Configuring ip http on cisco 2821
Hi I'm trying to configure a router cisco 2821. To configure the ccme I need to acces via http but the problem is when I tri to acces http://167.175.xxx.xxx/ccme.html I get the window asking me username and password then what I get is a Blank page, don't know why.
Can someone help me out with that.
thanks
regards
your issue is like...
you are trying to configure 2811 with the help of webbase...and after giving authentication of username and password you are not getting any thing...?
here you got the authentication screen but after that nothing...even not a single message ...
regards
Devang
Similar Messages
-
Configuring lines 1 60 on Cisco 2821
Hi all,
I'd like to know what is necessary to configure the parameter line 1 60 in a Cisco 2821 router with a two E1's direct connected in a interfaca VWIC2-MFT-E1 and two PVDM's modules installed.
When I try to enter the line "router(config)#line 1 60" the ios returns an error message that there are no physical hardware to support "line 2". I just can enter line 1.
Which is necessary to do this?
My best Regards,
Adrianotry to do a show of the interface using the following example and see the output.
#sh voice po 1/1 -
IPT over IPSEC lines with cisco 2821
We are implementing a IPSEC VPN Connection over leased lines using cisco 2821 without AIM-VPN Hardware accelerators.
The line is 2 Mbps and should carry also IPtelephony traffic (4-5 conversations). Will we have problems by mastering the jitter? Since the traffic is devided in small packet, il the 2821 able to handle it accordignly?
Thanks and bye GiorgioGiorgio,
You should be fine with this configuration. Running voice and video over VPN is certainly a viable solution. It is commonly known as V3PN. Take a look at the V3PN SRND below for best practices, planning, and design tips. As mentioned in this document, IPSEC adds a trivial amount of delay (2 - 5 msec.) to voice deployments.
V3PN SRND
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns241/c649/ccmigration_09186a00801ea79c.pdf
Hope this helps. If so, please rate the post.
Brandon -
Is SLB supported in the IOS for the Cisco 2821? I cann't find it in the Feature Navigator:-( And which feature set I have to use? Thank you.
No, IOS server load balancing is not supported on 2800 routers. This feature is availble with 7200 routers and catalyst 6000
series switches..
For more information on the compatibility and the configuration of IOS Server load balancing have a look at the following URL.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5014/products_feature_guide09186a00800eda88.html -
With Ajay Kumar and Telmo Pereira
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
Ajay Kumar is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications.
Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
Remember to use the rating system to let Ajay know if you have received an adequate response.
Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hello Krzysztof,
Another set of good/interesting questions posted. Thanks!
I will try to clarify your doubts.
In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
ACE/Context# show resource usage
Allocation
Resource Current Peak Min Max Denied
-- outputs omitted for brevity --
proxy-connections 0 16358 16358 16358 17872
ssl-connections rate 0 626 626 626 23204
Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource.
For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users.
2) ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
3) If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
I hope this makes things clearer! Uff...
Regards,
Telmo -
Cisco 2821 - ASA5520 - 3750G help
I need help
Before – working no probs
at the moment my router is my dsl connection and then a point to point link between the router and the switch with ospf routing.
I'm trying to put a routed asa 5520 between my router and switch for added protection as you do...
I can get the links up and running and ospf routing between the router and the asa, however when I enable the switch side the asa becomes extremely slow and almost unresponsive not sure what is happening there and I can't get any http traffic to pass. I have a any any rule on the interfaces so that shouldn't be stopping it, the asa is passing the ospf routing to the router as I can see the routes..
i'm hitting my head against the wall so to speak any assistance would be greatly appreaciated
here are snippets of the relevant parts of the configs
router
interface Loopback0
description --- Loopback ---
ip address 10.100.0.1 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex full
speed 1000
no mop enabled
hold-queue 0 in
router ospf 1
router-id 10.100.0.1
log-adjacency-changes detail
network 10.0.0.0 0.0.0.255 area 1
network 10.0.1.1 0.0.0.0 area 1
network 10.0.1.0 0.0.0.3 area 1
network 10.0.99.0 0.0.0.15 area 1
network 10.100.0.1 0.0.0.0 area 1
ASA
ASA# sh run
Saved
ASA Version 8.4(2)
hostname ASA
domain-name domain.com
names
interface GigabitEthernet0/0
speed 1000
duplex full
nameif outside
security-level 0
ip address 10.0.1.2 255.255.255.252
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
speed 1000
duplex full
nameif inside
security-level 100
ip address 10.0.11.1 255.255.255.252
interface Management0/0
speed 100
duplex full
nameif management
security-level 0
ip address 10.1.0.3 255.255.255.0
boot system disk0:/asa842-k8.bin
ftp mode passive
clock timezone AEST 10
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00
object-group icmp-type Ping
icmp-object echo
icmp-object echo-reply
icmp-object unreachable
access-list outside_access_in extended permit ip any any log
access-list outside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit ip any any log
access-list inside_access_in extended permit tcp any any eq www
access-list global_access extended permit ip any any
pager lines 24
logging trap errors
logging host inside 10.27.134.28
logging host inside 10.55.7.94
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-645-206.bin
asdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group global_access global
router ospf 1
router-id 10.0.11.1
network 10.0.1.2 255.255.255.255 area 1
network 10.0.1.0 255.255.255.252 area 1
network 10.0.11.1 255.255.255.255 area 1
network 10.0.11.0 255.255.255.252 area 1
log-adj-changes
route outside 0.0.0.0 255.255.255.255 10.0.1.1 1
route inside 10.0.0.0 255.0.0.0 10.0.11.2 1
route management 10.122.0.200 255.255.255.255 10.122.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (inside) host 10.122.0.10
key *****
aaa-server TACACS+ (inside) host 10.122.0.20
key *****
user-identity default-domain LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
aaa accounting command TACACS+
http server enable
http 10.122.0.200 255.255.255.255 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet 10.122.0.200 255.255.255.255 management
telnet timeout 5
ssh 10.122.0.200 255.255.255.255 management
ssh timeout 5
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password <removed> privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect http
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:64d0fef2ddc6fddf66f51f3f1da15d78
end
Switch
interface Loopback0
ip address 10.100.0.2 255.255.255.255
interface GigabitEthernet0/1
no switchport
ip address 10.0.11.2 255.255.255.252
logging event link-status
logging event trunk-status
logging event status
power inline never
speed 1000
duplex full
flowcontrol receive desired
router ospf 1
router-id 10.100.0.2
log-adjacency-changes detail
redistribute connected
network 10.0.1.2 0.0.0.0 area 1
network 10.0.11.0 0.0.0.3 area 1
network 10.122.0.0 0.0.0.255 area 1
network 10.27.0.0 0.0.0.255 area 1
network 10.38.0.0 0.0.0.255 area 1
network 10.41.0.0 0.0.0.255 area 1
network 10.52.0.0 0.0.0.255 area 1
network 10.68.0.0 0.0.0.255 area 1
network 10.79.0.0 0.0.0.255 area 1
network 10.100.0.2 0.0.0.0 area 1
ip route 0.0.0.0 0.0.0.0 10.0.11.1
Thanks for your time and effort.Julio
thanks so much again for your assistance
here is the info you requested.
-Can you ping from the Asa to 8.8.8.8 ?
no initially my outside route was set incorrectly,
it was route inside 10.0.0.0 255.255.255.255 10.0.11.2 1
upon pinging 8.8.8.8
ASA(config)# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
No route to host 8.8.8.8
Success rate is 0 percent (0/1)
I changed my outside route to
route outside 0.0.0.0 0.0.0.0 10.0.1.1 1
now pinging
ASA# ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 150/152/160 ms
-Can you ping from the Switch to 8.8.8.8 ? NO
SWITCH#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Success rate is 0 percent (0/5)
-Please provide sh route on the ASA
ASA# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.0.1.1 to network 0.0.0.0
C 10.0.11.0 255.255.255.252 is directly connected, inside
O 10.0.0.2 255.255.255.255 [110/1010] via 10.0.1.1, 0:04:36, outside
O 10.2.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
O 10.0.0.3 255.255.255.255 [110/1010] via 10.0.1.1, 0:04:36, outside
O 10.3.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
S 10.0.0.0 255.0.0.0 [1/0] via 10.0.11.2, inside
O 10.0.0.1 255.255.255.255 [110/10] via 10.0.1.1, 0:04:36, outside
C 10.0.1.0 255.255.255.252 is directly connected, outside
C 10.1.0.0 255.255.255.0 is directly connected, management
O 10.6.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
O 10.7.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
O 10.0.0.4 255.255.255.255 [110/1010] via 10.0.1.1, 0:04:36, outside
O 10.4.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
O 10.5.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
O 10.62.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.60.0.2 255.255.255.255 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.63.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.60.0 255.255.255.252 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.61.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.60.0.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.74.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.75.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.72.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.73.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.76.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.77.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.77.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.66.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.67.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.66.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.64.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.65.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.70.0 255.255.255.252 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.71.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.70.0.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.70.0.2 255.255.255.255 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.88.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.82.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.80.0.2 255.255.255.255 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.83.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.80.0 255.255.255.252 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.81.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.80.0.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
O 10.86.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.84.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.85.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
O 10.0.99.1 255.255.255.255 [110/11] via 10.0.1.1, 0:04:37, outside
O 10.100.0.2 255.255.255.255 [110/11] via 10.0.11.2, 0:04:37, inside
O 10.100.0.1 255.255.255.255 [110/11] via 10.0.1.1, 0:04:37, outside
S 10.2.0.200 255.255.255.255 [1/0] via 10.2.0.1, management
S* 0.0.0.0 0.0.0.0 [1/0] via 10.0.1.1, outside
-Please provide sh ip route on the router
ROUTER#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Dialer0
10.0.0.0/8 is variably subnetted, 53 subnets, 4 masks
C 10.0.0.0/24 is directly connected, Tunnel0
L 10.0.0.1/32 is directly connected, Tunnel0
O 10.0.0.2/32 [110/1000] via 10.0.0.2, 1d23h, Tunnel0
O 10.0.0.3/32 [110/1000] via 10.0.0.3, 1d23h, Tunnel0
O 10.0.0.4/32 [110/1000] via 10.0.0.4, 1d23h, Tunnel0
C 10.0.1.0/30 is directly connected, GigabitEthernet0/1
L 10.0.1.1/32 is directly connected, GigabitEthernet0/1
C 10.0.2.0/30 is directly connected, Content-Engine1/0
L 10.0.2.1/32 is directly connected, Content-Engine1/0
O 10.0.11.0/30 [110/11] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.0.60.0/30 [110/1001] via 10.0.0.2, 1d23h, Tunnel0
O 10.0.66.1/32 [110/1001] via 10.0.0.2, 1d23h, Tunnel0
O 10.0.70.0/30 [110/1001] via 10.0.0.4, 1d23h, Tunnel0
O 10.0.77.1/32 [110/1001] via 10.0.0.4, 1d23h, Tunnel0
O 10.0.80.0/30 [110/1001] via 10.0.0.3, 1d23h, Tunnel0
O 10.0.88.1/32 [110/1001] via 10.0.0.3, 1d23h, Tunnel0
C 10.0.99.0/28 is directly connected, Loopback99
L 10.0.99.1/32 is directly connected, Loopback99
O 10.1.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.2.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.3.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.4.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.5.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.6.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.7.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
O 10.60.0.1/32 [110/1001] via 10.0.0.2, 1d23h, Tunnel0
O 10.60.0.2/32 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.61.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.62.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.63.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.64.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.65.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.66.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.67.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
O 10.70.0.1/32 [110/1001] via 10.0.0.4, 1d23h, Tunnel0
O 10.70.0.2/32 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.71.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.72.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.73.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.74.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.75.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.76.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.77.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
O 10.80.0.1/32 [110/1001] via 10.0.0.3, 1d23h, Tunnel0
O 10.80.0.2/32 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
O 10.81.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
O 10.82.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
O 10.83.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
O 10.84.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
O 10.85.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
O 10.86.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
C 10.100.0.1/32 is directly connected, Loopback0
O 10.100.0.2/32 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
/32 is subnetted, 1 subnets
C is directly connected, Dialer0
/32 is subnetted, 1 subnets
C is directly connected, Dialer0
-Please provide sh ip route on the switch
SWITCH#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.0.11.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.0.11.1
10.0.0.0/8 is variably subnetted, 60 subnets, 3 masks
O 10.0.0.1/32 [110/11] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.0.2/32 [110/1011] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.0.3/32 [110/1011] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.0.4/32 [110/1011] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.1.0/30 [110/11] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
C 10.0.11.0/30 is directly connected, GigabitEthernet0/2
L 10.0.11.2/32 is directly connected, GigabitEthernet0/2
O 10.0.60.0/30 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.66.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.70.0/30 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.77.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.80.0/30 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.88.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.0.99.1/32 [110/12] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
C 10.1.0.0/24 is directly connected, Vlan1
L 10.1.0.1/32 is directly connected, Vlan1
C 10.2.0.0/24 is directly connected, Vlan2
L 10.2.0.1/32 is directly connected, Vlan2
C 10.3.0.0/24 is directly connected, Vlan3
L 10.3.0.1/32 is directly connected, Vlan3
C 10.4.0.0/24 is directly connected, Vlan4
L 10.4.0.1/32 is directly connected, Vlan4
C 10.5.0.0/24 is directly connected, Vlan5
L 10.5.0.1/32 is directly connected, Vlan5
C 10.6.0.0/24 is directly connected, Vlan6
L 10.6.0.1/32 is directly connected, Vlan6
C 10.7.0.0/24 is directly connected, Vlan7
L 10.7.0.1/32 is directly connected, Vlan7
C 10.8.0.0/24 is directly connected, Vlan8
L 10.8.0.1/32 is directly connected, Vlan8
C 10.9.0.0/24 is directly connected, Vlan9
L 10.9.0.1/32 is directly connected, Vlan9
O 10.60.0.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.60.0.2/32 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.61.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.62.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.63.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.64.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.65.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.66.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.67.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.70.0.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.70.0.2/32 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.71.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.72.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.73.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.74.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.75.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.76.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.77.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.80.0.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.80.0.2/32 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.81.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.82.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.83.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.84.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.85.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.86.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
O 10.100.0.1/32 [110/12] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
C 10.100.0.2/32 is directly connected, Loopback0
Thanks again for your help -
Configuring PAT/NAT in cisco routers
hello, first sorry for my bad english
i just wanted to know how configuring PAT (port address translation)
like this :?
amir(config)#ip nat inside source static tcp 192.168.1.1 1000 172.16.1.1 1000
or not?
2nd question i have is:
when i need to write: "ip nat inside source"... and when i need to write "ip nat outside" ..
and the last question for now is:
how i can (if that's possible) to configure dynamic PAT - I mean that any computer on my LAN will go out to the internet with the same address but with diffrent ports - in random mode.(i mean without configuring static one by one)
i hope i was clear enough, tanks a lot!Hi Tiger,
1) Yes your first statement is a static PAT statement which will say source ip with source port 1000 is translated to 172.16.1.1 with same port number but yes it is a static PAT entry.
2) Coming to your 2nd question
"ip nat inside source" is a global config command which says any traffic which hits the inside interface nat the source ip address.
"ip nat inside" is a interface mode command which should be done going to any interface. This command specifies which will be an inside interface which will nat the incoming traffic.
3) Coming to your last question
For dynamic PAT you just need to configure overload command at the end of your nat statement.
This link will give you a very broad and nice picture of how NAT can be configured in different situation
http://www.cisco.com/warp/public/556/12.html#6
HTH
Ankur -
Hello,
a question or more a problem with netflow exports on Cisco 2821's.
I configured netflow export on a Cisco 2821 with IOS Version 12.4(24)T
ip cef
interface FastEthernet0/0/0
description to XXX
ip address XXX
ip flow ingress
ip flow egress
duplex full
speed 10
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/0
ip flow-export version 5
ip flow-export destination XXX XXX
The netflow collector shows "only ingoing traffic" on interface FastEthernet0/0/0 and
"only outgoing traffic" on interface GigabitEthernet0/0.
Same problem with an IOS Version 12.4(20)T1 on other Cisco 2821's.
But same configuration on other Cisco 2821's with IOS Version 12.4(11)XJ4 work well.
Any references/suggestions or explanations?#It's surprising to me that it's even possible to configure both directions on a single interface.
#It's generally not a good idea to configure both directions among interfaces on a single router.
--> It is possible. ;-) I need QoS (DSCP information) for ingoing traffic and
--> and for outgoing traffic of this interface FastEthernet0/0/0.
#How's g0/0 configured "ip flow" wise?
--> There's no netfow configuration on this interface, only on Fa0/0/0.
-->#sh ip flow interface
--> FastEthernet0/0/0
--> ip flow ingress
--> ip flow egress
#Maybe you're seeing "only outgoing traffic" on
#interface GigabitEthernet0/0, because those are incoming traffic through fa0/0/0
#(where IOS ignores the "ip flow egress" part) and flowing out through g0/0?
--> You're right. The outgoing traffic at Gi0/0 is the ingoing traffic at Fa0/0/0.
--> But I don't think thath the configuration is wrong and I think that the
--> "ip flow egress" command on an single interface is not so special.
--> I really looks like that the command "ip flow egress" on interface Fa0/0/0
--> is being ignored. But why?
--> May be I should start an other discussion with a link to this posting in the
--> router forum. -
Configuring N channel on cisco 1252 Access Point
Hi,
Can someone help me for configuring N-Series band on Cisco 1252 Access Point in IOS Mode.
Thanks
TabrezFirstly you need to use WPA2/AES or OPEN authentication.
Cisco 802.11n Design and Deployment Guidelines
http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/white_paper_80211n_design_and_deployment_guidelines.html -
Hi,
I have Cisco 2821, currently we have pRI circuit terminated on it.
We want to add 8 FXO, let me know if it is possible.
Attached sh diag commandIt is possible if you have enough dsp resources. You can calculate hardware need with Cisco DSP calculator - http://www.cisco.com/web/applicat/dsprecal/dsp_calc.html
-
Configuring Radius server with Cisco MDS - 9606 switch
Need help in configuring Radius server with cisco MDS - 9606
please let me know if any document availablertt min/avg/max/mdev = 0.260/0.327/0.468/0.077 ms
IFCBCCEMCSW2# sh version
Cisco Storage Area Networking Operating System (SAN-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software may be covered under the GNU Public
License or the GNU Lesser General Public License. A copy of
each such license is available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
Software
BIOS: version 1.1.0
loader: version 1.2(2)
kickstart: version 3.3(1c)
system: version 3.3(1c)
BIOS compile time: 10/24/03
kickstart image file is: bootflash:/m9500-sf1ek9-kickstart-mz.3.3.1c.bin
kickstart compile time: 5/23/2008 19:00:00 [06/19/2008 23:56:56]
system image file is: bootflash:/m9500-sf1ek9-mz.3.3.1c.bin
system compile time: 5/23/2008 19:00:00 [06/20/2008 00:26:51]
Hardware
cisco MDS 9506 ("Supervisor/Fabric-1")
Intel(R) Pentium(R) III CPU with 1028596 kB of memory.
Processor Board ID JAB094300ER
bootflash: 250368 kB
slot0: 0 kB -
Traffic Shaping on Cisco 2821 router
I have two sites and connected with MPLS links of 2MB with Cisco 2821 routers. Now a requirement came that two sites will have additional server ( one each location - for data replication purpose) and 75% of the bandwidth needs to be allocated to data replication servers on each site and rest of 25% bandwidth will be utilize for both sides normal traffic.
Is there any additional modules to be added on each router to isolate the traffic. Please let me know.
Thanks,To expand on the information that Collin provided . . .
If you really want to cap the bandwidth to a class of traffic, i.e. truly limit replication to 75%, you can add a policer or shaper to a class, similar to what Collin shows.
e.g.
policy-map RestrictAltiris
class Altiris
bandwidth percent 20
shape average 1500000
However, like Collin, since CBWFQ guarantees bandwidth allocations, you rarely need to cap bandwidth if you, for instance, insure your other traffic gets the other 25% (i.e. 100% less 75% for replication).
e.g.
policy-map RestrictAltiris
class Altiris
bandwidth percent 75
(NB: BTW, there are other rules pertaining to bandwidth reservations, but prior examples, both Collin's and mine, should suffice.)
Also BTW, since you mention MPLS, and since MPLS often allows multisite communication, if there are more than just these two sites that can communicate with these two sites across their 2 Mbps links, other considerations apply for dealing with such a situation.
PS:
Although software based QoS should meet your stated requirements, there are optional modules to provide "WAN optimization", see http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/product_data_sheet0900aecd8058218c.html.
PPS:
BTW, when Collin describes:
". . . but when the link gets congested the router will limit the traffic for this host to 20% of the total interface bandwidth, and all the remaining traffic to 80%.", this might be just a bit misleading since when the link is congested individual classes aren't really limited they are instead guaranteed their bandwidths as a minimum, not precisely the same thing. For example with 20% and 80% guarantees, either class could still obtain unused bandwidth from the other class while the link is congested.
[edit]
This being true, for something like what you describe, I would recommend using the least amount of bandwidth guarantee that data replication needs. Assuming your other traffic, on average, doesn't consume more than 25% of the bandwidth, you might find even providing replication only 1% for a bandwidth guarantee works fine. Why you would want to do this, by lowering the bandwidth guarantee for replication, you allow other traffic to burst. Such bursting capability normally improves any kind of transactional or conversational applications and doesn't (usually) unduly delay replication. -
Disable SSLv3 in AnyConnect on Cisco 2821
We are running anyconnect-win-3.1.06073-k9.pkg on a 2821 IOS router. Is there a way to disable SSLv3?
The release notes indicate CSCur27617 - AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux was resolved in AnyConnect 3.1.05187.
Thank youHi Rob ,
According to the bug:
All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability
On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
Hope it helps
- Randy - -
Connecting Cisco 2821 Router, Switch, and Cable Modem
Hey everyone,
I am currently in the Cisco Network Academy at my school and just finished CCNA 1. I have a few questions though.
I am purchasing new equipment and that equipment includes:
1-Cisco 2821 2-port Gigabit Router
1-Linksys SE3016 16-Port Gigabit Switch (unmanaged)
1-Cisco WAP4410n Wireless Access Point
1-Motorla SurfBoard Gigabit Cable Modem (no router built in-Just standalone Modem used with Comcast Xfinity High Speed Internet)
1-12U Network Rack (not enclosed)
I am confused on how I will connect the cable modem to the router and the router to the switch and the WAP so that I still have WiFi. Since the router only has 2 Ge Ports, how would I cable this up?
If my assumptions are correct, would I do the following set up?
Take the Cable Modem and run a Straight Thru to Port 1 of the Router.
Connect the Switch Port 1 to Port 2 of the Router using a Straight Thru cable (I believe I will most likely have to Subnet a network, won't I?).
Connect Switch Port 2 to WAP using Straight Thru Cable (so I still have WiFi in my home).
Connect all my computers and other devices to the Switch (this includes several PC's/Laptops, two printers that are ethernet, two TV's that are ethernet, an AppleTV and a Blue Ray Player that are both ethernet, and some Cisco Powerline Network Adapters).
Will that set up work?
Also, how would I configure the router to work with my cable modem AND act as a DHCP Server so that all of my devices get IP Addresses? I have the Cisco Command Guide Book, but it is confusing to me as of now.
Thanks!
ChrisA good start but a few points I would make.
If you set the clock manually, you may find it resets itself after a router reboot. I would look at pointing it at an NTP server:
#ntp server x.x.x.x
#clock timezone GMT (Assuming you are UK based)
Although not required, I would put a description on each of the interfaces as it may help identify them later if you are not physically in front of the Router.
#interface gi0/0
#description WAN
Same for LAN
You have set up your LAN subnet with a /16 subnet mask which is effectively 10.0.0.1 - 10.0.255.254. This is a large subnet allowing over 65k hosts which is not best practice on enterprise networks. It probably won't cause you any issues but I doubt you will have any more than 254 hosts so personally I would use a /24 subnet (255.255.255.0)
The only major thing missing is NAT which needs to be configured on the router to translate the LAN IP addresses from their 10.* private range to the Public IP address on the Gi0/0 WAN Interface.
Firstly you need to define the 'inside' and 'outside' NAT interfaces which is fairly self explanatory:
#interface gi0/0
#ip nat outside
#interface gi0/1
#ip nat inside
Gi0/0 is your outside interface because its facing the Outside world (i.e the internet) and Gi0/1 is your inside interface because its facing Inside your LAN.
Then you need to tell the router which addresses to translate against by first creating an access list:
#ip access-list standard LAN-Addresses
#permit 10.0.0.0 0.0.255.255
Finally you need to tell the router to start translating:
#ip nat inside source list LAN-Addresses interface gi0/0 overload
Oh, I have just noticed that you do not have a 'default route' configured. A router forwards packets by first looking up the destination IP address of the packet (i.e where its going) in it's own routing table. Obviously home routers are not going to have an entry for every Public IP subnet on the internet so they use something called a default route which effectively says 'If I cannot find an entry for this packet in my routing table, use the default route'.
As you are on DHCP and your IP address (and even default gateway) could change on your WAN interface, I would not bother with the next hop address in the default route but rather use the outgoing interface as below:
#ip route 0.0.0.0 0.0.0.0 gi0/0
Hope this helps! -
How to view Log on the cisco 2821 Router
Hi,
can any one help me to view the Log on the Cisco 2821 router for any issue occur.
Thanks,
SarojCisco devices use the syslog to manage system logs and alerts. But in Cisco devices there is lack of large internal storage space for storing these kinds of logs.So to overcome Cisco devices has the following two options:
1) internanal buffer — That is a small part of memory buffers to collect log the most recent messages. The buffer size is limited and , when the device reboots, these syslog messages are lost.by default it is on
(If not follow this steps
conf t
logging on
logging console.....console logs
logging buffer size ......set the size of buffer
terminal monitor.......to gets logs on the remote terminal like telnet,ssh etc.
sh logging.........to see buffer logs.)
2) Syslog server— By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.
If you have any syslog server please find the below simple config .
conf t
logging host x.x.x.x
logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)
before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time
command to set time manually on router is (set clock ) or to use ntp server use ntp server x.x.x.x to sync clock to router router.
Hop thant is informative ,
Regards,
Ashish
Maybe you are looking for
-
I had created a password protected partition on my drive and unfortunately have lost that password. Please guide me if the drive can be partitioned? To give some more details - I had created 3 partitions, one is main start up drive, then 2nd partitio
-
Hi, I am new to the OAF technology.I don't ve columns like customer_name and item in custom table. I am getting these values through the view object.If I enter customer_name and item the values of customer_id and item_id should place in the custom ta
-
Change password in Weblogic 10.3
Hi, I follows change password of weblogic admin for change password, I have 2 problems: In step 8, please for me file name to edit WLS_PW (is startManagedWebLogic?) In step 9, I cannot find gateway.ini file If in step 8 and 9, I input password, for e
-
Keywords in Metadata of original pictures files
I have added a number of keywords to a group of photos. I have not exported them. They are still on my hard drive in the original location that I imported them from. I imported with the option to leave the photos where they were. When I go to look at
-
Filter condition not working when Navigating from Main report to detail
Hello, I have one report in OBIEE 10.3.4. Below is the filter condition used in Main report:- (Customer Secondary Organization is equal to / is in BMS OTHER C AND Customer Tertiary Organization is equal to / is in S&FO ) OR Customer Secondary Organiz