Cisco WAN :: 7204 / Moving T1 Branch Office To Metro Ethernet?
Jan 31, 2012
I am preparing to move two branch offices from a point to point T1 connection to Century Link Metro Ethernet.Currently my branch locations connect to my HQ 7204 router via a channelized DS3. I have a 4507R at HQ that I will connect the ME circuit to.We will also be moving our Internet connection on the ME circuit.Our service provider Clink will hand me a single Ethernet handoff for the Internet and branch office connections. For the first phase I will connect one branch office using ME. Once that is in place and tested we will move another office and so on. Then our final step is to move our web connection to the ME circuit.Each branch office has their own unique voice and data subnet. They each have a 2801 router and a 3560 switch. The routers are MGCP gateways with only one PSTN connection, a POTs 911 line on a FXO port.
So my questions are;
1 - Should I connect the ME directly in to the 3560 at the branch offices or use the Fa0/1 on the 2801? Fa0/0 is currently connected to the 3560.
2 - On my 4507R at HQ how will I configure the ME switch port? As a dot1q trunk port?
3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).
4 - On the 4507R will I need to configure a vlan interface for each branch subnet?
I attached two network diagrams. One represents our current topology (MEexisting) and the second represents the new ME circuit changes (MEprojected).
View 5 Replies
ADVERTISEMENT
Apr 11, 2012
I am trying to set our VPN connection to route to our branch office from a VPN Client. So far I did not succeed and at this point I am stuck.At our office we have a VPN Server which enables VPN Clients to connect to our main office with an IP Range of 192.168.104.0 with subnet 255.255.248.0 and a branch office with a IP Range of 192.168.25.0 and a subnet 255.255.255.0Internally on the LAN the routing is done by our firewall, which acts as DHCP and Default gateway. It connects the 2 LANs by a leased line.When I ping an IP address in our branch office from our main office I get a reply.
Now when a VPN client connects it gets a IP Address in the range of the main office from our firewall and the client can connect to all computers in the main office network. However if i try to connect to a computer in the branch office it does not work.I tried a static route in the Routing and remote access Server (which is Windows Server 2003 R2) and I tried adding a static route to the DHCP settings on the firewall. In both cases it does not connect from the VPN Client to the branch office.Searching the internet, since the examples are all based on a setup with a RAS Server on both networks. The LANs are already "integrated"/"physicly connected" trough the routing on our firewall and its leased line.
I also tried settings on the VPN Clients machine. Settings like "Use gateway in remote network" on or off and tried adding static routes. This did not work, since the Default gateway I must use is not on the same range as the home network and returned an error trying that.What I noticed is that the VPN Client gets a route which uses the VPN CLient IP as default gateway. Makign a static route like that will work (I think), but since the IP addresses for the VPN clients are obtained through DHCP and can vary each time, there is no way (i think) to automate adding a route with, for example, a batchfile that I could give to the employees connecting trough VPN because of the variable IP.
View 10 Replies
View Related
Feb 20, 2012
I curently have 2 Data centers connected with a Metro Ethernet Connection. Each Data Center has 6500 with Sup720s. The Metro Ethernet connection is currently conected by a L3 routed interface. I now need to enable VRFs between the locations and want to determine the best way to adjust the Mero. I was considering adjusting the routed interface to use Ethernet sub-interfaces. Each VRF would be given a different subinterface over the Metro Ethernet connection. I have done this on internal LAN connections but am concerned about exteding across data centers over Metro E.
View 1 Replies
View Related
Apr 23, 2013
I have a problem with a branch office setup, and I can't for the life of me think of what the problem is.I have a remote office setup, using an ASA 5505 that is set up to establish an easy vpn connection to the central network. The connection at the branch office is a 20/5 cable modem, the central network has a 25/25 fiber connection.
The issue I have is this. Wired clients work fine at this branch office, at least 95% of the time. I have a lightweight AP there that can come up and join the controllers at the central network, no problem. I haven't done anything with H-REAP because there are really no resources locally they need that would allow them to do their work, so all traffic is tunneled back to the WLC.
Wireless clients can authenticate to the AP, and I can get 15-20ms ping responses from them all day. Latency never comes close to the 600ms proposed limit with CAPWAP. Yet, for some reason the performance of the clients is problematic. Webpages will frequently not load correctly, they experience some freezing, and with one application we use - it refuses to load completely.If we bring these same computers to an AP connected to our central network, on the same SSID, they work flawlessly.
Something about this particular location is causing a lot of grief for our users.For what it's worth, we are running WCS 7.0.230.0 and the WLCs are on 7.0.116.0. The ASA is running a pretty basic configuration, pretty much out of the box with the easy vpn configuration entered.
View 7 Replies
View Related
May 22, 2012
I'd like to connect through a VPN the HQ office to a Branch using two ASAs.I have a 5520 in the HQ and 5505 in the Branch Office.My problem is in the Branch office where I have a dynamic IP (ADSL).
I couldn't find a example this kind of configuration.
View 7 Replies
View Related
Aug 1, 2012
We have AT&T Managed MPLS service are our datacenter and our branch office locations. AT&T has provided the routers and simply give us an ethernet connection. We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router. Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet. What I'd like to do is better utilize this cable modem/ASA5505 setup. Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.
View 2 Replies
View Related
Jun 29, 2011
I've followed Watchguard's instructions for configuring a Branch Office VPN connection, and I'm unable to connect. I have configured the Watchguard gateway to accept remote-to-local connections and put in the Watchguard's public IP address as the local connection, and the WRVS4400n's public IP as remote.The Linksys has the local VPN group configured as 192.168.0.0./24 and the remote gateway as the Watchguard's public IP Address.When I connect it remains "down" and I"m receiving errors saying it could not authenticate. I have the passphrase the same on both sides with 3DES and SHA1 configured.Does the WRVS4400n support this type of VPN configuration or am I wasting effort?
View 1 Replies
View Related
Jan 26, 2013
I have got two 1841 and one 881 cisco router. I can keep any one of this router at HO and remaining at branch office. I have got a static internet IP at HO but dynamic IP at branch office. I want to setup a VPN to connect to HO from branch office through router. The branch connects through a private IP for internet purpose. Which VPN is the most secure and best for this purpose.
View 1 Replies
View Related
Jun 6, 2012
I have to setup what seems to be a very basic configuration, but it doesn't work. In our lab there is a cluster of switches with a 3550 that does all the routing for vlans. I need to simulate a sort of a small branch office that has one connection to the outside world (the lab network). [code] From the router I can ping any host on vlan 230 and other vlans,I can also ping the pc connected to e0/1.However from the PC I can only ping 192.168.1.1(e0/1) and 172.26.230.150 (e0/0) [code]
View 3 Replies
View Related
May 18, 2012
I have been told to connect our branch offices over outdoor point-to-point wireless CPE. The wireless brand is Orthogon. The Main office got cisco 4507 L3 switch where all building switches terminate. DHCP,DNS and all application are hosted in main office. The branch office got ONE 24 port POE Switch cisco 2960 where all users will be connected, On Port 0/24 of 2960 switch at branch will terminate the outdoor Wireless and other end will be terminated on 4/15 of 4507 at main office? what command I need at both interface where Wireless is terminated.when we connect floor switches to 4507 we got these commands on access switches
vtp mode client
vtp version 2
vtp password cisco1
vtp domain LIC
Fiber termination port configuration - switchport mode trunk
View 3 Replies
View Related
Dec 17, 2012
I am trying to configure access to several remote offices for users who VPN into our main datacenter. The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs. Branches all have 5505 or 5510's. Remote users use IPSec via the Cisco remote Client. Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches after Remote access VPNing (for support) i cant get that part to work.
View 2 Replies
View Related
Aug 2, 2011
We have used two Cisco RVS4000 to create the IPSec VPN between the main office and the branch office. The main office has SBS 2008. There is a Windows Server 2008 as the domain controller in the branch office. One branch office user has a laptop which is not in the domain, but his exchange account is set up in the Outlook. When he connects the laptop to the branch office network, he cannot connect to the exchange server and get the emails. Is there any configuration to set up in the router, server or Outlook?
View 1 Replies
View Related
Sep 7, 2011
What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup
<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services
<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services
View 1 Replies
View Related
May 1, 2013
My company uses a Sonicwall NSA 3500 as it's Firewall/WLAN controller and lightweight Sonicpoints for the private/public WIFI access. We are getting ready to implement wireless at one of our branch locations a few blocks away(We use Metro Ethernet to connect the 2).I know with the current firmware the Sonicpoints can't provision to the Sonicwall NSA over the Metro Ethernet like Cisco lightweight AP's can because the Metro Ethernet strips their VLAN Tags and obviously the Sonicpoints don't support REAP.what other options (short of installing another WLAN controller at the remote site) do I have to connect the AP's at the WLAN controller at our main location.
View 5 Replies
View Related
Jan 22, 2012
We are in the process of upgrading the bandwidth at a few offices. Each currently have a 2xT-1 connection but have high utilization on the circuit which is why they are being upgraded. We are trying to decide b/t either a partial DS3 or metro ethernet connection. Are there pros/cons b/t the two in order to decide which to go with? Cost is not an issue. Some say going with a partial DS3 circuit offers benefits over metro ethernet such as network-based failover, end-to-end availability is better with DS-3 and QoS.
View 3 Replies
View Related
Apr 21, 2011
my company will change WAN connection from HDSL (2Mb/2Mb) to Metro Ethernet (10Mb/10Mb). Now, I have CISCO 1841 (12.4(15)T12 ) with 2 FE and HWIC-1T. Can i configure my Metro Ethernet (WAN Connection) on one FE or i need of "external wic" such as hwic-1FE ?
View 1 Replies
View Related
Dec 9, 2010
I am planning on implementing a metro ethernet circuit to replace a more expensive circuit to connect my office and data center. This circuit will be configured by the provider in a 'transparent' manner, which will allow us to pass vlans freely over the circuit without having to create a QinQ tunnel. This is a layer 2 only metro ethernet circuit.Planning on connecting the office end to a 3750 (switch A) and the data center end to a 2960 (switch B). The data center end will have a couple of other 2960s hanging off of it for server connectivity (switches C & D). I plan to use a 2811 (router A)for layer 3 connectivity in the data center. Switch B will plug into router A and switches C & D will plug into switch B using two port-channelled links. I can post a diagram if needed.I will use rpvst here and configure switch B as the root bridge.There are about 10 vlans that I use between the office and data center. Router A is also used to connect to other environments such as staging, production and also to the internet. I think this should be a straight-forward configuration since it is mostly layer 2. Should switch B be the root bridge?
View 3 Replies
View Related
Apr 7, 2013
I am trying to configure a new metro ethernet and have some questions about the configuration. The physical layout is a main office and two remote locations. The remote sites are point-to-point connections to the main office, tagged by the ISP with VLAN 130 and VLAN 140. The connections aggregate into one handoff at the main office, and are plugged into Catalyst 3750-X switches at all three sites.
View 8 Replies
View Related
Jan 30, 2012
Today my sw upgrade procedure failed on a ME3600 Series switch.
From the past with LAN switches i thought that we need to set IP settings manually in ROMMON and then load remotely an IOS via TFTP.
But it seems that this is not supported there.So now i would like to ask how can i bring a bootable IOS to the ME3600 switch. and at least: how can i bring back my switch to life.
I could imagine that there is a missing default gateway.But what is the syntax for default gateway? And after I have connectivity i need to work for the process of loading a bootable image to the switch.
View 3 Replies
View Related
Mar 6, 2013
Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office. The rest of the remote users will be still accessing the internet through VPN.
View 2 Replies
View Related
Jul 10, 2012
I have the possibility of upgrading a DS3 to Metro Ethernet, Gigabit connection. My dilemma is I have two VTP domains in my network. How can I get two VTP domains over one trunk to a remote site ?
View 0 Replies
View Related
May 24, 2012
we are setting up our first ATT metro ethernet connection. I have a Cisco 2960S at the remote site and I placed a Cisco 2960 on the Host site to test and had no issues. When I moved the Host site to our Nexus 7000, I can not get a link.. both sides are set as trunks,
View 6 Replies
View Related
Sep 19, 2011
I have a 50 Mbps metro ethernet connection between our main office, and our collocation site, where we store web servers, DR equipment and VPN access gateways. I have two Cisco 3845 ISR's connected to the metro E circuit. The interfaces on each router are configured as 100/full as requested by my ISP. We are connected via ethernet to a fiber media converter.
As I understand, CBFWQ will not kick in until congestion occurs on an interface. I also understand that the bandwidth command on an interface is to provide bandwidth related information to upper level protocols (like EIGRP, etc).
My question is that since the interface where I have CBWFQ configured on is at 100 Mbps, but my circuit is at 50Mbps, how can I get my routers to kick CBWFQ in when traffic demand exceeds 50Mbps+? Does the bandwidth command on the interface control that as well?
View 6 Replies
View Related
Apr 15, 2012
I recently ran into some problems concerning the use of a Cisco layer 3 switch (3560) as an Internet edge device to perform a simple static route between the customers network and the ISP POP router. Although this device can perform the routing at the edge for Internet traffic, I am concerned that this device has limitations when it comes to functions such as traffic shaping to the subscribed bandwidth of the Metro Ethernet access to the Internet. Since the 3560 could not conform to the 20 Mbps of subscribed bandwidth, any traffic beyond 20 Mbps was dropped causing performance issues with applications that use TCP. I am trying to find design documents or white papers that would either support or not support using a layer 3 switch as an Internet perimeter device instead of a router. I would like to know if Cisco has a specific perspective on this subject and whether or not they would ever recommend actually using a layer 3 switch model that is a 37XX or below?
View 3 Replies
View Related
Nov 19, 2012
I am running LMS 3.2 and can not see the Nexus 5596 / ME-3600X-24FS-M Cisco switches on Cisco works LMS 3.2. Where I need them most is DFM the devices come up as unknown. An example below 10.125.202.1 is NExus 5596 and the rest are ME3600.
208.10.125.202.1UnknownN/AN/A209.10.115.1.4UnknownN/AN/A210.10.115.1.3UnknownN/AN/A211.10.115.1.2UnknownN/AN/A212.10.115.1.1UnknownN/AN/A
going through the article below looks like its not supported
[URL]
What are the options I have next ? Can I upgrade to LMS 3.3 or only do an upgrade for DFM ?
Want to avoid LMS 4 as that's an installation from scratch.
View 2 Replies
View Related
Jan 18, 2012
I have a cisco 1841 running on a 10Mbps Metro-E connection. I recently signed an agreement for a 100Mbps Metro-E. I am wondering if I will need to purchase a new router to support this new connection or will my 1841 be able to handle the traffic.
View 5 Replies
View Related
May 23, 2011
I have a cisco 7204 vxr that terminates a 300 meg ethernet circuit asn well as an mpls DS-3. CPU increases along with utilization of the ethernet circuit. When the utilization gets to around 150 Mbps on the receive, the cpu is maxed out at 100%. I am wondering if the router can support the amount of traffic coming through it. The majority of the traffic is voip using g729 codec, so packet size is small. We are no where close to peak utilization and cpu is at 39%. Here is what I see currently:
#sh verCisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(15)T4, RELEASE SOFTWARE (fc2)Technical Support: [URL] 1986-2008 by Cisco Systems, Inc.Compiled Thu 13-Mar-08 10:40 by prod_rel_team
ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1)BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
uptime is 3 years, 1 week, 3 days, 6 hours, 40 minutesSystem returned to ROM by Reload CommandSystem restarted at 08:26:49 UTC Wed May 14 2008System image file is "disk2:c7200-advipservicesk9-mz.124-15.T4.bin"
This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.
[code].....
View 5 Replies
View Related
Dec 19, 2011
We have a cisco 7204 VXR and would like to know the module which has two fastethernet port. We tried a PA-2FEISL-TX but it did not work.
View 1 Replies
View Related
Mar 6, 2012
Today we got a new cisco 7204 with NPE-G2 , so we wanna to configure to root for the internet so here is my scenerio
1- Public Ip address =155.155.155.20
2 Private Ip Address =192.168.2.0 /24
3- Gateway = 155.155.155.1
4-DNS Server = 194.155.12.133
Interfaces:
1- Gigabite 0/1 - We put this for Public ip address
2- Gigabite 0/2 - and this for Private Ip address
how to route this for the internet . after routed we want our client computers to get internet from Gigabite 0/2 Interface
View 8 Replies
View Related
May 20, 2012
is 633+ seconds (approximately 10 minutes) load time normal for a Cisco 7204 router? I find that it takes forever for the router to do :Self decompressing the image". I tried the latest IOS and tried different bootloaders but it doesnt seem improve it?
View 2 Replies
View Related
Feb 28, 2010
We have point to point metro ether net link terminating on 7204VXR router.On this point to point link we are configuring GRE over ip sec. Problem is when the traffic exceeding 8mbps we started getting packet drops. from the Cisco documentation it seems the tunnel bandwidth is by default 8mbps and there is parameter like Inherit/receive but those actually not change the tunnel interface bandwidth.If we just give tunnel bandwidth with bandwidth mentioned it allows me to give option of 100mbps but again the tunnel interface bandwidth remains 8mbpos only and probably that 100mbps is useful only for routing decisions.
i am using advance security 12.4.15T12 image. Whether this is a limitation or any other way to go beyond 8mbps for the tunnel interface (7204VXR-NPEG1 processor)
View 18 Replies
View Related
May 8, 2011
One of our Routers 7204 rebooted unexpectedly. I try to access Output interpreter but is not working. The output from our router is the following:
WAN-ROUTER#sh version
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(15)T2, RELEASE SOFTWARE (fc7)
[Code].....
View 7 Replies
View Related
May 22, 2011
I would like to find out what the status is of the Cisco 7204 VXR and 7206 VXR routers?I understand they are EOLife and EOSale.Are they also EOSupport? we planning to upgrade 3 of them in our environment and management requires feedback around this.We thinking of going the ASR1000 route..
View 15 Replies
View Related
