i have 2 X 6509 with 6708 & sip-400 with spa 1XOC-48.i need to have a layer 2 tunnel between them.can i have a vpls configuration with that scenario ?, meaning configuring the Xconnect on the 6708 module and the sipspa will do the vpls encapsulation ?
View 1 Replies
We having a VSS switch (9 slot chasis) with ios "s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI4", slot 7-9 are currently free. We wanted to install WS-X6708-10G-3C module on slot 7. Once we installed the module it didnt come, after waiting for 15-20min again we removed and inserted, but module didnt come up and we could see following logs on the console:
Jan 12 08:57:40.146: %ISSU-SW2_CFC2-3-ERP_AGENT_SEND_MSG: client/entity send failed; error code is timeout
*Jan 12 08:57:40.330: %ISSU-SW2_SPSTBY-3-ERP_AGENT_SEND_MSG: client/entity send failed; error code is timeout
Jan 12 08:57:40.146: %ISSU_ERROR-SW2_CFC2-3-START_NEGO_FAILED: ISSU NTI Client(2040): failed to start negotiation (ISSU_RC_CLIENT_ENTITY_DOES_NOT_EXIST_IN_PEER)
[code]....
Afer some time VSS switch didnt response to console commands and all the users in access switches were not able to reach the gateway (VSS). Then the problem disappeared once we rebooted both the switches in VSS.why the VSS switch become non-responsive?
I am configuring new ASA 5520 with AIP module for our network with HA (2 boxes), would be the best practice to configure in order to protect web servers and email server.
View 2 Replies View RelatedI only know a little about programming a CISCO router but I know the config I setup is not working...
Here is what I want to do...
The ISP provides us with IP Addresses via DHCP. Our public address is NOT static so the interface on the DSL Module needs to be provisioned to get a DHCP address with a CLASS C License.The IP address of the Router should be 10.0.0.10 subnet=255.255.255.0The LAN Clients need receive their IP address via DHCP EXCEPT for a range of 100 addresses. The lan Clients only need about 40 DHCP addresses.ONE of the Lan Clients (10.0.0.3) needs to have ports 25, 1723, and others forwarded to it.
Below is the config I am trying to use but I can't even ping the router from the LAN.
We have Cisco 3945 Router with SM-ES3-24P Switch Module. when we tried to configure routing in Router and Layer 3 ports on Switch module, the inter-communicaiton is not working?
how we can use routing in 3945 with SM-ES3-24P module?
We just received a new C2911 G2 ISR and have been trying to configure the EtherSwitch SM-ES2-24-P module on it. Through the router console, I tried assigning an IP address to the router Gi1/1 interface which I assume is the link to the Etherswitch module but all I'm getting is "IP addresses may not be configured on L2 links" - as per the docs, I should be able to assign an IP address on that "logical" interface link. Any other way for me to configure the ports on that switch module?
View 5 Replies View Relatedwe have an ASR1002 running zone-based-firewall with 2 zones:
zone_ouside
zone_ph
I have a common ZFW-configuration on that interfaces, e.g.
<code>
class-map type inspect match-any pass_cmap_in
match access-group name pass-ipv4-in
!
class-map type inspect match-any ph_cmap_in
match access-group name ph-ipv4-in
[code]....
There is some basic stuff in the Access-Lists; direction ph-ipv4-in contains basically "permit ip any any" and ph-ipv4-out contains some permits for certain services, but nothing else. The pass-ipv4-in/out ACL contains particularly the udp-500/4500-stuff as well as gre/esp/ah.
Here are the zone-pairs:
<code>
zone-pair security zone_ph-zone_outside source zone_ph destination zone_outside
service-policy type inspect ph_pmap_in
!
zone-pair security zone_outside-zone_ph source zone_outside destination zone_ph
service-policy type inspect ph_pmap_out
!
</code>
[code]...
The xconnect is only built up correctly when I configure the interface in the zone_outside. The destination for the xconnect is an ASR9k. If I do not configure the zone on the L2VPN-Interface, only arp-packet are allowed to tgo through the tunnel.
The L2VPN connects a branch office to the network of "PH". Now the trouble starts: when they are putting a host in the branch office, DHCP via the L2VPn works fine, they can ping anything from the branch office-PC in their local network and reach all internal servers etc.
BUT if they want to go to a destination outside their network, it will not work properly. For example, the branch-office-PC can ping 8.8.8.8 fine, but when they try to connect to a website, e.g. www.google.com, they run into a timeout. Netstat says, that the http-syn is sent, but no ack is received.
On the router, I see:
Session 1178BAE8 (x.y.225.250:2370)=>(173.194.35.151:80) http SIS_OPENING
whereas x.y.225.250 is the PC connected via L2VPN in the branch office to their local lan. When they put the same machine in their local lan directly behind the router (without l2vpn) everything works fine. When I switch off the firewall on the Gi0/0/0-Interface, the PC from the branch office also reaches its destination, so for me it looks like the firewall inspects the traffic going via Gi0/0/1 and L2VPN, what in my opinion, it should not do....
Can you configure a Cisco 1941 to use an 8 port EHWic module and the 2 onboard GE ports in a single LAN?
I've discovered you can't have the on GE ports associated with a VLan, and I'm when I've previously researched for a solution, bridging was mentioned but I cannot seem to get it to work (or completely understand it)The reason I would like to use all 10 ports on for the LAN is becuase I have 10 devices I need to connect to the 1941?
I'm having trouble connecting to my IPS module via ASDM and web browser after configuring an IP address for the IPS module via CLI.The 5510's management port is plugged into our switch, and a VLAN is assigned at the switchport. I gave the IPS module an IP address in the same subnet (DG as well) as the 5510's management port, assuming the IPS module would communicate over the 5510's management port. Is this not right? I'm limited to the CLI for now, and would really like to access the IPS module through the ASDM.
View 6 Replies View Relatedi bought new RF Cisco 7204VXR NPE-G1. As soon i enable OC3 module ( PA-POS-OC3SMI) CPU of the router shoot to 100%, and if i reboot the router, it wont comeback not even on Console. I had to remove the POS card and then boot router and then hot insert the module.
so i put the command
int pos 4/0
loopback internal
as soon igave this command, CPU dropped down to normal. Whats the deal here? now i need to activate the circuit on this POS interface, but as soon i remove loopback internal command , CPU shoots to 100% Although CPU sorted dont show any process causing it.
[Code]....
I want to add module of WS-X6716-10GE(-3C). The type of 6500 isCisco WS-c6509-e (r7000) processor (revision 1.2).Can I add this module to this type of 6500?Do I need to reset the 6500 in order to the 6500 receive the module?
View 2 Replies View RelatedI have the situation with my new Cisco 2951 router. It has only one module on board - SM-D-ES3-48-P. I don't know what is wrong but I can't see any information about this module. When I connect my laptop to any port it's become green, but it's still green even after I disconnect PC from this port. Sh ip int brief command shows only built-in gigabit interfaces. I also connect my second PC to the router by console to monitor any changes when I connect or disconnect laptop to the module's ports. [code]
View 3 Replies View RelatedWill Cisco LMS Prime 4.1 be getting a map module, so you are able to see a graphical map of up and down status of devices? I know the topology map is a module within LMS, but what would be nice to see is a graphical map, where you are able to manipulate the icons to place them on that status map.
View 2 Replies View RelatedWat will be the default memory and hard disk for SM-SRE-710-K9 and wat will be the maximum support for this module.
View 1 Replies View RelatedI have cluster of firewalls which inclueds AIP module and are in production. Due to some issue modules could not be activated. Now I need to activate and udate signature of them. So whether I can do all this activity without effecting my production (Zero downtime).
View 5 Replies View RelatedI know to add a user in the service engine is (config)#user Aileen create but how would you remove it. I tried no before user to negate the command but i do #sh users and the username is still listed.
View 1 Replies View RelatedI have a Hwic 3G-GSM module in an 1841 router. The sim card in the module is configured on an APN no username and password. I have checked all the config from a working router 1841 plus the same module and same vendor Sim card on the APN and all is working. I have configured the second router but it doesn't want to connect at all. If i put the Sim card in a standard 3G modem life is good, and I can connect to the APN and get the static IP address. When I'm trying to initiate the connection from the 1841 the Sim card wont connect.
My config to debug:
sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.20.20.1 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM up up
Cellular0/1/0 unassigned YES NVRAM up up
NVI0 10.20.20.1 YES unset up up
[ code] ...........
I'm not sure if the cellular card is calling the wrong script (d0efault-d0ials0crip) instead of the gsm one configured.
We have a cisco 7204 VXR and would like to know the module which has two fastethernet port. We tried a PA-2FEISL-TX but it did not work.
View 1 Replies View RelatedI have Cisco ASA 5510 with CSC-SSM-10. ASA anti-virus service can not update the Base and Plus lisense. No Activation Code required for renewal. I go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date.In the module on the Check Status Online has reported the following error when: Base License status could not be checked because of a license server failure. "Please try again later", "Plus License status could not be checked because of a license server failure. Please try again later". UPDATE manual virus database can be seen in the latest available version, can not be upgraded because the service expired.
View 2 Replies View Relatedif the 7600-SIP-200 supported in VSS mode or not ?
I have configured to Cisco Catalyst 6513 as VSS, both of them have the 7600-SIP-200 module, before converting them to VSS I was able to work with the 7600-SIP-200 module, but after I did convert them to VSS, both modules didn't work.
here is the show module output, after VSS conversion:
VSS1#show module Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 0 4-subslot SPA Interface Processor-200 7600-SIP-200 JAE14500GMT 7 5 Supervisor Engine 720 10GE
[Code].....
how to show all the module on the ASR 1004?
View 4 Replies View RelatedDoes the ASR-1000 accept an HWIC module, or must one go to a SIP/SPA for all modules?
View 1 Replies View RelatedFor some test in my lab , I ordered on e-bay a AIM-VPN board , they guy told me that it work in a C1841.When I compare to the one I have in my C2621 , they look equal.On both pcb I can read : CN6I280AAA
View 3 Replies View RelatedWe have installed 5585-x in active/active mode with transparent firewall. We have created two virtual sersors for vs1 and vs2 in IPS module and linked with ASA context C1(vs1), C2(vs2) and admin(vs0).
As firewall is working in transparent mode, we have bridge IP address for context C1 10.1.1.1 and for context C2 10.2.2.1.
I have added default routed for context C1 10.1.1.2 .It is in the outside of asa and SVI on switch.For the other context C2 10.2.2.2.
IP address range for the IPS module and what should be the gateway for IPS module.AS the traffic is coming from outside and going to inside interface of ASA.
What module is used to push configurations in LMS 3.2.1?
View 1 Replies View RelatedI have checked on Cisco.com and as per a module support document for ISR's G2, the NM-1CE1TI-PRI module is not supported on new ISR's.
Grateful if more clarification could be obtained about the above.
Will be router not detect the module when inserted in the chassis?
We want to implement HSRP between two 3945 ISRs:
RouterModelIOSModuleR1Cisco 3945 Integrated Service
Routerc3900-universalk9-mz.SPA.151-1.T.binNME-AIR-WLC12-K9
R2Cisco 3945 Integrated Service
Routerc3900-universalk9-mz.SPA.151-4.M1.binNME-AIR-WLC25-K9
The issue that we are experimenting is that, although the module's interfaces are up and HSRP in correctly configured, the show standby summary displays that the Active router is local in both routers. We also have some GigabitEthernet in the routers and they are correctly running HSRP. Does the WLC Modules physically support HSRP?
how to enable the SFP module on cisco 2921?
View 3 Replies View RelatedI am using an ASA5510 and I would like integrate the CSC SSM module in it. What is the Process to upgrade, is it possible and Where I can find it ?
View 1 Replies View RelatedI have 2611xm router with 2 fastethernet ports. Now I want to install NM-1FX-TX module. I just want to conform that does 2611 supports NM-1FX-TX module. I am using this device for lab purpose. I am using latest IOS"
View 2 Replies View RelatedI recently installed the license ACE-SSL-05K-K9 on ACE10 with multicontext solution.The license provides 5000 Maximum number of SSL transactions per second (TPS).The customer would like to track this to find out the correct size and in the case of services https upgrade licenses.Can I do it so through particular output or it's necessary monitoring with snmp service? In the second case, can you tell me the oid string to use?
In case the module should receive a higher number of connections to that provided by the license, what's the issue for new https connections?
i just configured GRE over IPSEC on my Cisco 3745 router with VPN module installed. As soon i hit 25Mbps traffic, my CPU is touching 80%.
What maximum Traffic 3745 with GRE over IPSEC it can support?
Also show process CPU sorted dont show any evidence of which process eating it up.
sh processes cpu sorted
CPU utilization for five seconds: 75%/75%; one minute: 77%; five minutes: 78%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
I have a couple of ASA 5510 firewalls configured and working. I'm now charged with configuring the IPS modules. I'm having to do this remotely. Since the IPS module hasn't been configured I'm guessing it's on 192.168.1.2 with the default username/password.
I'm told that the workstation I access from connects through a switch to the ASA and to the IPS.
I've set the ASA management port to 192.168.1.1. I can't ping 192.168.1.2 - not sure I'm supposed to be able to. In the ASDM, Configure IPS prompts for an IP address. Entering 192.168.1.2 returns "IP address of the management port is unreachable".
