sample configuration for internet failover . i have 2 ISPs with one coming in thought a serial cable and another through internet and would wish one take over after the other has failed .The router is Cisco 1921 .
View 4 Replies
I'm having trouble getting Tacacs+ to work correctly with ACS5.1 and a simple catalyst 3750 switch.I can authenticate with AAA, however i cannot get a single command to work once i'm in; "Command authorization failed" even on "enable".
Any useful resource that will walk me through the process?
I have a /25 block of public ips from my ISP which I'd like to subnet into two /26 blocks. I have a Cisco 2600 with 2 ethernet ports in it. What are the commands I'd need to take my 200.180.200.0 255.255.255.128, gateway 200.180.200.1 and turn it into 200.180.200.0 255.255.255.192, gateway 200.180.200.1 and 200.180.200.64 255.255.255.192, gateway 200.180.200.65? One of the interfaces will be connected to the ISP & the other to a switch, and then we could access the two subnets through the switch.
View 6 Replies View RelatedAny sample qos configuration that is enabled on a 6509 for voip ? it would be nice if its a auto-qos . I do not have an available 6509 to try this.
View 2 Replies View RelatedAny sample configuration of c1310 as a work group bridge.
View 2 Replies View RelatedI'm trying to find a document in Design Zone about configuring a Wireless AP and I wasn't able to find it. I have a good experience configuring switches, routers and firewalls in CLI and this is the first that I have my hands on APs (1240 AG).
View 2 Replies View RelatedWhere can I find a sample working configuration of (HP rebadged) 3120 Blade Switch?
I have the Cisco 6500 end configured as follows:
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,300,304,310,320,560-562,600,740,770,950
switchport mode trunk
load-interval 30
[code]....
I will be connecting 9/5 and 9/6 to Cisco 3120G (HP rebadged) Blade Switch in c-Class Enclosure tomorrow.It would be nice to have a rough sample configuration of the above 3120G switch.
I am using a Cisco 1921 with a Verizon 4G LTE card installed. The primary connection is a Cable Modem with the 4G LTE acting as the backup. I've setup a track on the static route to the primary ISP. I'm having multiple issues. Initially I used the Gig 0/0 int instead of a Loopback address for the IP SLA source. The IP SLA traffic would be sent to the cellular interface and cause an IP source violation and the interface would flap. Then I used the Loopback and I could not get the route to fail back when the connection came back up. Even with the Loopback as the source for IP SLA I'm still getting flapping and I think that is a NAT configuration issue. I've applied an access-group on the cellular interface to try to fix the ip source violation issues, but it doesn't appear to work. The IP-SLA-POLICY route map is an attempt to force the IP SLA traffic to the primary interface. [code]
View 1 Replies View RelatedI have a 1921 router with two wan interface configured, one is primary and the other is standby or backup in case the primary goes down, I was able to configure links to failover from primary to backup once there primary is down, but how do I configure to make sure when primary is up it failbak to to it. [code]
View 3 Replies View RelatedWe have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
!! Last configuration change at 13:18:34 UTC Tue Mar 29 2011!version 15.0service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname xxxxxx
[Code]......
Lately we have been comsidering an upgrade in our organization involving a 1921 router. The main role it will play is a load balancer/failover between 2 connections from 2 different ISPs. what additions are required to be added to this piece of equipment to make the configuration work. Im researching the matter now and it seems an extra card whould be purchased in addition to the router. Also, i cant seem to find much information on the available licenses to go with the router. will i need a special license to utilize the balancer/failover feature? (ip base, data, SEC).
View 2 Replies View RelatedHave a 1921 that has 3 eth connections (1 LAN, and 2 WAN) - I have 2 seperate OSPF processes (2 areas) on the WAN Ints - both upstream WAN's are sending defaults back to the 1921, and the 1921 is sending it's LAN range to them.
I have ip ospf cost 150 set on the "failover" WAN connection interface (Both on the 1921 and upstream), but the 1921 is preferring the default route from the "failover"?
The default routes are both being received by the 1921, but it's preferring the "failover" Int with the ip ospf cost 150 configured?
Here is a copy of my cisco 881 easy vpn config. What I need to modify so this will work on a cisco 1921.
hostname BTLvpn
boot-start-markerboot system flash:c870-advipservicesk9-mz.124-11.T3.binboot-end-marker
no logging bufferedenable secret 5 XXXXXX
no aaa new-modelclock timezone EASTERN -5
crypto pki trustpoint TP-self-signed-733417695enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-733417695revocation-check nonersakeypair TP-self-signed-733417695
crypto pki certificate chain TP-self-signed-733417695certificate self-signed 01 30820244 308201AD A0030201(code)
I'm having a problem when configuring this cisco router 1921 with an ip base software. Accordingly with the Cisco software adviser this software allows to configure the l2tp Client Initiated Tunneling. But configuring the router the commands are not recognized:
Router(config)#pseudo wire-class L2TP_PSEUDO
^
% Invalid input detected at '^' marker.
Router(config)#interface Virtual-PPP1.
Since Cisco 2511 is out of sale now and Cisco 1900 series are recommended to replace for the purpose of terminal/comm server. How to configure terminal server on HWIC-8A module?
View 3 Replies View RelatedI have a Cisco 1921 in place with the security IOS so it is also acting as a firewall.
I am wondering if I can enable the GUI so I can configure it remotely.
I have to open several ports from the WAN to LAN on a 1921:
For example:
Say I need port 41795 both UDP and TCP to go from the WAN to the LAN, can some provide me the context I have to follow?
Currently I have this in place
Another piece of this is that the devices that will need to be accessed remotely are on VLAN10 - will that cause a problem?
is installed at a clients home for a very complex Crestron network that included 5 Cisco POE GB switches, 2 VLANS, with VLAN10 utilizing QOS and is the AV network (VLAN1 is the computer network), 8 1142 WAP's, and this 1921.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.12.16 19:52:41 =~=~=~=~=~=~=~=~=~=~=~=show runBuilding configuration...
Current configuration : 3340 bytes!! No configuration change since last restartversion 15.1service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname DHOWE_Router!boot-start-markerboot-end-marker!!enable secret 5 $1$JuTn$zn6CnXIm1bJGgPhtRCfB0.enable password ********!no aaa new-model!!no ipv6 cefip source-routeip cef!!ip dhcp excluded-address 192.168.39.0 192.168.39.49ip
[Code] ........
I have recently configured a cisco 1921 router for internal routing on my network. Here is what i am trying to accomplish:
Main network 10.65.1.0 mask 255.255.255.0- all office devies and computers.
Second network 10.65.2.0 mask 255.255.255.0 - All plant equipment machinery and production lines
i have configure gig 0/0 for my company network and gig 0/1 for my plant network. I can ping the router from both networks but am unable to route traffic betwenn them. what am i missing?
I've recently received this new Cisco 1921 routers with Cisco CP loaded, so it comes up with the annoying change username and password at first access. I've removed all of those files from the flash memory, and rebooted it, and it came up with the proper initial configuration dialog, which is what I wanted. But, whenever I configure the router with a set of basic configuration, like interface, routing, and snmp loggings, and hit wr mem, it doesn't display at all when I do "sh run". It's weird cause when I do sh run | sec rip or any other stuff that I have configured, it shows up , but not in sh run at all.
What's the deal with the new routers? Even sh version doesn't show the config-register or memory allocation details.
xxxxx#sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[Code].....
We have frame relay T1 circuit at one of our remote site. Which is connected to our core frame relay router which have DS3 circuit.Now we bought second T1 line at remote site and now I have to configure Bounded T1 with Cisco 1921 router.good config example or document on how to configure frame relay bounded T1 ?
View 1 Replies View Relatedi'm having some trouble setting up the correct NAT configuration of a Cisco 1921 router. The NAT is not working as I want - I think my configuration is wrong somewhere. All clients in 172.16.0.0/24 have the correct outgoing address of 1.1.1.3. But the NAT for 10.10.0.4 (and 10.10.0.5, 10.10.0.6) is partially broken: Ping and ssh from the outside world to 1.1.1.4 is "natted" to 10.10.0.4 and works as expected. But from inside (172.16.0.0/24) ssh to 1.1.1.4 should be "natted" to 10.10.0.4, but doesn't work (ping works). ssh from 172.16.0.0/24 to 10.10.0.4 (without doing NAT) works.
network design:
===============
172.16.0.0/16: network for normal use
192.168.64.0/24: network for specific clients and servers
[Code].....
This is IOS 15.1(4)M3 on a 1921 router. The LAN is 192.168.42.1/24. (DHCP config is further down.) We have a small range that we want to assign via DHCP to devices; .200 through .220 . At the same time, we have a handful of Macintosh systems to which we want to assign a specific address that is not in that 200-220 range. I don't want to configure the assignment based on the Ethernet MAC addresses because these systems might connect via UTP or wireless; that is to say, they have more than one MAC address. They only ever connect using one interface/MAC address at a time, but it's their choice; in some areas wi-fi is available, and in some areas they have to cable-up.
The Mac OSX network settings has a field for "DHCP Client ID". It would be much easier to tell the users of these systems to put their Mac's name in the Client ID field for both their wired and wireless DHCP configs. (As opposed to having them all lookup, and then give me their Ethernet MAC addresses for both of their interfaces.) I tried this with my Mac's (named "shrike") wi-fi interface, but I don't get the 192.168.42.14 address that I expected. I get an address from the .200 to .220 range.
Here's the DHCP-related config from the router:
router#sh run | s dhcp
ip dhcp excluded-address 192.168.42.1 192.168.42.199
ip dhcp excluded-address 192.168.42.221 192.168.42.254
ip dhcp pool OurOffice
network 192.168.42.0 255.255.255.0
[code]....
Is "client-name" the wrong place to configure the DHCP Client ID?
I have a Cisco 2851 (c2800nm-advipservicesk9-mz.124-25d.bin) Router configured with one site-to-site vpn. Is it possible to configure a failover vpn tunnel on this router?
View 8 Replies View RelatedI have 2 PIX 525, which one of them, step and active failover mode the other PIX 525, leaving this off, do not know what happened may have been a power outage, but in any case I can turn it back on? And the other question I have is if I can import a configuration that I have saved on my computer. i have the PIX device manager.
View 11 Replies View RelatedWhat I currently have is a Cisco 891W Router as well as two ISP's (both with dynamic IP's) in. I'm currently just running one of my modems into the 891 through the FE8 port and then if for some reason I have an internet failure switching the ISP modems. What I'm wondering is if there is a fairly simple way to configure (and attach) both modems to this router and then set it up to handle this failover automatically?
View 1 Replies View RelatedI discover an issue with my CISCO ASA 5550 because I'm looking at the vlans that I have configured and some vlans on the Stand by device had not an IP address configured, checking the configuration of the failover
View 2 Replies View Relateddoes cisco 2811 support?if no, can i make it work for BGP?also, i want to know the configuration of bGP for twoo ISPs for link failover.it will be google if u tell me step by step approach for configuring it
View 1 Replies View RelatedClient has an ASA5505 anchoring an MPLS network. One of their branch offices is experiencing frequent circuit outages due to theft of copper lines. I am looking at an 881G with wireless aircard as a backup solution and creating a VPN tunnel to the ASA but am unsure about how to handle routing on the ASA. There will already be a route for the branch subnet for the MPLS network.
View 2 Replies View RelatedWe have ASA running code 8.0.4 with Active/Standby for quite long time. Today when we gave the command wri standby it started sync the config to standby ASA but waited forever.when we checked the show failover, we got the following result.
This host: Secondary - Active
Active time: 1928633 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.0(4)) status (Up Sys)
Interface PERIMETER-MGMT (10.12.8.1): Normal (Not-Monitored)
Interface OUTSIDE (86.36.xx.xx): Normal (Waiting)
[code].....
When we console to Standby ASA and tried to save (wri mem), we got the following error and also please note the hostname has become default...?
ciscoasa(config)# wri memory
Building configuration...
Command Ignored, Configuration in progress...
[FAILED]
and when we tried to give following command we got this error:
ciscoasa(config)# copy running-config startup-config
Source filename [running-config]?
%Error reading system:/running-config (Configuration temporarily locked)
ciscoasa(config)#
I see here the standby ASA IPS module is down, but can that issue cause not sync the config backup and writing to nvram (save config)..?
I have 2 ASA 5540s ver 8.3 in Active/Standby state.I am considering a future hypothetical situation where I might need to rename interfaces or reallocate redundant interface groups. Doing so obviously has a major impact on the current primary configuration. My goal would be to minimize or eliminate network downtime during the interface changes.
I am wondering if it is possible to force the secondary ASA from the standby to active state.Then temporarily disable failover on the primary unit.Make the interface changes on the primary unit Then reactivate failover on the primary unit Force the primary unit back to active and secondary unit to standby My new interface configuration would then sync from the primary to the secondary.
I believe this would work but must ensure that the secondary ASA can function as the active unit while the failover is disabled on the primary unit. Is there a set length of time the secondary unit can remain active without a failover peer?
see issues with operating the secondary unit in this manner while making changes to the primary unit?
Our servers are hosted at the Main site, site office A access to the Main site for Internet and servers. We are thinking NextG to take over when the link between sites goes down.
To start with, what is the configuration for 3750 at Site A and the Main site:
1) Trunking for both switches
2) Routing
3) the automatic failover configuration for the switch at Site A.
We have 2 ASA 5510's setup in an active, standby failover configuration. When the primary fails over to standby, the 3rd party cert does not failover to the standby ASA. The users then receive the CERT missing, invalid message and have to select yes, no to move on. This does not occur when the primary is not in failover mode. It is my understanding that failover fails over certs but in our case it does not apper to be working correctly.
View 1 Replies View RelatedI am trying to establish EIGRP neighborships with my inside switches (3750s) over the "Internal" interface, shown in green. The outside interface is g0/0 and don't worry, I've ensured EIGRP is not running there.The problem I'm having is that I need to monitor the "Internal" link so that if it goes down, the ASA triggers the failover to the secondary firewall connected to the other switch. I was told that the "secondary" keyword was what enabled this:
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 10.10.2.2 255.255.255.0 standby 10.10.2.3
This is fine since I am able to compare this config to the firewalls that are currently in production elsewhere in the environment and this is what's in use there. However, in order to run EIGRP all the way to the firewall and not rely on something else like HSRP for the inbound traffic, I'd like to run the corresponding links (Gi1/0/22) on the inside switches as routed ports (no switchport) so that I don't have to establish neighborships with SVIs or something like that. I want the routing to be done directly to the port, leaving the interfaces for failover and our DMZ set up as switchports, since those can be layer 2.It's saying the Internal interface has failed now, probably because it cannot send hellos through this, since it's a routed port on the switch side. I'm wondering if this simply is an impossible design, unless there's a way to track this interface and trigger a failover if it goes down using another method.a method that allows me to track that internal interface (Gi0/1) and trigger a failover if it goes down.
