Cisco Switch IP Route Setup
Dec 1, 2008
Cisco Switch IP Route setup
This is probably an easy and simple task for someone that have a good knowledge in Cisco, BGP and Blackhole/Synchole communities.
We do have a Cisco 2948G that is our border and through this equipment we apply Blackhole (a sequence of commands to filter all the traffic from the world except our country, this is done by communities that is setup in cisco).
These are the sequence of the commands to apply it for IP 189.1.XXX.40
Enter configuration commands, one per line. End with CNTL/Z. asw-hl01(config)#router bgp 184XX
asw-hl01(config-router)#network 189.1.XXX.40 mask 255.255.255.255 asw-hl01(config-router)#exit
asw-hl01(config)#access-list 50 permit 189.1.XXX.40
asw-hl01(config)#ip route 189.1.XXX.40 255.255.255.255 Null0 250 asw-hl01(config)#
I have another Cisco 2948G that is connected in a FastEthernet port of the border above, and this other cisco is holding another subnet. To make it clear,
Border - I have 189.1.XXX.1 ~ 189.1.XXX.127 (subnet 255.255.255.128)
Cisco2 - I have 189.1.XXX.128 ~ 189.1.XXX.255 (subnet 255.255.255.128)
This is being done through a ip route from Border to Cisco2 to forward subnet 128 ~ 255 to the switch,
ip route 189.1.XXX.128 255.255.255.128 172.16.1.2
Ps: 172.16.1.2 is the internal IP for switch2
Now we go to the problem. If I want to apply a Blackhole (those sequence of commands for an IP located at subnet 128 ~ 255 switch2) it block all the traffic for that given IP, and I cant get access from national backbones. To make it clear,
Blackhole for IP 1 ~ 128 - It works fine
Blackhole for IP 128 ~ 255 - It doesnt work correctly, instead of blocking only international traffic its blocking everything in the world
View 0 Replies
ADVERTISEMENT
Dec 10, 2007
I recently acquired a 2950 switch brand new, this is now on production but I needed several things to be setup on the switch such as SNMP, setup an IP to access it over a browser, etc. etc.
Do you know somebody who offers a setup service for cisco switches?
View 7 Replies
View Related
Sep 23, 2009
I am looking at picking up a switch to mess around with at home. I found the following within driving distance but have no idea of which one will give me more up to date, hands on experience. Any feedback is greatly appreciated.
Used Cisco WS-C5509 Chassis with power supply ( POWER SUPPLY 34-0870-01), and fan (WSC5509FAN)
Cisco WS-X5530-E2 Supervisor Engine III Modules
Cisco Systems WS-U5537-FETX CISCO 4 PORT 100BASETX UPLINK MODULE
Cisco WS-X5234-RJ45 Switch Modules X 8
$160 each.
Cisco WS-C5500 Chassis
POWER SUPPLY 34-0773-03
Cisco Ws-x5550 Supervisor Engine Iii G-series
WS-X5234-RJ45 X 11
For $200
Cisco WS-C5505 Chassis
Cisco WS-X5530-E2 Supervisor Engine III Modules
Cisco WS-U5533-FEFX-MMF Supervisor Engine III Uplink Modules
Cisco WS-X5225R Switch Modules X 2
For $140
View 0 Replies
View Related
Jun 6, 2006
I have 2 racks in a DC that cross connected together. Now, the datacenter gives me 1 port and I would like to put 1 switch at each rack. I have successfully set up 1 switch and connect to the internet. But, I am unable to set up the other.
Below is a diagram of what I want to do: ...
View 12 Replies
View Related
Jan 29, 2009
I'm switching my colo and I currently am going to be hosting in my own colo; therefore I'm going to be switching IP addresses for all my servers.
I have a cisco switch, an APC and a few servers ... I know how to change the IP addresses within linux, but I do not know how to assign them within the switch.
Does anyone know how to do this?
Also, since I'm changing everything, does anyone know if the gateway IP address on each server has to be changed? If so, then how do you do it?
View 2 Replies
View Related
Nov 26, 2007
Since now I utilize Cisco 2924 in my racks, now I am going to install a new rack and I want to know if to install again 2924 or you recommend me 2950? what important differences (pros and cons) offers the 2950 front to 2924?
View 11 Replies
View Related
Dec 9, 2007
new Cisco 2960 switch keeps going offline every 12 hours.
I will power cycle it, then about 12 hours later it goes off again. This is a brand new switch.
View 9 Replies
View Related
Apr 4, 2007
I have a Cisco 2950 and would like to make a script to activate or deactivate a switch port with snmp.
Does someone now the OID or how I can get this? I searched now very long for this in google, but I'm not able to find it.
View 4 Replies
View Related
May 3, 2008
I am in the process of gathering the peices to move from a dedicated box to my own hardware in a local colo and am undecided how best to choose the edge device.
The colo has a 30Mb pipe with about 10Mb of it being constantly used during biz hours. Another 10Mb is being allocated in the next couple of months. I want to be able to burst to the full 30Mb when needed.
I am getting 12 IP's allocated but will increase to 24 soon if all goes well (fingers crossed!).
I will have for starters just a single Proliant running dnp on 2008 with IIS, FTP, Mail, ns1 and a 2003 VM running my secondary ns.
What I am unsure of is the edge device and looking for others that have used either a 2800 series router or a ASA5500 series firewall in a similiar fashion. I know what the raw throughput of each device is, but raw benchmarks are not realworld numbers by any means.
I am looking at the 2801 with IOS Firewall turned on and hopefully even some inspects for FTP and HTTP traffic. The other option and one that I am less familiar with is to use the ASA5505 instead which will do my basic routing but supposedly provide more thourough inspects and advanced rules.
Does anyone have experiance with either of these in a hosting environment and have input on the realistic throughput one can expect from either device?
There is a signifigant cost difference with the ASA5505 being much cheaper but I am more familiar with IOS. Would anyone recommend a 1841 router instead?
View 6 Replies
View Related
Dec 16, 2007
My host has helped me to install a switch. However, I don't know how to configure using the command line. Could anyone help me?
I need to be able to connect to my Cisco switch using Cisco Network Assistant. If you know the command sequence,
View 5 Replies
View Related
Sep 18, 2009
a sales told me i can buy two switch and do series connection,
then if one fail,another will continue to work,
it will take high HA,
but i still can not understand how to do it and work,
could you know what it is?
View 3 Replies
View Related
May 13, 2008
I got 3 IP addresses i am trying to trace and I want to know where this person has send me those from. Is is possible to get exact addresses/locations?, where the person who sent me the emails is from? and Infos which websites have been visited?
This are the 3 IP's i have got:
216.139.189.105
41.204.234.10
82.13.210.203
View 14 Replies
View Related
Jul 3, 2009
After Trace route whats the next thing to do ? When my ISP dynamic IP address is some like and starts with 112.0.0.0 I cannot see all sites on the server. So what I did run a tracert on DOS prompt. After 9 hops and reach this IP 216.18.239.6 everything timed out and it cannot reach my server.
I already tested several Internet access and its reaching the server except my home DSL with the IP 112. I also checked if the IP is block on the firewall but its not present on the block list. I also mentioned this with my internet provider and still waiting for notification.
what to do next?
View 14 Replies
View Related
May 22, 2009
what is needed is a dedicated server or colocation in which my portable IP space (a class c assigned to me in 1995) can be routed to in its entirety. We will then have a VPN back to our own site. This could be accomplished by the ISP BGP peering, or simply announcing the routes themselves. We've got clue in routing, both in OpenBSD and IOS.
The machine doesn't have to be too powerful, and needs little storage space, but the bandwidth provided has to be decent. This is for a hobbyist rather than commercial project, so price is an issue.
View 9 Replies
View Related
Oct 8, 2007
I recently moved a customer's site to a new server. Everything went smoothly except for the fact my customer cannot access the new site. When he pings it he gets the right IP address but it just times out.
The URL is regalfire.co.uk
I asked him to run a tracert command and it seems to find the right path but stops just short of finding the server. The last server he connects to is ge-5-2.the.uk.euroconnex.net [87.127.231.90] which is the same as me. The next step is the actual server but for him it just times out.
I can see the new site fine. His ISP is Virgin Media and I have asked several other customers with the same ISP and they can see the site OK.
He has flushed his DNS cache and the problem remains.
Does anyone have any ideas what I could try next?
View 11 Replies
View Related
Mar 16, 2008
I use geoip so that if ($country="CN") { die(); }
This works on my site. But for some reason I still get the occasional IP's through.
I looked at my Lighttpd server-status and I have 600 connections from 3 different IPs that come from China.
I typically use ./route add -host 222.221.81.3 reject as the way to block them, but it changes from time to time. The Chinese are using 90mbps of bandwidth and I want it to stop as they must be directly hotlinking my content.
How to null route large blocks from China? Please note I want to keep Hong Kong, Macau and Taiwan.
View 6 Replies
View Related
May 31, 2008
ssh is driving me CRAZY right now... On an almost stock CentOS 5.1 install (inside a Xen VPS, though), I changed sshd to listen on 2222 instead of 22 and restarted sshd.
All of a sudden:
Code:
matt@t60:~$ ssh -p2222 64.191.108.xxx
ssh: connect to host 64.191.108.xxx port 2226: No route to host
I should note that I'm actively logged into that IP in another window, and that it responds to ping. There most certainly is a route. Yes, I've quadruple-checked that I have the right IP. And I use the -p2222 daily to connect to another machine. This is a virgin CentOS install; I just changed the "Port 22" line to "Port 2222" and restarted sshd (/etc/init.d/sshd restart).
I am not behind any sort of firewall, unless CentOS installs one that I don't know about. (I own the physical hardware, not just the virtual machine.)
I figured it had to do with this error in /var/log/secure
Code:
May 31 19:18:39 relay120 sshd[23359]: Server listening on :: port 2222.
May 31 19:18:39 relay120 sshd[23359]: error: Bind to port 2222 on 0.0.0.0 failed
: Address already in use.
So I changed (uncommented) the ListenAddress directive to:
Code:
ListenAddress 64.191.108.xxx
and restarted sshd again.
View 5 Replies
View Related
Apr 9, 2007
Recently two servers of mine have stopped communicating with each other and I've been told to create a static route between the two, I am using CentOS 4.4 and not sure what the exact syntax would be
I also have the gateway IP which would be needed.
View 1 Replies
View Related
Aug 31, 2007
As we are finishing our migration plans to Cisco OER. I would like to get everyone's thoughts on the low latency "brand name" internap bandwidth.
Do you think that the high priced brandname is going to continue with Cisco finally releasing OER to what a large number of datacenters use as their primary core switch? In my eyes the FCP and the Avaya/RouteScience platform just lost a lot of value. The OER product looks very complete and in testing works excellent, the final verdict will be in what the platform actually does.
If you are wondering Cisco OER information can be found here [url]
View 10 Replies
View Related
Jun 10, 2007
Hi over the last week ive been having numerous problems with hosting accounts on 2 different servers which has lead me to think that my 'security' is not 'secure' and a malicious user is at play. im in the uk on broadband on a private connection to the internet - no-one else should be sharing this connection. This is the traceroute from my connection at home to the server ive had the most problems with - is this normal?
Traceroute has started ...
View 7 Replies
View Related
Jun 9, 2007
I'm looking for a solution that I can place a firewall between 2 vlans on
a BigIron router with L3 enabled.
For this moment there is one big vlan2 with a ip-route 0.0.0.0 0.0.0.0
123.123.123.123 and a router-interface ve2 with the IP of the router, the
address I use as gateway on the machines behind it.
The WAN port has the IP address to communicate with to the GW of the
carrier-router (123.123.123.122)
Because I want to let the BigIron the routing I was thinking of 2 vlans,
one for the lan-vlan and one for the wan-vlan, but this will be a problem
because I only have one IP-block what I can use.
So the sitiuation must be as follow on the BigIron:
WAN => vlan2 => firewall => vlan3(lan)
Because of the fact that the firewall will be transparent, this should be
no problem to place it between the vlans. The actual problem is how to
manage this. In simple words, I should be able to replace the firewall
with a cross-cable and it should still work.
Cisco for an example has a SVI solution for this, but I can't find such
thing for a Foundry router.
View 0 Replies
View Related
May 31, 2008
This worked yesterday.
Now I get connect: No route to host when I try to FTP.
What to do?
I can ping the IP without problems.
View 9 Replies
View Related
Mar 12, 2007
I wonder how it effects to network performance? The network will be faster? How much? The normal routers can choose the best routes too, is it correct?
View 14 Replies
View Related
Dec 3, 2007
Is there any way to detect network problem/congesting along the route? Assumed that you only have a shell access to the server.
I usually do tracepath/traceroute and ping each hop to see if there's any packet loss. It doesn't seem to be effective as many people say router will drop the packet when it's busy/overloaded depending on configuration.
View 9 Replies
View Related
Jul 11, 2007
Would anyone be kind enough to give me some pointers to route packets from a specific ip on my subnet via the tun0 OpenVPN interface, and all other hosts out the default route of the main routing table
(192.168.1.1 on br0)?
i.e. 192.168.1.2-9 -> via br0, and 192.168.1.200 -> via tun0
I have created the tables:
mkdir /etc/iproute2
echo 201 table1 >> /etc/iproute2/rt_tables
ip rule add from 192.168.1.200/32 table table1
But i am really stuck from here. I tried adding default routes in the table1 but all traffic stops at this point (i am pinging from the host 192.168.1.200 out onto the net, it works as soon as this command below is entered it times out):
ip route add 10.19.0.5 dev tun0 scope link src 10.19.0.6 table table1 (not sure if this is needed - either way doesnt work with or without) ip route add default via 10.19.0.5 dev tun0 table table1
I did try: ip route add default dev tun0 table table1. and again that fails to work. I appreciate this isnt a guessing game hence moving to post here in hope of some expert advice.
Routing table for the main table (table 1 contains the entries from above commands):
root@OpenWrt:~# ip route list table table1
default via 10.19.0.5 dev tun0
root@OpenWrt:~# ip route list table main
10.20.30.40 via 192.168.1.1 dev br0
10.19.0.1 via 10.19.0.5 dev tun0
10.19.0.5 dev tun0 proto kernel scope link src 10.19.0.6
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.4
default via 192.168.1.1 dev br0
There is a point to point link to the OpenVPN server on 10.19.0.5 with a local address of 10.19.0.6, but im not sure if this needs to be added in the table1? I did try by adding ip route add 10.19.0.5 dev tun0 scope link src 10.19.0.6 table table1, but again still the same issue.
With OpenVPN setup to push the redirect-gateway option, all works well with the routing table and the box acts as a router sending everything through it (table shown below - this works fine apart from everyone is routed through it). As mentioned, I would like the tables default route below to only apply to the host 192.168.1.200. I am posting the table below as this does work for all hosts:
root@OpenWrt:~# ip route list table main
10.20.30.40 via 192.168.1.1 dev br0
10.19.0.1 via 10.19.0.5 dev tun0
10.19.0.5 dev tun0 proto kernel scope link src 10.19.0.6
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.4
default via 10.19.0.5 dev tun0
I am masquerading on tun0 as i will be routing a number of hosts through the router:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
I also run 'ip route flush cache' after i enter the routing commands but to no avail.
View 0 Replies
View Related
Jun 6, 2014
I have been stuck on a rather annoying issue using the Route53.php script included within the Plesk Extensions SDK - [URL] ....
Instructions were followed from [URL] .... but there are obvious confusions with the instructions.
First, it never mentions that within Server Management - Extensions you can load the extension and within the AWS Route 53 extension settings and you are prompted to enter in your identifying security keys. But the instructions ask to code these keys into the actual script, must this be done in both places??
Second, how does it operate?? After I install the extension/script must anything else take place? Do I register private dns addresses using my Route 53 ips and the rest is automatic? Should more information be added within the Plesk DNS template area or can I just turn off the DNS/Bind server and only utilize Route 53? There is no feedback in the UI letting you know it is actually on and working.
Third, I have tried to install the script in ssh and I always receive error:
ERR (3) [panel]: PHP Fatal error: Class 'pm_Loader' not found in /......./modules/route53/scripts/route53.php on line 8 I stumbled on a thread discussing this bug at [URL] .... but it leads to a dead end with the author withholding what the bug fix was and how to achieve it.
we utilize AWS Route 53 for a majority of our domains.
PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk Panel v11.5.30_build115130819.13 os_CentOS 6
PROBLEM DESCRIPTION
Unable to integrate Amazon Route 53, vague instructions even for a developer.
STEPS TO REPRODUCE
[URL] ....
ACTUAL RESULT
ERR (3) [panel]: PHP Fatal error: Class 'pm_Loader' not found in /../../.../modules/route53/scripts/route53.php on line 8
EXPECTED RESULT
errorcode0 in ssh and some indication the extension is working properly within the Plesk Panel UI.
View 2 Replies
View Related
Aug 30, 2009
I am looking at getting some Qwest bandwidth at 200 Paul, San Francisco. Not being too familar with Qwest's network and as part of evaluating that decision I did some testing to see how the routes/latency looked from various points on the Internet and from our other data centers. For pretty much all the testing I did from the major tier 1/2 networks, Qwest has great peering in places you would expect resulting is decent routes and low latency.
The strange thing is that the one exception is routes from Level 3. As an example, traffic from various Northern California points on Level 3's network to a test IP on Qwest's network in Sunnyvale all go via Denver to connect to Qwest and then back to the Bay Area. For LA originating traffic, it goves via Dallas. Same thing for Seattle that is going via Denver.
Hard to imagine these two tier 1 providers don't peer at any location on the west coast at all? Is this typical between these two or is there some temporary outage right now? Or is there some peering spat going on between them?
Seems pretty silly for traffic to go 3,000 miles between points that are only 10 miles apart!
Here is an example of the route to a test IP sunnyvale.speedtest.qwest.net (205.171.214.185):
1 vlan89.csw3.SanJose1.Level3.net (4.68.18.190) 0 msec
vlan79.csw2.SanJose1.Level3.net (4.68.18.126) 0 msec
vlan99.csw4.SanJose1.Level3.net (4.68.18.254) 0 msec
2 ae-62-62.ebr2.SanJose1.Level3.net (4.69.134.209) 216 msec
ae-82-82.ebr2.SanJose1.Level3.net (4.69.134.217) 4 msec
ae-72-72.ebr2.SanJose1.Level3.net (4.69.134.213) 204 msec
3 ae-3.ebr1.Denver1.Level3.net (4.69.132.58) 204 msec 200 msec 204 msec
4 ae-11-51.car1.Denver1.Level3.net (4.68.107.6) 224 msec
ae-11-55.car1.Denver1.Level3.net (4.68.107.134) 212 msec *
5 dvr-brdr-01.inet.qwest.net (63.146.26.133) [AS209 {ASN-QWEST}] 24 msec 28 msec 28 msec
6 dvr-core-01.inet.qwest.net (205.171.10.54) [AS209 {ASN-QWEST}] 24 msec 24 msec 28 msec
7 * * *
8 svl-svcs-01.inet.qwest.net (205.171.214.98) [AS209 {ASN-QWEST}] 28 msec 28 msec 28 msec
9 svl-speedtest-01.inet.qwest.net (205.171.214.185) [AS209 {ASN-QWEST}] 28 msec 28 msec 28 msec
Anyone have experiences with using Qwest bandwidth in Northern California they care to share?
View 0 Replies
View Related
Nov 1, 2013
I'm trying to integrate AWS Route 53 DNS service with Plesk 11 but cant get it to work after carefully following the steps in the administrator and developing extensions guides.
View 19 Replies
View Related
Apr 11, 2008
i get this error
I no u gotta added 2 lines in proftpd.conf but i can't seem to find it no where! here's my errors!
[L] PASV
[L] 227 Entering Passive Mode (64,85,164,21,193,144).
[L] Opening data connection IP: 64,85,164,21 PORT: 49552
[L] Data Socket Error: No route to Host
[L] List Error
[L] PASV
[L] 227 Entering Passive Mode (64,85,164,21,202).
[L] Opening data connection IP: 64,85,164,21 PORT: 57546
[L] Data Socket Error: No route to Host
[L] List Error
[L] 421 No Transfer Timeout (300 seconds): closing control connection.
[L] Connection lost: 64,85,164,21
i really do not no there's a command for passive mode or something in proftpd.conf can't seem to find it no where!
View 5 Replies
View Related
Oct 7, 2014
I am trying to configure Apache 2.2 on Linux Mint 17 ( derived from Ubuntu 14 LTS).
I am wanting to create a variety of localhost sites all for development. One of those is built on Laravel 4. I have followed every tutorial I can find yet, for some reason which I do not understand ALL my sites route back to the Laravel root document when called from the browser. Just don't get it.
Here is my hosts file:
Code:
127.0.0.1 localhost
127.0.1.1 vince-XPS-8300
127.0.0.1 auburntree
127.0.0.1 example
Here is the Laravel conf file:
Code:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin mail@shaw.ca
ServerName auburntree
DocumentRoot /var/www/auburntree/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Here is the alternative "example" conf file with just "hello world" in it.
Code:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin mail@shaw.ca
ServerName example
DocumentRoot /var/www/example/test.html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Both conf files have been enabled.
View 3 Replies
View Related
