Cisco WAN :: C2811 - Implement CoPP On Routers?
Apr 9, 2012
Required by regulations to implement CoPP on our routers, I installed the following configuration on a C2811 router pair with integrated DSU/CSU cards connecting a point T1. STAC compression(software) is configured on the serial interfaces and the link is often congested.
[code]...
This configuration severely degraded the IP traffic flow and I had to remove it. Not having any practical experince with CoPP.
View 1 Replies
ADVERTISEMENT
Aug 20, 2009
We want to implement an IPSec VPN between two routers cisco 2800 IOS version of what we need.
View 4 Replies
View Related
Feb 10, 2011
How to implement ipv6 on windows 7
View 1 Replies
View Related
Apr 24, 2011
How can i implement networking in my THREE floor office by using routers and switches?
View 1 Replies
View Related
Aug 23, 2012
Looking to implement CoPP in our 2811 ISR. We currently have the base 256mb of DRAM in there. Will this bring our router to its knees? I've priced a RAM upgrade.
View 0 Replies
View Related
Apr 19, 2012
recently we had some performance issues with C2811 which caused us to do some lab testing. For testing we used also C1812. The results were quite surprising for us, as the C1812 appeared to be more efficient than C2811. Below you can see the lab scenario and results.
1. Why C2811 is performing worse than C1812?
2. Is there any official Cisco reference stating what are the max VPN throughputs of certain platforms/models? (we consider migration to C2900 platform and would like to choose the right model)
[URL]
as presented on the small diag:
All routers had enabled onboard hw VPN modules and SEC/K9 IOS ver. Configuration was very simple and beside encryption there were also GRE tunnels configured and EIGRP process for routing between "remote LANs". Part of conf responsible for encryption:
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600crypto isakmp key ......... address ......... no-xauth!crypto ipsec transform-set SHA-AES256 esp-aes 256 esp-sha-hmac
crypto map VPN 90 ipsec-isakmp set peer ......... set transform-set SHA-AES256 set pfs group5 match address .........
TEST RESULTS
Cisco 1812Cisco 2811iperf generated BW [bps]WAN if BW (max of 30s avgs) [bps]CPU usage (max of 5s avgs)WAN if BW (max of 30s avgs) [bps]CPU usage (max of 5s avgs)500k--540k5%1M1,1M3%1,2M8%2M2,1M4%2,3M14%5M5,4M10%5,7M34%10M10,6M20%11,5M65%15M15,8M28%17M96%16M--17,2M99%25M27M48%--35M38M64%--45M48,2M72%--53M60,8M88%--59M67M94%--61M72M97%--
View 4 Replies
View Related
Mar 20, 2011
I have an office c2811 and it has three Ethernet interfaces(two onboard and one expansion). Faste0/0 is on one isp and faste0/1 is on another. The third is private. I have multiple site ipsec vpn’s terminating on faste0/0. I had a client ipsec vpn on faste0/1. One of the site vpn’s on faste0/0 terminates at a collocation site. Both the site vpn and client vpn need access to the same collocation. When I connect via client vpn, I cannot ping/access collocation subnet. I suspect this is because I have a site vpn already terminating to the collocation. Can I have a site and client ipsec vpn on the same router terminating to same place and still work?
View 1 Replies
View Related
Apr 14, 2011
I have a 2811 Router with two fast ethernet wic cards installed. I need traffic to go out one interface, but it's received back through another. Both interfaces have public IP's and the same subnet, and are connected directly to satellite modems. One can receive data / the other only send.
View 3 Replies
View Related
Mar 22, 2012
According to release notes, this is available in v5.1.3-n1.1. I am running 5.1.3-n1.1a According to the security guide, all you should have to do is config t, then control-plane, but I do not have that option:
nx5k-2(config)# c?
callhome Enter the callhome configuration mode
cdp Configure CDP parameters
cfs CFS configuration commands
class-map Configure a class map
cli Configure CLI commands
clock Manage the system clock
nx5k-2(config)#
so my question is, is CoPP only available with the 5500s?
View 1 Replies
View Related
Feb 25, 2012
I have setup ipsec VPN in my C2811 router but when "show crypto isakmp/ipsec sa" shows nothing. Remote end point is an "ASA5520". Does it indicates that the remote ASA5520 not yet configured?
Code...
View 9 Replies
View Related
Mar 19, 2013
I am looking for a way to see packets that are matched on certain ACLs in a CoPP policy map. I have read that it is not a good thing to add the log keyword at the end of an ACL when using that ACL for CoPP. I initially tried to use a logging policy map but the 6500 12.2sx doesn't support this.
how I can see source/destination IP for a certain class in a CoPP policy map?
View 1 Replies
View Related
Sep 4, 2011
I have a RV120W Firewall and I've created 3 Vlans. One for Internet Access Computers, One for non-Internet access, one for printers. How can I implement security to keep Internet and non-internet vlan computers from communicating with one anothers? Both computer vlans will need to communicate with printer
View 1 Replies
View Related
Oct 30, 2012
I'm configuring CoPP for an ASR 1001 router with consolidated IOS XE Version: 03.07.01.S. And I'm trying to use 'DROP' command under policy map to drop.un wanted traffic. But the drop command is not listed.
[code]...
View 6 Replies
View Related
Dec 12, 2012
I was trying to configure copp on one of 6500 sup-2T. Is it ok to add customized policies to the default copp "policy-default-autocopp".When I created my own customized policy using policy-map, I get following error
control-plane service-policy input policy-custom
error: failed to install policy map policy-custom
View 7 Replies
View Related
Jan 11, 2012
I not able to access cisco 2811 router (AC operated) through console port when I try to access it by selecting COM Port, but I able to access by selecting the TCP/IP option.
View 5 Replies
View Related
Mar 13, 2012
On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. Partial results of "show policy-map interface control-plane" not so long after clearing the counters : [code]
what traffic is dropped by the policy ? Is there any logging possible ?
View 2 Replies
View Related
Feb 9, 2013
Can we implement BGP without IGP Protocol ? If yes, then how can we do it ? If no, why ?
View 11 Replies
View Related
Jul 31, 2011
We are attempting to implement an ASA 5520 with a new ISP. Based on the limited routing needs, I believe we can use it as the router as well. I am familiar enough with routers, but the ASA is obviously a different thing.
The setup looks like:
ASA Version 8.2(1) !
host name Cisco
interface GigabitEthernet0/0description Internet name if Outsidesecurity-level 0ip address 69.XX.46.1 255.255.255.252 !interface GigabitEthernet0/1
description DMZnameif DMZsecurity-level 0ip address 69.XX.56.1 255.255.255.240
!interface GigabitEthernet0/2description Localnameif Insidesecurity-level 15ip address 10.0.XX.XXX 255.255.252.0
[Code] .....
1) Outside 0/0 connects to MRV from service provider (Public)
2) DMZ 0/1 connects to outside switch with servers (Public)
3) Inside 0/2 is LAN (Private)
A) Based on a completely default config and aside from setting the routes to send traffic from inside to outside, and outside to DMZ, what is the next step?
B) What should the interface security levels be, I am unsure what they should be or why...?
Based on the initial config with interfaces set as above, I cannot move traffic through.
View 5 Replies
View Related
Oct 21, 2011
Today we have a simple ASA-5520 SVC setup with just one connection profile and one group policy. Authentication (2 factor – AD + SMS) is performed by RADIUS. We would now like allow access to this VPN service only if you reside in a particular group in the MS AD. From what I understand this can be accomplished through DAP. Either by matching the LDAP attribute “memberOf” or RADIUS id 146. I’m I right? Can I still perform authentication using RADIUS and then DAP using LDAP or must I use DAP using RADIUS?
View 3 Replies
View Related
Feb 21, 2013
How to implementation LAN network
View 2 Replies
View Related
Oct 13, 2011
We recently purchased a SF 300-48P to replace a Layer 3 3Com switch that died. I've sucessfully put the switch into Layer 3 mode and assigned ip addresses to each of the VLANs but I cannot figure out how to implement routes for those. Here's some info on our network and what the previous switch had. [code]
Not sure if this can be translated into the Cisco or not.. If i try to create an IP route like these i get errors that the Gateway can be a route.
View 5 Replies
View Related
Oct 15, 2012
Is it possible to implement ACLs in layer3 switch??
View 4 Replies
View Related
May 18, 2012
I have some Cisco 2651 routers, I was trying to implement MPLS on those routers, Can i accomplish this upgrading newer IOS version? link to download the supported IOS.
View 2 Replies
View Related
Apr 26, 2012
I am looking to upgrade an 1812J router to 1921/K9 router with 8-port double wide switch port.What's the best/easiest way to migrate the config? (We have access lists, vlans, etc. configured on the original device)Also, I'm looking for a way to prioritize traffic from an external site on the internal LAN. Reason being that I would like to prevent dropouts of interent streaming radio when Internal LAN traffic is high. If so, what's an easy way to implement on 1921?
View 1 Replies
View Related
Nov 27, 2011
I want to select catalyst 3560G for my network. But IOS SLB need to be implemented in my network. I only know catalyst 6500 series can support this feature and i am not sure whether 3560G can support this feature. what platform and IOS version i need to implement IOS SLB?
View 1 Replies
View Related
Aug 27, 2012
We are in the process of implementing secondary ISP to our ASA firewall and We would like to run both ISPs in parallel so we can test until we finally cutover?
View 2 Replies
View Related
Jun 3, 2012
We are trying to implement the ZBF on our router to assist us in limiting the intial impact of DDOS attacks.We have configured the below and it appears that it's not working, as when un der attack the statistics don't increae.
[code]...
View 2 Replies
View Related
Sep 27, 2011
one of my customers wants to implement VoIP in his existing DMVPN Network Topology. I have read about the "Per-Tunnel QoS for DMVPN" but when it comes to configure it on my hub router (Cisco 7206VXR with c7200p-advsecurityk9-mz.124-15.T14.bin) I am lacking the option to set the "ip nhrp map group" command.
My question now is, is it generally not supported by the 7206VXR platform? Or can I get the option by upgrading the IOS to a newer version? If so, which one could I use ?
View 2 Replies
View Related
Nov 29, 2012
I have 1 server where i enabled dhcp server and active directory on it . I still have to install something like ISA server on it as isa doesnt support 2008 r2. point me out on the networking , like how should i connect the clients to the server. And how the wireless router and switch should be connected to the server?
View 1 Replies
View Related
Mar 13, 2013
(eth ports routing only) and a layer 2 switch into a cluster of two layer 3 switch clustered. I have looked at Cisco 3550 EMIs with HSRP but I would like to implement based on newer models of Cisco switches.
View 6 Replies
View Related
Feb 3, 2013
I am trying to implement an etherchannel on a cisco 2901 (IOS 15.1). i have already created the port-channel but i cannot assign the gig interface to the channel group.
View 1 Replies
View Related
Sep 13, 2011
I need to implement the backup between two sites I have router 2800 which is having a point to point connectivity with the far end.At the far end there is no router ,only one firewall is there on that firewall one access-list is there to allow the traffic .To implement the back up link i have created a site to site vpn .But the problem is as soon as the tunnel is establised .For the time being i have removed by site to site config from both firewall.
View 7 Replies
View Related
Nov 22, 2011
I have a 3560-48 switch running Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE3 and i need to implement basic QOS commands to the fast Ethernet interfaces as well as the gig interfaces and Also I need to create port channels on the switch and need what the port channel syntax are as well for that particular IOS version?
I have only read only access and i can't see what the QOS and Port channels syntax should be for that IOS version.
View 3 Replies
View Related