Yes this might be a bug. You can check this in bug tracking tool, on cisco site. Regards, Pushkar Kulkarni Sent from BlackBerry® on Airtel
-----Original Message----- From: [email protected] Sender: [email protected] Date: Sun, 10 Apr 2011 08:38:52 To: <[email protected]> Reply-To: [email protected] Subject: CCIE_RS Digest, Vol 63, Issue 29 Send CCIE_RS mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://onlinestudylist.com/mailman/listinfo/ccie_rs or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of CCIE_RS digest..." Today's Topics: 1. NAT and 12.4(15)T14 (Max Pierson) 2. Vol1 Lab8 -RIP (Jay McMickle) 3. DOC CD (Jason Maynard) 4. Re: DOC CD (Di Bias, Steve) 5. Re: DOC CD (Marc Abel) 6. Lab 1 vl 3 (Cedric King) 7. Re: Vol1 Lab8 -RIP (Jay Taylor) 8. Re: NAT and 12.4(15)T14 (Jay Taylor) ---------------------------------------------------------------------- Message: 1 Date: Sat, 9 Apr 2011 12:50:53 -0500 From: Max Pierson <[email protected]> To: CCIE_RS OnlineStudyList <[email protected]> Subject: [OSL | CCIE_RS] NAT and 12.4(15)T14 Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 Hi List, I'm testing out ZFW on a 3725 router and noticed some strange behavior of NAT when I perform testing. It seems when I overload the "outside" interface or pool, the first packet gets dropped as if there's no translation already built for the session. Even if I remove all of the ZFW config and just have the NAT config in place, I still see the same issues. I DO see the NAT session created in a "show ip nat trans", however, the first packet out of any session created is dropped. Once TCP sessions (ex. web download) are established after a few drops, the performance is fine. It's just when that first packet hits the interface is when I'm seeing the flakiness. To make sure it wasn't my config, I removed all of the ZFW config, and loaded 12.4(25d), and the config works as expected. Relevant configs are below. Also, should I use the "ip nat enable" method instead of the old method I am using?? And if so, can someone explain or link me to the info as to when to use it vs the old method?? Or is this possibly a bug I'm hitting since this works fine in 12.4(25d) mainline?? ! interface FastEthernet0/0 ip address 192.168.35.253 255.255.255.0 ip nat inside ip virtual-reassembly ip route-cache flow load-interval 30 duplex auto speed auto ! interface Serial0/0 ip address 172.16.0.1 255.255.255.252 ip nat inside ip virtual-reassembly ip route-cache flow load-interval 30 ! interface FastEthernet0/1 ip address 206.XX.XX.XX 255.255.255.252 ip nat outside ip virtual-reassembly ip route-cache flow load-interval 30 duplex auto speed auto ! ! ip nat pool OUTSIDE 206.XX.XX.XX 206.XX.XX.XX netmask 255.255.255.252 ip nat inside source list NGA-NETS pool OUTSIDE overload ! ip access-list extended NGA-NETS permit ip 192.168.32.0 0.0.7.255 any permit ip 172.16.0.0 0.0.0.255 any Thanks, Max ------------------------------ Message: 2 Date: Sat, 9 Apr 2011 11:20:11 -0700 (PDT) From: Jay McMickle <[email protected]> To: IPExpert Online <[email protected]> Subject: [OSL | CCIE_RS] Vol1 Lab8 -RIP Message-ID: <[email protected]> Content-Type: text/plain; charset=iso-8859-1 Experts and those of the liking- I'm working on Vol1 Lab 8, section 8.8.? The lab states to implement RIP?MD5 authentication?on R2 to R5 and R6.??While you can't put a single key chain on a RIP interface, it's obvious that you must break this multi-point interface up.? I took s0/1/0.256 multipoint and made it?two sub interface point to point interfaces.? The DSG shows making it?two multipoint interfaces. I guess this shows that I don't know the?difference, but would be drawbacks be to having two P2P interfaces over two MP interfaces? Thanks to all the labbers and?Experts... ? ? Regards, Jay McMickle- CCNP, CCSP, CCDP, MCSE http://mycciepursuit.wordpress.com/ ------------------------------ Message: 3 Date: Sat, 9 Apr 2011 18:30:28 -0400 From: "Jason Maynard" <[email protected]> To: <[email protected]> Subject: [OSL | CCIE_RS] DOC CD Message-ID: <000301cbf705$bb99ff40$32cdfdc0$@com> Content-Type: text/plain; charset="us-ascii" I am logged in to CCO and I am still receiving this error Forbidden You don't have permission to access /en/US/customer/products/hw/switches/ps5528/products_installation_and_config uration_guides_list.html on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. _____ Apache/2.0 Server at www.cisco.com Port 80 Anyone else having the same issue ------------------------------ Message: 4 Date: Sat, 9 Apr 2011 20:08:16 -0400 From: "Di Bias, Steve" <[email protected]> To: Jason Maynard <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_RS] DOC CD Message-ID: <2fe030039b8ad14eb4373ca25779c63e91e4c38...@corp-exvs01.corp.uhsinc.biz> Content-Type: text/plain; charset="iso-8859-1" I'm able to get there, however there I noticed a warning that Cisco was performing maintenance today which could be the issue http://www.cisco.com/en/US/customer/products/hw/switches/ps5528/products_installation_and_configuration_guides_list.html Thank you.? Steve Di Bias Network Engineer - Information Systems Valley Health System - Las Vegas Office - 702- 369-7594 Cell - 702-241-1801 [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jason Maynard Sent: Saturday, April 09, 2011 3:30 PM To: [email protected] Subject: [OSL | CCIE_RS] DOC CD I am logged in to CCO and I am still receiving this error Forbidden You don't have permission to access /en/US/customer/products/hw/switches/ps5528/products_installation_and_config uration_guides_list.html on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. _____ Apache/2.0 Server at www.cisco.com Port 80 Anyone else having the same issue _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com UHS Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited. If this was sent to you in error, please notify the sender by reply e-mail and destroy all copies of the original message. ------------------------------ Message: 5 Date: Sat, 09 Apr 2011 19:52:56 -0500 From: Marc Abel <[email protected]> To: "Di Bias, Steve" <[email protected]>, Jason Maynard <[email protected]>, "[email protected] " <[email protected]> Subject: Re: [OSL | CCIE_RS] DOC CD Message-ID: <[email protected]> Content-Type: text/plain; charset=utf-8 Big parts of cisco.com have been down all day. Sent from my Samsung Epic? 4G "Di Bias, Steve" <[email protected]> wrote: >I'm able to get there, however there I noticed a warning that Cisco was >performing maintenance today which could be the issue > >http://www.cisco.com/en/US/customer/products/hw/switches/ps5528/products_installation_and_configuration_guides_list.html > > >Thank you.? > >Steve Di Bias >Network Engineer - Information Systems >Valley Health System - Las Vegas >Office - 702- 369-7594 >Cell - 702-241-1801 >[email protected] > >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of Jason Maynard >Sent: Saturday, April 09, 2011 3:30 PM >To: [email protected] >Subject: [OSL | CCIE_RS] DOC CD > >I am logged in to CCO and I am still receiving this error > > > >Forbidden > >You don't have permission to access >/en/US/customer/products/hw/switches/ps5528/products_installation_and_config >uration_guides_list.html on this server. > >Additionally, a 403 Forbidden error was encountered while trying to use an >ErrorDocument to handle the request. > > _____ > >Apache/2.0 Server at www.cisco.com Port 80 > > > > > > > >Anyone else having the same issue > > > > > >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit www.ipexpert.com > > >UHS Confidentiality Notice: This e-mail message, including any attachments, >is for the sole use of the intended recipient (s) and may contain confidential >and privileged information. Any unauthorized review, use, disclosure or >distribution of this information is prohibited. If this was sent to you in >error, please notify the sender by reply e-mail and destroy all copies of the >original message. >_______________________________________________ >For more information regarding industry leading CCIE Lab training, please >visit www.ipexpert.com ------------------------------ Message: 6 Date: Sat, 9 Apr 2011 18:46:13 -0700 (PDT) From: Cedric King <[email protected]> To: [email protected] Subject: [OSL | CCIE_RS] Lab 1 vl 3 Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii Hi Gang, I'm going through Vl3 lab 1 and I noticed that the OSPF config for the R4 router says [no discard-route]... This command is being rejected by my routers due to the missing last entry... is it for internal or external routes ? v/r Cedric (future Shogun) ------------------------------ Message: 7 Date: Sun, 10 Apr 2011 08:36:56 -0400 From: Jay Taylor <[email protected]> To: Jay McMickle <[email protected]> Cc: IPExpert Online <[email protected]> Subject: Re: [OSL | CCIE_RS] Vol1 Lab8 -RIP Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 With RIP it really won't make a difference as long as you've configured Frame Relay right. I'm guessing the DSG wanted to point out that you need the broadcast statement in your frame maps with multipoint. On Sat, Apr 9, 2011 at 2:20 PM, Jay McMickle <[email protected]> wrote: > Experts and those of the liking- > > I'm working on Vol1 Lab 8, section 8.8. The lab states to implement > RIP MD5 > authentication on R2 to R5 and R6. While you can't put a single key chain > on a > RIP interface, it's obvious that you must break this multi-point interface > up. > > > I took s0/1/0.256 multipoint and made it two sub interface point to point > interfaces. The DSG shows making it two multipoint interfaces. > > I guess this shows that I don't know the difference, but would be drawbacks > be > to having two P2P interfaces over two MP interfaces? > > Thanks to all the labbers and Experts... > > > Regards, > Jay McMickle- CCNP, CCSP, CCDP, MCSE > http://mycciepursuit.wordpress.com/ > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > -- Jay Taylor CCIE #28391 @JTIE_6EE7 ------------------------------ Message: 8 Date: Sun, 10 Apr 2011 08:38:50 -0400 From: Jay Taylor <[email protected]> To: Max Pierson <[email protected]> Cc: CCIE_RS OnlineStudyList <[email protected]> Subject: Re: [OSL | CCIE_RS] NAT and 12.4(15)T14 Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 I'm no ZBF expert but I do remember hearing that 'ip nat enable' is not compatible with it. Not sure about the other issue you're seeing. On Sat, Apr 9, 2011 at 1:50 PM, Max Pierson <[email protected]> wrote: > Hi List, > > I'm testing out ZFW on a 3725 router and noticed some strange behavior of > NAT when I perform testing. It seems when I overload the "outside" > interface > or pool, the first packet gets dropped as if there's no translation already > built for the session. Even if I remove all of the ZFW config and just have > the NAT config in place, I still see the same issues. I DO see the NAT > session created in a "show ip nat trans", however, the first packet out of > any session created is dropped. Once TCP sessions (ex. web download) are > established after a few drops, the performance is fine. It's just when that > first packet hits the interface is when I'm seeing the flakiness. To make > sure it wasn't my config, I removed all of the ZFW config, and loaded > 12.4(25d), and the config works as expected. Relevant configs are below. > > Also, should I use the "ip nat enable" method instead of the old method I > am > using?? And if so, can someone explain or link me to the info as to when to > use it vs the old method?? Or is this possibly a bug I'm hitting since this > works fine in 12.4(25d) mainline?? > > ! > interface FastEthernet0/0 > ip address 192.168.35.253 255.255.255.0 > ip nat inside > ip virtual-reassembly > ip route-cache flow > load-interval 30 > duplex auto > speed auto > ! > interface Serial0/0 > ip address 172.16.0.1 255.255.255.252 > ip nat inside > ip virtual-reassembly > ip route-cache flow > load-interval 30 > ! > interface FastEthernet0/1 > ip address 206.XX.XX.XX 255.255.255.252 > ip nat outside > ip virtual-reassembly > ip route-cache flow > load-interval 30 > duplex auto > speed auto > ! > ! > ip nat pool OUTSIDE 206.XX.XX.XX 206.XX.XX.XX netmask 255.255.255.252 > ip nat inside source list NGA-NETS pool OUTSIDE overload > ! > ip access-list extended NGA-NETS > permit ip 192.168.32.0 0.0.7.255 any > permit ip 172.16.0.0 0.0.0.255 any > > Thanks, > Max > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > -- Jay Taylor CCIE #28391 @JTIE_6EE7 End of CCIE_RS Digest, Vol 63, Issue 29 *************************************** _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
