Cisco WAN :: 2911 / NetFlow Traffic Not Received
Jan 13, 2012
Recently bring up a new Router connected to ISP A and the Netflow collector/server is located in different location and they are connected to ISP B. I have enabled snmp and netflow config on my router(2911) but not receiving the netflow packets are not reaching the server for due to some strange reason whereas other packets like ICMP for snmp are reaching the netflow collector.Finally,I created GRE tunnel between the two locations routers and set the route for the netflow collector/server to the tunnel other end IP. In this way the netflow traffic are reaching successfully to the server.
View 1 Replies
ADVERTISEMENT
Aug 12, 2012
Does the 2911 router support the ability for Netflow V5 to pass through GRE tunnels? I can't seem to find any documentation that indicates this.
View 2 Replies
View Related
Nov 9, 2012
I am trying to fetch data on netflow analyzer 9 by Cisco router 2911. But netflow is unable to show any data.
cr2911-01#sh runn | sec ip flow
ip flow-cache timeout active 1
ip flow-export version 5
ip flow-export destination 10.1.208.32 9996
[code]...
View 2 Replies
View Related
Mar 7, 2012
I am using a Thrid party NetFlow tool, Enabled NetFlow on the Cisco 6500 as per recommendations and getting only half amout of traffic passing thorugh the interfaces. I have verified with 3 different NetFlow based tools, everything showing the same value. Is there any bug in my Cisco 6500.
View 2 Replies
View Related
Dec 5, 2012
I am currently testing Netflow accuracy on my Solarwinds platform. So I have been transferring a large file across an ASA 5520, which is set up to send Netflow data to out Solarwinds server.
The problem is that the Netflow data does not show up on Solarwinds for about 2.5 hours. Once it gets there the size is correct, but the time stamp on Solarwinds is 2.5 hours behind when the transfer happened. For routers it is showing up within a few minutes.
ASA is running 8.2(5) and Solarwinds NTA 3.9.0. Firewall and Solarwinds times / timezones are the same.
View 8 Replies
View Related
Jul 10, 2012
I want to configure layer 2 switched netflow on my cat 6509 running vss,
I have configured the 2 commands below
ip flow ingress layer2-switched vlan 1,2,3
ip flow export layer2-switched vlan 1,2,3
However, if I look in the config the export bit isnt there after?
It is running a PFC
VS-F6K-PFC3C
Should layer 2 switched netflow work in this chassis ? it says on the Cisco site that it works on the below
"The command is supported on Supervisor Engine 720 in PFC3B and PFC3BXL mode only and on Supervisor Engine 2 with a PFC2"
View 1 Replies
View Related
Aug 6, 2012
I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.
View 4 Replies
View Related
Jun 11, 2013
I have a Cisco 2911 Router and I need to split the traffic from my Lan (Gi0 / 0) by ISP1 (fa0 / 0) and that of my servers (Gi/0/0) by ISP2 (fa0 / 1). [code]My problem comes when wanting to communicate with my remote networks that reach the int Gi 0/1, because when my network to match the policy- route internet sends me all the way.
View 1 Replies
View Related
Jun 10, 2012
I have following scenario - router 2911 connected to 2950 switches with about 80 vlans. How can I limit speed on each of the 79 vlans (to equal % acros all of them) and give vlan 80 lets say 30% of total bandtwith. Since I am new to QOS, can you point me to the right website or give me example.
View 4 Replies
View Related
Mar 13, 2012
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
View 2 Replies
View Related
Nov 15, 2011
I have a 2911 router. One interface is configured external (WAN) and two interfaces are configured on separate internal private subnets. What is the configuration to allow all traffic in both directions between the two internal subnets?
View 21 Replies
View Related
Sep 23, 2011
We have a 2911 Router running 15.0(1)M4. G 0/0 is our LAN interface, and it has three subinterfacesG0/0.1 is our data LAN, and the gateway for our Windows machines. This is the interface this question concerns.G0/0.23 is a separate LAN for various equipmentG0/0.192 is another LAN for equipmentG 0/1 is connected to the internet, and has a public address.S 0/0/0 is a T1 PPP, connected to our core data centerS 0/1/0 is a backup T1 PPP, again, connected to our core data center.There are three static routes entered:ip route 0.0.0.0 0.0.0.0 10.12.1.1 100 This is the first PPPip route 0.0.0.0 0.0.0.0 10.13.1.1 200 This is the secondary PPPip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 255 It currently has a cost of 255 while i figure this one out. xxx.xxx.xxx.xxx represents the cable company gateway, which I can ping properly. I've also used "gigabitethernet 0/1" in place of the next hop ip with the same results. The public interface is properly connected, and can ping it's next hop (the cable company gateway). When I change the static route for gigabitethernet 0/1 to a cost of "0", the router can properly ping DNS names, such as google.com through the public interface.
However, devices on the data LAN cannot reach any public addresses except for the router's public interface, let alone DNS names (I am using 8.8.8.8 as my test IP). If I revert the cost back to 255, making the PPP the gateway of last resort, these devices can again connect. (they travel through the PPP to our Data center's internet)
This confuses me. If our server, on the same LAN as the router can ping the public interface (it's definitley not leaving the 2911, as latency is less than 1ms), and the router itself can ping outside addresses, what is preventing the router's public interface from passing traffic to the internet from any source other than itself? I have attached our running config in the hopes that there is something obvious I'm missing (the public ip addresses have been changed so they are not exposed). I simply want clients on our 10.23.0.0 LAN to get to the internet via the public interface of the local router, and still connect to corporate resources using the PPP links. MAS_2911#sho run
Building configuration...
Current configuration : 5666 bytes
!
! Last configuration change at 01:47:50 eastern Sat Sep 24 2011 by redacted
[Code].....
View 6 Replies
View Related
Feb 21, 2013
’m somewhat new to Cisco routers this is my first attempt at getting one to work. I work in an environment with multiple locations, most are using the Cisco Model: 2911/K9 or the Model: 2921/K9 routers running IOS Version 15.0.We just added a new small office and all I had in the way of a router was a Cisco C1841-IPBASE-M router, running IOS Version 12.4.When setting up the C1841 I kept the configuration pretty much the same as the others allowing for the differences in the OS. I can remote into the 0/0 (outside port) from over the network, I can ping to that port without fail, but I can’t send or receive traffic from the 0/1 (inside port).
View 1 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
Dec 2, 2012
We have a customer using a 2911 router with 3 x DSL WAN links.
The customer runs a building with shared office space which people rent.
Customers in the building are experiencing a problem where they cant email other tenants i.e...
One tenants exchange server tries to make a connection to another tenants server by going out to the internet and back in via the same interface.I believe this might be called "Hair Pinning"
View 4 Replies
View Related
May 8, 2012
I have configured multicast (ip pim dense-mode) on two 2911 routers that are connected by a Multilink (3Mbps) Wan connection.The configuration work fine for awhile and sometimes all day but at some point one of the Multilink interfaces stop passing multicast traffic.I perform a sh multilink 1 on the interfaces and one interfaces show the multicast packets incrementing and the other does not, it just stops.The only fix for this is to hard reboot both routers and the multicast traffic begins to flow once again.
View 3 Replies
View Related
Feb 5, 2013
I am trying to connect a Control network that can not have access to the Internet, or any other network for that matter, to my Admin network so that I can retrieve trend data about the plant that goes into a database. Right now the process is print information, hand jam into excel spreadsheet, print again, and hand jam into another excel spreadsheet on the other network. Reports are printed automatically once a day, but would like a simplified way of getting data from one network to the other without having to re-enter data several times. Current policies stipulate no USB drives connected to Control systems. Even if we could loosen that, personnel needed to transfer data is not available and going to each individual machine would take more time than current system.Now that background is laid, I have two 2911 ISR routers with EIGRP configured, each with a 4 port EHWIC card. The 3 L3 ports on the router are setup as follows: interface G0/1 to the internet, interface G0/2 to a wireless back haul, and interface G0/0 for IT network. I then have 3 VLANs setup on the EHWICs for our Admin network. We will move the IT network to a VLAN on the remaining EHWIC port and connect the two 2911's through the G0/0 interface. I am going to have one computer on my Administration network dedicated to receiving the information and have a program that will take that data and import it to a database. I need to allow only that computer to receive traffic from the Control network and I need no traffic to flow back into the Control network. In other words I will transmit data from the control network to the admin computer using one protocol (TFTP more than likely) and block any other traffic coming out of and going into the Control network.
View 1 Replies
View Related
May 7, 2012
I have configured multicast(ip pim dense-mode) on two 2911 that are connected by a Multilink( 3 Mbps) Wan connection.The configuration works fine for awhile and sometimes all day but at some point one of the Multilink interfaces stops passing multicast traffic.I perform a SH Multilink 1 on the interfaces and one show multicast packets incrementing and one does not, it just stops.The problem acts like there is a buffer that gets full and after that happens it just stops working.
View 2 Replies
View Related
Feb 17, 2011
I ran into this recently with a client of mine. When uploading files (either via FTP or through a shared drive in terminal services) from the site any files larger than 200MB or so would hang in the middle of the upload as the TCP session timed out because the traffic was cut off. I started pulling apart the config on the 2911 edge router to determine what the issue was.
I trace the issue down to this particular policy which was created by CCP: sdmappfwp2p_CCP_LOW (When this policy was removed from the wan interface the issue vanished). The default config of this policy was as follows:
policy-map sdmappfwp2p_CCP_LOW
class sdm_p2p_edonkey
drop
class sdm_p2p_gnutella
drop
class sdm_p2p_kazaa
drop
class sdm_p2p_bittorrent
drop
I first removed the highlighted drop command from the edonkey class and reapplied the inspection policy to the WAN port and the issue remained resolved!
While this fixed the issue and I was able to block eDonkey traffic with just a simple outgoing ACL to block tcp port 4662 I find it very strange that a eDonkey inspection policy would cause such problems for eDonkey traffic. I know for sure this is the only change made on the router and I'm just scratching my head at what I've found. Is it a bug with NBAR? Mostly I'm just curious as the issue is already resolved.
View 2 Replies
View Related
Jul 25, 2011
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies
View Related
May 1, 2013
I have 3x site-to-site vpn connections setup on my Cisco 2911 router which is based at Head Office. They all connect OK but there appears to be some ports blocked.Access any applications using HTTPS Our Proxy Agent uses port 8280 - When the internal address is used, it doesn't work. When the public address is used, it works. Printers are unable to use scan to email - Port 25.I'm confident that nothing is being restricted at the remote sites as all of these functions worked on our old Head Office router.All i want to do is allow ANY traffic to and from Head Office and all the VPN sites. I'm fairly new to this type of router having made the jump from small business equipment.
View 2 Replies
View Related
Dec 25, 2011
I am having one router CISCO2911/K9 (Cisco 2911 w/3 GE,4 EHWIC,2 DSP,1 SM,256MB CF,512MB DRAM,IPB). But now my management asking me to upgrade this router as CISCO2911-SEC/K9.
What will be the BOM for this up gradation.
View 2 Replies
View Related
Feb 3, 2011
My sent packets are 0 and also received packets. What can I do?
View 3 Replies
View Related
Jul 20, 2011
I use a wireless adapter to connect to our home network but its stopped receiving packets but is sending them. It has worked fine for ages now it just randomly stopped. The network works with everything else (laptops, Xbox and iPods) but my pc wont receive anything. Also our home connection has no password as we live in the middle of nowhere.
View 8 Replies
View Related
Oct 29, 2011
I am having a really hard time with a computer that has a wireless connection. Specifically the internet keeps going out. The computer info is that of the affected computer and not the host computer to which the router and modem are connected.
View 2 Replies
View Related
Sep 9, 2012
How come my packets sent are so high.
View 3 Replies
View Related
Jan 13, 2011
I've got a lot of these messages in my logs from SVC users:Code:
View 13 Replies
View Related
Mar 27, 2012
How can I prevent them from seeing the data i receive & send i was told vpn was a route to take but after some searching i found a lot of threads saying different is vpn a best way to go about blocking my isp from seeing data received & sent
View 1 Replies
View Related
Oct 22, 2012
I was wondering what could cause this, because every time this message shows up in the log I lose internet connection for about 1 minute then it comes back up. Let me know if I need to get any config info.
View 8 Replies
View Related
May 12, 2011
Problem Host A unable to reach Host B, trace route from Host A it reach to Router B but the packet unable reach to the Host B here the 1st level troubleshoot I did
1. Traceroute and ping success from router A to host B
2. Ping success from router B to host B success
I wonder the packet reach to router B but it didnt pass to Host B.
View 5 Replies
View Related
Jan 20, 2011
When i check the status of my Internet Connection I notice that the sent and received bytes keeps increasing. I'm sure there are no downloads taking place that I'm aware of. No torrent clients, no antivirus nothing. I checked my PC for malware but that didn't work. As a result of this, i keep getting high pings in online games and can't even watch videos in youtube anymore. like, some software to monitor all the programs that use the itnernet connection without my knowledge or something??My primary concern is gaming (Call of Duty 4) so I wouldn't mind this idle downloading (whatever it is) as long as the major chunk of my internet connection is directed towards Cod4!
View 5 Replies
View Related
Jan 20, 2011
This has been happening of late. When i check the status of my connection, i notice that the "sent" and "received" bytes keeps on increasing when i'm idle. I'm pretty much sure there's no downloading of any sort in progress that I'm aware of. As a result of this, I can't watch videos in Youtube or play online games due to high ping.
View 6 Replies
View Related
Jun 24, 2011
Got to set up a site to site VPN to one in a clients office and we're struggling to get Phase 2 working, just seems to loop around saying "Received encrypted packet with no matching SA, dropping" which to me means the ACLs arent mirrored correctly?
View 3 Replies
View Related
