I am looking at this doc to use an ASA + 2911 to do Policy Based Routing with multiple ISPs.From the linked doc, under the PBR scenario, what should the IP addresses be for the routers connection to the ISPs? It isnt labeled.
View 4 RepliesI'm on my way of taking the CCNA Exploration, and even though I haven't got to the LAN Switching and Wireless course, one question does bug me. In your average LAN, does your average switch has an ip address, or is it a 'dumb' device like a repeater ? Is the same true for layer 2 switches and layer 3 switches or is there a difference in terms of IP addressing ? Can you even assign an IP address to a switch ? Would you want to do that and why ?
View 5 Replies View Relatedcan i use both class B and class C at the same time?If so, what should i do with class B? and with the other Class C?i got 500 computer into 5 segments
View 2 Replies View RelatedI need to provide logical addressing this network using class C but I have been given no address to start with, only the network diagram:
[URL]
How do I even start this? How do I know which address to use?
I have a IBM T23 laptop that I have reformatted and am trying to log onto my wireless internet via a linksys pcmcia card which When I try to connect it tells me I have private IP address and I am not sure how I can reconfig so that I can connect via my router to the internet.
View 2 Replies View RelatedKeep getting DHCP timeouts 169.254.x.x addressing. I think that the client laptop is not giving a response to the REQ from the DHCP server. Am I correct in my interpretation of the debug?
00:21:d7:93:f9:40 from Disassociated to Idle
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [00:21:d7:93:f9:40]
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 Username entry deleted for mobile
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 apfMs1xStateDec
*apfReceiveTask: Jan 18 13:48:24.162: 58:94:6b:d0:41:08 Deleting mobile on AP 00:21:d7:93:f9:40(0)
*DHCP Proxy DTL Recv Task: Jan 18 13:48:37.073: 58:94:6b:d0:41:08 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 29, encap 0xec03)
*DHCP Proxy DTL Recv Task: Jan 18 13:48:37.073: 58:94:6b:d0:41:08 DHCP processing DHCP DISCOVER (1)
[code]....
I have a customer using a RVS4000, DHCP is enabled; the unit is set as gateway but there are no DHCP address assingments coming from the router.
View 2 Replies View RelatedI read in the RV082 user manual can I configure a Ip address class C in the LAN interfaces.I need to know if the router support a class B addressing.
View 1 Replies View RelatedI have been assigned to create a basic IP Addressing Scheme. The company has a single class B private address range of 172.16.11.0/16 and it needs to be divided into four subnets. They are all based on a single router.
Subnet A: 500 hosts
Subnet B: 200 hosts
Subnet C: 50 hosts
Subnet D: 20 hosts
How can I subnet them correctly and how would I make an addressing scheme for each subnet? (Host range, server, peripherals, gateway address? etc.)
Is there any limitations of network size for an interface in a WLC 5508? Any recomendations of netmask size? Maximum /24, maximun /21?
View 5 Replies View RelatedHow does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed
I am carving up an internet Class C for customer. This class C is used by 3 distinct QA, Corporate and Production firewalls. I want to carve up IP space so there is a /26 for each environment. The issue I have is the firewalls may need communication with each other via the public IP space. Currently I don’t have any L3 switches in between the firewalls and the edge internet router. So with subnetting, it would seem I need to push everything through the internet router for the intra-firewall communication.I would rather not push this traffic through the edge router, so I came up with an idea to allocate all firewall outside interface IP’s in the 4th (last remaining) /26. That way, I can allow firewalls to communicate over the primary interface IP’s, which will all be in the same subnet – without going through a routing “engine”/device.
For the actual environment subnets (NAT's on respective firewalls), I create a static route on the edge router pointing to each of the firewall’s primary IP’s for the respective environment routes (the first 3 - /26’s).This is still a beta design, but I have done this before on small scale when ISP gave me 2 subnets for example, assuming I was going to put a router in between the customer firewall and ISP. I would use the “routed subnet” on the ASA interface, and then pull the NAT’s from the other subnet. The ISP would have to add a static route directing the NAT subnet to the “routed subnet” correct IP - which would be the firewall outside interface primary IP.I recently found out that with ASA OS 8.4.3 and up, ASA will not proxy arp for IP’s not in its local interface subnet. This means the ISP/router will have to assign static ARP entries on the edge router. This can get messy after the first few NAT entries. So I am debating the design now. I think this kind of stuff going forward won’t be worthwhile with newer ASA 8.4.3 code.
How to communicate between different ASA’s, while still carving up the Class C into usable smaller subnets? The primary reason for doing this in the first place is to support routing on the edge router. I am thinking it might be time to ask for another Class C to do the routing functions, and keep the firewalls all at Layer 2 in one /24 - Class C?
I am getting ready to setup avtice/standby failover on our ASA 5520's and have run in to an issue.I currently only have one External IP address available. My Idea was to use a private/placeholder IP address for the standby external IP Address, will this cause any issues with the failover? I know I won't be able to access the secondary from the outside, but that is not an issue.
View 2 Replies View Relatedi have used hierarchical addressing in my tcl program. when i run the code, it produces the error, str2addr:Address 146672855 outside range of address field length 1024. what's his error?
View 2 Replies View Relatedhow can enable addressing ipv6 in router linksys EA4500? I need access on the terminal of router?
View 1 Replies View RelatedI am having one router CISCO2911/K9 (Cisco 2911 w/3 GE,4 EHWIC,2 DSP,1 SM,256MB CF,512MB DRAM,IPB). But now my management asking me to upgrade this router as CISCO2911-SEC/K9.
What will be the BOM for this up gradation.
What specific commands are needed to configure qos on a router?
Two sites:
Cisco 2911 (site 1 ) Cisco 2911 (Site 2)
Data Vlan
Management Vlan
I want to configure QOS on Site 1 where the Data Vlan traffic is always marked higher than the management Vlan coming from Site 1.
I have one router 2911 with the following image c2900-universalk9-mz.SPA.151-4.M4.bin I have two IPS on this routers and I tried to configure the IP SLA on this and I`m not able to do it and I don´t know why. I can configure almost everything but not the IP SLA command.this is the config:
track 10 ip sla 1 reachability
delay down 10 up 1
!
track 20 ip sla 2 reachability
delay down 10 up 1
!
[code]....
What I need to do in this case? or why cannot configure the IP SLA?
I have a cisco 2911 router that is located in my head office LAN and I use this router to connect to my branch networks. I want to configure IP SLA Monitor on this router to track my WAN Links but it does not support the command IP SLA Monitor. My IOS VERSION is c2900-universalk9-mz.SPA.151-2.T1.bin. how I can configure IP SLA on my router.
View 4 Replies View RelatedI have a router Cisco 2911 with two possible Wan interfaces out and a backup configuration using IP SLA. When the Primary Interface goes down the traffic is automatically rerouted through the Backup Interface, but the problem I have is that when the traffic is going through the Backup Interface (because the Primary is down) if the Backup Interface also goes down, if the Primary goes up, the traffic is not automatically rerouted to the Primary Interface. And it looks to me like it keeps trying to goes out the Backup Interface and cannot see that the Primary is down. I guess that the pings are going out the backup Interface and as it is down the router doen't receive any anwer to the ping and doesn't change to the Primary.
The main configuration related to the IP SLA is this:
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0
description backup Interface
ip address 175.xx.xx.10 255.255.255.252
ip nat outside
[Code]....
We have 2911 with HWIC-4ESW. System image file is "flash0:c2900-universalk9-mz.SPA.152-1.T1.bin"_2911#sh inv NAME: "CISCO2911/K9 chassis", DESCR: "CISCO2911/K9 chassis" PID: CISCO2911/K9 , VID: V05 , SN: FGL16011005
[Code]....
The problem was that HWIC-4ESW no longer pass traffic although showing that the interfaces are up rebooting the router solved the problem. What IOS is more stable and not subject to this problem?
Recently i attempted to build a LAN 2 LAN VPN tunnel from an Asa to a 2911 running zone based firewall. This was a standard IPSec psk tunnel nothing fancy. I got the tunnel to establish but i could only get traffic to encap on the Asa side and decap on the 2911 side. I couldn't get return traffic.I followed this doc here for classic IPSec in the last example. URL
And I am sure the Asa is right I built a ton of those but I am new to zfw. I did not see anything about a NAT exempt rule. But since everything uses real IPs instead of NAT I wasnt sure and I could not find any info. Do I need to do NAT exempt? If so do you use a route map on the end of you NAT overload config line like in the past?
Also I have a zone-pair to "self" and I was not sure if I needed anything there to be able to ping the inside interface of the 2911 when the tunnel is up from the remote end.
I have to build HA environment, at the moment we have only one R1 and WAN1 but company wants to buy R2 + WAN2 and have HA between the routers, in case R1 or WAN1 goes down the other router will take over.
What would be standard methodology nowadays to do that - does HSRP will do what I need or it is better do some other way?
What are the max number of T1's that can be bundled on a 2911 router?
View 0 Replies View RelatedI need a interface v.35 on 2911 router, but it does not have WIC slot, it has EHWIC. Could some one told me if there are a card with V.35 interface that I can install in this model of router?
View 2 Replies View RelatedI have the following setup where the Cisco ME 3400 provided by the ISP.
My Cisco 2911 is configured as below:
CORE_Router#sh run
Building configuration...
Current configuration : 6075 bytes
[Code].....
I have a problem I am running into... I replaced a 2621 with a 2911. The 2911 has three interfaces and I need to use all of them... Description:
gige0/0 dhcp static IP from ISP, public IP, they assign me 4 more usable public IPs gige0/1 broken into four VLANS, 108, 109, 120, 127, ip nat on 109 for them to get to the internet, and a static translation on 127 for the phone system to get to the internet gige0/2 assigned another public IP. A tenent has a linksys router on this interface, they want a public IP.
The problem is that this setup worked, but when we moved to the 2911, some nat translations are failing, and we would like to figure out how to minimize the number of public IPs we use (right now it is three + the static assigned dhcp). The nat that is not working is the nats to the 2001-3001 range. I am not sure why it is failing, but the router seems to indicate it thinks some of these overlap. This router is also doing a vpn to an asa... that seems to be working fine.
Current config:
Current configuration : 6072 bytes
!
! Last configuration change at 14:31:44 UTC Thu Aug 2 2012
! NVRAM config last updated at 14:31:50 UTC Thu Aug 2 2012
[Code]....
I've got a 2911 with a primary ethernet link to the ISP, with BGP running over it. There's also an ADSL module in it, which will connect into the same ISP AS. how do i configure BGP over the ADSL so that it sits there doing nothing until the primary link fails? Do i need to setup a new instance of BGP with a different AS on the router or can it sit in the same AS as the primary link?
View 1 Replies View RelatedI thing that i find some bug in the newest IOS 15.1.4M.
The case is falow:
I start to configure failover for the costomer - make default route, make the default path but i cant find the comand IP SLA monitor. Is some meet this problem with this IOS or just Cisco make some chenge in the CLI commands?
Tomorrow i will try with IOS version 15.1.1T.
I have a 2911 router that I am trying to use a h.323 gateway for faxing purposes.Right now I can 4 digit dial and 10 digit the number and my analog phone answers, but when I try to place a call I get a fast busy immediately (as soon as I pick up the receiver)
View 1 Replies View RelatedWere bringing up a new site shortly and I'm trying to configure Serial0/0/0 which will be connected to an MPLS over 1.5m T1 line. I am basically doing a simular configuration as other sites where one of the ethernet interfaces is handed off from a fiber optic wan, but a T1 MPLS is connected to a WIC card and this provides a redundant path (though slower) in case of a fiber cut or equipment failure. This should be pretty straightforward but it appears as if I have no serial interface on this router. Card is in and everything, it is a VMIC-3-1MFT-T1/E1 in EHWIC 0.
View 7 Replies View RelatedI want to connect a RPS2300 to a Cisco 2911 router to provide power backup.I have two questions ,Easy one : if the 2911 PSU (internal Power Supply Unit) fails, how to confirm the RPS2300 provides power to the 2911 with no reboot of the 2911 ?,Tricky one : After we replace the broken PSU, will the 2911 reboot or not as power revert from RPS2300 to internal PSU ?
View 4 Replies View RelatedI purchased a 2911 router and a 25-pack of VPN licenses (PID: L-FL-SSLVPN25-K9=).I registered the license, and supplied the serial number of my router when asked.I received a .lic license file.When I attempt to install the license on the appliance, I receive an error:
% Error: Install failed. UDI L-FL-SSLVPN25-K9=:FTX1542AKJ3 on license does not m
atch any device
0/1 licenses were successfully installed
0/1 licenses were existing licenses
1/1 licenses were failed to install
However, the following establishes that the serial number is correct:
SFGallery#show inventory
NAME: "CISCO2911/K9 chassis", DESCR: "CISCO2911/K9 chassis"
PID: CISCO2911/K9 , VID: V04 , SN: FTX1542AKJ3
NAME: "C2911 AC Power Supply", DESCR: "C2911 AC Power Supply"
PID: PWR-2911-AC , VID: V03 , SN: AZS153303LY