Ip route command

Similar Messages

• The command line 'route' command is broken - what alternatives are there?

  The 'route' command appears to be broken in Mavericks ( now also in 10.9.4 ). It does update that tables, so netstat -r makes it seem that it has worked. However, browsers, pings and trace routes all give errors such as 'out of memory'.
  So, what can I do to set up working alternatives to the standard routing?
  There certainly is some routing capability, and the ability to change it - if you use the OS/X server and set up a VPN, you can set up routing there. So it should be possible to access it through the command line somehow.
  Any suggestions gratefully received.
  I really thought that this would be easy, but it's turned into quite a headache.

  This isn't a great fix but it's helped us out. We created an autoit script to edit the firefox.js file found in program files\mozilla firefox\default\pref. It searches for the line "pref("app.update.auto", true);" and changes it to "pref("app.update.auto", false);". It's a pain but it's the best we could come up with.
  Note: We updated to 3.6.14 and even with the setting above FF still did an auto update to 3.6.15.

• "ip routing" command on SG300 switch

  What does "ip routing" do on the CLI on the SG300?
  When I do this, I see it enables ip forwarding, but there is no mention of this in the CLI manual.  I'm just trying to figure out what I would use this for, and if I should leave it enabled, or disable it.
  I have several different SG300 switches in L3 mode, and they are set up in a multi-vlan environment...
  Thanks,
  scott

  Ah, ok, thanks. I guess that was pretty obvious, now that I know the answer.
  The "ip routing" command isn't mentioned anywhere in the CLI documentation, but I guess if I'd thought about it a little longer, I may have come to the same conclusion.
  Thanks Tom. 

• Distributed multicast routing command not working on Catalyst 3850 switch

  Hi Cisco community,
  I was wondering if there is a known problem as to why the ip multicast-routing [distributed] option is not available on the Cat 3850 platforms
  global command " ip multicast-routing " is accepted 
  the configuration guide named:
  IP Multicast Routing Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
  First Published: January 29, 2013
  Last Modified: October 22, 2013
  explains that this option "key word" [distributed]  should be available>
  Enables IP multicast routing.
  ip multicast-routing [distributed] 
  Device(config)# ip multicast-routing distributed
  =============== Here is what i have and see =========
  Config attempt
  ============
  CAT-3850-1(config)#ip multicast-routing distributed
                                              ^
  Show command:
  ========
  CAT-3850-1#show ip multicast 
    Multicast Routing: enabled
    Multicast Multipath: disabled
    Multicast Route limit: No limit
    Multicast Fallback group mode: Sparse
    Number of multicast boundaries configured with filter-autorp option: 0
  Software:
  ========
  Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), 
  Version 03.03.03SE RELEASE SOFTWARE (fc2)
  License rights:
  ============
  CAT-3850-1#sh license right-to-use 
   Slot#  License name   Type     Count   Period left 
   1      ipservices   permanent     N/A   Lifetime
   1      apcount      adder         10     Lifetime
  License Level on Reboot: ipservices
   Slot#  License name   Type     Count   Period left 
   2      ipservices   permanent     N/A   Lifetime
   2      apcount      adder         10     Lifetime
  License Level on Reboot: ipservices
  Any hints and help would be greately appreciated.
  Many thanks in advance
  Markus 

  Hi Reza,
  Thank you for your quick reply, and for putting the record staright. As such, a helpful rating was provided
  PS: Feel free to help me one more time if you happend to know folllow on this query :)>
  I guess that the disributed function has been included in the standard mulitcast routing command because the key word is no longer needed. Or perhaps this platform does not support this at all.#
  Once again , thank you for your help above.
  Best regards

• No 'ip routing' command on switch and yet intervlan routing.

  Hi,
  In my companies 4500 switch I see there is intervlan routing configured for the 4 Vlans it has but I do not see any 'ip routing' command on it
  to enable routing on the switch. Can a switch route even though the command isnt there?

  Ran the 'show run all' command and it was there. Thought '
  sh run | i ip' would display it but didn't.
  Thanks for the command.
  We just turned enterprise. I keep forgetting that.

• #sh ip ospf route Command

  Hi All,
  Kinldy let me know that #sh ip ospf route, which IOS Version support this command...
  Regards
  Indrapal

  Hi Indrapal,
  as far as I remember, 'show ip ospf route' is the unsupported version of the 'show ip ospf rib' command, which was introduced with the (Link:) OSPFv2 Local RIB feature in 12.4(15)T.
  Perhaps somebody could confirm.
  HTH
  Rolf

• Adter adding new ztv10 W 300 ZTE Router command prompt changed

  I just installed my new ZTE Router (ethernet+wifi) model ztv10 w300 and got it working even though I seem to be having a few ip address conflicts. The question I have now is why do I see local0026bb05005b:~ jasper$ when I open a command prompt now instead of Jaspers-MacBook-Pro.local:~ jasper$ as before? Under sharing I still have Jaspers-MacBook-Pro.local, but no longer in the terminal. Why? Is this going to cause issues? How do I revert?

  The hostname can be changed dynamically by routers and other network devices through DHCP requests, which can have the hostname keep changing every time your IP address and other DHCP information is renewed. If this is the case, you may be able to set the router to never provide hostname information, or you can set the computer to never accept a hostname change. To do this, you will need to add a line to the computer's hostconfig file using the following procedure:
  Open the Terminal
  Enter the following command:
  sudo pico /etc/hostconfig
  Authenticate, scroll to the bottom of the file, and add the following line:
  HOSTNAME=MacBook
  (Change "MacBook" to your desired hostname--no spaces)
  Save the file and quit by pressing control-X, confirming the save with the "Y" key followed by "enter".
  After this has been added to the file, the computer's hostname should not change even when you renew your DHCP lease.
  Cheers

• Cisco 7606 FIB Protocol Allocation mismatch after mls cef maximum-routes command

  Hi,
  we are trying to fine tune the mls cef maximum-routes without success for ipv4 on our Cisco 7606 router equiped like this:
  Mod Ports Card Type                              Model              Serial No.
    2   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       SAL09169CP0
    6    2  Supervisor Engine 720 (Active)         WS-SUP720-3BXL     SAL10370YH7
  Mod MAC addresses                       Hw    Fw           Sw           Status
    2  0013.c38b.ed9c to 0013.c38b.edb3   2.2   12.2(14r)S5  12.2(33)SRC1 Ok
    6  0017.9441.b750 to 0017.9441.b753   5.2   8.4(2)       12.2(33)SRC1 Ok
  Mod  Sub-Module                  Model              Serial       Hw     Status 
    2  Centralized Forwarding Card WS-F6700-CFC       SAL09159C8T  2.0    Ok
    6  Policy Feature Card 3       WS-F6K-PFC3BXL     SAL10360CJ0  1.8    Ok
    6  MSFC3 Daughterboard         WS-SUP720          SAL10360GNX  2.5    Ok
  the show version is like this:
  System image file is "bootdisk:c7600s72033-adventerprisek9-mz.122-33.SRC1.bin"
  We tryied to set the value of the ipv4 FIB TCAM to 720k with this command:
  mls cef maximum-routes ip 720
  and then to save the configuration we used the "write" command. This was the output after we wrote the configuration:
  FIB TCAM maximum routes :
  =======================
  Current :-
   IPv4 + MPLS         - 512k (default)
   IPv6 + IP Multicast - 256k (default)
  User configured :-
   IPv4                - 720k
   MPLS                - 16k (default)
   IPv6 + IP Multicast - 144k (default)
  Upon reboot :-
   IPv4                - 720k
   MPLS                - 16k (default)
   IPv6 + IP Multicast - 144k (default)
  so we reloaded the router to get the new value.
  when the router was up again it start to reload each 4 minutes. The FIB TCAM value was:
  show mls cef maximum-routes
  Reload scheduled for 13:50:09 DST Wed Aug 13 2014 (in 2 minutes and 51 seconds)
  Reload reason: FIB Protocol Allocation mismatchFIB TCAM maximum routes :
  =======================
  Current :-
   IPv4 + MPLS         - 512k (default)
   IPv6 + IP Multicast - 256k (default)
  User configured :-
   IPv4 + MPLS         - 512k (default)
   IPv6 + IP Multicast - 256k (default)
  Upon reboot :-
   IPv4 + MPLS         - 512k (default)
   IPv6 + IP Multicast - 256k (default)
  We know that our cisco is able to handle up to 1M of ipv4 routes inside the TCAM but we cannot set more than 512k ipv4 routes.
  Why the router doesn't accept the new value?
  Thanks
  http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/117712-problemsolution-cat6500-00.html
  http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/116132-problem-catalyst6500-00.html
  https://supportforums.cisco.com/discussion/12250356/recommended-value-7600-ipv4-fib-tcam

  Hi Paolo,
  #sho ver
  Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI13, RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Tue 11-Mar-14 04:53 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
   punk.gs2 uptime is 17 hours, 55 minutes
  Uptime for this control processor is 17 hours, 55 minutes
  Time since punk.gs2 switched to active is 17 hours, 54 minutes
  System returned to ROM by reload at 22:32:30 BST Mon Sep 1 2014 (SP by reload)
  System restarted at 22:35:24 BST Mon Sep 1 2014
  System image file is "disk0:s72033-adventerprisek9_wan-mz.122-33.SXI13.bin"
  Last reload reason: Reload Command
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco WS-C6504-E (R7000) processor (revision 2.0) with 983008K/65536K bytes of memory.
  Processor board ID FOX11270F1B
  SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
  Last reset from power-on
  11 Virtual Ethernet interfaces
  50 Gigabit Ethernet interfaces
  1917K bytes of non-volatile configuration memory.
  8192K bytes of packet buffer memory.
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  #remote command switch show version
  Cisco IOS Software, s72033_sp Software (s72033_sp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI13, RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Tue 11-Mar-14 05:09 by prod_rel_team
  ROM: System Bootstrap, Version 8.5(4)
   punk.gs2 uptime is 17 hours, 55 minutes
  Time since punk.gs2 switched to active is 17 hours, 55 minutes
  System returned to ROM by reload at 22:32:30 BST Mon Sep 1 2014
  System restarted at 22:34:17 BST Mon Sep 1 2014
  System image file is "disk0:s72033-adventerprisek9_wan-mz.122-33.SXI13.bin"
  Last reload reason: Reload Command
  cisco Catalyst 6000 (R7000) processor with 983008K/65536K bytes of memory.
  Processor board ID FOX11270F1B
  SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
  Last reset from s/w reset
  50 Gigabit Ethernet interfaces
  1917K bytes of non-volatile configuration memory.
  8192K bytes of packet buffer memory.
  500472K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  Hope that helps.

• Switch 3750x not support ip routing command

  Dear all,
  I have problem with Switch 3750x, with intervlan configuration, while I try to enter command:
  switch(config)ip routing
  it show invalid message.
  switch(config-if)no switchport
  it so message inject with this command. what is problem it is a new switch without previous configuration.

  CoreS1#show ver
  CoreS1#show version
  Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(55)SE5,                                                                                 RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Thu 09-Feb-12 18:14 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x02800000
  ROM: Bootstrap program is C3750E boot loader
  BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(58r)SE1, RELEASE SOFTW                                                                                ARE (fc1)
  CoreS1 uptime is 3 minutes
  System returned to ROM by power-on
  System image file is "flash:/c3750e-universalk9-mz.122-55.SE5/c3750e-universalk9                                                                                -mz.122-55.SE5.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  License Level: lanbase
  License Type: Permanent
  Next reload license Level: lanbase
  cisco WS-C3750X-24 (PowerPC405) processor (revision A0) with 262144K bytes of memory.
  Processor board ID FDO1827P037
  Last reset from power-on
  3 Virtual Ethernet interfaces
  1 FastEthernet interface
  28 Gigabit Ethernet interfaces
  2 Ten Gigabit Ethernet interfaces
  The password-recovery mechanism is enabled.
  512K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address       : 58:F3:9C:1B:73:00
  Motherboard assembly number     : 73-12530-11
  Motherboard serial number       : FDO182604V9
  Model revision number           : A0
  Motherboard revision number     : A0
  Model number                    : WS-C3750X-24T-L
  Daughterboard assembly number   : 800-32727-03
  Daughterboard serial number     : FDO182616NC
  System serial number            : FDO1827P037
  Top Assembly Part Number        : 800-31327-09
  Top Assembly Revision Number    : C0
  Version ID                      : V06
  CLEI Code Number                : CMMPM00DRA
  Hardware Board Revision Number  : 0x05
  Switch Ports Model              SW Version            SW Image
  *    1 30    WS-C3750X-24       12.2(55)SE5           C3750E-UNIVERSALK9-M
  Configuration register is 0xF
  CoreS1#show license
  Index 1 Feature: ipservices
          Period left: 8  weeks 4  days
          License Type: Evaluation
          License State: Active, Not in Use, EULA not accepted
          License Priority: None
          License Count: Non-Counted
  Index 2 Feature: ipbase
          Period left: 0  minute  0  second
  Index 3 Feature: lanbase
          Period left: Life time
          License Type: Permanent
          License State: Active, In Use
          License Priority: Medium
          License Count: Non-Counted

• Ip route command in GRE tunnel

                     Hi Everyone,
  I have setup GRE Lab between Routers R1 and R3.
  R1 is connected to R2 using OSPF  and R2  is connected to R3 using OSPF.
  I config GRE tunnel interface on R1 and R3.
  R1 has internal subnet say 100.x.x.x.x to share with R3.
  R3 has internal Lan subnet  say 101.x.x.x.x  to share with R1.
  Interesting traffic to pass through GRE tunnel is subnets 100.x.x.x.  and 101.x.x.x.x.
  R1 tunnel config
  R1#            sh run int tunnel 0
  Building configuration...
  Current configuration : 168 bytes
  interface Tunnel0
  ip address 13.13.13.1 255.255.255.0
  keepalive 3
  cdp enable
  tunnel source Loopback0
  tunnel destination 20.0.0.1
  tunnel path-mtu-discovery
  R3 Tunnel config
  R3#sh run int tunnel 0
  Building configuration...
  Current configuration : 158 bytes
  interface Tunnel0
  ip address 13.13.13.3 255.255.255.0
  keepalive 3 1
  tunnel source Loopback0
  tunnel destination 10.0.0.1
  tunnel path-mtu-discovery
  So my question is instead of using Routing protocols to advertise the Lan subnets from R1 and R3  can i use static routes?
  for example
  If i can use static routes say on R1
  ip route 101.101.101.101 255.255.255 ?
  what should be next hop IP here ?
  tunnel interface of R3 Router  or physical interface of R3 that connects to R2?
  Then same way i can use static routes on R3 right ?
  Thanks
  Mahesh

  Hello Mahesh,
  You can use IP address as long as Tunnel IP addresses on both sides are in the same subnet. So in your case you can use
  ip route 101.101.101.101 255.255.255 13.13.13.3
  Or you can use the tunnel interface
  ip route 101.101.101.101 255.255.255 Tunnel0
  Although I have seen issues in some cases when the interface name is used instead of tunnel IP.
  Please rate this post if helpful.
  THanks
  Shaml

• Understanding static ip route command

  Hi all,
  this is not a technical problem, I am just trying to understand how the static ip routes in the form:
  ip route vrf my_vrf 10.10.10.0 255.255.255.0 Te1/8/16
  will work.
  According to the CISCO documentation, the network 10.10.10.0/24 will be considered as a directly
  connected network, right? This sounds to me thet the router || layer 3 switch would send ARP "who-has"
  every time a packet should be delivered to some destination within 10.10.10.0/24 network.
  But if the interface Te1/8/16 has just a point-to-point connection to his peer and both even belong to some
  different network, say 192.168.1.0/30, who is going to answer the ARP request? Do we need to have
  an ARP proxy or.. is it going to work at all? (I have seen such configurations only in books not in real world)
  Unfortunately I do not have a test environment where i could just try this configuration,
  so your explanations || pointing to the right documentation will be highly appreciated!
  Thanks & regards,
  Yury Pakhomenko

  Hello Mahesh,
  You can use IP address as long as Tunnel IP addresses on both sides are in the same subnet. So in your case you can use
  ip route 101.101.101.101 255.255.255 13.13.13.3
  Or you can use the tunnel interface
  ip route 101.101.101.101 255.255.255 Tunnel0
  Although I have seen issues in some cases when the interface name is used instead of tunnel IP.
  Please rate this post if helpful.
  THanks
  Shaml

• About 'show ip routes' command on Content Engine

  Hello!
  I have a question.
  CE has only one default static route configured, however the output below show that it has 361 cached routes:
  #sh ip routes
  Destination Gateway Netmask
  Number of route cache entries: 361
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  What does it mean?
  ACNS version 5.3.7
  The official documentation is silent in this case.
  Thank you.

  it's the same as the old version of ip route caching in IOS in the old days.
  When the router had to go a routing decision it would cache it for later to speed up routing.
  This is the same here.
  The CE will cache any recent route lookup decision it had to take.
  Gilles.

• Using the 'route print' Command in Windows 7 - Detailed Screen Captures

  The 'route print' Command from an Administrative Command Prompt in Windows 7 provides a variety of useful information.  Let's take a look at the output of a 'route print' Command to examine how the output data is grouped and to understand its logic.
  Let's begin by simply issuing the following command:
  route print
  An Administrative Command Prompt output shows the following the following sections of the Command Output:
  Figure 1 - Issuing the 'route print' Command from an Administrative Command Prompt in Windows 7
   Observing the output of the Command indicates there are 5 Major Sections.  The Sections include:
  Interface List
  IPv4 Route Table
  IPv4 Persistent Routes
  IPv6 Route Table
  IPv6 Persistent Routes
  On this Workstation a single Physical Network Interface is visible and has been assigned a DHCP Address of '10.1.1.36'. 
  The IP Stack for this Workstation is as follows:
  IP Address: 10.1.1.36
  Subnet Mask: 255.255.255.0
  Default Gateway: 10.1.1.1
  DNS Server: 10.1.1.1
  DHCP Server: 10.1.1.1
  DNS Suffix: YYY.YYY.isp-provider.net
  Most of the time our focus is upon the IPv4 Routing Table output.  Here are the sections of the IPv4 Routing Table output for reference.
  Figure 2 - The IPv4 Route Table output listing the 'all networks' route through the Default Gateway.
  The next IPv4 Routing Table entry indicates '10.1.1.36' (the Host Workstation' is a member of the '10.1.1.1/24' Network and would route packets out the '10.1.1.36' Interface.
  Figure 3 - The Workstation Host at '10.1.1.36' is a member of the '10.1.1.0/24' Network Subnet.
   The next IPv4 Routing Table entry indicates '10.1.1.36' may receive a Broadcast from the '10.1.1.0/24' Network (as noted by the Subnet Mask of '255.255.255.255').
  Figure 4 - The Workstation Host at '10.1.1.36' can offer a Broadcast on the '10.1.1.0/24 Network' (as noted by the 255.255.255.255 Subnet Mask).
   Another IPv4 Routing Table entry focused on Broadcast Addresses is the following.  The Host Workstation at '10.1.1.36' may offer Network Broadcasts to the '10.1.1.0/24' Network.
  Figure 5 - The Workstation Host at '10.1.1.36' can receive Network Broadcasts from the '10.1.1.0/24' Network (as noted by the '10.1.1.255' Network Destination).
   The next IPv4 Routing Table entries (3 of them) are focused on the Loopback Network Values of '127.0.0.0/8',  '127.0.0.1/32' and the Loopback Network Address of '127.255.255.255/32' respectively.  These Addresses provide Services to the Local Host (or Loopback Adapter).  The Loopback Network Destination of '127.0.0.0' provides access to the Loopback Network through '127.0.0.1' the Loopback IP Address.  The Loopback IP Address of '127.0.0.1/32' receives Limited Local Broadcast to the Loopback Network while the Loopback IP Address of '127.255.255.255/32' provides Limited Broadcast to the Loopback Network.
  Figure 6 - The Workstation Host at '10.1.1.36' uses 3 Addresses for Services to the 'Local Host'. All 3 Addresses incorporate the '127.x.x.x' format.
   Next the Routing Table includes 2 specific entries for the Multicast Network (224.0.0.0/4) for both the 'Local Host' or Loopback  Address of '127.0.0.1' and the Host IP Address of '10.1.1.36' that are '224.0.0.0/4' .  These are used for Multicast Network functions.
  Figure 7 - The Workstation Host at '10.1.1.36' includes 2 Multicast Addresses (starting with '240.0.0.0') reserved for use through either the Loopback Address '127.0.0.1' or the Host IP Address '10.1.1.36'.
   The last 2 Routing Table entries provides Services through Limited Broadcast Addresses.  The Network Destination of '255.255.255.255/32' are the Limited Broadcast Address Ranges for both the Loopback Adapter '127.0.0.1' and the Host IP Address '10.1.1.36'.
  Figure 8 - The Workstation Host at '10.1.1.36' includes 2 Limited Broadcast IP Address Values to Service both the Loopback Network '127.0.0.1' and the Host IP Network '10.1.1.36'.
  Finally, upon understanding the sections of the Windows 7 Routing Table there are additional functions available when using the 'route' Command.  This Blog entry is focused solely on output from the 'route print' Command.
  Summary: In this Blog entry focused on using the 'route print' Command from an Administrative Command Prompt in Windows 7.  Each of the defined routes for a Workstation running Windows 7 Enterprise were reviewed for reference.
  Lynn Lunik
  Chief Security Architect
  IT Pro Secure Corporation
  and exchangesummit.net
  blog <at> itprosecure.com

  I thought, it is my browser issues of not seeing the images.
  but as seen on the other comments, this not in my browser case.
  Can someone check on this and repost the images if needed?

• Network Manager Role - route add/delete command

  How to establish role (RBAC) to modify routing table ? When I use embeded Network Management profile for this purpose, after running route add command I receive message that running route command needs root priviledges.

  Could explain in more details ?
  What I want achieve is to give some users ability to modify routing table. For that purpose I established role named service. I have assingend built in profile Network Management to that role via SMC. I established also right profile named Service Commands with /usr/sbin/route command. But when I am trying modify routing table I receive the following error:
  service@host > route add 1.1.1.2 10.93.5.254
  *route: must be root to alter routing table: Permission denied*Below is listing profiles assing with RBAC role service:
  service@host > profiles -l service
        Service Commands:
            /usr/sbin/route    euid=0, egid=0
            /usr/sbin/snoop    euid=service, egid=1
            /usr/sbin/ifconfig    euid=0, egid=0
        Device Management:
            /usr/sbin/allocate    uid=0
            /usr/sbin/deallocate    uid=0
        Network Management:
            /etc/init.d/asppp    uid=0, gid=sys
            /etc/init.d/inetinit    uid=0, gid=sys
            /etc/init.d/inetsvc    uid=0, gid=sys
            /etc/init.d/nscd    uid=0, gid=sys
            /etc/init.d/rpc    uid=0, gid=sys
            /etc/init.d/sysid.net    uid=0, gid=sys
            /etc/init.d/sysid.sys    uid=0, gid=sys
            /etc/init.d/uucp    uid=0, gid=sys
            /usr/bin/netstat    uid=0
            /usr/bin/rup    euid=0
            /usr/bin/ruptime    euid=0
            /usr/bin/setuname    euid=0
            /usr/sbin/asppp2pppd    euid=0
            /usr/sbin/ifconfig    uid=0
            /usr/sbin/in.named    uid=0
            /usr/sbin/ipqosconf    euid=0
            /usr/sbin/route    uid=0
            /usr/sbin/snoop    uid=0
            /usr/sbin/spray    euid=0
        All:
  service@host > grep service /etc/user_attr
  service::::profiles=Service Commands,Device Management,Network Management;type=role
  user1::::profiles=Service Commands,Network Management,Service,All;roles=service;type=normal

• How do I route multiple SB302 switches at different sites and their VLANs?

  Hello Cisco Support Community,
  First thank you for any replies.
  The video posted today on 302's and multiple VLAN's on one switch was nice.
  Thank you, I have that working but it's not really what I need.
  Though pictures are worth a 1000 words so I hope someone will post something similar to my question.
  I have 7 - SB 302-08 switches with the most recent firmware. (updated firmware today, thanks to the video, and TG for the CLI)
  All 302's are configured for layer 3.
  This is my first experience with the SMB line of switches.
  I have a main office and several satellite branch offices.
  All locations are connected back with a "Q to Q" circuit on individual ports to a vendor supplied switch at the main office.
  I need to link all branch office 302 switches back to the main office 302 switch and allow traffic amongst them.
  Mainly traffic between each branch office and the main office.
  There maybe a future need to incorporate VoIP on them as well, but that is a back burner issue.
  These locations will have an individual VLAN and 302 switch but need to receive data from the main VLAN and possibly others.
  I have a "core" SB 302 setup at the main office with its own VLAN.
  Each branch switch has its own VLAN.
  I would also like to have a centralized management VLAN for the switches.
  In trying to configure the core 302 I keep losing connectivity and having to reset it.
  On the branch switches I end up getting them to only link to themselves with different IP's and not the core.
  I'm assuming this is caused by my not configuring interconnectivity using ACL.
  Please let me know if you need additional information.
  Thanks

  Alllan,
  Well first you want to make sure you are running latest firmware 1.1.1.8 I do believe
  Next either console into the switch or you can turn on SSH/Telnet under Web gui (Security••àTCP/UDP services and make sure SSH/Telent is enabled)
  Now we configure the switch via Cli
  We need to enter global configuration mode.
  Configure Terminal
  (next add our vlans)
  Vlan database
  Vlan 10
  Vlan 20
  Vlan 30
  Exit
  (you can run show command to see your vlans)
  do show vlan
  (Now configure the port how you would like)
  Interface GE1
  Switchport mode access   (this is making Gigabit port 1 an access port)
  Switchport access vlan 20 (this command is changing access port vlan from 1 to 20)
  (less configure a trunk port)
  Interface GE2
  Switchport mode trunk (this makes port 2 for trunking)
  (Now less add our Vlans)
  Switchport trunk native vlan 1
  Switchport trunk allowed vlan add 10,20,30
  Exit global configuration
  (Use this command to copy your settings to startup)
  Copy running-config startup-config
  (Some screen shots attached)
  I see you have a WRT54G router which i don't think support vlans unless you have 3rd party OS installed.
  So currently is the SG300 swtich operating in layer 2 or layer 3 , guessing this is why you choose to move up to 300 series switch?
  If the switch is not in layer 3 mode but in layer2 when setting it to layer3 the switch will default all pervious settings.
  If the switch is set in layer 3 mode you might have forgot your default route
  (Command setting default route)
  configure terminal
  ip route 0.0.0.0 0.0.0.0 192.168.1.1  (192.168.1.1 being address of your WRT54G)
  Now you would need to set up ACL's to deny and allow what traffic you wanted to filter on the SG300
  Also reading your post we would need you to call into support center SBSC @ 1-866-606-1866
  This way we could get a better idea of your current configuration and assist with fixing or finding a solution for you.
  you have 1 year phone support with this product
  Thanks,
  Jasbryan