I have two routers 2921 and 2821. Also 2 WAN Links from two Different ISP's. Presently I am using Static Routing with PBR for traffic shaping.
Now I want to use BGP Routing in my network. What is the requirement for using BGP. Does ASN need to buy or the ISP will provide ?
We are setting up an old office building as an offsite data center. The network cosists on a PIX 501 firewall and a 2811 router. I am attempting to setup a GRE tunnel over IPsec back to the main office. The main office consists of a PIX515, a 2821 router, and a 2921 router.
There is also an ASA5510 in our main office that is used as our primary connection for all of our external services and as a GRE endpoint for our other offices. The PIX515 is used to connect our main office clients to the internet and we would like traffic between it and our offsite data center to go across it as well. The default route is to use the ASA. We used policy based routing on the 2821 and 2921 routers to direct the appropriate traffic to the PIX515. Right now I am not able to get the tunnel setup. It appears that the offsite datacenter is sending packets but is not receiving any when I issue the “show crypto ipsec sa” commands on both firewalls. I will show the output of that command below.
Main Office The external address 198.40.227.50. The loopback address 10.254.10.6 The tunnel address 10.2.60.1
Offsite Datacenter The external address 198.40.254.178 The loopback address 10.254.60.6 The tunnel address 10.2.60.2
The main office PIX515 Config :
PIX Version 7.2(2)
!
interface Ethernet0
mac-address 5475.d0ba.5012
nameif outside
security-level 0
ip address 198.40.227.50 255.255.255.240
[code]....
We've got a cisco 2821 router which periodically stops routing all traffic. It seems to happen about once every 2 weeks, and I can't find anything that could be causing it. There are no entries in the log and the router stays up and running but requires a restart to begin processing traffic again. We're running 12.4(13r)T11.Any thoughts, or troubleshooting steps to track this down?
View 7 Replies View RelatedI start configuring Cisco 2821 router for multicast . First short description and attached sheme explanation. Let we say I have small network with 100 users. One router and Cisco switch 3560. Two VLAN’s, one for data another for multicast. Data from internet works fine but now I want to connect multicast servers (or source of more multicast streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?
First step: enable multicast routing
Second step: on both interfaces (Fe 0/1 and Fe 0/2) - ip pim sparse-mode
Third step: configure switch that users are connected to access port in VLAN 222 (temporary to see if multicast work)
When I start VLC on computer nothing happend. If I try to connect computer on same subnet where is source of multicast streams it works fine.What I am doing wrong ? Is there anything about routing ? All subnets are directly connected. RP is not needed if I have one router or ?
I have just bought myself a Cisco 2821 ISR.At present in my home I have a Cisco 2621XM. Fast Ethernet 0/0 is connected to a 3524XL as a trunk to provide my LAN with inter-vlan routing. it works great. Fast Ethernet 0/1 is connected to my ISP's cable modem and uses the command "Ip address dhcp" to get an IP and all other info from my ISP.FA 0/1 is Ip nat outside and the FA 0/0 and all sub interface like 0/0.1 .24 .168 etc all ip nat inside.I get intervlan routing and access to the internet via this router.I have this 2821 to replace the 2621XM as I plan to run CME on it and want gigabit routing on my vlans as at the moment on the 2621 routing between vlans it at half duplex or seems to be.I have configured the 2821 to ip nat outside on gig 0/0 and ip nat inside on gig 0/1 and all of the sub interfaces (same setup as my 2621 but with gig ethernet)I have no access to the internet at all but I can ping www.google.co.uk and other domain names from the terminal session when I am connected to the 2821 via the console or telnet/SSH. the gig 0/0 has an IP assigned from my ISP too but no other nodes on the network can ping outside.Am I missing something here? the version of IOS is V 15.
My access list goes someting like
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
and so on
I still cannot access the internet.....
I have a Cisco 2821 Router. Its ethernet Interface(E1) is connected to an ISP's Gateway.The outside interface IP is 207.x.x.1, The ISP has given 6 public IPs (202.x.x.1- 202.x.x.6) to use in LAN.
I have configured the router`s Internal Interface(E0) with a public IP address. (i.e. 202.x.x.1)
My Internal LAN PCs are in a private range of 192.168.1.0/24 subnet. Now I wanted my PC users to access the Internet while the Routers public IP remains on internal interface. How can I do the same?
I am trying to set up a new router for training.I am attempting to my First BGP multihome.
The router is a 2921.We have a bonded t1 line and a metro ethernet connection
we have 2 /24 networks 1 /23 and 1 ipv6 /48 ,Behind the cisco router we have 3 Open BSD firewall Pairs, that are used to segment the networks into the production, development and my lab.
one of the /24 and the ipv6 block are veriably subneted, these are the routes that I am having troubles with.I am attempting to aggregrate the /24 and the ipv6 block to go out to the internet.
they show up in the routing table as advertised but you can not reach any hosts through the cisco router.
here is the bgp config
address-family ipv4
network 24.104.xxx.240 mask 255.255.255.240
network 204.17.xxx.0 mask 255.255.254.0
network 204.138.xxx.0
[Code]....
i have a router 2921 with the aproprieted voice card for E1 and licenses. I would like to know how to configure it for incoming and outgoing calls. I already configured the ephone and SIP phones for internal calls. now i just need to configure it for send and receive external calls.
Router:
IOS: c2900-universalk9-mz.SPA.153-1.T
CME: 9.1
ISP from Brazil:
type: E1
signal: R2 Digital
Channels: 32
Phone Number Iniital: XXXX-9250 (main)
ephones-dn numbers: 9250 to 9280
I have bought DRAM MEM-2900-2Gb for 2921, and received the following error...
Validation failed for DIMM0
*****System halted*****
%SPD info: DIMM0: Invalid DIMM type (only UDIMMs are supported)
It seems that Cisco mentioned, in their data sheet of 2921 ISR, that it can support up to 50Mbps. However, from Google search, it says 2921 can handle 100Mbps with no problem.I am planning on getting 2921 ISR in small office where only ~10 people are connected to it. And we do have two different line of 100Mbps ISP internet line and wish to share them in the office.I am confused why ~$2k router can not support 100Mbps where ~$100 consumer routhers like Linksys has no problem with handling that speed. The reason why I am planning on 2921 is the rich feature like Voip solution (CME) it offeres. I have several remote offices that needs to be connected with Voip phones. and I could go with UC500 series but it seems to me UC500 does not support IP Phone 9900 series.
View 5 Replies View RelatedWe have remote office where we have 2921 router with 6 layer 2 switches. We have few servers which need to be in specific vlan.
2921 router does not have switching engine we are using this to support VOIP.
So on 2921 router i created 6 sub interfaces for each vlan and assign them to their specfic vlans. Then I have trunk connection to switch 1. Now switch 1 connects to all other switches in the network. As our company design all layer 2 switches should be transparent mode. i tested them i can ping from one switch to all other switches.
Router vtp mode i set to transparent mode and from all switches i can ping the router sub interfaces.
I will be getting a WAN connection to a few offices and I have a need to control routes recieved and advertised to/from them. The service provider will be placing a CPE device on-site and will support OSPF with my edge router; in this case a Cisco 2821. That 2821 router will ideally be configured with OSPF routing toward my two core switches.
-> C2821 to NOT have the full routing table from the Core switches
-> Only needs knowledge of two routes from the Core switches and routes from remote offices.
-> Controlled routing advertisements. I do not control the remote offices and would like to ensure they do not accidentally advertise routes into my enviroment that could create a conflict.
I'm assuming the Service Provider will be running BGP on their CPE router, which will mean that the OSPF routes recieved by my Cisco 2821 edge router will be OSPF E2 routes. So if thats the case the 2821 would need to advertise E2 routes.I'm not sure if I should be configuring the 2821 in Area 0...because its meant to be a WAN edge router; but if I configure it in another area...say 200...the Service Provider may configure his CPE router in Area 0...which I'm guessing would pose a problem as the 2821 would be lodged in between two area 0s?
From the reading I've done it sounds like I could use NSSA...but I'm not sure if this is the best design.
I have a CISCO2921. I am not able to bring up its gi0/1 interface. It stays down down.
[URL]
I know that interface is not coming up because of "no media" below. Router#sh int gi0/1 | i media Auto Duplex, Auto Speed, media type is no media
I have tried media rj-45 and media sfp which have also not worked. The other end of this link is ethernet handoff. What is it that I have to do for the link to come up? If I change the connection to gi0/2, I think that will work because I see this for gi0/2:
Router#sh int gi0/2 | i media Auto Duplex, Auto Speed, media type is RJ45
configuring up a 2921 router for remote site which is fitted with 24 port Etherswitch module.As part of this setup I have defined 3 vlans on the router, but when I go onto etherswitch and for example set switchport access to access vlan 3 it is not aware of this vlan.Do I have to set up trunk inbetween Router and its etherswitch?Wish I had ordered seperate switch as it would have been easier or am I missing something.sho vlan-switch shows my vlans but on swicth sho vlan brief does not.
View 10 Replies View RelatedAn interface on 2921 router is not coming up. When I shut/no shut the interface, I see this:
Router#sh log | i 0/2
Oct 17 08:55:06: %IP_VFR-7-FEATURE_DISABLE_IN: VFR(in) is manually disabled through CLI; VFR support for features that have internally enabled, will be made available only when VFR is enabled manually on interface GigabitEthernet0/2
Oct 17 09:00:35: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
[Code]...
I have a 2Fe-2W Card and wanted to find out if it can be picked up and installed on a Cisco 2821? Below is the version
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(8a), RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
System image file is "flash:c2800nm-adventerprisek9-mz.124-8a.bin"
According to my boss every 3 to 4 months he has to restart our 2821 with a 16-esw module installed because of a low memory issue dealing with CEF. Here is the exact error message.
%% Low on memory; try again laterJun 8 11:18:51.777: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" Jun 8 11:19:51.823: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" %%
Low on memory; try again later
%% Low on memory; try again later
%% Low on memory; try again later
Jun 8 11:20:51.868: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" Jun 8 11:21:51.914: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed
This is for a short temporary time until I get cisco 3560s in place. I have a 2921 configured and it is connecting to an HP non managed non VLAN switch and I cant get any traffic to pass from my computer to the router (pings or anything). Here is brief configuration that should be enough. [code]
Here are my vlans 1-default, 2-management, 192-data, 92-voice, i believe its running rapid spanning tree protocol. Do i have to take off encapsulation on my data vlan to get it to work or make the data vlan default vlan for everything. I am lost as to why this is not working.
I have a 2921, and I have 4 network segments. In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.How can I do that?
View 7 Replies View RelatedIs it possible to configure a Cisco2951 and a Cisco2921 in HSRP?
View 1 Replies View RelatedI have a 2921 with 4 segments: [code] My DHCP server is 172.16.5.2 and I need to serve clients from 172.16.2.0/23 by MAC address and only to that segment.
View 2 Replies View RelatedWhat I’m looking to do is setup a net-flow monitor for traffic going across a PIX firewall. I know unfortunately I can’t do this directly from the PIX because it does not support net-flow.
I do have a 2921 router on the same network that I have net-flow enabled to monitor traffic across the MPLS Connection.
Since the traffic for the MPLS is going out a direct interface I have applied the IP Flow egress/ingress commands to that interface to obtain the net-flow data I need. The PIX firewall however is not a direct interface so this can’t be done. I have done a little reading and believe I could use a policy map to create a “filter” so that any traffic that meets the ACL associated with the Policy-Map would get sent to net-flow monitor.
My question is how do I set that up so that so I can have the two net-flow data “streams/sources” go to separate net-flow ports so that I can monitor them independently of each other or is that not possible?
Both devices are connected to a 3750X switch; however neither is connected to a 10GB port. To my understanding that means I can’t run net-flow on the switch itself.
got a RPS2300 with 4 cat3750g48ts on it (yeh I know - Cisco documentation allows only 2 of them ). What will happen if I connect an additional Cisco 2921 router?
View 0 Replies View RelatedI have a 2921 where I am shaping some traffic based on sub net on my lan. I have applied the shaping policy to the lan interface in the outgoing direction.
Topology is as follows:
ISP - ASA - ROUTER - LAN
Policy map:
Policy Map shape-lan
[code]....
I am seeing a lot of no-buffer drops on the policy and I am wondering what the best solution is to solve this:
Class-map: tc-class (match-any)
8730680 packets, 10803689863 bytes
5 minute offered rate 4453000 bps, drop rate 0 bps
[code]....
Should I just be increasing the queue-limit or should I be changing something else?
I have a 2921 router and want to use mpls feature. Right Now we are using c2900-universalk9-mz.SPA.151-4.M1 image but mpls static cross connect” is not working with this image. And will this image(c2900-universalk9-mz.SSA) be worked?
View 2 Replies View RelatedI can not find any information about management port of Cisco ISR 2911, 2921 and so on. There is management port in specification of 2911 and 2921 and I do not know if this port can be as a simple Ethernet port – forward traffic in/out on L3.
View 2 Replies View RelatedI have a 5412zl 10.215.x.x/16 Most of the connections on this switch are on vlan1. B9 is the port which is connected to a Cisco 2821 Router. The port on that end is GE0/1. The port on the cisco side is not a trunk but configure with an ip of 10.215.1.30/24 Its part of a some ip access group. The network that i now sit on is a 172.x.x.x/24 (behind cisco router, about 3 hops to that main 2821)We current have a system on my side that talks to a server on the 10.215. that has no issues. I'm trying to access some switches on the 10.215. and have had no luck reaching them.
Here is the access list that i found that port is configured to use:
permit ip 10.215.0.0 0.0.255.255 172.18.0.0 0.0.255.255 permit ip 10.254.0.0 0.0.255.255 172.18.0.0 0.0.255.255 permit ip 10.215.0.0 0.0.255.255 172.14.0.0 0.0.255.255 permit ip 10.254.0.0 0.0.255.255 172.14.0.0 0.0.255.255 permit ip 10.215.0.0 0.0.255.255 192.168.2.0 0.0.0.255 permit ip 10.254.0.0 0.0.255.255 192.168.2.0 0.0.0.255 permit ip 10.215.0.0 0.0.255.255 192.168.20.0 0.0.0.255 permit ip 10.254.0.0 0.0.255.255 192.168.20.0 0.0.0.255 I would think the first permit would allow me to get through to the 10.215 side but maybe i need to set something up on the hp size to let it know how to get back? I'm very new to this stuff.
I have 2821 router configured with two subinterfaces. This router is connected on cisco 2960 switch. The trunk on 2960 is configured without any prunning of vlans. I noticed that udp broadcast traffic is being forwarded through my router on native vlan 1 (this interaface do not have ip address configured). Below is configuration:
Router:
interface GigabitEthernet0/0
no ip address
duplex auto
[Code]....
Currently I have a network that looks like this:
ASA5510 - - - Internet - - - ASA5510
| |
EIGRP EIGRP
| |
2821 -----------MPLS----------1841
BGP
The MPLS connection is currently down, I'm trying to run a failover Site-to-Site VPN over the internet. All of the examples I've read have both connections involved in the failover coming out of one device. Since I'm not working that way, what is going to be the best way to failover? Do I need to set up some sort of IP SLA in the config? Or can I somehow weight routes in EIGRP in a way that the connection will failover from Internet to MPLS when the MPLS goes down and vice versa when the MPLS connection comes back up?
What is the maximum VPN Clients that could be connected to cisco router 2821, with this IOS c2800nm-adventerprisek9-mz.124-20.T.bin
View 3 Replies View Relatedthe cisco 2921 Router has a default ip hhtp access class command found in it. Just i changed the default IP to the new ip i will use.The Router is accessable from the LAN only but not from the internet configured the Public ip . I think this is due to the standard access list 23 . how will i access the Router from the Internet using the Public IP.
View 6 Replies View Relatedhave a 2921 with 3 segments, let's say 172.16.0.1/24, 172.16.2.1/23 and 172.16.5.1/24
How can I browse for computers (in Network... Windows xp/7) from other segment?
I have 2 links to 2 different departments switch with an up link of 10mb. I want to guarantee that both departments get at least 5mb, but can use part of the other 5mb that not in use. Is this possible?
View 3 Replies View Related