ISR Router Official Throughput Datasheet

Similar Messages

• MPLS CE support on Cisco 2800 ISR router

  Hi all, could I ask you for some hints about MPLS CE support on Cisco 2800 ISR router today? I`m finding restrictions and recommendations for feature implementation. Do you have any cisco web site about them?
  Thank you for your advice and/or hints.
  Peter

  Thanks for an answer. I need to use multi-VPN model on CE router, but with QoS on one physical CE-PE connection (e.g. Frame-Relay DLCI).However, all VPNs on CE router must be secured for each one. The solution is Multi-VRF service feature, but, however, with multi-DLCI model on Frame-Relay and QoS per DLCI. Now, I`m finding a scenario to provide multi-VPN model on CE router with single-DLCI model and single QoS per one DLCI for all VPNs. And that, MPLS CE feature on C2800 could be used, if possible.
  So, I don`t know more about MPLS CE on C2800 and I don`t know make a result to propsed solution...

• ISR router EIGRP Route Tag

  Hi,
  Wondering any one has successfully set route tag for EIGRP routes?
  What I am trying to achieve here is to set route tag for the summary routes of the connected interfaces and subnets of some other connected interfaces.
  Let's say an ISR router R1 with IOS 15.1(4)M3 has three interfaces running with EIGRP.  
  Interface Gi0/0 
  ip add 172.16.0.1/24
  summary-add 172.16.0.0/16
  Interface Gi0/1 
  ip add 172.16.1.1/24
  summary-add 172.16.0.0/16
  Interface Gi0/2 
  ip add 192.168.2.1/24
  I am having difficulty to set route tag for summary add 172.16.0.0/16 and 192.168.2.0/24 before they get advertised to another router.
  Any idea please?
  Thanks
  Cedar

  Duplicate posts.  
  Go here:  https://supportforums.cisco.com/discussion/12256521/isr-router-eigrp-route-tag

• 1841 ISR Router and Client VPN

  Hi,
  CAn I terminate VPN clients on a 1841 ISR Router? What are the requirement for that e.g IOS version DRAM or Flash?
  Plz Help
  Regards

  sanjay
  You should certainly be able to terminate VPN client sessions on an 1841 router. For 1841 you need either 12.3T or 12.4 code. For feature set you need something like Advanced Security or Advanced IP Services. these require 128 MB memory and 32 MB flash which is the default amount of memory and flash that ship with the router.
  HTH
  Rick

• EEM ON ISR router

  I want to configure the ISR router to Send the top 10 CPU and Memory Utilization every two hours to my email addess, I went through too many documents and I found a lot of solutions which are confusing me some of them using cron job, some of them Using OID and others using TCL Scripts.
  Please assist me in the easiest way.
  Thanks

  This EEM Tcl policy should do what you want.  Before installing it, you will need to set some environment variables, though:
  # mem_cpu_time      : Number of seconds between executions of this policy.## mem_cpu_num_lines : Number of lines to include in the output.## _email_server     : SMTP server used to send email.## _email_from       : Email address from which email will be sent.## _email_to         : Email address(es) to which email will be sent.## _email_cc         : (optional) Email address(es) to which email will be#                     carbon copied.
  For example, in "config t" mode:
  event manager environment mem_cpu_time 7200event manager environment mem_cpu_num_lines 10event manager environment _email_server 10.1.1.1event manager environment _email_from [email protected] manager environment _email_to [email protected] manager environment _email_cc [email protected]
  That configuration will run the policy every two hours, and send the top 10 lines of "show proc mem sorted" and "show proc cpu sorted" via email to [email protected] and [email protected]

• Debug IP Policy on Cisco 4451-X ISR Router

  Cisco 4451-X ISR router is running IOS XE Software version 03.13.00.S.  I am trying to run the command "debug ip policy" on the router to verify if the traffics are policy-routed correctly, but I get no output displayed on the router for the debug command.  I am connected via a console cable and the logging console is enabled.  How do I get the debug outputs to display on the router for monitoring?  Thanks.

  Actually, you can use a TFTP server...
  First of all, create a text file using a text editor (call it 'dhcpstatic', for instance) with the following contents (don't include the dashes):
  *time* Jan 21 2005 03:52 PM
  *version* 1
  !IP address Type Hardware address Lease expiration
  172.16.12.100 /24 1 0011.4342.e9a5 Infinite
  Then do the following:
  no service dhcp
  ip dhcp pool pool1
  network 172.16.12.0 255.255.255.0
  domain-name xxxdomain.com
  dns-server 172.16.12.20 172.16.12.21
  netbios-name-server x.x.x.x
  default-router 172.16.12.1
  lease 0 12
  origin file tftp:///dhcpstatic
  Then do a 'service dhcp'...
  Once you have this working, we can do a further optimisation by storing the file on your switch so that you don't need to use a TFTP server...
  Hope that helps - pls rate the post if it does.
  Paresh

• Billing in ISR router 2821

  Hi,
  Is it actually possible to do the billing on an ISR router without using CME, like terminating the VOIP traffic on 2821 router and then sending it to Voice PRI. I will only need billing there wont be any CME. Please also suggest any billing software.

  Hi,
  Actually i wont be using be using CME. I will only be terminating the voice traffic from WAN link and sending it to PSTN. Can i still use third party billing software for that purpose.

• Simple remote connection using Cisco AnyConnect and ISR router

  Hi all,
  I am just wondering what the easiest and simplest method would be to make remote PCs (running Cisco AnyConnect) establish a VPN IPsec to a Cisco ISR (881/887, 1900s,2900s series). I used to use EasyVPN method (simple and fast to configure and no need for special licences other than crypto licence) but since Cisco VPN Client is no longer supported I had to resort to WebVPN which requires a licence depending on the number of clients to support (SSL licences for 10,20 users and so forth). I've read a bit about FlexVPN but I can't find an easy example to what I want to do. The closest is this one (FlexVPN and Anyconnect IKEv2 Client Configuration Example):
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115941-flexvpn-ikev2-config-00.html
  But that example makes use of RADIUS. Is there a way to make use of local database (users configured on the router) instead of RADIUS?
  Basically what I am after is the following
  - Remote users install Cisco AnyConnect to establish a VPN connection to HQ
  - HQ ISR (880s, 1900s, 2900s) terminates that VPN connections and allows access to local resources (shared drives, applications...).Authentication method would be local database on the router. No need of RADIUS/ACS as this is for very small companies with no IT resources to maintain and configure a RADIUS/ACS server.
  I think what I need is this AnyConnect to IOS Headend Over IPsec with IKEv2 and Certificates Configuration Example:
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115014-flexvpn-guide-cert-00.html
  But the example is too highlevel for me to follow, basically I don't know how to generate such certificates and distribute it to remote clients.
  Any help as to how to create such certificates or how to configure FlexVPN to just requiring the user to enter usr/pass (using local database not RADIUS nor ACS) would be highly appreciated.
  Cheers
  Alvaro

  If you insist .. try this:
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/116032-flexvpn-aaa-config-example-00.html
  http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115907-config-flexvpn-wcca-00.html
  http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/50282-ios-ca-ios.html

• 2921 ISR router

  Having question on ISR 2921 G2
  If I installed SM-ES3G-16-P’s in my 2921, could they perform all the functions of a Metro Ethernet switch utilizing the data license of the router ?
  Thanks

  Hi,
  Not all of them but most of. You will not have any issue in most of the layer 2 technologies. I would say that when the design will get more complex(e.g. SP scenario) this amazing module will highlight that is just a module. Good buying though.
  Hope this helps
  Alessio
  Sent from Cisco Technical Support iPad App

• VPN Client and AAA services on a Cisco ISR Router

  Hi, my name is Jim, and I was just promoted as a trainer for the company I work for.  Part of my new challenge is understanding how the configuration files in both my Terminal Services/VPN Router and Core Router work, so for many of you, these questions are going to seem very fundamental, but please help, I am an instructor in training.  I hold a CCNA, CCNA-Wireless, and a CCSI cert, but I have little working experience in building and maintaining a lab....hence the need for this inquiry.
  So to my questions. In our lab environment, we have a router that acts as our terminal services router and VPN router.  Each laptop that connects to the lab has the Cisco VPN client loaded onto it, as well as my laptop that I teach from.  My questions are these:
  1.  What parts of the AAA output of the running configuration tell me how to configure the VPN clients on my laptops?
  2.  I am using crypto key generate RSA at 1024 bits on the VPN/TS router, so does that tell me how to configure some part of the client?
  3.  In our lab, we are going to use a direct connection to an AP to get connected to the network, and how will the absence of an Internet connection affect the settings on the VPN client, or will they?
  4.  Are there helpful articles I can read that will answer some or all of these questions? 
  Thanks in advance,
  Jim

  Hi Jim,
  congratulations
  Assuming a basic setup, your router will have something like this:
  crypto isakmp client configuration group MyGroup
    key cisco123
  So on the client, you configure it to use MyGroup as the group name, and cisco123 as the (group) password.
  I'm not sure I understand your question #3 and what you mean by "AP" (Access Point? So WiFi?). In any case you don't need Internet access per se, as long as you have network (IP) connectivity between the host running the vpnclient and the VPN router.
  Does this help?
  Herbert

• ISR router cannot receive packets addressed to itself?

  Hello, Support Team and All Members,
  I have a C881G router connected to 2 different ISP networks with a failover function configured and running properly. The following is a simple network diagram:
  The main WAN traffic goes through the ISP 1 LTE network and the router, provided by that ISP. The DMS Host on that router points to our C881G router Fa4 WAN interface (192.168.1.10), so the ISP 1 NAT Router is practically transparent to our traffic. Our C881G tracks the DNS server within the ISP 1 network (194.dns.isp.1) and in case of it's inaccessibility the traffic is switched to the backup link, served by the on-board HSPA+ modem (interface Dialer0 of our C881G), connected to the ISP 2 HSPA network. It works fine, but the problem is with the PPTP connections from outside to the C881G router. The PPTP calls work always from the PPTP Client 2 PC (directly connected to the Fa4 subnet), but from PPTP Client 1 PC it works only in the failover mode - when all traffic goes through the ISP 2. The incoming path via ISP 1 does not work. The problem is rather not connected to the PPTP VPN, GRE, authentication or encryption, because just the first TCP 1723 SYN packets are dropped at Fa4 much earlier by the C881G router. The debug ip packet detail shows the following routing decision:
  IP: s=194.xxx.yyy.80 (FastEthernet4), d=192.168.1.10, len 40, input feature
      TCP src=4241, dst=1723, seq=791503628, ack=4111924253, win=0 ACK RST, MCI Check(94), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
  FIBipv4-packet-proc: route packet from FastEthernet4 src 194.xxx.yyy.80 dst 192.168.1.10
  FIBfwd-proc: Default:192.168.1.10/32 receive entry
  FIBipv4-packet-proc: packet routing failed
  All other packets addressed from outside networks to the router itself and received via the Fa4 are also dropped in this way. All packets sent to Fa4 from the local subnet 192.168.1.0 are accepted. The routing table shows only standard connected interfaces and 1 static route to the 194.dns.isp.1 via 192.168.1.1, which is also the tracked gateway of last resort.
  Router runs the CEF.
  I cannot locate in the following configuration file any statement preventing the packets addressed to the router itself:
  version 15.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  service internal
  hostname C881_xyz
  boot-start-marker
  boot-end-marker
  logging buffered 8192
  no logging console
  no logging monitor
  no aaa new-model
  clock timezone PCTime 1 0
  clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
  crypto ...
  ... <removed for sanity>
  crypto pki ...
  ip dhcp excluded-address 192.168.70.1 192.168.70.99
  ip dhcp excluded-address 192.168.70.180 192.168.70.254
  ip dhcp excluded-address 192.168.71.1 192.168.71.99
  ip dhcp excluded-address 192.168.71.180 192.168.71.254
  ip dhcp pool ccp-pool
   import all
   network 192.168.70.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 192.168.70.1
   lease 0 12
  ip dhcp pool NVR
   import all
   network 192.168.71.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 192.168.71.1
   lease 0 12
  ip domain name mydomain.com
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  ip inspect WAAS flush-timeout 10
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 1
   ! Default PPTP VPDN group
   accept-dialin
    protocol pptp
    virtual-template 1
  chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
  license udi pid C881G+7-K9 sn ***********
  username admin privilege 15 secret 5 ******************************
  controller Cellular 0
  track 1 ip sla 1 reachability
   delay down 1 up 30
  interface FastEthernet0
   description All VLANs Trunk
   switchport mode trunk
   no ip address
  interface FastEthernet1
   description VLAN 1 - LAN Main
   no ip address
  interface FastEthernet2
   description VLAN 20 - LAN NVR
   switchport access vlan 20
   no ip address
  interface FastEthernet3
   description Traffic Monitoring only
   no ip address
  interface FastEthernet4
   description WAN SP1$ETH-WAN$
   ip address 192.168.1.10 255.255.255.0
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
  interface Virtual-Template1
   ip unnumbered FastEthernet4
   peer default ip address pool vpn_pptp_pool
   no keepalive
   ppp encrypt mppe auto
   ppp authentication ms-chap-v2
  interface Cellular0
   ip address negotiated
   ip nat outside
   ip virtual-reassembly in
   encapsulation slip
   dialer in-band
   dialer pool-member 1
   dialer-group 1
   async mode interactive
  interface Vlan1
   description LAN Main
   ip address 192.168.70.1 255.255.255.0
   ip flow ingress
   ip flow egress
   ip nat inside
   ip virtual-reassembly in
  interface Vlan20
   description LAN NVR
   ip address 192.168.71.1 255.255.255.0
   ip flow ingress
   ip flow egress
   ip nat inside
   ip virtual-reassembly in
  interface Dialer0
   ip address negotiated
   ip nat outside
   ip virtual-reassembly in
   encapsulation slip
   dialer pool 1
   dialer idle-timeout 0
   dialer string gsm
   dialer persistent
   dialer-group 1
  ip local policy route-map track-primary-if
  ip local pool vpn_pptp_pool 192.168.70.180 192.168.70.199
  ip forward-protocol nd
  no ip http server
  ip http access-class 1
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip flow-top-talkers
   top 32
   sort-by bytes
   cache-timeout 600000
  ip nat inside source route-map ISP_1 interface FastEthernet4 overload
  ip nat inside source route-map ISP_2 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1
  ip route 0.0.0.0 0.0.0.0 Dialer0 253
  ip route 194.dns.isp.1 255.255.255.255 192.168.1.1
  ip sla auto discovery
  ip sla 1
   icmp-echo 194.dns.isp.1 source-interface FastEthernet4
   frequency 10
  ip sla schedule 1 life forever start-time now
  logging trap debugging
  dialer-list 1 protocol ip permit
  route-map track-primary-if permit 1
   match ip address 100
   set interface FastEthernet4
  route-map Static_ISP_2 permit 10
   match interface Dialer0
  route-map Static_ISP_1 permit 10
   match interface FastEthernet4
  route-map ISP_2 permit 10
   match ip address 1
   match interface Dialer0
  route-map ISP_1 permit 10
   match ip address 1
   match interface FastEthernet4
  access-list 1 remark List for outside NATs
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.70.0 0.0.0.255
  access-list 1 permit 192.168.71.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=0
  access-list 100 permit icmp any host 194.dns.isp.1
  access-list 105 remark List for debugging local ICMP tests
  access-list 105 remark CCP_ACL Category=16
  access-list 105 permit icmp any any
  control-plane
  line con 0
   no modem enable
  line aux 0
  line 3
   script dialer gsm
   modem InOut
   no exec
   transport input all
   rxspeed 21600000
   txspeed 5760000
  line vty 0 4
   exec-timeout 0 0
   privilege level 15
   login local
   transport input telnet ssh
  line vty 5 15
   access-class 23 in
   privilege level 15
   login local
   transport input telnet ssh
  ntp update-calendar
  ntp server 195.time.srv.1
  end
  Do you have an idea what can be the reason of that behaviour?
  I really appreciate your suggestions,
  Maciex

  Hello Maciex,
  I am afraid that the debug ip packet detailed has led you to a wrong conclusion. Whatever the "forus FALSE" means, it does not indicate that the router refuses to consider the packet as addressed to itself. I've just concocted a very quick test - two routers connected back to back, one is 10.0.1.1/24, the other is 10.0.1.2/24. I am pinging 10.0.1.2 from 10.0.1.1 and this is what 10.0.1.2 shows me:
  *Aug 4 23:09:38.067: IP: s=10.0.1.1 (Ethernet2/1), d=10.0.1.2, len 100, input feature
  *Aug 4 23:09:38.071: ICMP type=8, code=0, MCI Check(94), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
  *Aug 4 23:09:38.079: FIBipv4-packet-proc: route packet from Ethernet2/1 src 10.0.1.1 dst 10.0.1.2
  *Aug 4 23:09:38.083: FIBfwd-proc: Default:10.0.1.2/32 receive entry
  *Aug 4 23:09:38.083: FIBipv4-packet-proc: packet routing failed
  *Aug 4 23:09:38.087: IP: tableid=0, s=10.0.1.1 (Ethernet2/1), d=10.0.1.2 (Ethernet2/1), routed via RIB
  *Aug 4 23:09:38.091: IP: s=10.0.1.1 (Ethernet2/1), d=10.0.1.2 (Ethernet2/1), len 100, rcvd 3
  *Aug 4 23:09:38.095: ICMP type=8, code=0
  *Aug 4 23:09:38.099: IP: s=10.0.1.1 (Ethernet2/1), d=10.0.1.2, len 100, stop process pak for forus packet
  *Aug 4 23:09:38.103: ICMP type=8, code=0
  *Aug 4 23:09:38.107: FIBipv4-packet-proc: route packet from (local) src 10.0.1.2 dst 10.0.1.1
  *Aug 4 23:09:38.111: FIBfwd-proc: packet routed by adj to Ethernet2/1 10.0.1.1
  *Aug 4 23:09:38.111: FIBipv4-packet-proc: packet routing succeeded
  *Aug 4 23:09:38.115: IP: s=10.0.1.2 (local), d=10.0.1.1 (Ethernet2/1), len 100, sending
  *Aug 4 23:09:38.119: ICMP type=0, code=0
  *Aug 4 23:09:38.127: IP: s=10.0.1.2 (local), d=10.0.1.1 (Ethernet2/1), len 100, sending full packet
  *Aug 4 23:09:38.131: ICMP type=0, code=0
  Note that even here, the router said the same as yours - and yet it did respond successfully to the ping request.
  There is, I am afraid, a more mundane problem. PPTP is generally incompatible with PAT. PPTP uses two data streams: one is the control channel run over TCP port 1723, the other is the actual tunneled traffic - however, that traffic is essentially GRE-encapsulated, put directly into IP packets with no port information (there is no TCP/UDP involved). Without special support on the ISP 1 NAT box, PPTP sessions will not be able to pass through it. You will have to negotiate this with your ISP 1 - ask him to configure its NAT box with PPTP Application Layer Gateway support and allow IP protocol 47 (GRE).
  This would explain why the PPTP Client 2 can always connect to your router - it is because there is no NAT/PAT/FW between the client and the router. It would also explain why Client 1 is able to connect over ISP 2 - because on that path, there is no NAT/PAT/FW box apparently present and there is a direct connectivity to the public IP address of your router.
  Try talking to your ISP 1 about this.
  Best regards,
  Peter

• ISR Router on board Encryption vs. AIM module

  Hi,
  I just want to get some feedback from people who use ISR (2811 or 3825) to do encryption using on board chip vs. purchasing an extra AIM module to do the encryption.
  From Cisco own performance test, it shows that with an additional AIM module to assist encryption, there is only minimal performance gain.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_4_Phase2.html#wp82283
  Since we are planning to migrate the entire network to a DMVPN, I just want to make sure if there is merit to purchase this AIM module?
  Any input or suggestion is welcome.
  Thanks.

  The link you have mentioned is specific to DMVPN. In general there is significant increase in performance, please check Table 3 on the below link:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns483_Networking_Solutions_Brochure.html
  Regards
  Farrukh

• Cisco 892 ISR router

  Hi
  Does my router 892 support Voip?
  I wanted to create a ccna voice lab. Any advice would be great as regarding router 892 supporting Voip with CME
  I have found 1 doc it states 892 router supports CME 
  http://ptgmedia.pearsoncmg.com/images/9781587132995/samplepages/1587132990.pdf
  892 doesn't support DSP but then how it will support CME ?
  Any advice will be great
  Regards
  Aateek Singh
  Network engineer
  Spooster IT Services

  Hi.
  That comes from my experience.
  I have a 887VA (non Cube) which originally mounts 256 MB of ram.
  I purchased a 512MB module and loaded an 880-voice image and now i have a fully operative CUCME .
  This is my Router
  Cisco 887VA (MPC8300) processor (revision 1.0) with 708608K/77824K bytes of memory.
  Processor board ID FCZ1618C5KG
  1 DSL controller
  1 Ethernet interface
  4 FastEthernet interfaces
  1 ATM interface
  1 Virtual Private Network (VPN) Module
  256K bytes of non-volatile configuration memory.
  125496K bytes of ATA CompactFlash (Read/Write)
  System image file is "flash:c880voice-universalk9-mz.154-3.M1.bin"
  HTH
  Regards
  Carlo

• What is SR520 router IPSec throughput?

  I am trying to decide between an SR520, 881, and others, for a teleworker using a site-to-site IPSec tunnel.  What is the max throughput using IPSec on the 520?

  The only comparable published numbers would be here:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns171_Networking_Solutions_Brochure.html
  See Table 3
  The numbers will be similar.

• HWIC-3G-HSPA module on Cisco ISR Router

  I have a plan to implement HWIC-3G-HSPA radio module as a backup line rather than wired.
  If you have an experienced one to use one with VOIP, could you tell me that it could be available as the appropriate solution?

  Thanks to everyone,
  Cisco change the Hwic-3g-hspa card. Whole serises of Card was produce with problem.
  Now everything is working  perfectly.