Cisco WAN :: STM-4 / Traffic Divert To Backup Link
Nov 28, 2011
Basically we are having a Multicast setup. both A and B offices are being connected with STM-4 (622 Mbps) with IGP as OSPF. As of now everything is working well with this setup and no complaint .
Now since Primary link bandwidth is touching upto 622 Mbps we are planning to send some traffic to backup STM-4 link .
1) To send some unimportant (Traffic) Source IPs ( say 10.20.1.1 to 25 ) to backup link what would be best way to achieve it. Is it possible policy based routing ? does multicast support pbr?
2) When primary STM gets down and entire traffic shift to backup STM these IPs ( 10.20.1.1 to 25) should be given low priority on the backup link or traffic from these ips can be terminated.
we have two offices connected with a lan-to-lan ipsec tunnel. My question is about one of the sites.
At the site a Cisco 870-series router is used for connection to the internet and setting up the tunnel. Two subnets exist, 172.22.x.x and 10.30.x.x.
The router itself has an address in the 172.22.x.x-range. Traffic from the 10.30.x.x subnet needs to be able to reach: - A host in our network over at the other office (also 172.22.x.x but other range). NATting is needed otherwise it won't traverse the tunnel because the lan-to-lan has only 172.22.x.x in its properties. - The internet. NATting is also needed otherwise it won't be routable on the internet. The packets need to go out of the router directly, not through the tunnel.
How do I accomplish this?
Here is a snippet from the config:
interface ATM0.1 point-to-point ip address <public ip address> ip nat outside ip virtual-reassembly pvc 8/35 class-vc Office(code)
My requirment is to drop the Internet traffic once the Cisco HWIC 3G backup link will become active(attached) .Because I should allow only Business Critical Data allow through that and others should drop. Here are the config I used. In here I used a standard access list to generate intersting traffic which allow all the traffic traverse through the backup link.Can I drop the packets to the proxy (192.168.1.100) using this access list and allow other traffic.access-list 1 deny 192.168.1.100access-list 1 permit anydialer-list 1 protocol ip list 1.Is this the proper way I should follow ? Is there any other good method to achieve my requirement ? [code]
I have a client that has an ASA 5520 that has two internet connections, FIOS and Comcast. The ASA is configured to failover from the FIOS to the Comcast if the FIOS fails. This works perfectly fine. However, I was wondering if VPN and other inbound traffic will come into the secondary connection when it is active. I think VPN will work inbound when the FIOS connection fails, but I am not sure about the other inbound connections.
I have a Cisco 527w which we are wanting to deploy to our remote sites however i've found a bug. We use ADSL with an IPsec tunnel as primary and 3G APN for failover . When the ADSL goes down the route via the IPSec tunnel remains and i am unable to route the traffic via the APN backup without disabling the VPN tunnel .
I have 2 ASA 5505 Firewall, I Configured Site 2 Site VPN no both the fitrewall, as i have a dual ISP, i am able to create the tunnel with primary but once my primary is down i am not able to create the tunnel with back up ISP. During the troobleshoothing by typing Show isakmp sa and Show ipsec sa, i can see my tunnel is up, but not able to decap the packets.
I periodically have my ISP's DNS go out. I actually prefer to use the default DNS they provide (and not hard-code it), but still, it occasionally goes-out for an hour from time-to-time.Is there a way on the DIR-825 to add a "backup" DNS (3rd DNS), that is fed to the PeeCees via DHCP, in addition to the 2 my ISP provides?
want to connect three networks with each other via two media one ethernet/fiber optic and other through wireless as backup link.how can i connect these three networks so that if my ethernet/ fiber optic connection fails than computer on networks can still communcate via wireless link (i mean if ethernet/fiber optic fails then wireless link should automatically be established/
We have 6 sites which are connected through E1 links.All sites connected from HQs.
Site A is HQs. Sited B, C, D, E, and F are Branches. Site A is directly connected with site B, C, D and E. Site D is connected with Site F.
Now we have another redundant E1 link for site C and Site F.we are using Static Routes.i have configured Qualified-next-hope on Juniper Router but i am unable to configure IP SLA on Site C Cisco 2951 with IOS 15.0 router.is there another solution for my scenario plz share with me for Redundant Link.
I'm working on setting up a backup link for our ASA 5505 and I've followed these directions: [URL]
The backup ISP gives us a dynamic address, however, when I enable the backup ISP's interface on the ASA, my vpn tunnels drop. As soon as I disable the backup interface, the tunnels come back up. I'm attempting to configure this across one of these tunnels, so obviously this is an issue, as is the fact that other people need the tunnels as well. I'm not sure what I did to make this happen, but I've been over the config many times and can't see anything different from the instructions in the link above.
I thought it might be trying to route traffic across the backup interface, but my primary interface is tracked and has SLA running on it, so I would assume it wouldn't roll over onto the backup interface.
I've got a 881 working with a 3G Card. Even the Cisco 7965 phone is working well off it. Looking for good doc for configuring the 3G interface as a backup link to Comcast?
i have two internet links each of which from different ISP and different real ip addresses.Want to make the second backup internet work for Internal and external (AnyConnect) users.
my question: is that applicable to register single A record with different real ip addresses? and also is the AnyConnect method the best solution for them?
note: i have single firewall 5520 behind the cable modems.
I have two 3750 switch.switch A(main) and switch B is connected by OFC but i have another wireless link for backup.Now if OFC goes down then i manually connect wireless link with switch B for this reasons i am faceing a lot of problem. I want without any changing of cable if my primary link goes down then my backup link automaticaly goes up and vice versa .
Switch-A port gi1/0/9 and Switch-B port gi1/0/9 is connect by OFC Switch-A port gi1/0/8 and Switch-B port gi1/0/8 is connect by Wireless link (backup) i attach my network diagram kindly find the attachment file.
We have 2 dsl lines coming in and the modem is in bridge mode while the router handles the pppoe information. Each line is 6mb down and .5 mb up. It's ****, yes I know, but this is pretty decent for a small town in the country. To double our bandwidth, I put it in load balance mode. When load balance, I get anywhere from 9-12 down and .8 up. Here's where it gets tricky.
When anything is uploaded, the speed drops from 9-12 down and .8 up to about .2-.7 down and .2 up. I realize that we will lose some down and up speed but I wouldn't think it would be this drastic. Is this normal?When they upload to a specific https site (file is about 50mb), it never initiates the upload. If I switch it to Link Backup, it will upload fine. I still lose the speed but at least it does something. I've read that some https sites have issues with grabbing data from multiple IP's so I figured this is the case since it's a medical site that was probably developed in house. Is this true?Does protocol binding work in Load Balance mode? I binded all http and https traffic through WAN 2 interface however, when I do a speed test or check my external IP, it is not indicating the WAN 2 IP address. Is this a common issue in rv042's or is there a firmware update that solves all these issues?
use PAGP as backup for wireless link with another wireless link.
__WiFi________ PC-------Switch 1 Switch2---------- PC __WiFi________
We are using 2960 series and from this reason we cant use L3 PAGP I dont know how is PAGP working. If it is checkung port status (UP/Down) or there are some specific L2 packet between etherchannel ports in group?
i will going to buy a router 2911 but i want know if support a interface ADSL modulo like backup in case that my primary link WAN Ethernet down and up the adsl link with a module HWIC ADSL pots.
Region : United Kingdom Model : TL-WR940N Hardware Version : Not Clear Firmware Version : ISP : BT
I've been having some issues with my BT Broadband for a while, so decided to switch to a new router, a TP TD-W8960N, however setting up QOS isn't as easy as I had anticipated (I'm fairly new to this!).
My main issue is that we have a fairly limited broadband connection, but I need to backup work using backblaze. This is a pain because as soon as it starts to backup it eats what bandwidth we have. What I want to know is can I just limit the range of ip-addresses which they use for their backup?Is there a simpler auto-QOS approach I could use? The router is currently running the latest firmware that isn't in beta. Also - do these routers auto-update firmware?
We have a customer who has a network consisting of two ISPs, one as a primary and the other as a backup. We are trying to create a configuration that would allow the primary link to fail and the secondary link to automatically pick up traffic and begin routing .how to set something like this up. Both routers are non Cisco routers and there for HSRP is out.
I have a media player wired to my dir-655. I have a wrt300 on the same network to use for vpn. I live in Canada, and to use Netflix etc, from the US, I need to use the vpn.Is it possible to have the media player routed through the wrt300, rather than discovering all the IP addresses for Netflix etc and routing each one?
I keep getting warning on bandwidth usage , I'm using a dir-615 routers xp on all machines . The one pc that i use to d/l with I have the torrent monitor on and shows little traffic. Ive heard of a few pieces of s/w but these require software to be installed on all boxes Id like to be able to monitor from one box if possible ??
I would like to block incoming traffic from a specific ip on a specific port
This is what I have
source: interface: wan ip address range: 5.xxx.xxx.226 - second one is empty (valid ip instead of x's) protocol: tcp
dest: interface: lan ip address range: both fields empty port range: 139 - empty field
ON and DENY box is ticked name field has some text in it
I click save and get this pop-up: Incorrect source ip address. Invalid format of the start IP address. Current Firmware Version : 2.11 The ip is obviously valid, what should I do?
I have a server with SQL Server 2008 on it. It listens on the default ports 1433 & 1434. But traffic is not making it through my DIR-655 to the LAN so that SQL Server can respond to the request. I am using DynDNS and have confirmed that the traffic is getting thru DNS and finding the router, but after watching the syslog I can see that I'm getting multiple of the following error messages when a request is initiated from a client (Microsoft Access app) outside my network:
01-24-2012 22:28:24 System3.Info 192.168.1.1 Tue Jan 24 22:28:28 2012 D-Link Systems DIR-655 System Log: Blocked incoming TCP connection request from 67.167.87.109:53284 to 67.167.87.109:139 01-24-2012 22:28:24 System3.Info 192.168.1.1 Tue Jan 24 22:28:28 2012 D-Link Systems DIR-655 System Log: Blocked incoming TCP connection request from 67.167.87.109:53282 to 67.167.87.109:445
In Port Forwarding I have specified a rule to allow/pass port 1433 & 1434 TCP traffic to my internal server IP.
Also I'm confused by the ports shown above since I was expecting to see 1433/1434 in there...seems this is a factor in the traffic never getting to the SQL Server to process the request?
I was just wondering on the stats page of my DIR-615 the WAN Stats is in packets. How do I convert that into megabytes and gigabytes so I can track my usage?
Since AT&T put in caps and do not provide a usage meter. I would like to keep track of my usage.
I have experience too much traffic between the link L2 (Fastethernet - GigabitEthernet),, 90%. What can I do to fix that, any command? rate-limit or something?
Here is some outputs of the interfaces:
FastEthernet2/30 is up, line protocol is up (connected) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 247/255, rxload 27/255 Encapsulation ARPA, loopback not set
I would like to measure amount of data I have uploaded and downloaded on the internet since last router reboot. I see there is a STATISTICS under STATUS, which lists the packets, but how big is a packet? And can I just take the values under Receive and Transmit (row called Internet) and multiply with packet size?
I have a DIR-600 (firmware 2.05) connected to internet and my computer. For a week or so, for some reason, there is a high number of SSDP messages on my internet cable (about 100/second). Probably a faulty equipment from the internet provider.
The problem is that this high traffic of SSDP messages cause the router to freeze, the instant I plug in the internet cable.
I have tried to block in the router firewall the address 239.255.255.250 on port 1900, but it get the error "invalid address". I have also disabled the Upnp function on the router, but without result.
How can I block these messages, so I can use my router again.
Is it possible with the DIR-601 to have one of the IP's on the LAN route all traffic through a proxy server? I would like to have my Roku device (which I've setup as a static on the LAN side) to always connect though a proxy, while all my other devices connect to the internet normally.
How to configure the 825 to block inbound traffic from a specific internet IP address ?i noticed an IP and MAC that i don't recognize that is listed as a connection to my NAS's media server ...i blocked it in the NAS configuration page, but i don't want any unsolicited traffic into my network.
My old trusty Linksys router started causing BSODs on my computer (!) by crashing the IP stack, so I bought the DIR-655. No more BSODs, throughput to the web went way up, so all that was a success.Then I tried to set it up to send syslog data to my computer, and it was totally useless. Want to see traffic logs, not debug messages. After a lot of discussion with level-3 tech support, it seems that this router cannot send syslog data to a syslog server that shows the incoming and outgoing traffic IPs for monitoring a network.
We currently have a 3/3 Etherloop. We dont have any internal IT as we are still small and while not a networking guy I can at least understand what is going on. Right now at peaks we are hitting 100% utilization.
We run a call center in house so I am trying to determine at the very least how much of this traffic is from voice data compared to everything else.Was running through our networking configuration and it just seems off to me. The following is the flow.
-Etherloop Demarcation > -Cisco Integrated Access Device > -D-Link DIR 655 Wireless Router > -24port HP Procurve switch > -24port HP Procruve switch >
Everything up to the first switch is a single line. The first switch has all ports running out except 1 which goes to the second switch. The second switch runs out to machines as well.
I am at the networking level where I understand a switch but have no idea what the IAD really does between the etherloop modem and the wireless router.
For some reason I feel like the router should not be setup in that manner and should be off of the switch. With the cisco IAD running directly to the first switch. So my 2 big questions are.
1. Does this setup even make sense.
2. Whats the easiest way to monitor traffic, at the very least it would be nice to see real time up/down and be able to log in. Then I guess using ports figure out what is being used by voice. My first guess was just putting a machine between the IAD and first switch and monitor and log the traffic.
I have several SGE2010P switches connected in a stack. They are working fine as a stack.
Question is - what traffic, besides stack control, is carried over the stacking links?
All unused ports are VLAN 1U. Ports in use belong to VLANs 100, 101, and 105.Since I cannot configure or see the stacking ports, I am unclear if any non-default VLAN traffic passes over those links between switches?
I've blocked all traffic on port 80 (Advanced-Access Control- Apply Advanced Port Filter- All IP range and Port 80 selected) to avoid any kind of Web Access. I won't use Web Filter because there are too many URLs to be blocked.
However I have a problem to keep Google Earth working, since it uses port 80.
Is there a way to keep Google Earth working, even blocking traffic on Port 80? I've tried configuring an application rule to let Google Earth working, but it didn't work (it seems that I can not create an exception for Filter Port) .
I have been using the subject Wireless Router for more than 2 years. Most of the time it worked OK but lately it has been giving issues. [code] Due to a recent power outage, I had to reset the setting on the Dlink router. One of the issue is after resetting the Internet options and rebooting the router when I go back to the system screen, both the Release and Renew buttons are greyed out.I have tried to reboot the router as well as cable modem without any success. The Cable Modem is Motorola SB5120.
