Routers

47K

Solutions

30K

Contributors

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a client with a LAN, using a Cisco router, and then, in another area of the building I have a D-Link router set up as a wireless access point only (no wired connection to D-Link WAN port, DHCP off).

They want to add a guest network that is isolated from the private LAN.  If I enable the guest network on the D-Link it doesn't work, presumably because the Guest network is trying to go out through the WAN port directly, which isn't used because I've got it configured as an AP only.

If I add another router to handle Guest, in order to get the isolation I need from the company's private LAN, I've had to use 2 additional routers to get the isolation.  Is this the way to go, or is there something better that I can do?

Thanks.
Dave
0
Learn Ruby Fundamentals
LVL 12
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
0
Dear Experts,

I have a set of fortigate firewall policies which I need to duplicate on a cisco router.

I have done most of the point A to point B.

The issue I have now is the NAT and there is an IP Pool, is there a guide on how I can translate the rules from firewall to cisco router?

Any help is appreciated.
0
I work for a company called CompanyA and we had a Ubiquiti EdgeRouter and I'm replacing it with a Draytek 2960, the internet is provided via a Leased Line with 20 static public IP Addresses.  There is a company in the same building as us called CompanyB and they share our leased line, previously the leased line went direct into the EdgeRouter and companyB's router plugged into one of the LAN ports on the EdgeRouter and this worked fine, I cant seem to replicate the setup on the Draytek to get internet traffic to CompanyB's router.  CompanyB have a Fortinet router which Im not familiar with.  I have a cable running from LAN2 on the Draytek into WAN1 on the Fortinet router, the Fortinet router on the WAN1 interface has a static address set of 50.50.50.50/255.255.255.248 which hasnt been changed since it worked with the EdgeRouter  The guy who originally setup the connection gave me the following notes
Gateway IP for CompanyB: 50.50.50.49
Usable IP Range: 50.50.50.50-50.50.50.54

All of the 20 IP Addresses including the above IP's have been added to the router WAN setup as aliases.

As you can tell im using fake IP addresses but you get the idea.

Please Help!!
0
Hey guys. Hope you might be able to help me out with this sort of...unique situation.

We have two facilities. I'm trying to set up some VLANs, but there's a catch: we have a fiber connection between the two buildings that is causing some problems. Let me give you an outline of our layout.

Internet comes in from ISP to a Cisco RVS4000 router/switch, plugged into WAN. Port one has a cable connecting to the main switch (Cisco) of Facility 1 (F1), which has a DHCP server running Windows Server 2008 (unfortunately. I have a new server to setup when I'm done with this project to fix that). Port three has a cat cable connected to a fiber converter going to single mode fiber running to Facility 2 (F2) about 10 miles away. (That connection is working flawlessly. I can plug into the main switch and be on the same IP range and domain as though it's just a long cat cable, because essentially it is.) At that facility, it's plugged into port 8 of a Netgear (I know) GS510TLP and running to a TP-Link (I know) T1600G-52PS. Port 2 on the Netgear is going to a TP-Link T2600G-28MPS for VoIP and port 3 is going to a T2600-28MPS for cameras.

I created some DHCP scopes and VLANs (VLAN 2 and 3) between all this mess and got it sort of working. By sort of, I mean I can plug into the switch at F1, and VLAN3 will give me a DHCP address from the server. VLAN2 will not. In order to do so, I had to use two other NICs in the DHCP server on the ranges (4.x and 5.x) I'm needing for those …
0
Wich telephone company in France,Spain,Portugal,Italy and Greece offer 3G or 4G internet with unlimited data or almost ?
I am going to sail from France to Greece near land all the time and need good internet.
0
We would like to monitor when a server, switch, router, and firewall goes down. We have a remote site that's "unattended", however, we would like to keep an eye when a device mentioned before goes down?

Do you have a suggestion that we can consider? Thanks so much.

Regards,
0
I have network diagram where we have replace the cisco switches with Aruba switches. We got the current cisco config so we can configure the new Aruba switches accordingly. Can someone help me to share a project plan template or something similar for the implementations. All the cabling will be in place on site and all the devices, spf modules will be there.
0
Hi Experts

I am looking for a router capable of delivering a DHCP range of  /19 or above, with DSL and ethernet WAN ports |(VDSL) for large applications.  On-board wifi is not required.  L7 firewall an advantage
Can you advise?  Many thanks in advance
0
CISCO 4321
I have connected to the cisco via putty and configured passwords, interface gigabiteither 0, and also 0/0/0. I can ping it on the management port and on 0/0/0, but I cannot access the gui via https://192.168.1.1.

This Guide does not tell much at all and I have not found much on google either. Can someone please point me in the right direction. This is router is not in production.

Current configuration : 1429 bytes
!
! Last configuration change at 20:54:05 UTC Thu Sep 13 2018
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname cisco4321
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family

!
no aaa new-model
no process cpu autoprofile hog
!
!
!
!
!
!
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO21062QE7
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
!
!
!
vlan internal allocation policy ascending
no cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip 

Open in new window

0
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

What is the most reasonably priced captive portal router/ap or just Access Point?  The owner should be concerned about segmenting network from guest traffic when utilizing the captive portal feature.  I was thinking Sonicwall TZ series for traffic segmentation.  I'm not sure if the integrated wireless does captive portal feature or simply get a Ruckus for the wireless part but then the pricing quickly gets expensive.   Another more hooptie solution is a daisy chaining the primary and purchasing a cheap router/AP solution that again has the Captive Portal feature.  However, I'm not sure how much perform degradation for both the business and the guest segment would be.  Thoughts?
0
i have a Cisco ASA 5520 and 500MB internet/bandwidth line, the problem is the throughput on the FW is low and it throttles the bandwidth. Execs don't want me to upgrade now so i was wondering is there some kind of add on i can use  


ASA 5520
1: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
2: Up to 2048MB RAM
3: Intel Celeron M Processor 450 2.0GHz
4: Cavium Nitrox Lite CN1010
0
This is using 2 VMware ESXi 6.5 hosts. There are 5 VMs per host. We are intend to have 1 vlan for management, 1 for backup segment, and 1 for the production segment. we intend to configure a NIC teaming on 2 physical network (vmnic0 & 1) port per host. Respective port-group for each vlan id were created. 101 for production, 121 for mgmt, and 122 for backup. All 3 port groups joined to the same vswitch0. Load-balancing mode is, Route based on IP hash.

This ESXi Hosts are connected to Cisco Catalyst 2960-48-port switch. The Ethernet channels were configured as follows,

int port-channel 1
  switchport trunk allowed vlan 101,121,122
  switchport mode trunk

int gigabitethernet1/15
  switchport trunk native vlan 101
  switchport trunk encap dot1q
  switchport trunk allowed vlan 101,121,122
  switchport mode trunk
  channel-group 1 mode on

int gigabitethernet1/16
  switchport trunk native vlan 101
  switchport trunk encap dot1q
  switchport trunk allowed vlan 101,121,122
  switchport mode trunk
  channel-group 1 mode on

Do these configurations work?

Thank in advance.
0
How Telnet works in GRE Tunnel

t
in the topology above I have created a GRE tunnel between R1 and R3. The configuration is shown below:
R1#show running-config 
Building configuration...

Current configuration : 2295 bytes
!
! Last configuration change at 09:31:13 CET Wed Sep 5 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
!
class-map match-all MAPMYGRE
 match access-group name MYGRE
class-map match-all MAPTELNET
 match access-group name MYTELNET
!
policy-map MYPOLICE
 class MAPTELNET
  police 128000
 class MAPMYGRE
!
! 
!
!
!
!
!
!         
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
 ip address 172.16.13.1 255.255.255.0
 tunnel source 192.168.12.1
 tunnel destination 192.168.23.3
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 service-policy output MYPOLICE
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown

Open in new window

0
Hello,
I have the topology (upper one in the figure below) where an ESX is directly connected to a Cisco Router. And the link between the two, is TRUNK link handling three VLANs.

I would like to use a Cisco switch c2960 between the router and the ESX server to connect other servers to one of the VLANs.  (lower one in the figure above)
Configuring the ports of the Cisco switch as trunk ports didn't help.
I would like to know what i should do to make everything work correctly.
Thank you.
0
Fortigate 200D in HA cluster

i have a problem (user "accidentaly started wizard" to change gateway)....

and fortinet stoped routing as expected, as it seems nothing has changed.
static routes are the same as before, route lookup hits the right route, traffic seems to hit the right policy.

Monitoring the traffic it says       "Accept: session timeout" for everything

i can ping port to internal network from CLI, i can ping something on Internet (WAN) from CLI

but nothing gets thru from external(WAN) to internal network (PORT1) or viceversa
0
I have a server, with a combined apache website and sql gaming server on same server.  I have the domain being routed to a different nameserver/proxy with ddos protection, and made a seperate subdomain there that goes directly to the game server because it is game traffic and cannot use the services.  Everything works fine, but I want to block the incoming subdomain from accessing anything but the game server port on the destination server.  

Question: On the game server firewall, how can I only allow the incoming subdomain traffic to use a specific port, and block all other ports?  I don't want it to impact the website traffic using the domain name and ports 80/443
0
Precedence in Cisco Qos:

in QoS Precedence, there is a list of precedence settings as shown, below.. I would like to know in which case should I select which precedence in the list..
For instance , in case of Voice, or Video, or specific protocol HTTP or HTTPS or FTP or TELNET or SSH, etc how  would I know which on this list to select ?

Thank you


R2(config-pmap-c)#set precedence ?
  <0-7>           Precedence value
  cos             Set packet precedence from L2 cos.
  critical        Match packets with critical precedence (5)
  flash           Match packets with flash precedence (3)
  flash-override  Match packets with flash override precedence (4)
  immediate       Match packets with immediate precedence (2)
  internet        Match packets with internetwork control precedence (6)
  network         Match Packets with network control precedence (7)
  priority        Match packets with priority precedence (1)
  qos-group       Set packet precedence from QoS Group.
  routine         Match packets with routine precedence (0)
  tunnel          Set tunnel packet precedence

Open in new window

0
I need to know how to reset the password in a Calix E5-121, 100-01230, VDSL2-24 PORT switch.  I don't have access to the previous passcode, so I just need to be able to reset mine.  Thanks in advance.
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

One of our clients uses the Draytek vigor 2960 and the Vigor 2830, and we have been having ongoing intermittent issues with VPN where when connected it cannot find devices on the remote LAN. Restarting the routers appears to fix the issue for a day or so, but then repeats. We have the most up to date firmware and have tried SSL VPN's to see if that makes a difference, but it has not.
0
Dear Experts,

I turned on the router and hold the Ctrl + Break for PuTTy to send the break but it continues to load the IOS, is there any method other than physically removing the flash card to reset it?
0
Need help fixing old BGP setup
I have inherited a piecemeal network that has many things I haven't figured out yet. I'm no network engineer so I lean of the TAC for most complex changes.

 

I have an issue with our BGP changing routes today for some reason and I'm trying to figure out how I can fix it and prevent it from happening again.

 

At some point today our BGP on our edge router (CORE-RTR1) connected to our ISP changed it default route and Gateway of Last Resort from our ISP to another router (OLD-RTR1) on our network that USED TO have a redundant internet connection.

 

This cause a loop where the other two rouers were just sending traffic back and forth to one another. During this - I realized I need to reset/recalculate the routes. In a hurry - I rebooted CORE-RTR1. This fixed this routing issue but I'm pretty sure caused me to lose as information which would have let me see the reason for the route change.

 

My BGP routes are correct now but I want to prevent them from changing again.

 

The BGP section on the two routers is below. Please let me know what additional info would be helpful.

 

CORE-RTR1

core-rtr2#show run | sec bgp
router bgp 33394
bgp router-id 192.168.255.21
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.200.1.11 remote-as 65001
neighbor 10.200.1.11 description BGP Peering across MOE to Northcreek
neighbor 67.131.8.149 remote-as 209
neighbor 192.168.255.103 remote-as 33394
neighbor …
0
Can I configure NAT with Static Route ?

This lab, is for Site to Site VPN, but I have used NAT with it. I used the example from this site:
http://www.mustbegeek.com/configure-site-to-site-ipsec-vpn-tunnel-in-cisco-ios-router/


In the configuration below, I have configured static routes for end to end reachability, and it is working fine. however I am not sure about NAT. when I run : R1#sh ip nat translations
 on R1 or R2, it does not show anything translated after I ping from R3 to R4 or vice-versa.

Any idea ?

Thank you
n


R1#show run
Building configuration...

Current configuration : 2313 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!         
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!         
redundancy
!
!
! 
!
!
!
!
crypto isakmp policy 5
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 192.168.12.2   
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac 
 mode tunnel
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp 
 set peer 192.168.12.2
 set transform-set MY-SET 
 match address VPN-TRAFFIC
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.12.1 

Open in new window

0
Hi
We are expanding our office so will need to install an additional switch in another room c20 feet away from the comms.  At the same time we are looking at replacing our existing switches.  

Currently have a hp 2910al poe+ 48 port serving as GW for hosts.  It routes to the local firewall and thereafter out tot he web via router.  We run two vlans for data and voice.  
We also have two other switches connected via ports on the 2910al.  These are HPv170 and 3com 2952, these run only data, no voice.

Looking for recommendations for specs and types of switches.  We like HP but would use any other.  Ideally have some form of resiliency and HA in the comms room and the same with the other switch in the other room.

Would modules be any good?

We also have STP disabled for our voice to work.

Thanks
0
Configuring NAT

in the LAB configuration below:
I have R1 and R2 in subnet 192.168.12.0/24 ----R3 in subnet 10.10.13.0/16  and R4 in subnet 10.10.24.0/16

I would like to have R3 be able to ping R4

The NAT configuration does not seem to work as it is supposed to.
Any Help ?

Thank you

n




R1#sh run 
Building configuration...

Current configuration : 2199 bytes
!
! Last configuration change at 02:39:42 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
crypto isakmp policy 5
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 192.168.12.2   
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac 
 mode tunnel
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp 
 ! Incomplete
 set transform-set MY-SET 
 match address VPN-TRAFFIC
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 crypto map IPSEC-SITE-TO-SITE-VPN
!
interface Ethernet0/1
 ip address 10.10.13.1 255.255.0.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown

Open in new window

0

Routers

47K

Solutions

30K

Contributors

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.