Cisco WAN :: 3725 / The Order In Which Packets Are Processed
Nov 12, 2012
I am implementing traffic export on the WAN interface of my 3725 router. I use a dialer interface for PPPoE which is applied to the Fa0/0 interface. This dialer WAN interface has Zone Based Firewall, NAT Outside, ACLs applied to it, as well as IP Traffic Export for an IPS. In what order would each of these items process a packet? In other words, is the order something like ZBF, ACL, IP Traffic Export, then NAT? How would QoS fit into something like this as well? I am asking because I am wondering how much processing the packets receive before they are mirrored over to my IPS.
i'm working on a QoS troubleshooting issue, I want to know the order how the QoS ACLs will be getting processed.For example I have configured the ACLs AF11, AF12 and AF13, in what order switch will process the ACL? does it in a ascending order fashion?
We have the problem that MPLS labeled packets are not being processed on EHWIC-1GE-SFP-CU if L3PDU + Shim-Header exceeds 1500 bytes.When we move the config exactly to the on-board Interface Gi0/0 it works with put any problems. [code]
we have some problem with GRE traffic which is processed by CPU and not by CEF.In sniffed packets I can see a lot of "TCP window update" packets. I found that some kind of GRE traffic are forwarded to CPU, like packets with IP options or TTL=0 but non of those are seen in the sniffed packets.
under ASA Version 8.0:Are NAT's processed from top to bottom or general to specific?I have a many-to-many NAT that is taking precedence over a one-to one-NAT. In what order are they processed?
I am a traffic shaping newcomer and need some guidance as how to BEGIN to approach a problem with traffic. We have been rolling out Windows 7 at sites and the additional traffic it causes on installation is considerable as it has to request information from our central site to populate My Documents and Outlook mailboxes.This has caused some problems on sites as there traffic rates increase to the point that QoS is not sufficient to protect voice traffic and delays and one-way audio are being experienced.One question is this - is GTS a solution or is CBWFQ within GTS the solution or is something else preferable? The sites involved are data/voice with a variety of routers.Second question is this - if we have a remote site with a 3725 router as the WAN aggregator with one 4506/Sup IV and one Cat 3550-24-PWR the shaping should be best placed on the 3725, correct? Also, are there issues with shaping incoming/outgoing traffic as I seem to have read?FYI, the 3725 router has 12.4(8d) with IP VOICE/NO CRYPTO IOS version. The 4506 has 12.1(23)E4 with basic L3 feature set.
I have a 3725 router and would like to upgrade the slot:0 compact flash to a higher capacity. My question is, I can just pick up a 4GB compact flash card from walmart, or do I have to have a card from Cisco?
any 3725 IOS image that supports the ip sla command? I tried searching for it using the feature navigator but i received something like "15T" and I'm not too sure what that is.
I'm trying to bring up two t1 and bundle them into a multilink on a 3845 on one end and a 3725 on the other end. On the 3845 I have installed two VWIC-2MFT-T1-DI and on the 3725 I have installed two VWIC-2MFT-T1 and a 1DSU/CSU-T1-V2.
For some reason I'm able to bring up the T1's on the DSU/CSU WIC. When I try to connect the T1 on the other WICs, on the 3845 I see SLIPs and Interface Resets however on the 3725 there is no errors however I still see UP DOWN.
I have a Cisco 3725 router with IOS version "Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(12)". And this router is serving as a CE route for our MPLS connection to the service Provider. We do also have multiple VRFs ( around 10) and the WAN interface is DS3. So we created point-to-point subinterfaces and we put them in different vrfs. We have now transitioned to a new ISP and the ISP requested us to mark all of our outgoing traffics with DSCP AF31. So I have created the following policy-map
policy-map TRAFFIC-OUT-WAN-AF31 class TRAFFIC-OUT-WAN set ip dscp af31 class-map match-any TRAFFIC-OUT-WAN match any
Now we do have multiple GRE tunnel interfaces sourced from one of the WAN subinterface ( which is a member of VRF A). So the moment I applied the the policy-map on this WAN sub-interface (using the syntax "service-policy out TRAFFIC-OUT-WAN-AF31"), most of the GRE tunnels went down. And there is eBGP running on top of these GRE tunnels.
I work for an ISP and we are currently bonding 5x 6Mb ADSL connections for use as a wireless backhaul. We are currently using a Cisco 3725 and bonding the links via MLPPP. This set up is working fine except that we are not getting the full 30Mb on the download side. We are seeing more like 18 to 20. I am wondering if we can acheive the full speed with our current set up or will we need something different to get the job done.
I'm trying to migrate the running-config from our old 3725 router to our new 3945e router. Almost all of the config is copied over except for a few lines that come up as unrecongnized commands. So it looks like these commands were either removed or changed to something new.
I have been using a route map to pick WAN exit points (PBR) on a 3725 router. This have been working fine with /24 networks. I am trying to pick the first /28 piece out of the 10.1.1.0 network and send it out a different exit from the rest of that network. I have tried the /28 entry at the start and end of the route map, although I thought the first match would stop any further route map processing. The entry does not seem to have any effect, as traffic from all addresses in the 10.1.1.0 /24 network exit per the "route-map 10-LAN permit 11" section.
access-list 5 remark Ten Dot 1 low 63 IPs access-list 5 remark SDM_ACL Category=2access-list 5 remark Ten Dot One Low 63 IPs access-list 5 permit 10.1.1.0 0.0.0.63 log [ code]....
I have a 3725 routeur configured to receive the PPP/ATM/DSL connexion of our customer. I have found that the routeur has created 1035 virtual-access (1035 is his max) but I only have 85 customer on this router
I have 3725 router with internal CF and external slot for CF. I tried upgrading and ended up deleting the iOS version on the internal flash, and can not now put the iOS back!! I turned it off.... so there was no active iOS..
I have tried formatting the CF card on an 1841 but the 3725 won't read it. It is obviously stuck at ROMMON
What is the correct way to format a CF card so my 3725 will read it and I can get an iOS back on it!!
I am setting up multiple vlan interfaces on a pair of HSRP Routers that will provide layer 3 routing for a network. I am seeing this command sporadically show up in the router config mac-address-table static 0000.0c07.acd2 vlan 210
I am not entering this command. So far, it has not shown up on the companion 3725 router. I have a 2nd vlan I have just created and the problem hasn't shown up for that vlan as yet.Using C3725-ADVSECURITYK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3) on the routers.
I seem to be having a problem with DNS name resolution after configuring my router (Cisco 3725 running IOS image: c3725-adventerprisek9-mz.124-25.bin) for handling DHCP requests.
Before I made the change, everything was working correctly; I could ping Google.com from a computer inside my LAN and would get response from one of Google's public IP's like normal.
I had a separate DHCP/DNS server running Windows Server 2008 handling the DHCP request and DNS queries.
When I made the change, I turned off the DHCP/DNS server and issued the following DHCP commands to my router:
I'm trying to configure a SPAN session on a Cisco 3725 router, but it won't let me complete the command. The router has two Fast Ethernet interfaces: 0/0 and 0/1. I'm trying to configure a SPAN session with Fa0/0 as the source interface and Fa0/1 as the destination interface. [code] But when I try to configure the session, it seems like it's giving me the option to configure the SPAN session, but in the end the router won't let me: [code] When I type "?", why would it give me the option of using the Fast Ethernet interface as source port, then when I try to execute the command, it doesn't like it?
In what order the 8 cables go into the octal plug.The cable is a X.21.DTE 8 LEAD OCTAL part No 72-1100-01. The cables are not in numerical order (as in 0 to 7 as per the serial ports). I'm trying to trace cables and don't have a spare cable to examine. So far I think the order is 0,4,5,1, 2,6,7,3?
I read that there are internal and external flash memory in 3725 router that can max up to 128mb. So adding the sizes of internal and external flash memory, will that total to 256mb?
And also is the internal flash of 3725 just the same with its external flash?
I had the 2 circuits go down at the same time from our ISP and I had to power cycle the router and when it came back up I went from VA # 2 to now VA 3#....I know what is what but it is confusing for my counterpart and I can not remove the old entry for VA#1 and VA#2. [code]
I'm developing a project where I use the SNMP protocol to discover the network. By discovering the network I mean go through all the routers and switches and retrieve the IP routing table from routers and the forwarding table from switches. With the routers I have no problem. For the switches I need to know for each port the MAC addresses and the Vlans. Basically it's use SNMP to find a port number from a MAC address. To do that i followed this tutorial: [URL]
The problem is that I'm using a Cisco 3725 Router with IOS 12.4 (21) and a NM-16ESW module to work as a Switch and when I use the OID .1.3.6.1.2.1.17 corresponding to the BRIDGE-MIB as it follows:
From this I guess there's no information on the router about Vlans or anything. Other thing is that when I use community string indexing it returns a timeout. My theory is that this version doesn't support indexing but I don't know.
how can I get the Port Number from a MAC address from this "switch" (it's a router working as a switch) using SNMP?
I recently upgraded my 2811 router with an AC- IP power supply, and installed a HWIC-4ESW-POE, with an Inline Power Daughter Card (ILPM-4) installed on the HWIC.
The second I turned the router's power on, there was a spark and a burning smell. Everything still works, except POE. Examining the card, I see it caused a circuit on the ILPM-4 motherboard to blow, and there is black residue everywhere. This is a Genuine Cisco power supply, but why it's done this.
Furthermore, when the power supply was first installed, it had so much electricity (and I know this is why the card got toasted) that touching the end of the console cable or an Ethernet cable connected to the router, or even the router chassis, would cause you to get a small electric shock, like touching a mild electric fence. Clearly, the power supply I installed is "too-powerful", but it is a 2811-AC-IP and nothing should have caused this.
I was wondering to understand if there is an specific license in order to enable NBAR2 in my ISRG2 892 with IOS 15.2(3)T. If not, what is the basic license I need to have for NBAR2 ?
I have got two 878 integrated services routers and I need to configure them as transparent bridges in order to connect 2 remote sites over ATM.
As I'm testing the topology, I configured two switches (representing the sites) at each end with a VTP domain. VTP works while the switches are connected directly with eachother, but it won't work with the bridges in the middle. [code]
I'm trying to find out what is the minimum downtime for a Cisco 2800 series LAN interface configured as DHCP client, in order to initiate a new DHCP discover. How much time does it need to take for the Cisco to "sense" the phy disconnection ?
We are configuring a twice-nat to send traffic for scansafe, its on a asa5505 ve 8.4(3) on a remote location for the customes. The nat redirecion is working but we also have a VPN tunnel to the corporate network. Through the tunnel we need to reach a http server. The problem we are having is that when we add the scan-safe nat, all http traffic gets redirected to scansafe, includind the traffic to the http server on the corporate network.
10.2.1.0 ---<ASA5505> ---Internet,scansafe ---- <Corporate> --- 10.1.1.0 the http server is 10.1.1.75 the remote location network is 10.2.1.0/24