I have some confusion about some hardware components. I watched the video datasheet of cisco routers and switches. In cisco 2901 and 2911 models of routers there is service module . What is meant by service module. what does it do ? If we buy a new 6500 switch, what are the components we get bydefault. Is there any special configuraton to be done for 6500 . like Sup engine config etc. What is the difference between ASIC and Sup engine ? In which slots, we need to insert Supervisor Engine ? does it vary with the model . (6503, 6505, 6509, 6513 etc).
Does the 2901 have etherchannel capabilities? If so, how to configure it? I mean, I can type "show etherchannel 1" in it, so I would assume if I can show it, I better be able to configure it, right?What about the 2911?
I am having this issue with only one rack in the lab. The three routers (2911 , 1941, 2901) connect together through Smart Serial cables going to WIC-2T cards. In the configuration both serial connections going to the 1941 have the DCE.
When going to configure serial 0/0/1 I am allowed to apply a clockrate to it, however, I am kicked back an error saying that a clock rate can only be configured on DCE interface. They are both without a doubt the DCE end connecting to the WIC-2T interfaces. What could possibly cause this problem. Would SCTE or something with the auto clock-rates on the router create this problem.
I am having issues (nothing new there) I have a bad IOS on a switch module, and the config is set to boot to that IOS, and as such I get a nasty boot loop, I am trying to figure out how to get into rommon but all the documentation I can find for this just says go into rommon and never tells me how to get there on a switch module that thinks it has a good IOS. (The IOS is for our normal service module but this one is an odd-ball switch)
can I install and Cisco WAAS and Cisco Prime Network Analysis Module (NAM) together on a single Cisco Service-Ready Engine (SRE) 910 module? Or it can only run 1 of the software?
Is there any risk to install an HWIC-2FE card into a production 3845 router while it is in a powered up state? Is it recommended to power it down first, then install it?
I just got 2 Cat6504 Chassis and 2 ASASM pluged in them. show version from submodule ASA as follow:
SVC-APP-HW-3#show ver Cisco IOS Software, trifecta Software (trifecta-SP-M), Version 15.1(1)SY, RELEASE SOFTWARE (fc2)
[Code].....
I want to upgrade new OS for ASA to 8.5 (asa851-smp-k8.bin) but after copy this soft to the module, I can not "write" command or when I reload this box, everything was no changed. SVC-APP-HW-3#write startup-config file open failed (No such device)
Using the new SUP-2T, need to clarify one query. If we are using the new SUP-2T in VSS mode, will the new ASA service module and NAM-3 are supported? From Cisco site, ASA module FAQ:
Q. Will the ASA Services Module support the Cisco Catalyst Virtual Switching System (VSS) at FCS?
A. Yes, depending on which supervisor you use. The ASA Services Module supports VSS either as a single firewall or as a failover pair of firewalls, when used with the Supervisor 720-10G (VS-S720-10G-3C and VS-S720-10G-3CXL). Transparent and multi- context modes also work with the VSS in this configuration. However, though the SUP 720-3B (WS-SUP720-3B and WS-SUP720-3BXL) is supported by the ASA Services Module, it is not capable of supporting the VSS. No reference to Supervisor-2T.
we are planning to implement a VSS solution with a 6500 series switches with sup 2T. We also need to include an ASA service module on the design, however the budget is not enough to buy two asa service modules. So i want to know if is possible run a VSS cluster, whit only one ASA service Module. and also i would like know what happens if the single ASA service module fails? can the switch cluster continue operating just as if there is not a firewall installed?
I need to configure a Cisco 2911. I need to give an interface in this module (VWIC3 - 4MFT-T1/E1) an IP address. My question is, how to assign an IP to an interface in this module.
My purpose is to get connectivity via T1 line to another router.
We got a new Cisco 2911 router (CISCO2911/K9) with a switch module (SM ES2-16-P) on it. Everything works fine after the configuration except for the power. We got 4 WAP that we will connect to the switch module that needs power. So the switch module with POE doesn't give any power out.
I am currently installing a NM-AIR -WLC 6 wireless module in a 2811 and its giving me the follwing errors below and status.I have checked the trouble shooting pdf and says might be possible hardware error. [code]
I have an ACE10-6500-K9 (Application Control Engine service module for Catalyst 6500) but I can't access it because I lost the admin password.I would like to know how to perform a Password Recovery Procedure on this device.Is it similar to the password recovery procedure on an ACE 4700 appliance?
Does ACE service module support SHA2(256) certificates? I see that private key generation defaults to SHA1 and does not provide any option, also the cipher suites in SSL parameters map do not show SHA2 options. Can it handle SHA2 in any software release? I am currently running A2(2.3) build 3.00
My ACE module ACE30-MOD-K9 crashed today, and at the show ver output i see "last boot reason: Service "cfgmgr" ".the curent version we running is Version A5(1.2) [build 3.0(0)A5(1.2).
After doing some research i found known bug that supposed to be fixed in this version: CSCtu36146
CSCtu36146—The ACE becomes unresponsive due to a configuration manager (Cfgmgr) process failure with the last boot reason: Service "cfgmgr."
we have approx. 70 Cisco 1941W routers deployed in our company. I used to be able to console into the internet wireless AP by issuing the below command:
service-module wlan-ap0 session
However lately this hasn't been working and AP just simply refuses connection. Here is what I have for Status. I have tried reseting the Service Module to no avail.
Router#service-module wlan-ap0 status Service Module is Cisco wlan-ap0 Service Module supports session via TTY line 67 Service Module is failed Service Module reset on error is disabled Service Module heartbeat-reset is enabled Service Module is in fail open Service Module status is not available
how this switch module works in 2911 router? I have two 2911 routers in HSRP configuration for redundancy with crossover cable between switch modules. OSPF running on routers.If active router loses its power and then comes back again, it boots first, its internal link to switch module comes up and it starts to forward packets to switch module. The switch module starts to boot only after router is ready. So I have outage of about 3-4 minutes. For our real-time applications it is way too long.
any way to start booting of the switch module before router gets ready?I understand I can boot it manually, but it is only after router is ready. Only way to get around it I found is to disable internal link and use router interface to connect to the switch module.
i will going to buy a router 2911 but i want know if support a interface ADSL modulo like backup in case that my primary link WAN Ethernet down and up the adsl link with a module HWIC ADSL pots.
I m planning to implement VSS in core but want some inputs on IOS as i have FWSM as a service module Core :- Ii am running 12.2(33)SXH2a on my Core 6509 and i checkd cisco sites and Fwsm release notes but it states only I-Train of IOS while mine is H-Train so can I directly upgrade to I-Train or I was thinking of SXH8b IOS.
I can access the ACNS with this config. The issue is that it will not cache anything when I enable WCCP on both ends. I am unable to set the gateway to the IP (even when static) to the WAN interface IP with the error Network Unreachable by content engine. If I address it within the 192.168.2.X network and gateway to 2.1, it locks up when cache is enabled. 192.168.0.5 (the external wan int) is unreachable as a gateway.
I've tried the unnumbered ip on the internal interface but then the service module won't accept an IP stating that the router side must have an IP set.
I had WCCP attempting to cache but timing out on everything without caching a thing. I want/need to understand the IP routing before I get ahead of myself.
I'm migrating from a failover pair of FWSM modules across to a failover pair of ASA Service Modules. In order to avoid a "big bang" switchover I intend to migrate subnets from one to the other over a protracted period.With that in mind, whether there is any restriction on having FWSM and ASASM modules in the same chassis? A trawl of the relevant documentation hasn't revealed anything.In this specific case it is Catalyst 6509E VSS chassis pairs with Sup-2T.
I have to install and configure two 2901 routers at different location with high availability. These 2 routers would be connected through WAN, now I would like to configure high availability bwtween two routers.
I have attached a small diagram of the placement of 2 routers.
how do I configure high availability between these 2 links or routers.
I have 1941, 2901 ISR routers. I will use 3G backup when primary link (metro ethernet / G.SHDSL) goes down. Do I have to use Data License (SL-19-DATA-K9 / SL-29-DATA-K9) in order to switch back to 3G when primary link is not reachable) ?
I have installed a new 2901 router with the IOS version 15 code (c2900-universalk9-mz.SPA.152-3.T.bin). I have a template config that I have created for my remote VPN routers that I have been using on 2811 routers with version 12.4 (c2800nm-advipservicesk9-mz.124-24.T1.bin).I do have the securityk9 active on the 2901 software
Technology Package License Information for Module:'c2900' ----------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------ ipbase ipbasek9 Permanent ipbasek9 security securityk9 Permanent securityk9 uc None None None data None None None
Issue is when I do a "show crypto session" the GRE tunnels session status read down on the 2901 router but on the 2811 session reads up-active. Everything is working and I am routing over the GRE Tunnels.
I have to build HA environment, at the moment we have only one R1 and WAN1 but company wants to buy R2 + WAN2 and have HA between the routers, in case R1 or WAN1 goes down the other router will take over.
What would be standard methodology nowadays to do that - does HSRP will do what I need or it is better do some other way?
I have two cisco routers (Cisco 2911 and 871) that I'm trying to establish a L2L VPN with. Each have a VPN configured to our cooperate office that is up and working. I'm now trying to establish a site to site VPN from both remote offices. I have my crypto maps, NoNats, and interesting traffic set up however, I do not even see phase one come up.
I've attached each config. Most of my site to site experience is on PIX's and ASA so I'm curious if there is something else I need to do on my outside interface to allow multiple VPN's?
I was wondering if I could setup my router CIsco RV120W to be able to connect to a VPN serice for my internet connection. Looking to give my small home netwok more sercurity. Is it possible with the Cisco firmware to be able to setup a connection to VPN serice. Do I have the compabilites with this router?
Just purchased an RV220W for a customer to replace a WRVS4400N that had no support for One-to-One NAT and have found the One-to-one NAT for this router is only marginally better.
I have three WAN addresses and three devices to map them to. With the RV0xx I've used the following configuration over a dozen times.
WAN Address 1 - the router's public address Port forward HTTP, HTTPS, and SMTP to Windows Small Business Server 2011 Email and Remote Web Access are accessible at remote.company.com
WAN Address 2 One-to-one NAT to private IP address of Ubuntu Server Add the following access rules: Deny allAllow HTTP from any to private IP address of serverAllow SSH from my company's static IP to private IPAllow FTP from my company's static IP to private IPCompanies website is accessible at company.com and I can update the website with SSH and FTP
WAN Address 3 One-to-one NAT to private IP address of the Hyper-V server's Intel RMM module (Lights out remote management) Add the following access rules: Deny allAllow HTTP, HTTPS, and all RMM ports from my company's static to the RMM modules private IPI can access server at rmm.company.com from my companies network connection
My problems are as follows:
The One-to-one NAT option now requires you to specify the service you'd like to forward (Note: service, not services)If you select the Any service which is the only way I can see to have more than one service, there is no way to add any specific Allow or Deny rules because the Destination box is grayed out on the access rules page.This results in my Ubuntu server only having HTTP forwarded to it and my RMM module having all ports opened up to any IP address. There must be some way around this! I don't understand why the Destination IP option is greyed out for all Inbound access rules. I have been using this same configuration with the Cisco RV0xx, many Sonicwall firewalls, as well as several Cisco ASAs. Obviously this is not an ASA but this implementation of One-to-one NAT is useless!
