Cisco WAN :: 2911 Forward Packet Based On Input Interface
Mar 25, 2013
I have a 2911 router connected to two different ISP. Is it posible to route traffic based on what interface the traffic came first?Lets say I have the deault route to use interface gig0/0(ISP1), but a certain ip packet reach the router by interface gig0/1(ISP2). Is there any way (if possible without using source NAT) that I could route traffic back to that ip address using interface gig0/1. The source Ip addresses are not fixed, so I can not use Policy Based Routing.
View 1 Replies
ADVERTISEMENT
Dec 20, 2011
I have made some test and i noticed that qos input policy does not classify the icmp packet based on their dscp.The "match dscp ef" or "match precedence 5" is not working only the "match protocol icmp" shows hits.
We need to classify the different icmp packets based on dscp ( TOS ) for measurement purpose.CISCO 7200, 12.4.25d and 12.4.20T have a same behavior.
View 6 Replies
View Related
May 28, 2013
We are having Cisco ASA 5540 having Cisco Adaptive Security Appliance Software Version 8.0(5)23 at certain time of moment daily wer are facing latency and packetdrop wherin when I checked for ASA Interface which gives me " Input Errors" on outside interface ,so can any one tell me what are the causes to get input errors on cisco asa outisde interface.
View 2 Replies
View Related
Jun 7, 2012
I have a video feed coming into my 3570. It comes in at 5 minute input rate 18777000 bits/sec, 1695 packets/sec. However, the uplink to the router is much different, 5 minute output rate 130000 bits/sec, 28 packets/sec. I am in a lab and about ready to go into testing phase for a project when we discovered this problem, as this video feed is not veiwable on the other end.
Below is the config and capture from the switch.
BLOSSw1#sh int g1/0/6GigabitEthernet1/0/6 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is a44c.112f.3506 (bia a44c.112f.3506) MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 4/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters 15:16:25 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute
[code]....
View 2 Replies
View Related
Nov 30, 2011
is it possible to create some Configuration Template that pushes configurations only to switches or interfaces with a certain actual existing configuration element- e.g. a certain interface description?
Example:Template Parameter Mask asks User for an Interface Description- the User enters e.g. "A101" Second Parameter asks User for an access vlan to deploy to this interfaces- e.g. " 10"
So during deployment LMS make a "switchport access vlan 10" only on interfaces that contain the description "A101".
I know this is possible via Compliance Check/Deploy, but we want to make this more User friendly and flexible so that e.g. a Helpdesk Member can use this Template to easily change the VLAN based on a interface description (which refers in this case to a CAT5 outlet label).
View 1 Replies
View Related
Aug 13, 2011
I have 2 connections a single T1 for voip traffic only and a DSL line for data traffic.the dsl was migrated to a 2811 with out any issues now comes the time to move the T1 over.
on the T1 side I am able to ping the WAN router and the LAN router IP address but nothing behind it.
currently this is the only statment on the router:
ip route 0.0.0.0 0.0.0.0 Dialer1
as a quick a dirty to remove the above i tried:
no ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 66.55.110.0 255.255.255.0 Dialer1
but the DSL side dropped. we have a 66.55.110.152/29
for the T1 i would use the following statement.. we have a 209.98.53.192/27
ip route 209.98.53.0 255.255.255.255 65.32.70.177
View 12 Replies
View Related
Nov 9, 2011
i have issues logging into one of our core switches.its a 6509 switch but i cannot log in remotely.when i try to console in on the console port, i cannot log in instead i get the above error message.I haven't rebooted yet but would it solve the problem as this switch is a production switch.
View 6 Replies
View Related
Jul 30, 2012
The router receives a packet with a destination of 172.16.1.130. which route will Router-C use to forward the packet? [code] The answer that the book give (Cisco's routing protocol and concepts) is: E however, and this is where i am confused, why isn't the answer A? This answer covers the left-most bit.172.16.1.0
View 9 Replies
View Related
Dec 20, 2012
I have a customer with a Sonic wall that I want to replace with a 521.He currently has port forwaring setup so that only 3 ip addresses can access the port forward. Everyone else is dropped. Is there a way to do something similar?I can make it work for a single one via the DMZ tab with a source ip address. but there is not a way I can find to add the allow for the other two remote connections.
View 1 Replies
View Related
Dec 27, 2011
I have one public IP address but multiple local servers that run on the same port. I cannot change the port the clients use to connect to this server, so I can't do a port map in my NAT router. The solution I had in mind, is to filter on source address. If a client from public IP X.X.X.X connects to port Z, I want it to go to internal server 10.10.10.10 and if a client from public IP Y.Y.Y.Y connects to port Z, I want it to go to internal server 10.20.20.20. Is this possible? I'm using an ASA5510 but I could also switch to a 5505 for this.
View 3 Replies
View Related
Mar 18, 2013
I have setup a basic PBR config to route Http and Https out of a different interface (fa0/0/0) but for some reason http traffic is still going out of the Gi0/1 interface.
Config attached minus the crypto stuff and the publics have been changed.
View 17 Replies
View Related
Nov 4, 2011
I use an 1841 router as an internet facing firewall with a 10MB MetroE connection. Lately users started reporting slow internet download speeds and web pages timing out. Bandwidth reports do not show the link as being saturated so I looked at the interfaces on the 1841. The interface connected to the provider shows OK as far as errors but the LAN side of the router shows steadily increasing input errors. It doesn't show any other errors, no CRC, frame, runts, giants or overruns, just generic input errors. What type of errors are those? Nothing is being logged on the console.
I moved the connection to another switch ports and the errors continue. I switched it down to 10MB and also changed the switch and the errors slow down but don't stop. Interestingly, the switch side never shows any errors. What can I do here? I guess it can be a bad interface but that is such a rare thing that I am hesitant to replace the router.
View 11 Replies
View Related
Feb 12, 2013
I have a Cisco 2911 router and a Cisco 2960 switch at a remote location.I have a user who will work out of this office a few days out of the week and will need to obtain the same IP address everytime the user visits this office. This office has no file server, no dhcp server. I have the user's MAC address and for now, the user is getting an IP address that is leased for 30 days. I'm trying to find the best way to configure either the router or switch or both so that each time this user connects to this office, that user device will always pull the same IP address and of course no other device will use that IP.
I've did some research in creating a small vlan possibly, and assigning it specifically to the port# that the user's desk is at, but not sure if that's the best way or exactly sure how it'll work. I'm currently studying for my CCNA so this is all new to me and I'm trying to do research and test without obviously causing production issues especially given this is a remote site and I access these devices via putty. I can however drive to the site if needed for testing, but I'd like to have a good grasp on what method I'll be using that will work before I actually make the trip.
View 3 Replies
View Related
Jan 26, 2013
I have recently installed a Cisco 2911 ISR G2 with the default 512 Mb DRAM intending to eBGP peer. I ordered the 2GB upgrade RAM however due to time constraints on backordered parts, I fired up this router and eBGP peered without it. The Peer advertised the whole route table with 400,000+ routes. The BGP session came up then the router crashed due to not enough memory. The router disabled IP CEF due to insufficient memory. I disabled IP CEF permanently and have been running the router in this condition for 3-weeks with a stable eBGP session. This resulted in no CEF, 25% CPU during light traffic, 89% memory, and 50% CPU when traffic is around 30 Mbps through the router.
I am experiencing a hit to the throughput resulting in a lost packet and practically a brief traffic stall roughly every minute. This hit is so quick that it does not always result in packet loss and IP traffic sessions are not reset. I do see this on my live bandwidth graphs that the traffic takes a dive every so often, roughly 1-minute.
I initially thought this problem could be L2 to the upstream eBGP peer but all interfaces are clear of errors. I also thought this could be the BGP session going down, however, It is always up. I thought this could be duplex mismatch on L2, however its solid and no logs on either end. Funny thing is pinging thr router from both the LAN side and the WAN side results in the same packet lost every minute or so.
Even though the CPU and memory always stays the same at under 20-50% CPU and less than 89% memory, do you think this could be the BGP Scanner walking the routing table every minute?
View 6 Replies
View Related
Apr 16, 2013
We are facing since one month in our two Cisco WS-C3750G-12S on many interfaces input errors when data transer or ping (ICMP) increase input erros. Not only port 1 but many interface has same issue, i have change new IOS but still same issue, once i have erase startup config but same issue we are facing and finaly i have replace same new switch with the same IOS it's working fine.(c3750-ipservicesk9-mz.122-55.SE4.bin) [code]
View 11 Replies
View Related
Feb 26, 2013
My Expertise with Cisco ASA is Very less. I have observed Input errors in a Couple of Interfaces in Cisco ASA 5540 Firewall. [code] I need to Clear the Input errors on this particular Interface.Will Clear interface GigabitEthernet 0/0 will work?
View 4 Replies
View Related
Nov 16, 2009
Why packets overrun are incrementing on the ASA even when I've only 40Mbps of throughput traffic?All interface are 1000- Full Duplex, both on ASA and on Catalyst3750.I've test the ASA5540 generating GET HTTP, about 40Mbit of traffic.When I use one ingress interface and one egress interface, interface input overrun counter is zero.When I use the same traffic with 3 ingress interfaces(slot0) and 3 egress interfaces(slot1), interface input overrun counter increase(60k overrun in only 2 minutes).
View 4 Replies
View Related
Dec 6, 2011
Vlan interface would be dropping packets on the input queue? Refer to the drops/flushes below. This is from a 6500 with a Sup720, there are a number of vlans on it. This 6500 and it's HSRP partner are exhibiting the same symptoms on all the vlans I bothered to check. This particular vlan is quite lightly used, there are only about fifteen user PC's (each with 100 Mb interfaces) on it.
There is a bit of information on input queue drops on Cisco, but this is focused on physical interfaces where I can understand some packets being dropped. I would think that Vlan interfaces would have different issues.I note the "no buffer" errors as well, that also concerns me, especially as that counter is quite close to the "flushes".
Vlan123 is up, line protocol is up Hardware is EtherSVI, address is 00d0.04fd.6000 (bia 00d0.04fd.6000) Description: Vlan123 Internet address is 10.123.123.7/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported ARP type: ARPA, ARP Timeout 04:00:00
[Code] .......
View 3 Replies
View Related
Feb 22, 2012
I have this output from show interfaces command for the fastethernet interface on a 2811 router.
find the causes of the crc and the ignored input errors on the interface?
The interface configuration is:
interface FastEthernet0/0description VLANS_CHILE
no ip address
[Code]....
View 6 Replies
View Related
Jun 26, 2012
I have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
This is a single point of failure and what I need is a way to mitigate that. Under:
redundancy
application redundancy
group 1
control <interface> protocol 1
only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?
View 1 Replies
View Related
May 10, 2012
I have an issue with input errors, overruns, and input reset drops on the inside interface of an 5580-40 (v8.2.5: Transparent mode) The box is not stressed at all according to the 'show' commands in the Cisco troubleshooting performance document for PIX/ASA v8.2.5. Nothing stands out because is pretty much normal, nothing (processes, RAM, blocks, IO...) really being highly utilized. I have replaced the 10Gig card and that seemed to work because the rate of errors has gone down tremedously. The next step is to RMA the whole box.My question is what would be the cause of the inside interface to stop processing traffic (I say that because the syslog server stops receiving messages) for some periods of 30 seconds periodically throughout the day and clients lose their connections (ie Outlook, IBM Sametime, Oracle, MSSQL..etc). Can the issue be somewhere related to the overruns and input errors?
View 2 Replies
View Related
Jan 20, 2013
Our customer get the problem that the switch count the 5mins input/output rate of connected traffic interface always ZERO.The problem only occur in the module 3,4 and 5 interface, module 2 has no problems.
-------------------------------------------------------------------------------------------------
Catayst 4506E
12.2(52)SG
Chassis Type : WS-C4506-E
Power consumed by backplane : 0 Watts
Mod Ports Card Type Model Serial No.---+-----+--------------------------------------+------------------+-----------1 6 Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E 2 48 10/100/1000BaseT (RJ45) WS-X4548-GB-RJ45 3 48 10/100/1000BaseT (RJ45) WS-X4648-RJ45-E 4 48 10/100/1000BaseT (RJ45) WS-X4648-RJ45-E 5 48 10/100/1000BaseT (RJ45) WS-X4648-RJ45-E
[code]....+
View 2 Replies
View Related
Oct 21, 2012
I have been making effort to solve frequent input errors of module interface(WS-X4548-GB-RJ45) in our Backbone Switch(Cat4506).Let me show you show interface information.Rx-No-pkt-buff value is increased continuously even though traffic rate of interfaces is lower than 20Mbps.We have two Backbone Switch which is operated by HA via HSRP.What bring buffer shortage to our network ? [code]
View 2 Replies
View Related
Nov 6, 2011
i have an 2921 connected to an Catalyst 3560. My router interface shows quite a lot of input queue drops. Load is not too much max 5/255.
View 1 Replies
View Related
Oct 27, 2011
I had all kinds of packet loss and I was ofcourse suspecting my ISP. But then I tested pinging my internal interface and found that it has packet loss as well. I have about 10% packetloss to my interface with 192.168.0.254, I have the same thing from several different inside hosts. My inside rule is the implicit one, any, any. service IP.In the log I can see a teardown and build of the icmp whenever the packet loss accour.There is no packet loss pinging the outside interface from the internet.
View 3 Replies
View Related
Apr 19, 2011
I need a interface v.35 on 2911 router, but it does not have WIC slot, it has EHWIC. Could some one told me if there are a card with V.35 interface that I can install in this model of router?
View 2 Replies
View Related
Oct 13, 2011
Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today. On the dashboard of our asa 5510 the "outside interface" traffic usage is running constantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.
View 6 Replies
View Related
Feb 11, 2013
We have a Cisco 1760 router . We are facing sevier packet drops in the serial interface.
When i swap the router with another router link is working working fine.
Troubleshooting steps taken
1. Swap the serial cable with another working cable : no change in state
2. Reconfigure the encapsulation commands (with PPP and HDLC) : no change in state
3. Try with a decreased MTU packet Ping : no change in state
4. Decreased the Input queue and increased the output queue size using hold-queue in command : Comparatively the packet drop is reducing but still a 10 percent drop is happening.
View 1 Replies
View Related
Feb 3, 2013
We bought a cisoc 2911 Router with an EHWIC-VA-DSL-A Card. I did the Dialer Setup without any problem but if i set the ATM interface with the commands: [code]The Router crashes after some seconds. I didn't connceted the phone line to the DSL card. [code]
View 5 Replies
View Related
Nov 28, 2011
I have both a Easy VPN server and a site-to-site VPN on the same outside interface of a 2911 router.
Currently, a Easy VPN client has no route int the router then out the site-to-site VPN to the remote site.
How can I create this route?
[code]...
View 1 Replies
View Related
Jan 9, 2011
having some issues with a configuration using a Dialer interface. The interface comes up and the VPN tunnel comes up, but cannot access any network resources or the Internet.
The things that concern me most are my access lists as I have the static IP address that we are assigned via PPPOE - the IP never changes, but not sure if I can define it in the ACL or if I should be using an ANY tag.
Note: I've changed some IPs and username for security reasons.
!version 15.0service tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice sequence-numbers!hostname C2911-OTO01!boot-start-
[Code].....
View 1 Replies
View Related
Jan 3, 2012
During WAN troubleshooting, I did a "clear interface ser0/0/0" on a branch router. It has two WAN links. I lost ssh/telnet connectivity but both WAN links were still replying to pings. We did a manual power off of the router to regain connectivity.Is there a known issue with this command on this IOS version? We're using Cisco 2911 platform with IOS 15.1-1.T2 version.
View 1 Replies
View Related
Mar 26, 2012
We have an ASA that has 3 IPSEC VPN tunnels and standard interenet trafic coming in on Int E0/0 that I need to have go out Int E0/1. E0/1 is directly connected to a Steelhead Riverbed 2020. The Traffic will need to come back out of the Steelhead Riverbed 2020 and into the ASA to Int E0/2. From here it needs to go out either Int E0/3 which is connected to a Catalyst 3560 Switch or back out Int E0/0 though one of the VPN tunnels. I attached a PDF with a diagram if that works.
The reason we are doing this is we have Riverbed's at all our locations and they need to talk to each other to optimize traffic. Is this routing possible any other way than PBR (Policy Based Routing)? I am of the understanding that PBR is not supported on the ASA or PIX.
View 0 Replies
View Related
