Cisco WAN :: Traffic Flow Not Reflected Properly Into Fluke With 7600
Aug 8, 2012
We are facing one issue at the Customer site as Cisco 7600 series Router's having issue for reflection of traffic flow through netfluke as using by Customer to get bandwidth utilization report for our WAN links.Recently we have brought this 7606S router into production and moved some of our WAN links to this router and We are not getting proper bandwidth utilization report in netfluke after configuring netflow in this device.
HTAINCHN21XXXCR001#sh ver
Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-IPSERVICES-M), Version 12.2(33)SRB5, RELEASE SOFTWARE (fc2)
HTAINCHN21XXXCR001#sh run int gi1/12
[code]....
View 1 Replies
ADVERTISEMENT
Jun 2, 2012
why ip flow egress is not functioning on 7600?When I do "sho ip cach flow", I can see only inbound flows.
View 5 Replies
View Related
Jan 18, 2012
I am trying to pass Traffic thru the IPSEC tunnel but it does not work ([Cisco Router 892] <---> [Cisco ASA 5510] <---> [Cisco Router 892]) The Cisco ASA 5510 doesn't pass traffic UDP=500 & UDP=4500 ports...
View 1 Replies
View Related
Aug 30, 2012
I've been thinking about this for a while and I can't seem to find a comforting answer: Assume you have three datacenters connected over a WAN. Each datacenter has its own Internet and firewall, and each firewall has a trusted network, untrusted network (Internet), and DMZ: [code]
-DMZhostA has inbound access from the Internet over port X.
-DMZhostB has outbound access to DMZhostC over port Y.
-DMZhostC has outbound access to the trusted network over port Z.
If DMZhostA gets compromised from the Internet, the attacker can indirectly access the trusted network through DMZhostC, assuming the services running on the given ports are vulnerable/poorly secured.How do you track this web of access? This is a simple scenario with just three firewalls and datacenters, but it gets proportionally more complex and harder to track as the network gets larger. Manually tracking the traffic flow seems tedious, slow, and inefficient.
View 5 Replies
View Related
Oct 14, 2011
My question is pretty straight forward but here is some background information. I would like my browsing traffic to funnel through my phone's 3G or WiFi connection. Is there any information out there on how to direct the browser to use the second internet connection? I was thinking about setting up a VPN using the second nic and somehow instruct the browser to use the specific proxy. I have no idea if that is even possible though.
The need for this is pretty simple. I do not want my browsing habits being logged by my company's network. Also while maintaining the current corporate connection so Outlook and RDP programs continue to function correctly.
View 1 Replies
View Related
Jun 13, 2012
I am fairly new to configuring ASA's. I have an ASA 5505 with one outside interface and three inside interfaces (inside1, inside2, and management). I need inside1 and inside2 to be able to talk to eachother but cannot work out how to make this happen. They are both configured to the same security level and the 'Enable traffic between interfaces with same security level' box is ticked. I have also tried adding appropriate NAT and Access rules. The packet tracer suggests the rules are correct for allowing traffic flow between interfaces but obviosly this may not be the case.
View 14 Replies
View Related
Dec 6, 2011
I have a 7204VXR Router, with Neflow. The collection for all interfaces is ok, but one interface (Gigabitethernet 1/0), is not showing the egress traffic in the pictures. The configuration has "ip route-cache flow", ip flow egress, and ip flow ingress set. But, is not showing the egress traffic.
View 4 Replies
View Related
Oct 21, 2011
I am in search of a new routers. I don't have any special task to do. Just the flow of maximum 2mb/sec data and some times video conference. However I need the Voip solution as well. I just got excited on the cisco ASA 5505 product. Can this fulfill my requirements. Can this work as the router 1841. Does this support DMVPN, SSL VPN and dynamic routing. Can I upgrade the IOS for dynamic routing purpose. Do you recommend to purchase this produe act or not instead of router ? What are the limitations of this product. If I purchase this I can use this as an router as well as strong security solution. How many ports are available for traffic flow in ASA 5505. Are all routed mode or some of them switch port.
View 1 Replies
View Related
Nov 21, 2011
I'm receiving multicast traffic (400Mbps) on port 9/38 and sending it out on port gi9/48. I'm trying to achieve that traffic will stay within the card without using the switchfabric,
View 2 Replies
View Related
Feb 16, 2012
I am looking for the way to define an idle timeout for specific flows on an ASA5580 by using Cisco security manager. For ex I needed to define a specific idle timeout for connections beetween specific devices (Devices in vlan1, Device2 in vlan2).To test it I did following changes by CLI and it works fine. access-list L1 extended permit ip <@IP1> <mask1> host <@IP2> class-map CM1 match access-list L1 policy-map PM1 class CM1 set connection timeout idle 02:00:00
I try do do the same configuration with CSM in order to be able to manage each changes only by using CSM.So I defined Access control list, Traffic flow and then I define timeout in CSM --> PIX/ASA/FWSM Platform --> Service Policy Rules --> IPS, QoS and Connections Rules -> connections settings -> Traffic flow idle time-out. The problem is that each time I deploy the configuration with CSM I loose the timeout config line which is the most important for my application..
View 2 Replies
View Related
Mar 18, 2013
We have been deploying Cisco SF200-24P switches for our systems for over a year now. They connect to a Cisco 881 router. In many cases we are also deploying Cisco AP541s.Over the last few months, on an intermittent basis, the switches will simply freeze, blocking all traffic flow. The power LED also goes dark. It appears the switch has frozen. The only thing that seems to revive the switch is a hard reboot by pulling the power cord. In the last couple of weeks, one site in particular has gone down a handful of times. That client of our is fed up. Our patience is running thin too.
I cannot see any indications in the logs to any event that might give a clue as to the problem. We definitely see this problem with the 1.2.7.76 firmware and the 1.2.9.44 (latest as of typing this). Not sure if with earlier 1.1.2 firmware.Without a fix, we likely will have to change switches and possibly vendors as we need a reliable switch.I see some vague references to a similar problem. And one reference to a SG300 series having what sounds like the same issue.
View 8 Replies
View Related
Nov 27, 2011
We have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
VLAN 10 - Servers Vlan
VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote sites and vice versa
I configured the netflow source VLAN 11 although I am not collecing any netflow from it.Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10. [code]
View 9 Replies
View Related
Jan 20, 2013
I've been digging into some performance issues on a LAN that has a couple of 2960s. The monitoring software I'm using has indicated a high amount of discarded outbound packets (up to 5%). The suggested resolutions were to enable flow control.
My question is does enabling flow control on all ports interrupt network traffic at all? this is a production network so I had already planned on doing it during off hours but also wanted to know if I should be prepared for any significant drop in traffic.
View 14 Replies
View Related
Jul 7, 2012
How to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
View 4 Replies
View Related
Dec 6, 2012
i want to to ask about redirecting in MLS 7600 .assume the user a has an ip x.x.x.xand that user requested url...i want to to redirect his request to url...the users that have to pay the monthly bills , i want to give thim an ips and redirect all the http requests from this to a special local webpage .is is applicable to to it on router cisco 7600 ??or is it applicable on router 7206 npeg2 ? also i have siwtch 2960g.i dont want to do it by proxy server.
View 4 Replies
View Related
May 6, 2012
i am having a problem of load balance traffic over two WAN links connecting our 2 cisco 7600 routers, as i just knew that 7600 is not supporting per packet load sharing only per destination and as per our monitoring tools that one link is underutulized the other is overutilized.
View 10 Replies
View Related
May 23, 2013
we are using 7609 router. it forwarding traffic to wards my firewall which was not allowd in my router. when ever im checking for routes in router using show ip route x.x.x.x its showing SUBNET IS NOT IN TABLE, but in workmy firewall dropped connection i can able to see that networks.
View 2 Replies
View Related
Nov 16, 2011
this is a device discovery issue with LMS 3.2. The devices added up in Common Services are not getting reflected under Campus Manager and Device Fault Manager. The devices are manually added and are stack switches (2960S-24TS-L).
View 1 Replies
View Related
Sep 27, 2012
Is there anyway to monitor netflow on RV042G. We have a network at a small school that will get bogged down during the day.
View 1 Replies
View Related
Feb 24, 2011
I have 2 ASA 5505, with a site-2-site vpn, I need to reach a server on network A on port 7887 from Network B.The 2 boxes are both on a public net and has a private net inside.When initiating a telnet session from a Host on network B, to a ip 172.210.210.56 /24 (which is defined as my remote network in the connection profile)I can see the trafic arriving on the ASA on network A, but the trafic gets rejected with the following.
Built local-host outside:VPN-TEST_172.210.210.5602: VPN-TEST_172.210.210.56 7887 Teardown TCP connection 398765 for outside:VPN-TEST_x.x.x.x/16698 to outside:VPN-TEST_172.210.210.56/7887 duration 0:00:00 bytes 0 Flow is a loopback03: Teardown local-host outside:VPN-TEST_172.210.210.56 duration 0:00:00.I'm a newbee with the ASA 5505, and connot figure out why this is a loopback ?
View 2 Replies
View Related
Oct 17, 2012
I think packet flow is changed in 8.3 IOS and above.We are using private NAT for ouside traffic.why we are using private IP for outside traffic?
View 1 Replies
View Related
Nov 8, 2012
How does one find the top user or IP accounting with this ASA5505 v7.22 device?
-With 1841 ISR:
-sh ip accounting
-sh ip flow top
Very lame if they don't have similar commands or capabilities on the ASA series.
View 1 Replies
View Related
Aug 28, 2011
Recently we have configured few of our routers to export FNF (Flexible NetFlow), some of our router are exporting NetFlow V9 packets with fields as mentioned in the NetFlow V9 RFC. We noticed that one router is exporting NetFlow V9 with the field value different from RFC. I have attached the screen shot which shows that Field 194 is assigned for TOS. Whereas according RFC it is 5. Is there any specifc reason begind this or this is an IOS related issue.
View 1 Replies
View Related
Aug 8, 2011
I wish see the top talkers 10 at the my router 2800 IOS 12.4 (13a)
but when I run the command "show ip flow top-talkers" appear following:
% Top talkers not configured
I've set
Router(config)#ip flow-top-talkers
Router(config-flow-top-talkers)#top 10
I'm using the netflow version 9
maybe my router not support this issue ?? or it's missing some configuration.
View 2 Replies
View Related
Jul 26, 2012
Struggling to find any documentation that states both "ip accounting & netflow" are supported on the new ME3600 switches. I have tried both a 12 and 15 release of software. Netflow produces no data what so ever, ip accounting only produces data (of the global network) when configured on my uplink (running MP-BGP network) unable to get specific data for user networks in seperate VRFs. Is this a case of the commands being there but not being supported?
View 0 Replies
View Related
Aug 17, 2011
On my 1841 when i enter the "ip flow-cache timeout active 2" command it accepts this command with no errors. But when i look at my running-config this does not list.I did the same thing on my 2811's and 3745 and it shows up in the running-config. Should I assume if it doesnt' show up in my config file than it is not applied? How can I verify that it is or isn't?
View 1 Replies
View Related
Dec 15, 2010
I have a Cisco 2621XM router with two ethernet interfaces that sits before a vendor supplied VPN router. I need to see the IP traffic incoming to my router from the WAN side (fasteth0/1 below). I setup ip cef, and ip flow ingress on the interface. However -- it seems that what I see when I use "ip cache flow" command doesn't have a very long history or life. What commands am I missing so that I can see a summary of the stats over say the last 5, 10 or 15 minutes? Is this the best config that can be used for this, or can I create a more summarized report just using the router HW and IOS? Basic current configuration:version 12.3service timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname Littleboy!ip subnet-zeroip cef table event-log size 1024ip cefip cef accounting per-prefix non-recursive prefix-lengthip cef traffic-statistics load-interval 180!ip flow-cache entries 2048ip flow-cache timeout inactive 60!interface FastEthernet0/1 description Littleboy to vpn-wan ip address 10.1.0.1 255.255.255.252 ip flow ingress?
View 5 Replies
View Related
Aug 26, 2012
I am unable to input the command "ip flow-cache timeout active 1" to my cisco 2960 and 4948 switches. But i am able to do so in my cisco 6500 series switch. Hence how do i enable netflow on both 2960 and 4948 devices?My 2960 and 4948 are L3 switches. What commands or additional hardware module are required.
View 4 Replies
View Related
Jun 24, 2011
The wifi connection is all good to go. Now , we have other companies besides us that also managed to tap to the wireless infrastructure, though they don't have the authentication cert, but it is exposed.So, would like to know how can we conta the wireless signal from overflow to another building? Any setting at the WLC that can be tweak? or check the radius to ensure that it didn't overflow?
View 1 Replies
View Related
Nov 12, 2012
Trying to configure netflow on a 3750-X. I'm sort of copying my config from a router but, it seemd that the commandes below don't work.
Is there different set of commands to configure the source and destination.
ip flow-export source Tunnel0
ip flow-export destination 172.20.X.X 9995
View 1 Replies
View Related
Sep 26, 2007
I am having issue on my 3750G gig interface, it is not passing data more than 200M.Some how its giving me lots of input Pause on both sides,can some one explain if there is congesstion issue,do I need to enable flow control on both sides? [code]
View 4 Replies
View Related
Aug 16, 2012
The network scheme is this one, I have Lightweight APs distributed and a pair of WLC 5508 centralized. We use a pair or SSID for all the branches, concretely Voice and Data.
All the branches has a local DHCP Win2k3 Server, and APs get its IP address correctly from the local DHCP, but the wireless clients obtains the IP address from the centralized DHCP Server, because all the DHCP traffic go through LWAPP/ CAP WAP tunnel to WLC.
I want that the clients get its IP address from the branch DHCP, i have reading and i think that we need to use H-REAP with local switching configuration and the correct vlan mapping in local switch and H-REAP for it works that we want. Is it correct? Is possible that the client obtain the IP address for the local/branch DHCP Server instead of the Local DHCP?
View 6 Replies
View Related
Aug 23, 2011
how to configure WRT54GC compact Router if the data should be configured to flow from PC1 through Switch to Router and then to PC2 back through Switch in the following configuration?
(PC1) -------------------(SW)--------------------(Router)
HD: 10.14.40.10/16 |
G/W: 10.14.40.1 |
[Code]....
That's, the data flow is PC1 -> SW -> Router -> SW -> PC2. I think that Router has to have both routing of 10.14.40.1 & 10.14.50.1, but how should I configure the router?
View 1 Replies
View Related
