I'm trying to use EPC on ASR1001 running IOS-XE 3.4, and it won't work. Configuration commands are accepted by the router, but there are no packets in the capture buffer.In release notes for IOS-XE, in the 2.5 section, there is a statement that EPC is not supported on ASR1k. Is it true also for newer versions of IOS-XR?
View 1 RepliesI have a need to capture traffic on an ASR 1001 subinterface, but what I have found is that the Embedded Packet Capture feature is not supported on this platform. Are there any simple alternatives to capture egress traffic on a subinterface or am I SOL? This is a walk in the park on normal IOS routers...
View 1 Replies View Relatedwhen performing packet capture in a FWSM
[code]...
I have a piece of software that I suspect is sending unwanted data over the internet to some IP address. I'm not an expert in anything related to computer networks, but I figure I could use such software after playing around a little with it.What application could I use that would so the following:
a) capture all the bytes the application is trying to send out so that it seems to the application it is doing it and see the place it was trying to send it
b) after inspecting the data, if it was ok, send the packages to wherever it was supposed to go so that it seems the original application sent.
I want to capture packet on gi0/0 of PE1 in order to show customer that all his traffic is encapsulated and transmitted by L2VPN (ldp signaling) in his lab.
CE1-----------(g0/1)PE1(g0/0)------------PE2-----------CE2
PE1 and PE2 are Cisco3945 and L2VPN is working well. I tried cisco RITE(Router IP Traffic Export Packet Capture) feature, but the output was not what I expected. I tried both export mode and capture mode. Only LDP hello message I got, looks like RITE is only interested in IP packet. Monitor session wasn't effective as well because it is not a switch.
Is there any other way/workaround to capture customer's traffic encapsulated in L2VPN?
What I did on PE1 when I was trying RITE export mode:
ip traffic-export profile test
bidirectional
[Code].....
I would like to capture packets which are going through an IPSEC tunnel. The packets originate in the appliance (syslog) and are sent to the remote via a VPN. I can see the encapsulated packets going out to the peer and I can see the ISAKMP packets to and from the peer. Because the packets originate within the appliance, they do not appear on any interface to be captured.
Is there some way to capture these packets before they are encapsulated?I attempted to capture packets on the asa-dataplane, but they are in a format that I cannot decode, and I cannot put a filter on the capture.
Hardware is ASA-5520
Software is version 8.3(2)
I operate between c6509-E, what did you flooding? its just packet capture gi1/3 but i dont know it and is it attack?also same seq no switch gots it?what is problem?
View 2 Replies View Relatedhow to capture the incoming and outgoing packets on the balancer?The load balancer is connected in between the customer DCN and cisco switches 2960.The reason of capturing both incoming and outgoing packets on the balancer is to prove to our customer that there is no packet loss issue on the balancer, and it could be some issue on their DCN network.Since it is a production server, I will need to ensure that there is no impact to the incoming and outgoing traffic on the balancer and other networking equipments as well.
View 1 Replies View RelatedI want to make packet sniffer which capture the IP packet and then extracting QOS filed from it's header
View 1 Replies View RelatedI have always done my port monitoring (SPAN) on Cisco layer 3 switches with no issues. This time I am trying to do this on a Cisco 2901 router:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M2, RELEASE SOFTWARE (fc1)
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M2.bin
I need to have the source port gig0/0 and destination port gig0/1. There is something about the gig port enumeration (slot/port#) that makes the command rejected. It is self explanatory:
#sh ip int brie
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 xxx.xxx.xxx.xxx YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
Serial0/0/0:0 unassigned YES unset up up
[code]....
It doesn't matter what slot or port number I use, it is always rejected. The command is rejected for Both destination and source gig interfaces. I tried a wide variety of slot/port numbers. To my best understanding the complete port names are: GigabitEthernet0/0 and GigabitEthernet0/1, so why does it think there has to be another digit after 0/0 or 0/1? Does it have anything to do with the Embedded-Service-Engine0/0 being administratively down?
ATT notified my company we have a virus infected pc on one our networks which sits behind a Cisco ASA 5505 running 7.2(4). The set up is a basic inside/outside NAT configuration. They gave us the destination ip address and port which the our pc is contacting. I have been tasked to track down the infected pc. I created the following access-list and applied to the inside interface:
access-list VIRUS extended permit TCP ANY host x.x.x.x EQ YYYYY log debugging interval 600 access-group VIRUS in interface inside
I enable logging to the console whose output did not list the IP address of the infected pc, only the ip address of the DNS servers we were using. I then used the following capture commands to try locate the internal ip address of the infected pc:
capture in-cap interface inside access-list VIRUS-CAP buffer 1000000 packet 1522 capture in-cap access-list VIRUS-CAP interface inside
Neither step worked and the resulting console output overwhelmed the firewall in a very short period of time. Before attempting this task again, I would like to know if I am going about this the right way or if there is a better methodology?
Am trying to find out what is the suitable SPA for ASR1000 routers to connect ATM DS3 through the local telco. Currently this is connected to a NM-ATM-DS3 module on a C3845 router. The reason for asking is we need to upgrade the WAN router to ASR1000.
View 2 Replies View RelatedI am looking for a way to use a 3G connexion on ASR1000.Is it possible to install HWIC module of ISR2 in SPA slot or use an USB modem on the RP?
View 2 Replies View RelatedThe ASR1000 router supports hot-swap modules and network interfaces?
View 1 Replies View RelatedWe use ISG on asr1000 (l3 routed subscriber). Now we are trying to implement ipv6 isg sessions. so.. for ipv4 sessions we have
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req but for ipv6 there is no such attribute#radius-server attribute ?
11 Filter-Id attribute configuration
188 Num-In-Multilink attribute configuration
218 Address-Pool attribute
25 Class attribute
30 DNIS attribute
31 Calling Station ID
32 NAS-Identifier attribute
4 NAS IP address attribute
44 Acct-Session-Id attribute
55 Event-Timestamp attribute
6 Service-Type attribute
60 CHAP-Challenge attribute
61 NAS-Port-Type attribute configuration
66 Tunnel-Client-Endpoint attribute
67 Tunnel-Server-Endpoint attribute
69 Tunnel-Password attribute
77 Connect-Info attribute
8 Framed IP address attribute
95 NAS IPv6 address attribute
list List of Attribute Types
nas-port NAS-Port attribute configuration
nas-port-id Nas-Port-Id attribute configuration
what is best practice for authorize ipv6 l3 subscribers ?
We have asr1006 with 2 esp-40 and 2 rp2 and 2 sip-40. we need to bridge vlan from portchannel (2*10) to single 10ge port.
So fn said that EVC on Port-Channel supported on our software and document [URL] have such example
- configure terminal
- interface port-channel channel-group
- service instance id ethernet
But on our router we have not service command on port-channel. only on non portchannel interface.
But other document have Restrictions for Configuring EVCs on the Cisco ASR 1000 Series Router The following features are not supported: EVC on Etherchannels
Connect ww port-channel 1 2 tenGigabitEthernet 0/1/0 2 this is possible command on our router (but i can't create service instance on portchannel interface)
We need to bridge l2 without l3 termination ? is this possible with port-channel ?
we're trying to integrate our SBC instances (CUBE SP on ASR1000) into our network management system (EMC SMARTS)Syslog messages from SBC instances are some kind of cumbersome with lot of line breaks resulting in multiple syslog messages the NMS must parse.How do I configure it to just put it all into one line just as "normal" log messages?
View 2 Replies View RelatedI have a question regarding netflow and NAT. I have read some documentation (on ASR1000) regarding monitoring NAT process on Cisco ASR1000 that can be done using netflow version 9 (the term was called netflow event logging a.k.a NEL). The problem is, I have not found the netflow collector that can do that. I have queried several software such as manage engine "Netflow Analyzer" and Lancope, but they said their software can not do that.
View 11 Replies View RelatedHow to test the aaa on cisco asr 1000 ? I wana test some user account to a cisco acs.
View 5 Replies View RelatedSetting up a new 1941w router. Already have another one offsite that's working great. Based the new configuration on the one I have working and can route traffic, etc. My problem with this new one is that I cannot get into the embedded AP to configure. My configuration follows this question. I have checked status of the interfaces and everything is up except VLAN2. I've used the command no shutdown within the VLAN2 interface, but the operational status is still reading down. The admin status is reading up. All other interfaces are up and up. [code]
View 3 Replies View RelatedOne of our customer would like to connect 3 datacentres and decided to use VPLS to extend layer 2 VLANs . For this purpose they have bought six Cisco ASR1000 edge routers( two at each side).They also wanted to buy MPLS SP backbone but have decided to buy 2x10G dark fibre links instead.My question is,
1-Will it still possible to run VPLS over dark fibre? Because all the documents I read regarding VPLS are deployed over MPLS backbone.
2-Any sample configuration for implementation VPLS in ASR1000 ?
how the ASR1000s are being setup.I am looking at ASR1000s as part of network refresh and was looking at RJ-45 based Gigabit Ethernet ports compatible with the ASR1000s SPA-5X1GE-V2 seems to be an option but they are all SFPs. Are there any options for RJ-45 ones on ASR1000s?
There is an option for the 2 port where one can mix and match SFPs and RJ45 but I was looking for something which is RJ45 only.Are there any options for them available.I know I could get something with FastEthernet type but was looking for the GigabitEthernet type.
Can the embedded AP be configured as a standalone AP without configuring the router's functions? I need to configure one temporarily until we get the 1252AP for the location.
View 1 Replies View RelatedI'm trying to find out what platforms support Multilink PPP with Link Fragmentation and Interleaving over a single link, when that single link is PPPoE. In searching the documentation, the best information I can find is that it seems to be supported in one direction on the ASR1000 url...Many platforms appear to support PPPoE and also MLPPP w/LFI, but it's not clear that both features are supported on the same link.
The application is a radio that has an Ethernet interface on its terrestrial link, and acts as an Ethernet bridge. Would like to use Multilink PPPoE with LFI in order to provide LFI in order to run VoIP over lower speed links (e.g 256kb). For what it's worth, the radio also supports RFC 5578 PPPoE Extensions for Credit Flow and Link Metrics. It was fairly easy to find what platforms support RFC 5578. But RFC 5578 would be used to support variation in the capacity of the link. If the link speed is fixed, RFC 5578 is not needed. I was trying to find if the set of platforms supported increase if the need for RFC 5578 is taken off the table.
In particular, I'd be interested in the whether the ASR 9000 series supports MLPPP bundles with LFI when the links are PPPoE.
I do not understand where in the CCP I can configure PAT for communication back 7960G VoIP phone with SIP firmware Maybe I'm wrong on the concept of communication pass back to the Voice VLAN.
View 1 Replies View RelatedI have a Cisco ASA 5500 Series appliance.I'd like to use the Embedded CA There’s no documentation which states an AnyConnect Essentials license will suffice, over an AnyConnect Premium.url... hints at Essentials being enough, as it specifically mentions some features require Premium, but I really need to be sure. Using AnyConnect Essentials (so, anyconnect essentials: Enabled) AND the Embedded CA?
View 1 Replies View Related I have a Cisco 881G with PCEX-HSPA-3G card for which I have successfully configured for internet. As the above one has come to end of life, we got the replacement 881G with embedded 3G modem.
I can't get Cellular 0 to use ppp encapsulation:
Router(config-if)#encapsulation ppp
Cellular0: Only SLIP encapsulation supported
Router(config-if)#
[Code].....
Using EMM as a nice friendly interface for their terminal server (ie router with NM-16A and octal cables)?when I ask the framework to run the following command it gets stuck will a blinking cursor and clear screen
<IOSExecCommand>"connect 10.1.1.1 2000"</IOSExecCommand>
however removing the port number allows it to connect fine.
<IOSExecCommand>"connect 10.1.1.1"</IOSExecCommand>
same symptom if iI were to replace connect with telnet
<IOSExecCommand>"telnet 10.1.1.1 2000"</IOSExecCommand>
even setting up an iphost does the same ie:
ip host R1 2000 10.1.1.1
<IOSExecCommand>"connect R1"</IOSExecCommand>
All of these commands work fine from the # prompt
i cann't enable embedded-Service-Engine on cisco2911 router.
View 3 Replies View RelatedI'm working on a 892W router.To close the session between the wireless device and the router's console, the command Control-Shift-6 x is required.The Issue is that this command is not working for me. I'm using a SuperPuTTY connecting tool.
View 7 Replies View RelatedWe're installing ASR1000 series (ASR1001 and ASR1006) routers on a new WAN and have a requirement to enrypt the traffic between the EIGRP neighbors. Each ASR will be connected to the MOE with a gig interface and we will be using L3 on the interfaces with EIGRP as the routing protocol. We have advipservices-k9 IOS-XE
The ASR1006 is our datacenter WAN router and all remote sites have the ASR1001s. The ASR1006 WAN interface will be configured with L3 subinterfaces, one to each remote location, using a /30 mask.
What is the best method to encrypt the traffic between the ASR1006 WAN interface and the remote ASR1001 WAN interface?
I done had dis sylvania 7" for 7 months and i keep gonna on google to try and fix it. i took it to a computer store and it took dem a month to fix it and when i got home i still could not get on da net i have tried everything on Google and dat dont work i got clear and hot spots. I am ready 2 throw dis thing in da trash and i didnt get 2 play wit it yet?
View 3 Replies View Relatedi got some problem configuring my cisco 887VAW internet access point.I want to be able to manage it thru ssh console with the service-module wlan-ap0 session mode. And i want to access thru http but it's not working too I show you my config
This is my config :
Current configuration : 3281 bytes
!
! Last configuration change at 21:43:11 UTC Fri May 18 2012 by jon
! NVRAM config last updated at 21:46:05 UTC Fri May 18 2012 by jon
! NVRAM config last updated at 21:46:05 UTC Fri May 18 2012 by jon
version 15.1
[code]....