 10.11.120.225 255.255.255.240[code].....
View 8 Replies
View Related
May 29, 2011
I want to know how to use ICMP protocol in sending a packet in a network ?
View 1 Replies
View Related
Jan 31, 2012
More and more recently I'm seeing that inspect ICMP and ICMP error do not allow trace route to work through the firewall from inside to outside.I used to go in, enable the inspections and subsequent trace route's worked. Now when this is enabled, the firewall still blocks return trace route.
View 4 Replies
View Related
Feb 27, 2011
I'm new to the Cisco WLCs and recently implemented a wireless infrastructure using a WLC 2100 with 1262 LWAPs. I have two of the 1262s plugged into ports 7/8 using crossover cables. They're functioning correctly with the exception of the inability SSH and send pings to the LWAPs behind the WLC. Is there anyway to ping/shh through the WLCs to the LWAPs behind it? I use an NMS (Nagios) to monitor the status of the LWAPs and it can't monitor them if it cannot ping them. Also, is there anyway to configure the WLC to monitor the status of LWAPs?
View 2 Replies
View Related
Sep 5, 2012
I am trying to set up the router (881) using Cisco Configuration Professional, to allow ping reply's..I can not for the life of me figure it out.
View 4 Replies
View Related
