• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 564
  • Last Modified:

Configure Cisco 2600 to use as backup for Cisco 2821

We have a Cisco 2821 that is dropping its connections randomly for around 60seconds (another post on experts).  We want to configure a Cisco 2600 router to use as a backup while trying to diagnose the 2821 problem (or see if the 2600 has the same issue).  I configured the 2600 with what I thought was the correct settings, but it does not route traffic between the Ethernet ports.  Below are the configuration settings from each router.  The 2821 has QOS and some other settings applied that we do not need in the 2600.  Just a basic setup that would allow us to use our WAN ip’s is all we are after.  Hopefully it is something simple

Cisco 2600 config (non-working):
version 12.3            
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
no service password-encryption                              
!
hostname 2600            
!
boot-start-marker                
boot-end-marker              
!
enable secret 5 $1$yneF$G9.a6ZCpsRL80EP4QCAXx.                                              
enable password ---------                        
!
no aaa new-model                
ip subnet-zero              
no ip routing            
ip flow-cache timeout active 1                              
no ip cef        
!
!
!
!
!
!
!
interface Ethernet0/0                    
 ip address 65.47.20.166 255.255.255.252                                        
 ip flow ingress                
 full-duplex            
!
interface Ethernet1/0                    
 ip address 64.55.69.193 255.255.255.224 secondary                                                  
 ip address 67.90.229.225 255.255.255.224                                        
 no ip route-cache                  
 half-duplex            
!
ip default-gateway 65.47.20.165                              
ip http server              
ip flow-export source Ethernet1/0                                
ip flow-export version 5                        
ip flow-export destination 67.90.229.227 2055                                            
ip classless            
ip route 0.0.0.0 0.0.0.0 65.47.20.165                                    
!
!
!
line con 0          
line aux 0          
line vty 0 4            
 password --------                  
 login      
!
!
end
---------------------------------------------

Cisco 2821 config (working):

Current configuration : 6397 bytes
!
! Last configuration change at 14:58:11 PCTime Thu Apr 21 2011 by root
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $----------
enable password --------
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
!
!
ip domain name yourdomain.com
ip name-server 65.106.1.196
ip name-server 65.106.7.196
!
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-728726024
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-728726024
 revocation-check none
 rsakeypair TP-self-signed-728726024
!
!
crypto pki certificate chain TP-self-signed-728726024
 certificate self-signed 02
  3082024B 308201B4 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37323837 32363032 34301E17 0D303831 31313231 36303034
  385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3732 38373236
  30323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C39E6FB2 0A6D3799 C819D8B0 80498444 D39D8C47 C4F8F92C 402F2463 3FF328D3
  2AD8504E 1DA90353 82913F5F 7FB498AB 7201804B 8A153AD1 9B27692B 86EAE98C
  45B0D8D6 36F33A1E 961F82D5 201DA670 49A4F868 3FBFE71C A3672497 AAF0FD84
  FFCA37C8 71F2509B 23C5186A B389AA42 AE86F8A1 7B50ABBC 5BE78957 46C1FFA3
  02030100 01A37530 73300F06 03551D13 0101FF04 05300301 01FF3020 0603551D
  11041930 17821552 6F757465 722E796F 7572646F 6D61696E 2E636F6D 301F0603
  551D2304 18301680 14F7E776 B76C36C3 900BA32C FC804CEF 2DEC399F 3E301D06
  03551D0E 04160414 F7E776B7 6C36C390 0BA32CFC 804CEF2D EC399F3E 300D0609
  2A864886 F70D0101 04050003 81810067 0A53614D B9A56AFB 67646E3E A8D2CE46
  275DA699 6F938485 55F8DBF1 9FD37AED 082E6452 53390DB6 3C58D3ED 9C3C6D04
  C3EED752 12FFA2E3 6E65DE36 61C5E48C B488D929 34A531E3 2A9692D5 85519C4F
  AC925F8A 1269BEEB C2E5F863 A115A189 481E5599 88822E2B 898EF40A 39410AAF
  03269BB8 387E89F4 4DA7212F 48D496
  quit
username root privilege 15 password 0 --------
!
!
class-map match-all HRDP
 match access-group 104
class-map match-all TAIS
 match access-group 103
class-map match-all Win4Net
 match access-group 102
!
!
policy-map SharedBW
 class Win4Net
   police 3000000
 class TAIS
   police 10000000
 class HRDP
   police 262000 conform-action transmit  exceed-action drop
policy-map RateLimit
 class class-default
   police 20000000
  service-policy SharedBW
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-LAN$
 ip address 65.47.20.166 255.255.255.252
 ip access-group 101 out
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 duplex full
 speed 100
 no mop enabled
 service-policy input RateLimit
 service-policy output RateLimit
!
interface GigabitEthernet0/1
 description $ETH-WAN$
 ip address 64.55.69.193 255.255.255.224 secondary
 ip address 67.90.229.225 255.255.255.224
 ip access-group 101 out
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 rate-limit input access-group 103 10480000 10485760 10485760 conform-action transmit exceed-action drop
 rate-limit input access-group 102 3144000 3145728 3145728 conform-action transmit exceed-action drop
 rate-limit output access-group 103 10480000 10485760 10485760 conform-action transmit exceed-action drop
 rate-limit output access-group 102 3144000 3145728 3145728 conform-action transmit exceed-action drop
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip route 0.0.0.0 0.0.0.0 65.47.20.165
!
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 67.90.229.227 2055
ip flow-top-talkers
 top 100
 sort-by bytes
 cache-timeout 2000
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
logging 67.90.229.227
access-list 101 permit ip 67.90.229.224 0.0.0.31 any
access-list 101 permit ip any any
access-list 102 permit ip host 67.90.229.230 any
access-list 102 permit icmp host 67.90.229.230 any
access-list 102 permit ip any host 67.90.229.230
access-list 102 permit icmp any host 67.90.229.230
access-list 103 permit ip host 67.90.229.238 any
access-list 103 permit ip host 67.90.229.239 any
access-list 103 permit ip host 67.90.229.240 any
access-list 103 permit ip host 67.90.229.241 any
access-list 103 permit ip host 67.90.229.242 any
access-list 103 permit ip host 67.90.229.243 any
access-list 103 permit ip host 67.90.229.244 any
access-list 103 permit ip host 67.90.229.245 any
access-list 103 permit ip host 67.90.229.246 any
access-list 103 permit ip host 67.90.229.247 any
access-list 103 permit ip host 67.90.229.236 any
access-list 103 permit ip host 64.55.69.197 any
access-list 104 permit ip host 67.90.229.235 any
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm 
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password --------
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 password --------
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

------
Please let me know what I’m missing.  I was under the assumption I did not need to use access lists.

Thanks,
John
0
jokert
Asked:
jokert
  • 2
1 Solution
 
lrmooreCommented:
It "should" work. What is upstream from you @ 65.47.20.165 ?
Maybe just need to clear arp cache on that device, or reboot it.
Look at "show interface brief" and see if either interface is administratively down?
0
 
fritz5150Commented:
Bingo! Your 2600 is hard set for half duplex in the configuration. Use the following command to set it to auto like the cisco 2800 series that was working.

config t
int eth1/0
duplex auto
speed auto

This will effectively have the connection negotiate both speed and duplex for the connection on eth 1/0

0
 
lrmooreCommented:
There is no indication from the asker that the duplex settings was the issue, or if turned out to be something else.
Actually, we all missed it the first time around. The 2600 has "no ip routing" so it cannot route between the interfaces as the original post stated was the problem.

Enable routing using the "ip routing" command.
0
 
jokertAuthor Commented:
Sorry it took so long to get back to this project.  I had to travel for business and did not have a chance to work on it.  Thanks again for the help
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now