1760 with WIC-4ESW and 3550

Question:

I have had 2 3550's Cisco Switches Price connected to my home router, they've been working fantastically together with a trunk on gi0/2, a printer, computer and some NAS drives on various fa ports on both switches. I've been using one VLAN for everything and have had no issues.

Now I'm trying to add a 1760 with a WIC-4ESW card to the network in place of my home router. I've set up fa0/0 as my WAN port, directly connected to my cable modem and I am able to ping out to the internet. I've set up fa1/1 as a trunk, carrying the VLAN I had set up on my switches. I am able to ping all devices on the switches from the router.

Now the issue I'm having is that I cannot access the internet from anything on the other side of the router. I'm a little baffled at this time as I figure if I can access the internet from the router, and I can access the router from the switches and my PC, I should be able to access the internet from my PC. My end goal is to be able to set this up, and attach my home router to one of the switches to use for Wi-Fi, and have my web server, printers and NAS drives in separate VLANs... of course I need to sort this issue out first. Here are my current configs:

1760 Router:

Current configuration : 1818 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname rtr1

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

!

aaa session-id common

!

resource policy

!

clock timezone est -5

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip cef

!

!

!

ip dhcp update dns both

no ip domain lookup

ip domain name shaffner.us

ip name-server 8.8.8.8

!

!

!

interface FastEthernet0/0

ip address dhcp

ip access-group 110 in

ip access-group 101 out

ip nat outside

ip nat enable

speed 100

full-duplex

vlan-range dot1q 1 1005

  bridge-group 24

  exit-vlan-config

!

no cdp enable

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet1/1

switchport trunk native vlan 24

switchport mode trunk

!

interface FastEthernet1/2

switchport access vlan 24

switchport mode trunk

!

interface FastEthernet1/3

switchport mode trunk

shutdown

!

interface FastEthernet1/4

shutdown

!       

interface Vlan1

no ip address

!

interface Vlan24

ip address 10.0.1.30 255.255.255.0

ip nat inside

ip nat enable

ip route-cache policy

!

interface Vlan55

no ip address

!

ip default-gateway 10.0.1.1

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

no ip http server

!

access-list 101 permit ip any any

access-list 110 deny   tcp any host 173.194.5.0 eq www

access-list 110 deny   tcp 173.194.55.0 0.0.0.255 eq www any

access-list 110 deny   tcp 206.111.0.0 0.0.255.255 eq www any

access-list 110 permit tcp any any eq www

access-list 110 permit icmp any any

access-list 110 permit ip any any

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password

transport input telnet

!

end

3550 Switch 1:

Current configuration : 2598 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname swt1

!

!

ip subnet-zero

ip name-server 10.0.1.1

!

!

spanning-tree extend system-id

!

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport trunk allowed vlan 1-1005

switchport mode trunk

no ip address

!

interface FastEthernet0/2

switchport access vlan 24

no ip address

!

interface FastEthernet0/3

switchport access vlan 24

no ip address

!

interface FastEthernet0/4

switchport access vlan 24

no ip address

!

interface FastEthernet0/5

switchport access vlan 24

no ip address

!

interface FastEthernet0/6

switchport access vlan 24

no ip address

!

interface FastEthernet0/7

switchport access vlan 24

no ip address

!

interface FastEthernet0/8

switchport access vlan 24

no ip address

!

interface FastEthernet0/9

switchport access vlan 24

no ip address

!

interface FastEthernet0/10

switchport access vlan 24

no ip address

!

interface FastEthernet0/11

switchport access vlan 24

no ip address

!

interface FastEthernet0/12

switchport access vlan 24

no ip address

!

interface FastEthernet0/13

switchport access vlan 24

no ip address

interface FastEthernet0/14

switchport access vlan 24

no ip address

!

interface FastEthernet0/15

switchport access vlan 24

no ip address

!

interface FastEthernet0/16

switchport access vlan 24

no ip address

!

interface FastEthernet0/17

switchport access vlan 24

no ip address

!

interface FastEthernet0/18

switchport access vlan 24

no ip address

!

interface FastEthernet0/19

switchport access vlan 24

no ip address

!

interface FastEthernet0/20

switchport access vlan 24

no ip address

!

interface FastEthernet0/21

switchport access vlan 24

no ip address

!

interface FastEthernet0/22

switchport access vlan 24

no ip address

!

interface FastEthernet0/23

switchport access vlan 24

no ip address

!

interface FastEthernet0/24

switchport access vlan 24

no ip address

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport trunk allowed vlan 1-1005

switchport mode trunk

no ip address

!

interface Vlan1

no ip address

!

interface Vlan24

ip address 10.0.1.20 255.255.255.0

!

ip default-gateway 10.0.1.30

ip classless

ip http server

!

!

!

!

line con 0

password

login

line vty 0 4

password

login

line vty 5 15

password

login

!

end

3550 Switch 2:

Current configuration : 3390 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname swt2

!

!

no aaa new-model

ip subnet-zero

ip routing

ip name-server 10.0.1.1

!

!

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 24

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport mode trunk

!

interface FastEthernet0/2

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport access vlan 24

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/6

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/7

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/8

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/9

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport access vlan 24

switchport mode dynamic desirable

!       

interface FastEthernet0/11

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/14

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/22

switchport access vlan 24

switchport mode access

switchport nonegotiate

duplex full

!

interface FastEthernet0/23

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/24

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

description swt1

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport trunk allowed vlan 1-1005

switchport mode trunk

!

interface Vlan1

no ip address

!

interface Vlan5

no ip address

!

interface Vlan24

ip address 10.0.1.10 255.255.255.0

!

interface Vlan55

no ip address

!

ip default-gateway 10.0.1.1

ip classless

ip http server

ip http secure-server

!

!

control-plane

!

line con 0

line vty 0 4

password

login

line vty 5 15

password

login

!

end

Answer:

Looks like a NAT issue. You have defined the interfaces, but not the NAT (PAT). The piece of config you need on the 1760 is:

ip nat inside source interface fa0/0 overload

...this should translate all outbound traffic onto a port of the fa0/0 interface using the IP address it was asigned via DHCP.

Once configred Cisco Switches  run :

Throttling traffic through an ASA 5510

Question:

Although this is not a WS-C3560X-48T-S Price common issue, we have experienced occasions where our internet utilization has been maxed out (slowing everyone else down).

Utilizing some features in the ASA, such as Top Useage Stats, along with PRTG monitoring,  have always tracked the culprit down to being a single user -- be it someone downloading movies to a portable device, or downloading ISO's.   (And for some strange reason it seems to always be a wireless user.)  We are using an ASA 5510 for our firewall, and I was wondering if its possible to prevent a single client from consuming a disproportionally large percentage of our internet bandwidth?

If the ASA 5510 doesn't have the ability to do this on it's own, are there any recommendations for add-on solutions?

Answer:

Here's a previous discussion on this, WS-C3560X-48T-S  that may help you:

https://supportforums.cisco.com/message/3175045#3175045

how to manipulate OSPF routes using 2 links

Question:

I have a Cisco Switches Price  question

I have a site whereby I have 2 wan links, back to a datacentre

I want certain traffic to go over 1 link and certain traffic over the other link.

How can I make 1 route to be prefererred to the other just for certain routes ?

Answer:

answer to your question is yes - I'll try to explain how, below.. You do not need static routes either, just an ospf environment with the correct tracking and PBR. I've quickly done an example here - I want any traffic going to 1.1.1.1 to go down fa0/1 on SITE_A where the next hop is 10.0.0.1 (DC) and anything for 2.2.2.2 next hop will be 20.0.0.1 which is fa0/0 path to router DC :

 Here is the config for SITE A where the policy is set and also the tracking, our goal is to set tracking for paths that the router could take i.e. both interfaces on DC - if any of these are down or unreachable from the correct source interface on SITE_A then we will assume the ospf routing table to get us there. It gets interesting with policy based routing in the mix, and we'll see how that comes in to play with the tracking feature.:

SITE_A

ip sla monitor 1

type echo protocol ipIcmpEcho 10.0.0.1 source-interface FastEthernet0/1

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2

type echo protocol ipIcmpEcho 20.0.0.1 source-interface FastEthernet0/0

ip sla monitor schedule 2 life forever start-time now

!

track 1 rtr 1 reachability

!

track 2 rtr 2 reachability

!

!

interface FastEthernet0/0

ip address 20.0.0.2 255.255.255.252

ip ospf network point-to-point

ip ospf 1 area 0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.0.0.2 255.255.255.252

ip ospf network point-to-point

ip ospf 1 area 0

duplex auto

speed auto

!

interface FastEthernet1/0

no switchport

ip address 172.16.1.1 255.255.255.0

ip policy route-map TEST

duplex full

speed 100

!

router ospf 1

log-adjacency-changes

redistribute connected subnets

!

ip access-list extended TEST

permit ip any host 1.1.1.1

ip access-list extended TEST2

permit ip any host 2.2.2.2

!

!

route-map TEST permit 10

match ip address TEST

set ip next-hop verify-availability 10.0.0.1 1 track 1

!

route-map TEST permit 20

match ip address TEST2

set ip next-hop verify-availability 20.0.0.1 2 track 2

config on DC:

interface Loopback1

ip address 1.1.1.1 255.255.255.0

!

interface Loopback2

ip address 2.2.2.2 255.255.255.0

!

interface FastEthernet0/0

ip address 20.0.0.1 255.255.255.252

ip ospf network point-to-point

ip ospf 1 area 0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.0.0.1 255.255.255.252

ip ospf network point-to-point

ip ospf 1 area 0

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

redistribute connected subnets

So now we will do some traceroutes from LAN to see which way our traffic is going:

LAN#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.1.1 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 1 subnets

C       172.16.1.0 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 172.16.1.1

LAN#traceroute 1.1.1.1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

  1 172.16.1.1 24 msec 36 msec 16 msec

  2 10.0.0.1 28 msec *  60 msec

LAN#traceroute 2.2.2.2

Type escape sequence to abort.

Tracing the route to 2.2.2.2

  1 172.16.1.1 28 msec 24 msec 20 msec

  2 20.0.0.1 44 msec *  44 msec

We are able to see our policy routing - working with the trace-routes matching the ACL as seen here:

So now we know that our policy based routing is working since they are taking the correct paths, lets go and shut the interface fa0/0 on SITE_A to see if the route goes the other way, we should see a change. Note below that the TRACKING STATE has gone from up to down (we could have done this from DC as well but would have had same effect). Hence the policy based routing for packets matching to 2.2.2.2 will be de-activated and treated as normal, because the monitor state changed to down. So it will take the 10.0.0.1 route as we should see after.

Now we go to the LAN and do the trace routes again....

They are both going via 10.0.0.1 through fa0/1 which is working perfectly. Same will work if we was to shut the other Cisco Switches   side down too.

Cisco 877 Blocking Google Play Store & Other Android Apps

Question:

Currently i cannot use many WS-C3750V2-48PS-S Price android apps online, including the Play Store & Spotify.

My desktop, laptop & other network equiptment work fine.

This problem only seems to affect mobile devices.

http://i42.tinypic.com/dvk3fd.jpg

They work via the mobile networks and other wi-fi networks. Its not the wireless as i put in a cheap TP-Link modem and it works straight away.

So it boils down to my Cisco 877

I have upgraded my IOS Software and ADSL Firmware to the latest possible for my model in hope that it would help, but it hasnt.

Its a 128MB/24MB

c870-advsecurityk9-mz.150-1.XA5.bin

adsl_alc_20190_6.0.010.bin

Heres my Running-Config: http://pastebin.com/4atDVJrV

Any help would be greatly appreciated. Surley theres somthing in my config thats stopping it from working.

Answer:

I have studied you captures. I think is a MTU problem. If you study wifi

capture (using ip.addr == 74.125.237.110 as wireshare filter), all application data packets (packet number 334 for expample) are lost (there is no ACK). The only "thing" about this packets is that are long (near to 1500 bytes). Besides in mobile the MSS negotiated is 1394 and in wifi 1430. I do not know in which link the frame is dropped.

To be sure about that the problem please use the commad if the outgoing interface in the internet router:

ip tcp adjust-mss 1400

This command lets router forcing a MSS of 1400 bytes in every TCP negotiation. This command should not cause any problem in the rest of traffic. Please use different values 1400, 1410, WS-C3750V2-24PS-S and son on until you find the maximum value that

NAT Configuration Confirm

Question:

I have a 2811 router that WS-C3750X-48PF-S Price I need to confirm NAT configurations as expected. I have 2 deviced on the internal LAN that need to access remote resources without PAT. All the other devices are for a guest network with PAT. My interface Fa0/0 is connected to local network (1.1.1.1/23). Fa0/1 is connected to ISP (10.10.10.178/30). Addressable range from ISP of 10.10.10.192/28 (10.10.10.193-10.10.10.206). Internal machine 1.1.1.2 & 1.1.1.3 must connect to a remote server through internet on spacific port numbers. Attached is the configuration I have.

Answer:

It would be easier if you just configure static NAT.

ip nat inside source static 1.1.1.2 10.10.10.193

ip nat inside source static 1.1.1.3 10.10.10.194

no ip nat pool static1 10.10.10.193 10.10.10.194 prefix-length 28

no ip nat inside source list 2 pool static1

no ip nat inside source list 3 pool static1

Local devices 1.1.1.2 and 1.1.1.3 wil be visible from internet as 10.10.10.193, 10.10.10.194 WS-C3750X-48PF-L respectively.

Cisco Interrupt Level Switching

Question:

I needed some information on Catalyst 3560V2 Price Interrupt level switching. We have recently had a case in our organization where the WAN bandwidth on a Cisco 2801 router was upgraded and which probably overwhelmed the bandwidth that the router could suport (46 Mbps). Post the upgraded the CPU process of the router would go high upto 90% during production hours. There was no process on the router which showed up using the high resources and it was apprently the interrupt switching that was driving the utilization high. We had CEF enabled on all interfaces on the router as well.

1) I want to know what exactly interrupt level switching is ?

2) Why is the packet interrupt swicthed when there is CEF enabled?

3) Cisco documents say that "Interrupt-level switching means that when a packet arrives, an interrupt is triggered which causes the CPU to postpone other     tasks in order to handle that packet.At times when there is heavy traffic load will this not hamper other processes ?

Answer:

please review these docs for more info.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a7306.Catalyst 3560V2 shtml

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af0.shtml

Multilink and STM1

Question:

've only read about multilink is that Cisco 3560X Price it is use for Bundling the Multiple E1 channels into one.
How can i split STM1 channels through Multilink, mean to say, STM1 63 channels divided into
63 pats so that i can distribute each remote location with 2 mbps (per channel =2 mbps) .
I think that we can not split STM channels through Multilink, Plz correct me if i m wrong ?

1. What is use of Multilink : Merge or Split or Both ?

2. is STM1 is collection of 63 E1 channels ?

3. Difference between "show interface serial"   and  "show controller e1"  commands
    Which command will show  physical serial port status and channelized serial port status.


Answer:

\1)  the STM-1 can be split in many E1 -like 2 Mbps streams that is the building block of the multiplexing/demultiplexing

PPP multilink can be used to make a bundle of two of the derived E1 streams, but again as I noted in my previous post it is not related to the multiplex/demultiplex operations that are part of SDH framework.

look for channelized STM-1 configuration like

http://www.cisco.com/en/US/prod/collateral/modules/ps6267/product_data_sheet0900aecd80350c53.html

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRcstm1.html

In SDH framing in AU-4 mode:

#
Router(config-ctrlr-tug3)# mode {c-11 | c-12 | t3 | e3}

#
In SDH framing AU-3 mode:

#
Router(config-ctrlr-au3)# mode {c-11 | c-12 | t3 | e3 | ct3 | ct3-e1}

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRcstm1.html#wp1153685

Actually there is OC-3 then 3 DS-3 and then 28 DS-1 /E1 in each T3/DS3 container

2)

you will have a controller e1 0/0 and you can have a derived serial object like ser0/0:1 (corresponding to the channel-group number)

controller e1 0/0
channel-group 0 timeslots 1-31

creates

serial0/0:0

so

show int control e1 0/0 provides you OSI layer1 information

sho int ser 0/0:0 provides Cisco 3560X  you OSI layer2

3825 Router Voice Support ?

Question:

We have the below. Does this WS-C3750X-24T-S Price support Voice commands ? Or do we need a change of the router itself ? Or any licensing ? Please suggest

C3825-ADVENTERPRISEK9-M, Version 12.4(24)T8

Answer:

First of all you require PVDM installed on the Router.

check this with the command - show inventory - which will provide you with all the inventory installed on that router both pre-installed and modules installed after purchase.


Kindly find the link below which will help you in determining whether your Router will support Voice and if yes; and you need to configure CME on that Router, which version will be supported by 3825.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/requirements/guide/33matrix.htm

If you just need to configure MGCP / PRI, etc. on the Router, you will need to go through this Compatiblity Matrix for CUCM.

http://www.cisco.com/en/US/docs/voice_ip_comm/uc_system/unified/communications/system/versions/CCMtrix.html


For either of the Options better Upgrade your IOS to 15.1(4)M.

For CME the version supported is 8.6 & IOS Compatible for CME on 3825 is 15.1(4)M


For IOS image software that you need to put on 3825 to support Voice - you can browse the Feature Navigator / Software Image Comparison Tool - It can be Advanced IP Services / Advanced Enterprise Services both support Voice Commands

http://tools.cisco.com/ITDIT/CFN/  WS-C3750X-24T-L

Subinterfaces on EHWIC-4ESG ports

Question:

I am trying to configure Cisco 3560 Price subinterfaces on EHWIC-4ESG ports but although it is showing that I can put in when I type in the ? it is saying invalid input entry when I put in the command. is there any way, I can create subinterfaces on these ports or is the only option to create VLANs with the IPaddresses and create the port as a trunk port? Any advice response will be much appreciated.

Answer:

Configuring several vlans, assigning switch ports to a vlan, and configuring interface vlan for each vlan would be the usual answer for accomplishing this. And sounds like that Cisco Catalyst 3560 is what you have done.

QoS vlan traffic not getting policed

I was trying to rate limit WS-C3560V2-48PS-S  a vlan and found this works a ltitle different than a normal port.  The vlan connections are still able to get full bandwidth bypassing this policer.  I'm not sure why.

class-map match-all BYOD-Accesslist

  match access-group 100

class-map match-all BYOD-Interface

  match input-interface  GigabitEthernet1/0/6

!

policy-map BYOD-InterfaceMap

class BYOD-Interface

  police 3145500 8000 exceed-action drop

policy-map BYOD-Vlan

class BYOD-Accesslist

   set dscp default

   service-policy BYOD-InterfaceMap

interface Vlan2

description BYOD Network

ip address 10.8.0.1 255.255.0.0

ip access-group 100 in

ip access-group 101 out

service-policy input BYOD-Vlan

access-list 100 permit ip any host 10.3.3.254

access-list 100 permit ip any host 10.3.3.253

access-list 100 permit ip any host 10.8.0.1

access-list 100 deny   ip any 10.0.0.0 0.255.255.255

access-list 100 permit ip any any

access-list 101 permit ip host 10.3.3.254 any

access-list 101 permit ip host 10.3.3.253 any

access-list 101 permit ip host 10.8.0.1 any

access-list 101 deny   ip 10.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

interface GigabitEthernet1/0/6

description Ruckus ZD3000

switchport trunk encapsulation dot1q

switchport mode trunk

Everything Vlan related works and the access list also work correctly.  However when I use a bandwidth testing site, it shows that this is not getting policed.

The supplier 3Anetwork.com can help but their technical support charge is a bit high, so I would prefer to WS-C3560X-48PF-L do by myself.

Thanks for your help.