What are the pros and cons of configuring a Switch Virtual Interface (SVI) versus a routed physical port between layer 3 switches?For example, if I have two 4506s and have a need to run HSRP and route between them which feature is better and why?
I have my wan connection on the eth0. The bandwidth is 2mbps. I am running qos on that interface saying 192.168.200.0/24 can use 80% of the bandwidth and 192.168.201.0/24 can use 20% of the bandwidth. I Also have vtun VPN inteface to our branch office. I also wan to run some qos on that interface. How do i go about allocating the bandwidth on this interface? it is actually going via the eth0 interface, but the system actually see's it a an independent interface on its own right, so it requires it's own qos policy.
I have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
I am preparing configuration (currently in lab) for Per-Tunnel QoS in DMVPN on ASR 1002F for one of our customers, and I came across one issue. According to restrictions for this feature, I cannot apply per-tunnel QoS in conjunction with interface based QoS. This means, I can provide shaping with hierarchical CBWFQ for each spoke, but I cannot guarantee anything on physical interface! What if there are services in native MPLS? I am also unable give reservations for BGP which is used on PE-CE link! How about monitoring spoke PE-CE links natively? I can only apply policy-map with class-default on physical interface. When I add anything related to queuing for that class (or any other non-default class) I get the message:
R1(config- pmap)class routing R1(config- pmap-c)#bandwidth 16 service-policy with queuing features on sessions is not allowed in conjunction with interface based
I have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Router 1:- interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt Router 2:- interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP Router 1:- interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100 [ code]... Router 2:- interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100 [Code]...
We have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections. We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?
ASA have two context groups say admin and and x. Its interface gi0/2 has 6 subinterfaces from 1 to 6.3 subinterfaces ----0/2.1 to 3 are in admin and last 3 are in context x.when i went to system context it does not show where interface gi0/2 belongs to it only shows up up.how can i find which context group physical interface gi0/2 belongs?
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
We have a 3745 LNS router, currently there are less number of users connected.when a user dials request authenticated and one virtual-access interface is formed in LNS router.Now the user is disconnected the vpn and connected to VPN again in this case, whether the user is connected to the same virtual-access interface which was assigned before disconnecting or different virtual-access interface is created.
I have got new cisco ASA 5580 running 7.2(4) on it when i am trying to configured Virtual interface on vlan 400 in Gi0/0.400 to LBASE.now the problem is from my MZ zone 10.242.107.17 to Lbase virtual interface 10.242.103.1 iam not able to ping.
I have a switch from SG 500 Series the works as Layer 3 Routing Switch with the Firmeware 184.108.40.206. I have create some diferent VLAN´s and have defined one ACL for each VLAN. Now i try to do a binding from the ACl to a VLAN but i have only the option to bind the ACL to a phys. Interface or a LAG.is the a possibility to bind the ACL to a virtual interface like in other Cisco serieses and how it works ? the Backround is i have connectetd 2 Hyper-V Server where the Guests are in different VLAN´s and the server is connectetd with a 10Gb Trunk to the Switch now the switch routed the different VLAN´s and i must have some restrictions between the VLAN´s.
We recently had a contractor deploy a 4500 catalyst switch with a WS-x45-SUP7-E. After installation and configurations, HP openview is detecting a "downed" interface on the 4500 chassis that is not in the configuration. I have attached an image with the interface circled. We assumed that it may be a configuration issue with openview, however after running diagnostics with a network analyzer, the same ip address for the down interface is still detected. Is this some sort of internal virtual interface on the SUP7?
I had the 2 circuits go down at the same time from our ISP and I had to power cycle the router and when it came back up I went from VA # 2 to now VA 3#....I know what is what but it is confusing for my counterpart and I can not remove the old entry for VA#1 and VA#2. [code]
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
I have a Cisco ASA 5505 and I have my internal and external interfaces configured but I currently cannot ping from the inside to an IP Address on the outside. I had this setup and working and I have another set of equirement that I am replacing that is working with my service provider so I know it is a configuration issue. When I ping 220.127.116.11 for example I get:
Destination host unreachable
Do I need to add a static route from my inside interface to my outside interfaces?
Is it possible to set up a WAN interface on a FastEthernet interface of a Cisco 877 Adsl Router ?Due to my ISP, i've to use an external VDSL modem and must connect it to my cisco 877 router (and leave it's adsl interface unused).But i don't know how to set up a wan port, other than the adsl interface itself (dialer0), on my cisco.
We are having Cisco ASA 5540 having Cisco Adaptive Security Appliance Software Version 8.0(5)23 at certain time of moment daily wer are facing latency and packetdrop wherin when I checked for ASA Interface which gives me " Input Errors" on outside interface ,so can any one tell me what are the causes to get input errors on cisco asa outisde interface.
I share a modem and router with my building, and connect to the internet using an ethernet cable which plus right into the wall in my apartment. When I hover over the network/internet icon it tells me that I have a local connection only and can't get online. No changes were made to my computer between it working and not working - I have not installed any new software and the modem+router have not been changed.
When I try ipconfig/release is says it can't perform the operation while the media is disconnected. It also tells me that "an error occurred while releasing interface Loopback Pseudo-Interface 1: The system cannot find the fie specified".
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (18.104.22.168) so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp 22.214.171.124 255.255.0.0 any eq 80 Pix(config)#access-list outbound permit udp 126.96.36.199 255.255.0.0 any eq 53 Pix(config)#access-group outbound in interface inside
Needing to bridge from my wic interface to an ethernet interface on a 2900 series router so that I can pass through the ip address given to the WIC, to my ASA so that I don't have to give my ASA a private range address. (Just like a service provider might do when bringing a T1 with managed router in to my prem)
I need to have some (maybe four) virtual network interfaces, one face of them connected to my laptop and another face bridged to one of my physical network interfaces.How can i do that?Ive tried VirtNet and Microsoft Loopback Adapter but no success.