Cisco WAN :: Asr 1002 Getting A PTP Connection Over MPLS Working
Nov 23, 2011
I've been working with a company in the UK to get a PTP connection setup between Minneapolis, MN and Chicago, IL. At each site with have a ASR1002. The connection is made via a fiber connection from Level 3. Level 3 is just handling layer 2 and we are to take care of everything else. As of right now they can see the mac address of the Minneapolis port in the Chicago router. But, I can't see theirs. Nor can I ping the Chicago router. The config that was give to me by the higher engineers is simple enough.
I have v4 mpls working fine but v6 refuses to work correctly.Looking at the ipv6 routing table for the VRF we can see prefix's coming from the remote PE's BGP is up in vpnv6 and ipv6 unicast.Everything seems fine but I just cant seem to ping between the sites.as mentioned, ipv4 works fine for the same vrf.
Can Cisco2951 work as an MPLS router. If yes what will be needed to make it function as an MPLS router? Else which alternative router can function as an MPLS router.
Purchased and configured 2951 router based on Telco specs that required T3/DS3 card with coax connection for MPLS. When telco showed up to install DS3 they handed me a UTP copper connection.... Can I use one of the Gigabit ethernet connections on the 2951 as my MPLS interface into the provider's cloud?
i m planning to use the 2921 router for both mpls and internet connection , to 2 different isp also am planning to use bgp with a public providor independant
What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup
<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services
<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services
I have one ASR 1002 router and one GSR router. when i insert SFP-OC48-IR1 module with GSR and connect 100 Mb link that comming from MUX then the GSR port is up but when the link is connect with ASR with same module the port not going up.i had cross check the module GSR to ASR but the problem remain same.
I have Cisco router ASR 1002-F on which I have created two subinterface, Gigabitethernet 0/0/1.333 and Gigabitethernet 0/0/2.111. I try to bridge those two subinterface but no success. I can create bridg-group and everything needed but I can not add subinterface to specific bridge-group. If I try write command bridge-group on subinterface there is not even possible to chose this command.
OK ran into a little problem with getting this to work. Only group members participate in the encryption process, correct?
I have numerous remotes all coming into one central location. I set up a KS and have currently only 2 of the remote routers set up as GM's, with the intention of the others coming into play as I move forward. Here is basically what I have in my KS and GM's:
So I applied the crypto map to the serial interfaces on my routers on either side of the cloud (central-ASR1002 and remote-ISR1841). When I did this, ALL the remotes went down and I'm not sure why. Even the ones that didn't have anything to do with gdoi. Ya, it wasn't good. I thought that only the group members would be affected.
Is it the fact that my acl is encrypting any to any? Surely I don't have to reverse that and have two statements with the same syntax. I'm basically just trying to encrypt all traffic from specific remotes back to the central side. However, I'm trying to do it without taking down the rest of my network .
I have route-map defined on my ASR 1002 12.2(33)XNE and applied to my gi0/0/1 interface. I need to change the IP address defined on the "set ip next-hop ..." line. My question is, when I make the change in just the route-map definition, does the change take effect immediately, or do I need to remove and re-apply the "ip policy route-map ..." statement on the interface? If I do have to remove and re-apply, will this be service-affecting for all the traffic flowing through the interface? I'm just not sure what to expect.
I have Cisco ASR 1002, code XE 3.4.1 doing site-2-site VPN with an ASA managed by another company that I have no control over running 8.3 (I think).the site-2-site vpn is very easy straight forward as follows.
I have a pair of physical ASR 1002 routers, called ASR-1 and ASR-2. I setup HSRP on both ASR-1 and ASR-2 on both g0/0/0 and g0/0/1 interfaces, nothing complicated, just straight forward HSRP.
Now Cisco TAC told me that HSRP is NOT supported between physical ASR routers. WTF!
Furthermore, they told me that HSRP only supported within a single ASR because of multiple routed processors. In other words, you can setup HSRP with a single physical ASR but not with two physical ASR routers.
HSRP can not supported with two physical ASR routers?
I have 2 sub net directly connected to a ASR 1002. This is the configuration
interface GigabitEthernet0/0/0 ip address 193.145.14.114 255.255.255.252 negotiation auto [Code] ....
The interface gi0/0/0 is connected directly to 193.147.14.113/30 in another router. And the Gi0/1/1 is connected to my internal infra structure. From my router I can ping 193.145.14.113 . So. I configure my PC with default-gateway 193.147.107.3 (ASR).
From my PC
I can ping 193.147.107.3 (gi 0/1/1) I can ping 193.145.14.114 (gi 0/0/0) But I can not ping 193.145.14.113 (the other point connected to gi0/0/0)
Why???? It is a IP inside of a sub net directly connected to the ASR. Why the ASR is not doing routing? ip routing is enable.
I am planning to implement SSL-VPN (Any Connect) on an ASR 1002 router running IOS-XE Software Version 15.1(3)S2. I need to use LDAP for user authentication, and need to understand what are RADIUS/ TACACS requirements to use LDAP. Do I need to use Cisco ACS or can I use something like Microsoft IAS or Free Radius?
I'm trying to upgrade the ASR 1002 we just purchased and am having some issues (this is a new device and is not in service). I first tried upgrading the ROMMON using the upgrade rom-monitor filename bootflash:asr1000-rommon.150-1r.S.pkg all command, but the upgrade didn't seem to work completely. When I do a sh platform I get the below output showing 15.0(1r)S: [code]
no valid BOOT image foundFinal autoboot attempt from default boot device...Rommon upgrade requestedMaximum upgrade attempts exceeded, continuing with old Rommon...
I've also tried upgrading the IOS, but that is not working either. I tried "boot system flash:asr1000rp1-advipservicesk9.03.02.00.S.151-1.S.bin" command, but that did not work. I made sure the image was good using the "verify" command and made sure to set "config-register 0x2102". After I do a wr me and reload the router I get the below errors. [code]
how can I monitor and prioritise traffic on a ASR 1002? Currently we have allowed another organization to use our 1GB link and we would like to monitor what sort of traffic flows through it and want to prioritise the traffic depending on the applications.
As soon as I connected my ASR 1002s to the Internet and digested the Internet BGP table, I began receiving this message. I’ve google’d and turned up nothing so far. I assume I need to allocate more memory to this process.
I have a cisco ASR 1002 I have plugged a host into an addressed port and the port comes up however the host cannot ping the router and the router cannot ping the host. Neither can router ping its self. I do the same on a cisco 2800 router and it works fine. What's goin on. Is it the fact that this is a ASR router ?
I have implement MPLS L3VPN on my network to provide service to customer and right now we plan to have service VPLS on our same router. What is needed to run the VPLS in our MPLS network ? I heard that we need addictional switching module and upgrade my IOS to support it but I am not sure.
I want to terminate the IP Sec VPN tunnel on the Cisco ASR 1002 router, but it shouldn't have be bedirectional traffic to the other end., and it should be answer only, We don't run tunnle over GRE (no IPSec profile), just IPSec only. I found there is a command "crypto map *** client configuration address respond" but it looks it is global command and we have lots of VPN terminated on the Cisco ASR 1002 router, How can we configure the "Answer Only" for only one specific VPN tunnel and it won't impact the others?
We have a deployment of 400 store. Each of those have 2 GRE tunnels running over MPLS & 2 GRE Tunnels running over Internet leading to our 2 data-centers. At each Data-Center, we have 1 ASR-1002 connecting both MPLS & Internet MPLS tunnels (800 total per router).
I saw in the documentation that OER & PfR cannot support more than 20 external interface (in our case GRE tunnels) per MC. Does it means that we need to have 20 routers acting as MC to be able to use PfR for our Internet GRE tunnels ?
Is there any more scalable solution for this ? How big company address this issue when they have a lot of interface to run PfR ?
we are replacing network equipment at one of our sites. The network will have 12, 3750X switches(6 stacks) - one stack will be the core. A 1002 will be the WAN router to the Main campus. The 1002 will connect to the core via 2 ethernet cables. I'm debating whether to use L3 or L2 between the router and Core. I've heard that routing is more efficient if L3 is used and also I will be able to create an L3 etherchannel between the 1002 and Core switch. See the attached doc.
I am looking upgrade my ASR routers to a newer code. I am running asr1000rp1-advipservicesk9.03.03.01.S.151-2.S1.bin now. Would like input on what a good stable version is. I am not bleeding edge so the latest version I won't trust.
