Recovering static routing setting 10.1.10.1 for CUE
I'd like to recover connectivity with CUE.
I deleted default static routing setting 10.1.10.1 for CUE by my mistake.
I tried to configure like followings.
UC520#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
UC520(config)#interface Loopback0
UC520(config-if)#description $FW_INSIDE$
UC520(config-if)#ip address 10.1.10.2 255.255.255.252
% 10.1.10.0 overlaps with Vlan101
UC520(config-if)#ip access-group 101 in
UC520(config-if)#ip nat inside
UC520(config-if)#ip virtual-reassembly
UC520(config-if)#interface Integrated-Service-Engine0/0
UC520(config-if)#description cue is initialized with default IMAP group
UC520(config-if)#ip unnumbered Loopback0
UC520(config-if)#ip nat inside
UC520(config-if)#ip virtual-reassembly
UC520(config-if)#service-module ip address 10.1.10.1 255.255.255.252
Need IP address to be configured on interface Integrated-Service-Engine0/0
It seems like ip adress setting failed because of overlapping with Vlan101. Also CUE Connectivity Diagnostics says "IP address needs to be configured on interface Integrated-Service-Engine0/0"
Use reset only to recover from shutdown or failed state
Warning: May lose data on the the NVRAM, nonvolatile file system or unsaved configuration!
Do you want to reset?[confirm]
Trying to reload Service Module Integrated-Service-Engine0/0.
UC520#service-module Integrated-Service-Engine 0/0 session
IP address needs to be configured on interface Integrated-Service-Engine0/0
UC520#
I'm a beginer of IOS, Cisco products and also English. I can barely use CCA. Thank you.
Check in flash there should be a default configuration file with basic settings.
Similar Messages
-
I have three Macs that need to have persistent static routes set up. I installed RouteSplit for this purpose and it seems to work well. After reboot, I can ping a host machine on the static route. But if I try to mount an SMB share over that route, it fails and I find that I can't even ping the host address anymore. If I reboot, I am back to having connectivity again, but attempting to mount the SMB share breaks it again. Is there something in the SMB.conf file that is breaking my static route?
By the way, even after it has been broken, I can do a netstat -rn and it shows the static route in the routing table. I am lost.
Bob ReedI can ping a host machine on the static route
By name, or by address?
But if I try to mount an SMB share over that route, it fails and I find that I can't even ping the host address anymore
By name, or by address?
You don't state how you're testing your ping, either before or after the attempt to mount the server.
There is a 100% disconnect between SMB and your routing table - it shouldn't be possible for SMB to affect that, nor should SMB care how to get to the specified host. Therefore I'm thinking the problem lies somewhere in between, possibly in the name resolution part of the process, hence my questions. -
Cisco UC560 Not Clearing Static Routes When VPN Connections Drop
We have a Cisco UC560 (UC560-FXO-K9) running "Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M),
Version 15.1(2)T2, RELEASE SOFTWARE (fc1)" The issue is when we have end users connecting with the Cisco VPN Client to this device sometimes we are unable to connect to any devices on our LAN or sometimes we can't connect to the LAN on the other end of our site-to-site VPN. The one symptom I've observed when this happens is that old VPN sessions that have disconnected appear to leave static routes from the user's outside IP at their home to an IP on our LAN to a Virtual-Access interface. When this starts to happen, I restart the firewall to clear out the stale static routes and the problem is fixed, for a while at least. Below is the current state where we have the site-to-site VPN connected to our branch office and 2 user's connected with Cisco VPN clients. Below that is the static route table which has 5 total Virtual-Access interface routes (one is an extra route for a user currently connected so that their outside IP is in the static route table with 2 inside IP's associated.) Is there a way to fix the cleanup of VPN connections when they terminate?
#sh crypto isakmp peers
Peer: <branch office outside IP> Port: 500 Local: <firewall's outside IP>
Phase1 id: <branch office outside IP>
Peer: <users's outside IP #1> Port: 50420 Local: <firewall's outside IP>
Phase1 id: EZVPN_GRP_437
Peer: <user's outside IP #2> Port: 49345 Local: <firewall's outside IP>
Phase1 id: EZVPN_GRP_437
Bugsy#sh ip ro st
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is <next hop of ISP for firewall> to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via <next hop of ISP for firewall>
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
S 10.0.0.153/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
S 10.0.0.155/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
S 10.0.0.156/32 [1/0] via <user's outside IP #2>, Virtual-Access3
S 10.0.0.158/32 [1/0] via <user's outside IP #1>, Virtual-Access3
S 10.0.0.159/32 [1/0] via <user's outside IP #2 again>, Virtual-Access2
S 10.1.10.1/32 is directly connected, Vlan90Hi Brian,
This sounds like you are running into the following known issue:
CSCtl03682 - EzVPN client: Several RRI routes pointing to same virtual interface
which is Dup'd to:
CSCtf39056 - RRI routes not deleted
This is fixed since 15.1(2)T4, so I would recommend upgrading to SWP 8.2 or higher. The only other way to clean up the stuck routes is to reload the router.
Thanks,
Brandon -
Cisco ASA static route Administrative Distance
Hello Dear Engineers,
In Cisco ASA 8.2(5) version I configured Static Route Floating with different Administrative Distances (for example, 10) , but IOS cannot accept this parameter. for verifying, show route command result shows administrative distance as 1 .
Configuration example:
ip route 10.0.0.0 255.255.255.0 192.168.1.1 1 track 1
ip route 10.0.0.0 255.255.255.0 192.168.2.1 10
S 10.0.0.0 255.255.255.0 [1/0] via 192.168.2.1, outside2
Is this the bug of the IOS, or may-be I misconfigured something?
Thanks in advance.Hi Samir,
Even Pix 8.0 version shows the correct ad value defined..... might be that would be a bug or misconfiguration from your end.
pixfirewall(config-if)# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
C 1.1.1.0 255.255.255.0 is directly connected, out1
C 2.2.2.0 255.255.255.0 is directly connected, out2
S* 0.0.0.0 0.0.0.0 [1/0] via 1.1.1.2, out1
pixfirewall(config-if)# shut
pixfirewall(config-if)# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 2.2.2.2 to network 0.0.0.0
C 2.2.2.0 255.255.255.0 is directly connected, out2
S* 0.0.0.0 0.0.0.0 [100/0] via 2.2.2.2, out2
pixfirewall(config-if)#
Regards
Karthik -
We have a VSS based on 2x WS-C4500X-16., The VSS is used as Layer 2 Switch for diffrents Vlan in our DC.
After making the VSS as a Layer 3 gateway for our production VLAN and added 2 routes for routing purposes, we encountered a network down time with high CPU in the VSS and a huges log messages :
.May 14 12:11:25.947: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.22 Vlan100
.May 14 12:11:34.516: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.22 Vlan100
.May 14 12:11:40.072: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
.May 14 12:11:49.682: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
.May 14 12:11:55.079: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
.May 14 12:12:00.926: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.40 Vlan100
.May 14 12:12:06.701: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.8.32 Vlan100
.May 14 12:12:12.624: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.40 Vlan100
.May 14 12:12:21.627: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.7.40 Vlan100
.May 14 12:12:32.261: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.8.32 Vlan100
.May 14 12:12:41.801: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.2.105 Vlan100
.May 14 12:12:49.633: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
.May 14 12:12:54.831: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
.May 14 12:12:59.960: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.1.1.254 Vlan100
.May 14 12:13:08.745: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
.May 14 12:13:16.138: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
.May 14 12:13:22.393: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
.May 14 12:13:31.415: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.141 Vlan100
.May 14 12:13:38.944: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.2.215 Vlan100
.May 14 12:13:45.972: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.253 Vlan100
Bellow are the show version of our VSS,
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Dec-12 04:38 by prod_rel_team
ROM: 15.0(1r)SG10
S_C4500X_01 uptime is 33 weeks, 1 day, 14 minutes
Uptime for this control processor is 33 weeks, 1 day, 16 minutes
System returned to ROM by power-on
System restarted at 11:59:10 UTC Tue Sep 24 2013
Running default software
Jawa Revision 2, Winter Revision 0x0.0x40
Last reload reason: power-on
License Information for 'WS-C4500X-16'
License Level: ipbase Type: Permanent
Next reboot license Level: ipbase
cisco WS-C4500X-16 (MPC8572) processor (revision 9) with 4194304K/20480K bytes of memory.
Processor board ID JAE173303CF
MPC8572 CPU at 1.5GHz, Cisco Catalyst 4500X
Last reset from PowerUp
4 Virtual Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
Can you help please,Hi,
thanks for your reply, but there is no hsrp configured, just an interface vlan. with 2 static routes and the problem was there for more than an hour before we decided to rollback.
Is there a BugId with this problem in Cisco DataBase.
here is a show ip route
S_C4500X_01# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.2.1.253 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.2.1.253
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/8 is directly connected, Vlan100
L 10.1.1.250/32 is directly connected, Vlan100
172.31.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.31.0.0/16 is directly connected, Vlan120
L 172.31.0.1/32 is directly connected, Vlan120
S 192.1.0.0/16 [1/0] via 10.1.1.254
and the show ip cef:
_C4500X_01# show ip cef
.May 14 12:13:57.859: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.2.1.158 Vlan100 f
Prefix Next Hop Interface
0.0.0.0/0 10.2.1.253 Vlan100
0.0.0.0/8 drop
0.0.0.0/32 receive
10.0.0.0/8 attached Vlan100
10.0.0.0/32 receive Vlan100
10.1.1.6/32 attached Vlan100
10.1.1.17/32 attached Vlan100
10.1.1.40/32 attached Vlan100
10.1.1.41/32 attached Vlan100
10.1.1.50/32 attached Vlan100
10.1.1.60/32 attached Vlan100
10.1.1.99/32 attached Vlan100
10.1.1.121/32 attached Vlan100
10.1.1.122/32 attached Vlan100
10.1.1.124/32 attached Vlan100
10.1.1.125/32 attached Vlan100
10.1.1.126/32 attached Vlan100
10.1.1.225/32 attached Vlan100
10.1.1.227/32 attached Vlan100
10.1.1.250/32 receive Vlan100
10.1.1.254/32 10.1.1.254 Vlan100
10.2.1.3/32 attached Vlan100
10.2.1.4/32 attached Vlan100
10.2.1.6/32 attached Vlan100
10.2.1.8/32 attached Vlan100
10.2.1.9/32 attached Vlan100
10.2.1.18/32 attached Vlan100
10.2.1.23/32 attached Vlan100
10.2.1.24/32 attached Vlan100
Prefix Next Hop Interface
10.2.1.26/32 attached Vlan100
10.2.1.28/32 attached Vlan100
10.2.1.29/32 attached Vlan100
10.2.1.31/32 attached Vlan100
10.2.1.103/32 attached Vlan100
10.2.1.108/32 attached Vlan100
10.2.1.109/32 attached Vlan100
10.2.1.124/32 attached Vlan100
10.2.1.129/32 attached Vlan100
10.2.1.137/32 attached Vlan100
10.2.1.139/32 attached Vlan100
10.2.1.143/32 attached Vlan100
10.2.1.144/32 attached Vlan100
10.2.1.159/32 attached Vlan100
10.2.1.167/32 attached Vlan100
10.2.1.174/32 attached Vlan100
10.2.1.175/32 attached Vlan100
10.2.1.176/32 attached Vlan100
10.2.1.181/32 attached Vlan100
10.2.4.38/32 attached Vlan100
10.2.4.39/32 attached Vlan100
10.2.4.43/32 attached Vlan100
10.2.4.47/32 attached Vlan100
10.2.4.51/32 attached Vlan100
10.2.4.63/32 attached Vlan100
10.2.4.65/32 attached Vlan100
10.2.4.69/32 attached Vlan100
10.2.4.71/32 attached Vlan100
10.2.4.73/32 attached Vlan100
10.2.4.102/32 attached Vlan100
10.2.4.106/32 attached Vlan100
10.2.4.107/32 attached Vlan100
10.2.4.113/32 attached Vlan100
10.2.4.116/32 attached Vlan100
10.2.4.119/32 attached Vlan100
10.2.4.120/32 attached Vlan100
10.2.4.122/32 attached Vlan100
10.2.4.141/32 attached Vlan100
10.2.4.148/32 attached Vlan100
10.2.6.7/32 attached Vlan100
Prefix Next Hop Interface
10.2.6.16/32 attached Vlan100
10.2.6.31/32 attached Vlan100
10.2.7.14/32 attached Vlan100
10.2.7.22/32 attached Vlan100
10.2.7.24/32 attached Vlan100
10.2.7.34/32 attached Vlan100
10.2.7.37/32 attached Vlan100
10.2.7.41/32 attached Vlan100
10.2.7.48/32 attached Vlan100
10.2.8.18/32 attached Vlan100
10.2.8.32/32 attached Vlan100
10.2.8.59/32 attached Vlan100
10.2.8.70/32 attached Vlan100
10.2.8.85/32 attached Vlan100
10.2.8.88/32 attached Vlan100
10.2.8.104/32 attached Vlan100
10.2.8.135/32 attached Vlan100
10.2.99.10/32 attached Vlan100
10.2.99.54/32 attached Vlan100
10.255.255.255/32 receive Vlan100
127.0.0.0/8 drop
172.31.0.0/16 attached Vlan120
172.31.0.0/32 receive Vlan120
172.31.0.1/32 receive Vlan120
172.31.0.5/32 attached Vlan120
172.31.0.29/32 attached Vlan120
172.31.255.255/32 receive Vlan120
192.1.0.0/16 10.1.1.254 Vlan100
224.0.0.0/4 drop
224.0.0.0/24 receive
Prefix Next Hop Interface
240.0.0.0/4 drop
and show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.1 0 aa00.0400.c286 ARPA Vlan100
Internet 10.1.1.6 0 0050.5689.24b8 ARPA Vlan100
Internet 10.1.1.10 0 0050.5694.7d20 ARPA Vlan100
Internet 10.1.1.11 0 0050.5694.7d20 ARPA Vlan100
Internet 10.1.1.12 0 0050.5694.6ae7 ARPA Vlan100
Internet 10.1.1.13 0 0050.5694.6ae7 ARPA Vlan100
Internet 10.1.1.14 0 0050.568a.6321 ARPA Vlan100
Internet 10.1.1.16 0 0050.5694.0ab5 ARPA Vlan100
Internet 10.1.1.17 0 0050.5694.493d ARPA Vlan100
Internet 10.1.1.40 0 0013.19b0.9c40 ARPA Vlan100
Internet 10.1.1.41 0 1c17.d35a.c840 ARPA Vlan100
Internet 10.1.1.50 0 0002.b9b4.a5c0 ARPA Vlan100
Internet 10.1.1.60 0 000a.410f.e500 ARPA Vlan100
Internet 10.1.1.71 - 0008.e3ff.fc28 ARPA Vlan100
Internet 10.1.1.96 0 e02f.6d12.4df3 ARPA Vlan100
Internet 10.1.1.98 0 0050.5696.6d86 ARPA Vlan100
Internet 10.1.1.99 0 0050.5696.6d88 ARPA Vlan100
Internet 10.1.1.121 0 e02f.6d12.4dea ARPA Vlan100
Internet 10.1.1.122 0 e02f.6d12.4e61 ARPA Vlan100
Internet 10.1.1.123 0 e02f.6d5b.c10e ARPA Vlan100
Internet 10.1.1.124 0 e02f.6d17.c869 ARPA Vlan100
Internet 10.1.1.125 0 e02f.6d5b.c217 ARPA Vlan100
Internet 10.1.1.126 0 e02f.6d17.c8ec ARPA Vlan100
Internet 10.1.1.127 0 e02f.6d17.c876 ARPA Vlan100
Internet 10.1.1.128 0 e02f.6d5b.bef3 ARPA Vlan100
Internet 10.1.1.202 0 0000.85b7.9031 ARPA Vlan100
Internet 10.1.1.222 0 000f.f84d.2ca9 ARPA Vlan100
Internet 10.1.1.225 0 000f.f84d.3963 ARPA Vlan100
Internet 10.1.1.227 0 00c0.ee26.9367 ARPA Vlan100
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.250 - 0008.e3ff.fc28 ARPA Vlan100
Internet 10.1.1.254 0 0000.0c07.ac07 ARPA Vlan100
Internet 10.2.1.2 0 0011.4333.bcda ARPA Vlan100
Internet 10.2.1.3 0 0050.5689.5d38 ARPA Vlan100
Internet 10.2.1.4 0 0050.5689.0404 ARPA Vlan100
Internet 10.2.1.6 0 0050.5689.6d3b ARPA Vlan100
Internet 10.2.1.7 0 1cc1.def4.6940 ARPA Vlan100
Internet 10.2.1.8 0 0050.5689.330e ARPA Vlan100
Internet 10.2.1.9 0 0012.793a.3ccc ARPA Vlan100
Internet 10.2.1.10 0 0012.7990.e5d3 ARPA Vlan100
Internet 10.2.1.13 0 0050.568a.6dcf ARPA Vlan100
Internet 10.2.1.15 0 0050.568a.60ff ARPA Vlan100
Internet 10.2.1.18 0 0050.5689.091b ARPA Vlan100
Internet 10.2.1.20 0 0050.5689.451c ARPA Vlan100
Internet 10.2.1.21 0 0050.568a.0cf4 ARPA Vlan100
Internet 10.2.1.22 0 0050.5689.6c59 ARPA Vlan100
Internet 10.2.1.23 0 0050.5696.6d9e ARPA Vlan100
Internet 10.2.1.24 0 0050.5689.76c4 ARPA Vlan100
Internet 10.2.1.26 0 0050.5689.2f4e ARPA Vlan100
Internet 10.2.1.27 0 0050.5689.0632 ARPA Vlan100
Internet 10.2.1.28 0 0050.5689.1ce9 ARPA Vlan100
Internet 10.2.1.29 0 0050.5689.6aaa ARPA Vlan100
Internet 10.2.1.31 0 0050.5689.0d1a ARPA Vlan100
Internet 10.2.1.37 0 0050.5696.6d81 ARPA Vlan100
Internet 10.2.1.103 0 d4be.d9be.8eef ARPA Vlan100
Internet 10.2.1.106 0 14fe.b5e1.c595 ARPA Vlan100
Internet 10.2.1.107 0 0023.ae7d.a966 ARPA Vlan100
Internet 10.2.1.108 0 d4be.d9c8.6770 ARPA Vlan100
Internet 10.2.1.109 0 14fe.b5e9.c5b5 ARPA Vlan100
Internet 10.2.1.110 0 14fe.b5ea.5f9d ARPA Vlan100
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.2.1.111 0 001e.c959.d4f0 ARPA Vlan100
Internet 10.2.1.114 0 b8ac.6f48.4538 ARPA Vlan100
Internet 10.2.1.115 0 14fe.b5e1.ed89 ARPA Vlan100
Internet 10.2.1.116 0 7845.c409.1959 ARPA Vlan100
Thanks
Lotfi -
Problems setting up static routing
HI
I'm having a problem setting up static routing. I keep getting the message "invalid static route". I have an E1550 router and my frimware is up to date. I have tried a few different gateway addresses ie 192.168.1.1, 127.0.0.1 and my router's address on the net, but I keep getting the same message. Has anyone else had this problem and been able to fix it?I think the E1550 router supports LAN to LAN routing provided that you have two local networks. If you only have a plain modem and the E1550, I believe you can't do Static routing on that type of setup. Found this link that might help: http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=12a84336a124498eb5d6f0204b85191e_17589.xml&pid=80&...
-
Setting up static routing in sa520. Im stuck.
Hello,
I finally got my cisco router and all excited about it i tried to set it up. Everything went fine until i wanted a local machine to get its own IP adress that is reachable from the outside.
Basicly i used static IP setting in the wan/ip4v menu. This worked great and with the router assigning dhcp too all computers.
Now all the local computers has internet connection and they share one ip adress on the outside.
As for where im stuck. I have a xserve with 2 networkcards. It runs a FTP server which we use local but we also have customers needing to reach it from the outside. The local FTP works but im having difficulties assigning a outside IP too it. Our ISP has provided 5 different ipadresses.
I have tried to do this in 2 different ways where the second way is preferable.
first try:
Use the optional port as a second wan. give it the same settings as the first wan got but another ip-adress.
Then connect the xserves outside network card directly too that wan port and use dhcp. This did not work.
second try:
Assign a static routing from the wan2(optional port) too the local ipadress for the xserve.
Can someone elaborate on how this should be done?
Thank you.
Edit:
Later today i will try this firewall rule.
http://bildr.no/view/580301
Basicly i want to forward any connections from wan2 too 192.168.1.33 which is my server. Does that look correct?Thank you for your quick reply.
Im using version 1.1.21.
Im actully quite sure that its a user problem rather then firmware error. It´s the first time i evern touch a Cisco router and i havn´t done that much networking.
I can show you how i did it on my xserve. Maybe you can elaborate on how i can do it the same way.
redirect_port
proto
tcp
targetIP
192.168.1.50
targetPortRange
80
aliasIP
77.40.XXX.220
aliasPortRange
8888
Basicly it says push whatever trafic from ip 77.40.xxx.220 too 192.168.1.50 on the local network.
How can i do the same thing on my cisco router? It´s a NAT ip-forward rule.
Edit:
Screenshot shows what i have been trying.
I have chosen optional wan which is set to use another external IP adress but this does not work. It would be so much easier if i could just type in the external IP adress there and use the same gateway, dns as the main WAN.
Added config aswell.
Thank you. -
Default static route and Null 0
Hi Everyone,
Need to clear some doubts for below setup
Switch 3550A is connected to Internet Router and has OSPF nei relationship with it.
3550A# sh run int fa0/11
Building configuration...
Current configuration : 272 bytes
interface FastEthernet0/11
description OSPF LAN Connection to 2691 Router Interface Fas 0/1
no switchport
ip address 192.168.5.2 255.255.255.254
sh ip route shows
3550A#sh ip route
Gateway of last resort is 192.168.5.3 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:39:56, FastEthernet0/11
3550A#
All is working fine.
For testing purposes i config below static route on 3550A
ip default-network 192.168.1.0
ip route 192.168.1.0 255.255.255.0 Null0
After above change
3550A# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S* 192.168.1.0/24 is directly connected, Null0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:38:38, FastEthernet0/11
Now i can not ping to internet as below
3550A#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
When we ping from Switch then source IP is always the Outside interface IP right?
So in this case Switch is using which IP as source?
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
Extended ping works fine as below
3550A#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.5.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/80 ms
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
Regards
MAheshHi Mahesh,
When we ping from Switch then source IP is always the Outside interface IP right?
That is correct. By default it is always the outgoing interface on the device unless you specify it differently.
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
That is correct. Null0 can't be used as next-hop.
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
No, that is because 192.168.5.0/30 is NATed. Remember 192.168.x.x address is a private segment and cannot access the Internet unless NAT is used.
HTH
Reza -
IP SLA, Tunnels, and static routes
Here's the scenario: 1 router will have a primary and secondary ISP connection. I set up an SLA to track connectivity on the primary connection. Here are the static routes:
ip route 0.0.0.0 0.0.0.0 Tunnel55 track 10
ip route 12.54.X.X 255.255.255.240 GigabitEthernet0/0 track 10
ip route 12.54.X.Y 255.255.255.255 X.15.115.X track 10
ip route 192.168.32.0 255.255.240.0 Tunnel55 track 10
ip route 192.168.48.0 255.255.252.0 Tunnel55 track 10
ip route 192.168.56.0 255.255.255.0 Tunnel55 track 10
ip route 0.0.0.0 0.0.0.0 Tunnel56 254
ip route 12.54.X.X 255.255.255.240 GigabitEthernet0/1 254
ip route 12.54.X.Y 255.255.255.255 X.15.81.X 254
ip route 192.168.32.0 255.255.240.0 Tunnel56 254
ip route 192.168.48.0 255.255.252.0 Tunnel56 254
ip route 192.168.56.0 255.255.255.0 Tunnel56 254
So I shut down the port (gi0/0) belonging to the primary port. At this point, it seemed like it worked fine. The routes shifted over to the backup routes. However, when I re-enabled the port, only two of the routes switched back. The routes pointing to Tunnels stayed on the secondary tunnel. When I browsed my static routes, I saw this:
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Tunnel56
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 12.x.x.16/28 is directly connected, GigabitEthernet0/0
S 12.x.y.20/32 [1/0] via x.15.115.x
S 192.168.32.0/20 is directly connected, Tunnel56
S 192.168.48.0/22 is directly connected, Tunnel56
S 192.168.56.0/24 is directly connected, Tunnel56
Is there something special I need to do for Tunnels to allow the Tunnel routes to switch back automatically?Hello Ken,
I can see you are sending the probe packets to the same object ( using the track ID 10 )
After you bring the interface tunnel up, can you confirm if you can send traffic to that object?
Regards,
Julio -
Cannot add static routes wrt350n
Router has latest firmware and was just set to default values. I cannot add a static route, says "static route invalid" no matter what address I input (keeping it simple, trying 192.168.1.XXX)
I have never had this problem with any other router and I'm thinking it's broken. Thought I'd ask here to make sure I wasn't missing a setting before I throw this thing out the window.
Any help would be appreciated.
Thanks, Nick.Thanks for the help, it is appreciated...
I would like to use a static IP address for my LAN multimedia server, MythTV reccommends a static address for the backend server. I have also always used Static IP addresses for my LAN.
I am a little confused, and my networking is very rusty so please bear with me. Perhaps I have not provided enough information, because I do not fully understand your response. I don't understand how subnetting is relevant.
My network is a simple home network, with one router separating my LAN from the cloud. I have one LAN, no subnetting, 192.168.1.0/255.255.255.0.
Every home router I have used before I have set up the LAN portion like this... And it has always worked in the past...
gateway: 192.168.1.1/24.
static routes 192.168.1.(2-5)/24 for my stationary hosts.
dhcp range 192.168.1.(10-15)/24 for laptops and guests.
In response:
1) Yes it is LAN traffic, but the hosts still need addresses, right? Not sure what you're getting at here.
2) Not sure what you mean... example host 192.168.1.20/24, and the router 192.168.1.1/24are both within the 192.168.1.0/24 network, right? So requests from the cloud are broadcast to all in my LAN, right? How is this relevant?
3) I thought the gateway (on my only router) has to be part of the LAN addressing. By Linksys/Cisco default, the router LAN side gateway is 192.168.1.1/24 and it sends out dhcp addresses to 192.168.1.(100-149)/24.
Am I severly confused or are we just on the wrong page? -
Need Help for configuring Floating static route in My ASA.
Hi All,
I need your support for doing a floating static route in My ASA.
I have tried this last time but i was not able to make it. But this time i have to Finish it.
Please find our network Diagram and configuration of ASA
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.3.77 255.255.255.255 inside
http 10.10.8.157 255.255.255.255 inside
http 10.10.3.59 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set cpa esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map vpn_cpa 1 match address acl_cpavpn
crypto map vpn_cpa 1 set peer a.a.a.a
crypto map vpn_cpa 1 set transform-set abc
crypto map vpn_cpa 1 set security-association lifetime seconds 3600
crypto map vpn_cpa interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 10.10.3.77 255.255.255.255 inside
telnet 10.10.8.157 255.255.255.255 inside
telnet 10.10.3.61 255.255.255.255 inside
telnet timeout 500
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.10.3.14
webvpn
tunnel-group .a.a.a.a ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 10.10.5.11
prompt hostname context
Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
: end
i think half of the configuration stil there in the ASA.
Diagram.
Thanks
RoopeshYou have missed the last command in your configuration, Please check it again
route ISP1 0.0.0.0 0.0.0.0 6.6.6.6 track 1
route ISP2 0.0.0.0 0.0.0.0 3.3.3.3
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
You can do NAT in same way, here the logical name of the interface will be different.
Share the result
Please rate any helpful posts. -
Configuring static routes at the network edge
We have some Cisco 1750 routers at the edge of our network which are running RIP. We were advised to use static routes on the router, since there was only one route (across a WAN link) for traffic to go from the hub connected to the router, as RIP would only waste the limited bandwidth to the router. We posted this problem previously and got a response which stated :You could set up a default static route on your edge router, run RIP on your internal routers in order to propagate the default, but block the RIP to the outside.
On your edge router, make a default route to your external link. Keep RIP running as before, but add the line redistribute static in your rip configuration. That will get the default route propagated.
Now to stop the RIP on the external interface: If the link is on a different major IP network to your internal network, you can simply not include it in the network commands under rip. But if it is in the same network, then RIP will be enabled on the interface, so you will have to add passive-interface xxxxx, where xxxxx refers to the interface carrying your external link,
Alternatively, you could define your default route using the ip default-network command. This will get propagated automatically into the RIP even without the redistribute command.
We tried it, the problem is that the router is unreachable, via the serial or Ethernet, although if connected to the router via console port, with the configuration screen , you are able to ping external locations, and are able to telnet into the router, but he PC's on the Ethernet side of the router cant see the network.
Assistance\Advice requested.
attached you wll find , the actual reply , and a copy of some info from our work file.Ernie
I have looked at the config that you posted and I see several issues. The serial interface on Salvage is 172.20.2.2. Your message indicates that it is connected via serial to a 3640 which your message seems to indicate is 172.20.1.4. But that makes the 3640 on a different subnet. Connections over a serial link should be in the same subnet on both ends. (The exception to that is when you are using the ip unnumbered feature - which you are not). I suspect that part of your problem is that the routers do not see themselves on a connected subnet. When you run RIP over the link it can compensate for that to some degree. But when you stop RIP the problem has impact.
Also I see that you have a static default route as Kevin suggested. And in RIP you have redistribute static. But there is no default metric defined. To redistribute into RIP you need a default metric. Another aspect of the problem with the default route is that the next hop for the default route is 172.20.1.4, but without RIP running I believe that Salvage has no idea how to get to that address. You can confirm this by doing show ip route 172.20.1.4 on Salvage. I suspect that you will get an error about route not in table.
Beyond these issues I believe that there is a larger problem of misunderstanding. When I look at your original post in this thread it talks about not running RIP over the serial link. And when I read Kevin's response the first paragraph is describing not running RIP over the serial interface when it says do static default on your edge router and run RIP on your internal router. If you are not running RIP over the serial interface then I see no reason to run RIP on Salvage at all. There is one piece of this that Kevin did not address. If you do not run RIP over the serial link then how does the 3640 know about the Ethernet subnet at Salvage. I believe that the answer is that the 3640 needs to configure a static route to 172.20.27.0 with the 1750 serial interface as the next hop. And if there are other routers that the 3640 communicates with via RIP then the 3640 needs to redistribute static into RIP (remembering to have a default metric).
If you address these issues I believe that you will have connectivity from the central network to the remote subnet on Salvage.
HTH
Rick -
How can I configure static routes in a CUCM?
Hi.
I have seen that there is no-way to set static routes in a Call Manager but I have read that you can add static routes in the Linux that runs CUCM.
If I do that, will I l lose the Cisco support for that server?
I don't know why a Level 3 server (like a CUCM, Presence , Unity,...) doesn't permit routing configuration.
Regards.
RafaThanks for your answer, Jaime.
That implies that we have to insert an intermediate router.
I think that routing features should be implemented in Unified Comunications servers.
Regards -
Hi All
Is it possible in IOS to have for a particular subnet:
a) Two static routes?
b) Make one static route a higher priority than the other?
c) If one static router "goes down", failover to the lower priority static route?
We have a l2tp/vpdn connection to a supplier which can be accessed via two vlans/routes. I would like to make one route the preferred one but the "route" to failover if the preferred route goes down.
Again, many thanks in advance for all responses!
Thanks
JohnHi John,
Hope the below explaination will help you...
R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2
R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
If you notice the Administrative Distance for the secondary route pointing to ISP2 is increased to 10 so that it becomes the backup link.
The above configuration with just two floating static routes partially accomplishes our requirement as it will work only in the scenario where the routers interfaces connected to the WAN link are in up/down or down/down status. But in a lot of situations we see that even though the links remain up but we are not able to reach the gateway, this usually happens when the issue is at the ISP side.
In such scenarios, IP SLAs becomes an engineer's best friend. With around six additional IOS commands we can have a more reliable automatic failover environment.
Using IP SLA the Cisco IOS gets the ability to use Internet Control Message Protocol (ICMP) pings to identify when a WAN link goes down at the remote end and hence allows the initiation of a backup connection from an alternative port. The Reliable Static Routing Backup using Object Tracking feature can ensure reliable backup in the case of several catastrophic events, such as Internet circuit failure or peer device failure.
IP SLA is configured to ping a target, such as a publicly routable IP address or a target inside the corporate network or your next-hop IP on the ISP's router. The pings are routed from the primary interface only. Following a sample configuration of IP SLA to generate icmp ping targeted at the ISP1s next-hop IP.
R1(config)# ip sla 1
R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
R1(config)# timeout 1000
R1(config)# threshold 2
R1(config)# frequency 3
R1(config)# ip sla schedule 1 life forever start-time now
The above configuration defines and starts an IP SLA probe.
The ICMP Echo probe sends an ICMP Echo packet to next-hop IP 2.2.2.2 every 3 seconds, as defined by the “frequency” parameter.
Timeout sets the amount of time (in milliseconds) for which the Cisco IOS IP SLAs operation waits for a response from its request packet.
Threshold sets the rising threshold that generates a reaction event and stores history information for the Cisco IOS IP SLAs operation.
After defining the IP SLA operation our next step is to define an object that tracks the SLA probe. This can be accomplished by using the IOS Track Object as shown below:
R1(config)# track 1 ip sla 1 reachability
The above command will track the state of the IP SLA operation. If there are no ping responses from the next-hop IP the track will go down and it will come up when the ip sla operation starts receiving ping response.
To verify the track status use the use the “show track” command as shown below:
R1# show track
Track 1
IP SLA 1 reachability
Reachability is Down
1 change, last change 00:03:19
Latest operation return code: Unknown
The above output shows that the track status is down. Every IP SLAs operation maintains an operation return-code value. This return code is interpreted by the tracking process. The return code may return OK, OverThreshold, and several other return codes.
Different operations may have different return-code values, so only values common to all operation types are used. The below table shows the track states as per the IP SLA return code.
Tracking
Return Code
Track State
Reachability
OK or over threshold
(all other return codes)
Up
Down
The Last step in the IP SLA Reliable Static Route configuration is to add the “track” statement to the default routes pointing to the ISP routers as shown below:
R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 1
R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up. Hence if the track status is down the secondary route will be used to forward all the traffic.
Please rate the helpfull posts.
Regards,
Naidu. -
Help with RV042 Static Routing
I just purchased an RV042 Dual WAN Router. Both WAN's are connected from different ISP's. I have a PBX phone server connected to this router and want all traffic to and from this phone server going out strictly on one WAN and all the computers and the rest of the traffic on the other WAN. If I understand correctly, this needs to be set up in static routes? If that's the case, how would I do that? If not, the question still stands. Please help.
Hello Vitaly,
What you are looking for is Protocol Binding. By setting this up you will be able to control what traffic goes out which WAN port. Protocol Binding can be done for certain traffic types or for certain IP addressess.
Maybe you are looking for
-
SAP upgrade - questions for report painter and query
Hi Experts, I have two quwstions of SAP upgrade. My requirement is: SAP upgrade from 4.6B to ECC 6.0 with non-unicode. 1.Does SAP upgrade influence the report painter? If influence, could you tell me what should I do for this case. 2. We have so many
-
Does the search support Chinese language?
Does the search support Chinese language? I find that it does not supprt chinese search in the WebHelp created by RoboHelp. The English word is ok? Can it be solved?
-
We need userexit or badi's for VA41, VA42
I need to validate two points in the data in the Screen --> Extras --> Technical Objects into the transaction VA41 or VA42. First: In each item from the sales order the material number XVBAP-MATNR into the Program SAPMV45A Screen # 4001 must be the
-
HP Deskjet 990cxi device error
My PC is home-built with an Intel Core 2 Duo 3 GHz processor, 4 GB RAM (3.25 usable) and running Win 7 32-bit. All drivers are up to date and ink cartridges full. I installed Windows 7 on my desktop PC around 5 years ago and setup my 990Cxi with litt
-
Wireless Controller 4404 - 4 Uplinks
Hello! I have a wireless controller 4404, running 4.2.176.0 code. I have LAG enabled but currently have only 2 ports used, I am planning on connnecting the other two ports soon. Will this cause an outage? I am thinking no, but I want to see if anyone