Menu
The Cisco ASR1001 Router belongs to the Cisco aggregation services family of routers. The Cisco ASR1001 Router performs by default at 2.5G line rate can be upgraded to 5G line rate through software-base license. The Cisco ASR series is a fast, resilient and talented platform as it uses less rack space and consumes less power than other routers. The Cisco ASR 1001-X Router has two power supply slots, power supply slot 0 (PS0) next to the Standby switch and power supply slot 1 (PS1) to the right, as shown in the below figures. Note The Cisco ASR 1001-X Router has redundant power supplies that can be hot-swapped.
Similar Messages:
Cisco Switching/Routing :: 4510E License Required For BGP?
May 3, 2012I have a 2 X 4510E switch with dual sup-7E running as the core switches of my company. we would like to enable BGP on these switches, according to cisco released datasheet IPBase license does NOT support BGP. When i typed question mark, BGP commands did show up. I just wonder does BGP really works on this image/license or we need to upgrade to ent license?
Cisco :: How To Create Ipsec Tunnel
May 4, 2011how to create ip sec tunnel using these parameters. customer ip where tunnel has to be connected 1.1.1.1
ISAKMP Parameters: (Phase I)
Encryption: AES-256 or 3DES
Authentication Mode: Pre-shared key
[Code]......
ISAKMP Parameters: (Phase I)
Encryption: AES-256 or 3DES
Authentication Mode: Pre-shared key
[Code]......
Cisco VPN :: Can 881 Router Create L2TP / IPsec Tunnel Via NAT
Feb 23, 2011Successfull in setting up an L2TP/IPsec tunnel through NAT-T against a Windows 2008/ R2 RRAS server? I am using an 881 router and the layout is someting like this:Client -> 881 -> NAT -> internet -> Windows 2008 RRAS.The tunnel goes form the 881 to the Windows server (not from the client...).
Cisco VPN :: VPN 3000 Setting Two Concentrators At Different Sites To Create Ipsec Tunnel
May 20, 2011I'm currently setting up two VPN 3000 Concentrators at two different sites to create a IPsec LAN-to-LAN Tunnel. I have gone through all the basic configuration guides on the CISCO site, but a LAN-to-LAN session is never created. I have enabled the logs on the Concentrator and it displays no errors at all - it appears the Concentrator is not even trying to establish a IPsec LAN-to-LAN Tunnel.After running through the standard setup provided by CISCO, is there anything I need to do to make the Concentrator try to create a Tunnel, or should this be automatic once all settings are in place?
Cisco Switching/Routing :: 1941 / IPSec Tunnel Up No Traffic?
Mar 7, 2013I have an IPSec tunnel configured on my Cisco 1941. The other device is an ZyXEL router.I can see the tunnel is up but there is no traffic.This comes out the show crypto ipsec sa
interface: Dialer1
Crypto map tag: CMAP_AVW, local addr 10.10.10.89
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0)
current_peer 20.20.20.161 port 500
[code]....
interface: Dialer1
Crypto map tag: CMAP_AVW, local addr 10.10.10.89
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.150.0/255.255.255.0/0/0)
current_peer 20.20.20.161 port 500
[code]....
Cisco WAN :: Technology Package License For ASR 1001?
May 29, 2012How can i find the list of features supported in ASR for various license
1) IP Base
2) Advance IP Services
3) Advanced Enterprise Services.
1) IP Base
2) Advance IP Services
3) Advanced Enterprise Services.
Cisco Switching/Routing :: Apply A QOS For Traffic LAN In ASR 1001?
Jan 31, 2013i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in 'service instance 1' to marking data with ef31 but i noticed that the class 'plateform_datacenter' match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter :
sh policy-map interface gigabitEthernet 0/0/0 service instance 1
GigabitEthernet0/0/0: EFP 1
Service-policy input: MARKING-OTV
Class-map: Platforme_DC (match-any)
[code].....
tha policy-map march trafic for Datacenter :
sh policy-map interface gigabitEthernet 0/0/0 service instance 1
GigabitEthernet0/0/0: EFP 1
Service-policy input: MARKING-OTV
Class-map: Platforme_DC (match-any)
[code].....
Cisco Switching/Routing :: ASR 1001 - Trace Route / HSRP / VRF
Mar 24, 2013when i make a trace route on an ASR 1001 router to 172.23.30.7 I get the following output:
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.99.192 0 msec
192.168.99.191 1 msec
192.168.99.192 0 msec
2 172.23.30.243 1 msec 1 msec 1 msec
3 172.23.30.7 1 msec 1 msec 1 msec
Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.99.192 0 msec
192.168.99.191 1 msec
192.168.99.192 0 msec
2 172.23.30.243 1 msec 1 msec 1 msec
3 172.23.30.7 1 msec 1 msec 1 msec
Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
Cisco Switching/Routing :: ASR 1001 - IKE Phase 2 SA Expires Immediately
Dec 11, 2012I am migration an IPsec site to site VPN config to a new ASR1001 router «facing» a Linux box (ipsec-tools + racoon). As the Debian Linux does not offer VTI, I am using a crypto map.
The working config is given below with the corresponding logs on the Linux side.
When I try to apply this previously working config to the ASR1001, I get the following error :
000855: *Dec 12 18:28:21.859 UTC: %ACE-3-TRANSERR: IOSXE-ESP(14): IKEA trans 0x1350; opcode 0x60; param 0x2EE; error 0x5; retry cnt 0
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: initiate new phase 1 negotiation: 194.214.196.2[500]<=>130.120.124.8[500]
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: begin Identity Protection mode.
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: DPD
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt(code)
The working config is given below with the corresponding logs on the Linux side.
When I try to apply this previously working config to the ASR1001, I get the following error :
000855: *Dec 12 18:28:21.859 UTC: %ACE-3-TRANSERR: IOSXE-ESP(14): IKEA trans 0x1350; opcode 0x60; param 0x2EE; error 0x5; retry cnt 0
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: initiate new phase 1 negotiation: 194.214.196.2[500]<=>130.120.124.8[500]
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: begin Identity Protection mode.
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: DPD
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt(code)
Cisco Switching/Routing :: Deploy OTV Using ASR 1001 Between 2. does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
Cisco Firewall :: ASA Trial License 5500 Required
Feb 24, 2011Is there a Security Plus trial license available for the ASA 5500 series? I currently have one sitting around that I would like to use for testing, but it only has the base license.
Cisco Routers :: Set A VPN IpSec Tunnel GW To GW Tunnel Between RV110W
Oct 17, 2012I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
Cisco Wireless :: AIR-LAP-1141 / Is License Required To Upgrade From LWAP To Autonomous
![Cisco Cisco](http://img.router-switch.com/media/wysiwyg/Cisco-ASR-Routers/ASR1002/ASR1002_Front_Panel.jpg)
I have a customer who accedentally got a AIR-LAP-1141. He needs it to be autonomous. If I convert from LWAP to Autonomous, will there be a licensing issue?
Cisco Firewall :: Is It Required For 3des License Upgrade For ASA 5510 To Reboot
Oct 1, 2012Is it required for the 3des license upgrade for the asa5510 to reboot for the further configuration of site2site tunnels.
Cisco VPN :: 3020 - License Required To Deploy VPN Solutions For Remote Users?
Apr 9, 2012Currently we have a CISCO 3020 VPN Concentrator to terminate Lan-to-Lan tunnels and have our mobile workers connect via CISCO VPN client (300 users-employees and contractors-). Since this device is coming to an EOL this year we purchased a CISCO 5520 (below are the current licenses on it)
The licensing seems rather complicated, therefore this is my question:
- What VPN solution do you recommend for our users and contractors? it is my understanding the CISCO VPN client does not work with ASA 5500 series devices
- Is there a license needed to deploy VPN solutions for our remote users(employees/contractors)?
The licensing seems rather complicated, therefore this is my question:
- What VPN solution do you recommend for our users and contractors? it is my understanding the CISCO VPN client does not work with ASA 5500 series devices
- Is there a license needed to deploy VPN solutions for our remote users(employees/contractors)?
Cisco VPN :: IPsec On 2951 Required
Jan 10, 2010setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab. I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s. After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on 'c2951-universalk9-mz.SPA.151-2.T2.bin' and the only crypto options.
Cisco Switching/Routing :: 7600 SIP-400 MIB Required
Apr 14, 2010I have Cisco 7609 router and we have observed that router is rebooted due to the following error ;SLOT 3: Apr 13 16:06:26.621: %CARDMGR-2-ESF_DEV_ERROR: An error has occurred on Egress ESF Engine: Control Store Parity Error SLOT 3: Apr 13,Slot -3 we have SIP-400 card. We would like to know if there is any MIB which can monitir such reboots.
Cisco Switching/Routing :: 10Ge Interface Can Be Set Down To 1Ge If Required
Nov 17, 2011How to confirm if a 10Ge interface can be set down to 1Ge if required ?
Cisco Switching/Routing :: Required Power For WS-SVC-NAM3-6G-K9?
Oct 1, 2012What is required power in Watts for this card in Catalyst 6500? Or the 'show power' ouput with this card included?
Cisco Switching/Routing :: 3560G Upgrade Required
Feb 20, 2013I have a WS-C3560G-24TS-S running 12.2(50)SE5 with IPBASE. I have been told that the functionality i seek (multicasting) is only available in the IPSERVICES version of the software. I was reading up on upgrading and saw that i needed to do a show license and get the UID and Serial number and get a license that is tied to my box. But the show license command doesnt work wtih my box. i then found something that said that the 3560's were special in that way. Im not sure how to get this box upgraded. I have a different 3560 running the IPSERVICES elsewhere in my organization. Can i take the IOS Version and update my switch to that?
Cisco Routers :: RSV 4000 - Additional License For IPsec VPN?
Jan 4, 2012RSV 4000 bundle with IPSECVPN. Any additional license for IPSECVPN ?
Cisco VPN :: 5510 - How To Create ASA / VPN Tunnel
Jun 11, 2013We currently run dual ASA 5510's in A/S config on our main campus. We would like to create a VPN tunnel to a branch campus. Trying to decide between a 5505/5510/5512x, We would like to extend many of the capabilities of our network to the branch campus which will be 20-50 users on a 50mb/10mb internet connection.
Domain login
System Center workstation management
Cisco WCS
Shoretel voip
(Cisco NAC?)
Several different VLANs for wireless guest, student traffic, staff traffic, voip traffic, etc. Which device would be best and should we get the security plus license with it?
Domain login
System Center workstation management
Cisco WCS
Shoretel voip
(Cisco NAC?)
Several different VLANs for wireless guest, student traffic, staff traffic, voip traffic, etc. Which device would be best and should we get the security plus license with it?
Cisco VPN :: Create VTI Tunnel From 877 Router To ASA?
May 13, 2012I woulke like to know is it possible to create a VTI tunnel from my 877 router to my ASA, rather than creating a cryptomap on the router ?
Cisco Firewall :: Is ASA 5510 Firewall Required Any Subscription Or License
Nov 15, 2012I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
Cisco Switching/Routing :: 4900M Management Configuration Required
Dec 8, 2011I am just going to deploy some new 4900Ms for a customer. Want to know if configuring management for 4900 (everything like NTP, AAA, SNMP , DNS ) is doable through management interface in management VRF and there are no caveats to be aware of.
Cisco Switching/Routing :: Catalyst 2960S Stack Required
Dec 1, 2010I have a new problem with Catalyst 2960S. We have four switch in a stack and now I get the message:
“%PLATFORM_RPC-3-MSG_THROTTLED: RPC Msg Dropped by throttle mechanism: type 37, class 14, max_msg 32, total throttled 73968 (hostname1-2)”
Traceback= 13A686C 160862C 160E0B4 15E2088 184FD48 18467B8
sh switch de
Switch/Stack Mac Address : 68bd.abc9.0000
H/W Current
[Code]....
“%PLATFORM_RPC-3-MSG_THROTTLED: RPC Msg Dropped by throttle mechanism: type 37, class 14, max_msg 32, total throttled 73968 (hostname1-2)”
Traceback= 13A686C 160862C 160E0B4 15E2088 184FD48 18467B8
sh switch de
Switch/Stack Mac Address : 68bd.abc9.0000
H/W Current
[Code]....
Cisco Switching/Routing :: IOS Level Support Required For WS-X6748-GE-TX?
Nov 21, 2012currenly running a C6509E, with a WS-SUP720-3B running IOS level S72033-adventerprisek9_wan-MZ.122-22.SXH3. I want to install a WS-X6748-GE-TX blade and would like NOT to have to upgrade IOS at this time. Future migrations are planned. Can this be done?
Hi Folks, We are looking at buying an ASR1001 but I'm confused by the Licenses and I've struggled to find the information in the cisco data sheets. The router will need to run IPSEC on gre tunnels and I figure that I need the IPSEC license (FLSASR1-IPSEC) do I also require the Advanced IP Services license? Or is all that is required the IPSEC license? Is there some sort of list that shows the feature set of each license, they cost the same amount so I'm not sure which license fits what we require best or if we need both. I have 4 ASR1001s and am in the process to put PFD onto them. I am running the following release: Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSAL-M), Version 15.1(1)S, RELEASE SOFTWARE (fc1) License Package Information for Module:'asr1001' Module name Image level Priority Configured Valid license asr1001 adventerprise 1 NO adventerprise advipservices 2 NO advipservices ipbase 3 NO ipbase Current License Level: ipbase cisco ASR1001 (1RU) processor with 1217916K/6147K bytes of memory. 4 Gigabit Ethernet interfaces 32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory. 7741439K bytes of eUSB flash at bootflash. Do I need to get a different software release to make BFD happen? Thanks Joerg. Implement licensing in Cisco CallManager administration to accurately track the number of devices that a customer has connected to Cisco CallManager, including third party SIP phones and compare it with the number of unit licenses that have been purchased. Licensing feature helps in managing Cisco CallManager licenses and in enforcing the licenses for Cisco CallManager applications and the number of IP phones. Using the Licensing Configuration window in Cisco CallManager Administration, you can manage the phone and node licenses purchased and used by the customer.
Cisco ASR 1001-X Router Hardware Installation Guide Cisco Systems, Inc. See stock levels for the distributors/wholesalers of ASR1001, compare trade prices, sell ASR1001 on your web store.
Licenses are generated for requested Cisco CallManager nodes (servers in a Cisco CallManager cluster) and the phones that are associated with those nodes. Each phone type requires a fixed number of licenses and this number is called as phone license unit. For example, Cisco 7920 phones requires four license units and Cisco 7970 phones require 5 units. If you want licenses for four Cisco 7920 phones and four Cisco 7970 phones, then you require 36 phone license units.
To determine the number of units of licenses required for each phone, see Cisco CallManager Administration Guide. Try: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter531ebb.html.
This may sound like a simple question but believe me I have scoured documentation and cannot see how to install the Nokia E51 cop file into Cisco Call Manager v6.1. I have the cop file (from Nokia), can anyone give me some direction on where and how this should be installed. Also, i read you need a licence to run the E51 over CUCM. Where do I get this licence from? Is it a licence from Cisco or from Nokia?
I have already installed Intellisync for Cisco V1.1 on the phone and can see there is a 60 day trial licence which is fine for now but if the test goes well I want to make these live. Any other advice from anyone using an E51 or similar with CUCM 6.1 (or earlier in fact) please let me know. Hi, I am using the below command structure the same as all of other routers.
However, when I attempt to type commands it says 'Authorization failed.' The only difference between this routers and our others is it is an Cisco ASR1001. Is there any special configuration required for this router that I am missing? Aaa authentication login default group TACACS-SERVERS local aaa authorization exec default group TACACS-SERVERS local aaa authorization commands 1 default group TACACS-SERVERS local aaa authorization commands 15 default group TACACS-SERVERS local aaa accounting exec default start-stop group TACACS-SERVERS aaa accounting commands 1 default start-stop group TACACS-SERVERS aaa accounting commands 15 default start-stop group TACACS-SERVERS aaa accounting connection default start-stop group TACACS-SERVERS aaa accounting system default start-stop group TACACS-SERVERS. Hi everybody, My question, after roaming the internet and cisco page,is: Does ASA5505 comes with VPN SSL licence or do you need to purchase it?
My guess is that you do need to buy it! Can I purchase VPN SSL licence for Cisco 1941 ISR G2 router and then after my company upgrades its network infrastructure and buys ASA's, transfer those licences on to ASA's? We are talking about 3 router on different locations, hence there will also be 3 ASA's when the time comes. Is there a link somewhere where I can see prices of all licences? Hope you can help me Thanks a lot!
Hello, My customer has a old CUCM 5.1 running on a MCS 7835. He wants to migrate to CUCM 7.1 on a HP DL 320 he has.
When i look on 'Cisco Unified Communications Solutions Ordering Guide', i see: 'Cisco Unified CallManager 4.x or Cisco Unified Communications Manager 5.1 to Cisco Unified Communications Manager7. 0 There is no migration SKU. Re-purchase Cisco Unified Communications Manager 7.0 as if it were a new system.' Because my new server is not a MCS, i have to purchase: UNIFIED-CM-7.1 CM7.1-K9-DL320G5P My question is: must i order 'LIC-CM7.1-7825=' too? (DL320 is equivalent to MCS 7825) One thing to know is that i already have a licence node for the CUCM in 5.1. Hello, My customer has a old CUCM 5.1 running on a MCS 7835.
He wants to migrate to CUCM 7.1 on a HP DL 320 he has. When i look on 'Cisco Unified Communications Solutions Ordering Guide', i see: 'Cisco Unified CallManager 4.x or Cisco Unified Communications Manager 5.1 to Cisco Unified Communications Manager7. 0 There is no migration SKU. Re-purchase Cisco Unified Communications Manager 7.0 as if it were a new system.' Because my new server is not a MCS, i have to purchase: UNIFIED-CM-7.1 CM7.1-K9-DL320G5P My question is: must i order 'LIC-CM7.1-7825=' too? (DL320 is equivalent to MCS 7825) One thing to know is that i already have a licence node for the CUCM in 5.1.
Hi I am changing IOS of Cisco ASR 1001 from asr1001-universalk9.03.07.02.S.152-4.S2.bin to asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin but everty time it boot up with old IOS universalk9. Is it becaused of Licence issue. Router#sh bootvarBOOT variable = bootflash:asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin,12;bootflash:asr1001-universalk9.03.07.02.S.152-4.S2.bin,12;CONFIG_FILE variable does not existBOOTLDR variable does not existConfiguration register is 0x2102 License Level: advipservicesLicense Type: PermanentNext reload license Level: advipservices cisco ASR1001 (1RU) processor with 1155941K/6147K bytes of memory.Processor board ID SSI1607042B4 Gigabit Ethernet interfaces32768K bytes of non-volatile configuration memory.4194304K bytes of physical memory.7741439K bytes of eUSB flash at bootflash. Configuration register is 0x2102.
Hi everyone, I have six RD remote locations running tests on a test VLAN 996. I need these six remote locations to contact a test network in a data center that is also on VLAN996. The remotes locations are using Cisco 3845s and the data center is using a Cisco ASR1001. I need to span this VLAN 996 from the six locations's Cisco 3845s to the data center's ASR1001.
I see that I can only create a single xconnect statement under the VLAN 996 sub-interface on the ASR1001. Is there any way to create multiple xconnect statements under the sub-interface or is there another way to configure this? Thank you for the help in advance. Covered in similar/earlier post --- The 1501 users are still covered. The appliance is not going to count/disable based on any counters or usage tied to the license/feature keys. The Sales Ops/Account team should be selling the license/feature keys based on appliance sizing, and the expected users or product environment.
You should open a dialog directly with your Sales Ops/Account team or Reseller to directly answer the users per license/feature key. If there are specific licensing questions - you can also contact our Global Licensing Operations (GLO): Licensing FAQ Phone: 1-800-553-2447, opt 3 Request to have a case opened for GLO/Licensing. Their email directly is: [email protected] I hope this helps! -Robert (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!). Hi Zeeshanraza, From this Cisco documentation: Configuring ERSPAN 'The monitor session span-session-number type local command is not supported on Cisco ASR 1000 Series Routers.' Alternatively you can try using ERSPAN as Local SPAN Example: Configuring an ERSPAN as a Local SPAN The following example shows how to configure an ERSPAN as a local SPAN. Monitor session 10 type erspan-source source interface GigabitEthernet0/0/0 destination erspan-id 10 ip address 10.10.10.1 origin ip address 10.10.10.1 monitor session 20 type erspan-destination destination interface GigabitEthernet0/0/1 source erspan-id 10 ip address 10.10.0.1 Regards, Hendro.
Hi All, I am having a problem with a new ASR1001 we have just installed. We have connected it via single mode fibre to a Cisco 7609, with a /30 IP address. The interface uses MTU 9216 (the max) and is up and working ok.
However when we do a ping sweep across the interface it begins dropping packets which are a large size. It never drops small packets, only large ones. Upon investigating further i found the loss starts at size 11465. So pings at size 11464 are fine, 100% success, however 11465 shows 30% packet loss. This level of packet loss does not rise the larger the size of the ping it stays about the same. The packets drop completely randomly, no pattern, sometimes 10 work in a row, sometimes 10 fail, sometimes its mixed.
I am at a loss as to what could be causing this, anyone have any suggestions? Hi All, I am having a problem with a new ASR1001 we have just installed. We have connected it via single mode fibre to a Cisco 7609, with a /30 IP address. The interface uses MTU 9216 (the max) and is up and working ok. However when we do a ping sweep across the interface it begins dropping packets which are a large size. It never drops small packets, only large ones.
Upon investigating further i found the loss starts at size 11465. So pings at size 11464 are fine, 100% success, however 11465 shows 30% packet loss. This level of packet loss does not rise the larger the size of the ping it stays about the same.
The packets drop completely randomly, no pattern, sometimes 10 work in a row, sometimes 10 fail, sometimes its mixed. I am at a loss as to what could be causing this, anyone have any suggestions? Dear community, we have a DMVPN environment running about 20.000 tunnels, Hub-Spoke (of course). Due to dependencies on 3rd party routers we are still forced to use RIPv2 as the routing protocol between Spokes and Hub.
Now I am facing the question which performance an ASR1001 can provide with DMVPN(ipsec)/Ripv2. Cisco IOS-XE Release 3.4S Cisco officially announces performance and scalabitlity information for DMVPN/BGP or DMVPN/EIGRP which has a maximum of 4000 I hope that someone has similar environments. Thanks in advance Maik. Good morning everyone, I am currently defining the architecture for a very simple VoIP network that is to be installed in a small office (about 70 VoIP extensions). Initially, we don't want to include any special feature, just the internal voice IP service and the ability to make up to 4 simultaneous external phone calls through PSTN. We are going to acquire a Cisco 2921 Router, the SL-29-UC-K9 Unified Communications licence and a VIC2-4FXO. I have been reading about ISR G2 licensing, but I am still not sure of fully understanding what we need for this project.
My question is, does the UC licence for the Cisco 2921 include the FL-CME licence to use the Call Manager Express functionality? Do we need something else? Any special license for the FXOs functionality?
Thank you for your help Pablo. Simple and small VoIP network? You may consider SMB line of Cisco products. Something like SPA5xx or SPA3xx phone in SIP mode as end user phone.
You are not limited to Cisco product, there are so many solutions based on Asterisk software. Some of them have PSTN interface cards inside already, or you can use third party gateways. Either Cisco's or something like Berobox.
Advantages: cheap, but still very reliable solution, flexible in features, it's possible to maintain high level of security, scalable from few lines to few hundreds lines. Once you designed first network, you can reuse the solution design easily. Disadvantages: it require skilled architect (you) to design reliable network, Cisco support for SMB segment devices is poor. I designed several VoIP network based on SPA504G and cheap generic PC with Asterisk software (running on configuration I designed). The smallest network have about 20 users, the largest have few thousands users in 7 countries. Hi, we have a 3-DES IPSEC LAN-2-LAN between a Pix 501 and a VPN3005.
The Pix has a 50 User Licence, 20 Devices are active on the LAN connected to the pix. We use a Thin Client Manager program (at the VPN 3005 site), scanning the Pix LAN segment using UDP Port 161 and 1646. I have determined, that the Pix counts the connection even there is no such an active host (IP address) on the Pix Lan, so the licenses will exceed the 50 User License (sh local-host). Are there a way to circumvent this behaviour? (I know I can decrease the XLATE for UDP from default 5min to 1 min or I can use access-list on the inside Interface to permit only the active hosts).
Does Cisco has a technical documentation how the usage of the licence is explained? Thanks in Advance, Dirk. Hi Hellabella, Welcome to Adobe Forums. Please check the below mentioned link: creativesuite6.edu.html Note: You can't upgrade from one Student and Teacher Edition to another Student and Teacher Edition - You can only upgrade from one Student and Teacher Edition to a commercial version. However, this upgrade cost is often more expensive than just buying the new version at the Student and Teacher Edition discounted price of up to 80% off (assuming you meet all eligibility requirements.) Hope this helps. Please reply for any assistance.
Hi, We have an annoying issue that has happened twice now in the past couple of months. We are using a Cisco ASR1001 for our WAN connection to 2 remote sites. From the ASR we have a 2 port etherchannel using LACP into our switch (Cisco 3750G). Twice now, the etherchannel has gone down, the interfaces were up but line protocol down. The first time I consoled into the device and got halfway through typing a couple of show commands and the portchannel interface came up again by itself. The second time, I tried shut/no shut on both the router and switch and got nothing. I reloaded the router and the portchannel came back up straight away.
Thanks in advance for your help! What license do I need to create a IPSEC tunnel? I have an ASR 1001, running? The part number is CD-3750G-48EMI= Note that your SMARTNet Maintenance will change. Below are the options and part numbers (part #'s are in parenthesis). SMARTNET 24X7X2 Cat 3750 48 10/100/1000T PoE + 4 SF (CON-S2P-3750GPE) 24x7x2 ONSITE 24X7X4 Cat 3750 48 10/100/1000T PoE + 4 SF (CON-OSP-3750GPE) 24x7x4 ONSITE 8X5X4 Cat 3750 48 10/100/1000T PoE + 4 SF (CON-OSE-3750GPE) 8x5x4 SMARTNET 24X7X4 Cat 3750 48 10/100/1000T PoE + 4 SF (CON-SNTP-3750GPE) 24x7x4 SMARTNET 8X5X4 Cat 3750 48 10/100/1000T PoE + 4 SF (CON-SNTE-3750GPE) 8x5x4 ONSITE 8X5XNBD Cat 3750 48 10/100/1000T PoE + 4 SF (CON-OS-3750GPE) NBD AR SMARTNET 8X5XNBD Cat 3750 48 10/100/1000T PoE + 4 SF (CON-SNT-3750GPE) NBD AR.
Hi Guys, I need to troubleshoot an package loss issue and for that I would like to use 'monitor capture' but it just do not start, see bellow. ASR1001#sh monitor capture cap_out Status Information for Capture cap_out Target Type: Interface: GigabitEthernet0/0/1, Direction: both Status: Inactive Filter Details: Access-list: acl-out Buffer Details: Buffer Type: CIRCULAR Buffer Size (in MB): 10 Limit Details: Number of Packets to capture: 0 (no limit) Packet Capture duration: 60 Packet Size to capture: 0 (no limit) Maximum number of packets to capture per second: 1000 Packet sampling rate: 0 (no sampling) ASR1001#monitor capture cap_out start Unable to activate Capture. Did anyone face that? Harish According to Cisco doc's it is mentioned that we can use DH group 14 or 16 and in the command references you can also check the command used to run this group.
As these groups are added in Cisco IOS XE Release 2.2These commands are further modified in the version 15.1(2)T to use with IKEv2 proposals. According to Cisco Recommendation the 2048 bit group 14 and 24 can be used till 2030. Regards,Rahul ChhabraNetwork EngineerSpooster IT Services.
Hi, I have a problem with a licence for ASR 1001 router, We buy for our client 2 licence in order to have IPSEC VPN configured on the ASR, The licences are: advipservices and IPSEC. Hi All I would like to know what would happen to traffic exceeding supported maximum encrypted traffic? With the current ASR1001 2.5G ESP module, Cisco supports upto 1Gbps of IPSec encrypted traffic.
- My question is what would happen to excess traffic (above 1Gbps) that must be encrypted, will the router drop the excess traffic or pass it through as clear text? - If it will send it through as clear text, is there a way i.e show command that I can use to view/check if there was packets that were not encrypted? I would also appreciate links/url that can provide such information. Thanks and regards Mpho. Yes, I agree with Saurabh, its possible but its limited. It would be interesting to know what your expectation is.
Some examples: * booking management is limited without TMS * centralized phonebooks would come with TMS * statistics come with TMS * Monitoring / Alerts are also done by TMS * uri dialing is not possible without VCS or CUCM * if you need to use NAT in between endpoonts and the VCS that would be handled by a VCS-E * enhacned features like integration, bandwidth management, authentication. (VCS and or CUCM) * b2b dialing (VCS) *. Hi, I want to purchase Cisco ASR 1001 router, I need to run ssh, Crypto, IPSec VPN ( 3DES, ESP ) and Gre Tunnels on it. I am confused with different IOS / Licenses of ASR 1001, can any one please suggest me with the part numbers that i need to put in for ordering? From my Vendor quote i can see that below is the part of the packege ( part number = ASR1001 ) SASR1001UK9 Cisco ASR1001 IOS XE - ENCRYPTION UNIVERSAL but there is another Technology based license required and this is not included in the above part number packet so i need to know which one i need to buy from below?
ASR1001/ASR 1002-X Technology Package Licenses SLASR1-IPB Cisco ASR 1000 IP BASE License SLASR1-AIS Cisco ASR 1000 Advanced IP Services License SLASR1-AES Cisco ASR 1000 Advanced Enterprise Services License SLASR1-IPB= Cisco ASR 1000 IP BASE Paper PAK L-SLASR1-IPB Cisco ASR 1000 IP BASE E-Delivery PAK. Hi, I want to purchase Cisco ASR 1001 router, I need to run ssh, Crypto, IPSec VPN ( 3DES, ESP ) and Gre Tunnels on it. I am confused with different IOS / Licenses of ASR 1001, can any one please suggest me with the part numbers that i need to put in for ordering? From my Vendor quote i can see that below is the part of the packege ( part number = ASR1001 ) SASR1001UK9 Cisco ASR1001 IOS XE - ENCRYPTION UNIVERSAL but there is another Technology based license required and this is not included in the above part number packet so i need to know which one i need to buy from below? ASR1001/ASR 1002-X Technology Package Licenses SLASR1-IPB Cisco ASR 1000 IP BASE License SLASR1-AIS Cisco ASR 1000 Advanced IP Services License SLASR1-AES Cisco ASR 1000 Advanced Enterprise Services License SLASR1-IPB= Cisco ASR 1000 IP BASE Paper PAK L-SLASR1-IPB Cisco ASR 1000 IP BASE E-Delivery PAK.
Hi friends, I am trying to upgrade the software on the ASR 1001 currently running IOS XE Version: 03.06.00.S Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1) I had downloaded the file 'asr1001-universalk9.03.07.01.S.152-4.S1.bin' from the cisco website and uploaded on the router's bootflash. Then I pointed the boot to this file by: (conf t)# boot system flash asr1001-universalk9.03.07.01.S.152-4.S1.bin also tried (conf t)# boot system flash /asr1001-universalk9.03.07.01.S.152-4.S1.bin but everytime it boots, it gives the following error while booting and finally boot up with the old image: Initializing Hardware. Calculating the ROMMON CRC. CRC is correct System Bootstrap, Version 15.0(1r)S, RELEASE SOFTWARE Copyright (c) 1994-2010 by cisco Systems, Inc. Current image running: Boot ROM1 Last reset cause: Watchdog/ICH....................................... ASR1000-1RU platform with 8388608 Kbytes of main memory............................................................................... Boot: unsupported boot device '/asr1001-universalk9.03.07.01.S.152-4.S1.bin'.......................................
Autoboot: boot failed, restarting........................................ Initializing Hardware. Calculating the ROMMON CRC. CRC is correct System Bootstrap, Version 15.0(1r)S, RELEASE SOFTWARE Copyright (c) 1994-2010 by cisco Systems, Inc. Current image running: Boot ROM1 Last reset cause: Watchdog/ICH....................................... ASR1000-1RU platform with 8388608 Kbytes of main memory.......................................
No valid BOOT image found.............................................................................. Final autoboot attempt from default boot device. File size is 0x15af15c8 Located asr1001-universalk9.03.06.00.S.152-2.S.bin Image size 363795912 inode num 12, bks cnt 88818 blk size 8*512 ############################################################################################################################################################ What could be the issue?
Sony Vegas Pro 8 Codechef. Any Suggestions? I was looking in the website but it is mostly talking about the ISSU related upgrade which in my case is not required as i dont need to do this on a production router and also i am not runnig in sso mode. Cheers, Mohit.
Hello, Try as I might I cant find a document that says; 'How to activate encryption on an ASR 1001' or 'activating ip advanced features' on the ASR 1001. Can anyone help please. Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S Cisco ASR1001 4GB DRAM Cisco ASR 1000 Advanced IP Services License Cisco ASR 1001 IOS XE - ENCRYPTION UNIVERSAL IPSEC License for ASR1000 Series Upgrade from 2.5 Gbps to 5Gbps License for ASR 1001 Whats the process to activate the 2.5gbps to 5gbps feature or encryption? Thanks Chris. Update: Ordering Cisco ASR 1000 Series Router Software: Cisco ASR 1001/ASR 1002-X Software With the Cisco ASR 1001 and ASR 1002-X, the concept of a universal software image in combination with a technology package license to enforce a certain feature set by software activation, that is, with a PAK, has been introduced.
However, for ASR 1001, as of Cisco IOS XE Software Release 3.6S, technology package licenses, and as of 3.7S, performance upgrade license to upgrade from 2.5 to 5 Gbps, are both honor-based. For ASR 1002-X, both technology package licenses and performance upgrade licenses are honor-based. Hi, We are trying to configure netflow to send the NAT logs to a server. Actually we are running the following IOS: asr1001-universalk9.03.04.02.S.151-3.S2.bin but we tried several versions without success. Asr1001-universalk9.03.09.00.S.153-2.S.bin last version without success. Netflow without vrf: ip nat log translations flow-export v9 udp destination x.x.x.x source GigabitEthernet0 ip nat log translations flow-export v9 vrf 0 on Working Fine! Netflow with vrf: ip nat log translations flow-export v9 udp destination x.x.x.x [port] source GigabitEthernet0 ip nat log translations flow-export v9 vrf Mgmt-intf on Traffic is not being sent to the Server.
About bug we don´t put interface Gi0 and see that is failing. Is supported netflow with vrf?
We see a Bug CSCtq01931. Hi, We are trying to configure netflow to send the NAT logs to a server. Actually we are running the following IOS: asr1001-universalk9.03.04.02.S.151-3.S2.bin but we tried several versions without success. Asr1001-universalk9.03.09.00.S.153-2.S.bin last version without success. Netflow without vrf: ip nat log translations flow-export v9 udp destination x.x.x.x source GigabitEthernet0 ip nat log translations flow-export v9 vrf 0 on Working Fine! Netflow with vrf: ip nat log translations flow-export v9 udp destination x.x.x.x [port] source GigabitEthernet0 ip nat log translations flow-export v9 vrf Mgmt-intf on Traffic is not being sent to the Server. About bug we don´t put interface Gi0 and see that is failing.
Is supported netflow with vrf? We see a Bug CSCtq01931. Hi, If I want to use the command match protocol xxxx when configuring traffic classification for QoS, is necessary to have the following licence? FLASR1-FPI-RTU Flexible Packet Inspection RTU Feature License for Cisco ASR 1000 Series The question is because I was read the following article Network Security Features for Cisco ASR 1000 Series Routers in table 1 say: Table 1. Security Feature Licenses for Cisco ASR 1000 Series Routers Features Feature License Required IPsec, Easy VPN, DMVPN, Voice and Video Enabled VPN (V3PN), Virtual Tunnel Interface (VTI), secure provisioning and digital certificates, IPsec High Availability, and Cisco IOS Software Certificate Server FLASR1-IPSEC-RTU Cisco IOS Firewall and Firewall High Availability FLASR1-FW-RTU NBAR and FPM FLASR1-FPI-RTU.
I'm running an ASR1001 with IOS-XE version 15.1(3)S6. I don't seem to be able to apply a policy-map to a tunnel interface that running in 'tunnel mode ipsec ipv4'. The router gives me the error: Error: NBAR is not supported on Tunnel227. When I try 'ip nbar protocol-discovery' on the tunnel interface, I get the error: Error: NBAR is not supported on Tunnel227 NBAR 'protocol-discovery' command cannot be turned on this interface because of the following reason: Unsupported interface type I tested this on a 2800 series router and it works fine. I have enabled 'qos pre-classify' on the tunnel interfaces as well as protocol-discovery on the physical interface.
I've found on several documentation sources that state that NBAR is not support on logical interfaces where tunnelling or encryption is used. My question is, how come it works on the 2800 router with IOS 12.4(14)T1 but it does not work on the ASR1001 router? Hi Vincent,As per the below Latest document these are the tunnels which are support in these particular IOS. In these last couple of year NBAR added support for several tunneled interfaces: XE3.5/3.6 - IPSec tunnel, GRE tunnel, MGRE tunnel, DMVPN, PPP and Tunneled IPv6. XE3.8 - Port-Channel, Multi-Link PPP, Multi-Link Frame Relay, VASI. XE3.11 - GetVPN Please upgrade to that particular IOS based on type of tunnel for your requirement.Thanks,Srini.
Hi team, We have an ASR 1000 brand new that came with an advanced enterprise license. After configuring an IPsec tunnel, we see that the encryption does not come up and when execute the show license all command the IPsec license seems like installed but not in use.
I had read a guide for installing the licenses on the ASR router, but does not say anything about how to (if is necessary) activate the different features on the device. Asr1000# show version Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 1 5.1(3)S2, RELEASE SOFTWARE (fc1) Technical Support:Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Mon 12-Dec-11 16:02 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc. All rights reserved.
Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ('GPL') Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. Novation Xio Patch Editor Software there. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or 'License Notice' file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: IOS-XE ROMMON CFA.Peron.646.Spoke uptime is 3 weeks, 2 days, 6 hours, 2 minutes Uptime for this control processor is 3 weeks, 2 days, 6 hours, 3 minutes System returned to ROM by reload System image file is 'bootflash:/asr1001-universalk9.03.04.02.S.151-3.S2.bin' Last reload reason: PowerOn This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for compliance with U.S. And local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. And local laws, return this product immediately.
A summary of U.S. Laws governing Cisco cryptographic products may be found at: If you require further assistance please contact us by sending email to [email protected].
Hi team, We have an ASR 1000 brand new that came with an advanced enterprise license. After configuring an IPsec tunnel, we see that the encryption does not come up and when execute the show license all command the IPsec license seems like installed but not in use. I had read a guide for installing the licenses on the ASR router, but does not say anything about how to (if is necessary) activate the different features on the device. Asr1000# show version Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 1 5.1(3)S2, RELEASE SOFTWARE (fc1) Technical Support:Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Mon 12-Dec-11 16:02 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ('GPL') Version 2.0.
The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or 'License Notice' file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software.
ROM: IOS-XE ROMMON CFA.Peron.646.Spoke uptime is 3 weeks, 2 days, 6 hours, 2 minutes Uptime for this control processor is 3 weeks, 2 days, 6 hours, 3 minutes System returned to ROM by reload System image file is 'bootflash:/asr1001-universalk9.03.04.02.S.151-3.S2.bin' Last reload reason: PowerOn This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. And local country laws.
By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. And local laws, return this product immediately. A summary of U.S. Laws governing Cisco cryptographic products may be found at: If you require further assistance please contact us by sending email to [email protected].
I'm soon to start to configure a QoS policy for ASR1001 routers that act as CE devices. The access circuit is 1G, limited by the SP to 300Mbps. Within that 300Mbps I will have 4 classes of traffic, each one sourced from a different VRF. Within those 4 classes, I need to furthur sub-divide the QoS policy.
As I have no kit to play with yet I've had a read through the appropriate sections in the Cisco press book End-to-End QoS network design, which suggests these routers support 3 levels of hierarchy., but there are no examples, and no shaping based configurations. The Cisco ASR1000 QoS guides only talk about two level policing. What is the best way to approach this policy, my thought is as follows: Outer policy, shape all traffic to 300Mbps, as the SP drops anything above that.
Inner policy shape traffic from each vrf (based on source address) to the appropriate value for the sub-interface that acts as a transit for the particular VRF Inner sub-policy, prioritise voice traffic, and provide bandwidth guarantees via shaping for 2 or 3 traffic sub-classes. As far as I understand this is 3 layers of hierarchy, Is this feasible with the ASR1001? It will be running latest code with IP base licencies Andy.
Now I have the routers and having trouble setting up the QoS policy. The ASR will be a CE with a dot.1q trunk supporting multiple sub-interfaces, one for each VRF/VPN. The SP allows 300Mbps on a 1 Gig link to support all VPN's. Each VPN is allowed 40Mbps towards the SP. The default VPN requires 40mbps bandwidth with 2Mbps prioritsed for voice, so initially I configured this with a shaper and a priority class for the voice traffic, and applied this to the untagged interface, without any problem. I then configured g0/0/0/.102, and tried to apply a shaper to that interface as it also requires 40Mbps for the associated VRF. This isn't allowed.
So I tried the same approach with policers instead of shapers, same still not allowed. How do I approach this: G0/0/0 with shaper/policer setting outer to 300Mbps, then two sub-classes, one with 40Mbps and the other to prioritise voice with 2Mbps. G0/0/0.100 with shaper/policer setting this to 40Mbps. The documents don't described this in enough detail. Does the router regard g0/0/0 and g0/0/0.100 as seperate interfaces, each having a qos policy, that is how I'm trying to get this to work.
Or, should I define an ACL for each VPN, apply shaping or policing to each class and apply the service-policy to the main interface? Hello all, I have a question regarding routing with HSRP. We have two ASR1001s; one is used for our primary Internet and the 2nd is used for our backup Internet. I was wondering if it is possible to point a network device, such as a firewall, to use the 2nd ASR1001 that's part of an HSRP group as it's default gateway? This 2nd ASR1001 is the standby device for HSRP. I wanted to point a specific subnet that is behind its own firewall to use this connection out to the internet.
If I set the firewall to the interface IP instead of the virtual IP, it's still going to route to the active HSRP router for Internet connectivity. I want to change this behavior. My thought would be to apply a route map. What are your thoughts on this? Thanks, Terence.
Hi, we have several ASR1001, some with advipservices and firewall-license, some with ipbase license. By accident I have found out, that the router throws out the following message when I write a 'wr mem' command: routername#wr Building configuration. No l4r_shim subsystem is included in this platform. [OK] I have not seen this before and can't find anything in the internet for this message. Can anyone explain this or does know what to do? Is this severe?
Do I have to take another IOS? This is the IOS what is running on all these machines: System image file is 'bootflash:asr1001-universalk9.03.05.01.S.152-1.S1.bin' Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.2(1)S1, RELEASE SOFTWARE (fc2) This error only comes up on routers that have ipbase-license, when I have advipservices on it, everythng is fine. Thanks for any help. Hi Andres, As Paolo suggested what you have been told is correct. CP-7911G-CCME (CCME License) is honor based and technically even if you don't purchase it the setup will work just fine.
Its just a paper license which certifies you to use the phone. But from ordering perspective you should purchase this license because that's the correct way of ordering cosidered by Cisco. If you look at it, even the Feature License on Router is not required. You don't enforce it anywhere on the router. But you should purchase the same.
Cisco ASR 1001 Router would support fiber hand-off of the link. Hi Reza Sharifi, Thanks for your reply! This makes better sense now, but I do have another question. Cisco mentions in the product description that the ASR1001 IDCs are not field upgradable. Does this mean that you cannot, let's say for example, remove the current IDC and replace it with a new/different IDC?
And if not, why is that? I thought that was a primary function of a SPA bay. From how I look at it, I would think that one function and benefit of an IDC is that it does not take the place of a SPA bay, but rather has been physically 'integrated' into the device and is why it is not field-upgradable. It's also possible I'm just not understanding what 'field-upgradable' actually means. Thank you for your feedback. Matt Message was edited by: Matthew Carrington.
Hi Mihail, I am not sure if I understand the question. If you have expired keys you should renew them.
I would recommend contacting your Cisco Account Team and/or Reseller. If you are in process of renewing the keys, you could open a support ticket with our licensing team so they can evaluate the situation and assist you further.
You can find information about the keys your appliance has via Web UI and CLI. In the Web UI, please go to: System Administration Feature Keys Feature Keys. Via CLI, please run: featurekey list I hope this helps. Regards, Valter.
Hi Cisco Professional, We want to implementing PPPoE over port-channel (using subinterfaces L2) in Cisco ASR 1001 routers, my question is if this router support this feature?, in the other hand i've see documents about this theme, pls check these links: My IOS version Cisco ASR 1001 is: System image file is 'bootflash:/asr1001-universalk9.03.04.00.S.151-3.S.bin' We want this configuration on the router, no interface GigabitEthernet0/0/0.25 interface port-channel 10.25 description TURBONETT PUBLICA UT encapsulation dot1Q 25 ip address 10.17.44.254 255.255.252.0! No interface GigabitEthernet0/0/0.52 interface port-channel 10.52 description TURBONETT-UT encapsulation dot1Q 52 pppoe enable group global pppoe max-sessions 4000! No interface GigabitEthernet0/0/0.61 interface port-channel 10.61 description Turbonett-Sector-A encapsulation dot1Q 61 pppoe enable group global pppoe max-sessions 4000 Kind Regards, Renzo Tovar. Hi Renzo, The features are tipically are added progresivelly in the code.
This means that, once the developers start working on a feature in a platform, they start adding code in the SW releases. However, the features is are only officially supported as of the release the Business Units state (normally on documentation). At that point, they consider the feature includes all the requirements needed for it to be used by customers and the feature has been tested by them. This is why probably it works in your case with a previous relaease than the one is stated in the documents as supported.
However, if you try to use the feature on an unsupported release, and you face any issue with it, you will not get support from TAC nor the developers since the feature is being used in a release where it is not supported. I hope this clarifies your questions. Best regards. We have configured following flexible netflow on our ASR router flow monitor FLOW-MONITOR-1 cache entries 1024 record netflow ipv4 original-output WAN Interface ip flow monitor FLOW-MONITOR-1 output However we are not able to get our required show related command like below BUR-ASR01-L2-L3# show flow monitor FLOW-MONITOR-1 ca BUR-ASR01-L2-L3# show flow monitor FLOW-MONITOR-1 cache? Format Specify cache display format Output modifiers cr NOTE: In document there are other options like filter, aggregation and sort options but in our ASR we are not seeing them. Following is the show version output for the configured ASR Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 1 Technical Support: Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 15-Feb-12 21:55 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2012 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ('GPL') Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY.
You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or 'License Notice' file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: IOS-XE ROMMON BUR-ASR01-L2-L3 uptime is 11 weeks, 6 days, 11 hours, 38 minutes Uptime for this control processor is 11 weeks, 6 days, 11 hours, 39 minutes System returned to ROM by reload at 04:54:16 ast Tue May 22 2012 System restarted at 12:57:59 ast Tue May 22 2012 System image file is 'bootflash:/asr1001-universalk9.03.05.01.S.152-1.S1.bin' Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. And local country laws. By using this product you agree to comply with applicable laws and regulations.
If you are unable to comply with U.S. And local laws, return this product immediately. A summary of U.S.
Laws governing Cisco cryptographic products may be found at: If you require further assistance please contact us by sending email to [email protected]. We have configured following flexible netflow on our ASR router flow monitor FLOW-MONITOR-1 cache entries 1024 record netflow ipv4 original-output WAN Interface ip flow monitor FLOW-MONITOR-1 output However we are not able to get our required show related command like below BUR-ASR01-L2-L3# show flow monitor FLOW-MONITOR-1 ca BUR-ASR01-L2-L3# show flow monitor FLOW-MONITOR-1 cache? Format Specify cache display format Output modifiers cr NOTE: In document there are other options like filter, aggregation and sort options but in our ASR we are not seeing them. Following is the show version output for the configured ASR Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 1 Technical Support: Copyright (c) 1986-2012 by Cisco Systems, Inc. Compiled Wed 15-Feb-12 21:55 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2012 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ('GPL') Version 2.0.
The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or 'License Notice' file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: IOS-XE ROMMON BUR-ASR01-L2-L3 uptime is 11 weeks, 6 days, 11 hours, 38 minutes Uptime for this control processor is 11 weeks, 6 days, 11 hours, 39 minutes System returned to ROM by reload at 04:54:16 ast Tue May 22 2012 System restarted at 12:57:59 ast Tue May 22 2012 System image file is 'bootflash:/asr1001-universalk9.03.05.01.S.152-1.S1.bin' Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S.
And local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. And local laws, return this product immediately. A summary of U.S. Laws governing Cisco cryptographic products may be found at: If you require further assistance please contact us by sending email to [email protected]. We are currently using 2 Cisco 7201 w/ NPE-G2 pushing about 1300-1400 PPPoE sessions via L2TP tunnel on each.
Each device does about 850Mb/s throughput. In total we have around 2700 PPPoE sessions with a total of around 2Gb/s bandwidth. We provide ADSL service. We are in the market for another Cisco but was wondering what the Cisco ASR1001 or Cisco ASR1002 would be able to handle? Also we want to replace our aging Foundry Bigiron 4000 that has 2 BGP sessions without full views.
We're looking to consolidate everything into a Cisco ASR device possibly to save space and allow growth. When it comes to the point that we need to push the BGP to a different device, that won't be a problem. We also require the device to allow for 10Ge connectivity that we will be expanding to in the close future. This would allow us to condense our 7U space into 1 or 2U space with much more horse power.
Thanks for your time. AFAIK ASR routers does not support PPTP tunnel termination as stated in configuration guide, but as I see in CLI BRAS1#sh vpdn sess%No active L2TP tunnels%No active PPTP tunnels BRAS1#sh vpdn group-select def Default VPDN Group Protocol L2TP-IPsec l2tp L2TP-IPsec pptp!
Vpdn-group L2TP-IPsec! Default L2TP VPDN group! I have a 2921 router with a universal version of code listed above.
When trying to configure an ipsec tunnel, I noticed that the crypto isakmp commands are not available. I have taken the following capture from sho vers that seems odd: Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.1(3)S6, RELEASE SOFTWARE (fc2) Technical Support: Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Mon 09-Sep-13 10:37 by mcpre This clearly shows that a universal version of the code is running, but yet further below, the device seems to indicate that the router is running an ipbase version. --------------------------------------------------------------------------------*0 ASR1001 JAE17380A1N ASR1001:JAE17380A1N License Package Information for Module:'asr1001' Module name Image level Pri Config Valid license------------------------------------------------------------------------asr1001 adventerprise 1 NO adventerprise advipservices 2 NO advipservices ipbase 3 NO ipbase Module name Current Level Reboot Level------------------------------------------------------------------------asr1001 ipbase ipbase I appreciate any information to set me straight.thanks in advance.