Configuring ip http on cisco 2821

Hi I'm trying to configure a router cisco 2821. To configure the ccme I need to acces via http but the problem is when I tri to acces http://167.175.xxx.xxx/ccme.html I get the window asking me username and password then what I get is a Blank page, don't know why.
Can someone help me out with that.
thanks
regards

your issue is like...
you are trying to configure 2811 with the help of webbase...and after giving authentication of username and password you are not getting any thing...?
here you got the authentication screen but after that nothing...even not a single message ...
regards
Devang

Similar Messages

  • Configuring lines 1 60 on Cisco 2821

    Hi all,
    I'd like to know what is necessary to configure the parameter line 1 60 in a Cisco 2821 router with a two E1's direct connected in a interfaca VWIC2-MFT-E1 and two PVDM's modules installed.
    When I try to enter the line "router(config)#line 1 60" the ios returns an error message that there are no physical hardware to support "line 2". I just can enter line 1.
    Which is necessary to do this?
    My best Regards,
    Adriano

    try to do a show of the interface using the following example and see the output.
    #sh voice po 1/1

  • IPT over IPSEC lines with cisco 2821

    We are implementing a IPSEC VPN Connection over leased lines using cisco 2821 without AIM-VPN Hardware accelerators.
    The line is 2 Mbps and should carry also IPtelephony traffic (4-5 conversations). Will we have problems by mastering the jitter? Since the traffic is devided in small packet, il the 2821 able to handle it accordignly?
    Thanks and bye Giorgio

    Giorgio,
    You should be fine with this configuration. Running voice and video over VPN is certainly a viable solution. It is commonly known as V3PN. Take a look at the V3PN SRND below for best practices, planning, and design tips. As mentioned in this document, IPSEC adds a trivial amount of delay (2 - 5 msec.) to voice deployments.
    V3PN SRND
    http://www.cisco.com/application/pdf/en/us/guest/netsol/ns241/c649/ccmigration_09186a00801ea79c.pdf
    Hope this helps. If so, please rate the post.
    Brandon

  • Support SLB on the Cisco 2821

    Is SLB supported in the IOS for the Cisco 2821? I cann't find it in the Feature Navigator:-( And which feature set I have to use? Thank you.

    No, IOS server load balancing is not supported on 2800 routers. This feature is availble with 7200 routers and catalyst 6000
    series switches..
    For more information on the compatibility and the configuration of IOS Server load balancing have a look at the following URL.
    http://www.cisco.com/en/US/products/sw/iosswrel/ps5014/products_feature_guide09186a00800eda88.html

  • Ask the Expert: Configuration and Troubleshooting the Cisco Application Control Engine (ACE) load balancer

    With Ajay Kumar and Telmo Pereira 
    Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
    Ajay Kumar  is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications. 
    Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
    Remember to use the rating system to let Ajay know if you have received an adequate response.
    Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
    This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

    Hello Krzysztof,
    Another set of good/interesting questions posted. Thanks! 
    I will try to clarify your doubts.
    In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
    ACE/Context# show resource usage
                                                         Allocation
            Resource         Current       Peak        Min        Max       Denied
    -- outputs omitted for brevity --
      proxy-connections             0      16358      16358      16358      17872
      ssl-connections rate          0        626        626        626      23204
    Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
    On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
    So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
    ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource. 
    For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
    If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
    This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
    We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
    1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE  should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
    To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
    For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users. 
    2)  ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
    As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
    To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
    As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
    3)  If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
    The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
    I hope this makes things clearer! Uff...
    Regards,
    Telmo

  • Cisco 2821 - ASA5520 - 3750G help

    I need help
    Before – working no probs
    at the moment my router is my dsl  connection and then a point to point link between the router and the  switch with ospf routing.
    I'm trying to put a routed asa 5520 between my router and switch for added protection as you do...
    I can get the links up and running and ospf routing between the  router and the asa, however when I enable the switch side the asa  becomes extremely slow and almost unresponsive not sure what is  happening there and I can't get any http traffic to pass. I have a any  any rule on the interfaces so that shouldn't be stopping it, the asa is  passing the ospf routing to the router as I can see the routes..
    i'm hitting my head against the wall so to speak any assistance would be greatly appreaciated
    here are snippets of the relevant parts of the configs
    router
    interface Loopback0
    description --- Loopback ---
    ip address 10.100.0.1 255.255.255.255
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly in
    interface GigabitEthernet0/1
    ip address 10.0.1.1 255.255.255.252
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nat inside
    ip virtual-reassembly in
    duplex full
    speed 1000
    no mop enabled
    hold-queue 0 in
    router ospf 1
    router-id 10.100.0.1
    log-adjacency-changes detail
    network 10.0.0.0 0.0.0.255 area 1
    network 10.0.1.1 0.0.0.0 area 1
    network 10.0.1.0 0.0.0.3 area 1
    network 10.0.99.0 0.0.0.15 area 1
    network 10.100.0.1 0.0.0.0 area 1
    ASA
    ASA# sh run
    Saved
    ASA Version 8.4(2)
    hostname ASA
    domain-name domain.com
    names
    interface GigabitEthernet0/0
    speed 1000
    duplex full
    nameif outside
    security-level 0
    ip address 10.0.1.2 255.255.255.252
    interface GigabitEthernet0/1
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/2
    shutdown
    no nameif   
    no security-level
    no ip address
    interface GigabitEthernet0/3
    speed 1000
    duplex full
    nameif inside
    security-level 100
    ip address 10.0.11.1 255.255.255.252
    interface Management0/0
    speed 100
    duplex full
    nameif management
    security-level 0
    ip address 10.1.0.3 255.255.255.0
    boot system disk0:/asa842-k8.bin
    ftp mode passive
    clock timezone AEST 10
    clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00
    object-group icmp-type Ping
    icmp-object echo
    icmp-object echo-reply
    icmp-object unreachable
    access-list outside_access_in extended permit ip any any log
    access-list outside_access_in extended permit tcp any any eq www
    access-list inside_access_in extended permit ip any any log
    access-list inside_access_in extended permit tcp any any eq www
    access-list global_access extended permit ip any any
    pager lines 24
    logging trap errors
    logging host inside 10.27.134.28
    logging host inside 10.55.7.94
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    asdm image disk0:/asdm-645-206.bin
    asdm history enable
    arp timeout 14400
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    access-group global_access global
    router ospf 1
    router-id 10.0.11.1
    network 10.0.1.2 255.255.255.255 area 1
    network 10.0.1.0 255.255.255.252 area 1
    network 10.0.11.1 255.255.255.255 area 1
    network 10.0.11.0 255.255.255.252 area 1
    log-adj-changes
    route outside 0.0.0.0 255.255.255.255 10.0.1.1 1
    route inside 10.0.0.0 255.0.0.0 10.0.11.2 1
    route management 10.122.0.200 255.255.255.255 10.122.0.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ (inside) host 10.122.0.10
    key *****
    aaa-server TACACS+ (inside) host 10.122.0.20
    key *****
    user-identity default-domain LOCAL
    aaa authentication enable console TACACS+ LOCAL
    aaa authentication http console TACACS+ LOCAL
    aaa authentication ssh console TACACS+ LOCAL
    aaa authentication telnet console TACACS+ LOCAL
    aaa authorization command TACACS+ LOCAL
    aaa accounting command TACACS+
    http server enable
    http 10.122.0.200 255.255.255.255 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet 10.122.0.200 255.255.255.255 management
    telnet timeout 5
    ssh 10.122.0.200 255.255.255.255 management
    ssh timeout 5
    ssh version 2
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username admin password <removed> privilege 15
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp
    inspect http
    class class-default
    user-statistics accounting
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:64d0fef2ddc6fddf66f51f3f1da15d78
    end
    Switch
    interface Loopback0
    ip address 10.100.0.2 255.255.255.255
    interface GigabitEthernet0/1
    no switchport
    ip address 10.0.11.2 255.255.255.252
    logging event link-status
    logging event trunk-status
    logging event status
    power inline never
    speed 1000
    duplex full
    flowcontrol receive desired
    router ospf 1
    router-id 10.100.0.2
    log-adjacency-changes detail
    redistribute connected
    network 10.0.1.2 0.0.0.0 area 1
    network 10.0.11.0 0.0.0.3 area 1
    network 10.122.0.0 0.0.0.255 area 1
    network 10.27.0.0 0.0.0.255 area 1
    network 10.38.0.0 0.0.0.255 area 1
    network 10.41.0.0 0.0.0.255 area 1
    network 10.52.0.0 0.0.0.255 area 1
    network 10.68.0.0 0.0.0.255 area 1
    network 10.79.0.0 0.0.0.255 area 1
    network 10.100.0.2 0.0.0.0 area 1
    ip route 0.0.0.0 0.0.0.0 10.0.11.1
    Thanks for your time and effort.

    Julio
    thanks so much again for your assistance
    here is the info you requested.
    -Can you ping from the Asa to 8.8.8.8 ?
    no initially my outside route was set incorrectly,
    it was route inside 10.0.0.0 255.255.255.255 10.0.11.2 1
    upon pinging 8.8.8.8
    ASA(config)# ping 8.8.8.8
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
    No route to host 8.8.8.8
    Success rate is 0 percent (0/1)
    I changed my outside route to 
    route outside 0.0.0.0 0.0.0.0 10.0.1.1 1
    now pinging
    ASA# ping 8.8.8.8
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 150/152/160 ms
    -Can you ping from the Switch to 8.8.8.8 ? NO
    SWITCH#ping 8.8.8.8
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
    Success rate is 0 percent (0/5)
    -Please provide sh route on the ASA
    ASA# sh route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route
    Gateway of last resort is 10.0.1.1 to network 0.0.0.0
    C    10.0.11.0 255.255.255.252 is directly connected, inside
    O    10.0.0.2 255.255.255.255 [110/1010] via 10.0.1.1, 0:04:36, outside
    O    10.2.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
    O    10.0.0.3 255.255.255.255 [110/1010] via 10.0.1.1, 0:04:36, outside
    O    10.3.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
    S    10.0.0.0 255.0.0.0 [1/0] via 10.0.11.2, inside
    O    10.0.0.1 255.255.255.255 [110/10] via 10.0.1.1, 0:04:36, outside
    C    10.0.1.0 255.255.255.252 is directly connected, outside
    C    10.1.0.0 255.255.255.0 is directly connected, management
    O    10.6.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
    O    10.7.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
    O    10.0.0.4 255.255.255.255 [110/1010] via 10.0.1.1, 0:04:36, outside
    O    10.4.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
    O    10.5.0.0 255.255.255.0 [110/11] via 10.0.11.2, 0:04:36, inside
    O    10.62.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.60.0.2 255.255.255.255 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.63.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.60.0 255.255.255.252 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.61.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.60.0.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.74.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.75.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.72.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.73.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.76.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.77.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.77.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.66.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.67.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.66.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.64.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.65.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.70.0 255.255.255.252 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.71.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.70.0.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.70.0.2 255.255.255.255 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.88.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.82.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.80.0.2 255.255.255.255 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.83.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.80.0 255.255.255.252 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.81.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.80.0.1 255.255.255.255 [110/1011] via 10.0.1.1, 0:04:37, outside
    O    10.86.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.84.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.85.0.0 255.255.255.0 [110/1012] via 10.0.1.1, 0:04:37, outside
    O    10.0.99.1 255.255.255.255 [110/11] via 10.0.1.1, 0:04:37, outside
    O    10.100.0.2 255.255.255.255 [110/11] via 10.0.11.2, 0:04:37, inside
    O    10.100.0.1 255.255.255.255 [110/11] via 10.0.1.1, 0:04:37, outside
    S    10.2.0.200 255.255.255.255 [1/0] via 10.2.0.1, management
    S*   0.0.0.0 0.0.0.0 [1/0] via 10.0.1.1, outside
    -Please provide sh ip route on the router
    ROUTER#sh ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    Gateway of last resort is 0.0.0.0 to network 0.0.0.0
    S*    0.0.0.0/0 is directly connected, Dialer0
          10.0.0.0/8 is variably subnetted, 53 subnets, 4 masks
    C        10.0.0.0/24 is directly connected, Tunnel0
    L        10.0.0.1/32 is directly connected, Tunnel0
    O        10.0.0.2/32 [110/1000] via 10.0.0.2, 1d23h, Tunnel0
    O        10.0.0.3/32 [110/1000] via 10.0.0.3, 1d23h, Tunnel0
    O        10.0.0.4/32 [110/1000] via 10.0.0.4, 1d23h, Tunnel0
    C        10.0.1.0/30 is directly connected, GigabitEthernet0/1
    L        10.0.1.1/32 is directly connected, GigabitEthernet0/1
    C        10.0.2.0/30 is directly connected, Content-Engine1/0
    L        10.0.2.1/32 is directly connected, Content-Engine1/0
    O        10.0.11.0/30 [110/11] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.0.60.0/30 [110/1001] via 10.0.0.2, 1d23h, Tunnel0
    O        10.0.66.1/32 [110/1001] via 10.0.0.2, 1d23h, Tunnel0
    O        10.0.70.0/30 [110/1001] via 10.0.0.4, 1d23h, Tunnel0
    O        10.0.77.1/32 [110/1001] via 10.0.0.4, 1d23h, Tunnel0
    O        10.0.80.0/30 [110/1001] via 10.0.0.3, 1d23h, Tunnel0
    O        10.0.88.1/32 [110/1001] via 10.0.0.3, 1d23h, Tunnel0
    C        10.0.99.0/28 is directly connected, Loopback99
    L        10.0.99.1/32 is directly connected, Loopback99
    O        10.1.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.2.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.3.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.4.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.5.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.6.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.7.0.0/24 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
    O        10.60.0.1/32 [110/1001] via 10.0.0.2, 1d23h, Tunnel0
    O        10.60.0.2/32 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.61.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.62.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.63.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.64.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.65.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.66.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.67.0.0/24 [110/1002] via 10.0.0.2, 1d23h, Tunnel0
    O        10.70.0.1/32 [110/1001] via 10.0.0.4, 1d23h, Tunnel0
    O        10.70.0.2/32 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.71.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.72.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.73.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.74.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.75.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.76.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.77.0.0/24 [110/1002] via 10.0.0.4, 1d23h, Tunnel0
    O        10.80.0.1/32 [110/1001] via 10.0.0.3, 1d23h, Tunnel0
    O        10.80.0.2/32 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    O        10.81.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    O        10.82.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    O        10.83.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    O        10.84.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    O        10.85.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    O        10.86.0.0/24 [110/1002] via 10.0.0.3, 1d23h, Tunnel0
    C        10.100.0.1/32 is directly connected, Loopback0
    O        10.100.0.2/32 [110/12] via 10.0.1.2, 00:05:45, GigabitEthernet0/1
          /32 is subnetted, 1 subnets
    C        is directly connected, Dialer0
          /32 is subnetted, 1 subnets
    C        is directly connected, Dialer0
    -Please provide sh ip route on the switch
    SWITCH#sh ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    Gateway of last resort is 10.0.11.1 to network 0.0.0.0
    S*    0.0.0.0/0 [1/0] via 10.0.11.1
          10.0.0.0/8 is variably subnetted, 60 subnets, 3 masks
    O        10.0.0.1/32 [110/11] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.0.2/32 [110/1011] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.0.3/32 [110/1011] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.0.4/32 [110/1011] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.1.0/30 [110/11] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    C        10.0.11.0/30 is directly connected, GigabitEthernet0/2
    L        10.0.11.2/32 is directly connected, GigabitEthernet0/2
    O        10.0.60.0/30 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.66.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.70.0/30 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.77.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.80.0/30 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.88.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.0.99.1/32 [110/12] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    C        10.1.0.0/24 is directly connected, Vlan1
    L        10.1.0.1/32 is directly connected, Vlan1
    C        10.2.0.0/24 is directly connected, Vlan2
    L        10.2.0.1/32 is directly connected, Vlan2
    C        10.3.0.0/24 is directly connected, Vlan3
    L        10.3.0.1/32 is directly connected, Vlan3
    C        10.4.0.0/24 is directly connected, Vlan4
    L        10.4.0.1/32 is directly connected, Vlan4
    C        10.5.0.0/24 is directly connected, Vlan5
    L        10.5.0.1/32 is directly connected, Vlan5
    C        10.6.0.0/24 is directly connected, Vlan6
    L        10.6.0.1/32 is directly connected, Vlan6
    C        10.7.0.0/24 is directly connected, Vlan7
    L        10.7.0.1/32 is directly connected, Vlan7
    C        10.8.0.0/24 is directly connected, Vlan8
    L        10.8.0.1/32 is directly connected, Vlan8
    C        10.9.0.0/24 is directly connected, Vlan9
    L        10.9.0.1/32 is directly connected, Vlan9
    O        10.60.0.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.60.0.2/32 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.61.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.62.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.63.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.64.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.65.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.66.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.67.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.70.0.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.70.0.2/32 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.71.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.72.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.73.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.74.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.75.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.76.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.77.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.80.0.1/32 [110/1012] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.80.0.2/32 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.81.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.82.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.83.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.84.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.85.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.86.0.0/24 [110/1013] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    O        10.100.0.1/32 [110/12] via 10.0.11.1, 00:07:36, GigabitEthernet0/2
    C        10.100.0.2/32 is directly connected, Loopback0
    Thanks again for your help

  • Configuring PAT/NAT in cisco routers

    hello, first sorry for my bad english
    i just wanted to know how configuring PAT (port address translation)
    like this :?
    amir(config)#ip nat inside source static tcp 192.168.1.1 1000 172.16.1.1 1000
    or not?
    2nd question i have is:
    when i need to write: "ip nat inside source"... and when i need to write "ip nat outside" ..
    and the last question for now is:
    how i can (if that's possible) to configure dynamic PAT - I mean that any computer on my LAN will go out to the internet with the same address but with diffrent ports - in random mode.(i mean without configuring static one by one)
    i hope i was clear enough, tanks a lot!

    Hi Tiger,
    1) Yes your first statement is a static PAT statement which will say source ip with source port 1000 is translated to 172.16.1.1 with same port number but yes it is a static PAT entry.
    2) Coming to your 2nd question
    "ip nat inside source" is a global config command which says any traffic which hits the inside interface nat the source ip address.
    "ip nat inside" is a interface mode command which should be done going to any interface. This command specifies which will be an inside interface which will nat the incoming traffic.
    3) Coming to your last question
    For dynamic PAT you just need to configure overload command at the end of your nat statement.
    This link will give you a very broad and nice picture of how NAT can be configured in different situation
    http://www.cisco.com/warp/public/556/12.html#6
    HTH
    Ankur

  • Netflow export on Cisco 2821

    Hello,
    a question or more a problem with netflow exports on Cisco 2821's.
    I configured netflow export on a Cisco 2821 with IOS Version 12.4(24)T
    ip cef
    interface FastEthernet0/0/0
    description to XXX
    ip address XXX
    ip flow ingress
    ip flow egress
    duplex full
    speed 10
    ip flow-cache timeout active 1
    ip flow-export source GigabitEthernet0/0
    ip flow-export version 5
    ip flow-export destination XXX XXX
    The netflow collector shows "only ingoing traffic" on interface FastEthernet0/0/0 and
    "only outgoing traffic" on interface GigabitEthernet0/0.
    Same problem with an IOS Version 12.4(20)T1 on other Cisco 2821's.
    But same configuration on other Cisco 2821's with IOS Version 12.4(11)XJ4 work well.
    Any references/suggestions or explanations?

    #It's surprising to me that it's even possible to configure both directions on a single interface.
    #It's generally not a good idea to configure both directions among interfaces on a single router.
    --> It is possible. ;-) I need QoS (DSCP information) for ingoing traffic and
    --> and for outgoing traffic of this interface FastEthernet0/0/0.
    #How's g0/0 configured "ip flow" wise?
    --> There's no netfow configuration on this interface, only on Fa0/0/0.
    -->#sh ip flow interface
    --> FastEthernet0/0/0
    -->  ip flow ingress
    -->  ip flow egress
    #Maybe you're seeing "only outgoing traffic" on
    #interface GigabitEthernet0/0, because those are incoming traffic through fa0/0/0
    #(where IOS ignores the "ip flow egress" part) and flowing out through g0/0?
    --> You're right. The outgoing traffic at Gi0/0 is the ingoing traffic at Fa0/0/0.
    --> But I don't think thath the configuration is wrong and I think that the
    --> "ip flow egress" command on an single interface is not so special.
    --> I really looks like that the command "ip flow egress" on interface Fa0/0/0
    --> is being ignored. But why?
    --> May be I should start an other discussion with a link to this posting in the
    --> router forum.

  • Configuring N channel on cisco 1252 Access Point

    Hi,
    Can someone help me for configuring N-Series band on Cisco 1252 Access Point in IOS Mode.
    Thanks
    Tabrez

    Firstly you need to use WPA2/AES or OPEN authentication.
    Cisco 802.11n Design and Deployment Guidelines
    http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns767/white_paper_80211n_design_and_deployment_guidelines.html

  • Cisco 2821, add 8 FXO

    Hi,
    I have Cisco 2821, currently we have pRI circuit terminated on it.
    We want to add 8 FXO, let me know if it is possible.
    Attached sh diag command

    It is possible if you have enough dsp resources. You can calculate hardware need with Cisco DSP calculator - http://www.cisco.com/web/applicat/dsprecal/dsp_calc.html

  • Configuring Radius server with Cisco MDS - 9606 switch

    Need help in configuring Radius server with cisco MDS - 9606
    please let me know if any document available

    rtt min/avg/max/mdev = 0.260/0.327/0.468/0.077 ms
    IFCBCCEMCSW2# sh version
    Cisco Storage Area Networking Operating System (SAN-OS) Software
    TAC support: http://www.cisco.com/tac
    Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
    The copyrights to certain works contained herein are owned by
    other third parties and are used and distributed under license.
    Some parts of this software may be covered under the GNU Public
    License or the GNU Lesser General Public License. A copy of
    each such license is available at
    http://www.gnu.org/licenses/gpl.html and
    http://www.gnu.org/licenses/lgpl.html
    Software
    BIOS: version 1.1.0
    loader: version 1.2(2)
    kickstart: version 3.3(1c)
    system: version 3.3(1c)
    BIOS compile time: 10/24/03
    kickstart image file is: bootflash:/m9500-sf1ek9-kickstart-mz.3.3.1c.bin
    kickstart compile time: 5/23/2008 19:00:00 [06/19/2008 23:56:56]
    system image file is: bootflash:/m9500-sf1ek9-mz.3.3.1c.bin
    system compile time: 5/23/2008 19:00:00 [06/20/2008 00:26:51]
    Hardware
    cisco MDS 9506 ("Supervisor/Fabric-1")
    Intel(R) Pentium(R) III CPU with 1028596 kB of memory.
    Processor Board ID JAB094300ER
    bootflash: 250368 kB
    slot0: 0 kB

  • Traffic Shaping on Cisco 2821 router

    I have two sites and connected with MPLS links of 2MB with Cisco 2821 routers. Now a requirement came that two sites will have additional server ( one each location - for data replication purpose) and 75% of the bandwidth needs to be allocated to data replication servers on each site and rest of 25% bandwidth will be utilize for both sides normal traffic.
    Is there any additional modules to be added on each router to isolate the traffic. Please let me know.
    Thanks,

    To expand on the information that Collin provided . . .
    If you really want to cap the bandwidth to a class of traffic, i.e. truly limit replication to 75%, you can add a policer or shaper to a class, similar to what Collin shows.
    e.g.
    policy-map RestrictAltiris
    class Altiris
    bandwidth percent 20
    shape average 1500000
    However, like Collin, since CBWFQ guarantees bandwidth allocations, you rarely need to cap bandwidth if you, for instance, insure your other traffic gets the other 25% (i.e. 100% less 75% for replication).
    e.g.
    policy-map RestrictAltiris
    class Altiris
    bandwidth percent 75
    (NB: BTW, there are other rules pertaining to bandwidth reservations, but prior examples, both Collin's and mine, should suffice.)
    Also BTW, since you mention MPLS, and since MPLS often allows multisite communication, if there are more than just these two sites that can communicate with these two sites across their 2 Mbps links, other considerations apply for dealing with such a situation.
    PS:
    Although software based QoS should meet your stated requirements, there are optional modules to provide "WAN optimization", see http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/product_data_sheet0900aecd8058218c.html.
    PPS:
    BTW, when Collin describes:
    ". . . but when the link gets congested the router will limit the traffic for this host to 20% of the total interface bandwidth, and all the remaining traffic to 80%.", this might be just a bit misleading since when the link is congested individual classes aren't really limited they are instead guaranteed their bandwidths as a minimum, not precisely the same thing. For example with 20% and 80% guarantees, either class could still obtain unused bandwidth from the other class while the link is congested.
    [edit]
    This being true, for something like what you describe, I would recommend using the least amount of bandwidth guarantee that data replication needs. Assuming your other traffic, on average, doesn't consume more than 25% of the bandwidth, you might find even providing replication only 1% for a bandwidth guarantee works fine. Why you would want to do this, by lowering the bandwidth guarantee for replication, you allow other traffic to burst. Such bursting capability normally improves any kind of transactional or conversational applications and doesn't (usually) unduly delay replication.

  • Disable SSLv3 in AnyConnect on Cisco 2821

    We are running anyconnect-win-3.1.06073-k9.pkg on a 2821 IOS router.  Is there a way to disable SSLv3?
    The release notes indicate CSCur27617 - AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux was resolved in AnyConnect 3.1.05187.
    Thank you

    Hi Rob , 
    According to the bug: 
    All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability 
    On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
    If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
    As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
    Hope it helps
    - Randy - 

  • Connecting Cisco 2821 Router, Switch, and Cable Modem

    Hey everyone,
    I am currently in the Cisco Network Academy at my school and just finished CCNA 1.  I have a few questions though.
    I am purchasing new equipment and that equipment includes:
    1-Cisco 2821 2-port Gigabit Router
    1-Linksys SE3016 16-Port Gigabit Switch (unmanaged)
    1-Cisco WAP4410n Wireless Access Point
    1-Motorla SurfBoard Gigabit Cable Modem (no router built in-Just standalone Modem used with Comcast Xfinity High Speed Internet)
    1-12U Network Rack (not enclosed)
    I am confused on how I will connect the cable modem to the router and the router to the switch and the WAP so that I still have WiFi. Since the router only has 2 Ge Ports, how would I cable this up?
    If my assumptions are correct, would I do the following set up?
    Take the Cable Modem and run a Straight Thru to Port 1 of the Router.
    Connect the Switch Port 1 to Port 2 of the Router using a Straight Thru cable (I believe I will most likely have to Subnet a network, won't I?).
    Connect Switch Port 2 to WAP using Straight Thru Cable (so I still have WiFi in my home).
    Connect all my computers and other devices to the Switch (this includes several PC's/Laptops, two printers that are ethernet, two TV's that are ethernet, an AppleTV and a Blue Ray Player that are both ethernet, and some Cisco Powerline Network Adapters).
    Will that set up work? 
    Also, how would I configure the router to work with my cable modem AND act as a DHCP Server so that all of my devices get IP Addresses? I have the Cisco Command Guide Book, but it is confusing to me as of now.
    Thanks!
    Chris

    A good start but a few points I would make.
    If you set the clock manually, you may find it resets itself after a router reboot. I would look at pointing it at an NTP server:
    #ntp server x.x.x.x
    #clock timezone GMT (Assuming you are UK based)
    Although not required, I would put a description on each of the interfaces as it may help identify them later if you are not physically in front of the Router.
    #interface gi0/0
    #description WAN
    Same for LAN
    You have set up your LAN subnet with a /16 subnet mask which is effectively 10.0.0.1 - 10.0.255.254. This is a large subnet allowing over 65k hosts which is not best practice on enterprise networks. It probably won't cause you any issues but I doubt you will have any more than 254 hosts so personally I would use a /24 subnet (255.255.255.0)
    The only major thing missing is NAT which needs to be configured on the router to translate the LAN IP addresses from their 10.* private range to the Public IP address on the Gi0/0 WAN Interface.
    Firstly you need to define the 'inside' and 'outside' NAT interfaces which is fairly self explanatory:
    #interface gi0/0
    #ip nat outside
    #interface gi0/1
    #ip nat inside
    Gi0/0 is your outside interface because its facing the Outside world (i.e the internet) and Gi0/1 is your inside interface because its facing Inside your LAN.
    Then you need to tell the router which addresses to translate against by first creating an access list:
    #ip access-list standard LAN-Addresses
    #permit 10.0.0.0 0.0.255.255
    Finally you need to tell the router to start translating:
    #ip nat inside source list LAN-Addresses interface gi0/0 overload
    Oh, I have just noticed that you do not have a 'default route' configured. A router forwards packets by first looking up the destination IP address of the packet (i.e where its going) in it's own routing table. Obviously home routers are not going to have an entry for every Public IP subnet on the internet so they use something called a default route which effectively says 'If I cannot find an entry for this packet in my routing table, use the default route'.
    As you are on DHCP and your IP address (and even default gateway) could change on your WAN interface, I would not bother with the next hop address in the default route but rather use the outgoing interface as below:
    #ip route 0.0.0.0 0.0.0.0 gi0/0
    Hope this helps!

  • How to view Log on the cisco 2821 Router

    Hi,
    can any one help me  to view the Log on the Cisco 2821 router for any  issue occur.
    Thanks,
    Saroj

    Cisco devices use the syslog to manage system logs and alerts. But in Cisco devices there is lack of large internal storage space for storing these kinds of logs.So to overcome Cisco devices has the following two options:
    1) internanal buffer — That is a small part of memory buffers to collect log the most recent messages. The buffer size is limited and , when the device reboots, these syslog messages are lost.by default it is on
    (If not follow this steps
    conf t
    logging on
    logging console.....console logs
    logging buffer  size ......set the size of buffer
    terminal monitor.......to gets logs on the remote terminal like telnet,ssh etc.
    sh logging.........to see buffer logs.)
    2) Syslog server—  By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.
    If you have any syslog server please find the below simple config .
    conf t
    logging host x.x.x.x
    logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)
    before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time
    command to set time manually on router is (set clock ) or to use ntp server use ntp server x.x.x.x to sync clock to router router.
    Hop thant is informative ,
    Regards,
    Ashish

Maybe you are looking for