I am trying to come up with a config for implementing QoS over a 512 kbps WAN link that will traverse voice and data traffic for now. I am using a Cisco 2901 router with 15.1(3)T IOS on it. my config is below
class-map match-any DATA-PRIORITY match protocol citrix match protocol sshclass-map match-any VOICE-CONTROL match protocol skinny match protocol mgcp match protocol h323class-map match-any VOICE match protocol rtp audio class-map match-any ANY match any [ code]...
THE ISSUE IS : when i add in the service-policy output WAN- QOS- POLICY command , i get the error " insufficient bandwidth 256kbps for bandwidth guarantee (180)". if i take out the " bandwidth 512 " command out then i get no issues adding the above command on interface g0/1
I have just purchased 2901 with HWIC-16A and 2 CAB-HD8-ASYNC Terminal Server to manage 16 (connect via console) cisco deivces.
Plese find attached the config file. I could not find proper docs on setting up this device as a terminal server. I have followed the following link but did not work.
[URL]
There are 16 Async (0/0/0 - 15) interfaces and also the following lines. line 2line 0/0/0 0/0/1line 0/0/2 0/0/15
How can I connect to other Cisco devices via the terminal router?
We have a Cisco router 2901 with 10M dedicated link on Gi0/0 interface, 3 VLANs on Gi0/1 interface. The Gi0/1 is subinterfaced for default, LAN and DMZ segments.LAN is assigned 172.16.1.0/24 and DMZ 192.168.1.0/24. We host a web server (192.168.1.11) and dns server (192.168.1.18) on DMZ VLAN. On the same WAN interface we have confiugured PAT and NAT. For outside queries to DNS and WEB servers everything works fine but when we try to open the website on our web server from internal LAN, we can´t do it.
When PINGing the web server by its IP address 192.168.1.11 or by the FQDN, the requests respond fine. The domain.com and [URL] resolve and respond with public IP address of our WAN link as the DNS server is configured. But when we try to open [URL] in the Internet browser the website does not open.
What could be the issue? Can be anything with NAT or PAT configuration?
I'm new to routing and cisco in general. I'm inheriting a rather simple setup but would like to approach the next steps with a good strategy. Currently we have a 2901 router with public IP's on bother interfaces. The internal facing interface is our gateway for some webservers and a firewall. Not we are looking to add a colocation site and establish a site to site VPN using another 2901. My goal is to have the colocation use the same internal 10.100.0.0/23 network. My question is what is the best way of going about this since the router at the main site has public IP's on both interfaces? Do I need to multi-home the internal facing interface? If so, what else needs to be done?
I have to install and configure two 2901 routers at different location with high availability. These 2 routers would be connected through WAN, now I would like to configure high availability bwtween two routers.
I have attached a small diagram of the placement of 2 routers.
how do I configure high availability between these 2 links or routers.
We have created a sample configuration for ISRG2 2901 Router. The sample configuration is long, and with copy/paste it is possible to skip some lines, and it is difficult to ensure the configuration of every device is standardized due to this error possibility. What we are trying to achieve is first create a template from this sample configuration file, and then create configuration files for each device seperately and automatically. After creating this configuration instances, we want to be able to distribute the configuration files (and possibly the ios) to the devices during the staging phase. Since there are about 1000 2901 routers, creating configuration files is important?
From searching we have found the following tools:
1) CCE (Cisco Configuration Engine): This tool seems to be very efficient for distributing the created configuration files. We may use the serial number of the device, and it provides almost zero touch provisioning of the configuration files to the devices. Creating the configuration file from the template seems to be manual, i.e enter the ip addresses of the interfaces, the routing tables one by one for each device. How can we use velocity template for device configs?
2) Ciscoworks LMS Prime: It is possible to create a baseline template for the devices, and after getting the backup configuration of the routers, it is possible to compare the actual configuration of the device with the baseline template, and understand if there is any difference with each other. This is indeed very useful in order to keep the configuration standardized, we again could not find a way to create bulk configuration files from the baseline template.
3) Solarwinds Config Generator: This tool is useful for creating a configuration file from a template, but again not for automatically creating configuration files, and needs manual intervention.
4) Excel Macro: It seems that some people have achived to automatically create configuration files with using an excel macro, but we could not find a procedure or tip of how to achieving this.
5) Pearl or TCL/TK Script: Again since we are not software developers but from networking field, it is difficult to achieve a working form of this scripts or codes due to to lack of documentation and development experience.
I have a 1-Port 3rd Gen Multiflex Trunk Voice/WAN Int. Card - T1/E1 in a 2901 that I want to configure for data only (T1 connection to the Internet)I don't see any options in the IOS for using this thing as a serial interface (data), only options for configuring PRI/ISDN.
I have a Cisco ASA and a 2901 Cisco Router connected via site-to-site VPN. The ASA can ping over the VPN to computers behind the router, but the router can not always ping to computers in the ASA network. When i ping from a computer in the IOS router's 10.100.36.0 network the requests times out most the time; although every few minutes, i will get about 10 pings back, then stops working again.
I uploaded their two configurations.
The ASAs public IP is 20.20.20.5 and local (inside) network of 10.101.36.0/24 The IOS routers public IP is 20.20.20.10
There are many internal networks, but 10.100.36.0/24 is the one with issues.
I try to make a gre tunnel with 2 cisco routers 2901, ping responds between tunnel ip's ends, but I don't have pings from the pc's inside the networks. [code]
How do I disable fragmentation on a 2901 router? I want it to simply drop packets oversized packets.In my lab, I am trying to test various MTU issues. I'm trying to use a 2901 router to simulate the WAN equipment that my WAN provider would deploy in production. In production i'm expecting the WAN to only support an MTU of 1320 with no fragmentation at all.
Physical devices are a Cisco 2901 (CISCO2901/K9) with GE0/0 configured as 192.168.1.1 Connected through a D-Link DGS-1210-24 configured as 192.168.1.202 Running on a domain with an HP domain server as 192.168.1.2
The 2901 was an EHWIC (VA-DSL-A oPoTS) on EHWIC 0/0/0 GE 0/0 on the 2901 is physically connected to the DGS-1210 which is physically connected to the server. VDSL 0/0/0 is physically connected to the DSL jack.
So far the configuration reports all is connected, and I can ping the gateway of our ISP (using CLI or Cisco CP); however the server reports no internet connection and no workstations can access the 'net.
Once connected; I'd also like to allow ports through for use on the network (25, 80, 110, 443, 987, 1723) - but not sure on how to do that just yet!
Our IP is 202.27.19x.19x Our Gateway is 202.27.217.5
I have recently bought cisco 2901 in order to replace it with our 1811W that we have at the moment.When I try to set a failover / backup with rtr; it seems like the function is not valid.Once I select rtr and set the object #, the reachability command is not available.Does that mean this function is not a part from the license package I have?
I have inherited a setup for a custom application and would like to know if this is the only way this could be set up. How would you do it?The application uses dedicated T1 links to our vendors. There is a Cisco 2901 router in the middle providing the connections. Traffic to specific vendor's IP's are routed to their prospective connections. I have attached a network diagram and a config for the 2901. The way my predecessor(s) set this up, each different vendor uses a different private IP address for the internal links. This seems odd to me. Shouldn't there be a way to have only one subnet on the inside and have the links NAT depending on which route it takes? The servers have persistent routes built in them to send vendor traffic to the associated IP on the router. E.g., traffic to Vendor 1 is routed to 192.168.50.1, the 2901's IP address for the Vendor 1 network. That traffic is then NAT'd to an IP address associated with Vendor 1's link and the 2901 then routes the traffic to the Vendor's end of the link.
I would think that I should be able to revamp this so that internally we're only using one subnet and the traffic could NAT at the link associated with the Vendor. I recently had to add the 3rd vendor connection, and wound up having to duplicate what was done for the other two in order to get it working quickly. I didn't have the time to wrap my head around the best way to revamp the whole thing.
I recently obtained a 2901 router running 15.2(2)T to replace my old 877 which was running 15.1(4)M1. The 2901 is humming along quite nicely but I have had difficulty configuring one feature which was working fine on the 877. The router needs to be a PPTP client to a hosted VPN service. On the 877, I had it configured like this: [code] I then had a dialer interface to actually set up the connection, and some PBR to control what went over the VPN. All well and good, and it worked fine. But on the 2901, when I try to configure the same thing, there is no such command as "protocol pptp" -- the only option is protocol l2tp.Was PPTP support deprecated somwhere between 15.1 and 15.2, or does the 2901 itself not support it for some reason? Obviously I understand that l2tp is superior to pptp, but at the moment this is my only option.
I have one router 1841 in which i configured PBR for internet traffic from LAN. I hv two ISPs few server are configured for ISP1 and few for ISP2.I planned to shift my existing setup at 2901 G2 router. when I am configuring the same config on this router so traffic is passing through only from one ISP not from other, if I troubleshoot so I see that the interface which is connected with ISP2 is not getting any input/output packet.
Config is here: ========== interface FastEthernet0/0 description ****** ISP2 ****** ip address 203.xx.xx.110 255.255.255.248
I try to make a gre tunnel with 2 cisco routers 2901, ping responds between tunnel ip's ends, but I don't have pings from the pc's inside the networks.
Where's the ideal place to put the KS? My current setup is 1 KS, 19 GM. The KS sits BEHIND a GM, so all other GMs have to come through one GM to get to KS.Now, I have purchased two dedicated KS routers. I configured one today, and placed it right on my WAN. My WAN is a L2 Ethernet domain, so i just provisioned a switch port in the WAN vlan, and away we go. I copied RSA keys over from the current KS, configured redundancy and the two hooked up, saw each other and it seems to be good to go. For the ACL, I put in an exclustion for my two KS to talk to each other:
deny ip host 192.168.250.40 host 192.168.250.41 (Old IP, New IP) deny ip host 192.168.250.41 host 192.168.250.40.
I used a test router and pointed it to the new KS, it registered without a hitch... HOWEVER about two hours later (my 7200 second timeout) I lost ALL my branches. My 18 other GM were still pointed to the OLD IP only, they didnt have the second IP configured yet. In a hurry, I quickly disabled the redundancy configuration on the old KS and had to go to each GM and do a 'clear crypto gdoi' on each one to get them to re-register. There were no log messages about not being able to rekey, no log messages about dropped peerings, nothing. Once I did that, everything returned to normal.
The Question I have... Would having configured the redundant KS caused this problem? Would having one KS behind a GM and the other Coop KS in the WAN make a difference?
Relevant config from existing KS, 2801: crypto gdoi group GETVPN_GROUP identity number 1234 server local rekey retransmit 60 number 2 rekey authentication mypubkey rsa GETVPN_KEYS [Code]...
I have a 2901 ISR G2 router, with IOS 15.0.1M3 , this router is not working with static NATing, I have tried to configure this router with one internet link and make few static translations with it. But this configuration is perfectly working with 1841 ISR router.
We've have a client who had a ordered 2 units of 2901 router to have site to site connectivity. User has bought a leased line of 256kbps from service provider in between two sites, but the issue is the service provider has layed a rj11 cable and there is no rj11 interface on 2901 router it only has two rj45.
Need to know if I have 2 type of license on my 2901 router: ipbase and uc, will the 2 type of fuctions of this license work at the same time. Another words will i have route and nat functions work with voip having to type of license on my 2901?
I been working with PPTP server on cisco IOS since a log time ago. Up to release 15.0 seems is just stopped working. I mean external users can log in the pptp but after logged in there no traffic flow. A simple downgrade to 12.4 solves the problem.
But now i have all my infrastructure with ISR2 2901 and all IOS are 15.
I'm trying to run the ISM-VPN-29 in a 2901 router. Cisco says that the SECK9 and HSECK9 licenses are needed to operate this ISM. However, they also say that the HSECK9 license is not available on the 2901. I'm running the SECK9 license but it's still not working.
This link, table 5 states that the HSECK9 feature license is for 2921 and 2951 only:[URL]This link states that it is a requirement to run the card, and also that the card works on the 2901:[URL]
I wonder if I can build a NTP Stratum 0 device using a GPS and a Cisco router.Preferred would be a CISCO819 as it has a build in GPS, alternative a CISCO2901 + EHWIC-3G-HSPA+7.
We have purchased a 2901 router with permenant licenses for ipbase, security and uc. The router came shipped with c2900-universalk9-mz.SPA.150-1.M3.bin but there are newer releases available. I understand that our licenses will cover us to upgrade to the latest version, c2900-universalk9-mz.SPA.151-4.M.bin, but when I attempt to download I am denied.
I have a 2901 router and I would like to enable the following feature router mobile. [code] I used c2800nm-advipservicesk9-mz.151-3.T1.bin on a 2811 and this worked without any problem.Is there a possibility that there is some kind of license associated with this feature on a 2901?
I'm sure this is simple to resolve. I just bought a new Cisco 2901 ISR Router. How do I configure the Cisco 2901 ISR Router for Zone Firewall? The "zone" command is not recognized and does not show up in the "?" list in config or user modes -
I was looking an HWIC card for CISCO2901-SEC/K9. We have one internet connection (ADSL) current.Now we want to backup internet connection from cable service provider. I will implement IPSec on this HWIC.
Basically I am trying to do a bit of a clean up at work and replacing two dlink (home style) ADSL modems with a single Cisco 2901 router with 2 ADSL HWICs. On top of this I want to isolate the 2 connections from each other, that is I don't want to use them as fail-over or anything just as 2 seperate connections. To do this I am using VRF tunnels.So far I have been successful in the global config of the switch and everything works. And when I put the lan, atm and dialer interface into my VRF it connects up all fine.My issue that I am having is that DNS (which is being pulled from the ISP via ppp ipcp dns) seems to just populate the global dns view, not the view I created for the VRF. This results in DNS queries not being able to be resolved but all other traffic is fine (i.e. I can ping and access anything on the net, I just can't resolve names).
If I have 2 ADSL connections, on two VRF tunnels, how can I seperate their DNS information for each connection/VRF tunnel? especially if that information is different as they overwrite the global DNS config each time they connect.... I could (and have successfully tested) statically assigning DNS servers to each DNS view but I would rather rely on each ISP sending their DNS servers as opposed to me hard coding them.
I have a 2901K ISR router IOS Version 15.0(1r)M12 and I will be using this as a internet router, The WAN interface will get dynamic IP from the ISP, so I need to configure PPOE. I am referring the following link for setting up PPOE. [URL] However I am unable to define PPOE protocol as shown below
INTERNETRTR(config)#!!!!! Configure Router as PPPoE Client to the ISP INTERNETRTR(config)#vpdn enable INTERNETRTR(config)#vpdn-group 1 INTERNETRTR(config-vpdn)#request-dialin INTERNETRTR(config-vpdn-req-in)#protocol ? l2tp Use L2TP INTERNETRTR(config-vpdn-req-in)#
Any link for setting up PPOE on 2901 series router.
