Cisco WAN :: Replacing 6509s As Edge Routers?
Nov 19, 2012
We have two 6509 will active/passive sup 720-3BXL cards in each and 1GB DRAM. Each handles full bgp routing table with 4-5 ISP(eBGP) connections. The problem we are facing is.. 6509 were meant for core/aggregation and seam to be wasted are edge devices. With each ISP added the DRAM creeps up to a point were is it 80% utilized.
I am looking to replace both 6509's with routers which were meant to work on the edge. As mentioned earlier, it will have 4-6 external bgp peers per router. Handle full bgp tables. Should be capable of policy based routing.
View 4 Replies
ADVERTISEMENT
Oct 22, 2011
how do i configure cisco switch Edge
View 1 Replies
View Related
Mar 6, 2013
My company has purchased a second ASA for fail over reasons and I'm needing to attach it to my core router (ASR 1001). Currently I'm running the connection between my ASA and my Core as a /19 ie. ASA-10.10.10.2/19 -- ASR-10.10.10.1/19. I know the 2nd interface on the ASR will need to be on a different network segment then the first connection (10.10.10.1/19). What would be the best way to segment this out with out breaking up my /19?
Run /30 segments for each interface? Use a VLan ?
I don't want to use up my Internet rout able IP's on /30 segments. Attached diagram.
View 1 Replies
View Related
Jul 21, 2011
I was using NETGEAR FVS338 as a main router but it is discontinued now and I found the CISCO RV082 as a good replacement option. I am trying to set up a VPN the same way I used to do it with the netgear one but seems like something is being missed upI am trying to connect the VPN to a SonicWall 100 device using gateway to gateway, 3DES/MD5, agresive mode and IKE with preshared key. I already have the local id, remote ID and subnet configured in the SonicWall device as well as the remote IP address. I used to enter these information in the IKE and VPN configuration screens in the Netgear FVS338 we used to work with. I also have the PreShared Key code I entered in the configuration.
View 4 Replies
View Related
Apr 17, 2013
Our company just recently bought a CISCO SA520W Security Appliance from a distributor here in the Philippines. Unfortunately, after a month of use, the LAN ports on the appliance started losing power. We reported this to the distributor and they sent a CISCO engineers to check on the unit. The engineers found the unit to be defective and need to be replaced.
Three weeks after the distributor pulled-out the unit, I have followed-up the status with them. They told me that they got no definite ETA from CISCO for the replacement unit. I followed-up with them again after a week. This time, they told me that the device is already in transit and it is coming from CISCO USA but they still don't have an expected time of arrival to give me.Does it really take more than a month for CISCO to replace a brand new defective unit? The serial number of our appliance is DNI1610G0G7.
View 1 Replies
View Related
Oct 24, 2011
In my network i have two 6509s connected with L3 etherchannel. i have created saparate vlans in the two 6509s with different switches.now i want to use one vlan in 1st 6509 in the 2nd 6509 how can i use ...
View 1 Replies
View Related
Apr 26, 2012
I am working for a customer on an enterprise site containing many 6509's. We have built a test environment and upgraded a chassis from sup720 running 12.2(18)SXF15 to VS-S2T-10Gb running 12.2(50)SY on the management card. I have noticed and so has the customer that there are many commands missing or added and they want an expalnation of these. I can do some of them easily, change syntax etc but for instance it has added a table-map, 50 vlans with a large MTU and large COPP policy.
What are these ?? and also is there a quick way resource etc to find out why the commands have been added/removed, for instance-mls ip cef load-sharing full is missing--
View 1 Replies
View Related
Jan 19, 2012
I currently have 3 core switches on my campus. They are 6509 catalyst switches. They currently are not interconnected to each other.I want to interconnect them to each other. The IP addresses of each core sit on a interface Loopback500. [code] How can I interconnect each core to each other and what IP scheme could I use. I want them to be straight L3 to each other.
View 8 Replies
View Related
May 1, 2012
We currently have 2 6509s with redundant Sup720-3b's and PFC3B daughter cards which are connected together over dark fibre using the Gb fibre connectivity built into the supervisors.
The requirement is to upgrade this connection to 10Gb as inexpensively as possible.
Do I need to purchase new supervisors in order to do this properly or can I use a separate 10Gbe module (we have a spare slot), i.e. can I get away without using the connectivity built into the supervisors?
The other idea I had was putting a couple of 3750-X switches at each end to sit in front of the 6509s and provide the 10Gb connectivity between sites. I could then use the existing Gb uplinks on the supervisors whilst also providing connectivity for some devices that currently connect to the 6509s but could just as well connect here.
View 4 Replies
View Related
Sep 11, 2012
We have a number of 6509s which generally have dhcp relay agents configured on the SVIs. The dhcp servers are centralised. Recently we've had one or two faults with misconfigured or faulty devices (blade server chassis and also printers) generating high volumes of dhcp discover packets and causing high cpu on the relevant 6500. I would like to rate limit these discover packets, which are layer 2 broadcasts. Storm control can't discriminate between different types of broadcasts and on a gig link would need to be set down at about 1% to have much effect on the problem. I've looked at CoPP and also mls hardware rate-limiting but as I understand it, these two features don't control broadcast traffic. I also looked at dhcp snooping but if an interface receives a high level of dhcp discover broadcasts, e.g. over 100pps, I don't want it to go error-disabled (as this would knock down the whole edge switch), just to drop the excess packets.
View 2 Replies
View Related
Mar 6, 2012
our customer has a server farm in a data center.At the moment the farm has connectivity with only one ISP but sometimes it has service discontinuity.Customer wants to become AS and having two ISP connectivity for backup purposes.He needs to evaluete two cisco routers to use at AS edge with BGP.At the moment he says that the throughputh with the server farm is max 15Mbps and in the future he thinks that it will not increase.We think about cisco2951 routers with 2GB ram.Is cisco 2951 adeguate for this task ?
View 3 Replies
View Related
Sep 15, 2011
If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 3 Replies
View Related
Dec 18, 2011
If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 9 Replies
View Related
Oct 7, 2011
My company's spent the last few weeks struggling with an issue with their VPN backups where select packets were being lost.
View 7 Replies
View Related
Apr 9, 2011
How to configure an Asa that will have a default gateway to an edge router that will be doing PBR? We would like Internet surfing to go out one ISP while internally hosted services in the Asa DMZ would go through the other ISP. configuration examples for both the edge router and the Asa?
View 3 Replies
View Related
Nov 26, 2011
I'm trying to figure out the best design for my network. I currently have a setup like this:Internet - Cable Modem - Pix 515E (doing NAT) - 2621 - Internal Network.Now, should I have the 2621 as my edge device or the Pix?
View 6 Replies
View Related
Jan 21, 2013
I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch. I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access. Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
View 5 Replies
View Related
Feb 20, 2012
setup the Physical connectively of IPS 4240 on the Internet edge with the ASA 5520, how the topology will be
f this a good design with IPS Appliance at nternet Edge
View 9 Replies
View Related
Apr 24, 2012
I am looking to implement 25 Cisco 3750 switches with IPBASE image at the edge, across many cabinets. I understand I am limited to EIGRP Stub on the 3750 switches (with IPBase) and cannot acheive funding to upgrade to IPServices. Though I am not fully aware on the limitations, in terms of what I am trying to acheive.
Broadly speaking I want to install 2 x 3750 switches at the edge, with point-to-point links to two 6500 core switches (at the data centre) and then have HSRP interfaces on the 3750's, tracking the up links to the core switches. I am presuming this will be the best solution to ensure reliability.My 6500 switches run EIGRP and have many VLANs and other L3 networks advertised, which will need advertising to the 3750 switches. I would be looking to advertise two or three HSRP networks on the 3750 switches, up to the core switches.At the moment, the entire network is Layer 2 (VLANS + STP).
how to configure EIGRP across the 3750 switches and 6500 switches to allow for the 3750's to see the whole network and also advertise back up it's directly connected (HSRP) networks to the core. At the moment, after configuration, none of the switches see each other as EIGRP neighbours but can ping the L3 addresses on each end.
View 1 Replies
View Related
Dec 22, 2011
We are replacing a DS3 Internet connection with a 100 Mbps fastE connection from a Tier 1 Provider. I currently have a Cisco 7204VXR with 512 Mb DRAM and 128 Mb of Flash and two 10/100 ports that is connected to the DS3. I also have a 3845 with 1 Gb of DRAM and 256 Mb of Flash with two 10/100/1000 ports available.
We are currently running BGP, below is the summary
BGP table version is 88880414, main routing table version 88880414
379041 network entries using 44347797 bytes of memory
379043 path entries using 19710236 bytes of memory(code)
View 4 Replies
View Related
Nov 15, 2005
How to successfully implement OER w/ NAT? I will have an 1841 with the 4-port EtherSwitch module that will have 3 cable modems connected and utilizing cisco's OER to utilize all 3 links for outbound Internet traffic. However, I am concerned about NAT. The only other interface used on the 1841 will be the connection to the local LAN (inside). I'm thinking this will require a loopback, but I'm not finding anything on CCO to back me up. Is it possible to just let the CMs do NAT? 1 CM is a static IP and the 2 others are DHCP.
View 2 Replies
View Related
Aug 21, 2011
Apart from the ability to participate in BGP, is there any reason you should use a router on an internet edge rather than the SG-300 switch?
View 4 Replies
View Related
Apr 15, 2012
I am trying to configure an asa5505 8.4 ASDM 6.4 to a watchguard edge. This is in my homelab setup is 5505 connected to an 1841 simulating internet and other end a watchguard edge. Even after the wizard there is no negotiation of the tunnel at all.[URL]
View 1 Replies
View Related
Apr 15, 2012
I recently ran into some problems concerning the use of a Cisco layer 3 switch (3560) as an Internet edge device to perform a simple static route between the customers network and the ISP POP router. Although this device can perform the routing at the edge for Internet traffic, I am concerned that this device has limitations when it comes to functions such as traffic shaping to the subscribed bandwidth of the Metro Ethernet access to the Internet. Since the 3560 could not conform to the 20 Mbps of subscribed bandwidth, any traffic beyond 20 Mbps was dropped causing performance issues with applications that use TCP. I am trying to find design documents or white papers that would either support or not support using a layer 3 switch as an Internet perimeter device instead of a router. I would like to know if Cisco has a specific perspective on this subject and whether or not they would ever recommend actually using a layer 3 switch model that is a 37XX or below?
View 3 Replies
View Related
Jul 26, 2012
Any router (I'm considering ASR 1002 with 10GE SPAs) that can support the following:
-10GE interfaces
-can handle 1.5Gbps but scales up to 5-6Gbps different seasons
-take on full internet routes from 2-3 providers
-will live on the internet edge
View 7 Replies
View Related
May 1, 2013
We have ASA 5520 firewall.For broadband Internet access, we have T1 Router(edge router provided by ISP) which provides public IP's 198.24.210.224 / 29. We have usable public IP's 198.24.210.226 - 198.24.210.230 with default gateway 198.24.210.225. We assigned 198.24.210.230 255.255.255.0 to the outside interface.
If we connect the ASA 5520 outside interface directly to T1 router, can all packets with destination addresses 198.24.210.224/29 reach the outside interface without using other device like another router or switches?I just assume that only packets with destination address 198.24.210.230(outside interface ip) can reach the outside interface from the edge router.Is it wrong assumption? If it is correct, then is there any way to route all packets with destination address 198.24.210.224/29 to the outside interface?
View 3 Replies
View Related
Sep 4, 2012
i have a problem with a cisco cat. 4507 edge switch as when i have a login ssh session to the switch the supervisor engine restart and the redundant Sup. engine becomes the active and so on this problem mainly happen when i have multible SSH session to the switch and it happened very rarely with a single ssh login
the ios version i use is cat4500-entservicesk9-mz.122-54.SG which im using on all my edge switch and they are all working fine excpt this one
View 1 Replies
View Related
Dec 29, 2011
Today I'm going to be re-organzing my network, kind of and I just wanted to get a second opinon. Right now I have an ASA 5510 and a Cisco 2911 and a Cisco 2960 (and I have two more 2911s and 2960s that handles our phone network).
Router 2911 is on the edge Gi0/0 has the public IP and Gi0/1 is not used and then I have 5 individual VLANs (Gi0/1.100, 1.200, 1.300, 1.400, 1.500) VLAN 100 is our internal network 10.10.18.1/24 (router is 10.10.18.1)And the 2960 is used for swichport access, the ASA is on the side and only used as a VPN.
What I want to do is put the ASA on the edge so I can dump all the access-lists and everything then 2911 will only be used to route the traffic. Now I know I will have to reconfigure the VPN, which isn't a problem. My question is when putting the ASA on the edge do I just put the public IP on the ASA's e0/0 and then plug the 2911 into the e0/1 of the ASA and give the Gi0/0 of the 2911 the ip address of 10.10.18.1 or do I just shut it down? The reason behind this is because I would actually like to use the ASA for more than just the VPN passthrough.
View 6 Replies
View Related
Mar 29, 2011
I have a very basic networking question If I have, say, 3750's (or any L3 switch, capable of routing) at the edge and a 4500 at the core, where should I route? At the edge? At the Core? Both?
View 4 Replies
View Related
Nov 27, 2011
I have a cisco 3560 switch set up as my edge router. It is working as my external demarc switch and edge router. It is sitting between the ISP's switch and my ASA firewall. It's a very basic configuration with port 1 set up with a fixed ip and switchport turned off which is connected to the ISP switch. VLAN2 is configured with an IP address and 3 ports, two of which go to different firewalls.
I found that I cannot ping a specific address from the inside interface (VLAN2), but I can from the outside interface Gig0/1. I have a few deny commands in an access list, but they don't apply to the network i'm trying to access, and I haven't had any other inaccessible networks otherwise.
Here's my config minus passwords and full IP ranges. There are two ranges, one with xxx and one with xx. The xxx is set as secondary, but is the one we really use.
Current configuration : 4808 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname my-rtr-ext!boot-start-markerboot-end-marker!enable secret 5 !
!!no aaa new-modelsystem mtu routing 1500ip routing!
[Code] ............
View 4 Replies
View Related
Nov 8, 2011
Used a pair of ASA 5520s in HA to firewall the internet edge and to firewall traffic between internal security zones such as web and application layers? If so, is this best done using different security levels or contexts?
I'm thinking of using a routed context for securing the internet edge and then using seperate contexts for the web and application networks. Contexts will route via a L3 switch.
View 3 Replies
View Related
Apr 22, 2013
Region : Others
Model : TL-MR3420
Hardware Version : V2
Firmware Version :
ISP : YU KENYA
most service providers in our country dont have 3G or 4G support,but all the same i bought an MR3420 router in the hopes that since my modem is listed,it would still connect even if on an EDGE/2G network like YU-Kenya.But this is not the case,the router does not recognize the modem i.e it says the modem is unplugged but when i look at the logs,it indicated it detected the modem but LTE was set to zero. providing a modem bin file for compatibility under EDGE/2G connection otherwise my router will be of no use to me.
View 2 Replies
View Related
Dec 30, 2012
Region : Poland
Model : TL-MR3220
Hardware Version : V1
Firmware Version :
ISP : Bite
Router TL-MR3220 works well on 3G network, but is not works 2G (edge) network. 3G network is not suported in my location, only 2G. My modem is Huawei E 173. In location 2G network Router show: 3G/4G USB Modem: Unplugged.
View 3 Replies
View Related
