DHCP issue on Cisco IOS router

Similar Messages

• Cisco IOS Router to PIX VPN Issues

  Hi Everyone,
  I have a small issue here which someone may be able to shed some light on.
  I have a Cisco IOS router which is terminating a site-to-site VPN connection on the dialer interface. The PIX on the other end is behind a NAT router. The tunnel is being established and one subnet is able to see another when the tunnel is up. The thing we are having an issue is both networks on each side of the VPN contain multiple subnets and i cannot connect to all the subnets over the same tunnel.
  Any ideas.

  Yes all this is setup.
  I have just found out that Cisco IOS can only make connections from 1 network per crypt map unless multiple connections are made from server to host. This is quite disturbing because i have not seen this in any documentation.
  Does anyone know of IOS to PIX IPsec with multiple subnets on each side of the network.

• SSLVPN with iPhone Anyconnect and Cisco IOS Router, Certificate Authentication failed

  Hello,
  i have a problem regarding the authentication with a certificate from the iPhone Anyconnect 2.5 Client to a 1802 Cisco Router.
  Cisco 1802 Router:
  Cisco IOS Software, C180X Software (C180X-ADVENTERPRISEK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
  First i configured SSLVPN with username and password, in this configuration the Anyconnect Client of my iPhone works.
  then i enrolled a certificate from my Windows 2008 R2 CA to the Router with the Attributes: Server Authentication and IPSEC
  and i enrolled a certificate for my iPhone with Client Authentication and IPSEC
  after a bunch of time ( i realy could not find a really good documentation on how to do this) i got it done, in the webvpn context configuration i made this changes here:
  no aaa authentication list default
  authentication certificate
  ca trustpoint CA
  as the "SSL VPN Configuration Guide, Cisco IOS Release 15.1M&T" says: if i want only certificate authentication i had to user the "authentication certificate" command and thats it.
  as i look into the debugs it seems to me that the Router accepts the certificate of the iPhone, but then i receive a window on the iphone that wants an additional username and password authentication, and no matter what i enter there's always the same dialog coming back..
  any ideas what the problem could be???
  here is the configuration:
  webvpn gateway WEBVPN_GW_OFFICE2
  ip interface Dialer0 port 1444
  ssl trustpoint CA
  inservice
  webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 1
  webvpn install svc flash:/webvpn/anyconnect-win-3.0.4235-k9.pkg sequence 2
  webvpn install svc flash:/webvpn/anyconnect-dart-win-2.5.3055-k9.pkg sequence 3
  webvpn context WEBVPN_CONTEXT2
  secondary-color white
  title-color #669999
  text-color black
  ssl authenticate verify all
  policy group WEBVPN_POLICY2
     functions svc-enabled
     mask-urls
     svc address-pool "SSLVPN_OFFICE1"
     svc default-domain "domain.internal"
     svc keep-client-installed
     svc split include 192.168.0.0 255.255.0.0
     svc dns-server primary 192.168.53.33
     svc dns-server secondary 192.168.53.35
  virtual-template 3
  default-group-policy WEBVPN_POLICY2
  gateway WEBVPN_GW_OFFICE2
  authentication certificate
  ca trustpoint CA
  inservice
  here is the debug:
  OfficeRouter1# PASSING appctx is [0x89FAFFCC]
  Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
  Nov 19 22:39:53.607: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x15A07AB8, len: 469,
        offset: 0, domain: 0)
  Nov 19 22:39:53.607: WV: http request: / with no cookie
  Nov 19 22:39:53.607: WV: validated_tp : CA cert_username :  matched_ctx :
  Nov 19 22:39:53.607: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:39:53.607: WV: Trustpoint match successful
  Nov 19 22:39:53.607: WV: Extracted username:  pass: ?
  Nov 19 22:39:53.607: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=661 bytes=661 tcb=0x8811FE60
  Nov 19 22:39:53.607: WV: Appl. processing Failed : 2
  Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
  BueroRouter1# PASSING appctx is [0x89FAEEC4]
  Nov 19 22:40:24.028: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.032: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.132: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:24.132: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x160C4038, len: 469,
        offset: 0, domain: 0)
  Nov 19 22:40:24.132: WV: http request: / with no cookie
  Nov 19 22:40:24.132: WV: validated_tp : CA cert_username :  matched_ctx :
  Nov 19 22:40:24.132: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:40:24.132: WV: Trustpoint match successful
  Nov 19 22:40:24.132: WV: Extracted username:  pass: ?
  Nov 19 22:40:24.132: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=661 bytes=661 tcb=0x88D11EEC
  Nov 19 22:40:24.136: WV: Appl. processing Failed : 2
  Nov 19 22:40:24.136: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.764: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.880: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event
  Nov 19 22:40:39.892: WV: Entering APPL with Context: 0x86529380,
        Data buffer(buffer: 0x86543A40, data: 0x1616FD38, len: 610,
        offset: 0, domain: 0)
  Nov 19 22:40:39.892: WV: http request: /webvpn.html with domain cookie
  Nov 19 22:40:39.892: WV: validated_tp :  cert_username :  matched_ctx :
  Nov 19 22:40:39.892: WV: Received appinfo
  validated_tp : CA, matched_ctx : ,cert_username :
  Nov 19 22:40:39.892: WV: Trustpoint match successful
  Nov 19 22:40:39.892: WV: Client side Chunk data written..
  buffer=0x86543640 total_len=607 bytes=607 tcb=0x88D11EEC
  Nov 19 22:40:39.892: WV: Appl. processing Failed : 2
  Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event

  http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml
  HI,
  Refer to
  AnyConnect VPN Client FAQ
  Q. Is it possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router?
  A. No. It is not possible to connect  the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router.  AnyConnect on iPad/iPhone can connect only to an ASA that runs version  8.0(3).1 or later. Cisco IOS is not supported by the AnyConnect VPN  Client for Apple iOS. For more information, refer to the Security Appliances and Software Supported section of the Release Notes for Cisco AnyConnect Secure Mobility Client 2.4, Apple iOS 4.2 and 4.3.

• Possible interface issues on cisco 3725 router

  I have a router that has been working great for almost 2 years now, has had the occisonal reset due to power failures but, I have not adjusted the configuration for a long time, until today trying to diagnose the issue thats occuring.
  Here is the setup, a Cisco 3725, with three network interfaces, FE 0/0 connected to cable modem, FE 0/1 connected to the 10.0.1.x and FE0/1.10 vlan for call manager express ip phones. I then have a third interface FE 1/0 that acts as my DMZ where I keep servers. Both FE 0/0 and FE 1/0 are behind the NAT. Just yesterday I noticed that the internet traffic stops on the FE 0/1 interface after a few hours local VLAN routing works from FE0/1 to FE 1/0 and I can ssh into the router just no web traffic, I reset and it starts working again, odd thing is the DMZ still has internet during this entire time, which makes me think the interface is faling. Is there any logs or commands I can do when the interface fails again to see if its a bad interface on the router?
  I isolated the switch out of the question, hooked a non managed switch up while the internet was not working and tried to connect and got nothing as well.

  Try the below and see whether that works
  The inside interface of the PIX cannot be pinged from the other end of the tunnel unless the management-access command is configured in the global configuration mode.
  PIX-02(config)#management-access inside
  PIX-02(config)#show management-access
  management-access inside

• DHCP issues with Cisco WAP 321

  I have 4 Cisco WAP 321's in my office connected to our Cisco 2911 ISR for DHCP, everything is fine on the office wifi on vlan 1 but vlan 3 with the guest wifi network it fails to obtain an IP address. I have tried under each of the WAPs to make sure it wasnt just the one nearest my desk. I was on the phone yesterday with Cisco about this and we turned on debugging and watched the DHCP requests and no requests even hit the ISR (only thing I have smartnet support on). I noticed our firmware was a few versions old so updated that this morning but still have the same issues so now I am turning to you all to help me figure this out.
  Thanks
  Jake
  This topic first appeared in the Spiceworks Community

  I have 4 Cisco WAP 321's in my office connected to our Cisco 2911 ISR for DHCP, everything is fine on the office wifi on vlan 1 but vlan 3 with the guest wifi network it fails to obtain an IP address. I have tried under each of the WAPs to make sure it wasnt just the one nearest my desk. I was on the phone yesterday with Cisco about this and we turned on debugging and watched the DHCP requests and no requests even hit the ISR (only thing I have smartnet support on). I noticed our firmware was a few versions old so updated that this morning but still have the same issues so now I am turning to you all to help me figure this out.
  Thanks
  Jake
  This topic first appeared in the Spiceworks Community

• DHCP Issue on Cisco 2960

  I have an device that use Multicast and is unable to aquire an ip address when connected to a 2960 switch. I have a 3560 switch that is configured with the DHCP scope. We have DHCP pool configured. layer 2, and layer 3 switch's.
  Basically what’s happing  is that if we connect the device to the switch it does not get a DHCP address however if we apply a static address it works.  Now I have duplicated this in the lab and the everything works fine, the only difference is that I have a different IOS on my Lab switch.  The only thing i can think of is the IOS.
  Any help would be appreciated.
  The IOS on the 2960 is flash:c2960-lanbasek9-mz.122-55.SE7.

  Hi Anil,
  I need to know the mac-address of the client as i see two different DHCP Requests from:
  0100.237d.14b5
  and
  0198.fe94.dcd6
  Moreover i see only one DHCP pool on the layer 3 switch:
  ip dhcp pool
  network 10.65.117.0 255.255.255.0
  dns-server 198.6.1.122 198.6.1.142 8.8.8.8
  default-router 10.65.117.1
  And as you said that it should pick IP address from vlan2, but i dont see any pool for vlan2 on the contrary you did mention that if you connect your laptop on that port it does pick IP address from vlan 2. its actually very weird.
  If possible collect the wireshark captures from machine interface for more debugging. i want to see the DHCP process. and let me know if you need any help in collecting captures
  Regards,
  RS

• DHCP Server Configuration - Cisco 1750 router

  Good Day All,
  can anybody give me a step by step procedure on how to configure my 1750 router as a DHCP server?
  Thank you,
  Lester

  Hello Moses,
  You do InterVlan routing with your router, Fa0/1 and Fa0/0 is on your router, two different subnets with two different pools. From the router you have two uplinks - access links. These links are terminated on two different Layer 2 vlan on the switch. If Fa0/0 is terminated on vlan 100, hosts in vlan 100 will get IP address from Fa0/0's dhcp pool, if Fa0/1 is terminated on vlan 200 on the switch all hosts will get ip from Fa0/1's address space.
  Fa0/0 dhcp pool: address of the interface is in the pool
  Fa0/1 dhcp pool: address of the interface is in the pool, interface address is member of the subnet (that's will be the GW)
  bye
  FCS
  Please rate me if I helped.

• L2TP/IPSec on IOS router

  The following topic describes how to do L2TP/IPSec on Windows 8.
  https://supportforums.cisco.com/document/9878401/l2tp-over-ipsec-cisco-ios-router-using-windows-8
  However, I am trying to use the same template for Chrome OS clients and it does not work. Has it ever been set up successfully? Any ideas would be greatly appreciated.
  Thank you,
  Aram.

  Randy, I understand now!
  What I would do in this case is couple of things, but this still needs some minor configuration on the router, it depends on the router managed provider but.. you should be able to ask the provider know that you want to get syslog traps from the router to your syslog server, and they should be able to provide this to you and they should provide that, after all, you are paying for services even though is a managed router by provider.
  On the router thye would configure a secondary logging server.
  e.i
  say your syslog server is 20.20.20.20
  router(config)#logging 20.20.20.20
  router(config)#logging trap informational
  the above informational is facility #6 out of the 7 levels of facility, 0 being emergencies 1 alerts 2 critical and so on..I believe with this facility# you will see tunnel info on the syslog.
  additionally, on the access-lists pertaining to the L2L Ipsec tunnel add the keyword log at the end of each of its access-list, with the keywork log the router will send traps pertaining to the access-list to your syslog thus providing you that the connection is stablihed or not.
  Rgds
  -Jorge

• Configuration Issue with my Cisco 871 Router

  Hi all,
  I am a newbie to the Cisco IOS.
  I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
  With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
  Below is my current config:
  Hoggers#show config
  Using 4414 out of 131072 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Hoggers
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret 5 **********************.
  no aaa new-model
  crypto pki trustpoint TP-self-signed-568493463
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-568493463
  revocation-check none
  rsakeypair TP-self-signed-568493463
  crypto pki certificate chain TP-self-signed-568493463
  certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
  dot11 syslog
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 192.168.1.1
  ip dhcp excluded-address 192.168.1.2
  ip dhcp excluded-address 192.168.1.3
  ip dhcp excluded-address 192.168.1.4
  ip dhcp excluded-address 192.168.1.5
  ip dhcp excluded-address 192.168.1.6
  ip dhcp excluded-address 192.168.1.7
  ip dhcp excluded-address 192.168.1.8
  ip dhcp excluded-address 192.168.1.9
  ip dhcp excluded-address 192.168.1.10
  ip dhcp excluded-address 192.168.1.100
  ip dhcp excluded-address 192.168.1.90
  ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1
     lease 0 2
  ip dhcp pool LANPOOL
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 41.212.3.2 41.212.3.253
  ip domain name yourdomain.com
  ip name-server 41.212.3.2
  ip name-server 41.212.3.253
  archive
  log config
    hidekeys
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  description Wan to Outside World
  ip address 41.212.79.108 255.255.255.0
  duplex auto
  speed auto
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.1.1 255.255.255.0
  ip tcp adjust-mss 1452
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 41.212.79.1
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
  access-list 23 permit 10.10.10.0 0.0.0.7
  no cdp run
  control-plane
  scheduler max-task-time 5000
  end
  I'll appreciate any light you can shed on what am missing.

  2 wireless routers can not communicate wirelessly with each other.
  You need to connect cable between 2 routers and use the second wireless router as access point.
  Follow this link to connect Linksys router to another router.
  Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address.

• IPhone 2.1 now supports Cisco VPN Client to IOS router

  Just tested it. The Cisco VPN Client in iPhone 2.1 now connects to my IOS router. Excellent.

  I have a Cisco 1812 with 12.4(20)T. I know that 12.4(6)T and some other versions have an issue with the negotiation of IPSec policies which basically means that only the first proposal is considered. If the first proposal matches you have a connection. If it does not match, the connection is refused even though other proposals would be O.K.
  The relevant isakmp/ipsec config should be:
  crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group myvpn
  key mysecretkey
  dns 10.0.0.2 10.0.0.3
  wins 10.0.0.2
  domain mydomain.example.com
  pool ippool
  acl 150
  split-dns mydomain.example.com
  netmask 255.255.255.0
  crypto isakmp profile ike-myvpn-profile
  match identity group myvpn
  client authentication list userauthen
  isakmp authorization list groupauthor
  client configuration address respond
  virtual-template 2
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile myvpn
  set transform-set ESP-3DES-SHA
  set isakmp-profile ike-myvpn-profile
  interface Virtual-Template2 type tunnel
  ip unnumbered FastEthernet1
  ip nat inside
  ip virtual-reassembly
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile myvpn
  See also http://www.cisco.com/en/US/docs/ios/security/configuration/guide/secipsec_virt_tunnl_ps6441_TSD_Products_Configuration_GuideChapter.html
  If you have IOS 12.4(6)T or similar which has the bug I have mentioned you have to use aes instead of 3des for the transform set. The first proposal of the iPhone is aes. Be sure to check the "debug crypto ipsec" and "debug crypto isakmp" output for troubleshooting.

• Issue when update ios for 7206 router

  hi all ,
  the ios on router was 12.4
  i put the ios
  c7200p-adventerprisek9-mz.152-4.M5.bin
  in disk2  , of router
  and added
  boot system flash disk2:/c7200p-adventerprisek9-mz.152-4.M5.bin
  after that  ,
  i restarted the router
  i have the followign logs :
  7200Gateway#reload
  Proceed with reload? [confirm]
  *Jan 11 15:24:11.469: %SYS-5-RELOAD: Reload requested  by m0ulngateway on console. Reload Reason: Reload Command.
  *Jan 11 15:24:11.681: %BGP-5-ADJCHANGE: neighbor 213.244.66.77 Down Peer closed the session
  System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  Socket jumper: not present Failsafe jumper: present = normal
  FPGA revision 0x00000026
  C7200 platform with 2095104 Kbytes of main memory
  Readonly ROMMON initialized
  Self decompressing the image : ################################################################################################################################# [OK]
  %SYS-6-CLOCKUPDATE: System clock has been updated from 15:26:31 UTC Sat Jan 11 2014 to 17:26:31 Israel Sat Jan 11 2014, configured from console by console.
  % No interface specified for interface_command
  X121 address and queued type can not be configured on the same rotary group 1
  %SYS-3-IMAGE_TOO_BIG: 'disk2:/c7200p-adventerprisek9-mz.152-4.M5.bin' is too large for available memory (46143512 bytes).
  %SYS-6-READ_BOOTFILE_FAIL: disk2:/c7200p-adventerprisek9-mz.152-4.M5.bin File read failed -- Not enough space.
  %SYS-6-BOOT_MESSAGES: Messages above this line are from the boot loader.
  boot of "cisco2-C7200" using boot helper "bootflash:c7200p-kboot-mz.124-4.XD5.bin" failed
  error returned: File read failed -- Not enough space
  loadprog: error - on file open
  boot: cannot load "cisco2-C7200"
  System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 2006 by cisco Systems, Inc.
  Socket jumper: not present Failsafe jumper: present = normal
  FPGA revision 0x00000026
  C7200 platform with 2095104 Kbytes of main memory
  Readonly ROMMON initialized
  Self decompressing the image : ########################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################### [OK]
  *** No sreloc section
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 15.2(4)M5, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Fri 13-Sep-13 19:12 by prod_rel_team
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Installed image archive
  Cisco 7206VXR (NPE-G2) processor (revision A) with 1966080K/65536K bytes of memory.
  Processor board ID 13252317
  MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
  6 slot VXR midplane, Version 2.0
  Last reset from power-on
  PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
  Current configuration on bus mb1 has a total of 0 bandwidth points.
  This configuration is within the PCI bus capacity and is supported.
  PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
  Current configuration on bus mb2 has a total of 0 bandwidth points.
  This configuration is within the PCI bus capacity and is supported.
  Please refer to the following document "Cisco 7200 Series Port Adaptor
  Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
  for c7200 bandwidth points oversubscription and usage guidelines.
  1 FastEthernet interface
  3 Gigabit Ethernet interfaces
  2045K bytes of NVRAM.
  250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Warning: The CLI will be deprecated soon
  'enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Please move to 'enable secret <password>' CLI
  max-reserved-bandwidth 95
     ^
  % Invalid input detected at '^' marker.
  Press RETURN to get started!
  ============================
  focusing on the red  lines above .
  is there ANY THING WRONG ?????
  AFTER THat i have sh ver :
  7200Gateway#sh version
  Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 15.2(4)M5, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Fri 13-Sep-13 19:12 by prod_rel_team
  ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
  7200Gateway uptime is 10 minutes
  System returned to ROM by reload at 17:24:07 Israel Sat Jan 11 2014
  System image file is "disk2:/c7200p-adventerprisek9-mz.152-4.M5.bin"
  Last reload reason: Reload Command
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco 7206VXR (NPE-G2) processor (revision A) with 1966080K/65536K bytes of memory.
  Processor board ID 13252317
  MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
  6 slot VXR midplane, Version 2.0
  Last reset from power-on
  PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
  Current configuration on bus mb1 has a total of 0 bandwidth points.
  This configuration is within the PCI bus capacity and is supported.
  PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
  Current configuration on bus mb2 has a total of 0 bandwidth points.
  This configuration is within the PCI bus capacity and is supported.
  Please refer to the following document "Cisco 7200 Series Port Adaptor
  Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
  for c7200 bandwidth points oversubscription and usage guidelines.
  1 FastEthernet interface
  3 Gigabit Ethernet interfaces
  2045K bytes of NVRAM.
  250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  =====================
  focus on bold line ,
  did the router get the new iso without problems ????
  wish to clarify
  regards

  You are right, whenever Cisco device boots, the IOS files gets loaded on the DRAM.
  But in this process, some temporary files are also generated which gets saved in the flash/Disk, that’s the only reason you got these error messages. It’s not recommended at all to have less space in the Flash than what is recommended on Cisco.com. I would say please remove some files from Disk and have minimum 256 MB flash otherwise your router may drop into rommon mode at the time of next reload.
  Well, it’s good to upgrade the bootstarp image too. Currently you are running 15.X IOS code, I would say run 15.X bootstarp image on the box.
  You may download bootstarp image for 7206VRX NPEG2 from the link below:-
  http://software.cisco.com/download/release.html?mdfid=282188585&flowid=1380&softwareid=280805685&release=15.2.4S4&relind=AVAILABLE&rellifecycle=ED&reltype=latest
  If you want to know the procedure of the upgrade, click the link mentioned below:-
  http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf010.html#wp1017654
  -Amant

• Cisco 3825 router boot ios from usb

  HI All
  I got a Cisco 3825 Router CF card failure, can I boot IOS from USB? 
  Physically I found 2 usb ports but nothing I can see in ROMMON mode, may I know how to boot from USB?
  rommon 1 > dev
  Devices in device table:
          id  name
      flash:  compact flash
  bootflash:  boot flash
      eprom:  eprom
  rommon 2 >
  Hugo

  Hi Hugo, 
  The only time you can get an ISR G1 (except 870) to boot from USB is when you have upgraded the bootstrap to 12.4(13r)T15.
  The command to boot from USB is a hidden command.  From ROMmon the command is "boot usbflash0:IOS_filename.bin".

• Cisco IOS IPS in Cisco 2921/k9 router

  Hi All,
  I have a router of Cisco 2921 series (C2921/K9) basic box with IP BAse IOS image (SL-29-IPB-K9 IOS). I would like to enable IOS Level IPS feature on this Router now. Based on the Cisco Document i have found i need to purchase an additonal subscripton license to enale the IPS feature. My querry is-
  Will it support on the Basic IP Base IOS or do i need to change the IOS?
  If i need to purchase the Subscription Licesne, how can i get the part number and cost for the same?
  Do i need to buy any addtional module for this like (NME-IPS-K9) ?
  Thanks in advance for your quick support
  regards
  Sunny

  Hi Sunny
  1. Yes you can enable IPS on IOS with the security license, without buying a subscription, but this would make little sense - new signatures are being released all the time so you would not be protected from recently discovered vulnerabilities/attacks.
  2. Correct, the modules and appliances run a different kind of software and are much more powerful
  3. If you add the module, you do NOT need the security license. It would still be advised to get a subscription license to get signature updates for the module.
  I hope this helps, let us know.
  regards
  Herbert
  jacob.samuel wrote:Dear Herbert,Thanks alot for the wonderful post. It clear most of my doubts. Still i kindly need to know few more points-1)  Cant we enable IPS Feature on 2921/K9 router (with Sec license or 2921Sec/K9 bundle) without signature subscription license (is it a must? it is for getting updates of signatures and for support only, right?)2)  I came to know from a distributor pre-sales engineer that the Cisco IOS Level Intrusion Protection is not going to provide the full feature of IPS like NME module or IPS Applinace. Is that right?3)  If i add NME-IPS-K9 Module to my 2921 Router, without enabling Sec License, can i enable IPS feature on the Router. Or is it a must that i need to buy Sec License (SL-29-SEC-K9)?Attaching the Datasheet of NME-IPS-K9 module (Page num 5 above Table 3) mentione as follows-Cisco IOS Software Feature Sets and ReleaseTable 3 lists the required Cisco IOS feature sets and releases for Cisco IPS AIM and IPS NME on the Cisco 1841,
  2800 and 3800 series Integrated Services Routers Note that, IPS NME on the Cisco 2900 and 3900 Integrated
  Services Routers does not require a Security Feature license.
  In that case if i buy a module i can install it on the 2921K9 box directly and can enable the IPS feature right? I dont need any License and additonal signature subscription here to enable the IPS feature (if i dont need signature updates and support) right?
  thanks alot for the support.
  regards
  Sunny

• Cisco 3620 Router IOS CCIE lab

  Dear Sir,
  I procured one Cisco 3620 Router for CCIE R&S Lab.
  Which IOS should I download from www.cisco.com to support 12.2T and IPV6.
  Waiting for reply..
  Thanks/Regards
  Atul

  Hi Atul,
  This link may help you with the same
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Regards,
  Ankur

• Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

  We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
  We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

  Hi,
  So you have N7k acting as L3 with servers connected to 4510?.
  Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
  This will help narrow down if issue is between server to 4510 or 4510 to N7k.
  Thanks,
  Nagendra