Hello,
I am trying to cut over from multiple CES routers to one MLX router in my
core and am having issues with policy based routing messing with OSPF. I
have setup a test environment as described below, and attached all relevant
configuration files(stripped of sensitive info). I also attached the actual
problem demonstrated in a txt file. I would appreciate any help anyone could
provide. It appears that the MLX simply does not support Policy Based
routing in the same manner that the CES did.
Test Bed CES: 10.10.1.99
VE177 To MLX-8 IP 10.0.177.4/24 OSPF cost 110 int e 1/1
VE 178 to CES .48 IP 10.0.178.4/24 OSPF cost 10001 int e 1/2
LOOPBACK1 ip 10.10.1.99
MLX-8
VE 177 to CES .99 IP 10.0.177.1/24 OSPF cost 110 int e 6/1
CES .48
VE 179 to CES .99 IP 10.0.178.1/24 OSPF cost 10001 int e
1/13
When you apply route-map enat on the mlx all routes move to the .48 as the
route map breaks OSPF somehow. "Actual Problem Demonstrated.txt" shows
exactly this.
Thanks in advance!
--
Matthew Van Gent
Systems Administrator
Digital Path Inc
SSH@48-CES#sho run
!Current configuration:
!
ver V5.7.0bT183
!
!
!
!
!
no spanning-tree
!
no dual-mode-default-vlan
vlan 52 name 192-168-1-NET
tagged e 2/1
router-interface ve 52
vlan 178
untagged e 1/13
router-interface ve 179
!
system-max virtual-interface 1024
!
router ospf
area <REDACTED>
auto-cost reference-bandwidth 10000
redistribute connected
redistribute static
no rfc1583-compatibility
!
interface ethernet 1/13
enable
interface ve 52
port-name 73:8e:f8:a6:93:c0
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip address 192.168.1.48/24
!
interface ve 179
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf cost 10001
ip ospf active
ip address 10.0.178.1/24
!
!
access-list 102 sequence 10 deny ip 10.0.0.0 0.255.255.255 10.0.0.0
0.255.255.255
access-list 102 sequence 20 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
access-list 102 sequence 30 permit ip 10.0.0.0 0.255.255.255 any
!
access-list 103 sequence 10 deny ip 10.8.0.0 0.0.31.255 10.0.0.0 0.255.255.255
access-list 103 sequence 20 deny ip 10.8.0.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 103 sequence 30 permit ip 10.8.0.0 0.0.31.255 any
!
access-list 104 sequence 10 deny ip 10.9.0.0 0.0.127.255 10.0.0.0 0.255.255.255
access-list 104 sequence 20 deny ip 10.9.0.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 104 sequence 30 permit ip 10.9.0.0 0.0.127.255 any
!
access-list 105 sequence 10 deny ip 10.6.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 105 sequence 20 deny ip 10.6.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 105 sequence 30 permit ip 10.6.0.0 0.0.255.255 any
!
access-list 106 sequence 10 deny ip 10.11.0.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 106 sequence 20 deny ip 10.11.0.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 106 sequence 30 permit ip 10.11.0.0 0.0.63.255 any
!
access-list 107 sequence 10 deny ip 10.5.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 107 sequence 20 deny ip 10.5.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 107 sequence 30 permit ip 10.5.0.0 0.0.255.255 any
!
access-list 108 sequence 10 deny ip 10.0.0.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 108 sequence 20 deny ip 10.0.0.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 108 sequence 30 permit ip 10.0.0.0 0.0.63.255 any
!
access-list 109 sequence 10 deny ip 10.5.128.0 0.0.127.255 10.0.0.0
0.255.255.255
access-list 109 sequence 20 deny ip 10.5.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 109 sequence 30 permit ip 10.5.128.0 0.0.127.255 any
!
access-list 110 sequence 10 deny ip 10.5.0.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 110 sequence 20 deny ip 10.5.0.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 110 sequence 30 permit ip 10.5.0.0 0.0.63.255 any
!
access-list 111 sequence 10 deny ip 10.10.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 111 sequence 20 deny ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 111 sequence 30 permit ip 10.10.0.0 0.0.255.255 any
!
access-list 112 sequence 10 deny ip 10.2.128.0 0.0.127.255 10.0.0.0
0.255.255.255
access-list 112 sequence 20 deny ip 10.2.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 112 sequence 30 permit ip 10.2.128.0 0.0.127.255 any
!
access-list 113 sequence 10 deny ip 10.2.0.0 0.0.127.255 10.0.0.0 0.255.255.255
access-list 113 sequence 20 deny ip 10.2.0.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 113 sequence 30 permit ip 10.2.0.0 0.0.127.255 any
!
access-list 114 sequence 10 deny ip 10.5.128.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 114 sequence 20 deny ip 10.5.128.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 114 sequence 30 permit ip 10.5.128.0 0.0.63.255 any
!
access-list 115 sequence 10 deny ip 10.5.192.0 0.0.31.255 10.0.0.0 0.255.255.255
access-list 115 sequence 20 deny ip 10.5.192.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 115 sequence 30 permit ip 10.5.192.0 0.0.31.255 any
!
access-list 116 sequence 10 deny ip 10.0.128.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 116 sequence 20 deny ip 10.0.128.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 116 sequence 30 permit ip 10.0.128.0 0.0.63.255 any
!
access-list 117 sequence 10 deny ip 10.5.224.0 0.0.31.255 10.0.0.0 0.255.255.255
access-list 117 sequence 20 deny ip 10.5.224.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 117 sequence 30 permit ip 10.5.224.0 0.0.31.255 any
!
access-list 118 sequence 10 deny ip 10.11.64.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 118 sequence 20 deny ip 10.11.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 118 sequence 30 permit ip 10.11.64.0 0.0.63.255 any
!
access-list 119 sequence 10 deny ip 10.4.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 119 sequence 20 deny ip 10.4.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 119 sequence 30 permit ip 10.4.0.0 0.0.255.255 any
!
access-list 120 sequence 10 deny ip 10.0.192.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 120 sequence 20 deny ip 10.0.192.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 120 sequence 30 permit ip 10.0.192.0 0.0.63.255 any
!
access-list 122 sequence 10 deny ip 10.42.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 122 sequence 20 deny ip 10.42.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 122 sequence 30 permit ip 10.42.0.0 0.0.255.255 any
!
access-list 123 sequence 10 deny ip 10.8.128.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 123 sequence 20 deny ip 10.8.128.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 123 sequence 30 permit ip 10.8.128.0 0.0.63.255 any
!
access-list 124 sequence 10 deny ip 10.0.64.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 124 sequence 20 deny ip 10.0.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 124 sequence 30 permit ip 10.0.64.0 0.0.63.255 any
!
access-list 125 sequence 10 deny ip 10.5.64.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 125 sequence 20 deny ip 10.5.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 125 sequence 30 permit ip 10.5.64.0 0.0.63.255 any
!
access-list 126 sequence 10 deny ip 10.8.64.0 0.0.63.255 10.0.0.0 0.255.255.255
access-list 126 sequence 20 deny ip 10.8.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 126 sequence 30 permit ip 10.8.64.0 0.0.63.255 any
!
access-list 127 sequence 10 deny ip 10.8.32.0 0.0.31.255 10.0.0.0 0.255.255.255
access-list 127 sequence 20 deny ip 10.8.32.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 127 sequence 30 permit ip 10.8.32.0 0.0.31.255 any
!
access-list 128 sequence 10 deny ip 10.9.128.0 0.0.127.255 10.0.0.0
0.255.255.255
access-list 128 sequence 20 deny ip 10.9.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 128 sequence 30 permit ip 10.9.128.0 0.0.127.255 any
!
access-list 129 sequence 10 deny ip 10.12.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 129 sequence 20 deny ip 10.12.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 129 sequence 30 permit ip 10.12.0.0 0.0.255.255 any
!
access-list 130 sequence 10 deny ip 10.8.192.0 0.0.31.255 10.0.0.0 0.255.255.255
access-list 130 sequence 20 deny ip 10.8.192.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 130 sequence 30 permit ip 10.8.192.0 0.0.31.255 any
!
access-list 131 sequence 10 deny ip 10.8.224.0 0.0.31.255 10.0.0.0 0.255.255.255
access-list 131 sequence 20 deny ip 10.8.224.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 131 sequence 30 permit ip 10.8.224.0 0.0.31.255 any
!
access-list 132 sequence 10 deny ip 10.14.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 132 sequence 20 deny ip 10.14.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 132 sequence 30 permit ip 10.14.0.0 0.0.255.255 any
!
access-list 133 sequence 10 deny ip 10.18.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 133 sequence 20 deny ip 10.18.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 133 sequence 30 permit ip 10.18.0.0 0.0.255.255 any
!
access-list 134 sequence 10 deny ip 10.17.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 134 sequence 20 deny ip 10.17.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 134 sequence 30 permit ip 10.17.0.0 0.0.255.255 any
!
access-list 151 sequence 30 deny ip 208.53.64.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 151 sequence 40 deny ip 208.53.64.0 0.0.31.255 10.0.0.0
0.255.255.255
access-list 151 sequence 50 permit ip 208.53.64.0 0.0.31.255 any
!
access-list 152 sequence 30 deny ip 162.246.132.0 0.0.3.255 192.168.1.0
0.0.0.255
access-list 152 sequence 40 deny ip 162.246.132.0 0.0.3.255 10.0.0.0
0.255.255.255
access-list 152 sequence 50 permit ip 162.246.132.0 0.0.3.255 any
!
access-list 153 sequence 30 deny ip 162.247.32.0 0.0.3.255 192.168.1.0 0.0.0.255
access-list 153 sequence 40 deny ip 162.247.32.0 0.0.3.255 10.0.0.0
0.255.255.255
access-list 153 sequence 50 permit ip 162.247.32.0 0.0.3.255 any
!
route-map enat permit 3
match ip address 111
set ip next-hop 192.168.1.128
route-map enat permit 4
match ip address 108
set ip next-hop 192.168.1.119
route-map enat permit 6
match ip address 106
set ip next-hop 192.168.1.131
route-map enat permit 7
match ip address 105
set ip next-hop 192.168.1.131
route-map enat permit 8
match ip address 104
set ip next-hop 192.168.1.123
route-map enat permit 9
match ip address 103
set ip next-hop 192.168.1.132
route-map enat permit 11
match ip address 112
set ip next-hop 192.168.1.133
route-map enat permit 12
match ip address 113
set ip next-hop 192.168.1.128
route-map enat permit 13
match ip address 114
set ip next-hop 192.168.1.125
route-map enat permit 14
match ip address 110
set ip next-hop 192.168.1.134
route-map enat permit 15
match ip address 115
set ip next-hop 192.168.1.127
route-map enat permit 16
match ip address 116
set ip next-hop 192.168.1.126
route-map enat permit 17
match ip address 117
set ip next-hop 192.168.1.124
route-map enat permit 18
match ip address 118
set ip next-hop 192.168.1.126
route-map enat permit 19
match ip address 119
set ip next-hop 192.168.1.117
route-map enat permit 20
match ip address 151
set ip next-hop 192.168.1.160
route-map enat permit 21
match ip address 120
set ip next-hop 192.168.1.119
route-map enat permit 22
match ip address 122
set ip next-hop 192.168.1.122
route-map enat permit 23
match ip address 123
set ip next-hop 192.168.1.121
route-map enat permit 24
match ip address 124
set ip next-hop 192.168.1.129
route-map enat permit 25
match ip address 125
set ip next-hop 192.168.1.122
route-map enat permit 26
match ip address 126
set ip next-hop 192.168.1.116
route-map enat permit 27
match ip address 127
set ip next-hop 192.168.1.116
route-map enat permit 28
match ip address 128
set ip next-hop 192.168.1.162
route-map enat permit 29
match ip address 129
set ip next-hop 192.168.1.162
route-map enat permit 30
match ip address 152
set ip next-hop 192.168.1.160
route-map enat permit 31
match ip address 153
set ip next-hop 192.168.1.160
route-map enat permit 32
match ip address 130
set ip next-hop 192.168.1.132
route-map enat permit 33
match ip address 131
set ip next-hop 192.168.1.121
route-map enat permit 34
match ip address 132
set ip next-hop 192.168.1.163
route-map enat permit 35
match ip address 133
set ip next-hop 192.168.1.163
route-map enat permit 36
match ip address 134
set ip next-hop 192.168.1.164
route-map enat permit 99
match ip address 102
set ip next-hop 192.168.1.133
!
!
end
SSH@48-CES#
SSH@NetIron MLX-8 Router#sho run
Current configuration:
!
ver V5.6.0nT163
module 1 ni-mlx-8-port-10g-m
module 2 ni-mlx-8-port-10g-m
module 3 ni-mlx-20-port-1g-100fx
module 4 ni-mlx-20-port-1g-copper
module 5 ni-mlx-20-port-1g-copper
module 6 ni-mlx-20-port-1g-copper
module 7 ni-mlx-20-port-1g-copper
!
!
!
!
!
no spanning-tree
!
!
vlan 1 name DEFAULT-VLAN
no untagged e 6/19
!
vlan 45
tagged e 1/3 to 1/4
router-interface ve 45
!
vlan 52
tagged e 1/1 to 1/2 e 1/5
router-interface ve 52
!
vlan 177
untagged e 6/1
router-interface ve 177
!
system-max vlan 4095
system-max virtual-interface 4095
system-max mgmt-port-acl-size 100
system-max l2-acl-table-entries 256
system-max receive-cam 16384
system-max lsp-out-acl-cam 8192
system-max ifl-cam 40960
system-max subnet-broadcast-acl-cam 4096
!
!
no route-only
!
!
ip router-id 192.168.1.45
!
router ospf
area <REDACTED>
auto-cost reference-bandwidth 10000
redistribute connected
redistribute static
no rfc1583-compatibility
!
!
!
!
!
!
interface loopback 1
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf active
ip address 10.10.1.45/32
!
!
interface ethernet 1/1
enable
!
interface ethernet 1/3
enable
!
interface ethernet 6/1
enable
!
interface ve 45
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf active
ip address 10.10.45.2/24
!
interface ve 52
port-name 00:1b:ed:e5:24:00
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf cost 130
ip ospf active
ip address 192.168.1.45/24
!
interface ve 177
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf active
ip address 10.0.177.1/24
ip policy route-map enat
ip helper-address 192.168.1.150
access-list 10 sequence 10 permit any
!
access-list 101 sequence 10 permit ospf any any
!
access-list 102 sequence 10 deny ip 1<REDACTED> 0.255.255.255 1<REDACTED>
0.255.255.255
access-list 102 sequence 20 deny ip 1<REDACTED> 0.255.255.255 192.168.1.0
0.0.0.255
access-list 102 sequence 30 permit ip 1<REDACTED> 0.255.255.255 any
!
access-list 103 sequence 10 deny ip 10.8.0.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 103 sequence 20 deny ip 10.8.0.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 103 sequence 30 permit ip 10.8.0.0 0.0.31.255 any
!
access-list 104 sequence 10 deny ip 10.9.0.0 0.0.127.255 1<REDACTED>
0.255.255.255
access-list 104 sequence 20 deny ip 10.9.0.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 104 sequence 30 permit ip 10.9.0.0 0.0.127.255 any
!
access-list 105 sequence 10 deny ip 10.6.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 105 sequence 20 deny ip 10.6.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 105 sequence 30 permit ip 10.6.0.0 0.0.255.255 any
!
access-list 106 sequence 10 deny ip 10.11.0.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 106 sequence 20 deny ip 10.11.0.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 106 sequence 30 permit ip 10.11.0.0 0.0.63.255 any
!
access-list 107 sequence 10 deny ip 10.5.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 107 sequence 20 deny ip 10.5.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 107 sequence 30 permit ip 10.5.0.0 0.0.255.255 any
!
access-list 108 sequence 10 deny ip 1<REDACTED> 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 108 sequence 20 deny ip 1<REDACTED> 0.0.63.255 192.168.1.0 0.0.0.255
access-list 108 sequence 30 permit ip 1<REDACTED> 0.0.63.255 any
!
access-list 109 sequence 10 deny ip 10.5.128.0 0.0.127.255 1<REDACTED>
0.255.255.255
access-list 109 sequence 20 deny ip 10.5.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 109 sequence 30 permit ip 10.5.128.0 0.0.127.255 any
!
access-list 110 sequence 10 deny ip 10.5.0.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 110 sequence 20 deny ip 10.5.0.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 110 sequence 30 permit ip 10.5.0.0 0.0.63.255 any
!
access-list 111 sequence 10 deny ip 10.10.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 111 sequence 20 deny ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 111 sequence 30 permit ip 10.10.0.0 0.0.255.255 any
!
access-list 112 sequence 10 deny ip 10.2.128.0 0.0.127.255 1<REDACTED>
0.255.255.255
access-list 112 sequence 20 deny ip 10.2.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 112 sequence 30 permit ip 10.2.128.0 0.0.127.255 any
!
access-list 113 sequence 10 deny ip 10.2.0.0 0.0.127.255 1<REDACTED>
0.255.255.255
access-list 113 sequence 20 deny ip 10.2.0.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 113 sequence 30 permit ip 10.2.0.0 0.0.127.255 any
!
access-list 114 sequence 10 deny ip 10.5.128.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 114 sequence 20 deny ip 10.5.128.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 114 sequence 30 permit ip 10.5.128.0 0.0.63.255 any
!
access-list 115 sequence 10 deny ip 10.5.192.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 115 sequence 20 deny ip 10.5.192.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 115 sequence 30 permit ip 10.5.192.0 0.0.31.255 any
!
access-list 116 sequence 10 deny ip 10.0.128.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 116 sequence 20 deny ip 10.0.128.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 116 sequence 30 permit ip 10.0.128.0 0.0.63.255 any
!
access-list 117 sequence 10 deny ip 10.5.224.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 117 sequence 20 deny ip 10.5.224.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 117 sequence 30 permit ip 10.5.224.0 0.0.31.255 any
!
access-list 118 sequence 10 deny ip 10.11.64.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 118 sequence 20 deny ip 10.11.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 118 sequence 30 permit ip 10.11.64.0 0.0.63.255 any
!
access-list 119 sequence 10 deny ip 10.4.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 119 sequence 20 deny ip 10.4.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 119 sequence 30 permit ip 10.4.0.0 0.0.255.255 any
!
access-list 120 sequence 10 deny ip 10.0.192.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 120 sequence 20 deny ip 10.0.192.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 120 sequence 30 permit ip 10.0.192.0 0.0.63.255 any
!
access-list 122 sequence 10 deny ip 10.42.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 122 sequence 20 deny ip 10.42.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 122 sequence 30 permit ip 10.42.0.0 0.0.255.255 any
!
access-list 123 sequence 10 deny ip 10.8.128.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 123 sequence 20 deny ip 10.8.128.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 123 sequence 30 permit ip 10.8.128.0 0.0.63.255 any
!
access-list 124 sequence 10 deny ip 10.0.64.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 124 sequence 20 deny ip 10.0.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 124 sequence 30 permit ip 10.0.64.0 0.0.63.255 any
!
access-list 125 sequence 10 deny ip 10.5.64.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 125 sequence 20 deny ip 10.5.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 125 sequence 30 permit ip 10.5.64.0 0.0.63.255 any
!
access-list 126 sequence 10 deny ip 10.8.64.0 0.0.63.255 1<REDACTED>
0.255.255.255
access-list 126 sequence 20 deny ip 10.8.64.0 0.0.63.255 192.168.1.0 0.0.0.255
access-list 126 sequence 30 permit ip 10.8.64.0 0.0.63.255 any
!
access-list 127 sequence 10 deny ip 10.8.32.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 127 sequence 20 deny ip 10.8.32.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 127 sequence 30 permit ip 10.8.32.0 0.0.31.255 any
!
access-list 128 sequence 10 deny ip 10.9.128.0 0.0.127.255 1<REDACTED>
0.255.255.255
access-list 128 sequence 20 deny ip 10.9.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 128 sequence 30 permit ip 10.9.128.0 0.0.127.255 any
!
access-list 129 sequence 10 deny ip 10.12.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 129 sequence 20 deny ip 10.12.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 129 sequence 30 permit ip 10.12.0.0 0.0.255.255 any
!
access-list 130 sequence 10 deny ip 10.8.192.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 130 sequence 20 deny ip 10.8.192.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 130 sequence 30 permit ip 10.8.192.0 0.0.31.255 any
!
access-list 131 sequence 10 deny ip 10.8.224.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 131 sequence 20 deny ip 10.8.224.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 131 sequence 30 permit ip 10.8.224.0 0.0.31.255 any
!
access-list 132 sequence 10 deny ip 10.14.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 132 sequence 20 deny ip 10.14.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 132 sequence 30 permit ip 10.14.0.0 0.0.255.255 any
!
access-list 133 sequence 10 deny ip 10.18.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 133 sequence 20 deny ip 10.18.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 133 sequence 30 permit ip 10.18.0.0 0.0.255.255 any
!
access-list 134 sequence 10 deny ip 10.17.0.0 0.0.255.255 1<REDACTED>
0.255.255.255
access-list 134 sequence 20 deny ip 10.17.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 134 sequence 30 permit ip 10.17.0.0 0.0.255.255 any
!
access-list 151 sequence 30 deny ip 208.53.64.0 0.0.31.255 192.168.1.0 0.0.0.255
access-list 151 sequence 40 deny ip 208.53.64.0 0.0.31.255 1<REDACTED>
0.255.255.255
access-list 151 sequence 50 permit ip 208.53.64.0 0.0.31.255 any
!
access-list 152 sequence 30 deny ip 162.246.132.0 0.0.3.255 192.168.1.0
0.0.0.255
access-list 152 sequence 40 deny ip 162.246.132.0 0.0.3.255 1<REDACTED>
0.255.255.255
access-list 152 sequence 50 permit ip 162.246.132.0 0.0.3.255 any
!
access-list 153 sequence 30 deny ip 162.247.32.0 0.0.3.255 192.168.1.0 0.0.0.255
access-list 153 sequence 40 deny ip 162.247.32.0 0.0.3.255 1<REDACTED>
0.255.255.255
access-list 153 sequence 50 permit ip 162.247.32.0 0.0.3.255 any
!
access-list 154 sequence 30 deny ip 10.5.0.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 154 sequence 40 deny ip 10.5.0.0 0.0.127.255 1<REDACTED>
0.255.255.255
access-list 154 sequence 50 permit ip 10.5.0.0 0.0.127.255 any
!
access-list 155 sequence 30 deny ip 10.5.128.0 0.0.127.255 192.168.1.0 0.0.0.255
access-list 155 sequence 50 permit ip 10.5.128.0 0.0.127.255 any
!
access-list 156 sequence 30 deny ip host 10.5.250.89 192.168.1.0 0.0.0.255
access-list 156 sequence 40 deny ip host 10.5.250.89 1<REDACTED> 0.255.255.255
access-list 156 sequence 50 permit ip host 10.5.250.89 any
!
route-map enat permit 3
match ip address 111
set ip next-hop 192.168.1.128
route-map enat permit 4
match ip address 108
set ip next-hop 192.168.1.119
route-map enat permit 6
match ip address 106
set ip next-hop 192.168.1.131
route-map enat permit 7
match ip address 105
set ip next-hop 192.168.1.131
route-map enat permit 8
match ip address 104
set ip next-hop 192.168.1.123
route-map enat permit 9
match ip address 103
set ip next-hop 192.168.1.132
route-map enat permit 11
match ip address 112
set ip next-hop 192.168.1.133
route-map enat permit 12
match ip address 113
set ip next-hop 192.168.1.128
route-map enat permit 13
match ip address 114
set ip next-hop 192.168.1.125
route-map enat permit 14
match ip address 110
set ip next-hop 192.168.1.134
route-map enat permit 15
match ip address 115
set ip next-hop 192.168.1.127
route-map enat permit 16
match ip address 116
set ip next-hop 192.168.1.126
route-map enat permit 17
match ip address 117
set ip next-hop 192.168.1.124
route-map enat permit 18
match ip address 118
set ip next-hop 192.168.1.126
route-map enat permit 19
match ip address 119
set ip next-hop 192.168.1.117
route-map enat permit 20
match ip address 151
set ip next-hop 192.168.1.160
route-map enat permit 21
match ip address 120
set ip next-hop 192.168.1.119
route-map enat permit 22
match ip address 122
set ip next-hop 192.168.1.122
route-map enat permit 23
match ip address 123
set ip next-hop 192.168.1.121
route-map enat permit 24
match ip address 124
set ip next-hop 192.168.1.129
route-map enat permit 25
match ip address 125
set ip next-hop 192.168.1.122
route-map enat permit 26
match ip address 126
set ip next-hop 192.168.1.116
route-map enat permit 27
match ip address 127
set ip next-hop 192.168.1.116
route-map enat permit 28
match ip address 128
set ip next-hop 192.168.1.162
route-map enat permit 29
match ip address 129
set ip next-hop 192.168.1.162
route-map enat permit 30
match ip address 152
set ip next-hop 192.168.1.160
route-map enat permit 31
match ip address 153
set ip next-hop 192.168.1.160
route-map enat permit 32
match ip address 130
set ip next-hop 192.168.1.132
route-map enat permit 33
match ip address 131
set ip next-hop 192.168.1.121
route-map enat permit 34
match ip address 132
set ip next-hop 192.168.1.163
route-map enat permit 35
match ip address 133
set ip next-hop 192.168.1.163
route-map enat permit 36
match ip address 134
set ip next-hop 192.168.1.164
route-map enat permit 99
match ip address 102
set ip next-hop 192.168.1.133
!
!
lldp enable ports e 4/1 to 4/6 e 5/4 to 5/10
lldp run
!
!
ip ssh timeout 60
ip ssh idle-time 20
!
!
!
end
SSH@NetIron MLX-8 Router#
SSH@NetIron CES 2024C#sho run
Current configuration:
!
ver V5.6.0nT183
!
!
!
!
!
no spanning-tree
!
!
vlan 1 name DEFAULT-VLAN
!
vlan 177
untagged e 1/1
router-interface ve 177
!
vlan 178
untagged e 1/2
router-interface ve 178
!
!
!
ip router-id 10.10.1.99
router ospf
area <REDACTED>
auto-cost reference-bandwidth 10000
redistribute connected
redistribute static
no rfc1583-compatibility
!
!
!
!
!
!
interface loopback 1
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf active
ip address 10.10.1.99/32
!
!
interface ethernet 1/1
enable
!
interface ethernet 1/2
enable
!
interface ve 177
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf active
ip address 10.0.177.4/24
!
interface ve 178
ip ospf area <REDACTED>
ip ospf authentication-key 2 <REDACTED>
ip ospf cost 10001
ip ospf active
ip address 10.0.178.4/24
!
!
!
!
end
SSH@NetIron CES 2024C#
SSH@NetIron MLX-8 Router#sho ip route 10.10.1.99
Type Codes - B:BGP D:Connected I:ISIS O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
STATIC Codes - d:DHCPv6
Destination Gateway Port Cost Type
Uptime src-vrf
1 10.10.1.99/32 192.168.1.48 ve 52 110/10132 O
20m32s -
SSH@NetIron MLX-8 Router#conf t
SSH@NetIron MLX-8 Router(config)#int ve 177
SSH@NetIron MLX-8 Router(config-vif-177)#no ip policy route-map enat
SSH@NetIron MLX-8 Router(config-vif-177)#exit
SSH@NetIron MLX-8 Router(config)#exit
SSH@NetIron MLX-8 Router#clear ip ospf all
SSH@NetIron MLX-8 Router#sho ip route 10.10.1.99
Type Codes - B:BGP D:Connected I:ISIS O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
STATIC Codes - d:DHCPv6
Destination Gateway Port Cost Type
Uptime src-vrf
1 10.10.1.99/32 10.0.177.4 ve 177 110/11 O
0m8s -
SSH@NetIron MLX-8 Router#conf t
SSH@NetIron MLX-8 Router(config)#int ve 177
SSH@NetIron MLX-8 Router(config-vif-177)#ip policy route-map enat
SSH@NetIron MLX-8 Router(config-vif-177)#exit
SSH@NetIron MLX-8 Router(config)#exit
SSH@NetIron MLX-8 Router#clear ip ospf all
SSH@NetIron MLX-8 Router#sho ip route 10.10.1.99
Type Codes - B:BGP D:Connected I:ISIS O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
STATIC Codes - d:DHCPv6
Destination Gateway Port Cost Type
Uptime src-vrf
1 10.10.1.99/32 192.168.1.48 ve 52 110/10132 O
0m4s -
SSH@NetIron MLX-8 Router#
_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp
