Go Premium for a chance to win a PS4. Enter to Win

x

Routers

47K

Solutions

30K

Contributors

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello Everyone,

A few weeks ago I upgraded my routers IOS from version 15.0 to 15.2.
Everything is working properly, except for the traffic shaping.
After the upgrade I noticed the command " traffic-shape'" is no longer available in this IOS version.
I used to use this to control the incoming traffic.

Can any body provide me some guidance with this topic?
Is there an equivalent command to " traffic-shape"?

I've tried using policy maps and class maps and then applying these configurations to the required router interface but it seems nothing happens.

Any information will be appreciated.

regards,
0
Vote for the Most Valuable Expert
LVL 7
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Dear experts, we are testing pfSense firewall but could not access it via LAN network on a PC. This is our diagram:
ISP ------------- pfSense ---------------- Core switch 3750 ---------- PC

with this diagram, we could ping and access pfSense via web browser :
ISP -------------- pfSense -------------- PC

So I guess something wrong with the core switch and vlan setup, but we could not find why. In switch 3750, the interface connected to pfSense has access mode, vlan 100 - the same with pfSense LAN interface.

Could you please suggest?
0
Hi Expert

I am a a student and I am doing an assignment. I need your help in Installing and configuring a router connected to the LAN and (simulated) WAN. This device should be configured to provide dynamic addresses to connected computers. configure a VPN between two routers in the Network Lab
Install and configure a router connected to the LAN and  WAN. This device should be configured to provide VoIP and Data integrity for security  between two routers in the Network Lab


Note: All computers need to access the printers. Access to the Internet is required


I need a packet tracer file. I have download the packet tracer but it does not have Printer
0
I have a setup with 2 Checkpoint gateways (appliances) in a cluster and a virtual management. I have tried the below both with R77.30 and after upgrading to R80.10 with the same result.

I want to enable the https inspection blad. I have licenses and everything. My computers trusts an internal PKI root CA certificate and I have issued an issuing certificate to the gateways without any issues.

When I activate the https blade everything around https on the clients start to behave strange. It is very confusing. The moment I turn the blade off again everything works as a charm.

I am fully aware that https inspection takes a lot of fine tuning but I haven´t come to that stage yet. Right now, even when I have created a https decryption policy that bypasses *everything* the clients have issues.

In an earlier stage I created a decryption policy only to decrypt traffic from one test-client but the users started to scream instantly. And now I am at a stage where the configuration looks like no https should ever be touched but enabling the blade still breaks user traffic.

As I said above, this is tried both on R77.30 and R80.10.

One thing I have noticed is that the trusted root cert list seems a bit old. The newest trusted root cert is issued 2010! However, the dialogue below the cert list where an automatic update of certs should take place is empty. There never shows up any new trusted root certificates.

At one place in the gui there is a dialoge with three …
0
I need the help of you network gurus.  I have 3 rooms (see attached picture).  In the first room, I need 2 pcs that are each connecting to a different subnet (they do not need to talk to each other at all).  The switch for the first subnet is in room2, the switch for the second subnet is in room 3.  Here is my problem, I CANNOT RUN A NEW CABLE.  So I have to figure out how to do this with a single jack in each room.  I can put a router or switch or whatever you tell me in any of the locations, its the cabling that I am limited with.

Please be fairly specific with the setup (please dont respond with just put a router in room 2).  I feel that a patch cable in room 3 from switch to wall jack d is pretty obvious.  But then I feel that I need something like a router in room 2 that is plugged into the switch and Wall Jack C to allow traffic to connect both networks.  Then maybe a switch at wall jack a?  But how do I configure the router to accept traffic coming from wall jack b to understand what traffic goes to the 192.168 network and what traffic to send to the 10.10 network?
Drawing21.jpg
0
Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall: 172.16.16.0/24

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall: 192.168.6.0/24


This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R} 255.255.255.192
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set MYSET esp-des esp-md5-hmac
!

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip 192.168.6.0 0.0.0.255 172.16.16.0 0.0.0.255

Open in new window


Here is the configurations on Firewall:

IPSec profile:
Firewall_IPSec.JPG
IP Host:
Firewall_IPHost.JPG
Firewall rule:
Firewall_Rule.JPG
Firewall VPN:
Firewall_VPN.JPGRouterCisco3925Log.txt
FirewallLOG.JPG
0
When I look at Splunk - where I send my Cisco ACS 5.4 syslog output - I see a record of actions I've done on ACS. But I'm not seeing the TACACS records when I log into various network devices. I can see the tacacs records if I go to Monitoring and Reports section of ACS. How can I view in syslog?
0
Dear Experts, we need to setup VPN site-to-site connection between Router Cisco 3925 and Firewall Sophos XG210, does anyone have experience? Can you suggest how to and some reference links?
0
I have a Cisco 2921 router that has a lot of errors on one of the interfaces.  I'm trying to troubleshoot the issue with as little downtime/inconvenience to the users as possible,   The Cisco IOS version is:  Version 15.2(4)M6

Here are the interface statistics:
GigabitEthernet0/1 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is f40f.1b91.7b41 (bia f40f.1b91.7b41)
  Description: LAN
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 4/255, rxload 15/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  1., loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1Gbps, media type is RJ45
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 02:45:35
  Input queue: 0/75/77/6474 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/0 (size/max total/drops)
  5 minute input rate 61854000 bits/sec, 7176 packets/sec
  5 minute output rate 15748000 bits/sec, 5397 packets/sec
     124980042 packets input, 3767527893 bytes, 0 no buffer
     Received 82872 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 10 throttles
     31838 input errors, 0 CRC, 0 frame, 31838 overrun, 0 ignored
     0 watchdog, 2309 multicast, 0 pause input
     105447437 packets output, 594788495 bytes, 0
0
I would like to have clear idea about the difference between the commands below, when used in EIGRP:
Bandwidth <Value>
Example : Bandwidth 256

Ip Bandwidth-percent EIGRP <EIGRP AS>  <Percent Value>

example : ip Bandwidth-percent EIGRP 1 60

when shoud I use one and not the other ?


Thank you
0
What does it mean to be "Always On"?
LVL 5
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Dear Wizards, we have strange problem with our network; our devices are Cisco router 3925, core switch 3750, access switch 2960. There are several subnets, we created a extended Access list to allow all these subnets and NAT all of them via router's WAN interface (overload) and everything works normally (For example: they can access a Web Server)

But one day, users in a subnet said that they could not access Web Server but Internet is OK. When we create a new Access list, permit this subnet and NAT it via a  (overload) Pool of public IP addresses, then they can access that Web Server again.

What is the problem here? and how can we avoid it? Many thanks in advance.
0
Hi, I have used Cisco's RV VPN routers for quite some time, and used the PPtP function on most of them they have always worked, untill now.  By now I mean the last year or so of them, I can enable the server, create the users, but the client errors out when trying to connect.
0
I have  R1 that has learned EIGRP routes from R2  as shown below.



R1(config-std-nacl)#do sh ip route                
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 7 subnets, 7 masks
D        10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:08, FastEthernet0/0
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:08, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:08, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:08, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:08, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:08, FastEthernet0/0
C        10.10.10.10/32 is directly connected, Loopback10

I have this configuration below:
router eigrp 1
 distribute-list route-map FILTER_IN in 
ip access-list standard NET_1
 deny   10.0.0.0 0.0.255.255
route-map FILTER_IN permit 10
 match ip address NET_1

Open in new window


Now if I run sh…
0
When I add a debug to a 4500 switch at new work place, “show log” is failing to display my debug. Which logging command gets that going?
0
I have 8 routers (1 Cisco Small Biz, 1 Netgear AC1600, 6 Engenius) that have all stopped working in the last 2 weeks.  Engenius is working on the issue and is well aware of the problem, but has no idea the cause.  Atleast on the Engenius the firmware has become corrupted and can be restored to old firmware versions like 1.3.0 (When 1.4.13 is the current).  The ISP is Spectrum in 7 of the 8, and Centurylink in the other.  The Engenius routers are ESR300, ESR350, and ESR600 models.  No Engenius Access points have been effected as of yet for me personally.  I would have to believe some vulnerability is responsible for this, and hoping someone may have an idea.
0
We were having a bad quality audio during a large conf. call (around 45 attendees) on Lync and customer thinks it is coming from lack of CoS configuration on LAN devices. Do switches (L2) also need to have a CoS Configuration? Is there an approved std. template for Lync Voice/Video ports etc. ?

Thanks;
1
I have a Sonicwall NSA 3600. I have a block of Public IP's.  I have a Server 2012 vm with two IIS sites and two seperate LAN IP's configured in bindings.  One of the IIS sites has been configurd in the NSA via the wizard. The Address Object is called "web1."  

When trying to run the web server wizard for the second IIS site, i get error "Server name conflicts with existing address object" when entering the same name of "web1" which is the servers DNS name.  I change the name to "web2" and assign my LAN IP and my seperate WAN IP and it completes the wizard and creates rules.  

However, my site is not available at all. Not even by WAN.  I ensure i configure private and public DNS but it wont resolve.

Has anyone seen this issue when running to web sites from one server trying to create the firewall rules in an Sonicwall.
0
Hi all I have a site to site VPN connected via two Cisco routers, the tunnels are up but there is only one-way traffic.

Can you please take a look at my configs to see if there's anything I have missed?

(Show crypto isakmp sa) The tunnel is up (QM_IDLE) after attempting a ping to the other side.

(show crypto ipsec sa)
Traffic from SITE A shows getting encapsulated and decapsulated at the other side but nothing returns.
Traffic from SITE B shows getting encapsulated and then nothing on the other side.

I have a feeling whatever is providing the connectivity to SITE Bs WAN port is blocking my traffic but before I start pointing fingers I would like to be sure.

Thanks in advance.
SITE_A.txt
SITE_B.txt
0
Hi all, please am trying to login to cisco FEX from a switch, but not cleared how to go about it.

I have attached the FEX status on the switch below

If i login to the switch what command do i applied that will let me see all interfaces on the FEX.

Thanks for looking into this for me.
FEX-status.docx
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hello,

I need to set up 2 routers in same network that are connected to 2 different internet providers, 1 of the PCs should get internet only from router A and the other PC should get internet from router B, both PC need to use same printer on the network and to be able to share files between them. What's the best way to configure this kind of network?

Thanks.
0
We have ten gigabit interfaces. How much tunneled traffic would the device be able to push?
0
I am trying to understand the purpose of the number that comes after the "/".
example:
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17

2 means match 2 bits of first octet 10

however whatever I put , the prefix list will care just about the ge 17

to clarify it I have this table before filtering:

R1(config)#do sh ip route 
      10.0.0.0/8 is variably subnetted, 6 subnets, 6 masks
D        10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0

Open in new window


if I use : ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
router eigrp 1
 distribute-list prefix TEST in


R1(config)#do sh ip route

      10.0.0.0/8 is variably subnetted, 5 subnets, 5 masks
D        10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D        10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0

Open in new window


so what 's the purpose of the number that comes after the slash sign "/", example:10.0.0.0/2

Thank you
0
Hello guys,

I´m trying to setup SSTP server on a mikrotik router for multiple multiple.

Is it somehow possible to determinate which SSTP server profile should be used based on Domain?

Example:
I have two domains exmple1.com and example2.com
when some user connects to SSTP server from domain exmaple1 use this SSTP profile when user connects from example2 use another profile.

Any ideas?

Thank you very much!

Regards

Jiri
0
Dear Experts,

Need an advise on BGP along with traffic engineering. We have a simple setup with two ISP links and we have done a simple BGP peering using eBGP with both the ISP's so that if one fails the other one takes over.

Now my question we need to do a further BGP peering with one of a customer who would need us to allocate few subnets and want to publish their subnet via peering. Also we have a new requirement of controlling the bandwidth allocated by per subnet or per IP address and also meter the data consumption.

What is the best way to achieve this? Any overall architecture recommendation along with hardware we might need for this. We also have the requirement to do any changes without any downtime.

Thank you in advance
Best Regards
0
Hi all,

Please can anyone suggest any free simple text editor that can compare two different cisco config side-by-side


Thanks
0

Routers

47K

Solutions

30K

Contributors

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.