Re: [c-nsp] Load balancing
Do you ever hear that REP is in an exam !! This is a case am facing ! SW4 , SW5 and SW6 are in a closed Ring running REP with blocking occuring on the link between SW4 and SW5SW6 has the primary and preferred REP termination pointsThe customer routers are connected to switches SW4 and SW5And the customer traffic (LAN) is connected to the routers via a switchThe customer wants to load balance both inbound and outbound trafficFor outbound traffic , GLBP will be the best option but am asking for the inbound traffic as well as how to control the packet from going and coming back through the same path and thanks all From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: Load balancing Date: Mon, 11 May 2015 11:45:01 +0300 Hi allI have the below setup SW6 / \SW4 SW5 | | R1 R2 \ / LAN (Customer) Now SW4 , SW5 and SW6 are running REP where the blocking occurs on the segment between SW4 and SW5What the customer is asking for is Load balancing for both incoming and outgoing trafficWhat we have suggested is that we can implement GLBP on the segment between R1 , R2 and the customer LAN (Switch) , but that will control outgoing traffic only right ? Another issue arises is that how we can insure that when a host generates a packet and that packet follows the path R2 - SW5 - SW6 will come back through the same path not from the other one? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Load balancing
Hi allI have the below setup SW6 / \SW4 SW5 | | R1 R2 \ / LAN (Customer) Now SW4 , SW5 and SW6 are running REP where the blocking occurs on the segment between SW4 and SW5What the customer is asking for is Load balancing for both incoming and outgoing trafficWhat we have suggested is that we can implement GLBP on the segment between R1 , R2 and the customer LAN (Switch) , but that will control outgoing traffic only right ? Another issue arises is that how we can insure that when a host generates a packet and that packet follows the path R2 - SW5 - SW6 will come back through the same path not from the other one? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Preventive Maintenance Template
Thanks very much Subject: Re: [c-nsp] Preventive Maintenance Template From: ja...@lixfeld.ca Date: Tue, 5 May 2015 08:02:53 -0400 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com Well, if you just want to check CPU, env and memory, each platform should have CLI versions of those commands. In terms of deeper analysis, I’m sure any errors that might lead to an issue with the platform would show up in the logs. Presuming you have the local logging buffer setup correctly to log errors and the like, that should probably give you all that you can reasonably expect to get for your template. On May 5, 2015, at 7:44 AM, M K gunner_...@live.com wrote: Sure not wrong , but the issue is that each customer has a different setup and some of them has no NMS system and some of them does not allow any SNMP communication to be made , we have to visit each customer on site and check his devices , we gain access from the customer via console when we arrive the site Subject: Re: [c-nsp] Preventive Maintenance Template From: ja...@lixfeld.ca Date: Tue, 5 May 2015 07:39:43 -0400 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com What would be wrong with using an NMS? On May 5, 2015, at 7:33 AM, M K gunner_...@live.com wrote: I have a lot of customers that use different types of devices : switches , routers , firewalls , IPS , WLC , etc. So am trying to develop a template to check the health of the device I can make a template for each kind of device I can get CPU , env , memory information , but am searching for more deep analysis Subject: Re: [c-nsp] Preventive Maintenance Template From: ja...@lixfeld.ca Date: Tue, 5 May 2015 07:08:15 -0400 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com Can you provide more details? Are you talking just about the hardware itself? i.e.: CPU? Memory? Fabric utilization? What kind of hardware? Or are you talking about checks for what your hardware is actually doing? i.e.: BGP checks, ISIS checks, etc? On May 5, 2015, at 6:09 AM, M K gunner_...@live.com wrote: Hi allI was searching for the most important commands to use for devices health check , I found a lot of lists but I just want to use your experience to get the most precise and valuable check in order to build my template Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Preventive Maintenance Template
Sure not wrong , but the issue is that each customer has a different setup and some of them has no NMS system and some of them does not allow any SNMP communication to be made , we have to visit each customer on site and check his devices , we gain access from the customer via console when we arrive the site Subject: Re: [c-nsp] Preventive Maintenance Template From: ja...@lixfeld.ca Date: Tue, 5 May 2015 07:39:43 -0400 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com What would be wrong with using an NMS? On May 5, 2015, at 7:33 AM, M K gunner_...@live.com wrote: I have a lot of customers that use different types of devices : switches , routers , firewalls , IPS , WLC , etc. So am trying to develop a template to check the health of the device I can make a template for each kind of device I can get CPU , env , memory information , but am searching for more deep analysis Subject: Re: [c-nsp] Preventive Maintenance Template From: ja...@lixfeld.ca Date: Tue, 5 May 2015 07:08:15 -0400 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com Can you provide more details? Are you talking just about the hardware itself? i.e.: CPU? Memory? Fabric utilization? What kind of hardware? Or are you talking about checks for what your hardware is actually doing? i.e.: BGP checks, ISIS checks, etc? On May 5, 2015, at 6:09 AM, M K gunner_...@live.com wrote: Hi allI was searching for the most important commands to use for devices health check , I found a lot of lists but I just want to use your experience to get the most precise and valuable check in order to build my template Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Preventive Maintenance Template
I have a lot of customers that use different types of devices : switches , routers , firewalls , IPS , WLC , etc.So am trying to develop a template to check the health of the deviceI can make a template for each kind of device I can get CPU , env , memory information , but am searching for more deep analysis Subject: Re: [c-nsp] Preventive Maintenance Template From: ja...@lixfeld.ca Date: Tue, 5 May 2015 07:08:15 -0400 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com Can you provide more details? Are you talking just about the hardware itself? i.e.: CPU? Memory? Fabric utilization? What kind of hardware? Or are you talking about checks for what your hardware is actually doing? i.e.: BGP checks, ISIS checks, etc? On May 5, 2015, at 6:09 AM, M K gunner_...@live.com wrote: Hi allI was searching for the most important commands to use for devices health check , I found a lot of lists but I just want to use your experience to get the most precise and valuable check in order to build my template Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Preventive Maintenance Template
Hi allI was searching for the most important commands to use for devices health check , I found a lot of lists but I just want to use your experience to get the most precise and valuable check in order to build my template Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EEM Execution Time
Am trying to run EEM script , but the log message below appears eem_server[190]: %HA-HA_EM-6-FMS_POLICY_TIMEOUT : Policy 'mssk.tcl' has hit its maximum execution time of 20.0 seconds, and so has been halted How Can i increase execution time? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EEM Execution Time
Am not trying to bother anyone , behave urself From: luky...@hotmail.com To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] EEM Execution Time Date: Wed, 22 Apr 2015 11:59:45 +0200 Am trying to run EEM script , but the log message below appears eem_server[190]: %HA-HA_EM-6-FMS_POLICY_TIMEOUT : Policy 'mssk.tcl' has hit its maximum execution time of 20.0 seconds, and so has been halted How Can i increase execution time? Are you kidding me? RTFM! It takes 3 to 5 seconds to find the response to your question in google. Stop abusing this list because of your laziness. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Incoming Traffic Load Balancing
He is only interested in inbound traffic , other than BGP what other options do I have ? Subject: Re: [c-nsp] Incoming Traffic Load Balancing To: gunner_...@live.com; cisco-nsp@puck.nether.net From: mark.ti...@seacom.mu Date: Mon, 20 Apr 2015 15:05:30 +0200 On 20/Apr/15 15:01, M K wrote: Hi allI have a customer connected to my Edge router via two routers , each with one connectionThe public subnet will be given to him from my spaceHis main concern is load-balancing for incoming traffic Should I establish BGP session with him or there is a better solution? For outbound (you to the customer) load sharing, you could write two static routes on your edge router, each pointing to each of his routers. This will create two equal-cost paths toward the customer. For inbound (customer to you) load sharing, that will depend on the customer's topology, but there are several options. With two border routers on their side, it gets a little interesting. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Incoming Traffic Load Balancing
Hi allI have a customer connected to my Edge router via two routers , each with one connectionThe public subnet will be given to him from my spaceHis main concern is load-balancing for incoming traffic Should I establish BGP session with him or there is a better solution? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Storm-control Issue
Thanks all From: luky...@hotmail.com To: mack.mcbr...@viawest.com; n...@foobar.org; gunner_...@live.com; chuckchu...@gmail.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Storm-control Issue Date: Wed, 15 Apr 2015 19:16:59 +0200 A link to the article/web page would be helpful because the current first hit on page three really doesn't relate to the issue. Remember the order can change based on someone's search history as well as the number of people visiting a link And additional links being added. http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-2SR/configuration/guide/swcg/storm.pdf ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Storm-control Issue
HiThe output tells me I have the ability , and I compared it to another module and the same appeared 2 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 SAL06313RHP 3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1435S15F FastEthernet2/2 Model: WS-X6348-RJ-45 Type: 10/100BaseTX Speed: 10,100,auto Duplex: half,full Trunk encap. type: 802.1Q,ISL Trunk mode: on,off,desirable,nonegotiate Channel: yes Broadcast suppression: percentage(0-100) Flowcontrol: rx-(off,on),tx-(none) Membership:static Fast Start:yes QOS scheduling: rx-(1q4t), tx-(2q2t) CoS rewrite: yes ToS rewrite: yes Inline power: yes SPAN: source/destination UDLD yes Link Debounce: yes Link Debounce Time:no Ports on ASIC: 1-12 Dot1ad Ethertype: no Dot1ad Tunnel: yes Port-Security: yes GigabitEthernet3/7 Model: WS-X6748-GE-TX Type: 10/100/1000BaseT Speed: 10,100,1000,auto Duplex: half,full Trunk encap. type: 802.1Q,ISL Trunk mode: on,off,desirable,nonegotiate Channel: yes Broadcast suppression: percentage(0-100) Flowcontrol: rx-(off,on,desired),tx-(off,on,desired) Membership:static Fast Start:yes QOS scheduling:rx-(1q8t), tx-(1p3q8t) CoS rewrite: yes ToS rewrite: yes Inline power: no SPAN: source/destination UDLD yes Link Debounce: yes Link Debounce Time:no Ports on ASIC: 1-12 Dot1ad Ethertype: yes Dot1ad Tunnel: yes Port-Security: yes From: chuckchu...@gmail.com To: n...@foobar.org; gunner_...@live.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Storm-control Issue Date: Mon, 13 Apr 2015 12:58:56 -0400 Doesn't the output of 'show int capab' tell you if it's got that ability? Chuck -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard Sent: Monday, April 13, 2015 11:33 AM To: M K; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Storm-control Issue On 13/04/2015 16:47, M K wrote: The line card in use is 48 10/100 mb rj45 It would be helpful to provide a line card model number. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Storm-control Issue
The line card in use is 48 10/100 mb rj45 Date: Mon, 13 Apr 2015 16:39:26 +0200 From: n...@foobar.org To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Storm-control Issue On 13/04/2015 16:29, M K wrote: Hi allI have CISCO7606-S with bootdisk:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin image When i am trying to configure storm-control , I get the below error 7606(config)#interface FastEthernet2/27606(config-if)# storm-control multicast level 10.00Command Rejected: Multicast suppression is not supported on Fa2/2 storm control is not supported on all line cards. Given that you're talking about 100mbit ethernet here, it looks likely that you're running into a hardware limitation on the line card. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Storm-control Issue
Hi allI have CISCO7606-S with bootdisk:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin image When i am trying to configure storm-control , I get the below error 7606(config)#interface FastEthernet2/27606(config-if)# storm-control multicast level 10.00Command Rejected: Multicast suppression is not supported on Fa2/2 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS XR as-path-set
How can i modify an existing as-path-set on Cisco IOS XR ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Whatsup Calls
I am just a technical guy :)I think Cisco has not released a protocol pack that supports Whatsapp calls , but can Sandvine do it ? Subject: Re: [c-nsp] Whatsup Calls From: ba...@tespok.co.ke Date: Thu, 2 Apr 2015 16:33:25 +0300 CC: mark.ti...@seacom.mu; cisco-nsp@puck.nether.net To: gunner_...@live.com Why would i want this blocked again , if you can give me 5 good reasons as to why Barry On 2 Apr 2015, at 14:24, M K gunner_...@live.com wrote: Sure am not the one who will decide to block a service I love like this :) Subject: Re: [c-nsp] Whatsup Calls To: gunner_...@live.com; cisco-nsp@puck.nether.net From: mark.ti...@seacom.mu Date: Thu, 2 Apr 2015 12:29:58 +0200 On 2/Apr/15 12:06, M K wrote: Whatsup released voice recently , i wonder does Cisco SCE has the ability to block it ? I think on Android only for now... Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Whatsup Calls
Whatsup released voice recently , i wonder does Cisco SCE has the ability to block it ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limited number of VFIs
Thanks Mark/Mark for the effort Subject: Re: Limited number of VFIs To: gunner_...@live.com; cisco-nsp@puck.nether.net; ulrik.iv...@excanto.se From: mark.ti...@seacom.mu Date: Thu, 2 Apr 2015 08:52:40 +0200 The ME3600X only supported H-VPLS initially. Full VPLS support came after lots of kicking and screaming. Cisco had initially left it only for the ME3800X, but the ME3600X got it soon after launch. Mark. On 1/Apr/15 15:14, M K wrote: Thanks Mark But what do u mean by full VPLS support.? From: gunner_...@live.com To: cisco-nsp@puck.nether.net; ulrik.iv...@excanto.se Subject: RE: Limited number of VFIs Date: Wed, 1 Apr 2015 00:12:57 +0300 Even with a different IOS image ? or template change ? From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: RE: Limited number of VFIs Date: Tue, 31 Mar 2015 23:58:46 +0300 SW(config)#l2 vfi test autodiscovery Maximum number of VFIs 26 have been configured. % Cannot create more VFIs From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: Limited number of VFIs Date: Tue, 31 Mar 2015 22:55:47 +0300 Hi all I have ME3600X with the below software and licence System image file is flash:/me360x-universal-mz.153.bin License Level: AdvancedMetroIPAccess License Type: Permanent I am configuring several VFIs , when I reach number 27 (total) I get prompted that I have reached the maximum number , is that a bug or normal? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Whatsup Calls
Sure am not the one who will decide to block a service I love like this :) Subject: Re: [c-nsp] Whatsup Calls To: gunner_...@live.com; cisco-nsp@puck.nether.net From: mark.ti...@seacom.mu Date: Thu, 2 Apr 2015 12:29:58 +0200 On 2/Apr/15 12:06, M K wrote: Whatsup released voice recently , i wonder does Cisco SCE has the ability to block it ? I think on Android only for now... Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limited number of VFIs
Thanks MarkBut what do u mean by full VPLS support.?From: gunner_...@live.com To: cisco-nsp@puck.nether.net; ulrik.iv...@excanto.se Subject: RE: Limited number of VFIs Date: Wed, 1 Apr 2015 00:12:57 +0300 Even with a different IOS image ? or template change ? From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: RE: Limited number of VFIs Date: Tue, 31 Mar 2015 23:58:46 +0300 SW(config)#l2 vfi test autodiscovery Maximum number of VFIs 26 have been configured. % Cannot create more VFIs From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: Limited number of VFIs Date: Tue, 31 Mar 2015 22:55:47 +0300 Hi allI have ME3600X with the below software and licence System image file is flash:/me360x-universal-mz.153.binLicense Level: AdvancedMetroIPAccessLicense Type: Permanent I am configuring several VFIs , when I reach number 27 (total) I get prompted that I have reached the maximum number , is that a bug or normal? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Limited number of VFIs
Hi allI have ME3600X with the below software and licence System image file is flash:/me360x-universal-mz.153.binLicense Level: AdvancedMetroIPAccessLicense Type: Permanent I am configuring several VFIs , when I reach number 27 (total) I get prompted that I have reached the maximum number , is that a bug or normal? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limited number of VFIs
Even with a different IOS image ? or template change ? From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: RE: Limited number of VFIs Date: Tue, 31 Mar 2015 23:58:46 +0300 SW(config)#l2 vfi test autodiscovery Maximum number of VFIs 26 have been configured. % Cannot create more VFIs From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: Limited number of VFIs Date: Tue, 31 Mar 2015 22:55:47 +0300 Hi allI have ME3600X with the below software and licence System image file is flash:/me360x-universal-mz.153.binLicense Level: AdvancedMetroIPAccessLicense Type: Permanent I am configuring several VFIs , when I reach number 27 (total) I get prompted that I have reached the maximum number , is that a bug or normal? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limited number of VFIs
SW(config)#l2 vfi test autodiscovery Maximum number of VFIs 26 have been configured. % Cannot create more VFIs From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: Limited number of VFIs Date: Tue, 31 Mar 2015 22:55:47 +0300 Hi allI have ME3600X with the below software and licence System image file is flash:/me360x-universal-mz.153.binLicense Level: AdvancedMetroIPAccessLicense Type: Permanent I am configuring several VFIs , when I reach number 27 (total) I get prompted that I have reached the maximum number , is that a bug or normal? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] AS-path access-list
I have several BGP uplinks with full routing table , there is a specific AS number that I want the upload to it to use a certain link/neighbor , can i use as-path access-list to do that ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Asset Management Software
Hi allWhat is the best Asset Management (free) software to use ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Outbound Traffic
Depends on what gert ?I have several uplink providers and I want a specific subnet to access one of the links in both direction (inbound and outbound)I do not have an issue with inbound , I play with prepend But with outbound if I configured weight to the prefix , how can i control to be advertised to another link (for redundancy) ? Date: Sun, 22 Mar 2015 12:05:26 +0100 From: g...@greenie.muc.de To: gunner_...@live.com CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Outbound Traffic Hi, On Sun, Mar 22, 2015 at 12:55:40PM +0200, M K wrote: Can i Control the outgoing traffic for a specific prefix to use a specific neighbor and the incoming traffic for the same prefix to use also the same prefix ? This depends. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Outbound Traffic
Can i Control the outgoing traffic for a specific prefix to use a specific neighbor and the incoming traffic for the same prefix to use also the same prefix ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Failover
I have two connections to my service provider (one is active and the other is standby)The provider gave me /29 public subnet to use , am establishing the BGP with him over private subnetI have an exchange server that is assigned an IP address from the public poolNow , we had another new connection with the provider terminated to another router (another geographic area) What we are looking for is if the primary service provider site , I want the exchange to keep the same IP address and to be assigned from the new link because I do not want employees to change the mx record (the domain name for the mail) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF Cost
I have the below setup R2 -- R3| /R1 Each router has a PC connected to itThe setup implement a flat OSPF setup (area 0) Now , the trace from PC1 (Connected to R1) to PC3 (Connected to R3) will go through the link between R1 and R3 which is normalNow , I have raised the cost from the interface of R3 connecting to R1 (ip ospf cost 100) and the trace still go through the link between R1 and R3When I do the same but from R1 side , the trace will follow the path R1 - R2 - R3Why ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NTP Setup
Some routers have public IP addresses assigned and they are able to access the Internet But according to all guys its better to have NTP servers (two or more) and all devices talk to them Date: Sun, 8 Mar 2015 12:07:58 -0400 Subject: Re: [c-nsp] NTP Setup From: ler...@gmail.com To: gunner_...@live.com CC: cisco-nsp@puck.nether.net On 3/8/15, M K gunner_...@live.com wrote: HiWhat is the best setup for NTP to be implemented in a network ?Linux server with ntpd package installed and all devices pointing to it ? or a core router with public access synchronized with public clock and all devices pointing to it ? You should have at least three NTP servers. Not sure what core router with public access means, but I wouldn't want anything outside my network being able to access a service on a core router. If you really want to go that way, I'd suggest using a couple of 7200s that aren't doing anything else. I'd say the better setup* would be 3 or 5 servers running ntpd getting their clock from GPS or wireless cell phone towers using Internet time servers as a backup Regards, Lee * wrt price/performance. even better would be each ntp server having it's own high quality clock ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] REP and Spanning-Tree
Thanks very much , it helped me out Subject: Re: [c-nsp] REP and Spanning-Tree From: e...@edgeoc.net Date: Tue, 3 Mar 2015 11:02:20 -0500 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com See the last two pages of this white paper: http://www.cisco.com/c/dam/en/us/products/collateral/switches/me-3400-series-ethernet-access-switches/prod_white_paper0900aecd806ec6fa.pdf - Ed On Mar 3, 2015, at 09:39, M K gunner_...@live.com wrote: I have the below topology SW1 -- SW2 -- SW3SW1 and SW2 already ar part from a ring that is running REP (i.e. no spanning -tree on the link between SW1 and SW2)No , I got a new switch (SW4) and connect it to SW1 and SW3 (which means I have now closed circuit)My questions is , would that be an issue? SW4 -STP- SW1 - REP - SW2 -STP - SW3 - STP - SW4 Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NTP Setup
HiWhat is the best setup for NTP to be implemented in a network ?Linux server with ntpd package installed and all devices pointing to it ? or a core router with public access synchronized with public clock and all devices pointing to it ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] REP and Spanning-Tree
I have the below topology SW1 -- SW2 -- SW3SW1 and SW2 already ar part from a ring that is running REP (i.e. no spanning -tree on the link between SW1 and SW2)No , I got a new switch (SW4) and connect it to SW1 and SW3 (which means I have now closed circuit)My questions is , would that be an issue? SW4 -STP- SW1 - REP - SW2 -STP - SW3 - STP - SW4 Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DR location
There are servers in both data centers (primary and backup) , These servers run databases and web applicationsIf from networking point of view it's ok , will both data centers (geographically distant) will be in the same AS (private AS) or the relation will be eBGP ? Date: Mon, 23 Feb 2015 11:15:14 + Subject: Re: [c-nsp] DR location From: and...@2sheds.de To: gunner_...@live.com CC: cisco-nsp@puck.nether.net On Sun, Feb 22, 2015 at 2:45 PM, M K gunner_...@live.com wrote: Hii have a customer requesting to have a DR in another country (other than the primary one)What is the best solution to offer ? He is asking for the same IP address to move to the DR in case of the failure of the primary node is that possible ?! From an networking point of view, Yes it is possible, and fairly easy. Setup 2 DCs with connection between them (direct or tunnels or both) - both using BGP, and announcing the IPs to the upstream ASes. The bigger issue will be with things like * dual active, quorums, fencing * database replication * application support of moving back and forth... Is this the correct solution for his requirements?Would a cloud provider make more sense for this scenario? These are all questions that can not simply be solved via a 2 min email. -- Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] DR location
Hii have a customer requesting to have a DR in another country (other than the primary one)What is the best solution to offer ? He is asking for the same IP address to move to the DR in case of the failure of the primary node is that possible ?! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Switchover
Hi Gert and thanks for the continuous helpThe case is we have ASR9K (acting as Internet peering router) , the new provider gave us SDH equipment (active and standby) , the first issue we ran into is that we want to have STM-16 interface on the ASR9K with APS feature as a backup , the only module supports this feature is 2-Port Channelized OC-12c/DS0 SPA which is STM-4 We wanted the 10G module (as we read that it can be configured to support STM-16 unless we are wrong) and it does not support APS feature for redundancy , got my case man? Thanks in advance ! Date: Mon, 16 Feb 2015 10:32:14 +0100 From: g...@greenie.muc.de To: gunner_...@live.com CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] L2 Switchover Hi, On Mon, Feb 16, 2015 at 11:28:39AM +0200, M K wrote: I practiced IP SLA and EEM before but my question is if he using only one subnet between him and me and the link went down physically , he will have to activate the backup SDH unit right ? so if the SDH does not support active/standby model what can I do from my side to minimize the downtime? got me ? I said before, my crystal ball is clouded. You're not exactly explaining the setup very well. If this is active/standby in SDH, you will not notice a failure and switchover, period. This is why SDH. If there are two links to your router, go with BFD (and then you'll need two independent transit links and some IGP to transport loopbacks anyway). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Switchover
Hi , I am just trying to do it from my side without depending on the providerBFD will work in my case without IGP running between me and the provider (as we are establishing the session on the connected subnet provided from his side)? Date: Mon, 16 Feb 2015 09:22:38 +0100 From: g...@greenie.muc.de To: gunner_...@live.com CC: mkkai...@gmail.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] L2 Switchover Hi, On Mon, Feb 16, 2015 at 09:10:10AM +0200, M K wrote: Thanks for the repliesI am establishing eBGP session with this provider , but because the distance is far , it will provide me through a hop (SDH) then will reach his router BFD (... and, in general, why are you not just asking your provider what they can offer?) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] L2 Switchover
HiI have ASR9k , I got a new connection from a provider through SDH (active , backup)How can I trace if I lost connectivity as there is L2 device in between and move the traffic over the backup link ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Switchover
Thanks for the repliesI am establishing eBGP session with this provider , but because the distance is far , it will provide me through a hop (SDH) then will reach his router Date: Sun, 15 Feb 2015 21:30:04 +0300 Subject: Re: [c-nsp] L2 Switchover From: mkkai...@gmail.com To: gunner_...@live.com CC: cisco-nsp@puck.nether.net In addition, can you explain what kind of L2 device you use in SDH? 15 Фев 2015 г. 21:07 пользователь Мурат Каипов mkkai...@gmail.com написал: Hello dear. Do you use some routing protocol? So, if you do, you have two choices. First, do nothing, and hello and dead timers does failover for you. Second, use BFD, and you will have subsecond failover. Best Regards. 15 Фев 2015 г. 18:03 пользователь M K gunner_...@live.com написал: HiI have ASR9k , I got a new connection from a provider through SDH (active , backup)How can I trace if I lost connectivity as there is L2 device in between and move the traffic over the backup link ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Storm-Control
I have ME3400 with one of the connections is configured as trunk and port-type nniI applied storm-control on the interface and service was degraded , when I make the port access everything is fine , is there any restriction on the trunk/access setup on the port? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Storm-Control
Hi I am configuring storm-control for broadcast and multicast trafficThe service is affected even on the unicast frames From: luky...@hotmail.com To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Storm-Control Date: Wed, 11 Feb 2015 12:52:51 +0100 I have ME3400 with one of the connections is configured as trunk and port-type nniI applied storm-control on the interface and service was degraded What exact storm-control configuration did you apply (there are many) and what exactly do you mean when you say the service degraded (was unicast traffic degraded or broadcast/multicast)? when I make the port access everything is fine , is there any restriction on the trunk/access setup on the port? No. But when you have bogus incoming broadcast traffic on an unused vlan, storm-control will start dropping broadcast on all Vlans, because there is no fairness within storm-control. It just starts dropping packets. Lukas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco IOS XR CGN
Hi allI have ASR9k running CGN NAT44 and I need to graph some outputsFirst , how to pull a specific output if it has no OID ? and Does Cisco has OIDs for ASR9k ISM ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Policing on 7613
Hi I have configured policy-map on SVI with a rate of 600M and I noticed that there was a drop and solwness on did not reach the configured vlaue , smaller vlaues works fine , is there anything extra has to be configured ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Policing on 7613
From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: Policing on 7613 Date: Sun, 1 Feb 2015 13:19:44 +0200 Hi I have configured policy-map on SVI with a rate of 600M and I noticed that there was a drop and solwness on did not reach the configured vlaue , smaller vlaues works fine , is there anything extra has to be configured ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS penetration testing
Hi allHave anyone tried tools for MPLS networks penetration testing? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS penetration testing
I have tried some tools like yersinia and kali for Layer 2 attacks , am trying to do the same for MPLS From: mark.ti...@seacom.mu To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS penetration testing Date: Tue, 9 Dec 2014 15:40:33 +0200 CC: gunner_...@live.com On Tuesday, December 09, 2014 03:07:33 PM M K wrote: Hi allHave anyone tried tools for MPLS networks penetration testing? What is MPLS penetration testing? Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS on E1
Does the E1 interface support MPLS ?Anyone tried E1 interface on GNS3 ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS VPN Overlap
Hi allI have the below topologyCE1 -- PE1 -- P -- PE2 -- CE2RIPv2 is the PE-CE routing protocol Now , I have configured two VRFs , one for each customer They are unable to communicate due to the route-target import values on both endsWhen I add the import value to each PE , they are able to communicateNow , what am trying to do is allowing one side to add the import value and allow one way communication , is that doable?I know the source IP address is not reachable as the import value are not allowing the update ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Switch Start-up
Hi all , I was testing some issues regarding the start-up configuration fileWhen I issued the command delete flash:config.text and reloaded the router , the start-up configuration gone , so the question is the start-up configuration is saved on NVRAM or flash? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco IOS XR EEM
Hi , I have the below EEM script and am trying to do it using IOS XR event manager applet SLA_OUT event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.2 get-type exact entry-op eq entry-val 1 exit-op eq exit-val 2 poll-interval 5 action 1.0 syslog msg Test action 1.1 cli command enable action 1.2 cli command configure terminal action 1.3 cli command ip route 0.0.0.0 0.0.0.0 192.168.13.3 action 1.4 syslog msg There is a problem on our Primary connection , move all the traffic to the Secondary Line event manager applet SLA_OK event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.2 get-type exact entry-op eq entry-val 2 exit-op eq exit-val 1 poll-interval 5 action 1.0 syslog msg OK action 1.1 cli command enable action 1.2 cli command configure terminal action 1.3 cli command no ip route 0.0.0.0 0.0.0.0 192.168.13.3 action 1.4 syslog msg Our Primary connection is functionin again , stop using the Secondary Line ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Global vs. VRF
In MPLS network if a router receives the same route from global and at the same time through a VRF , will there be a problem ? it will prefer one over the other ? we are using the same routing protocol Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Route Filtering
Hi I have two IOS XR boxes , am establishing iBGP relation based on their loopback 0 interfaces What am trying to do is to filter a route from being advertised RP/0/0/CPU0:XR2#sh bgp ipv4 unicast neighbors 10.10.10.10 advertised-routes Wed Jun 4 17:52:20.748 UTC NetworkNext HopFromAS Path 192.168.2.0/24 20.20.20.20 Local i 192.168.12.0/2420.20.20.20 192.168.202.2 4i 192.168.21.0/2420.20.20.20 Local i 192.168.22.0/2420.20.20.20 Local i 192.168.44.0/2420.20.20.20 192.168.202.2 4i 192.168.144.0/24 20.20.20.20 192.168.202.2 4i 192.168.202.0/24 20.20.20.20 Local i 192.168.222.0/24 20.20.20.20 Local i Processed 8 prefixes, 8 paths XR2 prefix-set R2Lo3 192.168.144.0/24 end-setroute-policy NOADV if source in R2Lo3 thendrop elsepass endifend-policy router bgp 1 neighbor 10.10.10.10 address-family ipv4 unicast route-policy NOADV out But the route is still being advertised What is the issue? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ISIS IOS and IOS XR
Hi all I am having issue establishing ISIS between IOS and IOS XR IOS R1#sh run int lo0 | inc ipv6 ipv6 address 2001::1/128 ipv6 router isis 1 R1#sh run int fas1/0 | inc ipv6 ipv6 address 2001:192:102::1/64 ipv6 router isis 1 router isis 1 net 49.0001...0001.00 is-type level-2-only metric-style wide IOS XR RP/0/0/CPU0:XR1#sh run router isis Tue Jun 3 12:00:23.223 UTC router isis 1 is-type level-2-only net 49.0001...0010.00 interface Loopback0 address-family ipv4 unicast address-family ipv6 unicast interface GigabitEthernet0/0/0/0 address-family ipv4 unicast address-family ipv6 unicast I tried without the metric-style wide on the IOS and the same , as well , I have configured on the IOS address-family ipv6 unicast under the router isis 1 process and the same , what am missing? R1#sh ipv6 route isis IPv6 Routing Table - default - 4 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISIS IOS and IOS XR
Thanks man ! From: oboeh...@cisco.com To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ISIS IOS and IOS XR Date: Tue, 3 Jun 2014 09:17:33 + -Original Message- From: M K gunner_...@live.com Date: Tuesday, 3 June 2014 11:03 To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] ISIS IOS and IOS XR Hi all I am having issue establishing ISIS between IOS and IOS XR IOS R1#sh run int lo0 | inc ipv6 ipv6 address 2001::1/128 ipv6 router isis 1 R1#sh run int fas1/0 | inc ipv6 ipv6 address 2001:192:102::1/64 ipv6 router isis 1 router isis 1 net 49.0001...0001.00 is-type level-2-only metric-style wide IOS XR RP/0/0/CPU0:XR1#sh run router isis Tue Jun 3 12:00:23.223 UTC router isis 1 is-type level-2-only net 49.0001...0010.00 interface Loopback0 address-family ipv4 unicast address-family ipv6 unicast interface GigabitEthernet0/0/0/0 address-family ipv4 unicast address-family ipv6 unicast I tried without the metric-style wide on the IOS and the same , as well , I have configured on the IOS address-family ipv6 unicast under the router isis 1 process and the same , what am missing? Please enable router isis 1 metric-style wide address-family ipv6 unicast multi-topology IOS-XR defaults to multi-topoloy when multiple AFs are used, but you need to enable it in IOS.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco IOS XR Redistribution
Hi all I have configured the following RP/0/0/CPU0:XR2#sh run int lo3 Thu May 29 14:47:34.482 UTC interface Loopback3 ipv4 address 192.168.200.20 255.255.255.0 ! RP/0/0/CPU0:XR2#sh run int lo4 Thu May 29 14:47:36.912 UTC interface Loopback4 ipv4 address 192.168.201.20 255.255.255.0 route-policy CONNECTED if source in (192.168.200.0/24, 192.168.201.0/24) then pass endif end-policy RP/0/0/CPU0:XR2(config)#router ospf 1 RP/0/0/CPU0:XR2(config-ospf)#redistribute connected route-policy CONNECTED Am getting the below error router ospf 1 redistribute connected route-policy CONNECTED !!% Could not find entry in list: Policy [CONNECTED] uses the 'source' attribute. There is no 'source' attribute at the ospf redistribution attach point. I tried it using a prefix-set but the same issue Thanks in advance BR, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS XR SLA and Track
Hi all I have the below configuration RP/0/0/CPU0:XR1#sh run ipsla Mon May 12 14:23:06.005 UTC ipsla operation 1 type icmp echo destination address 192.168.102.1 frequency 5 ! ! schedule operation 1 start-time now life forever RP/0/0/CPU0:XR1#sh ipsla statistics 1 Mon May 12 14:23:19.884 UTC Entry number: 1 Modification time: 11:41:50.248 UTC Mon May 12 2014 Start time : 11:41:50.268 UTC Mon May 12 2014 Number of operations attempted: 1935 Number of operations skipped : 3 Current seconds left in Life : Forever Operational state of entry: Active Operational frequency(seconds): 5 Connection loss occurred : FALSE Timeout occurred : FALSE Latest RTT (milliseconds) : 10 Latest operation start time : 14:23:15.504 UTC Mon May 12 2014 Next operation start time : 14:23:20.504 UTC Mon May 12 2014 Latest operation return code : OK RTT Values: RTTAvg : 10 RTTMin: 10 RTTMax : 10 NumOfRTT: 1 RTTSum: 10 RTTSum2: 100 It's working fine , now I have defined a track object RP/0/0/CPU0:XR1#sh run track Mon May 12 14:23:45.743 UTC track 10 type rtr 1 reachability Why am getting the IP SLA operation is not in progress RP/0/0/CPU0:XR1#sh track 10 Mon May 12 14:24:12.341 UTC Track 10 Response Time Reporter 1 reachability ipsla operation not in progress Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CsC IOS XR
Thanks a lot man , I forgot about it ! It worked well BR, From: darre...@outlook.com To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] CsC IOS XR Date: Mon, 5 May 2014 16:03:02 +0100 What does your MPLS config look like? You need /32 static routes on XR for labelled next-hops in certain cases as it's not automatic. In your topology, what is the customer PE and provider PEs? Does the XR box have a valid labelled next-hop to the correct PE? Thanks Darren http://www.mellowd.co.uk/ccie From: gunner_...@live.com To: cisco-nsp@puck.nether.net Date: Mon, 5 May 2014 16:53:04 +0300 Subject: [c-nsp] CsC IOS XR Hi all I am simulating CsC using Cisco IOS XR (on GNS3) The topology looks like below R5 -- R1 -- XR1 -- R2 -- R3 -- R4 -- R6 I am using BGP as the PE-CE routing protocol in order to achieve connectivity between R1 lo0 and R4 lo0 and it's done Now , I have configured OSPF as the routing protocol between R5 - R1 and R6 - R4 and I did all the redistribution RP/0/0/CPU0:XR1#sh run router bgp Mon May 5 14:48:47.261 UTC router bgp 1 address-family ipv4 unicast ! address-family vpnv4 unicast ! neighbor 3.3.3.3 remote-as 1 update-source Loopback0 address-family vpnv4 unicast ! ! vrf MSSK rd 100:1 address-family ipv4 unicast allocate-label all ! neighbor 192.168.102.1 remote-as 14 address-family ipv4 unicast route-policy PASS_CE in route-policy PASS_CE out as-override What am facing now is I even lost connectivity between R1 lo0 and R4 lo0 networks Am i missing something ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] CsC IOS XR
Hi all I am simulating CsC using Cisco IOS XR (on GNS3) The topology looks like below R5 -- R1 -- XR1 -- R2 -- R3 -- R4 -- R6 I am using BGP as the PE-CE routing protocol in order to achieve connectivity between R1 lo0 and R4 lo0 and it's done Now , I have configured OSPF as the routing protocol between R5 - R1 and R6 - R4 and I did all the redistribution RP/0/0/CPU0:XR1#sh run router bgp Mon May 5 14:48:47.261 UTC router bgp 1 address-family ipv4 unicast ! address-family vpnv4 unicast ! neighbor 3.3.3.3 remote-as 1 update-source Loopback0 address-family vpnv4 unicast ! ! vrf MSSK rd 100:1 address-family ipv4 unicast allocate-label all ! neighbor 192.168.102.1 remote-as 14 address-family ipv4 unicast route-policy PASS_CE in route-policy PASS_CE out as-override What am facing now is I even lost connectivity between R1 lo0 and R4 lo0 networks Am i missing something ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP Authentication on IOS XR
Hi and sorry for the late reply I have tried it and did not work the relation kept down BR, From: oboeh...@cisco.com To: gunner_...@live.com; alum...@gmail.com CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] EIGRP Authentication on IOS XR Date: Wed, 23 Apr 2014 21:40:00 + can you add send-lifetime .. to the key? It might not be active without it.. key chain KEY key 1 key-string password cisco cryptographic-algorithm md5 send-lifetime 01:01:00 january 01 2014 infinite -Original Message- From: M K gunner_...@live.com Date: Wednesday, 23 April 2014 16:49 To: Pete Lumbis alum...@gmail.com Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: Re: [c-nsp] EIGRP Authentication on IOS XR No , the only option under the interface is authentication keychain command The cryptographic-algorithm MD5 command is under the key chain command , I have tried it but did not work for me ! Date: Tue, 22 Apr 2014 13:16:14 -0400 Subject: Re: [c-nsp] EIGRP Authentication on IOS XR From: alum...@gmail.com To: gunner_...@live.com CC: cisco-nsp@puck.nether.net I think the next line after authentication keychain is cryptographic-algorithm MD5 On Tue, Apr 22, 2014 at 10:55 AM, M K gunner_...@live.com wrote: Hi all I am facing an issue when configuring EIGRP authentication between IOS and IOS XR R1#sh run | sec key chain key chain KEY key 1 key-string cisco R1#sh run int f0/0 | inc authen ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 KEY RP/0/0/CPU0:XR1#sh run key chain Tue Apr 22 17:54:14.480 UTC key chain KEY key 1 key-string password cisco router eigrp EIGRP_PROCESS address-family ipv4 autonomous-system 1 interface Loopback0 ! interface GigabitEthernet0/0/0/0 authentication keychain KEY Under the interface GigabitEthernet0/0/0/0 located under the EIGRP process , I did not find an option for choosing MD5 Any ideas? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP Authentication on IOS XR
No , the only option under the interface is authentication keychain command The cryptographic-algorithm MD5 command is under the key chain command , I have tried it but did not work for me ! Date: Tue, 22 Apr 2014 13:16:14 -0400 Subject: Re: [c-nsp] EIGRP Authentication on IOS XR From: alum...@gmail.com To: gunner_...@live.com CC: cisco-nsp@puck.nether.net I think the next line after authentication keychain is cryptographic-algorithm MD5 On Tue, Apr 22, 2014 at 10:55 AM, M K gunner_...@live.com wrote: Hi all I am facing an issue when configuring EIGRP authentication between IOS and IOS XR R1#sh run | sec key chain key chain KEY key 1 key-string cisco R1#sh run int f0/0 | inc authen ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 KEY RP/0/0/CPU0:XR1#sh run key chain Tue Apr 22 17:54:14.480 UTC key chain KEY key 1 key-string password cisco router eigrp EIGRP_PROCESS address-family ipv4 autonomous-system 1 interface Loopback0 ! interface GigabitEthernet0/0/0/0 authentication keychain KEY Under the interface GigabitEthernet0/0/0/0 located under the EIGRP process , I did not find an option for choosing MD5 Any ideas? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EIGRP Authentication on IOS XR
Hi all I am facing an issue when configuring EIGRP authentication between IOS and IOS XR R1#sh run | sec key chain key chain KEY key 1 key-string cisco R1#sh run int f0/0 | inc authen ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 KEY RP/0/0/CPU0:XR1#sh run key chain Tue Apr 22 17:54:14.480 UTC key chain KEY key 1 key-string password cisco router eigrp EIGRP_PROCESS address-family ipv4 autonomous-system 1 interface Loopback0 ! interface GigabitEthernet0/0/0/0 authentication keychain KEY Under the interface GigabitEthernet0/0/0/0 located under the EIGRP process , I did not find an option for choosing MD5 Any ideas? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ERSPAN
Can ERSPAN be simulated on GNS3 with virtual machines ?is there any router model like 7200 that can support ? Thanks From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: ERSPAN Date: Sat, 29 Mar 2014 01:09:10 +0300 Hi AllI was looking into the Cisco software advisor looking for the ERSPAN on the 3560 model , but did not find the keywordis the feature supported ? what is the minimum ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ERSPAN
Hi AllI was looking into the Cisco software advisor looking for the ERSPAN on the 3560 model , but did not find the keywordis the feature supported ? what is the minimum ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Layer 7 NAT
Is there what so called Layer 7 NAT ?I know layer 3 and Layer 4 (PAT) ! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] mac access-list
Hi I have two hosts connected to vlan 10 on the same switchI want to prevent the communication between the two hostsI have tried using vlan access-map and it functioned wellBut when I configure mac access-list it did notmac access-list extended MCLdeny any host ..interface fas0/0mac access-group MCL in Am i missing something ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Event Manager Script
Thanks all for the kind replies , I will make another test and feed you back BR, Date: Wed, 5 Mar 2014 02:05:17 -0800 From: monito...@yahoo.com Subject: Re: [c-nsp] Event Manager Script To: oboeh...@cisco.com; gunner_...@live.com; cisco-nsp@puck.nether.net HiTry with 120 seconds delay. Also use environment variable to depicting to get email whensoever event triggers.Ami On Wednesday, March 5, 2014 10:01 AM, Oliver Boehmer (oboehmer) oboeh...@cisco.com wrote: can you just remove the action 2.0 reload from the script for the test so the router just spits out the syslog and then send the logs?I noticed that the maximum delay down value accepted by the parser is 180 (3 minutes), maybe it didn't accept the command when you pasted it? I just tested this (with 60 sec delay), and it seems to work fine (debug track enabled):router(config)#Mar 5 09:53:14.230: Track: 99 Down change delayed for 60 secsMar 5 09:54:14.231: Track: 99 Down change delay expiredMar 5 09:54:14.231: Track: 99 Change #3 ip sla 99, reachability Up-DownMar 5 09:54:14.231: %TRACKING-5-STATE: 99 ip sla 99 reachability Up-DownMar 5 09:54:14.239: %HA_EM-6-LOG: reload-if-down: Reloading the router due to unreachabilityand as EEM only triggers on up-down transition, it only takes action when the probe was up at least once. so this is good..oliFrom: M K gunner_...@live.commailto:gunner_...@live.comDate: Wednesday, 5 March 2014 09:26To: Oliver Boehmer oboeh...@cisco.commailto:oboeh...@cisco.com, cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.netSubject: RE: [c-nsp] Event Manager ScriptHi , thanks and sorry for the late replyI am facing some issues with the script , when the IP SLA is down , the router did not wait for the 5 minutes , it reloaded directly From: oboeh...@cisco.commailto:oboeh...@cisco.com To: gunner_...@live.commailto:gunner_...@live.com; cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Event Manager Script Date: Sun, 2 Mar 2014 12:33:34 + Hi allI am trying to do a event manager script that will do the below and need some assistanceI want to ping to a specific destination and if th! e ping request timed out for a period of for example 5 minutes , the router should be reloaded not sure whether this is a good idea or not (the router could reload forever), here is a way to achieve the goal: ip sla 1 icmp-echo destination-addr frequency 20 ip sla schedule 1 life forever start-time now ! track 1 ip sla 1 reachability delay down 300 ! event manager applet reload-if-down event track 1 state down action 1.0 syslog msg Reloading the router due to unreachability action 2.0 reload hope this helps.. oli___cisco-nsp mailing list cisco-nsp@puck.nether.nethttps://puck.nether.net/mailman/listinfo/cisco-nsparchive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Private Vlans
Hi allI have configured private vlans on one switch and all is working as expectedNow , I have connected another switch and placed one of the community Vlan hosts to the second switchMy question is from the second switch the promiscuous port will be the trunk port or there is additional configuration I should add? Thanks BR, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Private Vlans
The private Vlans configuration is replicated , but when I tried to ping between the community clients it was not successfulThe issue for me is where to place the promiscuous port? knowing that it's configured on SW1 in the first manner From: sjeyamur...@gmail.com Date: Wed, 12 Mar 2014 15:22:00 + Subject: Re: [c-nsp] Private Vlans To: gunner_...@live.com CC: cisco-nsp@puck.nether.net You need to replicate the private vlan to the second switch. Jey S. Network Engineer CCIE #41608 Sent from my iPhone On 12 Mar 2014, at 15:16, M K gunner_...@live.com wrote: Hi allI have configured private vlans on one switch and all is working as expectedNow , I have connected another switch and placed one of the community Vlan hosts to the second switchMy question is from the second switch the promiscuous port will be the trunk port or there is additional configuration I should add? Thanks BR, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Event Manager Script
Hi , thanks and sorry for the late replyI am facing some issues with the script , when the IP SLA is down , the router did not wait for the 5 minutes , it reloaded directly From: oboeh...@cisco.com To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Event Manager Script Date: Sun, 2 Mar 2014 12:33:34 + Hi allI am trying to do a event manager script that will do the below and need some assistanceI want to ping to a specific destination and if the ping request timed out for a period of for example 5 minutes , the router should be reloaded not sure whether this is a good idea or not (the router could reload forever), here is a way to achieve the goal: ip sla 1 icmp-echo destination-addr frequency 20 ip sla schedule 1 life forever start-time now ! track 1 ip sla 1 reachability delay down 300 ! event manager applet reload-if-down event track 1 state down action 1.0 syslog msg Reloading the router due to unreachability action 2.0 reload hope this helps.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Event Manager Script
Hi allI am trying to do a event manager script that will do the below and need some assistanceI want to ping to a specific destination and if the ping request timed out for a period of for example 5 minutes , the router should be reloaded Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoE Session
Hi allCan I control the session timeout via CLI ? i.e. I want each PPPoE session to be disconnected automatically after for example 24 hours? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoE Session
Thanks for the replyU mean the timeout absolute 1400 0 , for example for 24 hours it should be 1440 ? BR, From: c...@marenda.net To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: AW: [c-nsp] PPPoE Session Date: Sun, 2 Feb 2014 12:43:50 +0100 Hi all Can I control the session timeout via CLI ? i.e. I want each PPPoE session to be disconnected automatically after for example 24 hours? Yes We Can: ! int dialer 3 ! ... encapsulation ppp dialer pool 2 dialer-group 1 dialer idle-timeout 0 dialer persistent no cdp enable keepalive 30 ppp authentication chap ... ppp chap ... ! ... ! timeout absolute 1400 0 ! ! On the central side, You can put it into an interface virtual-template or set it thru AAA (radiator can calculate the value to fix the automatic disconnection to a given time. Hope this help's, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] LLD Document Templates
Hi allCan anyone share good LLD documents template? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] DHCPv6
Hi I am trying to configure DHCPv6 , i am using c7200-adventerprisek9-mz.152-4.S2When I configure the server I found all the commands But when I configure the client I cannot find the command ipv6 address dhcp from interface configuration mode ?I enabled ipv6 unicast-routing ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DHCPv6
Thanks , I was wondering because i was following the configuration in the below documenthttps://supportforums.cisco.com/docs/DOC-27714#Client_Configuration From: sjeyamur...@gmail.com Date: Sat, 4 Jan 2014 13:03:39 + Subject: Re: [c-nsp] DHCPv6 To: gunner_...@live.com CC: cisco-nsp@puck.nether.net You have to use : Ipv6 address autoconfig Jey S. Network Engineer CCIE #41608 Sent from my iPhone On 4 Jan 2014, at 12:17, M K gunner_...@live.com wrote: Hi I am trying to configure DHCPv6 , i am using c7200-adventerprisek9-mz.152-4.S2When I configure the server I found all the commands But when I configure the client I cannot find the command ipv6 address dhcp from interface configuration mode ?I enabled ipv6 unicast-routing ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DHCPv6
Yes I am aware of the ND and EUI-64 methods , but i want to implement this methodI have configured the below R1ipv6 dhcp pool POOL address prefix 2001:192:12::/64 domain-name cisco.com interface FastEthernet1/0 ipv6 address 2001:192:12::1/64 ipv6 dhcp server POOL R2interface FastEthernet1/0 ipv6 address autoconfig R2#sh ipv6 int bri FastEthernet0/0[administratively down/down] unassignedFastEthernet1/0[up/up]FE80::C801:71FF:FE4A:1C 2001:192:12:0:C801:71FF:FE4A:1CFastEthernet1/1[administratively down/down]unassigned Now , I can reach this IPv6 address but the binding is not thereR1#sh ipv6 dhcp binding R1# Even though i can also activate routing based on these addressesFrom: sjeyamur...@gmail.com Date: Sat, 4 Jan 2014 20:36:07 + Subject: Re: [c-nsp] DHCPv6 To: gunner_...@live.com CC: cisco-nsp@puck.nether.net Well in IPv6 you make use of ND to achieve this and stateless autoconfig There are different methods to autoconfig in IPv6 you may want to research this, like EUI-64 which makes use of the end systems mac address. Jey S.Network EngineerCCIE #41608 Sent from my iPhone On 4 Jan 2014, at 19:49, M K gunner_...@live.com wrote: Thanks , I was wondering because i was following the configuration in the below documenthttps://supportforums.cisco.com/docs/DOC-27714#Client_Configuration From: sjeyamur...@gmail.com Date: Sat, 4 Jan 2014 13:03:39 + Subject: Re: [c-nsp] DHCPv6 To: gunner_...@live.com CC: cisco-nsp@puck.nether.net You have to use : Ipv6 address autoconfig Jey S. Network Engineer CCIE #41608 Sent from my iPhone On 4 Jan 2014, at 12:17, M K gunner_...@live.com wrote: Hi I am trying to configure DHCPv6 , i am using c7200-adventerprisek9-mz.152-4.S2When I configure the server I found all the commands But when I configure the client I cannot find the command ipv6 address dhcp from interface configuration mode ?I enabled ipv6 unicast-routing ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DHCPv6
HiYes , It's clear for me now , can you provide how to set the managed bit in the RA messages?I have configured the belowR1int f1/0ipv6 nd other-config-flag And from R2 (the client) I can see that I can get the DNS and domain name configured in the DHCP pool R2#sh ipv6 dhcp interface fastEthernet 1/0FastEthernet1/0 is in client mode State is IDLE List of known servers:Reachable via address: FE80::C800:71FF:FE4A:1CDUID: 00030001CA00714APreference: 0 Configuration parameters: DNS server: 1::1 Domain name: cisco.com Rapid-Commit: disabled Date: Sat, 4 Jan 2014 23:12:59 +0200 Subject: Re: [c-nsp] DHCPv6 From: eu...@imacandi.net To: gunner_...@live.com CC: sjeyamur...@gmail.com; cisco-nsp@puck.nether.net On Sat, Jan 4, 2014 at 10:52 PM, M K gunner_...@live.com wrote: Yes I am aware of the ND and EUI-64 methods , but i want to implement this methodI have configured the below R1ipv6 dhcp pool POOL address prefix 2001:192:12::/64 domain-name cisco.com interface FastEthernet1/0 ipv6 address 2001:192:12::1/64 ipv6 dhcp server POOL R2interface FastEthernet1/0 ipv6 address autoconfig R2#sh ipv6 int bri FastEthernet0/0[administratively down/down] unassignedFastEthernet1/0[up/up]FE80::C801:71FF:FE4A:1C 2001:192:12:0:C801:71FF:FE4A:1CFastEthernet1/1[administratively down/down]unassigned Now , I can reach this IPv6 address but the binding is not thereR1#sh ipv6 dhcp binding R1# Even though i can also activate routing based on these addressesFrom: sjeyamur...@gmail.com Once you enable RA on the router all IPv6 capable clients will get an IP address from the network you are advertising. DHCP in the context of IPv6 (except for PD) is only used if you want to set the client DNS automatically, but in order for the client to go to the DHCP server you need to set the managed bit to the RA messages. Hope this clears things a bit. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EIGRP Load Balance
HiI have two routers connected to each other via two serial connections I have two subnets on R1 : 192.168.0.0/24 and 192.168.1.0/24192.168.0.0/24 is used for Data and 192.168.1.0/24 is used for VoiceNow , I want to use the first connection for the Data traffic , and the other connection for Voice trafficAs well , I want to use the second link as backup for the first link if the Data traffic is down and vice versa for the voice trafficI am thinking of summerization on the second link , but my question should i implement one AS or more ? I do not want to use IP SLA and EEM , just EIGRP itself Any ideas are appreciated? BR, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP Load Balance
I have two links and i will run single AS Now , the subnet 192.168.0.0/24 for example will traverse which physical link in this case? (before applying any offset-lists) From: sjeyamur...@gmail.com Date: Thu, 19 Dec 2013 08:42:10 -0500 Subject: Re: [c-nsp] EIGRP Load Balance To: gunner_...@live.com CC: cisco-nsp@puck.nether.net 2 AS would not do the job if its connected routes, only if you learn the destination via EIGRP, the 2 AS solution will work. Jey S. Network Engineer Sent from my iPhone On 19 Dec 2013, at 08:07, M K gunner_...@live.com wrote: HiI have two routers connected to each other via two serial connections I have two subnets on R1 : 192.168.0.0/24 and 192.168.1.0/24192.168.0.0/24 is used for Data and 192.168.1.0/24 is used for VoiceNow , I want to use the first connection for the Data traffic , and the other connection for Voice trafficAs well , I want to use the second link as backup for the first link if the Data traffic is down and vice versa for the voice trafficI am thinking of summerization on the second link , but my question should i implement one AS or more ? I do not want to use IP SLA and EEM , just EIGRP itself Any ideas are appreciated? BR, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EIGRP offset-list
Hi allI was working with named eigrp configuration , i was trying to apply offset-list for a route i learned through ospf which was redistributed into eigrp The issue i was facing is that when i set the offset to 1000 , the metric increased by 7 , 2000 it increased by 15 , 3000 by 23why? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF Conditional Inject
Hi I was working on a setup to test the OSPF conditional injection of a default routeIt worked me fine for Serial connection , but for Ethernet media it did not why ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Conditional Inject
Hi Oliver :)My config is so simpleR1 - R2 - R3 R2 is configured with a static route pointing to R1 (external network)ip route 0.0.0.0 0.0.0.0 192.168.12.1I configured an access-list matches the link between R1 and R2R2access-list 1 permit 192.168.12.0 0.0.0.255route-map MAP permit 10match ip address 1 router ospf default-information originate always route-map MAP Now , when I turn off the interface from R1 side , R3 no longer receives the default route when I used a serial connectionWhen I used Ethernet , the default route still appears on R3 routing table I can use another way such as EEM but I want to understand this behavior BR, From: oboeh...@cisco.com To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF Conditional Inject Date: Tue, 3 Dec 2013 06:36:39 + Hi I was working on a setup to test the OSPF conditional injection of a default routeIt worked me fine for Serial connection , but for Ethernet media it did not why ? because you didn't share the config? ;-) oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EIGRP Variance
Hi I have two unequal cost paths to reach a specific destinationI configured variance and the two routes are installed in the routing tableHow can I use the low cost always with keeping the other one installed in the routing table ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP Variance
Hi RandyI know what the variance command does and know how to manipulate I was challenged to do what I asked without using any filtering or touch the variance command configured Date: Fri, 29 Nov 2013 14:35:22 -0800 From: randy_94...@yahoo.com Subject: Re: [c-nsp] EIGRP Variance To: gunner_...@live.com; cisco-nsp@puck.nether.net - Original Message - From: M K gunner_...@live.com To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Cc: Sent: Friday, November 29, 2013 1:55 PM Subject: [c-nsp] EIGRP Variance Hi I have two unequal cost paths to reach a specific destinationI configured variance and the two routes are installed in the routing tableHow can I use the low cost always with keeping the other one installed in the routing table ? If I understand you correctly: You have enabled unequal-cost load sharing via variance but *don't wish* to load share. Does that make any sense to you? Disable variance, lowest cost path will be in rib and EIGRP topology db will have both - tweak delay if needed so the *other* exists as a feasibel successor. ./Randy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EIGRP Backdoor
Hi I have the below topologyR1 -- R2||R3 -- R4 I have configure MPLS L3VPN with R1 and R2 are my PE routersThe PE-CE routing protocol is EIGRP AS 100All links are Serial connectionsNow , I have configured vrf sitemap with bgp extcommunity soo equals to 100:1 (the same defined in the VRF definition for both import and export)Now , should I see R4 lo0 through the MPLS cloud ? or am missing something ? R3#sh ip route eigrp 4.0.0.0/32 is subnetted, 1 subnetsD4.4.4.4 [90/2297856] via 192.1.34.4, 00:19:19, Serial1/1 192.1.24.0/24 is variably subnetted, 2 subnets, 2 masksD192.1.24.0/24 [90/2681856] via 192.1.34.4, 00:19:19, Serial1/1D192.1.24.2/32 [90/2681856] via 192.1.34.4, 00:19:10, Serial1/1 R4#sh ip route eigrp 3.0.0.0/32 is subnetted, 1 subnetsD3.3.3.3 [90/2297856] via 192.1.34.3, 00:19:30, Serial1/1 192.1.13.0/24 is variably subnetted, 2 subnets, 2 masksD192.1.13.0/24 [90/2681856] via 192.1.34.3, 00:19:30, Serial1/1D192.1.13.1/32 [90/2681856] via 192.1.34.3, 00:19:30, Serial1/1 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Etherchannel Issue
I have Cisco CISCO7606-S (R7000) with 48 SFM-capable 48 port 10/100/1000mb RJ45 moduleNow , I have 5 ports connected to my WiMAX ASN gateway via two vlans one to the access side and the other one connected to the core sideThe issue am facing now is some of the ports are into errdisable state by itself Module diagnostics output 3 Pass Group Port-channel Protocol Ports--+-+---+---10 Po10(SU) -Gi3/3(D)Gi3/11(D) Gi3/19(D) Gi3/27(P) Gi3/35(P) 20 Po20(SU) - Gi3/4(D)Gi3/12(D) Gi3/20(D)Gi3/28(P) Gi3/36(P) CR2.KJ-Building#sh int Gi3/3 | inc lineGigabitEthernet3/3 is down, line protocol is down (err-disabled) interface GigabitEthernet3/3 description ASN LBPA0 C6 P5 (Po10) (CORE_VLAN) switchport switchport access vlan 10 switchport mode access no logging event link-status load-interval 30 speed 1000 duplex full flowcontrol receive on flowcontrol send on channel-group 10 mode on CR2.KJ-Building#sh run int vlan 10Building configuration... Current configuration : 242 bytes!interface Vlan10 description CORE VLAN ip address 10.40.2.3 255.255.255.240 no ip redirects no ip unreachables load-interval 30 standby 10 ip 10.40.2.1 standby 10 priority 120 standby 10 preempt standby 10 name CORE_VLAN_HSRP The configuration for the physical port is identical for all ports , no log messages give a clue that there is a problemNow , if i enabled those interfaces again , I lose the device until I restart the module again No spanning-tree issues were noticed , I have checked everything ! What could cause this? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPSEC and NAT
What happened is that when I establish the IPSEC it works fine , then when I start the NAT traffic the IPSEC get lostThe issue was with the overload keyword in the NAT statement and now it's working fine BR, Date: Mon, 11 Nov 2013 20:08:16 -0500 Subject: Re: [c-nsp] IPSEC and NAT From: emcca...@gmail.com To: gunner_...@live.com CC: cisco-nsp@puck.nether.net Are you saying the actual IPSec peer is lost or simply the hosts become unreachable? Could you give us a few show commands? E #21508 Regards, Ernest McCaleb On Mon, Nov 11, 2013 at 4:35 AM, M K gunner_...@live.com wrote: The IPSEC is working fine , once I activate the NAT , i lose the IPSEC with unreachable response to ICMP traffic The weird thing is that I am configuring the access-lists properly , what could be the issue ? From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: IPSEC and NAT Date: Thu, 7 Nov 2013 13:36:19 +0200 Hi all I have the below setup R1 - R2 - R3 - R4 R1 and R4 has loopback interfaces that needs to communicate via IPSEC established between R1 and R4 R2 and R3 has EBGP relation The IPSEC is working fine When I configure a loopback interface on R2 and R3 and advertise it in BGP in order for the NAT to work , the NAT works but I loses the IPSEC connectivity R1 hostname R1 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.34.4 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.34.4 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.1.1 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.12.1 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.1.1 212.118.1.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.12.2 ip access-list extended NAT_ACL deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 R2 hostname R2 interface Loopback0 ip address 212.118.2.2 255.255.255.255 interface Serial1/0 ip address 212.118.12.2 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.2 255.255.255.0 encapsulation ppp no shut router bgp 2 bgp log-neighbor-changes network 212.118.12.0 neighbor 212.118.23.3 remote-as 3 ip route 212.118.1.0 255.255.255.248 ser1/0 R3 hostname R3 interface Loopback0 ip address 212.118.3.3 255.255.255.255 interface Serial1/0 ip address 212.118.34.3 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.3 255.255.255.0 encapsulation ppp no shut router bgp 3 bgp log-neighbor-changes network 212.118.34.0 neighbor 212.118.23.2 remote-as 2 ip route 212.118.4.0 255.255.255.248 Ser1/0 R4 hostname R4 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.12.1 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.12.1 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.4.4 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.34.4 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.4.1 212.118.4.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.34.3 ip access-list extended NAT_ACL deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 192.168.4.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 What I configure on R2 and R3 is 212.118.2.2/32 and 212.118.3.3/32 respectively , what should i do in order for both IPSEC and NAT to work ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPSEC and NAT
The IPSEC is working fine , once I activate the NAT , i lose the IPSEC with unreachable response to ICMP traffic The weird thing is that I am configuring the access-lists properly , what could be the issue ? From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: IPSEC and NAT Date: Thu, 7 Nov 2013 13:36:19 +0200 Hi all I have the below setup R1 - R2 - R3 - R4 R1 and R4 has loopback interfaces that needs to communicate via IPSEC established between R1 and R4 R2 and R3 has EBGP relation The IPSEC is working fine When I configure a loopback interface on R2 and R3 and advertise it in BGP in order for the NAT to work , the NAT works but I loses the IPSEC connectivity R1 hostname R1 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.34.4 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.34.4 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.1.1 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.12.1 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.1.1 212.118.1.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.12.2 ip access-list extended NAT_ACL deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 R2 hostname R2 interface Loopback0 ip address 212.118.2.2 255.255.255.255 interface Serial1/0 ip address 212.118.12.2 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.2 255.255.255.0 encapsulation ppp no shut router bgp 2 bgp log-neighbor-changes network 212.118.12.0 neighbor 212.118.23.3 remote-as 3 ip route 212.118.1.0 255.255.255.248 ser1/0 R3 hostname R3 interface Loopback0 ip address 212.118.3.3 255.255.255.255 interface Serial1/0 ip address 212.118.34.3 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.3 255.255.255.0 encapsulation ppp no shut router bgp 3 bgp log-neighbor-changes network 212.118.34.0 neighbor 212.118.23.2 remote-as 2 ip route 212.118.4.0 255.255.255.248 Ser1/0 R4 hostname R4 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.12.1 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.12.1 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.4.4 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.34.4 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.4.1 212.118.4.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.34.3 ip access-list extended NAT_ACL deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 192.168.4.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 What I configure on R2 and R3 is 212.118.2.2/32 and 212.118.3.3/32 respectively , what should i do in order for both IPSEC and NAT to work ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Spanning-tree ports cost Formula
Thanks for the replies , I just wanted to know how these values were extracted or if there was a specific formula like the one used for EIGRP metric or OSPF cost BR, Date: Sat, 9 Nov 2013 21:09:22 + From: a.l.m.bu...@lboro.ac.uk To: eng_m...@hotmail.com CC: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Spanning-tree ports cost Formula Hi, I think what he is asking for is how try the values were extracted they are just default values for different interface types. I dont recall there being any formula (unlike eg OSPF/EIGRP calculations on links). cant recall if its CCNA or CCNP SWITCH level stuff: Spanning tree port cost (configurable on a per-interface basis—used on interfaces configured as Layer 2 access ports) •10-Gigabit Ethernet: 2 •Gigabit Ethernet: 4 •Fast Ethernet: 19 obviously this is of interest to those doing 10Gb links... 40Gb and 100Gb only appear to have '1' to share ;-) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Spanning-tree ports cost Formula
What is the formula to assign a value of 19 to FE interfaces and other values to other interfaces? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EtherChannel Mac-address
HiWhat will be the Mac-address of an etherchannel ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] DHCP Server
Hi , If i have multiple DHCP pools configured on a router , how can I control the client from which pool it should be assigned an IP address? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DHCP Server
Thanks for the reply From: aa...@westfield.ma.edu To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] DHCP Server Date: Fri, 8 Nov 2013 20:56:50 + Hi MK, You configure that in the pool. For example: ip dhcp pool pc's network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 1.2.3.4 Etc... ip dhcp pool access-points network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 1.2.3.4 Etc... Inter vlan 10 Desc PCs Ip address 192.168.1.1 255.255.255.0 Etc... Inter vlan 20 Desc access-points Ip address 192.168.2.1 255.255.255.0 Etc Have a good day, Aaron Aaron Childs, CCNA Associate Director, Networking Information Technology www.westfield.ma.edu/it Please Note: new e-mail address - aa...@westfield.ma.edu -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of M K Sent: Friday, November 08, 2013 3:45 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] DHCP Server Hi , If i have multiple DHCP pools configured on a router , how can I control the client from which pool it should be assigned an IP address? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPSEC and NAT
Hi all I have the below setup R1 - R2 - R3 - R4 R1 and R4 has loopback interfaces that needs to communicate via IPSEC established between R1 and R4 R2 and R3 has EBGP relation The IPSEC is working fine When I configure a loopback interface on R2 and R3 and advertise it in BGP in order for the NAT to work , the NAT works but I loses the IPSEC connectivity R1 hostname R1 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.34.4 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.34.4 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.1.1 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.12.1 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.1.1 212.118.1.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.12.2 ip access-list extended NAT_ACL deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 R2 hostname R2 interface Loopback0 ip address 212.118.2.2 255.255.255.255 interface Serial1/0 ip address 212.118.12.2 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.2 255.255.255.0 encapsulation ppp no shut router bgp 2 bgp log-neighbor-changes network 212.118.12.0 neighbor 212.118.23.3 remote-as 3 ip route 212.118.1.0 255.255.255.248 ser1/0 R3 hostname R3 interface Loopback0 ip address 212.118.3.3 255.255.255.255 interface Serial1/0 ip address 212.118.34.3 255.255.255.0 encapsulation ppp no shut interface Serial1/1 ip address 212.118.23.3 255.255.255.0 encapsulation ppp no shut router bgp 3 bgp log-neighbor-changes network 212.118.34.0 neighbor 212.118.23.2 remote-as 2 ip route 212.118.4.0 255.255.255.248 Ser1/0 R4 hostname R4 crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key cisco address 212.118.12.1 crypto ipsec transform-set SET esp-3des esp-sha-hmac crypto map MAP 10 ipsec-isakmp set peer 212.118.12.1 set transform-set SET match address VPN_ACL interface Loopback0 ip address 192.168.4.4 255.255.255.0 ip nat inside interface Serial1/0 ip address 212.118.34.4 255.255.255.0 ip nat outside encapsulation ppp serial restart-delay 0 crypto map MAP no shut ip nat pool NAT_POOL 212.118.4.1 212.118.4.6 prefix-length 29 ip nat inside source list NAT_ACL pool NAT_POOL ip route 0.0.0.0 0.0.0.0 212.118.34.3 ip access-list extended NAT_ACL deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip 192.168.4.0 0.0.0.255 any ip access-list extended VPN_ACL permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 What I configure on R2 and R3 is 212.118.2.2/32 and 212.118.3.3/32 respectively , what should i do in order for both IPSEC and NAT to work ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange IP address
Hi , Thanks for the replyI usually disable the default IPv4 behavior of BGP peering establishment using no bgp default ipv4-unicast and never faced this , but I faced it when I configured directly Thanks again for the replies BR, From: hrit...@cisco.com To: gunner_...@live.com CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Strange IP address Date: Sun, 3 Nov 2013 23:51:51 + Hi, There¹s at least two alternatives you can use. You either need to use a route-map under AF ipv4 to change the next-hop explicitly for the ipv4 prefixes or you can run a separate session for v4 ad v6 prefixes respectively. The latter is generally recommended. Regards Harold Le 2013-11-03 08:54, « M K » gunner_...@live.com a écrit : Hi Sander and thanks for the replyI actually converted the numbers into hexadecimal , and am running dual stacked network IPv4 and IPv6but how am going to block this IP address from appearing in the show ip bgp output ? Thanks again Subject: Re: [c-nsp] Strange IP address From: san...@steffann.nl Date: Sun, 3 Nov 2013 14:35:07 +0100 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com Hi, Hi all I was working on a test LAB on GNS3 , the Lab contains both IPv4 and IPv6 with different routing protocolsThe starnge issue is that when I issue the show ip bgp on one of the routers I find the IP address 32.1.1.146 as a next-hopdid anyone face this before ? Can you show your config? I suspect you are sending IPv6 routes to an IPv4 BGP neighbour or vice versa. Converting your IPv4 address to hex: - 32 = 0x20 - 1 = 0x01 - 1 = 0x01 - 146 = 0x92 It wouldn't surprise me if one of your IPv6 addresses starts with 2001:0192: (which would be in the IANA reserved block for protocol assignments) Cheers, Sander ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange IP address
Hi all I was working on a test LAB on GNS3 , the Lab contains both IPv4 and IPv6 with different routing protocolsThe starnge issue is that when I issue the show ip bgp on one of the routers I find the IP address 32.1.1.146 as a next-hopdid anyone face this before ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange IP address
Hi Sander and thanks for the replyI actually converted the numbers into hexadecimal , and am running dual stacked network IPv4 and IPv6but how am going to block this IP address from appearing in the show ip bgp output ? Thanks again Subject: Re: [c-nsp] Strange IP address From: san...@steffann.nl Date: Sun, 3 Nov 2013 14:35:07 +0100 CC: cisco-nsp@puck.nether.net To: gunner_...@live.com Hi, Hi all I was working on a test LAB on GNS3 , the Lab contains both IPv4 and IPv6 with different routing protocolsThe starnge issue is that when I issue the show ip bgp on one of the routers I find the IP address 32.1.1.146 as a next-hopdid anyone face this before ? Can you show your config? I suspect you are sending IPv6 routes to an IPv4 BGP neighbour or vice versa. Converting your IPv4 address to hex: - 32 = 0x20 - 1 = 0x01 - 1 = 0x01 - 146 = 0x92 It wouldn't surprise me if one of your IPv6 addresses starts with 2001:0192: (which would be in the IANA reserved block for protocol assignments) Cheers, Sander ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Question
Hi allI have a prefix that is originated let us say in AS 300 and the route is installed in the routing table normallyR1 (the router that receives the route) has an iBGP relation with R2Can I influence the origin of this prefix and advertise it to R2 ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Over FR
Thanks all for the kind repliesAnd sorry for the posts but am using chrome and usual web Hotmail interface and don't know if there is extra thing i can do to make my posts readable :) From: c...@marenda.net To: gunner_...@live.com; cisco-nsp@puck.nether.net Subject: AW: [c-nsp] OSPF Over FR Date: Sun, 6 Oct 2013 23:38:08 +0200 - ensure you HUB will be DR by setting ospf priority on the interface level probably you which set this to zero on the spokes or a very low value. - correct the network statements, i think it should read network 192.168.123.0 0.0.0.255 area 0 for the FR-interface , using the broadcast-emulation of frame-relay. Otherwise, one single network 0.0.0.0 0.0.0.0 area 0 should catch'em all... - is the ospf interface type correct thru automagic ? - and probably the frame-relay-switch is just broken. Test connectivity betweek each router-pair with loopback interfaces and static routes. -Ursprüngliche Nachricht- Von: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von M K Gesendet: dimanche 6 octobre 2013 17:08 An: cisco-nsp@puck.nether.net Betreff: [c-nsp] OSPF Over FR Hi , I have three routers R1 , R2 and R3R1 is the hub and is configured as below R1#sh run int s0/0.123Building configuration... Current configuration : 201 bytes!interface Serial0/0.123 multipoint ip address 192.168.123.1 255.255.255.0 snmp trap link-status frame-relay map ip 192.168.123.3 103 broadcast frame-relay map ip 192.168.123.2 102 broadcast R1#sh run | sec router ospfrouter ospf 1 router-id 1.1.1.1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 192.168.14.1 0.0.0.0 area 0 network 192.168.123.1 0.0.0.0 area 0 neighbor 192.168.123.2 neighbor 192.168.123.3 R2#sh run int s0/0 Building configuration... Current configuration : 190 bytes!interface Serial0/0 ip address 192.168.123.2 255.255.255.0 encapsulation frame-relay clock rate 200 frame-relay map ip 192.168.123.1 201 broadcast no frame-relay inverse-arpend R2#R2#R2#sh run | sec router ospfrouter ospf 1 router-id 2.2.2.2 log-adjacency-changes network 2.2.2.2 0.0.0.0 area 0 network 192.168.123.2 0.0.0.0 area 0 neighbor 192.168.123.1 R3#sh run int s0/0Building configuration... Current configuration : 190 bytes!interface Serial0/0 ip address 192.168.123.3 255.255.255.0 encapsulation frame-relay clock rate 200 frame-relay map ip 192.168.123.1 301 broadcast no frame-relay inverse-arpend R3#sh run | sec router ospfrouter ospf 1 router-id 3.3.3.3 log-adjacency-changes network 3.3.3.3 0.0.0.0 area 0 network 192.168.123.3 0.0.0.0 area 0 neighbor 192.168.123.1 Why on R1 i cannot receive anything from R2 ? R1#sh ip route ospf 3.0.0.0/24 is subnetted, 1 subnetsO 3.3.3.0 [110/65] via 192.168.123.3, 00:06:21, Serial0/0.123 Even though the neighborship is up ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF Over FR
Hi , I have three routers R1 , R2 and R3R1 is the hub and is configured as below R1#sh run int s0/0.123Building configuration... Current configuration : 201 bytes!interface Serial0/0.123 multipoint ip address 192.168.123.1 255.255.255.0 snmp trap link-status frame-relay map ip 192.168.123.3 103 broadcast frame-relay map ip 192.168.123.2 102 broadcast R1#sh run | sec router ospfrouter ospf 1 router-id 1.1.1.1 log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 192.168.14.1 0.0.0.0 area 0 network 192.168.123.1 0.0.0.0 area 0 neighbor 192.168.123.2 neighbor 192.168.123.3 R2#sh run int s0/0 Building configuration... Current configuration : 190 bytes!interface Serial0/0 ip address 192.168.123.2 255.255.255.0 encapsulation frame-relay clock rate 200 frame-relay map ip 192.168.123.1 201 broadcast no frame-relay inverse-arpend R2#R2#R2#sh run | sec router ospfrouter ospf 1 router-id 2.2.2.2 log-adjacency-changes network 2.2.2.2 0.0.0.0 area 0 network 192.168.123.2 0.0.0.0 area 0 neighbor 192.168.123.1 R3#sh run int s0/0Building configuration... Current configuration : 190 bytes!interface Serial0/0 ip address 192.168.123.3 255.255.255.0 encapsulation frame-relay clock rate 200 frame-relay map ip 192.168.123.1 301 broadcast no frame-relay inverse-arpend R3#sh run | sec router ospfrouter ospf 1 router-id 3.3.3.3 log-adjacency-changes network 3.3.3.3 0.0.0.0 area 0 network 192.168.123.3 0.0.0.0 area 0 neighbor 192.168.123.1 Why on R1 i cannot receive anything from R2 ? R1#sh ip route ospf 3.0.0.0/24 is subnetted, 1 subnetsO 3.3.3.0 [110/65] via 192.168.123.3, 00:06:21, Serial0/0.123 Even though the neighborship is up ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
