2013年7月30日星期二

Nexus 7000 MPLS Feature-set - LDP missing

Question:

I installed Cisco 3560X Price mpls feature set in N7K.
I was able to enable feature l3vpn.
Then, I tried enabling feature ldp.
It gave me an error of:

# feature mpls ldp
TRANSPORT_SERVICES_PKG license not installed. ldp feature will be shut down after grace period of approximately 120 day(s).

I dont see any TRANSPORT_SERVICES_PKG in the NX-OS licensing guide.
Howerver, there is LAN_TRANSPORT_SERTICE_PKG. But I believe this is not for LDP.

what other licenses are needed here?

Answer:

That seems a cosmetic bug.
Look at this bug

CSCtr95031

Enabling MPLS gives warning regarding transport license

Symptom:
Getting the following message when enabling LDP:
TRANSPORT_SERVICES_PKG license not installed. ldp feature will be shut down after grace period of approximately x day(s). 


Cosmetic issue.  Only the MPLS license is required for LDP.

For more Cisco Switch news about Price ans Specification, you can click here.

IP SLA ping track with "negative trigger"?

Question:

As far as i understood Cisco 3560V2 Price the IP SLA can ping an interface of a specific router automatically. Then the track in a route-map, e.g. "set ip next-hop verify-availability 3.3.3.3 track 10" take care and if the IP SLA says "status up", then "next-hop" is executed.

If this is correct, me need a negativ version of that. E.g. if the IP SLA says "status down" then the track trigger the "next-hop". If "status up", then no "next-hop" should be triggered and the next match in the route-map should be processed.

Answer:

Yes it is possible using the boolean list feature of the track object.


For more Cisco Switch news about Price ans Specification, you can click here.

2013年7月28日星期日

Address-family?

Question:

Here I am agian.Cisco 3560V2 Price  Please look at the following commands:

address-family ipv4 vrf B
network 10.0.0.1 0.0.0.0
network 192.168.1.0 0.0.0.255
no auto-summary
autonomous-system 220
exit address-family

What exactly does address-family mean?  Can anyone put it in context so I can understand it?  And what is the autonomous-system 220 doing there?  You may not believe how much seemingly trivia issues such as these can be great sources of impediments to a learner trying to muscle in on the act.

Answer:

in the configuration example that you have reported the address-family portion refers to running EIGRP for vrf A.

The autonomous system command makes the router to send EIGRP packets with EIGRP AS= 220 on the interfaces associated to vrf A, and to accept packets for EIGRP with AS=220 on the same interfaces of vrf A. In this way the router can talk with a CE router that is running EIGRP with AS=220.


The EIGRP AS number must match to form a valid EIGRP adjacency, the autonoumous system command allows to Cisco 3560 use a different AS to/from each VRF according to needs.

2013年7月24日星期三

Production VLAN on MST instance 0

Question:

What will be the Cisco 3560 Price implication of using a VLAN on MST instance 0.

I understand it’s a bad practise to use MST instance 0 for a production VLAN but I cannot rationalise and could not find an answer behind and the reasons behind this. Can someone shade some light on this topic please ??

Answer:

I wouldn't say that using instance 0 for production VLAN is generally a bad practice.
There are issues when you have different MST regions or boundaries to STP bridges which are under different administrative control, Instance 0 is always involved in such cases. In MSTP, BPDUs are only transmitted in instance 0, the relevant information of the other instances are contained in supplements called M-records.
An example:
You have a boundary to a RSTP bridge in VLAN 200 which is mapped to instance 2. A topology change comming form that brigde will be forwarded inside your region in instance 2 (M-record) and in instance 0 ("Main-BPDU"). Thus, you'll see CAM-table flushing in VLANs mapped to instance 2 (like expected) but also in VLANs mapped to instance 0 - and this is in most cases not desired.
There's a  very recommandable blog in ine.com:

NAT'd Subnet and Public Subnet on Same vLAN

Question:

I hope this finds you WS-C3560V2-48PS-S  well. A quick message to pick your brains if I may with a current issue I have on my Cisco 2921 router.

In short, we have two physical interfaces - one internal (0/2), one external (0/0). The internal interface has several sub-interfaces of which one has a Public Subnet applied to it (0/2.100), and another sub-interface has a NAT'd Subnet applied to it (0/2.101).

The traffic from the NAT'd subnet (0/2.101) appears online as the Public IP Address on the first physical inteface (0/0), as expected, when you lookup your Public IP Address online. We need to move this NAT'd Subnet to appear as one of the Public IP Addresses from within the other sub-interface (0/2.100).

My question is, how would I achieve this. This is the current configuration including the two physical interfaces, and the two sub-interfaces:


interface GigabitEthernet0/0
ip address 31.210.XX.XX 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.100
encapsulation dot1Q 100
ip address 31.210.XX.XXX 255.255.255.240
!
interface GigabitEthernet0/2.101
encapsulation dot1Q 101
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in


To summarise, we would like the NAT'd sub-interface (0/2.101) to use one of the IP Addresses in the other sub-interface (0/2.100) as it's Public address. I hope that makes sense, thanks in advance for your help and of course ask any further questions you may have!
All the best,

Matthew

Answer:

you will have to create a nat pool to get the desired result.
sample configuration. WS-C3560V2-48PS-S Price


ip nat pool Net31 31.210.x.x 31.210.x.x netmask 255.255.255.240
ip nat inside source list 1 pool Net31 overload


access-list 1 permit 192.168.1.0 0.0.0.255

2013年7月22日星期一

Production VLAN on MST instance 0

Question:

What will be the Cisco 2951 implication of using a VLAN on MST instance 0.

I understand it’s a bad practise to use MST instance 0 for a production VLAN but I cannot rationalise and could not find an answer behind and the reasons behind this. Can someone shade some light on this topic please ??

Answer:

I wouldn't say that using instance 0 for production VLAN is generally a bad practice.
There are issues when you have different MST regions or boundaries to STP bridges which are under different administrative control, Instance 0 is always involved in such cases. In MSTP, BPDUs are only transmitted in instance 0, the relevant information of the other instances are contained in supplements called M-records.
An example:
You have a boundary to a RSTP bridge in VLAN 200 which is mapped to instance 2. A topology change comming form that brigde will be forwarded inside your region in instance 2 (M-record) and in instance 0 ("Main-BPDU"). Thus, you'll see CAM-table flushing in VLANs mapped to instance 2 (like expected) but also in VLANs mapped to instance 0 - and this is in most cases not desired.
There's a  very recommandable blog Cisco 2951 router in ine.com:

2013年7月21日星期日

OSPF Network Mask?

Question:

I am configuring WS-C3560X-48T-S Price OSPF on our MPLS routers in order to advertise our internal networks out to BGP (via the redistribute command).  I am a bit confused on the proper syntax of the OSPF network command for our situation.  The normal setup is that the MPLS router has a link to the core router for that site via a /24 network.  That network is part of a /21 range for the entire site, so the networks would look something like this:

MPLS link to core: 192.168.1.0/24
Core networks: 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, etc.

Would the best option for  OSPF network statements be:
MPLS router: network 192.168.1.0 0.0.0.255
Core router: network 192.168.1.0 0.0.7.255

or

MPLS router: network 192.168.1.0 0.0.7.255
Core router: network 192.168.1.0 0.0.7.255

or

MPLS router: network 192.168.1.0 0.0.0.255
Core router: network 192.168.1.0 0.0.0.255, network 192.168.2.0 0.0.0.255, network 192.168.3.0

Answer:

I would enable OSPF just in the interfaces that are going to speak this protocol, for example WS-C3560X-48T-S :

net 192.168.1.1 0.0.0.0 area 0
net 192.168.2.1 0.0.0.0 area 0

net 192.168.3.1 0.0.0.0 area 0

2013年7月18日星期四

Router 2911 with sm-es2-16p that does not do intervlan routing

Question:

 i have  problem with Cisco 2951 a router 2900 with a card switch 16 ports (sm-es2-16p) that does not doing the intervlan routing. i have attached 2 show tech one of the router and one of the card switch 16 ports (sm-es2-16p). I connected physically the switch card to a router interface and it seem to be working because i can do a ping from my pc  ( in user vlan 26) to my gateway on the router (172.20.26.1) but i can not do ping to the others vlan like  (172.10.26.1) or others. .. i want to know what is happening and if it there is a way to do the trunk conectivity between the switch card and the router internally without a phyisical connection.

Answer:
The (sm-es2-16p) has interface Gi0/1 connected through the backplane to the Router interface Gi1/0.
To get your routing working you should remove the physical cable and apply the below configuration to the router.
Hope it helps

conf t
default interface GigabitEthernet 1/0
default interface GigabitEthernet 0/2
interface GigabitEthernet 1/0
ip address 172.20.10.1 255.255.254.0
no shut
!
interface GigabitEthernet1/0.12
description IMPRESORAS
encapsulation dot1Q 12
ip address 172.20.12.1 255.255.254.0
!
interface GigabitEthernet1/0.14
description SERVIDORES
encapsulation dot1Q 14
ip address 172.20.14.1 255.255.254.0
!
interface GigabitEthernet1/0.16
description VOZ SOBRE IP
encapsulation dot1Q 16
ip address 172.20.16.1 255.255.254.0
!
interface GigabitEthernet1/0.18
description RADIOS IP
encapsulation dot1Q 18
ip address 172.20.18.1 255.255.254.0
!
interface GigabitEthernet1/0.20
description SEGURIDAD FISICA
encapsulation dot1Q 20
ip address 172.20.20.1 255.255.254.0
!
interface GigabitEthernet1/0.22
description WLAN DE VISITANTES
encapsulation dot1Q 22
ip address 172.20.22.1 255.255.254.0
!
interface GigabitEthernet1/0.24
description RESERVADA
encapsulation dot1Q 24
ip address 172.20.24.1 255.255.254.0
!
interface GigabitEthernet1/0.26
description Usuarios
encapsulation dot1Q 26
ip address 172.20.26.1 Cisco 2951 router 255.255.254.0
exit

end

2013年7月17日星期三


Question:

I have the following on Cisco Catalyst 3560 an 1841.

PPPoE on Fast0/0 works fine and picks up ISP address.

I have assigned on the /29 address to fast0/1.2 and and created a LAN on fast0/1.1 using the native VLAN.

I can ping the /29 address from the internet and also ping the internal address from the LAN.

I added a NAT statement (inside and outside to each sub interface).

I cannot connect from the 192.168.199.0/24 network out via NAT.  Is this possible with subinterfaces?

vpdn enable

!
interface FastEthernet0/0
description PPPOE WAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.199.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 81.143.105.77 255.255.255.248
ip nat outside
ip virtual-reassembly
!
!
interface Dialer1
ip address negotiated
no ip unreachables
ip mtu 1492
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname ******
ppp chap password 0 *****
!
ip route 0.0.0.0 0.0.0.0 Dialer1 2


ip nat inside source list 10 interface FastEthernet0/1.2 overload
!
access-list 10 permit 192.168.199.0 0.0.0.255
dialer-list 1 protocol ip permit

Answer:

I have the following:



I think this is what you want to do? Anything from inside - Client_Inside will be translated to 2.2.2.1 when I try to ping R2 which has a loopback of 1.1.1.1.

So all packets that are generated from the inside will be translated with a source address of 2.2.2.1. I have added a route of 2.2.2.1 back to R1 where the loopback exists.

here are the configs:
CLIENT_INSDIE#show run
Building configuration...

Current configuration : 827 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CLIENT_INSDIE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
ip address dhcp
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end     

CLIENT_INSDIE#
CLIENT_INSDIE#show ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            20.0.0.101      YES DHCP   up                    up     
FastEthernet0/1            unassigned      YES unset  administratively down down  

=======================================================================

R1#show run
Building configuration...

*Mar  1 00:41:27.515: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1323 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 20.0.0.0 20.0.0.100
!
ip dhcp pool 1
   network 20.0.0.0 255.255.255.0
   default-router 20.0.0.1
!
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
interface Loopback0
ip address 2.2.2.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 20.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.0.2
!
!
no ip http server
no ip http secure-server
ip nat pool test 2.2.2.1 2.2.2.1 netmask 255.255.255.252
ip nat inside source list 100 pool test overload
!
access-list 100 permit ip 20.0.0.0 0.0.0.255 any
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.2 to network 0.0.0.0

     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.1 is directly connected, Loopback0
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, FastEthernet0/1
     10.0.0.0/30 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 10.0.0.2

=======================================================================

R2#show run
Building configuration...

Current configuration : 934 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 2.2.2.1 255.255.255.255 10.0.0.1
!
!
no ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end


Now I will ping 1.1.1.1 from client router:

CLIENT_INSDIE#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/64 ms

=======================================================

R1#
*Mar  1 00:45:51.783: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [75]
*Mar  1 00:45:51.811: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [75]
*Mar  1 00:45:51.847: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [76]
*Mar  1 00:45:51.867: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [76]
*Mar  1 00:45:51.887: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [77]
*Mar  1 00:45:51.911: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [77]
*Mar  1 00:45:51.931: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [78]
*Mar  1 00:45:51.947: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [78]
*Mar  1 00:45:51.975: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [79]
*Mar  1 00:45:51.995: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [79]
R1#
*Mar  1 00:46:19.939: NAT: expiring 2.2.2.1 (20.0.0.101) icmp 14 (14)

R1#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 2.2.2.1:13        20.0.0.101:13      1.1.1.1:13         1.1.1.1:13

=======================================================

R2#
*Mar  1 00:45:24.731: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.735: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.735: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.735: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.799: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.799: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.799: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.799: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.855: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.855: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.855: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.855: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.895: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.895: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.895: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.895: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.939: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.939: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.939: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.939: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

So we are NATing the source to 2.2.2.1 which is not on the physical interface. You can also do this for sub interface.
Is this what you was trying Cisco 3560 Switch to do?

WAN router bandwidth usage

Question:

Need some help to figure out Cisco 3560 Switch the bandwidth usage for the WAN router f2/0 interface, sending you what we have from this interface

30 second input rate 881000 bits/sec, 296 packets/sec
30 second output rate 395000 bits/sec, 292 packets/sec
1297322378 packets input, 1616261346 bytes
Received 59127 broadcasts, 0 runts, 0 giants, 0 throttles

Answer:

If you want to validate the speed of the link transmit and receive at the time you take the sample, you should only check the following lines:

30 second input rate 2952000 bits / sec, 555 packets / sec
30 second output rate 479000 bits / sec, 470 packets / sec


Here you should not add or subtract anything. As I mentioned earlier in a FastEthernet link in full duplex mode, the transmission is independent (30 seconds output rate) incoming (30 seconds input rate).

These statistics are based on bits per second as this is handled in terms of transmission in data networks.

For the snapshot you send you:

30 second input rate 2952000 bits / sec, 555 packets / sec
30 second output rate 479000 bits / sec, 470 packets / sec

That is for you reception: 2952000 bits / sec,

so if you want to refer this value in kilobits divide by 1000 and you have:
2952000/1000 = 2952 kbps

if you want to refer this value in megabits divide between 1000000 and have:
2952000/1000000 = 2.952 Mbps

Importantly, as the point referring transmission rates in data networks (x Gbps Mbps x, x Kbps, x bps) that are expressed in terms of bits, as opposed to storage that is expressed in terms of Bytes (Gbytes, Mbytes, Kbytes, bytes). It is also important to note that the second character of the velocity:

xbps = second character is "b" in lower case that which be interpreted as bits. "x" or first character can be G, g, M,m,K,k, or not exist if the rate is expressed in bits.
There are statistical tools that add these two values:
Input Ouput rate + rate to generate a total, but personally I'm not decuerdo with this and usually do not use this type of graph. Prefer separate or overlapping graphs.

Important

There are statistical tools that add these two values:

Input Ouput rate + rate to generate a total, but personally I'm not decuerdo with this and usually do not use this Cisco 3560 type of graph. Prefer separate or overlapping graphs.

Stumped - 871W home network config. pages not loading?

Question:

Hi i have a really simple WS-C3560X-48P-L  home network setup using the Cisco 871W 4-Port 10/100 Wireless G Router (CISCO871W-G-A-K9). I can't figure out for the life of me what is going on. Web pages seem to "half load" sometimes (netflix, facebook, bank of america doesn't load at all, etc). It doesn't always happen. Sometimes the pages will load fine. I have tested with multiple computers so I know that it is the router itself. Below is my configuration. Please ignore anything regarding the wifi. I know that isn't set up correctly. I'll deal with that later. I wanted to see if i was missing anything. Config is really basic. Attached is what one of the "half loading" web pages looks like

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MyRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 blahblahblahblah
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-1608398951
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1608398951
revocation-check none
rsakeypair TP-self-signed-1608398951
!
!
crypto pki certificate chain TP-self-signed-1608398951
certificate self-signed 01
  ZX82X252 ZX82X1BB AXXZX2X1 X2X2X1X1 ZXXDX6X9 2A864886 F7XDX1X1 X4X5XXZX
  Z1Z12FZX 2DX6XZ55 X4XZ1Z26 494F5Z2D 5Z656C66 2D5Z6967 6E65642D 4Z657274
  6966696Z 6174652D Z1Z6ZXZ8 ZZZ9Z8Z9 Z5Z1ZX1E 17XDZXZ2 ZXZZZXZ1 ZXZ1Z4Z2
  ZXZZ5A17 XDZ2ZXZX Z1ZXZ1ZX ZXZXZXZX ZX5AZXZ1 Z12FZX2D X6XZ55X4 XZ1Z2649
  4F5Z2D5Z 656C662D 5Z69676E 65642D4Z 65727469 66696Z61 74652DZ1 Z6ZXZ8ZZ
  Z9Z8Z9Z5 Z1ZX819F ZXXDX6X9 2A864886 F7XDX1X1 X1X5XXXZ 818DXXZX 8189X281
  81XXB9FX ZCEB6492 27Z78Z9F BZ5C8ZEF 9EB81B52 FB4F1Z51 A5AC8B5E 5ZAXFXB8
  5911CCB9 EC5A22C1 5X98C2E8 ZCE17DED 121B224X 57B95C2C A4Z827Z7 4967FZ49
  8681456F 175668F9 AC12BA6B 19A55718 FBFZ2DA2 914C1CFF 88766ZA5 XA1AXEDF
  81DC49DC 4D2Z29F4 ZBZ69555 ZDZZ22X9 41DC6A57 X28ZD8B6 15ADB5F9 6F617FXE
  569FX2XZ X1XXX1AZ 7AZX78ZX XFX6XZ55 1D1ZX1X1 FFX4X5ZX XZX1X1FF ZX25X6XZ
  551D11X4 1EZX1C82 1A4B4Z69 7A7A6C65 4Z697Z6Z 6F2E6B6Z 697A7A6C 652E6C6F
  6Z616CZX 1FX6XZ55 1D2ZX418 ZX168X14 18FZ6CBZ 1DZ7F684 661ZE559 FF7CE7BX
  24DB22B4 ZX1DX6XZ 551DXEX4 16X41418 FZ6CBZ1D Z7F68466 1ZE559FF 7CE7BX24
  DB22B4ZX XDX6X92A 864886F7 XDX1X1X4 X5XXXZ81 81XX28Z5 8CC9Z7AB 4D49DB5Z
  AZBDXCBX E2E6A8CE 27CCZ9AB 52C469EA 45C5B2Z6 68X82572 72AX1C58 F6C4D76B
  2A21E4X6 1E5BC585 72ZEX9B6 2917D89F 95DZXFE5 FCDXF428 ACC7ZZ44 Z4E2CDZE
  8EXFB92A 6E26F29A B6778B4Z 5ACB1946 D826AEF6 8EZ96X7A X6B6AEA2 X7CXACZ7
  X6E2C98X D76DZ588 CF55D966 94X2745C XAXCAF65 ED71
            quit
dot11 syslog
!
dot11 ssid MyWiFi
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 blahblahblahblhabhab
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 1.1.2.1 1.1.2.99
!
ip dhcp pool 1.1.2.0/24
   network 1.1.2.0 255.255.255.0
   default-router 1.1.2.1
   dns-server 1.1.2.5
   lease 7
!
!
ip domain name mydomain.local
ip host desktop 1.1.2.14
ip name-server 1.1.2.5
!
multilink bundle-name authenticated
!
!
username admin privilege 15 secret 5 blahblahblahblah
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description INTERNET WAN PORT
mac-address 0000.1111.2222
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
description Built-in Atheros miniPCI
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no dot11 extension aironet
!
encryption mode ciphers aes-ccm
!
broadcast-key change 3600
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
channel 2412
station-role root
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 1.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list ACL-NAT interface FastEthernet4 overload
!
ip access-list extended ACL-NAT
permit ip 1.1.2.0 0.0.0.255 any
!
no cdp run
!
!
!
!
control-plane
!
banner motd
#################################################################
# My Router
# GET THE F OUT.
# Unauthorized Access Is Prohibited!!!
#
# Love,
# Me
#
#################################################################

!
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 20 0
privilege level 15
password blahblah
logging synchronous
transport input telnet ssh
!
scheduler max-task-time 5000
end

Answer:


Wrong forum, post in "infrastructure - WAN and routing". You can move your post using the actions panel WS-C3560X-48P-S Price on the right.