Cisco WAN :: 2800 - ACL To Block Routing?
Mar 20, 2012
I have a Cisco 2800 router. I have been noticing a lot of traffic to Pandora lately. At times my pipe is 25% music streaming and my router utilization can be quite high. Our web filtering is a hosted service that does not block all traffic depending on some of the ports. It is really designed for port 80 and 443 only.
We decided we want to block access to Pandora completely on both our primary internal LAN's and our Guest wireless LANs.
When I perform the ARIN lookup, I get these results for the IP range:
NetRange: 208.85.40.0 - 208.85.47.255
CIDR: 208.85.40.0/21
The CIDR notation does not make sense to me entirely. The IP range includes 8 class C networks. The /21 is a class b subnet of 255.255.248.0 or a router broadcast address for routing tables (depending on how you want to look at it). I was not sure if I could block the address based on the router CIDR range of if I had to use the individual classful IP ranges.
Should I block "208.85.40.0 0.0.7.255" in my ACL or should I create 8 entries to block the networks like this?
208.85.40.0 0.0.0.255
208.85.41.0 0.0.0.255
View 5 Replies
ADVERTISEMENT
Nov 26, 2012
I have a 2800 router and tried so many ways to block the unwanted sites on my office network.Like access list ip based, null0 routing and policy map. Faced issues with below config
1. Creating Access-list. very difficulty to block the sites with https those sites will be opend, and we cant block all the IPs
2. Creating null0 routing. it also a bit deficult the block maximum sites because we can't fiend all IPs for those sites
3. Policy map.. with policy map we can only 1site we can block, but not more than one..
I heard that port based routing or port based access-list are the best ways to stop the websites in my local network..for this one i need to map the site to unsued ports then i need to null rouging or need to create the access-list.
View 3 Replies
View Related
Nov 23, 2012
I have a cisco 2800 router.. (flash:/c2800nm-advsecurityk9-mz.151-4.M4.bin, Version 12.4(13r)T11) configured DHCP, DNS, NATING and Bandwidth restriction...And to stop some social network [URL] i configured ip route 66.220.144.0 255.255.240.0 Null0 (rang of facebook address) But still i am able to open facebook.com in my network...
ADMIN-II_2811#sh run
Building configuration...
Current configuration : 1812 bytes
!
! Last configuration change at 17:26:33 UTC Sat Nov 24 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
[code]....
View 1 Replies
View Related
Jan 30, 2012
I wish to block some url that users have access through my LAN .That's i wish to block icmp,access towards such sites, i wish to block icmp because dns will resolve the domain and they can access through ip address.what i have in place is a cisco 2800 series routers,
View 7 Replies
View Related
Jan 13, 2011
I am using Cisco Router 2800 series. How to block url and also how to remove block url
View 1 Replies
View Related
Sep 18, 2012
The layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.
View 2 Replies
View Related
Apr 11, 2013
I've problem with IP SLA probes between two different routers.2900 (c2900-universalk9_npe-mz.SPA.151-4.M4.bin) here is set "ip sla responder" only and 2800 (c2800nm-advipservicesk9-mz.124-24.T2.bin) here is set two type of tests "udp-jitter" and "icmp-jitter" - temporary, used to check for availability of 2900 router.As a result, I've what udp-jitter doesn't work at the same time icmp-jitter test is OK.Here are the settings of IP SLA tests
ip sla 281
icmp-jitter 172.25.28.1 source-ip 192.168.28.6 num-packets 100
tos 128
frequency 120
ip sla schedule 281 life forever start-time after 00:05:45
[code]...
View 3 Replies
View Related
Dec 11, 2011
Is there any official Cisco reference to describe what is considered to be the highest acceptable production CPU load on 2800 routers? I found the document "Integrated Services Routers G2 - Performance Overview" that states at page 5,Most service providers set their CPU alarms to 60 or 65 percent. Many enterprise customers are comfortable running production networks with CPU around 70 or 75 percent.
View 3 Replies
View Related
Apr 3, 2012
I have a router with two interfaces what i need to filter the HTTP traffic from one interface and the rest of the traffic through the other on my cisco router 2800.
View 3 Replies
View Related
Nov 20, 2011
I have a problem to create a VLAN with a Cisco 2801.,I need to have base ports FastEthernet 0 / 0 and FastEthernet 0 / 1, in the same VLAN.
Basically I'm trying to switch access redundacion, now I have redundant switches in which I have the servers, but if one of these switches fails, and,coincidentally is where I have connected the router, the server runs out of internet connection.,I idea is to connect the FastEthernet 0 / 0 to a switch, and FastEthernet 0 / 1, to the other switch,but I managed to have these two ports in the same vlan, in order to have a unique IP for both FastEthernet ports,As I can do this?. do is a lot of documents using the switchport command, but this command is not available in my router, I tried different IOS, and nothing.,currently I have the following IOS: c2801-adventerprisek9-mz.124-24.T6.bin
View 2 Replies
View Related
Oct 16, 2012
Needing to upgrade IOS on 2800 router from c2800nm-advipservicesk9-mz.123-14.T7.bin to c2800nm-advipservicesk9-mz.124-15.T13.bin. I noticed ther are several other files on the old code that may needed for booting up router but Im running low on memory. The other existing files are ;
c2800nm-advsecurityk9-mz.124-3i.bin
securedesktop-ios-3.1.1.45-k9.pkg
sslclient-win-1.1.4.176.pkg
Do I need these files for the upgrade or can i delete them when upgrading to 124-15.T13.bin. ?
View 5 Replies
View Related
Jun 13, 2012
How to setup redundancy on a 2800 series Router so that whenever it fails it will be routed through the MPLS router
View 5 Replies
View Related
Aug 21, 2012
I'm trying to turn off SSH version 1 & 2 to pass PCI compliance. Problem is, I cannot touch the VPN link between the two offices. I'm afraid the PKI certificate used for the VPN will be deleted if i zeroize the RSA key which seems to be the only way to stop the router responding on port 22.
Here is the stuff from the running config related to the crypto map:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
[ code].....
I'm only CCNA so I'm not even sure if the certificate or RSA key is being used for the VPN link, but I can't tell from the running config that zeroizing it would be a good idea and not break the VPN. I'm open to other ways of disabling SSH, as we are able to just connect using a console cable. But it looks like denying port 22 with an access-list doesn't even stop the router from responding to the port.
View 6 Replies
View Related
Jan 10, 2012
I have a customer who has a Cisco 2821 router with software 2821/HSEC/K9 and they wish to upgrade to C2821-VSEC-SRST/K9.From my understanding they want to use the same router but install an IOS with the capabilites it has at the moment but with voice. [code]How do I go about pricing this up and what upgrade sku's will do this?I am not to worried about the memory.Is it just a simple ios upgrade as the srst licenses are on a trust basis?
View 2 Replies
View Related
Jan 25, 2013
My Cisco seems to be stuck when it boots up, with the following:
Upgrade ROMMON initalized
And it goes on with self comperessing image then an OK but then it starts loading again all over.
View 13 Replies
View Related
Oct 17, 2012
Just need to verify if HWIC-2T is compatible with the Cisco2800 routers?
View 4 Replies
View Related
Feb 19, 2012
I am in need to have the arp table cleared every 5 seconds or so on a 2800 router. I was wondering how I might be able to accomplish this.
View 4 Replies
View Related
May 22, 2013
I have Router 2800 series Global nating is configured on it.
ip nat inside source list 111 interface Dialer1 overload
!
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
My object is that i want give internet access only for few users ip E.g IPs addresses from range 192.168.1.0-10 can acess intenet access other all are deny.How i do this with ACL .
View 2 Replies
View Related
Jul 22, 2012
I have a WAN router that's on 172.x.x.x segment, and another WAN router that's on a 147.x.x.x segments.How can I make them communicate, I would like to interconnect both segments to talk to each other.We are using a Cisco 2800 on both segments.
View 8 Replies
View Related
Jan 11, 2012
I am looking a 16 or 24 Port Ethernet (NON POE) card for my 2800 Cisco Router NM-16ESW is EOL/EOS and the replacement is shown as SM-ES2-24 However SM-ES2-24 is not supported on Cisco 2800 Series.
View 2 Replies
View Related
Jan 12, 2013
I am really new to Cisco and having a hard time with my Cisco 2800 series.
I have two sites connected with each other Site A and Site B (Using the same Cisco 2800). Now site A can connect to site B on the Cisco and the internal network, but site B can only see the Cisco and not the internal network of site A. So all the traffic is coming in to site B but can't break out of site B. I have tried everything I can think of but again my knowledge of Cisco is not good at all.
View 11 Replies
View Related
Aug 19, 2012
I have 2800 series router which is directly connected to ISP. How can secure the router from outside access; I am totally new to the security concepts.
View 2 Replies
View Related
Oct 25, 2012
I have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Current Config:-
Router 1:-
interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt
Router 2:-
interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP
Router 1:-
interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100
[ code]...
Router 2:-
interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100
[Code]...
View 3 Replies
View Related
Aug 3, 2012
Is there a way to set static routes per VLAN?Example VLAN 100 sends all traffic to 192.168.1.1 and VLAN 200 sends all traffic to 10.1.1.1. (2800 Series RTR)I have 5 networks that have their own gateway to the Internet via satellite link. Those networks run over the same infrastructure on separate VLANs. They frequently send traffic to each other, which gets sent over a slow SAT link. I introduced a router to the network and would like to set all my hosts default gateway to the local routers sub-interface then have a static route that send all traffic that is not on one of my 5 networks back to that VLANs respective SAT modem to get routed out over the Internet.
View 4 Replies
View Related
Jan 1, 2013
we have a 2800 series router functioning as our internet router and it will only forward packets to addresses with host entries in the routing table even if the network is directly connected.
View 18 Replies
View Related
Dec 20, 2011
I remember I did that one time on 2800 router with Gi0/0 and Gi0/1 to connect another port channel in 3560G switch. I have no way to try it in ISR G2 router like 2900 or 3900 now. I know the the ethernet switch module must support it. I wonder if the integrated interfaces support it or not.
View 5 Replies
View Related
Aug 16, 2012
I am trying to add WCCP to be configured for websense. My first option seems to be either purchase an IPServices license for the stack of 3750E switches, but i am thinking this will require us to license all three switches in the stack. The second option i am looking at is to do the WCCP configuration on the 2800 router we have on the edge. The problem is both Gig ports are in use, one going to the firewall and the second going to the ISP. My first question would be, which option is better in terms of manging as well as cost of implementing it.The second question is, if WCCP on the router is a better option, what is the add on module i should be looking to get to add the additional ports to hook up the Websense cache.
View 8 Replies
View Related
May 12, 2012
I got a Cisco 2800 router and am planning to use FastEthernet 0/1 to trunk in 802.11Q VLAN's to cater for some of our radio links. speed and operation of the sub-interface that will be created. Or explain it here. We got a radio link that we want to trunk into this Cisco 2800 and it is suppose to be connecting at 100Mbps but currently operating at around 80Mbps. Reports shows that the max in and out traffic for this link this year till today is 25Mbps. Will it not fail teh CPU etc ?
interface FastEthernet0/1
no ip address
!
[Code]....
View 11 Replies
View Related
Sep 27, 2012
Looking for multicast over IRB interfaces. My full config below, works as expected on a Cisco 1760 router (IOS 12-4) but fails strangely on our Cisco 2800 (IOS 15-1) and Cisco 1941 G2 routers.
I use Windows 7 Enterprise and VLC 2.0.0 Two Flower as the multicast video receiver. On the 1760 router, I open VLC, request the video (rtp://@239.255.0.1:5004) and it plays flawlessly.
We have to upgrade the older outdated unsupported Cisco 1760 routers. We replace the Cisco 1760 router with a Cisco 1941 router. Configuration differs ONLY in the interface speeds; F0/0 to G0/0 and that is just bout it. Using the same Windows 7 Enterprise PC, I open VLC again and request the video -same as before; No video and no voice. We swap the 1941 out and put in the 1760 again, multicast works flawlessly. If we put the 1941 router back in, multicast fails again. We put the Cisco 2800 series router in and it also fails the same as the 1941 router.
Troubleshooting, I open VLC and request the same multicast video. On the same PC, I open Wireshark and start capturing packets, - and instantly the VLC video starts playing. I close Wireshark and the video stops. I open Wireshark and start capturing packets again and the VLC video starts playing again.
Wireshark shows the video packets are being received from the source when VLC is requesting the video. If I close VLC while Wireshark is capturing packets, Wireshark shows the video stream stops.
Shows the correct multicast sources, incoming and outgoing interface details
Incoming interface is Serial
Outgoing interface is BVI
Show ip pim rp
Reveals the correct RP details
[code]...
View 2 Replies
View Related
Feb 19, 2013
I wan to migrate from a router 2800 to L3 switch 3750G , the thing is that we have several vlans and we use a router sometimes with each interface configure with correspoinding vlan subnet ip to route traffic between vlans there is no static or dynamic routing only directly connected interfaces on router routing traffic to each other ?How would i configure a L3 switch interface for simillar functionality , below is my current router configuration
!
ip domain name yourdomain.com
multilink bundle-name authenticated
!
vtp mode transparent
[code]...
View 15 Replies
View Related
Jan 29, 2012
I was configuring route tracking at a client with several sites to route across GRE tunnels and being able to detect a failure of the main site. To my surprise when configuring a 2800 series router (after sucessfully configuring a 1800 series on the same infrastructure), a 2821 with IOS 12.4(24)T2 IPbase, the commands for ip sla object tracking don't show up.The feature navigator says the router supports this, but it just won't take the commands (also tried older versions of the commands such as "ip sla monitor.." and "rtr .." to no avail).
View 5 Replies
View Related
Jan 31, 2012
In a site we currently have 1 BT provided ADSL link which is currently terminated using their device which I believe is some kind of 2wire device, which is extremely slow due to distance from the Exchange (4Mbps)...We have a growing number of users here and want to install a second ADSL line from BT to give them increased performance.
We have a Cisco 2800 sat not doing much so I was wondering if I could use this to load balance the link? I know BT do not support MPPP so therefore the maximum any user can get will be the speed of a single link (4Mbps)...But basically how can this be done..
Can I leave the two BT routers in place and place the Cisco 2800 behind them, or do I need to purchase two ADSL modules for the 2800 and terminate the connection there?Also once done, what do I need to do regarding actually setting up the load balancing? I have seen this:
[URL]
But am unsure as to how relevant it is? I am not sure I understand what the ACL's are being used for? I just want all users on the LAN to load balance out...
Also I am unsure of this statement:You potentially need to add policy-based routing for specific traffic to ensure that it always uses one ISP connection. Examples of traffic that require this behavior include IPSec VPN clients, VoIP handsets, and any other traffic that use only one of the ISP-connection options to prefer the same IP address, higher speed, or lower latency on the connection.I do not understand why a established session such as a VPN client, would ever traverse the second ISP connection anyway?
View 2 Replies
View Related
Sep 8, 2012
I have a Cisco 2800 series and it doesn't boot, only shows this message in the CLI>
Bad RAM at location 0xA0000304: wrote 0xA0000304, read 0xA0000004
What means this? I have to change the RAM?
View 2 Replies
View Related
