Cisco 3945 Policy Base Routing

Similar Messages

• CAT 3750 Policy base routing preformance

  Does anybody know where i can find data about preformance of routing on Catalyst 3750 when i use the policy base routing on it. And what methods of packets switching is availalbe witch policy base routing.

  check out the following link on configuring PBR on Catalyst 3750 switches :
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a0080502417.html#wp1228588

• Ip helper address with Policy Base Routing

  Does ip helper work with Policy Base Routing? and if so how and what version of the router software do you need?
  thanks

  As first function at the ingress interface is ip_helper, as second function at the same ingress interface is policy-based-routing.
  We have the same situation regarding ip nat in combination with policy-based-routing.

• Policy base routing in asa

  hi 
  i attach picture
  i want answer to any user from the same router
  example :
  request user1 from isp1 , i answer it from same isp1 router
  i think asa dose not support pbr ,, please help me with same senario .

  policy-based routing, similar to what an IOS router can do  based on incoming traffic and then overriding the routing table for the next hop, isn't a feature in the ASA.
  We can do policy based NAT, inspection and filtering, but not policy based routing.

• Policy Base Routing

  Hi all,
  I have one ASA 5525 with 2 ISP connected to ASA and have 4 LAN be-hide The ASA. I need sunbet1 and subnet2 access internet via ISP1 and subnet3 and subnet4 access internet via ISP2. so What step by step to complete this requirement. pls see diagram with attached file. thank for support.

  Hi,
  Have a look at this link for config example:
  https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla
  HTH

• WSA and Cisco Policy Based Routing

  I'm looking to convert my WSA from explicit to transparent proxy using policy based routing on a Cisco router. See the config below where xxx.xxx.xxx.xxx is the P1 interface on the WSA. Does anyone see any issues with the following in a production environment?
  access-list 110 permit tcp any any eq www
  route-map proxy-redirect permit 10
  match ip address 110
  set ip next-hop xxx.xxx.xxx.xxx
  interface ethernet0/1
  ip policy route-map proxy-redirect
  The P1 interface on the WSA is located upstream from the router so I'm not checking for it in the ACL.

  That router configuration looks good to me, but just make sure that the WSA was configured for Transparent mode during the initial System Setup Wizard configuration. If it was initially configured for explicit only, then you will need to run the wizard again to change it to transparent.
  Also, make sure to add a deny statement to the top of access-list 110 for the WSA IP address if the WSA will be going out to the Internet through the same e0/1 interface. Loops are bad. :twisted:
  Cheers,
  Jason

• Debug IP Policy on Cisco 4451-X ISR Router

  Cisco 4451-X ISR router is running IOS XE Software version 03.13.00.S.  I am trying to run the command "debug ip policy" on the router to verify if the traffics are policy-routed correctly, but I get no output displayed on the router for the debug command.  I am connected via a console cable and the logging console is enabled.  How do I get the debug outputs to display on the router for monitoring?  Thanks.

  Actually, you can use a TFTP server...
  First of all, create a text file using a text editor (call it 'dhcpstatic', for instance) with the following contents (don't include the dashes):
  *time* Jan 21 2005 03:52 PM
  *version* 1
  !IP address Type Hardware address Lease expiration
  172.16.12.100 /24 1 0011.4342.e9a5 Infinite
  Then do the following:
  no service dhcp
  ip dhcp pool pool1
  network 172.16.12.0 255.255.255.0
  domain-name xxxdomain.com
  dns-server 172.16.12.20 172.16.12.21
  netbios-name-server x.x.x.x
  default-router 172.16.12.1
  lease 0 12
  origin file tftp:///dhcpstatic
  Then do a 'service dhcp'...
  Once you have this working, we can do a further optimisation by storing the file on your switch so that you don't need to use a TFTP server...
  Hope that helps - pls rate the post if it does.
  Paresh

• SRST in router Cisco 3945

  Hi,
  I am having Cisco 3945 router and is having image "c3900-universalk9-mz.SPA.150-1.M1.bin" , and now want to check if SRST can be enabled on the same or not.
  I have checked it with command output "show callmanager fallback" and "show call-manager fallback all", attaching the output of the same. Please confirm id SRST already configured on it or not?
  And if not configured how to configure it.

  Hi Chris,
  Thank you for your reply. I have one more query on this.
  After creating new Device Pool for SRST, we need to move remote Ip phones from their original Device Pool and map them into newly created Device pool. So in the scenario of calls working through WAN link,will those phones work? as we have removed them from their original Device Pool.

• Cisco 3945 Router error while adding in Cisco Works

  Hi,
  I have a Cisco 3945 Router and when we try to add the same into the Cisco Works it gives me an error saying " CM0056 Config fetch failed for 192.168.xx.xx Cause: CM0204 Could not create DeviceContext for 1238 Cause: CM0206 Could not get the config transport implementation for 192.168.xx.xx Cause: UNKNOWN Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.
  We are using LMS version 2.6. Please let me know the latest router 3945 with support or not.
  Thanks in advance.
  Thanks & Regds,
  Lalit

  Hi Joe,
  Thanks for the quick reply.The following version we are using :
  LMS 2.6 , RME : 4.0.5.
  Is this confirm Joe that Older verison will not support new Cisco devices ie 3945 Router.Any documents will be more helpful with regard to the same.
  Thanks & Regds,
  Lalit

• CISCO 3945 Router - ARE POWER SUPPLIES LOAD BALANCED?

  CISCO 3945 Routers - Are the 3945 Router power supplies load balanced by default?  
  We are trying to determine if our switch/server rack at our remote location has maxed out it's power load requirements.  I just need to know if the 3945 power supplies load balance by default or if the redundant power supply is ON but not really providing the router with power and is just there incase the other power supply fails - Thank you.

  Thank you for your reply. I had read that the "Cisco 3845 and 3845-NOVPN router accommodates two hot-swappable power supplies and a single power supply meets router requirements. The second power supply provides redundancy, load sharing, and increased router availability. Either power supply can be removed without affecting router operation. Any combination of two power supplies is permitted."
  Unfortunately, I couldn't find any specific information for the 3900 series routers that stated it also load balanced power.
  Follow-up question: Do you know if the 3800 series routers load share by default? I know it is capable of power load sharing based on the above description but do they load share equally by default? If that's the case for the 3800's then hopefully that's the case for the 3900'S series routers. Which means, we have not maxed out our power requirements in our racks.

• Cisco 3945 router

  Dear Support Community ,
  previously we have cmm model on core now we are upgrede the E1 on Cisco 3945 router .
  under "voice service voip" on cmm model its configure as  " fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback cisco"
  but on 3945 router its taken as " fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none"  little change from cisco to none  does its work fine  shall i need to configure as  "
  fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw .
  and even in the dial
  on CMM model
  dial-peer voice 54 voip
  destination-pattern xxxx
  voice-class h323 1
  session protocol sipv2
  session target ipv4:x.x.x.x
  dtmf-relay rtp-nte
  codec g711ulaw
  fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback cisco
  no vad
  on router 3945
  fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw.
  so please advice which one we need to configure for the fax services  none or pass-through g711alaw because cmm we use as cisco now its not available .
  highly appricated for your fast response.
  Thanks
  Syed
  or

  Just adding root cause: The PVDM3 modules in the ISR G2 hardware no longer support proprietary [legacy] Cisco Fax Relay. They only support fax passthrough or T.38 fax relay.
  As Paolo stated, assuming everything is behaving and supports T.38 (more on that in a moment) you should be fine since they will negotiate T.38. If something doesn't cooperate they will not have compatible fallback options and the fax would fail at that point. The most common example of a device that supports ONLY passthrough is the ATA-186. It didn't have the CPU capacity to run relay, cisco or T.38.
  Since the older CMM and 3800 hardware also supports g711ulaw fax passthrough I suggest updating the config on the legacy hardware to do that for fallback instead of cisco fax relay.
  Please remember to rate helpful responses and identify helpful or correct answers.

• Cisco 3945- boot up fails with no error

  Greetings,
  Just throwing it out there to see if anyone throw some ideas my way.  I recently sent a working/tested Cisco 3945 ISR router out to a office for redundancy.  Before I did that, I removed WLAN controller and slot module, 1xVWIC2 T1 and 1xVIC2 FX0 modules.  I did however leave the PVDM3 64ch and 1x VWIC t1 modules and flash card, which had a v15 IOS loaded and basic config.  Upon delivery they said it doesn't work, "it hangs" and no damage externally or failed hardware (power supplies/fans).  These things always make me wonder, cause hangs is so vague and do not really see Cisco routers do this unless they are taking larger than normal packets or someone turned on debugging without turning it off.  
  Here's my thinking and hope someone can chime in and throw some ideas at me before I get on a call with them on Monday.  I attached a screen shot they sent of the boot up and looks to me that its trying to initialize the current config file which which may be trying to initialize the voice channels.  Could this be as easy as killing the current config loaded, going into rommon and setting it back to default maybe?  Or just removing the PVDM card maybe?  
  I hate to say something is just broke, I rarely see this and being I powered it up and tested the hardware, I don't want to involve tac until I can rule out the obvious.  I did, however, test and powered down the router before removing the additional hardware.  Would this current config on the router that may have lingering hardware (which I removed) in the config cause this to happen as well?  
  Side note: The flash cleared and below were the contents of the flash before sending out the router.
  Router#sho flash
  -#- --length-- -----date/time------ path
  1     55277232 Jul 07 2014 07:51:20 c3900-universalk9-mz.SPA.150-1.M3.bin
  201228288 bytes available (55279616 bytes used)
  Thanks in advance

  Remove all modules and boot.
  Another thing, your IOS is very old.  VERY. 
  If you want to stick with 15.0(1)M-series then go to M10 but don't just "sit" in an old M3.

• Policy Based Routing with VPN Client configuration

  Hi to all,
  We have a Cisco 2800 router in our company that also serves as a VPN server. We use the VPN Client to connect to our corporate network (pls don't laugh, I know that it is very obsolete but I haven't had the time lately to switch to SSL VPN).
  The router has two WAN connections. One is the primary wan ("slow wan" link with slower upload 10D/1U mbps) and it is used for the corporate workstations used by the emploees. The other is our backup link. It has higher upload speed - 11D/11U mbps, (fast wan), and thus we also use the high upload link for our webserver (I have done this using PBR just for the http traffic from the webserver). For numerous other reasions we can not use the `fast wan` connection as our primary connection and it is used anly as a failover in case the primary link fails.
  The `fast wan` also has a static IP address and we use this static IP for the VPN Client configuration.
  Now the thing is that because of the failover, when we connect from the outside using the VPN Client, the traffic comes from the`fast wan` interface, but exits from the `slow wan` interface. And because the `slow wan` has only 1mbps upload the vpn connection is slow.
  Is there any way for us to redirect the vpn traffic to always use the `fast wan` interface and to take advantage of the 11mbps upload speed of that connection?
  This is our sanitized config
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group dc
  key ***
  dns 192.168.5.7
  domain corp.local
  pool SDM_POOL_1
  acl 101
  max-users 3
  netmask 255.255.255.0
  crypto isakmp profile sdm-ike-profile-1
     match identity group dc
     isakmp authorization list sdm_vpn_group_ml_1
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile SDM_Profile1
  set security-association idle-time 3600
  set transform-set ESP-3DES-SHA
  set isakmp-profile sdm-ike-profile-1
  interface Loopback0
  ip address 10.10.10.1 255.255.255.0
  interface FastEthernet0/0
  description *WAN*
  no ip address
  ip mtu 1396
  duplex auto
  speed auto
  interface FastEthernet0/0.3
  description FAST-WAN-11D-11U
  encapsulation dot1Q 3
  ip address 88.XX.XX.75 255.255.255.248
  ip load-sharing per-packet
  ip nat outside
  ip virtual-reassembly
  interface FastEthernet0/0.4
  description SLOW-WAN-10D-1U
  encapsulation dot1Q 4
  ip address dhcp
  ip nat outside
  ip virtual-reassembly
  no cdp enable
  interface FastEthernet0/1
  description *LOCAL*
  no ip address
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/1.10
  description VLAN 10 192-168-5-0
  encapsulation dot1Q 10
  ip address 192.168.5.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly max-reassemblies 32
  no cdp enable
  interface FastEthernet0/1.20
  description VLAN 20 10-10-0-0
  encapsulation dot1Q 20
  ip address 10.10.0.254 255.255.255.0
  ip access-group PERMIT-MNG out
  ip nat inside
  ip virtual-reassembly
  !!! NOTE: This route map is used to PBR the http traffic for our server
  ip policy route-map REDIRECT-VIA-FAST-WAN
  no cdp enable
  interface Virtual-Template1 type tunnel
  ip unnumbered Loopback0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile SDM_Profile1
  interface Virtual-Template3
  no ip address
  interface Virtual-Template4
  no ip address
  ip local pool SDM_POOL_1 192.168.5.150 192.168.5.152
  ip forward-protocol nd
  !!! SLOW-WAN NEXT HOP DEFAULT ADDRESS
  ip route 0.0.0.0 0.0.0.0 89.XX.XX.1 5
  !!! FAST-WAN NEXT HOP DEFAULT ADDRESS
  ip route 0.0.0.0 0.0.0.0 88.XX.XX.73 10
  ip nat inside source route-map FAST-WAN-NAT-RMAP interface FastEthernet0/0.3 overload
  ip nat inside source route-map SLOW-WAN-NAT-RMAP interface FastEthernet0/0.4 overload
  access-list 101 remark SDM_ACL Category=4
  access-list 101 permit ip 192.168.5.0 0.0.0.255 any
  access-list 101 permit ip 10.10.0.0 0.0.0.255 any
  ip access-list extended FAST-WAN-NAT
  permit tcp 192.168.5.0 0.0.0.255 range 1025 65535 any
  permit udp 192.168.5.0 0.0.0.255 range 1025 65535 any
  permit icmp 192.168.5.0 0.0.0.255 any
  permit tcp 10.10.0.0 0.0.0.255 range 1025 65535 any
  permit udp 10.10.0.0 0.0.0.255 range 1025 65535 any
  permit icmp 10.10.0.0 0.0.0.255 any
  ip access-list extended REDIRECT-VIA-FAST-WAN
  deny   tcp host 10.10.0.43 eq 443 9675 192.168.5.0 0.0.0.255
  permit tcp host 10.10.0.43 eq 443 9675 any
  ip access-list extended SLOW-WAN-NAT
  permit ip 192.168.5.0 0.0.0.255 any
  permit ip 10.10.0.0 0.0.0.255 any
  route-map FAST-WAN-NAT-RMAP permit 10
  match ip address FAST-WAN-NAT
  match interface FastEthernet0/0.3
  route-map REDIRECT-VIA-FAST-WAN permit 10
  match ip address REDIRECT-VIA-FAST-WAN
  set ip next-hop 88.XX.XX.73
  route-map SLOW-WAN-NAT-RMAP permit 10
  match ip address SLOW-WAN-NAT
  match interface FastEthernet0/0.4

  Can you try to use PBR Match track object,
  Device(config)# route-map abc
  Device(config-route-map)# match track 2
  Device(config-route-map)# end
  Device# show route-map abc
  route-map abc, permit, sequence 10
    Match clauses:
      track-object 2
    Set clauses:
    Policy routing matches: 0 packets, 0 bytes
  Additional References for PBR Match Track Object
  This feature is a part of IOS-XE release 3.13 and later.
  PBR Match Track Object
  Cisco IOS XE Release 3.13S
  The PBR Match Track Object feature enables a device to track the stub object during Policy Based Routing.
  The following commands were introduced or modified: match track tracked-obj-number
  Cheers,
  Sumit

• CISCO 3945 VS 3945e

  HI,
  Which router can accomodated maximum no of fast ethernet port.
  we have several offices connected thru LL. we need maximum no of ports to accomodate LL.
  regards
  rajat

  Hi,
  Plesae find below:
  http://www.cisco.com/c/en/us/products/routers/3900-series-integrated-services-routers-isr/series-comparison.html
  Now coming down to the questoin...if you read the below link you would decide to go with the 3945 router.
  http://www.cisco.com/c/en/us/products/routers/3945-integrated-services-router-isr/index.html
  3945e:
  http://www.cisco.com/c/en/us/products/routers/3945e-integrated-services-router-isr/index.html
  Only difference you see is that 3945e will have one extra port:-( 4 integrated 10/100/1000 Ethernet ports with 2 SFP ports ) were as 3945 will have 3 integrated ethernet port with 2 SFP.
  HTH
  Regards
  Inayath
  *Plz rate if this info is helpfull.

• Cisco 3945 password recovery

  I observed two cisco 3945 routers lose IOS during password recovery. Router was rebooted, break sequence ctrl-break, then boot(instead of reset) issued. The router booted to its existing configuration or password recovery failed and router was power cycled again then ctrl-break issued. However this time the IOS was gone and all flash file systems were blank! It happened on two routers. Anyone know why such an anomaly would occur or has anyone witnessed such?

  config register was set to confreg 0X2142 first time password recovery was attempted. It took but only after the power cycle(not when I simply typed boot) but by then the IOS images were gone. I found that very disturbing when it happened on two different routers and I never saw such a thing happen to a router before.