Nexus 7000 MPLS Feature-set - LDP missing

Question:

I installed Cisco 3560X Price mpls feature set in N7K.

I was able to enable feature l3vpn.

Then, I tried enabling feature ldp.

It gave me an error of:

# feature mpls ldp

TRANSPORT_SERVICES_PKG license not installed. ldp feature will be shut down after grace period of approximately 120 day(s).

I dont see any TRANSPORT_SERVICES_PKG in the NX-OS licensing guide.

Howerver, there is LAN_TRANSPORT_SERTICE_PKG. But I believe this is not for LDP.

what other licenses are needed here?

Answer:

That seems a cosmetic bug.

Look at this bug

CSCtr95031

Enabling MPLS gives warning regarding transport license

Symptom:

Getting the following message when enabling LDP:

TRANSPORT_SERVICES_PKG license not installed. ldp feature will be shut down after grace period of approximately x day(s). 

Cosmetic issue.  Only the MPLS license is required for LDP.

For more Cisco Switch news about Price ans Specification, you can click here.

IP SLA ping track with "negative trigger"?

Question:

As far as i understood Cisco 3560V2 Price the IP SLA can ping an interface of a specific router automatically. Then the track in a route-map, e.g. "set ip next-hop verify-availability 3.3.3.3 track 10" take care and if the IP SLA says "status up", then "next-hop" is executed.

If this is correct, me need a negativ version of that. E.g. if the IP SLA says "status down" then the track trigger the "next-hop". If "status up", then no "next-hop" should be triggered and the next match in the route-map should be processed.

Answer:

Yes it is possible using the boolean list feature of the track object.

http://www.ocsic.co.uk/enhanced-object-tracking-with-tracked-list-and-boolean-expression/

For more Cisco Switch news about Price ans Specification, you can click here.

Address-family?

Question:

Here I am agian.Cisco 3560V2 Price  Please look at the following commands:

address-family ipv4 vrf B

network 10.0.0.1 0.0.0.0

network 192.168.1.0 0.0.0.255

no auto-summary

autonomous-system 220

exit address-family

What exactly does address-family mean?  Can anyone put it in context so I can understand it?  And what is the autonomous-system 220 doing there?  You may not believe how much seemingly trivia issues such as these can be great sources of impediments to a learner trying to muscle in on the act.

Answer:

in the configuration example that you have reported the address-family portion refers to running EIGRP for vrf A.

The autonomous system command makes the router to send EIGRP packets with EIGRP AS= 220 on the interfaces associated to vrf A, and to accept packets for EIGRP with AS=220 on the same interfaces of vrf A. In this way the router can talk with a CE router that is running EIGRP with AS=220.

The EIGRP AS number must match to form a valid EIGRP adjacency, the autonoumous system command allows to Cisco 3560 use a different AS to/from each VRF according to needs.

Production VLAN on MST instance 0

Question:

What will be the Cisco 3560 Price implication of using a VLAN on MST instance 0.

I understand it’s a bad practise to use MST instance 0 for a production VLAN but I cannot rationalise and could not find an answer behind and the reasons behind this. Can someone shade some light on this topic please ??

Answer:

I wouldn't say that using instance 0 for production VLAN is generally a bad practice.

There are issues when you have different MST regions or boundaries to STP bridges which are under different administrative control, Instance 0 is always involved in such cases. In MSTP, BPDUs are only transmitted in instance 0, the relevant information of the other instances are contained in supplements called M-records.

An example:

You have a boundary to a RSTP bridge in VLAN 200 which is mapped to instance 2. A topology change comming form that brigde will be forwarded inside your region in instance 2 (M-record) and in instance 0 ("Main-BPDU"). Thus, you'll see CAM-table flushing in VLANs mapped to instance 2 (like expected) but also in VLANs mapped to instance 0 - and this is in most cases not desired.

There's a  very recommandable blog in ine.com:

http://blog.ine.com/2010/02/22/understanding-mstp/   Cisco Catalyst 3560  http://www.discountswitch.com/wp-admin/edit.php

NAT'd Subnet and Public Subnet on Same vLAN

Question:

I hope this finds you WS-C3560V2-48PS-S  well. A quick message to pick your brains if I may with a current issue I have on my Cisco 2921 router.

In short, we have two physical interfaces - one internal (0/2), one external (0/0). The internal interface has several sub-interfaces of which one has a Public Subnet applied to it (0/2.100), and another sub-interface has a NAT'd Subnet applied to it (0/2.101).

The traffic from the NAT'd subnet (0/2.101) appears online as the Public IP Address on the first physical inteface (0/0), as expected, when you lookup your Public IP Address online. We need to move this NAT'd Subnet to appear as one of the Public IP Addresses from within the other sub-interface (0/2.100).

My question is, how would I achieve this. This is the current configuration including the two physical interfaces, and the two sub-interfaces:

interface GigabitEthernet0/0

ip address 31.210.XX.XX 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/2.100

encapsulation dot1Q 100

ip address 31.210.XX.XXX 255.255.255.240

!

interface GigabitEthernet0/2.101

encapsulation dot1Q 101

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

To summarise, we would like the NAT'd sub-interface (0/2.101) to use one of the IP Addresses in the other sub-interface (0/2.100) as it's Public address. I hope that makes sense, thanks in advance for your help and of course ask any further questions you may have!

All the best,

Matthew

Answer:

you will have to create a nat pool to get the desired result.

sample configuration. WS-C3560V2-48PS-S Price

ip nat pool Net31 31.210.x.x 31.210.x.x netmask 255.255.255.240

ip nat inside source list 1 pool Net31 overload

access-list 1 permit 192.168.1.0 0.0.0.255

Production VLAN on MST instance 0

Question:

What will be the Cisco 2951 implication of using a VLAN on MST instance 0.

I understand it’s a bad practise to use MST instance 0 for a production VLAN but I cannot rationalise and could not find an answer behind and the reasons behind this. Can someone shade some light on this topic please ??

Answer:

I wouldn't say that using instance 0 for production VLAN is generally a bad practice.

There are issues when you have different MST regions or boundaries to STP bridges which are under different administrative control, Instance 0 is always involved in such cases. In MSTP, BPDUs are only transmitted in instance 0, the relevant information of the other instances are contained in supplements called M-records.

An example:

You have a boundary to a RSTP bridge in VLAN 200 which is mapped to instance 2. A topology change comming form that brigde will be forwarded inside your region in instance 2 (M-record) and in instance 0 ("Main-BPDU"). Thus, you'll see CAM-table flushing in VLANs mapped to instance 2 (like expected) but also in VLANs mapped to instance 0 - and this is in most cases not desired.

There's a  very recommandable blog Cisco 2951 router in ine.com:

http://blog.ine.com/2010/02/22/understanding-mstp/

OSPF Network Mask?

Question:

I am configuring WS-C3560X-48T-S Price OSPF on our MPLS routers in order to advertise our internal networks out to BGP (via the redistribute command).  I am a bit confused on the proper syntax of the OSPF network command for our situation.  The normal setup is that the MPLS router has a link to the core router for that site via a /24 network.  That network is part of a /21 range for the entire site, so the networks would look something like this:

MPLS link to core: 192.168.1.0/24

Core networks: 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, etc.

Would the best option for  OSPF network statements be:

MPLS router: network 192.168.1.0 0.0.0.255

Core router: network 192.168.1.0 0.0.7.255

or

MPLS router: network 192.168.1.0 0.0.7.255

Core router: network 192.168.1.0 0.0.7.255

or

MPLS router: network 192.168.1.0 0.0.0.255

Core router: network 192.168.1.0 0.0.0.255, network 192.168.2.0 0.0.0.255, network 192.168.3.0

Answer:

I would enable OSPF just in the interfaces that are going to speak this protocol, for example WS-C3560X-48T-S :

net 192.168.1.1 0.0.0.0 area 0

net 192.168.2.1 0.0.0.0 area 0

net 192.168.3.1 0.0.0.0 area 0

Router 2911 with sm-es2-16p that does not do intervlan routing

Question:

 i have  problem with Cisco 2951 a router 2900 with a card switch 16 ports (sm-es2-16p) that does not doing the intervlan routing. i have attached 2 show tech one of the router and one of the card switch 16 ports (sm-es2-16p). I connected physically the switch card to a router interface and it seem to be working because i can do a ping from my pc  ( in user vlan 26) to my gateway on the router (172.20.26.1) but i can not do ping to the others vlan like  (172.10.26.1) or others. .. i want to know what is happening and if it there is a way to do the trunk conectivity between the switch card and the router internally without a phyisical connection.

Answer:

The (sm-es2-16p) has interface Gi0/1 connected through the backplane to the Router interface Gi1/0.

To get your routing working you should remove the physical cable and apply the below configuration to the router.

Hope it helps

conf t

default interface GigabitEthernet 1/0

default interface GigabitEthernet 0/2

interface GigabitEthernet 1/0

ip address 172.20.10.1 255.255.254.0

no shut

!

interface GigabitEthernet1/0.12

description IMPRESORAS

encapsulation dot1Q 12

ip address 172.20.12.1 255.255.254.0

!

interface GigabitEthernet1/0.14

description SERVIDORES

encapsulation dot1Q 14

ip address 172.20.14.1 255.255.254.0

!

interface GigabitEthernet1/0.16

description VOZ SOBRE IP

encapsulation dot1Q 16

ip address 172.20.16.1 255.255.254.0

!

interface GigabitEthernet1/0.18

description RADIOS IP

encapsulation dot1Q 18

ip address 172.20.18.1 255.255.254.0

!

interface GigabitEthernet1/0.20

description SEGURIDAD FISICA

encapsulation dot1Q 20

ip address 172.20.20.1 255.255.254.0

!

interface GigabitEthernet1/0.22

description WLAN DE VISITANTES

encapsulation dot1Q 22

ip address 172.20.22.1 255.255.254.0

!

interface GigabitEthernet1/0.24

description RESERVADA

encapsulation dot1Q 24

ip address 172.20.24.1 255.255.254.0

!

interface GigabitEthernet1/0.26

description Usuarios

encapsulation dot1Q 26

ip address 172.20.26.1 Cisco 2951 router 255.255.254.0

exit

end

Question:

I have the following on Cisco Catalyst 3560 an 1841.

PPPoE on Fast0/0 works fine and picks up ISP address.

I have assigned on the /29 address to fast0/1.2 and and created a LAN on fast0/1.1 using the native VLAN.

I can ping the /29 address from the internet and also ping the internal address from the LAN.

I added a NAT statement (inside and outside to each sub interface).

I cannot connect from the 192.168.199.0/24 network out via NAT.  Is this possible with subinterfaces?

vpdn enable

!

interface FastEthernet0/0

description PPPOE WAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 192.168.199.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

ip address 81.143.105.77 255.255.255.248

ip nat outside

ip virtual-reassembly

!

!

interface Dialer1

ip address negotiated

no ip unreachables

ip mtu 1492

encapsulation ppp

ip tcp adjust-mss 1452

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname ******

ppp chap password 0 *****

!

ip route 0.0.0.0 0.0.0.0 Dialer1 2

ip nat inside source list 10 interface FastEthernet0/1.2 overload

!

access-list 10 permit 192.168.199.0 0.0.0.255

dialer-list 1 protocol ip permit

Answer:

I have the following:

I think this is what you want to do? Anything from inside - Client_Inside will be translated to 2.2.2.1 when I try to ping R2 which has a loopback of 1.1.1.1.

So all packets that are generated from the inside will be translated with a source address of 2.2.2.1. I have added a route of 2.2.2.1 back to R1 where the loopback exists.

here are the configs:

CLIENT_INSDIE#show run

Building configuration...

Current configuration : 827 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CLIENT_INSDIE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

interface FastEthernet0/0

ip address dhcp

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end     

CLIENT_INSDIE#

CLIENT_INSDIE#show ip int brie

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            20.0.0.101      YES DHCP   up                    up     

FastEthernet0/1            unassigned      YES unset  administratively down down  

=======================================================================

R1#show run

Building configuration...

*Mar  1 00:41:27.515: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 1323 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 20.0.0.0 20.0.0.100

!

ip dhcp pool 1

   network 20.0.0.0 255.255.255.0

   default-router 20.0.0.1

!

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

interface Loopback0

ip address 2.2.2.1 255.255.255.255

!

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 20.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.0.0.2

!

!

no ip http server

no ip http secure-server

ip nat pool test 2.2.2.1 2.2.2.1 netmask 255.255.255.252

ip nat inside source list 100 pool test overload

!

access-list 100 permit ip 20.0.0.0 0.0.0.255 any

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.2 to network 0.0.0.0

     2.0.0.0/32 is subnetted, 1 subnets

C       2.2.2.1 is directly connected, Loopback0

     20.0.0.0/24 is subnetted, 1 subnets

C       20.0.0.0 is directly connected, FastEthernet0/1

     10.0.0.0/30 is subnetted, 1 subnets

C       10.0.0.0 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 10.0.0.2

=======================================================================

R2#show run

Building configuration...

Current configuration : 934 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

interface Loopback1

ip address 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

ip address 10.0.0.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

ip route 2.2.2.1 255.255.255.255 10.0.0.1

!

!

no ip http server

no ip http secure-server

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end

Now I will ping 1.1.1.1 from client router:

CLIENT_INSDIE#ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/64 ms

=======================================================

R1#

*Mar  1 00:45:51.783: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [75]

*Mar  1 00:45:51.811: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [75]

*Mar  1 00:45:51.847: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [76]

*Mar  1 00:45:51.867: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [76]

*Mar  1 00:45:51.887: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [77]

*Mar  1 00:45:51.911: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [77]

*Mar  1 00:45:51.931: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [78]

*Mar  1 00:45:51.947: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [78]

*Mar  1 00:45:51.975: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [79]

*Mar  1 00:45:51.995: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [79]

R1#

*Mar  1 00:46:19.939: NAT: expiring 2.2.2.1 (20.0.0.101) icmp 14 (14)

R1#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

icmp 2.2.2.1:13        20.0.0.101:13      1.1.1.1:13         1.1.1.1:13

=======================================================

R2#

*Mar  1 00:45:24.731: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.735: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.735: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.735: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.799: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.799: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.799: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.799: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.855: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.855: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.855: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.855: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.895: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.895: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.895: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.895: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.939: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.939: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.939: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.939: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

So we are NATing the source to 2.2.2.1 which is not on the physical interface. You can also do this for sub interface.

Is this what you was trying Cisco 3560 Switch to do?

WAN router bandwidth usage

Question:

Need some help to figure out Cisco 3560 Switch the bandwidth usage for the WAN router f2/0 interface, sending you what we have from this interface

30 second input rate 881000 bits/sec, 296 packets/sec

30 second output rate 395000 bits/sec, 292 packets/sec

1297322378 packets input, 1616261346 bytes

Received 59127 broadcasts, 0 runts, 0 giants, 0 throttles

Answer:

If you want to validate the speed of the link transmit and receive at the time you take the sample, you should only check the following lines:

30 second input rate 2952000 bits / sec, 555 packets / sec

30 second output rate 479000 bits / sec, 470 packets / sec

Here you should not add or subtract anything. As I mentioned earlier in a FastEthernet link in full duplex mode, the transmission is independent (30 seconds output rate) incoming (30 seconds input rate).

These statistics are based on bits per second as this is handled in terms of transmission in data networks.

For the snapshot you send you:

30 second input rate 2952000 bits / sec, 555 packets / sec

30 second output rate 479000 bits / sec, 470 packets / sec

That is for you reception: 2952000 bits / sec,

so if you want to refer this value in kilobits divide by 1000 and you have:

2952000/1000 = 2952 kbps

if you want to refer this value in megabits divide between 1000000 and have:

2952000/1000000 = 2.952 Mbps

Importantly, as the point referring transmission rates in data networks (x Gbps Mbps x, x Kbps, x bps) that are expressed in terms of bits, as opposed to storage that is expressed in terms of Bytes (Gbytes, Mbytes, Kbytes, bytes). It is also important to note that the second character of the velocity:

xbps = second character is "b" in lower case that which be interpreted as bits. "x" or first character can be G, g, M,m,K,k, or not exist if the rate is expressed in bits.

There are statistical tools that add these two values:

Input Ouput rate + rate to generate a total, but personally I'm not decuerdo with this and usually do not use this type of graph. Prefer separate or overlapping graphs.

Important

There are statistical tools that add these two values:

Input Ouput rate + rate to generate a total, but personally I'm not decuerdo with this and usually do not use this Cisco 3560 type of graph. Prefer separate or overlapping graphs.

Stumped - 871W home network config. pages not loading?

Question:

Hi i have a really simple WS-C3560X-48P-L  home network setup using the Cisco 871W 4-Port 10/100 Wireless G Router (CISCO871W-G-A-K9). I can't figure out for the life of me what is going on. Web pages seem to "half load" sometimes (netflix, facebook, bank of america doesn't load at all, etc). It doesn't always happen. Sometimes the pages will load fine. I have tested with multiple computers so I know that it is the router itself. Below is my configuration. Please ignore anything regarding the wifi. I know that isn't set up correctly. I'll deal with that later. I wanted to see if i was missing anything. Config is really basic. Attached is what one of the "half loading" web pages looks like

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname MyRouter

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 blahblahblahblah

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

!

crypto pki trustpoint TP-self-signed-1608398951

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1608398951

revocation-check none

rsakeypair TP-self-signed-1608398951

!

!

crypto pki certificate chain TP-self-signed-1608398951

certificate self-signed 01

  ZX82X252 ZX82X1BB AXXZX2X1 X2X2X1X1 ZXXDX6X9 2A864886 F7XDX1X1 X4X5XXZX

  Z1Z12FZX 2DX6XZ55 X4XZ1Z26 494F5Z2D 5Z656C66 2D5Z6967 6E65642D 4Z657274

  6966696Z 6174652D Z1Z6ZXZ8 ZZZ9Z8Z9 Z5Z1ZX1E 17XDZXZ2 ZXZZZXZ1 ZXZ1Z4Z2

  ZXZZ5A17 XDZ2ZXZX Z1ZXZ1ZX ZXZXZXZX ZX5AZXZ1 Z12FZX2D X6XZ55X4 XZ1Z2649

  4F5Z2D5Z 656C662D 5Z69676E 65642D4Z 65727469 66696Z61 74652DZ1 Z6ZXZ8ZZ

  Z9Z8Z9Z5 Z1ZX819F ZXXDX6X9 2A864886 F7XDX1X1 X1X5XXXZ 818DXXZX 8189X281

  81XXB9FX ZCEB6492 27Z78Z9F BZ5C8ZEF 9EB81B52 FB4F1Z51 A5AC8B5E 5ZAXFXB8

  5911CCB9 EC5A22C1 5X98C2E8 ZCE17DED 121B224X 57B95C2C A4Z827Z7 4967FZ49

  8681456F 175668F9 AC12BA6B 19A55718 FBFZ2DA2 914C1CFF 88766ZA5 XA1AXEDF

  81DC49DC 4D2Z29F4 ZBZ69555 ZDZZ22X9 41DC6A57 X28ZD8B6 15ADB5F9 6F617FXE

  569FX2XZ X1XXX1AZ 7AZX78ZX XFX6XZ55 1D1ZX1X1 FFX4X5ZX XZX1X1FF ZX25X6XZ

  551D11X4 1EZX1C82 1A4B4Z69 7A7A6C65 4Z697Z6Z 6F2E6B6Z 697A7A6C 652E6C6F

  6Z616CZX 1FX6XZ55 1D2ZX418 ZX168X14 18FZ6CBZ 1DZ7F684 661ZE559 FF7CE7BX

  24DB22B4 ZX1DX6XZ 551DXEX4 16X41418 FZ6CBZ1D Z7F68466 1ZE559FF 7CE7BX24

  DB22B4ZX XDX6X92A 864886F7 XDX1X1X4 X5XXXZ81 81XX28Z5 8CC9Z7AB 4D49DB5Z

  AZBDXCBX E2E6A8CE 27CCZ9AB 52C469EA 45C5B2Z6 68X82572 72AX1C58 F6C4D76B

  2A21E4X6 1E5BC585 72ZEX9B6 2917D89F 95DZXFE5 FCDXF428 ACC7ZZ44 Z4E2CDZE

  8EXFB92A 6E26F29A B6778B4Z 5ACB1946 D826AEF6 8EZ96X7A X6B6AEA2 X7CXACZ7

  X6E2C98X D76DZ588 CF55D966 94X2745C XAXCAF65 ED71

            quit

dot11 syslog

!

dot11 ssid MyWiFi

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 blahblahblahblhabhab

!

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 1.1.2.1 1.1.2.99

!

ip dhcp pool 1.1.2.0/24

   network 1.1.2.0 255.255.255.0

   default-router 1.1.2.1

   dns-server 1.1.2.5

   lease 7

!

!

ip domain name mydomain.local

ip host desktop 1.1.2.14

ip name-server 1.1.2.5

!

multilink bundle-name authenticated

!

!

username admin privilege 15 secret 5 blahblahblahblah

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description INTERNET WAN PORT

mac-address 0000.1111.2222

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dot11Radio0

description Built-in Atheros miniPCI

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no dot11 extension aironet

!

encryption mode ciphers aes-ccm

!

broadcast-key change 3600

!

speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

channel 2412

station-role root

no cdp enable

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 1.1.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list ACL-NAT interface FastEthernet4 overload

!

ip access-list extended ACL-NAT

permit ip 1.1.2.0 0.0.0.255 any

!

no cdp run

!

!

!

!

control-plane

!

banner motd

#################################################################

# My Router

# GET THE F OUT.

# Unauthorized Access Is Prohibited!!!

#

# Love,

# Me

#

#################################################################

!

line con 0

exec-timeout 30 0

logging synchronous

no modem enable

line aux 0

line vty 0 4

exec-timeout 20 0

privilege level 15

password blahblah

logging synchronous

transport input telnet ssh

!

scheduler max-task-time 5000

end

Answer:

Wrong forum, post in "infrastructure - WAN and routing". You can move your post using the actions panel WS-C3560X-48P-S Price on the right.