Cisco WAN :: Overlap Fragment On 3845 Router?
Jun 25, 2011
I am looking for example of ACL to deny overlap fragments,i have 3 messages on a router 3845 , follow cisco documentation it might be an attack on a host the recommendation was to create an ACL to deny overlap,
.Jun 25 07:35:49.097: %IP_VFR-3-OVERLAP_FRAGMENTS: GigabitEthernet0/0: from the host 183.216.33.100 destined to xx.xx.205.102
.Jun 25 07:35:49.101: %IP_VFR-3-OVERLAP_FRAGMENTS: GigabitEthernet0/0: from the host 183.216.33.100 destined to xx.xx.205.102
.Jun 25 07:36:29.566: %IP_VFR-3-OVERLAP_FRAGMENTS: GigabitEthernet0/0: from the host 183.216.33.100 destined to xx.xx.205.102
[URL]
View 3 Replies
ADVERTISEMENT
Sep 6, 2012
I use Mac OS and connect to a wireless network at work, along with two other PC computers running Windows 7.Recently when I connect to the network, the other two computers (which also run F-Secure) get a message stating "A suspiciously small Datagram Fragment was detected".I have recently updated to OS 10.8 Mountain Lion, which seems to be when these messages started appearing.if it is my computer, should it happen and/ or is it an issue?
View 4 Replies
View Related
Nov 8, 2011
The following messages are filling up my syslog.
*spamApTask0: Nov 09 15:59:29.071: %LOG-3-Q_IND: capwap_ac_reassembly.c:652 Unable to store capwap fragment from 88:f0:77:b6:fd:00.
*spamApTask3: Nov 09 15:59:27.616: %CAPWAP-3-REASSEM_SPACE: capwap_ac_reassembly.c:652 Unable to store capwap fragment from 88:f0:77:b6:fd:00.
What could be causing it? I am using 1524 APs in a Mesh environment with a WLC 5508 (7.0.116.0) which is connected to a H3C switched network.
The MAC addresses above are from my MAPs and I don't think I am getting it from the RAPs.
View 1 Replies
View Related
Nov 13, 2011
We have multiple vpn tunnels coming to our cisco asa 5520 , the problem is that when we create another tunnel with the same network as another network on the firewall , it does not know how to route the traffic to which interface or sub interface.
View 2 Replies
View Related
Apr 25, 2011
We have 3 AP541N units deployed in a doctors office. All of them are set to 802.11b/g/n mode. 2 of these units are used to provide non-secured internet access to patients and are using channel 7. The other AP is for our private network secured using WPA2/AES operating on channel 1. There are several other access points in our proximity using channel 6 and I'm trying to minimize interference.When selecting wireless mode 802.11 b/g/n I have only channels 1-7 to choose from. What I really want to do is change our public wlan to use channel 11 to avoid the other business's AP which are using channel 6.
Should I be using a different mode altogether? In your expereince which mode will provide the best transmission rates and range?
View 5 Replies
View Related
Jul 10, 2012
Not really a big problem, but not knowing the answer is killing me. This is what I have:
Host 1 <-> ASA 5505 <-> VPN connection<-> ASA5510 <-> Host 2
The problem is when one of the hosts trys to reach the inside interface of the remote ASA. E.g. Host 1 trying to ping ASA5510 inside interface. Again Host 1 and 2 have the same subnet address of 10.1.1.0/24. I have configured the ASA 5505 to do the the NAT translations.
[code]...
View 3 Replies
View Related
Jun 12, 2011
when a user login into the Cisco ASA Firewall (v8.3.2) via WebVPN, and accesses the applications. This works fine. In fact, the user can also create bookmarks etc.The problem here is when this user signs off and another user signs in via WebVPN, on the same PC or even on a different PC, this new user can view the screen viewed by the previous user. Basically, even though certain users can view only certain applications, but in my case, not all the time, but most of the time, users logging into via WebVPN can view someone else's profile application.
I suspect this is due to cookies or cache but I'm not sure myself. What can I do to resolve the problem.Currently, this issue is being resolved via a lousy manner i.e. we go to the SMB location and we clear the .CSP file manually, which is not the correct way to address this issue.
View 1 Replies
View Related
Dec 10, 2012
Is there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and wondering if PWR-3845 AC is for one power supply and AC/2 means you get two with one order?
View 1 Replies
View Related
Jan 20, 2011
I am trying to Port Forward HTTP: 80, but my Router wont let me and it keep giving me this error message Status: Port Range Overlap with Remote Management.I have a NETGEAR CG814GCMR Router, I need to add that port for setting up a Game private server online, but my router wont let me, how to fix it?
View 12 Replies
View Related
Dec 7, 2012
Is there any physical or technical diferrences between PWR-3845 AC/2 and PWR-3845 AC? We are trying to order replacement parts and if PWR-3845 AC is for one power supply and AC/2 means you get two with one order.
View 1 Replies
View Related
Mar 24, 2011
I am installing Cisco blank CF upgrades (double the capacity of the CF that came with the router) in Cisco 3845 routers and I cannot get the IOS to load.
Network security requires tftp be disabled, so I am limited to xmodem. Slow, but it works. I know the IOS download is good, because I can load it on the CF that came with the router.
I can install, format and read the new flash. But the download locks up and bombs about 1/3 of the way through.
Note: CF that came with the router was "C" so I used the format flash: command. The new flash reads the same as the old, except that there is no file IOS loaded.
I've never had an issue upgrading an IOS, but this is my first shot at installing on a new CF.
View 10 Replies
View Related
Apr 26, 2011
1841 & 3845 router. We send 30 GB data on 100 Mbps link. First time we use 3845 router for sending the data and 47 Min are required to complete the data, during this link utilization was 100%. After that we send same data through 1841 router & 46 Min are required for the same. Only difference in data transfer is CPU Utilization of 1841 router goes 30% & 5 % of 3845 router Can we use 1841 router instead of 3845 router ? .
View 2 Replies
View Related
Apr 26, 2011
I have 3845 router where 200 branches are connect. Ho have database server where branch are synch interval period.some of days observation cpu load average 70 % and sometimes it reaches 100 %.yesterday when I give command clear arp then instant cpu load reduce and 20 % yesterday cpu load 12-20 %. Today morning when I give command Cpu proc history then I found cpu load 60 % and at night it was 3 times reaches 100 %. so my question is after clear arp command at least 10 hours cpu utilization 20 % but after that it increase.so for any LAN broadcast it happend ? how i understand cpu high for Broadcasting or anything else.
View 2 Replies
View Related
Jun 8, 2011
I am facing a issue on Cisco 3845 router, IOS is :c3845-adventerprisek9-mz.124-22.YB8.bin
I have changed the IOS as well as the Hardware but again the router is restarting. I have put the show tech-support and crash-info in Output interpreter, result is below:
ERROR MESSAGE NOTIFICATIONS (if any)
%PAR-1-FATAL (x): [chars]
Explanation: A parity error has occurred. The problem might be caused either
by a motherboard that has failed or motherboard settings that are incorrectly
set.
[Code].....
View 1 Replies
View Related
Aug 16, 2011
Can i Use 1 single IOS in all 3845 Router?
I have S384AESK9-124xx (T) version IOS in one of my 3845 router, can i copy the IOS and install it in my 4 x 3845 Router as i require (T) Version IOS to support HWIC-2FE module.
Like wise, i have Cisco 1800 IOS- S184AESK9-124xx (T) and Cisco 2800 IOS- S28NAESK9-124xx (T) installed in my routers, will there be any issues if i copy and use the same IOS in all my respective devices?
View 3 Replies
View Related
Oct 20, 2011
we have 3845 routers with internet service providers connected on it.we have configured router bgp 2.xxx as our AS. What is the concept behind router bgp 2.xxx with ISP ?
View 4 Replies
View Related
Dec 19, 2010
Can I delete the running IOS from flash on an operational 3845 router to make room for the newer version? The flash isn't large enough to hold two versions. Doesn't the IOS get loaded and run from NVRAM? I don't want to take down an operational router but may have no other choice?
View 3 Replies
View Related
May 2, 2011
I have 3845 Router which is continuously rebooting; console output is attached.
View 8 Replies
View Related
Sep 26, 2011
Using particular coax cable between a MGX and a Cisco 3845 router. The router has a NM-1A-T3/E3 network module (most likely since the label that the guys onsite saw at the back of the router says 1A-T3.The MGX meanwhile has a AXSME-16T3E3 front card and a SMB 8TE (?) back card, based on what our client said. There is presently a miniBNC-to-BNC coax cable connecting the MGX to the 3845, muck like the picture below. There are CRC errors on the ATM interface and the client would like to replace this cable. Unfortunately, I cannot find the exact Cisco cable for this.
View 3 Replies
View Related
Jul 25, 2012
In our Environmet we have 3845 Edge Router Current Ios Version is Version 12.4(1a),(c3845-advipservicesk9-mz.124-1a.bin)As management got another fiber leased line(Single Mode) for which i have install SFP slot part number HWIC-1GE-SFP,after installation of HWIC-1GE-SFP in router the follwing slot is showing
GigabitEthernet0/1/0
%HWIC_1GE_SFP-6-SFP_IN: Interface GigabitEthernet0/1/0 1000BaseLX SFP has been inserted
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/1/0 xx.xx.xx.xx. YES manual up down
for testing purpose i tried the same procedure into the switch and its working fine where as in Router the link is not coming up ,
View 5 Replies
View Related
Aug 4, 2011
One customer Router Cisco 3845 has been restarted with bus error given below,
" System returned to ROM by bus error at PC 0x603697BC, address 0xD0D0D11 "
View 1 Replies
View Related
Nov 18, 2011
in my lab environment, I have a site-to-site VPN between a Pix515E and Cisco 3845 router, using AES-256/DH-5/SHA for isakmp and AES-256/SHA/PFS group5 for the site-to-site VPN, I can only push about 26Mbps IPSec traffics (tested with Iperf). CPU on the Pix515E is running at 96% utilization
Now if I replace the Pix515E with another Cisco 3845 router, I can push about 100bps. Why such a big difference between the data sheet and actual real world
[code]...
View 1 Replies
View Related
Dec 26, 2012
I have the following commands on my Cisco 3845 router running IOS version 12.2(24)T4:
ntp server 192.168.1.1 prefer
ntp server 192.168.1.2
ntp source loopback0
I see that the router is sending out NTP version 4; however, my NTP server is configured to accept only NTP version 3. Anything other than version 3 will be dropped.
How do I go about to configure NTP on the Cisco IOS router to send out only version 3 and not version 4?
View 1 Replies
View Related
Jul 20, 2011
I have the following problem with DFM 3.0.2:
One of my customers has got a Cisco 3845 router with some E1 controllers in it. DFM sometimes generates an alert that says the controllers are flapping, meanwhile there is no syslog, or snmp-trap generated in the router itself. If the cables disconnected/connected, or a shut/no shut command was issued ont the interfaces, the router generates the syslog and snmp-trap as it is required.
So in a nutshell it seems that there is no flapping ont the controller, but for some reason DFM thinks that there was one.
I searched for bugs, but wasn't be able to find anything relevant neither in DFM, nor in the IOS itself (c3845-advsecurityk9-mz.124-24.T2.bin)
View 2 Replies
View Related
Jun 3, 2013
Is there any risk to install an HWIC-2FE card into a production 3845 router while it is in a powered up state? Is it recommended to power it down first, then install it?
View 3 Replies
View Related
Sep 2, 2010
I have a problem in configuring two pair of backup interface on my customer's router (3845). It's ok when I configure just one of them. If I configure both pairs of interfaces into backup interface, one of them will be in disabled mode, as shown below :
WANR01#sh ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 172.16.199.106 YES NVRAM up up
GigabitEthernet0/1 172.16.3.5 YES NVRAM up up
Serial0/0/0 unassigned YES NVRAM administratively down down
Serial0/0/1 unassigned YES NVRAM administratively down down
FastEthernet0/1/0 125.213.133.186 YES NVRAM standby mode down
FastEthernet0/2/0 172.112.22.6 YES NVRAM standby mode/disabled down
FastEthernet0/2/1 123.231.177.238 YES NVRAM up up
Loopback0 172.16.199.12 YES NVRAM up up
View 5 Replies
View Related
Apr 25, 2013
I have VPN Router (3845) in Head Office and VPN Router (1921) at Branch Office. I have also internet router (1921) which passes through ASA 5520 to internal Network at Head Office. I can give internet connectivity to Head Office Users by giving access in ASA 5520 with following lines: nat (inside) 1 192.168.2.13 255.255.255.255.
I have added line for internet access for Branch Users in following manner in ASA 5520: nat (inside) 1 173.16.33.4 255.255.255.255. My Head Office user can access internet but my branch office user cant access internet. how can i give internet access to my branch office users?
View 1 Replies
View Related
Apr 16, 2011
I have 3 Cisco Routers as following :G.SHDSL Router : Cisco 3845 withISDN and Branch Router : Cisco 2811.How My Network works :Branch Router has two type of connection ( First one : G.SHDSL link work as Main link and the other one ISDN Link work as Backup link )when main link goes down the ISDN link goes up ...( Note : i applied IP SLA with tracking ) ...
My Problem :i want to delete default route from ( G.SHDSL Router )0.0.0.0 0.0.0.0 dialer 3..My network works properly with these configuration but when i delete the default route 0.0.0.0 0.0.0.0 dailer3 , my network goes down ( Failover technique not works)
View 4 Replies
View Related
Aug 29, 2011
I have configured a qos policy and I am trying to apply the policy to a vlan interface which is physically connected to a switch module port of a 3845 Router.When I try to apply, the message configuration failed appears.
View 4 Replies
View Related
Apr 27, 2011
My company recently failed a PCI scan because our router was returning 56bit des encryption for isakmp negotiation on an existing default isakmp policy. How do I remove this default isakmp policy. I am not running 12.4(15)T1 so the no crypto isakmp policy default does not work. Is there any way other than upgrading the IOS?
Is there any way to configure a maximum number of isakmp policies that an authenticating router will check? I have 2 configured higher priority ISAKMP policies. Maybe if there is a command to limit the number of isakmp policies the router checks, that would eliminate this default policy being matched?
View 1 Replies
View Related
Jul 18, 2012
Which is the best way of creating GRE Tunnels on a GLBP enabled router? I actually have two 3845 with GLBP configured as our gateway routers, and need to create gre tunnels to branches.The plan is to use the GLBP virtual IP as the Tunnel Source address and the branch WAN interface as the tunnel Destination address, how do i handle the Tunnel IP address? Do i create the same Tunnel on both gateway routers and have a glbp virtual IP address for the Tunnel Interface as well?
View 4 Replies
View Related
Mar 24, 2011
I have 3845 Router with HWIC-4ESW & I am trying to apply MQC on SVI interface but I keep getting configuration Error!-RTR(config-if)#service-policy output XYZ_WAN_QOS Configuration failed I believe that HWIC-4ESW is Layer 2 port & you can not apply Module Qos on SVI interface. I am exploring other option.
I have following link for 1 OR 2 Port Fast Ethernet port but not sure whether this will support what I am looking for.[URL] Aslo I have HWIC-1GE-SFP card on Same router where MQC works fine .interface GigabitEthernet0/1 description METRO-E duplex auto speed auto media-type rj45 service-policy output Metro-E?
View 1 Replies
View Related
Jan 30, 2012
I have a Cisco 3845 Integrated Service Router and I have installed a Service Module. I want to use the integrated Gigabit ports as switch ports and put ports in the Service Module and Gigabit port in a VLAN.
Is this possible? can it be done by setting internal Gigabit link as trunk and how? Below is the somewhat the setup i am looking for
Service module
fa0/1 |
fa0/2 | Vlan X
fa0/3 |
[Code]....
View 7 Replies
View Related
