Configuring Static Routing

Hi, I have some issues configuring my WRT54G in my business, I've already got 2 networks and i want to create a new one with my router.. The main network where all our servers are is the 192.168.1.0/24 (gateway 192.168.1.1), second network is 192.168.2.0/24 (gateway 192.168.2.1)
What i want to do: Create the network 192.168.102.0/24 wich could communicate directly with the 192.168.2.0 network but 192.168.102.0 need to talk with the 192.168.1.0 network too. I guess i should connect the 192.168.2.0 in the Internet port, and the 192.168.102.0 in the Ethernet ports.
How should i setup my router ?? Do i need to create Static Ip routes on my computer in the 192.168.102.0 network?? Thanks!
Message Edited by Goyette on 12-10-2007 01:25 PM

1}192.168.0.1/24
2}192.168.0.2/24
3}192.168.102.0/24 {want to create}
The most important thing i want to know how the above two network are connected to each other. And which router you are using.
Then we will move foward

Similar Messages

  • Configuring Static Route Tracking Using ASDM 7.1(3) ASA 9.1(2)

    I have recently updated my ASA5520 to 9.1(2) and I am using ASDM 7.1(3) to configure Static Route Tracking. I have done this previoussy in earlier version of ASDM without a problem.  There seems to be a new field in the Tracked Options section.  What is the "Target Interface"?  Is it the interface I want to use as the standby route when the Monitor fails? Or is it the Interface that is doing the monitoring?
    I have looked through Cisco ASA Series General Operations ASDM Configuration Guide Software Version 7.1, as well as older ASDM books and this field is never listed or described.

    Hi,
    The target interface will be the interface through which you will be polling some destination IP address with ICMP Echos to determine if the route through that interface is still valid.
    So in your case you would use "Outside"
    Heres the link to the ASA Command Reference listing the above "type" command under the "sla monitor 1" configuration
    http://www.cisco.com/en/US/docs/security/asa/command-reference/t2.html#wp1568359
    - Jouni

  • Configuring static routes at the network edge

    We have some Cisco 1750 routers at the edge of our network which are running RIP. We were advised to use static routes on the router, since there was only one route (across a WAN link) for traffic to go from the hub connected to the router, as RIP would only waste the limited bandwidth to the router. We posted this problem previously and got a response which stated :You could set up a default static route on your edge router, run RIP on your internal routers in order to propagate the default, but block the RIP to the outside.
    On your edge router, make a default route to your external link. Keep RIP running as before, but add the line redistribute static in your rip configuration. That will get the default route propagated.
    Now to stop the RIP on the external interface: If the link is on a different major IP network to your internal network, you can simply not include it in the network commands under rip. But if it is in the same network, then RIP will be enabled on the interface, so you will have to add passive-interface xxxxx, where xxxxx refers to the interface carrying your external link,
    Alternatively, you could define your default route using the ip default-network command. This will get propagated automatically into the RIP even without the redistribute command.
    We tried it, the problem is that the router is unreachable, via the serial or Ethernet, although if connected to the router via console port, with the configuration screen , you are able to ping external locations, and are able to telnet into the router, but he PC's on the Ethernet side of the router cant see the network.
    Assistance\Advice requested.
    attached you wll find , the actual reply , and a copy of some info from our work file.

    Ernie
    I have looked at the config that you posted and I see several issues. The serial interface on Salvage is 172.20.2.2. Your message indicates that it is connected via serial to a 3640 which your message seems to indicate is 172.20.1.4. But that makes the 3640 on a different subnet. Connections over a serial link should be in the same subnet on both ends. (The exception to that is when you are using the ip unnumbered feature - which you are not). I suspect that part of your problem is that the routers do not see themselves on a connected subnet. When you run RIP over the link it can compensate for that to some degree. But when you stop RIP the problem has impact.
    Also I see that you have a static default route as Kevin suggested. And in RIP you have redistribute static. But there is no default metric defined. To redistribute into RIP you need a default metric. Another aspect of the problem with the default route is that the next hop for the default route is 172.20.1.4, but without RIP running I believe that Salvage has no idea how to get to that address. You can confirm this by doing show ip route 172.20.1.4 on Salvage. I suspect that you will get an error about route not in table.
    Beyond these issues I believe that there is a larger problem of misunderstanding. When I look at your original post in this thread it talks about not running RIP over the serial link. And when I read Kevin's response the first paragraph is describing not running RIP over the serial interface when it says do static default on your edge router and run RIP on your internal router. If you are not running RIP over the serial interface then I see no reason to run RIP on Salvage at all. There is one piece of this that Kevin did not address. If you do not run RIP over the serial link then how does the 3640 know about the Ethernet subnet at Salvage. I believe that the answer is that the 3640 needs to configure a static route to 172.20.27.0 with the 1750 serial interface as the next hop. And if there are other routers that the 3640 communicates with via RIP then the 3640 needs to redistribute static into RIP (remembering to have a default metric).
    If you address these issues I believe that you will have connectivity from the central network to the remote subnet on Salvage.
    HTH
    Rick

  • How can I configure static routes in a CUCM?

    Hi.
    I have seen that there is no-way to set static routes in a Call Manager but I have read that you can add static routes in the Linux that runs CUCM.
    If I do that, will I l lose the Cisco support for that server?
    I don't know why a Level 3 server (like a CUCM, Presence , Unity,...) doesn't permit routing configuration.
    Regards.
    Rafa

    Thanks for your answer, Jaime.
    That implies that we have to insert an intermediate router.
    I think that routing features should be implemented in Unified Comunications servers.
    Regards

  • How to configure static route on RHEL 3 A/S

    I have a (very) large amount of data to move through a Gigabit connection
    shortly. I want to use a newly-configured gigabit PCI-X card in a Dell
    server to accomplish this. The other interfaces are 100 Mbps.
    If I want to add a route (static route) to force outgoing packets that
    are destined for a particular host to use that interface (eth3 on this host)
    then how do I do that? System is RedHat Enterprise Linux 3AS.
    I suspect this involved the "add route default" command or whatever
    the syntax is -- I did it for Solaris years ago but don't remember
    exactly.
    $ Linux host1.localdomain 2.4.21-57.ELhugemem #1 SMP Fri Jun 13 00:09:04 EDT 2008 i686 i686 i386 GNU/Linux
    $ ifconfig eth3
    eth3 Link encap:Ethernet HWaddr 00:0A:5E:7A:E7:33
    inet addr:10.156.30.176 Bcast:10.156.30.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:619971 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:44019924 (41.9 Mb) TX bytes:256 (256.0 b)
    Interrupt:24
    Thanks in advance.

    I agree. Using the /binroute command is not recommended for newbies, or even oldies. There is more infrastructure behind the scenes than just the routing table and using the "redhat-config-network" or "system-config-network" tool does the right thing, so you don't have to.
    I mentioned it only for completeness.

  • SGE2000/P Static Routing (equals L2+) Explain?

    What does L2+ mean?  I realize these aren't L3 switches with SVI capabilities, so what is the purpose of configuring static routes if there is no InterVLAN routing capability?
    T.I.A.,
    Chris

    Welcome to Cisco Community!
    With out getting into a huge discussion I will try to answer as quickly and directly as possible.
    Our SFE and SGE series switches are Layer 3 switches (can also be configured as L2) so they are able to perform as a (inter VLAN) router or gateway for all VLANs. Once you have created the VLANs and assigned each an IP address, that IP address will become the GW for that VLAN. Under Routing you will not see any learned networks until you assign the VLAN to a port and the port becomes active. You will then need to configure a default route to send the traffic out to the cloud. The router will need to belong to the same VLAN as the switch. So if the switch has an IP address of 172.16.30.1/24, the router will have an IP of 172.16.30.254/24 for example. The route would read like this: 0.0.0.0/0 next hop 172.16.30.254 metric 2 (or higher).
    As for static routes as a L2 or L3 switch, they would be useful when you have a device attached to another switch which is disjoined from your typical network on the local switch. In other words, lets say you have 3 (aside from default native VLAN 1) VLANs V10 - 30. All you of your devices belong to these VLANs but you have a server on VLAN 30 which is not connected to this switch. You will then create a static route for that server's IP address to the remote switch.
    VLAN30: 172.16.30.1 (local SGE)
    Server: 172.16.30.200 (on remote switch)
    Remote Switch: 192.168.20.1 (remote SGE)
    VLAN30: 172.16.30.2 (on remote SGE)
    Static Route:
    destination 172.16.30.200 next hop 172.16.30.2 metric 2
    I hope this answers your question. These are really my favorite switches, as I find them very reliable and highly configurable. I love these things.

  • Is Static Routing Necessary?

    I'd like to use an 1812 to route data between 2 subnets (say 10.1.1.x and 11.1.1.x). I'm setting up the two WAN interfaces (FastEthernet0 and FastEthernet1) with IP addresses and subnet masks for each of the two subnets.
    Will traffic heading from the 10.1.1.x subnet and destined for the 11.1.1.x subnet automatically route correctly (and vice-versa), or will I need to configure static routing?
    Also, a follow-up question. If I'm only expecting traffic from one of the subnets and destined to the other (either 10.1.1.x to 11.1.1.x, or vice-versa), do I need to configure a default route? If no default route is configured, what happens if a packet comes in destined for an unknown subnet?

    Trevor
    In the situation which you describe where the router has 2 interfaces and networks are configured on each interface, then you do not need static routing to route between those networks.
    In this situation I do not see any reason to configure a default route. The default route is certainly not needed to route between those networks. And if a packet came into the router and the destination were on some network not connected to the router, what could you do? Do you have any way to forward packets to any other network? As you describe it there is no benefit for a default route. And in this situation if a packet did come in with a destination for an unknown subnet, then the only thing that the router can do is to drop the packet.
    HTH
    Rick

  • Cisco ASA static route Administrative Distance

    Hello Dear Engineers,
    In Cisco ASA 8.2(5) version  I configured Static Route Floating with different Administrative Distances (for example, 10) , but IOS cannot accept this parameter.   for verifying, show route command  result shows  administrative distance as 1 .
    Configuration example:
    ip route 10.0.0.0 255.255.255.0 192.168.1.1 1 track 1
    ip route 10.0.0.0 255.255.255.0 192.168.2.1 10 
    S 10.0.0.0 255.255.255.0 [1/0] via 192.168.2.1, outside2
    Is this the bug of the IOS, or may-be I misconfigured something? 
    Thanks in advance.

    Hi Samir,
    Even Pix 8.0 version shows the correct ad value defined..... might be that would be a bug or misconfiguration from your end.
    pixfirewall(config-if)# sh route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route
    Gateway of last resort is 1.1.1.2 to network 0.0.0.0
    C    1.1.1.0 255.255.255.0 is directly connected, out1
    C    2.2.2.0 255.255.255.0 is directly connected, out2
    S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.1.2, out1
    pixfirewall(config-if)# shut
    pixfirewall(config-if)# sh route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route
    Gateway of last resort is 2.2.2.2 to network 0.0.0.0
    C    2.2.2.0 255.255.255.0 is directly connected, out2
    S*   0.0.0.0 0.0.0.0 [100/0] via 2.2.2.2, out2
    pixfirewall(config-if)#
    Regards
    Karthik

  • Need Help for configuring Floating static route in My ASA.

    Hi All,
    I need your support for doing a floating static route in My ASA.
    I have tried this last time but i was not able to make it. But this time i have to Finish it.
    Please find our network Diagram and configuration of ASA
    route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
    route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
    route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
    route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
    route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
    route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
    route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
    route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 10.10.3.77 255.255.255.255 inside
    http 10.10.8.157 255.255.255.255 inside
    http 10.10.3.59 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sla monitor 123
    type echo protocol ipIcmpEcho 8.8.8.8 interface outside
    num-packets 3
    frequency 10
    sla monitor schedule 123 life forever start-time now
    crypto ipsec transform-set cpa esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map vpn_cpa 1 match address acl_cpavpn
    crypto map vpn_cpa 1 set peer a.a.a.a
    crypto map vpn_cpa 1 set transform-set abc
    crypto map vpn_cpa 1 set security-association lifetime seconds 3600
    crypto map vpn_cpa interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    track 1 rtr 123 reachability
    telnet 10.10.3.77 255.255.255.255 inside
    telnet 10.10.8.157 255.255.255.255 inside
    telnet 10.10.3.61 255.255.255.255 inside
    telnet timeout 500
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 10.10.3.14
    webvpn
    tunnel-group .a.a.a.a ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
    inspect sip 
      inspect xdmcp
    service-policy global_policy global
    smtp-server 10.10.5.11
    prompt hostname context
    Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
    : end
    i think half of the configuration stil there in the ASA.
    Diagram.
    Thanks
    Roopesh

    You have missed the last command in your configuration, Please check it again
    route ISP1  0.0.0.0 0.0.0.0 6.6.6.6 track 1
    route ISP2   0.0.0.0 0.0.0.0 3.3.3.3
    sla monitor 10
    type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
    num-packets 3
    frequency 10
    sla monitor schedule 123 life forever start-time now
    track 1 rtr 123 reachability
    You can do NAT in same way, here the logical name of the interface will be different.
    Share the result
    Please rate any helpful posts.

  • Configuring MPLS VPN using static routing

    Hi,
    I am managed to set up a BGP/MPLS VPN in a laboratory using CS3620 routers running IOS 12.2(3) with ISIS. I am thinking of using static routes among the PE and P routers instead of a IGP. Does anyone know if Cisco routers supports static configuration of LSP? I have tried but could not get it work.

    You can very well run MPLS with static routing in the core, as in Cisco we have to meet 2 criterias to have a MPLS forwarding Table.
    1) Creating the LIB
    This thing lies in having LDP neighborship netween two peers and you have Label bindings.
    This is irrespective of what is the best next hop to reach the advertising peers LDP_ID.
    2) Creating the LFIB
    Now after considering all the Label bindings, the LDP_ID which can be reached out an interface
    as a next hop, those Label bindings get installed in the LFIB.
    So considering the above two points, we have to be careful in static routes
    only for interfaces like Ethernet (Multiaccess Segments).
    As in CEF when you give a static route pointing to an Ethernet Interface, CEF creates a
    GLean Adjacency (Meaning there could be multiple hosts as the next hop on this segement, and it will glean for the right next-hop)
    Now you may observe that when you give a static route only pointing to an Ethernet interface,
    you LDP adjacency may come up and you may exchange the bindings with each other. But the Label Forarding Table is not created. This is bcos of this being a Multiaccess interface. And you have
    Glean For it. If its a Normal WAN interface like Serial or POS, then there is no problem of
    GLean and you would have a Valid Cached Adjacency.
    So to avoid probelems with Ethernet interfaces you can simply specify the next-hop-ip address.
    For Eg: ip route 10.10.31.250 255.255.255.255 10.10.31.226 (Without the Interface)
    ip route 10.10.31.250 255.255.255.255 fa0/0 10.10.31.226 (Or with the Interface)
    Only Difference in both is in the first one it has to do a recursive lookup for the outgoing interface. Otherwise both work well. And you can have static routes in your network
    running MPLS.
    And doing this CEF would would work as it should and you would have a Valid Cached Adjacency.
    So this is applicable for Cisco devices which use CEF, including 6500 with SUP720.
    HTH-Cheers,
    Swaroop

  • AnyConnect Configuration - Tunnel subnets that are on "Static Routes"

    Hi!
    I've been trying to setup my Cisco ASA to handle VPN connections to a couple of subnets.
    So we have a LAN which we have XenServers on (Lab environment)
    On these machines we have a pfSense each to get a public IP so that we can NAT services to our virtual machines.
    We are currently running AnyConnect to reach the managemen network "172.20.20.0/24"
    But the pfSense's have their own IP's on this management vlan. So I thought that I could setup a static route to them.
    So I did setup the route, I can now ping all the subnets.
    The next thing to do is to get the AnyConnect to be able to reach all of these subnets.
    I'll post a image that describes our network topology:
    And I think i've got everything right. But it seems that something is missing. I've run out of ideas, and im still learning.
    So it could just be soemthing easy. I will attach the network sketch and the config.
    Thanks!
    Best Regars:
    Jonathan Herlin

    I tried the commands you wrote.
    When I do the packet-trace I get the following.
    ASA5505(config)# packet-tracer input inside tcp 192.168.60.100 80 172.20.23.68$
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    Forward Flow based lookup yields rule:
    in  id=0xcb52a1f0, priority=1, domain=permit, deny=false
            hits=65188, user_data=0x0, cs_id=0x0, l3_type=0x8
            src mac=0000.0000.0000, mask=0000.0000.0000
            dst mac=0000.0000.0000, mask=0100.0000.0000
            input_ifc=inside, output_ifc=any
    Phase: 2
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   172.20.23.0     255.255.255.0   inside
    Phase: 3
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group inside_access_in in interface inside
    access-list inside_access_in extended permit ip any any
    Additional Information:
    Forward Flow based lookup yields rule:
    in  id=0xcb51d4b0, priority=13, domain=permit, deny=false
            hits=453, user_data=0xc9635ee0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
            src ip/id=0.0.0.0, mask=0.0.0.0, port=0
            dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
            input_ifc=inside, output_ifc=any
    Phase: 4
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Forward Flow based lookup yields rule:
    in  id=0xcb52def8, priority=0, domain=inspect-ip-options, deny=true
            hits=51642, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
            src ip/id=0.0.0.0, mask=0.0.0.0, port=0
            dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
            input_ifc=inside, output_ifc=any
    Phase: 5
    Type: USER-STATISTICS
    Subtype: user-statistics
    Result: ALLOW
    Config:
    Additional Information:
    Forward Flow based lookup yields rule:
    out id=0xcc3fd5f8, priority=0, domain=user-statistics, deny=false
            hits=51667, user_data=0xcc28aaf0, cs_id=0x0, reverse, flags=0x0, protocol=0
            src ip/id=0.0.0.0, mask=0.0.0.0, port=0
            dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
            input_ifc=any, output_ifc=inside
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Reverse Flow based lookup yields rule:
    in  id=0xcb52def8, priority=0, domain=inspect-ip-options, deny=true
            hits=51644, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
            src ip/id=0.0.0.0, mask=0.0.0.0, port=0
            dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
            input_ifc=inside, output_ifc=any
    Phase: 7
    Type: USER-STATISTICS
    Subtype: user-statistics
    Result: ALLOW
    Config:
    Additional Information:
    Reverse Flow based lookup yields rule:
    out id=0xcc3fd5f8, priority=0, domain=user-statistics, deny=false
            hits=51668, user_data=0xcc28aaf0, cs_id=0x0, reverse, flags=0x0, protocol=0
            src ip/id=0.0.0.0, mask=0.0.0.0, port=0
            dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
            input_ifc=any, output_ifc=inside
    Phase: 8
    Type: FLOW-CREATION
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    New flow created with id 52463, packet dispatched to next module
    Module information for forward flow ...
    snp_fp_tracer_drop
    snp_fp_inspect_ip_options
    snp_fp_tcp_normalizer
    snp_fp_translate
    snp_fp_adjacency
    snp_fp_fragment
    snp_ifc_stat
    Module information for reverse flow ...
    snp_fp_tracer_drop
    snp_fp_inspect_ip_options
    snp_fp_translate
    snp_fp_tcp_normalizer
    snp_fp_adjacency
    snp_fp_fragment
    snp_ifc_stat
    Result:
    input-interface: inside
    input-status: up
    input-line-status: up
    output-interface: inside
    output-status: up
    output-line-status: up
    Action: allow
    ASA5505(config)#
    So it seems to work, but I can't access "172.20.20.11" which is one of the static route pfSense's. May be that the Cisco is proppertly configured, but can't work with the pfSense's.
    And I can't figure out where the packet is going, cause it seems like the package reaches the pfSense without any problems?
    And the pfSense is working just fine.
    / Jonathan

  • Why can't I configure BFD for static routes on IAD2431 on ios 15.1(2)T when Feature Nav says its in there

    I am trying to configure BFD for static routing on a 2431 running IOS 15.1(2)T to detect and route around simple multihoming faults.  According to Cisco Feature Navigator, BFD for static routes is supported on c2430-ik9o3s-mz.151-2.T.bin.  But when I follow the config guide steps to configure it, IOS does not recognize the commands, such as:
    ERC3-IAD2431-3(config)#int fa0/0
    ERC3-IAD2431-3(config-if)#bfd ?
    % Unrecognized command
    ERC3-IAD2431-3(config-if)#
    and:
    ERC3-IAD2431-3(config)#ip route static bfd fa0/0 172.19.113.241 
    % BFD is not supported on FastEthernet0/0
    ERC3-IAD2431-3(config)#
    Am I missing some prerequisite, or restriction?

    Vignesh,
    As requested:
    ERC3-IAD2431-3#show version
    Cisco IOS Software, 2400 Software (C2430-IK9O3S-M), Version 15.1(2)T, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2010 by Cisco Systems, Inc.
    Compiled Mon 19-Jul-10 16:23 by prod_rel_team
    ROM: System Bootstrap, Version 12.3(7r)T2, RELEASE SOFTWARE (fc1)
    ERC3-IAD2431-3 uptime is 1 week, 20 hours, 31 minutes
    System returned to ROM by reload at 15:45:52 EDT Mon Oct 27 2014
    System restarted at 15:47:56 EDT Mon Oct 27 2014
    System image file is "flash:c2430-ik9o3s-mz.151-2.T.bin"
    Last reload type: Normal Reload
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    Cisco IAD2431 (R527x) processor (revision 4.1) with 250880K/11264K bytes of memory.
    Processor board ID FHK1444F1GM
    R527x CPU at 225MHz, Implementation 40, Rev 3.1
    2 FastEthernet interfaces
    48 Serial interfaces
    2 Channelized T1/PRI ports
    1 Virtual Private Network (VPN) Module
    DRAM configuration is 64 bits wide with parity disabled.
    63K bytes of non-volatile configuration memory.
    System fpga version is 250027
    System readonly fpga version is 250027
    Option for system fpga is 'system'.
    126976K bytes of ATA System CompactFlash (Read/Write)
    Configuration register is 0x2102
    ERC3-IAD2431-3#show int fa0/0
    FastEthernet0/0 is up, line protocol is up 
      Hardware is Gt96k FE, address is 5475.d026.3019 (bia 5475.d026.3019)
      Description: Uplink to TWC/Avaya VoIP Network
      Internet address is 24.30.210.144/27
      MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 100Mb/s, 100BaseTX/FX
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:00, output 00:00:00, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 2000 bits/sec, 3 packets/sec
      5 minute output rate 1000 bits/sec, 2 packets/sec
         40541 packets input, 6155984 bytes
         Received 20517 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog
         0 input packets with dribble condition detected
         149623 packets output, 22178324 bytes, 0 underruns
         0 output errors, 0 collisions, 5 interface resets
         17 unknown protocol drops
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier
         0 output buffer failures, 0 output buffers swapped out
    ERC3-IAD2431-3#show int fa0/1
    FastEthernet0/1 is up, line protocol is up 
      Hardware is Gt96k FE, address is 5475.d026.301a (bia 5475.d026.301a)
      Internet address is 172.19.113.242/29
      MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 100Mb/s, 100BaseTX/FX
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:44, output 00:00:05, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         14829 packets input, 3324508 bytes
         Received 7916 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog
         0 input packets with dribble condition detected
         78596 packets output, 7819210 bytes, 0 underruns
         0 output errors, 0 collisions, 13 interface resets
         0 unknown protocol drops
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier
         0 output buffer failures, 0 output buffers swapped out
    ERC3-IAD2431-3#
    Thanks,
    Alfy

  • Default static route and Null 0

    Hi Everyone,
    Need to clear some doubts  for below setup
    Switch 3550A is connected to Internet Router and has OSPF nei relationship with it.
    3550A#                      sh run int fa0/11
    Building configuration...
    Current configuration : 272 bytes
    interface FastEthernet0/11
     description OSPF LAN Connection to 2691 Router Interface Fas 0/1
     no switchport
     ip address 192.168.5.2 255.255.255.254
    sh ip route shows
    3550A#sh ip route
    Gateway of last resort is 192.168.5.3 to network 0.0.0.0
    O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:39:56, FastEthernet0/11
    3550A#
    All is working fine.
    For testing  purposes i config below static route on 3550A
    ip default-network 192.168.1.0
    ip route 192.168.1.0 255.255.255.0 Null0
    After above change
    3550A#           sh ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route
    Gateway of last resort is not set
    S*   192.168.1.0/24 is directly connected, Null0
    O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:38:38, FastEthernet0/11
    Now i can not ping to internet as below
    3550A#ping 4.2.2.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
    Success rate is 0 percent (0/5)
    When we ping from Switch then source IP is always the Outside interface IP right?
    So in this case Switch is using which IP as source?
     Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
    Null interface right?
    Extended ping works fine as below
    3550A#ping
    Protocol [ip]:
    Target IP address: 4.2.2.2
    Repeat count [5]:
    Datagram size [100]:
    Timeout in seconds [2]:
    Extended commands [n]: y
    Source address or interface: 192.168.5.2
    Type of service [0]:
    Set DF bit in IP header? [no]:
    Validate reply data? [no]:
    Data pattern [0xABCD]:
    Loose, Strict, Record, Timestamp, Verbose[none]:
    Sweep range of sizes [n]:
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
    Packet sent with a source address of 192.168.5.2
    Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/80 ms
    Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
    Regards
    MAhesh

    Hi Mahesh,
    When we ping from Switch then source IP is always the Outside interface IP right?
    That is correct.  By default it is always the outgoing interface on the device unless you specify it differently.
    Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
    Null interface right?
    That is correct. Null0 can't be used as next-hop.
    Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
    No, that is because 192.168.5.0/30 is NATed. Remember 192.168.x.x address is a private segment and cannot access the Internet unless NAT is used.
    HTH
    Reza

  • Is there a way to add a static route in an Ipod touch ?

    I am trying to get the ipod touch to configure correctly for our wireless network.
    The wireless side does not provide DNS or DHCP directly . Rather this is done from a different
    subnet . This assists to a small extent with our wirless security in that the attacker must also know
    routing address and DNS and DHCP addresses to steal web access. In windows or Linux this can be done
    by route add (DHCP IP Address) netmask 255.255.255.255  (gateway IP address)
    and route add (DNS IP Address) netmask 255.255.255.255 (gateway IP address)
    and manually specifying the DNS and DHCP addresses. Even if i manually enter the
    the IP address without a simple static route I will not get DNS services across the gateway.
    I am no apple expert but route add has been in use since the internet was still on 2 wheels
    surely this can still be done ?
    Thanks in advance

    hi!
    have you seen javax.swing.JMenuItem ?
    and have a look into
    http://java.sun.com/docs/books/tutorial/uiswing/components/menu.html
    :)

  • How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?

    Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
    My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
    Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
    56128's where my static routes are:
    ip route 192.168.101.0/24 192.168.30.77 name firewall 250
    router eigrp 65100
       redistribute static route-map Static-To-Eigrp
    route-map Static-To-Eigrp permit 10
       match ip address prefix-list Static2Eigrp
    ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
    Edge device:
    router eigrp 65100
     network 172.18.0.5 0.0.0.0
     network 172.18.0.32 0.0.0.3
     network 172.18.0.36 0.0.0.3
     redistribute ospf 65100 metric 2000000 0 255 1 1500
     redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
     passive-interface default
     no passive-interface Port-channel11
     no passive-interface Port-channel12
     eigrp router-id 172.18.0.5
    router ospf 65100
     router-id 172.18.0.5
     log-adjacency-changes
     redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
     passive-interface default
     no passive-interface GigabitEthernet1/0/1
     no passive-interface GigabitEthernet1/0/2
     no passive-interface GigabitEthernet2/0/1
     no passive-interface GigabitEthernet2/0/2
     network 172.18.0.0 0.0.255.255 area 0
    ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
    route-map EIGRP_INTO_OSPF permit 10
     match ip address prefix-list EIGRP_INTO_OSPF

    So in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
    I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have.

Maybe you are looking for

  • What worked to find my backup encryption password that I didn't set!

    As so many are dealing with, went to set-up new iphone 5 from my iphone 4 backup that was very important to me. I got the dreaded backup password hault. I tried everything! Different pc didn't work, nothing but a circle of nothing without that passwo

  • Report launch form - implementation name?

    In the report launch form (qms0012f), no reference at all is made to the implementation name defined for the module. This attribute is mandatory when setting up the module definition (via qfd0016f), & according to the on-line help for this form it's

  • Snapshot Report taking long time

    Hi, We have snapshot collection every 1 hour in our db and the process is taking 1/2 hour to run and it is the highest resource hog while it is running. what can we do to avoid this scenario ? Quick help ismuch appreciated. We use oem 11g for a 9.2.0

  • I use GMAIL, why do I have to install Outlook?

    My iPAD sync all my contacts from my Gmail, but iCloud on my PC has not.  It says I have to install outlook.  Why?  Is there a way around this?

  • CS6 to CS5

    Hey, I had the trial for PS CS6 and have just un-installed it so I can install PS CS5, but I keep getting an error message saying: "We are unable to start your subscription for PS CS5 Extended Subscription Edition" Which is fine but I didnt buy a sub