I have a pair of physical ASR 1002 routers, called ASR-1 and ASR-2. I setup HSRP on both ASR-1 and ASR-2 on both g0/0/0 and g0/0/1 interfaces, nothing complicated, just straight forward HSRP.
Now Cisco TAC told me that HSRP is NOT supported between physical ASR routers. WTF!
Furthermore, they told me that HSRP only supported within a single ASR because of multiple routed processors. In other words, you can setup HSRP with a single physical ASR but not with two physical ASR routers.
HSRP can not supported with two physical ASR routers?
I have one ASR 1002 router and one GSR router. when i insert SFP-OC48-IR1 module with GSR and connect 100 Mb link that comming from MUX then the GSR port is up but when the link is connect with ASR with same module the port not going up.i had cross check the module GSR to ASR but the problem remain same.
I have Cisco router ASR 1002-F on which I have created two subinterface, Gigabitethernet 0/0/1.333 and Gigabitethernet 0/0/2.111. I try to bridge those two subinterface but no success. I can create bridg-group and everything needed but I can not add subinterface to specific bridge-group. If I try write command bridge-group on subinterface there is not even possible to chose this command.
OK ran into a little problem with getting this to work. Only group members participate in the encryption process, correct?
I have numerous remotes all coming into one central location. I set up a KS and have currently only 2 of the remote routers set up as GM's, with the intention of the others coming into play as I move forward. Here is basically what I have in my KS and GM's:
So I applied the crypto map to the serial interfaces on my routers on either side of the cloud (central-ASR1002 and remote-ISR1841). When I did this, ALL the remotes went down and I'm not sure why. Even the ones that didn't have anything to do with gdoi. Ya, it wasn't good. I thought that only the group members would be affected.
Is it the fact that my acl is encrypting any to any? Surely I don't have to reverse that and have two statements with the same syntax. I'm basically just trying to encrypt all traffic from specific remotes back to the central side. However, I'm trying to do it without taking down the rest of my network .
I have route-map defined on my ASR 1002 12.2(33)XNE and applied to my gi0/0/1 interface. I need to change the IP address defined on the "set ip next-hop ..." line. My question is, when I make the change in just the route-map definition, does the change take effect immediately, or do I need to remove and re-apply the "ip policy route-map ..." statement on the interface? If I do have to remove and re-apply, will this be service-affecting for all the traffic flowing through the interface? I'm just not sure what to expect.
I have Cisco ASR 1002, code XE 3.4.1 doing site-2-site VPN with an ASA managed by another company that I have no control over running 8.3 (I think).the site-2-site vpn is very easy straight forward as follows.
I have 2 sub net directly connected to a ASR 1002. This is the configuration
interface GigabitEthernet0/0/0 ip address 193.145.14.114 255.255.255.252 negotiation auto [Code] ....
The interface gi0/0/0 is connected directly to 193.147.14.113/30 in another router. And the Gi0/1/1 is connected to my internal infra structure. From my router I can ping 193.145.14.113 . So. I configure my PC with default-gateway 193.147.107.3 (ASR).
From my PC
I can ping 193.147.107.3 (gi 0/1/1) I can ping 193.145.14.114 (gi 0/0/0) But I can not ping 193.145.14.113 (the other point connected to gi0/0/0)
Why???? It is a IP inside of a sub net directly connected to the ASR. Why the ASR is not doing routing? ip routing is enable.
I am planning to implement SSL-VPN (Any Connect) on an ASR 1002 router running IOS-XE Software Version 15.1(3)S2. I need to use LDAP for user authentication, and need to understand what are RADIUS/ TACACS requirements to use LDAP. Do I need to use Cisco ACS or can I use something like Microsoft IAS or Free Radius?
I'm trying to upgrade the ASR 1002 we just purchased and am having some issues (this is a new device and is not in service). I first tried upgrading the ROMMON using the upgrade rom-monitor filename bootflash:asr1000-rommon.150-1r.S.pkg all command, but the upgrade didn't seem to work completely. When I do a sh platform I get the below output showing 15.0(1r)S: [code]
no valid BOOT image foundFinal autoboot attempt from default boot device...Rommon upgrade requestedMaximum upgrade attempts exceeded, continuing with old Rommon...
I've also tried upgrading the IOS, but that is not working either. I tried "boot system flash:asr1000rp1-advipservicesk9.03.02.00.S.151-1.S.bin" command, but that did not work. I made sure the image was good using the "verify" command and made sure to set "config-register 0x2102". After I do a wr me and reload the router I get the below errors. [code]
how can I monitor and prioritise traffic on a ASR 1002? Currently we have allowed another organization to use our 1GB link and we would like to monitor what sort of traffic flows through it and want to prioritise the traffic depending on the applications.
As soon as I connected my ASR 1002s to the Internet and digested the Internet BGP table, I began receiving this message. I’ve google’d and turned up nothing so far. I assume I need to allocate more memory to this process.
I've been working with a company in the UK to get a PTP connection setup between Minneapolis, MN and Chicago, IL. At each site with have a ASR1002. The connection is made via a fiber connection from Level 3. Level 3 is just handling layer 2 and we are to take care of everything else. As of right now they can see the mac address of the Minneapolis port in the Chicago router. But, I can't see theirs. Nor can I ping the Chicago router. The config that was give to me by the higher engineers is simple enough.
I have a cisco ASR 1002 I have plugged a host into an addressed port and the port comes up however the host cannot ping the router and the router cannot ping the host. Neither can router ping its self. I do the same on a cisco 2800 router and it works fine. What's goin on. Is it the fact that this is a ASR router ?
I have implement MPLS L3VPN on my network to provide service to customer and right now we plan to have service VPLS on our same router. What is needed to run the VPLS in our MPLS network ? I heard that we need addictional switching module and upgrade my IOS to support it but I am not sure.
I want to terminate the IP Sec VPN tunnel on the Cisco ASR 1002 router, but it shouldn't have be bedirectional traffic to the other end., and it should be answer only, We don't run tunnle over GRE (no IPSec profile), just IPSec only. I found there is a command "crypto map *** client configuration address respond" but it looks it is global command and we have lots of VPN terminated on the Cisco ASR 1002 router, How can we configure the "Answer Only" for only one specific VPN tunnel and it won't impact the others?
We have a deployment of 400 store. Each of those have 2 GRE tunnels running over MPLS & 2 GRE Tunnels running over Internet leading to our 2 data-centers. At each Data-Center, we have 1 ASR-1002 connecting both MPLS & Internet MPLS tunnels (800 total per router).
I saw in the documentation that OER & PfR cannot support more than 20 external interface (in our case GRE tunnels) per MC. Does it means that we need to have 20 routers acting as MC to be able to use PfR for our Internet GRE tunnels ?
Is there any more scalable solution for this ? How big company address this issue when they have a lot of interface to run PfR ?
we are replacing network equipment at one of our sites. The network will have 12, 3750X switches(6 stacks) - one stack will be the core. A 1002 will be the WAN router to the Main campus. The 1002 will connect to the core via 2 ethernet cables. I'm debating whether to use L3 or L2 between the router and Core. I've heard that routing is more efficient if L3 is used and also I will be able to create an L3 etherchannel between the 1002 and Core switch. See the attached doc.
I am looking upgrade my ASR routers to a newer code. I am running asr1000rp1-advipservicesk9.03.03.01.S.151-2.S1.bin now. Would like input on what a good stable version is. I am not bleeding edge so the latest version I won't trust.
I have been looking at google to find out the values for Mean Time between Failures for some routers but no luck, coz i have to finalize the Service Levels and the Architecture of different type of sites. web page where i can find these values for the below mentioned models.
Any router (I'm considering ASR 1002 with 10GE SPAs) that can support the following:
-10GE interfaces -can handle 1.5Gbps but scales up to 5-6Gbps different seasons -take on full internet routes from 2-3 providers -will live on the internet edge
We are having Cisco router 1002 ASR and 2841 switch. Some times perticular VLAN user will not be able to access the network but from the same switch others VLAN users can able to access. We were getting ARP entries in router but we cannot ping the IP's. Even we clear the ARP entries. Once we restart the switch users can access the network. We have changed vlan ports, uplink too. but problem not solved. and we observed CPU utilization will be going 70-80% some times and at same time switch hangs.
Can any share some useful links on how this works and how to configure it? Do you still need to configure FHRP or does configuring redundancy take care of active/standby relationship between the ASR's?
I was asked to configure a new ASR 1002 today and after successfully puttintg the config on the router (via TFTP) the router will no longer communicate with anything. There is nothing in the config to cause this (it was actually pulled off a working production ASR 1002) and I am unable to ping a local loop back IP while consoled into the router?? I removed the config, reloaded the router and configured a new loop back - same issue cannot ping the loop back or anything else connected to this router.
