Cisco WAN :: 3845 HSRP With Multiple Interfaces / Groups
Jan 24, 2011
I have 2 routers ( Cisco 3845's) both running identical IOS's. Each router has identical 5 networks on it with one network each being different.I have HSRP set up on the identical 5 networks.Your standard Fail over senario.ON one of the routers one network is not seeing the other router in the same network, Will not Ping or traceroute.And HSRP stopped working ( both were thinking they were active. which of course brought the network to a halt. Non of the interfaces has any ACL on them, They are plugged into a Brand new Cisco 3560v2 switch. I have switches out the cables to eliminate that as an issues.
View 1 Replies
ADVERTISEMENT
Feb 15, 2011
We have multiple RA VPN groups on a 3845 router.RADIUS authentication is currently happening between the 3845 and a single Windows 2008 server. We have a specific windows group that AD users are members of, and they are allowed to connect via VPN.
I'm creating a new RA VPN Group, which should only allow different AD users. Is it possible to create another RADIUS association to the same server, or do I need to authenticate against a different Windows server?
View 1 Replies
View Related
Feb 24, 2013
i have a question about multiple TACACS Groups. I want to archive the following:
A Cisco 888 is managed by me and a Provider Support Team. Since we both want to access our own TACACS Server, i want to create two TACACS Groups. Is it possible to me, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ? Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in V LAN 1.
The service technicians from the Provider are connecting to the external Interface or through a possible Lo. (another IP). I do not want to mix our 2 TACACS+ Server and theirs together in one Group. So have anybody tried this before ?
View 8 Replies
View Related
Aug 26, 2012
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
View 4 Replies
View Related
May 6, 2012
I got the error in object when I try to add a new HSRP group in new vlan.All the HSRP group has the same HSRP group the 2.another way to provide clients's default gateway redundancy for each Vlan intead to use the HSRP?
View 4 Replies
View Related
Sep 22, 2011
I am trying to find out what the maximum amount of HSRP/Standby groups a Cisco 3945 will support. I found this link that I think says 256 URL.
View 6 Replies
View Related
Nov 24, 2010
I understand on older IOS codes If the same hsrp group number is assigned to multiple standby groups, it creates a non-unique MAC address. Is this true on newer codes like 12.2(52)SE for 3750 & 3560?
View 4 Replies
View Related
Mar 12, 2013
We have two 3845 routers set up using HSRP at two locations (4 routers total) connecting inside to a pair of ASA 5520 (Active/Passive failover) on each side. These links are used for internet access and they work great under normal operating conditions - they fail over and fail back without issue. How ever, two weeks ago our operations guys started a new data replication procedure going across these links via an IPSec tunnel created between the ASAs. This seems to have created a situation where the IP SLA tracking is not be able to receive the ping back from the upstream router on the originating side. [code]
I have our SIEM set up to notify me whenever the router logs a State change and I got about 10 a day
View 2 Replies
View Related
Feb 6, 2013
I have two Cisco Routers 3800 series for my internet traffic (2 ISP). I configure HSRP on the interfaces gigabitethernet and at the main router I put the multilink interface to track. When the connection drops to the main router traffic does not switch on my second router.
View 1 Replies
View Related
May 13, 2013
I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24
Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
View 3 Replies
View Related
Apr 23, 2012
So in our DMVPN network, we have this Cisco 3845 hub router that is connected via a DS3 to the Internet, and our spoke sites usually have a broadband connection that typically have a maximum of 1Mbps upload capacity. We are getting ready to add a few more sites to our network that are connected to the Internet with 10Mbps upload speeds (and 50Mbps download). Spoke site routers are usually 800 series ISRs. We have seen spikes of 8-10Mbps on the hub router so far. So the question is that a site with 10Mbps upload speed transmit to the full capacity over a DMVPN tunnel or is it limited by other factors? What are those factors?
View 4 Replies
View Related
Nov 16, 2012
following is the capture of my configuration of HSRP on two switch layer 3 (LAB)
View 19 Replies
View Related
Nov 27, 2011
In my cisco 3845 router I can see output packet drop in some of the interfaces.I suspect that router is processing packet beyond its mix throughput limit. Moreover when i run show int fax/y switching command I can see packet drop by RP process.
View 11 Replies
View Related
Oct 24, 2011
As we all know, MS has changed the default workgroup names in different versions of windows. Additionally, you can rename your workgroup anything you like. I have XP, Vista, and Win7 computers, a television, BluRay player, a Wii, two printers, and a NAS with two USB drives attached. All of these -except the Win7- are wired to one of two switches. I have wireless: iPad, the Win7 notebook, Nintendo DSs. I have friend, and non-friend machines (computers, tablets, and phones) that come and go that are wired or wireless. The 3 windows computers all have the same workgroup name. All of my other units do not use workgroup names. I have a router, and two unmanaged switches, and have, on occasion, a second router. The main router, which has wired, and dual band wireless (each with two named wireless networks) nets, sees everything, by name and/or MAC address. Win7 is blind, deaf, and dumb.: it shows its own workgroup name, but no other workgroup name(s) , and, consequently, no unit on these other workgroups. It will show some wired units not in a workgroups - the television, and the printers (not the Wii or NAS). It will not show the wired XP computer! No wireless units either in workgroups or not in workgroups appear. Additionally, Win7 only shows units on its wireless network, not on the other three. The wired units it does show are not on any of the wireless networks, though it lists them on its wireless network.I have left the Homegroup, and terminated the Homegroup services. I have allowed discovery, and unlimited sharing of everything on every computer on the router, and yet the Win7 unit does not share or see well at all.Why?
View 2 Replies
View Related
Oct 4, 2011
I currently have a content group as follows;
content My_Group
add service blade1
add service blade2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie
[code]...
So I have 3 blades which are proxy servers and user go first to an MS ISA server then the VIP of the CSS and then the rules processes them give them a blade and chuck them out onto the Internet.
I want to leave the above rule, but remove one blade create an additional content group with that blade and have it process requests for a particular site so, I would create the following
content My_Group2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie
[code]...
So my question is can I do that having the same VIP's etc so if a request comes in and it matches www.thewebsite.com that the second content rule matches it 'better' and therefore processes it or would it still be caught by the "/*" content group. I don't want to create more VIPS as I have a real ache getting firewall rules done.
View 9 Replies
View Related
Jan 14, 2013
I have multiple campuses and a Central Admin...I've created Groups for all, except I need a few devices within Central to be available to the Campus Admins... (ie..a Cisco WCS System) How do I allow a device to be put into multiple NDG groups?
View 1 Replies
View Related
Feb 14, 2013
We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?
View 3 Replies
View Related
May 4, 2011
I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
View 1 Replies
View Related
Mar 7, 2013
I have an ASA connected to 2 ISPs.I am using object tracking for the default route so only 1 path is used at a time. I have a L2L VPN setup going out interface A. I would like to configure a 2nd VPN going out interface B with identical parameters.
(ASA software 8.2)
crypto map PATH_A 1 match address outside_1_cryptomap
crypto map PATH_A 1 set peer 10.1.1.1
crypto map PATH_A 1 set transform-set ESP-AES-128-SHA
crypto map PATH_A 1 set security-association lifetime seconds 28800
crypto map PATH_A 1 set security-association lifetime kilobytes 4608000
crypto map PATH_A 1 set reverse-route
[code]....
View 2 Replies
View Related
Apr 1, 2013
If I have a PI 1.2 system that has multiple interfaces configured I can upgrade to PI 1.3 and both interfaces remain and I can see both under the admin webpage under appliance interfaces. But if I do a fresh install of PI 1.3 I can only configure one interface. The commands fail from the cli to configure anything but gigabitethernet 0. Are multiple interfaces not supported in PI?
View 2 Replies
View Related
Jan 15, 2013
Having upgraded to 8.3 from 8.2 I and read much about the differences , it seems that 8.3 deals with NAT in a much more managed method.However I am confused on how one would NAT a network object to multiple interfaces? i.e I know you can specficy a NAT adddress within the network object howeveer this only allows you to specific a single IP address.What if I want to talk accross multiple interfaces how would I specify this?
View 5 Replies
View Related
Jun 16, 2011
We have an ASA 5510 firewall. There are 4 ports on it configured as 2 outside, one inside, and one DMZ. We have two cable modems attached to the outside ports. Our plan is to have the "inside" port directed to one outside port/cable modem, and the DMZ port directed to the other outside port/cable modem.
We have been able to get the "inside-to-outside" setup to work but not the "DMZ-to-outside" setup (at least at the same time).First off, is this possible? If so, what are we likely missing - some way to have a second default route for the DMZ?(My manager is the "Cisco person" here, not me, so I may not have enough info.
View 1 Replies
View Related
Aug 20, 2012
I am trying to enable a second WAN interface on our ASA.the end goal is to move all internet traffic to the new connection, but first i want to test it working.I have setup my computer as an object in the ASDM and the interface is configured correctly (same settings on a different router and that was working)I setup a route with a lower metric ( 1 lower than the default route which routes everything through current main internet interface) to route traffic from my computer out through the new interface but i am still connected on the old interface.I duplicated some of th NAT rules (but i would have thought if these werent working then i would have no internet connection anyway)
View 5 Replies
View Related
Feb 24, 2011
I am trying not to run before i can walk,.. so first thing I'm trying to do is ping out to a DNS server in the internet: 212.135.1.36 from my internal network.
- If I put a default gateway on my router, and set to 172.16.32.254 (Firewall Vlan100 interface) and ping,.. it works fine from my router.
- If put a default gateway on my switch below the router as 172.16.32.252 (VLAN100 interface of the router) and ping from the switch it doesnt work.
I assume its getting to the switch as I can ping the 172.16.32.252 from the switch so the router is dropping the packets... my question is why!?
Once this bit works,.. the intention is to route any external bound traffic that comes from VLAN100 to 172.16.32.254, external bound traffice from VLAN200 to 172.16.64.254 etc etc
[Code] .....
View 5 Replies
View Related
May 12, 2013
I have c3725 router that have two WAN interfaces, both of which I want to serve VPN clients. However, I have only one default route, say for WAN1, so how can I accept client requests on WAN2.
ps: I use vpdn and pptp, and I'm a newbie to Cisco router and IOS.
View 4 Replies
View Related
Apr 2, 2012
we use LMS 3.2 in our network. We have a couple of 6509-V-E Switches with mutiple interfaces (VLAN interfaces and Layer 3 interfaces) The problem is, campus manager discovers the switch by a interface randomly...one time its a lay3 Interface and another one its a vlan interface which none of them are in DNS hence no name resolution can be made.
Is there a way to "tell" CM to us for instance the VLAN Management IP of the switch?
View 2 Replies
View Related
Jan 3, 2012
I have a 5508-WLC appliance and configured multiple ap-manager interfaces to balance the join request from LAPs and the load.I went to console port from some LAPs and saw that there was that balance among multiple ap manager interfaces (Dynamic AP Management Interfaces). Then we torn down one of the ap manager interfaces and confirmed that the LAPs were moved to next ap manager interface automatically.But the question here is, how can I verify which ap-manager interface was used for a LAP from the WLC via GUI or CLI ?? or how can I see the amount of APs joined using that ap manager interface from WLC ?
View 2 Replies
View Related
Apr 10, 2013
I am trying to lab something up and I believe I am doing something incorrectly. My management VLAN works fine, the AP on port 7 finds the controller fine, but my VLAN 80 doesn't seem to be mapped to port 2. I mapped a test WLAN to the VLAN, and setup a DHCP scope, and a client can get on the WLAN, acquire an IP address, etc. I thought I coudl then map that VLAN (80) to port 2 and have it go out a cable modem. Doesn't seem to be working that way, however.
View 3 Replies
View Related
Sep 23, 2011
I have an ASA 5505 running 8.2(1), that is configured with three interfaces as follows:
Inside (security 100) 10.0.0.0 /24
Inside 2 (security 100) 192.168.0.0 /24
Outside (security 0) internet
Inside is connected to my internal network, inside 2 is connected to the network of a sister organization, outside is outside.
I'd like to be able to route between from inside to inside 2, and have NAT translate me to inside2's address.
I have inter-interface traffic configured, and when I use a NAT exemption, I can route fine. But the resources on network 2 must see my request as coming from the inside2 interface IP.
View 2 Replies
View Related
Feb 12, 2013
This is for an ASA 5505 with the base license...I have a situation where I will not have one interface in my outside VLAN, but instead I want to have interfaces 1-7 in my outside VLAN and interface0/0 in my inside VLAN.
Is this supported with the Base license, and if so how would I do this? Do I still just need to assign one IP address to the outside VLAN?
Or will I need to upgrade to the Security Plus license and put each interface in a separate outside VLAN, so in essence I would have 7 outside VLANs each with the same security level (0)?
My situation is that I have several partner networks that i want to "aggregate" thru my one ASA 5505. So each outside interface represents a separate partner (outside) network, each of which I want to get to from my inside network. Hence the many outside to one inside.
View 5 Replies
View Related
Nov 21, 2012
I have a virtualization server with 4 network interfaces and connected it to a SAN. There are few virtual machines which writes data to the SAN.
I want to connect to the SAN with multiple interfaces to speed up the network.
Is it possible to send data on multiple interfaces? How can I configure it?
Computers are connected to san through switch.
SAN: Equallogic PS 4100 E
Switch: Dell Power Connect
Computer: Dell T610
OS: Centos 5
Virtualization: Kvm
NIC: 8
I am not sure about network card brand now.
View 1 Replies
View Related
Aug 27, 2007
We have a customer that is relocating thier headquarters. They have a temporary requirement to bridge multiple vlans or a router T3 link to the new location as they cannot change the IP subnets. Setup is 3560 switch connecting to a 3845 then T3 to remote 3845 and 3560. I need to bridge multiple VLANs. I have seen a good example on how to do it over sonet but I don't see how to translate that to an HDLC or Frame Relay encapsulation for the T3 Link.
View 5 Replies
View Related
Dec 12, 2011
I created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group
View 3 Replies
View Related