cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2804
Views
0
Helpful
17
Replies

C1941w and Cisco CP Express Firewall Feature Set

raulzulueta
Level 1
Level 1

I have a cisco 1941w with ios c1900-universalk9-mz.SPA.150-1.M2.bin and I am using Cisco CP Express GUI. It tells me that the firewall feature set in unavailable. The IOS image in your router does not support the requested feature.

How do I get CP Express to configure the firewall feature?

12 Accepted Solutions

Accepted Solutions

vragotha
Level 3
Level 3

You need to have the Security license for the firewall features. You can check what license you have with a show version/show license

http://www.cisco.com/en/US/partner/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

View solution in original post

Jerry Ye
Cisco Employee
Cisco Employee

In the command prompt (via console, telnet or ssh) do show license all and post the output here.

Regards,

jerry

View solution in original post

Like I mentioned earlier, you need a Security license. You currently have only a IP Base license

View solution in original post

Is that something I need to purchase or is it a download feature set license?

View solution in original post

You need to purchase the license from a Cisco reseller. The link below

lists the different license options and the part numbers.

http://www.cisco.com/en/US/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

View solution in original post

Contact Cisco Licensing (licensing@cisco.com) and they will send you the license file to install on the device

View solution in original post

Please post your switch configuration also. The router configuration looks okay.

Regards,

jerry

View solution in original post

The switch is an HP Procurve switch. Do you still want the switch config?

View solution in original post

Not really. So in the switch, make sure the trunk port is configure to 802.1q and allow all VLAN's to go through. That is about it.

If it is a Cisco switch the configuration looks like the follow

interface x/x

switchport trunk encapsulation dot1q

switchport mode trunk

HTH,

jerry

View solution in original post

I wish it was a Cisco switch. HP does things different what they call a trunk is actually an ether-channel of ports.

View solution in original post

Your ip nat outside is on the wrong interface. It should be on G0/1, not G0/0.

interface g0/0

no ip nat outside

interface g0/1

no ip nat inside

ip nat outside

HTH,

jerry

View solution in original post

Yup. That was I.

Thanks.

View solution in original post

17 Replies 17

vragotha
Level 3
Level 3

You need to have the Security license for the firewall features. You can check what license you have with a show version/show license

http://www.cisco.com/en/US/partner/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

Jerry Ye
Cisco Employee
Cisco Employee

In the command prompt (via console, telnet or ssh) do show license all and post the output here.

Regards,

jerry

Here are the outputs of "show ver" "show license" and "show license all"

Like I mentioned earlier, you need a Security license. You currently have only a IP Base license

Is that something I need to purchase or is it a download feature set license?

You need to purchase the license from a Cisco reseller. The link below

lists the different license options and the part numbers.

http://www.cisco.com/en/US/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

So I will order the SL-19-SEC-K9 Security License which looks like a paper license. How do I install it on

the router? And does this part number give mu all the feature sets to have firewall and vpn features?

Contact Cisco Licensing (licensing@cisco.com) and they will send you the license file to install on the device

I attached the configuration for my 1941w router. I am unable to ping 10.6.10.250 or 10.6.20.250 which is the switch interface. I can however ping 10.6.1.250 also on the switch interface. What am I missing?

Please post your switch configuration also. The router configuration looks okay.

Regards,

jerry

The switch is an HP Procurve switch. Do you still want the switch config?

Not really. So in the switch, make sure the trunk port is configure to 802.1q and allow all VLAN's to go through. That is about it.

If it is a Cisco switch the configuration looks like the follow

interface x/x

switchport trunk encapsulation dot1q

switchport mode trunk

HTH,

jerry

I wish it was a Cisco switch. HP does things different what they call a trunk is actually an ether-channel of ports.

i cannot ping 8.8.8.8 from any of the sub-interface addresses:

g0/0.10 ip address 10.6.10.250

g0/0.20 ip address 10.6.20.250

all the others

Am I missing a route?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: