[c-nsp] VPDN CHAP/CLEAR
Hi i have a question: I have a cisco Router for L2TP/PPP I receive a radius requete from my supplier: rad_recv: Access-Request packet from host xxx port 33696, id=30, length=333 Called-Station-Id = "dataverizon" Calling-Station-Id = "" User-Password = "12345" i sent a Access-accept with simplely: Sending Access-Accept of id 30 to xx port 33696 Proxy-State = 0x3833 Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IPv4 Tunnel-Server-Endpoint:0 = "192.168.100.100" Tunnel-Password:0 = "xxx" Tunnel-Assignment-Id:0 = "LNS-1" Cisco-AVPair = "vpdn:l2tp-tunnel-authen=no" Tunnel-Client-Auth-Id:0 = "LAC-1" Tunnel-Server-Auth-Id:0 = "LNS-1" my router receive the tunnel and sent a request to my radius: rad_recv: Access-Request packet from host 192.168.100.100 port 1645, id=233, length=165 Framed-Protocol = PPP User-Password = "LXXmiDzRQCyB9EDORmZSnI0oAqNbu2F9" i don't know why, my router 192.168.100.100 convert User-Password= 12345 to a long password (CHAP ? MD5 ? ) the problems, in the database of my free radius, i have a entry in radcheck in Cleartext-Password and 12345: 2568:Wed Nov 15 18:54:34 2023 : Auth: Login OK: [xxx@Xx/12345] (from client RAD-1 port 0 cli xx) 2569:Wed Nov 15 18:54:34 2023 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [xxx@Xx/LXXmiDzRQCyB9EDORmZSnI0oAqNbu2F9 ] (from client 192.168.100.100 port 390 cli xx) Anyone know this problems ? regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco L2TP Failed
I'm looking for a little bit of help on an L2TP error. I have a cisco 881 router which needs to make an L2TP connection, the conf: l2tp-class PW hostname C881 pseudowire-class L2TP l2tpv2 encapsulation protocol l2tpv2 PW local ip interface FastEthernet4 FastEthernet4 interface ip address dhcp auto duplex auto speed Virtual-PPP1 interface ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip mtu 1300 ip verify unicast reverse-path ip tcp adjust-mss 1200 load-interval 30 no cdp enable ppp chap hostname mylogin @ realm ppp chap password 0 xxx ppp ipcp dns request ppp ipcp route default pseudowire 10.10.10.1 1 l2tpv2 pw-class L2TP encapsulation ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 ip route 10.10.10.1 255.255.255.255 FastEthernet4 dhcp In debug L2TP all i have: *Sep 10 05:00:46.359: L2TP app _:1004:XCON: APP->L2TP: activate, *Sep 10 05:00:46.359: L2TP app _:1004:XCON:client 1004 *Sep 10 05:00:46.359: L2TP app _:1004:XCON:app XCONNECT *Sep 10 05:00:46.359: L2TP app _:1004:XCON: *Sep 10 05:00:46.359: L2TP _:: Find cc between *Sep 10 05:00:46.359: L2TP _:: 10.153.60.172<->10.10.10.1 *Sep 10 05:00:46.359: L2TP _:: with class: PW *Sep 10 05:00:46.359: L2TP _:: and IP proto: L2TPoUDP *Sep 10 05:00:46.359: L2TP _:: and framing type: none *Sep 10 05:00:46.359: L2TP _:: and bearer type: none *Sep 10 05:00:46.359: L2TP _:: and version: V2 *Sep 10 05:00:46.359: L2TP _:: and local hostname: C881 *Sep 10 05:00:46.359: L2TP _:: Need to instigate control channel *Sep 10 05:00:46.359: L2X tnl 08706:: Create logical tunnel *Sep 10 05:00:46.359: L2TP tnl 08706:: Create tunnel *Sep 10 05:00:46.359: L2TP tnl 08706:: version set to V2 *Sep 10 05:00:46.359: L2TP tnl 08706:: remote ip set to 10.10.10.1 *Sep 10 05:00:46.359: L2TP tnl 08706:: local ip set to 10.153.60.172 *Sep 10 05:00:46.359: L2TP tnl 08706:055B: class name PW *Sep 10 05:00:46.359: L2TP tnl 08706:055B: class name PW *Sep 10 05:00:46.359: L2TP tnl 08706:055B: FSM-CC ev App-Conn *Sep 10 05:00:46.359: L2TP tnl 08706:055B: FSM-CCIdle->Wt-Sock *Sep 10 05:00:46.359: L2TP tnl 08706:055B: FSM-CC do App-Connect-Sock *Sep 10 05:00:46.359: L2TP app 08706:1004:XCON: Created *Sep 10 05:00:46.359: L2TP app 08706:1004:XCON: App count now 1 *Sep 10 05:00:46.359: L2X_:: l2x_open_socket: is called *Sep 10 05:00:46.359: L2TP tnl 08706:055B: Open sock 10.153.60.172:1701-> 10.10.10.1 :1701 *Sep 10 05:00:46.359: L2TP tnl 08706:055B: FSM-CC ev Sock-Ready *Sep 10 05:00:46.359: L2TP tnl 08706:055B: FSM-CCWt-Sock->Wt-SCCRP *Sep 10 05:00:46.359: L2TP tnl 08706:055B: FSM-CC do Tx-SCCRQ *Sep 10 05:00:46.359: L2TP tnl 08706:055B: *Sep 10 05:00:46.359: L2TP tnl 08706:055B: O SCCRQ to 10.10.10.1 *Sep 10 05:00:46.359: L2TP tnl 08706:055B: IETF v2: *Sep 10 05:00:46.359: L2TP tnl 08706:055B: Protocol Version 1, Revision 0 *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Framing Cap none(0x0) *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Tie Breaker *Sep 10 05:00:46.363: L2TP tnl 08706:055B: 6097E495022261A9 *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Firmware Ver 0x1130 *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Hostname "C881" *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Vendor Name *Sep 10 05:00:46.363: L2TP tnl 08706:055B: "Cisco Systems, Inc." *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Assigned Tunnel I 0x055B (1371) *Sep 10 05:00:46.363: L2TP tnl 08706:055B: Recv Window Size 512 *Sep 10 05:00:46.363: L2TP tnl 08706:055B: *Sep 10 05:00:46.723: L2TP tnl 08706:055B: StopCCN: skip authen, no nonce yet *Sep 10 05:00:46.723: L2TP tnl 08706:055B: Drain unsentQ, cur/max resendQ sz 0/4, unsentQ 0 *Sep 10 05:00:46.723: L2TP tnl 08706:055B: *Sep 10 05:00:46.723: L2TP tnl 08706:055B: I StopCCN, flg TLS, ver 2, len 36 *Sep 10 05:00:46.723: L2TP tnl 08706:055B: IETF v2: *Sep 10 05:00:46.723: L2TP tnl 08706:055B: Result Code *Sep 10 05:00:46.723: L2TP tnl 08706:055B: Requester is not authorized to establish a control channel(4) *Sep 10 05:00:46.723: L2TP tnl 08706:055B: Error code *Sep 10 05:00:46.723: L2TP tnl 08706:055B: No error(0) *Sep 10 05:00:46.723: L2TP tnl 08706:055B: Assigned Tunnel I 0x (65535) *Sep 10 05:00:46.723: L2TP tnl 08706:055B: *Sep 10 05:00:46.723: L2TP tnl 08706:055B: O ZLB ACK to 10.10.10.1 tnl 65535 *Sep 10 05:00:46.723: L2TP tnl 08706:055B: *Sep 10 05:00:46.723: L2TP tnl
[c-nsp] Cisco CLI and regular expression
Hello, Does anyone know how to make a: show run | i Port-channel10.1911 Port-channel10 interface Port-channel interface10.1911 only display show run | i Port-channel10.1911 Port-channel interface10.1911 I don't know why but it shows me the ePort-channel10e support interface i tried with show run | i Port-channel10 \ .1911 but the same: Port-channel10 interface Port-channel interface10.1911 Thanks for your help ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco ISIS/BGP Redistribute
Hello I am trying to redistribute in my IGP ISIS routes learned by a BGP session based on communauty. for this, i have: router bgp 65533 bgp log-neighbor-changes neighbor 192.168.191.29 remote-as 65534 ! address-family ipv4 network 192.168.191.28 mask 255.255.255.254 redistribute connected neighbor 192.168.191.29 activate neighbor 192.168.191.29 next-hop-self neighbor 192.168.191.29 as-override neighbor 192.168.191.29 route-map EBGP-IMPORT in exit-address-family route-map EBGP-IMPORT permit 10 match ip address 49 set local-preference 200 set community 4294771488 4294771489 access-list 49 permit 192.168.190.32 access-list 49 permit 192.168.190.33 access-list 49 permit 192.168.190.34 access-list 49 permit 192.168.190.35 i have created a IP Communauty List and: ip community-list expanded ISIS800 permit 65533:801 route-map BGP-TO-ISIS-REDISTRIBUTE permit 10 match community ISIS800 router isis net 49.0001...0397.00 is-type level-2-only metric-style wide redistribute connected redistribute bgp 65533 route-map BGP-TO-ISIS-REDISTRIBUTE in this configuration, it does not work, the 4 prefixes learned by BGP are not redistributed in the ISIS. if I put on the other hand: router isis net 49.0001...0397.00 is-type level-2-only metric-style wide redistribute connected redistribute bgp 65533 route-map EBGP-IMPORT the prefixes are well redistributed but it is not based on the community anyone have any idea of my mistake? thank you in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR9001 and Snmp
Hi I can't get the snmp to work on my cisco ASR9000 to monitor it with Centreon. i use this configuration: snmp-server ifindex persist snmp-server trap-source Loopback0 snmp-server view public system included snmp-server community public view public ro admin-nets snmp-server group SnmpAdmins v3 auth ipv4 admin-nets snmp-server user admin SnmpAdmins v3 auth md5 **PASSWORD ipv4 access-list admin-nets permit ipv4 172.20.18.0/28 any ... when I run the check requests on my centreon, in snmp v3 with login / pass I always have a "no answer" I did not find an example configuration in version 2c a idea ? thanks for your help olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Help Cisco IOS XR 9001
Hello, I am asking you for a little help, I just got an ASR9001 router and I am a little confused with the IOS XR completely different from my ASR1001. 1- First problem, ISIS seems not to work on my ASR1001X I have: interface TenGigabitEthernet7/1 mtu 1600 ip address 192.168.1.1 255.255.255.252 ip router isis mpls label protocol ldp mpls ip router isis net 49.0001...0450.00 is-type level-2-only metric-style wide redistribute connected ! address-family ipv6 multi-topology redistribute connected redistribute static exit-address-family connected on this port, I have the ASR9001 with in conf: interface TenGigE0/0/2/0 mtu 1600 ipv4 address 192.168.1.2 255.255.255.252 router isis WanCmp is-type level-2-only net 49.0001...0452.00 address-family ipv6 unicast ! interface TenGigE0/0/2/0 address-family ipv4 unicast ! ! ! but when i put sh isis topo Wed Sep 23 07:45:50.378 UTC IS-IS phibee paths to IPv4 Unicast (Level-2) routers System Id Metric Next-HopInterface SNPA ASR9001 -- Anyone have a idea of the problems ? 2- SSH/Telnet access to the router currently I have to connect the ASR9001 router via the MgmtEth0 / RSP0 / CPU0 / 0 port to access it. Unable to go through the wan classic TenGigE0 / 0/2/0 interface in my configuration, i have: telnet vrf default ipv4 server max-servers 10 line console exec-timeout 1440 0 escape-character 0x5a session-limit 10 disconnect-character 0x59 session-timeout 100 transport input telnet ssh transport output telnet ssh transport preferred none ! line default exec-timeout 1440 0 access-class ingress admin-nets transport input all transport output telnet ssh transport preferred none vty-pool default 0 5 line-template default control-plane management-plane out-of-band interface TenGigE0/0/2/0 allow SSH peer address ipv4 192.168.0.0/21 ! allow Telnet peer address ipv4 192.168.0.0/21 ! ssh server v2 ssh server vrf default ssh server vrf Mgmt-intf end if i want connect on wan interface, i have all time a connexion refused thanks for your help ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR1001X PPPoE COS 2
Hi I must add the 802.1P TAG on the pppoe connections coming from a particular interface on Cisco ASR1001X I have added: vpdn-group FTTH_COS_2 accept-dialin protocol l2tp virtual-template 2 lcp renegotiation always no l2tp tunnel authentication ip mtu adjust relay pppoe bba-group FTTH_COS_2 bba-group pppoe global control-packets vlan cos 0 bba-group pppoe FTTH_COS_2 virtual-template 2 control-packets vlan cos 2 interface GigabitEthernet0/0/0 mtu 1600 no ip address no negotiation auto pppoe enable group FTTH_COS_2 ! interface GigabitEthernet0/0/0.2001 encapsulation dot1Q 2001 pppoe enable group FTTH_COS_2 interface Virtual-Template2 ip unnumbered Loopback0 no ip redirects no ip unreachables no ip proxy-arp no logging event link-status no peer default ip address no snmp trap link-status no keepalive ppp authentication chap ppp-radius ppp authorization network-radius ppp multilink ppp multilink fragment disable but according to my supplier, my cisco does not tag on 802.1P the COS has 2 suddenly their access-list block How can I check if my router is tagged okay? thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR1001X Unable to add ANCP Line
Hi on my ASR1001X, we have in debug: Sep 21 08:01:30.549: [1270]PPPoE 45551: Error adjusting nas port format did Sep 21 08:01:30.550: [1270]PPPoE 45551 : Unable to add line attributes from ANCP Sep 21 08:01:30.550: [1270]PPPoE 45551: Unable to Add ANCP Line attributes to the PPPoE Authen attributes Sep 21 08:01:31.037: [1134]PPPoE 45552: Error adjusting nas port format did i Sep 21 08:01:31.038: [1134]PPPoE 45552 : Unable to add line attributes from ANCP Sep 21 08:01:31.038: [1134]PPPoE 45552: Unable to Add ANCP Line attributes to the PPPoE Authen attributes Anyone know this errors ? ASR is used in PPPoE server regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange ASR920 problems with pppoe enabled
Hi All I have a problem that I cannot understand on a cisco ASR920. I have an interface that will do xconnect: interface GigabitEthernet0/0/8 mtu 1600 no ip address media-type sfp negotiation auto service instance 2079 ethernet encapsulation dot1q 2079 rewrite ingress tag pop 1 symmetric xconnect 172.16.16.100 2079 encapsulation mpls pw-class EtherRedirect ! service instance 2080 ethernet encapsulation dot1q 2080 rewrite ingress tag pop 1 symmetric xconnect 172.16.16.120 901068 encapsulation mpls pw-class EtherRedirect ! that works, on the service instance 2079 ethernet, customer CPE use PPPoE I have a second interface that i want use with Customer PPPoE: interface TenGigabitEthernet0/0/14 no ip address channel-group 10 mode active interface Port-channel10 no ip address lacp max-bundle 3 service instance 2001 ethernet encapsulation dot1q 2001 bridge-domain 2001 interface BDI2001 no ip address If i active pppoe on the BDI2001: interface BDI2001 no ip address pppoe enable group CPE-PPPOE this immediately cuts the PPPoE of my client which goes through the Xconnect. I thought the Xconnect was a priority but it doesn't seem to be. How can I deal with this? thanks for your help ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco VRF/BGP in Radius
Hi all is it possible to send BGP type information by radius to the Cisco PE router? I know that we can say that a connection must be attached to a vrf, but can we make this vrf be created by the radius attribute if it does not exist? regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoe Server and Forwarding on Cisco ASR1001X
i understand ;=) i don't have put AAA Radius on the virtual template sorry Le ven. 28 août 2020 à 16:59, Olivier CALVANO a écrit : > Hi > > i want use a Cisco ASR1001X for PPPoE connexion and forwarding the l2tp > > > aaa new-model > > aaa group server radius radius-local > server-private 192.168.168.1 auth-port 1812 acct-port 1813 key xxx > ip radius source-interface Loopback0 > ! > aaa authentication ppp ppp-radius group radius-local > aaa authorization network network-radius group radius-local > aaa session-id common > > vpdn enable > vpdn multihop > vpdn authen-before-forward > vpdn logging > vpdn logging local > vpdn logging user > vpdn logging tunnel-drop > vpdn history failure table-size 50 > ! > vpdn-group Network-Collect > accept-dialin > protocol l2tp > virtual-template 1 > lcp renegotiation always > no l2tp tunnel authentication > ip mtu adjust > relay pppoe bba-group Network-Collect-BBA > > bba-group pppoe Network-Collect-BBA > virtual-template 1 > sessions per-vc limit 2 > sessions per-mac limit 1 > > interface Port-channel10 > no ip address > pppoe enable group Network-Collect-BBA > lacp max-bundle 3 > > interface Virtual-Template1 > ip unnumbered Loopback0 > no ip redirects > no ip unreachables > no ip proxy-arp > no logging event link-status > no peer default ip address > no snmp trap link-status > no keepalive > ppp authentication pap chap callin > > In logs, i see the request of the 877 routers: > > Aug 28 14:53:38.532: PPPoE 0: I PADI R:0017.5997.529e L:.. > 820 Po10.820 > Aug 28 14:53:38.532: Service tag: NULL Tag > Aug 28 14:53:38.532: PPPoE 0: O PADO, R:80e0.1d7c.b049 L:0017.5997.529e > 820 Po10.820 > Aug 28 14:53:38.532: Service tag: NULL Tag > Aug 28 14:53:40.580: PPPoE 0: I PADR R:0017.5997.529e L:80e0.1d7c.b049 > 820 Po10.820 > Aug 28 14:53:40.580: Service tag: NULL Tag > Aug 28 14:53:40.580: PPPoE : encap string prepared > Aug 28 14:53:40.580: [136]PPPoE 136: Access IE handle allocated > Aug 28 14:53:40.580: [136]PPPoE 136: AAA get retrieved attrs > Aug 28 14:53:40.580: [136]PPPoE 136: AAA get nas port details > Aug 28 14:53:40.580: [136]PPPoE 136: Error adjusting nas port format did > Aug 28 14:53:40.580: dyn_attrs->xmit_rate: 1410065408 dyn_attrs->rcv_rate: > 1410065408 > Aug 28 14:53:40.580: [136]PPPoE 136: AAA get dynamic attrs > Aug 28 14:53:40.580: [136]PPPoE 136: AAA unique ID 94 allocated > Aug 28 14:53:40.580: [136]PPPoE 136: No AAA accounting method list > Aug 28 14:53:40.580: [136]PPPoE 136: Service request sent to SSS > Aug 28 14:53:40.580: [136]PPPoE 136: Created, Service: None > R:80e0.1d7c.b049 L:0017.5997.529e 820 Po10.820 > Aug 28 14:53:40.581: [136]PPPoE 136: State NAS_PORT_POLICY_INQUIRY > Event SSS MORE KEYS > Aug 28 14:53:40.581: [136]PPPoE 136: data path set to PPP > Aug 28 14:53:40.581: [136]PPPoE 136: Segment (SSS class): PROVISION > Aug 28 14:53:40.581: [136]PPPoE 136: State PROVISION_PPPEvent SSM > PROVISIONED > Aug 28 14:53:40.581: [136]PPPoE 136: O PADS R:0017.5997.529e > L:80e0.1d7c.b049 Po10.820 > Aug 28 14:53:40.581: [136]PPPoE 136 : Unable to add line > attributes from ANCP > Aug 28 14:53:40.581: [136]PPPoE 136: Unable to Add ANCP Line attributes to > the PPPoE Authen attributes > Aug 28 14:53:40.762: [136]PPPoE 136: State LCP_NEGOTIATIONEvent PPP > DISCONNECT > Aug 28 14:53:40.762: [136]PPPoE 136: O PADT R:0017.5997.529e > L:80e0.1d7c.b049 Po10.820 > Aug 28 14:53:40.762: [136]PPPoE 136: Destroying R:0017.5997.529e > L:80e0.1d7c.b049 820 Po10.820 > Aug 28 14:53:40.762: dyn_attrs->xmit_rate: 1410065408 dyn_attrs->rcv_rate: > 1410065408 > Aug 28 14:53:40.762: [136]PPPoE 136: AAA get dynamic attrs > Aug 28 14:53:40.762: [136]PPPoE 136: AAA account stopped > Aug 28 14:53:40.763: [136]PPPoE 136: Segment (SSS class): UNPROVISION > Aug 28 14:53:40.794: PPPoE 136: I PADT R:0017.5997.529e L:80e0.1d7c.b049 > 820 Po10.820 > > > > but the router don't request information to radius server and stop pppoe > process > > > anyone have a idea of my error ? > > thanks > olivier > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoe Server and Forwarding on Cisco ASR1001X
Hi i want use a Cisco ASR1001X for PPPoE connexion and forwarding the l2tp aaa new-model aaa group server radius radius-local server-private 192.168.168.1 auth-port 1812 acct-port 1813 key xxx ip radius source-interface Loopback0 ! aaa authentication ppp ppp-radius group radius-local aaa authorization network network-radius group radius-local aaa session-id common vpdn enable vpdn multihop vpdn authen-before-forward vpdn logging vpdn logging local vpdn logging user vpdn logging tunnel-drop vpdn history failure table-size 50 ! vpdn-group Network-Collect accept-dialin protocol l2tp virtual-template 1 lcp renegotiation always no l2tp tunnel authentication ip mtu adjust relay pppoe bba-group Network-Collect-BBA bba-group pppoe Network-Collect-BBA virtual-template 1 sessions per-vc limit 2 sessions per-mac limit 1 interface Port-channel10 no ip address pppoe enable group Network-Collect-BBA lacp max-bundle 3 interface Virtual-Template1 ip unnumbered Loopback0 no ip redirects no ip unreachables no ip proxy-arp no logging event link-status no peer default ip address no snmp trap link-status no keepalive ppp authentication pap chap callin In logs, i see the request of the 877 routers: Aug 28 14:53:38.532: PPPoE 0: I PADI R:0017.5997.529e L:.. 820 Po10.820 Aug 28 14:53:38.532: Service tag: NULL Tag Aug 28 14:53:38.532: PPPoE 0: O PADO, R:80e0.1d7c.b049 L:0017.5997.529e 820 Po10.820 Aug 28 14:53:38.532: Service tag: NULL Tag Aug 28 14:53:40.580: PPPoE 0: I PADR R:0017.5997.529e L:80e0.1d7c.b049 820 Po10.820 Aug 28 14:53:40.580: Service tag: NULL Tag Aug 28 14:53:40.580: PPPoE : encap string prepared Aug 28 14:53:40.580: [136]PPPoE 136: Access IE handle allocated Aug 28 14:53:40.580: [136]PPPoE 136: AAA get retrieved attrs Aug 28 14:53:40.580: [136]PPPoE 136: AAA get nas port details Aug 28 14:53:40.580: [136]PPPoE 136: Error adjusting nas port format did Aug 28 14:53:40.580: dyn_attrs->xmit_rate: 1410065408 dyn_attrs->rcv_rate: 1410065408 Aug 28 14:53:40.580: [136]PPPoE 136: AAA get dynamic attrs Aug 28 14:53:40.580: [136]PPPoE 136: AAA unique ID 94 allocated Aug 28 14:53:40.580: [136]PPPoE 136: No AAA accounting method list Aug 28 14:53:40.580: [136]PPPoE 136: Service request sent to SSS Aug 28 14:53:40.580: [136]PPPoE 136: Created, Service: None R:80e0.1d7c.b049 L:0017.5997.529e 820 Po10.820 Aug 28 14:53:40.581: [136]PPPoE 136: State NAS_PORT_POLICY_INQUIRYEvent SSS MORE KEYS Aug 28 14:53:40.581: [136]PPPoE 136: data path set to PPP Aug 28 14:53:40.581: [136]PPPoE 136: Segment (SSS class): PROVISION Aug 28 14:53:40.581: [136]PPPoE 136: State PROVISION_PPPEvent SSM PROVISIONED Aug 28 14:53:40.581: [136]PPPoE 136: O PADS R:0017.5997.529e L:80e0.1d7c.b049 Po10.820 Aug 28 14:53:40.581: [136]PPPoE 136 : Unable to add line attributes from ANCP Aug 28 14:53:40.581: [136]PPPoE 136: Unable to Add ANCP Line attributes to the PPPoE Authen attributes Aug 28 14:53:40.762: [136]PPPoE 136: State LCP_NEGOTIATIONEvent PPP DISCONNECT Aug 28 14:53:40.762: [136]PPPoE 136: O PADT R:0017.5997.529e L:80e0.1d7c.b049 Po10.820 Aug 28 14:53:40.762: [136]PPPoE 136: Destroying R:0017.5997.529e L:80e0.1d7c.b049 820 Po10.820 Aug 28 14:53:40.762: dyn_attrs->xmit_rate: 1410065408 dyn_attrs->rcv_rate: 1410065408 Aug 28 14:53:40.762: [136]PPPoE 136: AAA get dynamic attrs Aug 28 14:53:40.762: [136]PPPoE 136: AAA account stopped Aug 28 14:53:40.763: [136]PPPoE 136: Segment (SSS class): UNPROVISION Aug 28 14:53:40.794: PPPoE 136: I PADT R:0017.5997.529e L:80e0.1d7c.b049 820 Po10.820 but the router don't request information to radius server and stop pppoe process anyone have a idea of my error ? thanks olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR1001 and PPPoE Forwarding
Hi i have a Cisco ASR 1001 in pppoe server connected to a FTTH NNI, with in configuration: aaa new-model aaa group server radius radius-pool server-private 172.16.1.1 auth-port 1812 acct-port 1813 key ip radius source-interface Loopback0 ! aaa authentication ppp ppp-radius group radius-pool aaa authorization network network-radius group radius-pool aaa accounting network network-radius bba-group pppoe FTTH_Host virtual-template 1 interface GigabitEthernet0/0/1.218 encapsulation dot1Q 218 pppoe enable group FTTH_Host interface Virtual-Template1 mtu 1492 ip unnumbered Loopback0 no peer default ip address ppp authentication chap pap I want use this router for forward PPPoE to another router based on radius but actually router don't sent request to radius and in logs i have: Jan 18 14:37:49.910: PPPoE 0: I PADI R:c4ad.3479.dbd5 L:.. 218 Gi0/0/1.218 Jan 18 14:37:49.910: Service tag: NULL Tag Jan 18 14:37:49.910: PPPoE 0: O PADO, R:5087.8999.9f83 L:c4ad.3479.dbd5 218 Gi0/0/1.218 Jan 18 14:37:49.910: Service tag: NULL Tag Jan 18 14:37:49.921: PPPoE 0: I PADR R:c4ad.3479.dbd5 L:5087.8999.9f83 218 Gi0/0/1.218 Jan 18 14:37:49.921: Service tag: NULL Tag Jan 18 14:37:49.921: PPPoE : encap string prepared Jan 18 14:37:49.921: [189]PPPoE 1190: Access IE handle allocated Jan 18 14:37:49.921: [189]PPPoE 1190: AAA get retrieved attrs Jan 18 14:37:49.921: [189]PPPoE 1190: AAA get nas port details Jan 18 14:37:49.921: [189]PPPoE 1190: Error adjusting nas port format did Jan 18 14:37:49.921: dyn_attrs->xmit_rate: 10 dyn_attrs->rcv_rate: 10 Jan 18 14:37:49.921: [189]PPPoE 1190: AAA get dynamic attrs Jan 18 14:37:49.921: [189]PPPoE 1190: AAA unique ID 17E0F allocated Jan 18 14:37:49.921: [189]PPPoE 1190: No AAA accounting method list Jan 18 14:37:49.921: [189]PPPoE 1190: Service request sent to SSS Jan 18 14:37:49.921: [189]PPPoE 1190: Created, Service: None R:5087.8999.9f83 L:c4ad.3479.dbd5 218 Gi0/0/1.218 Jan 18 14:37:49.922: [189]PPPoE 1190: State NAS_PORT_POLICY_INQUIRY Event SSS MORE KEYS Jan 18 14:37:49.922: [189]PPPoE 1190: data path set to PPP Jan 18 14:37:49.922: [189]PPPoE 1190: Segment (SSS class): PROVISION Jan 18 14:37:49.922: [189]PPPoE 1190: State PROVISION_PPPEvent SSM PROVISIONED Jan 18 14:37:49.922: [189]PPPoE 1190: O PADS R:c4ad.3479.dbd5 L:5087.8999.9f83 Gi0/0/3.600 Jan 18 14:37:49.922: [189]PPPoE 1190 : Unable to add line attributes from ANCP Jan 18 14:37:49.922: [189]PPPoE 1190: Unable to Add ANCP Line attributes to the PPPoE Authen attributes Jan 18 14:37:50.016: PPPoE : Method list does not exists Jan 18 14:37:50.026: [189]PPPoE 1190: State LCP_NEGOTIATIONEvent PPP DISCONNECT Jan 18 14:37:50.026: [189]PPPoE 1190: O PADT R:c4ad.3479.dbd5 L:5087.8999.9f83 Gi0/0/3.600 Jan 18 14:37:50.026: [189]PPPoE 1190: Destroying R:c4ad.3479.dbd5 L:5087.8999.9f83 600 Gi0/0/3.600 Jan 18 14:37:50.026: dyn_attrs->xmit_rate: 10 dyn_attrs->rcv_rate: 10 Jan 18 14:37:50.026: [189]PPPoE 1190: AAA get dynamic attrs Jan 18 14:37:50.026: [189]PPPoE 1190: AAA account stopped Jan 18 14:37:50.027: PPPoE 1190: I PADT R:c4ad.3479.dbd5 L:5087.8999.9f83 218 Gi0/0/1.218 Jan 18 14:37:50.027: [189]PPPoE 1190: Segment (SSS class): UNPROVISION Jan 18 14:37:51.644: %SEC-6-IPACCESSLOGP: list VTY_ACCESS denied tcp 37.119.109.79(6598) -> 0.0.0.0(23), 1 packet anyone know this problems ? regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco ASA5550 and Wizard High Availability ?
Hi I use 2 Cisco ASA5550: ASA Version: 9.1(7)32 ADSM Version: 7.12(2) i want configure Hight Availability and Scalability Wizards but that's don't work. I click on the button: no action, the wizards don't start someone has already encountered the problem ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco N3K and SNMP ?
Hi It's possible on Cisco Nexus N3K to configure SNMP-SERVER with IP ACL only ? no login/pass thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange problems with Cisco ASR1002 RP1
sure: ASR1002#sh interfaces GigabitEthernet0/0/0 GigabitEthernet0/0/0 is up, line protocol is up Hardware is 4XGE-BUILT-IN, address is 44d3.ca21.ac00 (bia 44d3.ca21.ac00) Internet address is 192.168.50.125/24 MTU 1500 bytes, BW 100 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 1000Mbps, link type is auto, media type is T output flow-control is on, input flow-control is on ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:01:16, output hang never Last clearing of "show interface" counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 2 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 133 packets input, 19305 bytes, 0 no buffer Received 45 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 88 multicast, 0 pause input 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out ASR1002# ASR1002#ping 192.168.50.125 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.50.125, timeout is 2 seconds: . Success rate is 0 percent (0/5) ASR1002#ping 192.168.51.125 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.51.125, timeout is 2 seconds: . Success rate is 0 percent (0/5) ASR1002#sh inter loopback 0Loopback0 is up, line protocol is up Hardware is Loopback Internet address is 192.168.51.125/24 MTU 1514 bytes, BW 800 Kbit/sec, DLY 5000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation LOOPBACK, loopback not set Keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Le ven. 7 déc. 2018 à 13:30, Georgi Georgiev a écrit : > Hi, > > Can you share the output of ‘show int ’ ? It could be wedge > interface. Check the input queue size and packets within. If the packets > are more than the max size it is wedge interface. > > Regards, > Georgi > > Sent from my iPhone > > > On 7 Dec 2018, at 8:30, Olivier CALVANO wrote: > > > > Hi > > > > I have a very strange problem with Cisco ASRs that I have never had > before. > > > > I have a chassis equipped with an ESP20 card, everything seems to work > > because no message in the logs but impossible to ping it. > > > > The interfaces are UP on each side, the IPs are ok.on the ASR I can not > > even ping the IP assigned to the interface (it does not even ping his > ip). > > > > I change the SFP, no change > > I change the ESP, no change > > I change the chassis, no change > > I change the port and the SFP on the other router or it is connected, no > > change > > I change the IOS version, no change > > > > the port on the other router works without problems because tested with a > > cisco 7201 > > > > would I have missed something in an activation? the config could not be > > simpler, realized with the command setup > > > > thanks for your suggestion > > Olivier > > ___ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange problems with Cisco ASR1002 RP1
Hi I have a very strange problem with Cisco ASRs that I have never had before. I have a chassis equipped with an ESP20 card, everything seems to work because no message in the logs but impossible to ping it. The interfaces are UP on each side, the IPs are ok.on the ASR I can not even ping the IP assigned to the interface (it does not even ping his ip). I change the SFP, no change I change the ESP, no change I change the chassis, no change I change the port and the SFP on the other router or it is connected, no change I change the IOS version, no change the port on the other router works without problems because tested with a cisco 7201 would I have missed something in an activation? the config could not be simpler, realized with the command setup thanks for your suggestion Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco ASR RIB Failure ?
Hi On all of my router, i have : ASR1002.BLD1#sh ip bgp 172.16.0.1 BGP routing table entry for 172.16.0.1/32, version 1184149 Paths: (2 available, best #1, table default, not advertised to EBGP peer, RIB-failure(17)) how can I do to find the problem of "RIB-failure(17)" thanks for your suggestion Regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Error on a Cisco Sup2T
Hi we have this errors on a VS-SUP2T-10G: Initializing ATA monitor library... string is bootdisk:s2t54-ipbasek9-mz.SPA.122-50.SY.bin bootdisk:%s72044-atafslib-m: Digitally Signed Release Software with key version A Initializing ATA monitor library... bootdisk:s2t54-ipbasek9-mz.SPA.122-50.SY.bin: Digitally Signed Release Software with key version A Self extracting the image... [OK] Self decompressing the image : # [OK] SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE! %Software-forced reload %C6K_MEM_ECC-2-MBE: Multiple bit error detected at 0x4059EE30 %C6K_MEM_ECC-3-SYNDROME_MBE: 8-bit Syndrome for the detected Multi-bit error: 0x0 : Unexpected exception to CPU: vector 1500, PC = 0x5FBEFF0 , LR = 0x5FBEFCC -Traceback= 5FBEFF0 7381538 7399BA4 5837500 73B2E5C 68EDD6C 68ED9C8 4C19CF0 4C1D178 68C40B8 68C5570 68E58C0 73675C8 7367690 7367878 654146C CPU Register Context: MSR = 0x00029200 CR = 0x48004042 CTR = 0x XER = 0x R0 = 0x05FBEFCC R1 = 0x5001E1C0 R2 = 0xFFF7FFF7 R3= 0x0E11E80C R4 = 0x081DDEC8 R5 = 0x R6 = 0x0C55 R7= 0x07AB R8 = 0x00029200 R9 = 0x0C5F R10 = 0x R11 = 0x R12 = 0x44004048 R13 = 0x0121D000 R14 = 0x065418AC R15 = 0x0C79 R16 = 0x0C79 R17 = 0x08534818 R18 = 0x5001E210 R19 = 0x0C79 R20 = 0x0E13 R21 = 0x0C79 R22 = 0x R23 = 0x0853499C R24 = 0x0020 R25 = 0x R26 = 0x10D4 R27 = 0x0020 R28 = 0x058374FC R29 = 0x0F1D56F8 R30 = 0x0C57 R31 = 0x *** System received a Software Forced Crash *** signal= 0x17, code= 0x1500, context= 0xe0fe064 PC = 0x5fbeff0, Vector = 0x1500, SP = 0x5001e1c0 System Bootstrap, Version 12.2(50r)SYS2, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2011 by cisco Systems, Inc. PYRAMID platform with 2097152 Kbytes of main memory anyone know this problems ? a memory hardware problems ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7301 limitation ?
Hi i have a problems with a cisco 7301 IOS: Cisco IOS Software, 7301 Software (C7301-ADVENTERPRISEK9-M), Version 12.2(33)SRD5, RELEASE SOFTWARE (fc2) No special config on C7301, no qos, no access list, no filter ... only IP Route On this router, i have two ports used: GigabitEthernet0/0 GigabitEthernet0/1 Port 0/0 it's a 1 Gbits link Port 0/1 it's a 1 Gbits link but i two vlan each vlan is a fiber remote link, one of 20Mbits and the second 500 Mbits When i start a upload from a pc behind the 500 Mbits vlan link, no problems, i have 500 Mbits and cpu is good: CPU utilization for five seconds: 33%/22% but when i download, i am limited to 266 Mbits and the CPU of the C7301 are high: CPU utilization for five seconds: 98%/43% anyone know this problems ? It's possible because the cisco don't know that the vlan is limited at 500 mbits and he want sent at 1 gbits ? regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco and ISIS topology
Hi i am search to know if it's possible on a cisco 7301 to put a priority at a link in the ISIS ? We have two interface, actually ISIS said for a lot of destination that they have two way, i want that he use the second way only when the first is down regards olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Difference betwen Cisco 7301 and ASR 1002 in vpdn ?
thank, but this line are on the cisco 7301 (and that's work on this router) 2017-04-02 10:26 GMT+02:00 Tim Warnock <tim...@timoid.org>: > I'd start here: > > Apr 2 07:57:46.146: RADIUS: AAA Unsupported Attr: interface > [175] 15 > > -Original Message- > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of > Olivier CALVANO > Sent: Sunday, 2 April 2017 5:59 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] Difference betwen Cisco 7301 and ASR 1002 in vpdn ? > > Hi, > > i have a small problems, i have two router: > > On a Old Cisco 7301 : > Cisco IOS Software, 7301 Software (C7301-ADVENTERPRISEK9-M), Version > 12.4(24)T8, RELEASE SOFTWARE (fc > > with l2tp/ppp forwarding: > > > vpdn enable > vpdn multihop > vpdn authen-before-forward > vpdn logging > vpdn logging local > vpdn logging tunnel-drop > vpdn history failure table-size 50 > > vpdn-group LNS > accept-dialin > protocol l2tp > virtual-template 1 > terminate-from hostname LAC-172.16.1.1 > local name LNS-172.16.1.1 > lcp renegotiation always > no l2tp tunnel authentication > l2tp tunnel receive-window 500 > l2tp tunnel retransmit retries 7 > l2tp tunnel retransmit timeout min 2 > l2tp tunnel retransmit timeout max 7 > > interface Virtual-Template1 > mtu 1460 > ip unnumbered Loopback100 > ip tcp adjust-mss 1420 > no logging event link-status > no peer default ip address > keepalive 20 > ppp mtu adaptive > ppp authentication chap ppp-radius > ppp multilink > > > on this router, no problems session is received and forwarded to the final > router. > > > > > On the Cisco ASR1002: > Cisco IOS XE Software, Version 03.13.06a.S - Extended Support Release > Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), > Version 15.4(3)S6a, RELEASE SOFTWARE (fc2) > > vpdn enable > vpdn multihop > vpdn authen-before-forward > vpdn logging > vpdn logging local > vpdn logging user > vpdn logging tunnel-drop > vpdn history failure table-size 50 > > vpdn-group LNS > accept-dialin > protocol l2tp > virtual-template 1 > terminate-from hostname LAC-172.16.1.2 > local name LNS-172.16.1.2 > lcp renegotiation always > no l2tp tunnel authentication > l2tp tunnel receive-window 500 > l2tp tunnel retransmit retries 7 > l2tp tunnel retransmit timeout min 2 > l2tp tunnel retransmit timeout max 7 > > interface Virtual-Template1 > mtu 1460 > ip unnumbered Loopback100 > ip tcp adjust-mss 1420 > no logging event link-status > no peer default ip address > keepalive 20 > ppp mtu adaptive > ppp authentication chap ppp-radius > ppp multilink > > > > > It's the same radius server, > radius answer are identic (only change IP and terminate-from, local name) > > > On the cisco 7301, the session are correctly forwarded, on the ASR no, the > ASR create a interface: > Apr 2 07:12:47.086: VPDN uid:123 Virtual interface created for > username@myrealm bandwidth 25000 Kbps > Apr 2 07:12:47.086: VPDN Vi2.1 Virtual interface created for > username@myrealm, bandwidth 25000 Kbps > > > > a debug radius on ASR: > > Apr 2 07:12:47.034: RADIUS/ENCODE(3352):Orig. component type = VPDN > Apr 2 07:12:47.034: RADIUS: DSL line rate attributes successfully added > Apr 2 07:12:47.035: RADIUS(3352): Config NAS IP: 172.16.1.2 > Apr 2 07:12:47.035: RADIUS(3352): Config NAS IPv6: :: > Apr 2 07:12:47.035: RADIUS/ENCODE(3352): acct_session_id: 13128 > Apr 2 07:12:47.035: RADIUS(3352): sending > Apr 2 07:12:47.035: RADIUS(3352): Send Access-Request to > 192.168.50.100:1812 id 1645/123, len 148 > Apr 2 07:12:47.035: RADIUS: authenticator 07 51 45 7E 07 E7 81 19 - CC B0 > 03 4D AE 43 84 7C > Apr 2 07:12:47.035: RADIUS: Framed-Protocol [7] 6 PPP > [1] > Apr 2 07:12:47.035: RADIUS: User-Name [1] 42 > "username@myrealm" > Apr 2 07:12:47.035: RADIUS: CHAP-Password [3] 19 * > Apr 2 07:12:47.035: RADIUS: Connect-Info[77] 20 > "2500/14976" > Apr 2 07:12:47.035: RADIUS: NAS-Port-Type [61] 6 ISDN >[2] > Apr 2 07:12:47.035: RADIUS: NAS-Port[5] 6 20123 > > Apr 2 07:12:47.035: RADIUS: NAS-Port-Id [87] 17 > "Uniq-Sess-ID123" > Apr 2 07:12:47.035: RADIUS: Service-Type[6] 6 Framed >[2] > Apr 2 07:12:47.035: RADIUS: NAS-IP-Address [4] 6 172.16.1.2 > > Apr 2 07:12:47.035: RADIUS(3352): Sending a IPv4 Radius Packet > Apr 2 07:12:47.035: RADIUS(3352): Started 5 sec timeout >
[c-nsp] Difference betwen Cisco 7301 and ASR 1002 in vpdn ?
Hi, i have a small problems, i have two router: On a Old Cisco 7301 : Cisco IOS Software, 7301 Software (C7301-ADVENTERPRISEK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc with l2tp/ppp forwarding: vpdn enable vpdn multihop vpdn authen-before-forward vpdn logging vpdn logging local vpdn logging tunnel-drop vpdn history failure table-size 50 vpdn-group LNS accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC-172.16.1.1 local name LNS-172.16.1.1 lcp renegotiation always no l2tp tunnel authentication l2tp tunnel receive-window 500 l2tp tunnel retransmit retries 7 l2tp tunnel retransmit timeout min 2 l2tp tunnel retransmit timeout max 7 interface Virtual-Template1 mtu 1460 ip unnumbered Loopback100 ip tcp adjust-mss 1420 no logging event link-status no peer default ip address keepalive 20 ppp mtu adaptive ppp authentication chap ppp-radius ppp multilink on this router, no problems session is received and forwarded to the final router. On the Cisco ASR1002: Cisco IOS XE Software, Version 03.13.06a.S - Extended Support Release Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.4(3)S6a, RELEASE SOFTWARE (fc2) vpdn enable vpdn multihop vpdn authen-before-forward vpdn logging vpdn logging local vpdn logging user vpdn logging tunnel-drop vpdn history failure table-size 50 vpdn-group LNS accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC-172.16.1.2 local name LNS-172.16.1.2 lcp renegotiation always no l2tp tunnel authentication l2tp tunnel receive-window 500 l2tp tunnel retransmit retries 7 l2tp tunnel retransmit timeout min 2 l2tp tunnel retransmit timeout max 7 interface Virtual-Template1 mtu 1460 ip unnumbered Loopback100 ip tcp adjust-mss 1420 no logging event link-status no peer default ip address keepalive 20 ppp mtu adaptive ppp authentication chap ppp-radius ppp multilink It's the same radius server, radius answer are identic (only change IP and terminate-from, local name) On the cisco 7301, the session are correctly forwarded, on the ASR no, the ASR create a interface: Apr 2 07:12:47.086: VPDN uid:123 Virtual interface created for username@myrealm bandwidth 25000 Kbps Apr 2 07:12:47.086: VPDN Vi2.1 Virtual interface created for username@myrealm, bandwidth 25000 Kbps a debug radius on ASR: Apr 2 07:12:47.034: RADIUS/ENCODE(3352):Orig. component type = VPDN Apr 2 07:12:47.034: RADIUS: DSL line rate attributes successfully added Apr 2 07:12:47.035: RADIUS(3352): Config NAS IP: 172.16.1.2 Apr 2 07:12:47.035: RADIUS(3352): Config NAS IPv6: :: Apr 2 07:12:47.035: RADIUS/ENCODE(3352): acct_session_id: 13128 Apr 2 07:12:47.035: RADIUS(3352): sending Apr 2 07:12:47.035: RADIUS(3352): Send Access-Request to 192.168.50.100:1812 id 1645/123, len 148 Apr 2 07:12:47.035: RADIUS: authenticator 07 51 45 7E 07 E7 81 19 - CC B0 03 4D AE 43 84 7C Apr 2 07:12:47.035: RADIUS: Framed-Protocol [7] 6 PPP [1] Apr 2 07:12:47.035: RADIUS: User-Name [1] 42 "username@myrealm" Apr 2 07:12:47.035: RADIUS: CHAP-Password [3] 19 * Apr 2 07:12:47.035: RADIUS: Connect-Info[77] 20 "2500/14976" Apr 2 07:12:47.035: RADIUS: NAS-Port-Type [61] 6 ISDN [2] Apr 2 07:12:47.035: RADIUS: NAS-Port[5] 6 20123 Apr 2 07:12:47.035: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID123" Apr 2 07:12:47.035: RADIUS: Service-Type[6] 6 Framed [2] Apr 2 07:12:47.035: RADIUS: NAS-IP-Address [4] 6 172.16.1.2 Apr 2 07:12:47.035: RADIUS(3352): Sending a IPv4 Radius Packet Apr 2 07:12:47.035: RADIUS(3352): Started 5 sec timeout Apr 2 07:12:47.072: RADIUS: Received from id 1645/123 192.168.50.100:1812, Access-Accept, len 159 Apr 2 07:12:47.072: RADIUS: authenticator C7 30 3D 06 C2 CF 60 1A - 23 16 3B FE DC 88 2E 86 Apr 2 07:12:47.072: RADIUS: Service-Type[6] 6 Outbound [5] Apr 2 07:12:47.073: RADIUS: Framed-Protocol [7] 6 PPP [1] Apr 2 07:12:47.073: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] Apr 2 07:12:47.073: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1] Apr 2 07:12:47.073: RADIUS: Tunnel-Client-Auth-I[90] 19 "LAC-172.16.1.2" Apr 2 07:12:47.073: RADIUS: Tunnel-Server-Auth-I[91] 19 "LNS-172.16.1.2" Apr 2 07:12:47.073: RADIUS: Tunnel-Server-Endpoi[67] 15 "172.16.1.200" Apr 2 07:12:47.073: RADIUS: Tunnel-Assignment-Id[82] 14 "LNS-Out" Apr 2 07:12:47.073: RADIUS: Tunnel-Client-Endpoi[66] 14 "172.16.1.2" Apr 2 07:12:47.073: RADIUS: Vendor, Cisco [26] 34 Apr 2 07:12:47.073: RADIUS: Cisco AVpair [1] 28 "vpdn:l2tp-tunnel-authen=no" Apr 2 07:12:47.073: RADIUS(3352): Received from id 1645/123 on the cisco 7301: Apr 2 07:57:46.146: RADIUS/ENCODE(00938779):Orig. component type = VPDN Apr 2 07:57:46.146: RADIUS:
Re: [c-nsp] Cisco 6500/SUP720-3BXL - 7600-SIP-400 => VPDN for ppp connection ?
Hi thanks for your answer ;=) Ok i stop the idea with C6500/C7600 ... and use 7201. It's a shame I had a stock of sup720-3BXL which have been replaced by ASR (for internet transit) and which suddenly no longer serve anything regards olivier 2017-02-02 0:49 GMT+01:00 Arie Vayner <ar...@vayner.net>: > Even if it worked, I would avoid doing that. This is not the right > platform for the job. > Look at the 7200 variants (7301 for example), or if you are looking for > something more modern (way more modern...) then ASR1K is your best bet. > > Arie > > On Sun, Jan 29, 2017 at 5:37 AM Tony via cisco-nsp < > cisco-nsp@puck.nether.net> wrote: > >> I don't think you can do VPDN on 7600. I'm sure we looked at this a >> couple of years ago and it is not supported and doesn't work (do it on 7200 >> or ASR instead). >> https://supportforums.cisco.com/discussion/11126991/7600-and-pptp >> >> >> >> >> From: Lukas Tribus <luky...@hotmail.com> >> To: Olivier CALVANO <o.calv...@gmail.com> >> Cc: "cisco-nsp@puck.nether.net" <cisco-nsp@puck.nether.net> >> Sent: Saturday, 28 January 2017, 2:34 >> Subject: Re: [c-nsp] Cisco 6500/SUP720-3BXL - 7600-SIP-400 => VPDN for >> ppp connection ? >> >> > Yes i have search without success ... i see information for 7600 but not >> > 6500 >> >> Just because SIP400 supports PPPoE/VPDN in a 7600 chassis doesn't mean >> you can do the exact same thing on a 6500. >> >> 7600 and 6500 software is very different, and while 7600 may address PE >> and >> some BNG needs, I don't think the 6500 does. >> >> >> I suggest you start looking for advice where you got the idea in the >> first place, >> but I would be *very* surprised if this would work on a 6500. >> >> >> -lukas >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> >> >> >> -- Forwarded message -- >> From: Tony via cisco-nsp <cisco-nsp@puck.nether.net> >> To: Lukas Tribus <luky...@hotmail.com>, Olivier CALVANO < >> o.calv...@gmail.com> >> Cc: "cisco-nsp@puck.nether.net" <cisco-nsp@puck.nether.net> >> Date: Sun, 29 Jan 2017 08:37:36 -0500 (EST) >> Subject: Re: [c-nsp] Cisco 6500/SUP720-3BXL - 7600-SIP-400 => VPDN for >> ppp connection ? >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500/SUP720-3BXL - 7600-SIP-400 => VPDN for ppp connection ?
Yes i have search without success ... i see information for 7600 but not 6500 regards olivier 2017-01-27 11:15 GMT+01:00 James Bensley <jwbens...@gmail.com>: > On 27 January 2017 at 08:20, Olivier CALVANO <o.calv...@gmail.com> wrote: > > Hi > > > > Anyone know how configure a Cisco 6500 with Sup720-3BXL, and 7600-SIP-400 > > for support Vpdn/PPP linx termination ? > > > > thanks for your help > > Olivier > > > Have you tried looking on Cisco.com for configuration guides and > examples? Have you even tried to "Google" this? > > Why don't you try and configure this and if it doesn't work, ask for > heklp and show what you have tried. > > Cheers, > James. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6500/SUP720-3BXL - 7600-SIP-400 => VPDN for ppp connection ?
Hi Anyone know how configure a Cisco 6500 with Sup720-3BXL, and 7600-SIP-400 for support Vpdn/PPP linx termination ? thanks for your help Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 with SIP-400 ?
Hi I change the IOS version for 12.2(33)SXJ9 and now: Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 1 Policy Feature Card 3 WS-F6K-PFC3BXL SAD094606KV 1.6Ok 1 MSFC3 Daughterboard WS-SUP720 SAD095205RF 2.3Ok 2/0 2xGE V2 SPA SPA-2X1GE-V2 SAL1925HGJ0 1.2Ok greats ;=) regards Olivier 2017-01-27 8:35 GMT+01:00 Gert Doering <g...@greenie.muc.de>: > Hi, > > On Fri, Jan 27, 2017 at 01:12:07AM +0100, Olivier CALVANO wrote: > > anyone can why we have a "OutSrvc" status ? > > I'd expect the router to log something at card insertion time that > clarifies why it isn't liking the SPA - hardware revision, wrong > software version (no _wan?), etc. > > > -- > USENET is *not* the non-clickable part of WWW! >// > www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025g...@net.informatik.tu- > muenchen.de > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6500 with SIP-400 ?
Hi i have installed a 7600-SIP-400 into a 6500 with SUP720-3BXL, the router see the SIP card Mod Ports Card Type Model Serial No. --- - -- -- --- 12 Supervisor Engine 720 (Active) WS-SUP720-3BXL SAD100100AU 20 4-subslot SPA Interface Processor-400 7600-SIP-400 SAL1544U24H 3 16 SFM-capable 16 port 1000mb GBICWS-X6516-GBIC SAD060303M0 but for SPA: Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 1 Policy Feature Card 3 WS-F6K-PFC3BXL SAD094606KV 1.6Ok 1 MSFC3 Daughterboard WS-SUP720 SAD095205RF 2.3Ok 2/0 2xGE SPASPA-2X1GE-V2 SAL1925HGJ0 1.2 OutSrvc anyone can why we have a "OutSrvc" status ? and we have add this card for support PPPoE/VPDN, anyone use this card for this ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] err-disable state on a cisco 3750 catalyst
Hi i have a big problems with one cisco 3750 : Jul 12 17:30:36.218: %PM-4-ERR_DISABLE: channel-misconfig error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state Jul 12 17:30:36.856: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po1, putting Gi1/0/1 in err-disable state Jul 12 17:30:36.856: %PM-4-ERR_DISABLE: channel-misconfig error detected on Po1, putting Po1 in err-disable state The port is in err-disable regularly .. a shut and no shut that's restart C3750#sh errdisable detect ErrDisable Reason DetectionMode - - arp-inspection Enabled port bpduguard Enabled port channel-misconfig Enabled port community-limit Enabled port dhcp-rate-limit Enabled port dtp-flapEnabled port gbic-invalidDisabled inline-powerEnabled port invalid-policy Enabled port l2ptguard Enabled port link-flap Enabled port loopbackEnabled port lsgroup Enabled port mac-limit Enabled port pagp-flap Enabled port port-mode-failure Enabled port psecure-violation Enabled port/vlan security-violation Enabled port sfp-config-mismatch Enabled port small-frame Enabled port storm-control Enabled port udldEnabled port vmpsEnabled port there is a solution to disable the errdisable on this type of switch? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco and ATM VC => Limit PCR
Hi i request a small help on a Cisco with ATM cards. we have a interface: interface ATM1/0.937 point-to-point mtu 1600 atm route-bridged ip no atm enable-ilmi-trap pvc LINKONE 1/937 l2transport vbr-nrt 2048 2048 1 encapsulation aal5snap xconnect 192.168.1.1 2043 pw-class Ethernet My problems, this link is satured. My Operator said: actually PCR 4835 cel/s and CDV 223 us please limite at PCR 4830 cel/s and CDV 224us and MCR at 170 cel/s anyone know where i can create a "class" and put into my interface a limitation ? (a sample of configuration) regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASA5500 and user with same login ?
Hi we have a cisco ASA 5500 for IPSec remote individual user. my problems is a login to connect several times simultaneously they have a solution for this ? regards olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Blackhole ?
Hi I have a network with ~10 router cisco with the full table BGP. I want add for my customer a blackhole possibility. Anyone have a tuto for this ? i think's add a second bgp session with my customer and when he sent a prefix in this session, that put a route null on all of my router, it's possible ? regards olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Vlan on Cisco 6500
hi A small question on Cisco 6500 With sup720: Can i configure a same vlan number on two (or more) port ? Or the 6500 is limited at 4096 vlan dispatched on all card/port ? Sample: GigabitEthernet3/1.100 Encapsulation dot1q 100 Ip address 192.168.0.1 And GigabitEthernet3/2.100 Encapsulation dot1q 100 Ip address 192.168.100.254 And GigabitEthernet4/7.100 Encapsulation dot1q 100 Xconnect .. Thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Catalyst 3750 - limit mac per vlan ?
Hi On Cisco Catalyst 3750, it's possible to limit a max of MAC address per vlan ? i receive on a trunk 802.1k a lot of vlan. On each vlan received, i want limit to 10 MAC address ;=) a suggestion ? regards olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Catalyst 3750 - limit mac per vlan ?
Its for port no ? Not specific vlan Le mardi 28 avril 2015, Lukas Tribus luky...@hotmail.com a écrit : Hi On Cisco Catalyst 3750, it's possible to limit a max of MAC address per vlan ? i receive on a trunk 802.1k a lot of vlan. On each vlan received, i want limit to 10 MAC address ;=) a suggestion ? Use port-security to limit mac addresses. Lukas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vpdn config ?
Thanks for your answer, Ok vpdn multihop = i have i add: vpdn authen-before-forward do you know if a second vpdn group is necessary ? my radius sent to my router: Sending Access-Accept of id 57 to 172.20.1.1 port 1645 Tunnel-Medium-Type:0 = IPv4 Tunnel-Server-Endpoint:0 = 172.20.2.100 Tunnel-Type:0 = L2TP Message-Authenticator = 0x Service-Type = Outbound-User Tunnel-Assignment-Id:0 = tunnel-lns Tunnel-Client-Auth-Id:0 = LAC-172-20-1-1 Tunnel-Server-Auth-Id:0 = LNS-172-20-1-1 Tunnel-Client-Endpoint:0 = 172.20.1.1 all is correct ? because 172.20.2.100 never receive a L2TP packet from my router 172.20.1.1 LAC-172-20-1-1 and LNS-172-20-1-1 is on the vpdn-group that receiv the session of my suplier with this modification, we have now on my router debug : Mar 20 07:33:12.708: VPDN Received L2TUN socket message xCRQ - Session Incoming Mar 20 07:33:12.712: VPDN uid:85 L2TUN socket session accept requested Mar 20 07:33:12.712: VPDN uid:85 Setting up dataplane for L2-L2, no idb Mar 20 07:33:12.900: VPDN Received L2TUN socket message xCCN - Session Connected Mar 20 07:33:12.900: VPDN uid:85 VPDN session up Mar 20 07:33:13.036: VPDN MGR: Received message, client dialin request Mar 20 07:33:13.036: VPDN uid:85 L2TUN socket session connect requested Mar 20 07:33:13.036: VPDN uid:85 Setting up dataplane for L2-L2, no idb Mar 20 07:33:13.072: %VPDN-6-AUTHENERR: L2TP LNS-172-20-1-1 cannot authenticate for tunnel ; Result 4, Error 0, process challenge failed Mar 20 07:33:13.072: VPDN Received L2TUN socket message CDN - Session Disconnected Mar 20 07:33:13.072: VPDN uid:85 disconnect (L2X) IETF: 9/nas-error Ascend: 48/Security Fail Mar 20 07:33:13.072: VPDN uid:85 vpdn shutdown session, result=101, error=0, vendor_err=0, syslog_error_code=3, syslog_key_type=0 Mar 20 07:33:13.076: VPDN CALL [uid:85]: Received client message client connect fail Mar 20 07:33:13.076: VPDN uid:85 disconnect (AAA) IETF: 9/nas-error Ascend: 48/Security Fail Mar 20 07:33:13.076: VPDN uid:85 vpdn shutdown session, result=101, error=0, vendor_err=0, syslog_error_code=3, syslog_key_type=0 Mar 20 07:33:13.080: VPDN uid:85 VPDN/AAA: accounting stop sent VPDN-6-AUTHENERR: L2TP LNS-172-20-1-1 cannot authenticate for tunnel ? regards Olivier 2015-03-20 8:01 GMT+01:00 Oliver Boehmer (oboehmer) oboeh...@cisco.com: You might need vpdn multihop vpdn authen-before-forward the first cmd will enable forwarding of sessions to another LNS, and the 2nd will allow this forwarding to be done on a per-user (as opposed to per-domain/realm) basis oli -Original Message- From: Olivier CALVANO o.calv...@gmail.com Date: Friday, 20 March 2015 06:39 To: CiscoNSP List cisconsp_l...@hotmail.com Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Vpdn config ? Yes based on realm but based on radius attributs , not a physical config on the router. The tunnel destination is sent by the radius of my customer Le vendredi 20 mars 2015, CiscoNSP List cisconsp_l...@hotmail.com a écrit : You want to do VPDN Multihop based on a specific domain? (i.e. forward connection requests for a specific realm to an alternate LNS (So create an L2TP tunnel)) If so, I set one of these up a couple of years agoill dig up the working conf if that's what you are trying to do. Date: Fri, 20 Mar 2015 04:29:43 +0100 From: o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com'); To: cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); Subject: Re: [c-nsp] Vpdn config ? i have one vpdn-group only: vpdn-group UserLNS accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC-172-20-1-1 local name LNS-172-20-1-1 lcp renegotiation always no l2tp tunnel authentication l2tp tunnel receive-window 500 l2tp tunnel retransmit retries 7 l2tp tunnel retransmit timeout min 2 l2tp tunnel retransmit timeout max 7 interface Virtual-Template1 description DSL User mtu 1460 ip unnumbered Loopback100 ip tcp adjust-mss 1420 no logging event link-status no peer default ip address keepalive 20 ppp mtu adaptive ppp authentication chap ppp-radius ppp multilink It's linked with the loopback100 but i put: Tunnel-Client-Endpoint:0 = 172.20.1.1 172.20.1.1 is not the IP of Loopback100, it's a problems ? because the first tunnel (my supplier to my router) work, this vpdn/virtual-template is good i think's but for the second tunnel, my router to my customer, it should not be a second vpdn/virtual-template in out ? thanks for your help 2015-03-19 10:37 GMT+01:00 Olivier CALVANO o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com');: Hi i am
Re: [c-nsp] Vpdn config ?
A tunnel-password is obligatory ? Sent by the radius ? Because with my suplier we dont have tunnel-password I cant test now but it's a track I'll watch Regards Olivier Le vendredi 20 mars 2015, Oliver Boehmer (oboehmer) oboeh...@cisco.com a écrit : my vpdn knowledge is a bit rusty, you're definitely missing a Tunnel-Password for authentication with the remote LNS. You don't need a 2nd vpdn-group for this oli From: Olivier CALVANO o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com'); Date: Friday, 20 March 2015 08:35 To: Oliver Boehmer oboeh...@cisco.com javascript:_e(%7B%7D,'cvml','oboeh...@cisco.com'); Cc: CiscoNSP List cisconsp_l...@hotmail.com javascript:_e(%7B%7D,'cvml','cisconsp_l...@hotmail.com');, cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); Subject: Re: [c-nsp] Vpdn config ? Thanks for your answer, Ok vpdn multihop = i have i add: vpdn authen-before-forward do you know if a second vpdn group is necessary ? my radius sent to my router: Sending Access-Accept of id 57 to 172.20.1.1 port 1645 Tunnel-Medium-Type:0 = IPv4 Tunnel-Server-Endpoint:0 = 172.20.2.100 Tunnel-Type:0 = L2TP Message-Authenticator = 0x Service-Type = Outbound-User Tunnel-Assignment-Id:0 = tunnel-lns Tunnel-Client-Auth-Id:0 = LAC-172-20-1-1 Tunnel-Server-Auth-Id:0 = LNS-172-20-1-1 Tunnel-Client-Endpoint:0 = 172.20.1.1 all is correct ? because 172.20.2.100 never receive a L2TP packet from my router 172.20.1.1 LAC-172-20-1-1 and LNS-172-20-1-1 is on the vpdn-group that receiv the session of my suplier with this modification, we have now on my router debug : Mar 20 07:33:12.708: VPDN Received L2TUN socket message xCRQ - Session Incoming Mar 20 07:33:12.712: VPDN uid:85 L2TUN socket session accept requested Mar 20 07:33:12.712: VPDN uid:85 Setting up dataplane for L2-L2, no idb Mar 20 07:33:12.900: VPDN Received L2TUN socket message xCCN - Session Connected Mar 20 07:33:12.900: VPDN uid:85 VPDN session up Mar 20 07:33:13.036: VPDN MGR: Received message, client dialin request Mar 20 07:33:13.036: VPDN uid:85 L2TUN socket session connect requested Mar 20 07:33:13.036: VPDN uid:85 Setting up dataplane for L2-L2, no idb Mar 20 07:33:13.072: %VPDN-6-AUTHENERR: L2TP LNS-172-20-1-1 cannot authenticate for tunnel ; Result 4, Error 0, process challenge failed Mar 20 07:33:13.072: VPDN Received L2TUN socket message CDN - Session Disconnected Mar 20 07:33:13.072: VPDN uid:85 disconnect (L2X) IETF: 9/nas-error Ascend: 48/Security Fail Mar 20 07:33:13.072: VPDN uid:85 vpdn shutdown session, result=101, error=0, vendor_err=0, syslog_error_code=3, syslog_key_type=0 Mar 20 07:33:13.076: VPDN CALL [uid:85]: Received client message client connect fail Mar 20 07:33:13.076: VPDN uid:85 disconnect (AAA) IETF: 9/nas-error Ascend: 48/Security Fail Mar 20 07:33:13.076: VPDN uid:85 vpdn shutdown session, result=101, error=0, vendor_err=0, syslog_error_code=3, syslog_key_type=0 Mar 20 07:33:13.080: VPDN uid:85 VPDN/AAA: accounting stop sent VPDN-6-AUTHENERR: L2TP LNS-172-20-1-1 cannot authenticate for tunnel ? regards Olivier 2015-03-20 8:01 GMT+01:00 Oliver Boehmer (oboehmer) oboeh...@cisco.com javascript:_e(%7B%7D,'cvml','oboeh...@cisco.com');: You might need vpdn multihop vpdn authen-before-forward the first cmd will enable forwarding of sessions to another LNS, and the 2nd will allow this forwarding to be done on a per-user (as opposed to per-domain/realm) basis oli -Original Message- From: Olivier CALVANO o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com'); Date: Friday, 20 March 2015 06:39 To: CiscoNSP List cisconsp_l...@hotmail.com javascript:_e(%7B%7D,'cvml','cisconsp_l...@hotmail.com'); Cc: cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); Subject: Re: [c-nsp] Vpdn config ? Yes based on realm but based on radius attributs , not a physical config on the router. The tunnel destination is sent by the radius of my customer Le vendredi 20 mars 2015, CiscoNSP List cisconsp_l...@hotmail.com javascript:_e(%7B%7D,'cvml','cisconsp_l...@hotmail.com'); a écrit : You want to do VPDN Multihop based on a specific domain? (i.e. forward connection requests for a specific realm to an alternate LNS (So create an L2TP tunnel)) If so, I set one of these up a couple of years agoill dig up the working conf if that's what you are trying to do. Date: Fri, 20 Mar 2015 04:29:43 +0100 From: o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com'); javascript:_e(%7B%7D,'cvml','o.calv
[c-nsp] Vpdn config ?
Hi i am search a vpdn config sample for my cisco 7301. I want forward a ppp connexion to another router. My radius sent to my router a Tunnel-End-Point but he don't forward (i see the connection in sh users) thanks for your help olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vpdn config ?
Yes based on realm but based on radius attributs , not a physical config on the router. The tunnel destination is sent by the radius of my customer Le vendredi 20 mars 2015, CiscoNSP List cisconsp_l...@hotmail.com a écrit : You want to do VPDN Multihop based on a specific domain? (i.e. forward connection requests for a specific realm to an alternate LNS (So create an L2TP tunnel)) If so, I set one of these up a couple of years agoill dig up the working conf if that's what you are trying to do. Date: Fri, 20 Mar 2015 04:29:43 +0100 From: o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com'); To: cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); Subject: Re: [c-nsp] Vpdn config ? i have one vpdn-group only: vpdn-group UserLNS accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC-172-20-1-1 local name LNS-172-20-1-1 lcp renegotiation always no l2tp tunnel authentication l2tp tunnel receive-window 500 l2tp tunnel retransmit retries 7 l2tp tunnel retransmit timeout min 2 l2tp tunnel retransmit timeout max 7 interface Virtual-Template1 description DSL User mtu 1460 ip unnumbered Loopback100 ip tcp adjust-mss 1420 no logging event link-status no peer default ip address keepalive 20 ppp mtu adaptive ppp authentication chap ppp-radius ppp multilink It's linked with the loopback100 but i put: Tunnel-Client-Endpoint:0 = 172.20.1.1 172.20.1.1 is not the IP of Loopback100, it's a problems ? because the first tunnel (my supplier to my router) work, this vpdn/virtual-template is good i think's but for the second tunnel, my router to my customer, it should not be a second vpdn/virtual-template in out ? thanks for your help 2015-03-19 10:37 GMT+01:00 Olivier CALVANO o.calv...@gmail.com javascript:_e(%7B%7D,'cvml','o.calv...@gmail.com');: Hi i am search a vpdn config sample for my cisco 7301. I want forward a ppp connexion to another router. My radius sent to my router a Tunnel-End-Point but he don't forward (i see the connection in sh users) thanks for your help olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net javascript:_e(%7B%7D,'cvml','cisco-nsp@puck.nether.net'); https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vpdn config ?
i have one vpdn-group only: vpdn-group UserLNS accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC-172-20-1-1 local name LNS-172-20-1-1 lcp renegotiation always no l2tp tunnel authentication l2tp tunnel receive-window 500 l2tp tunnel retransmit retries 7 l2tp tunnel retransmit timeout min 2 l2tp tunnel retransmit timeout max 7 interface Virtual-Template1 description DSL User mtu 1460 ip unnumbered Loopback100 ip tcp adjust-mss 1420 no logging event link-status no peer default ip address keepalive 20 ppp mtu adaptive ppp authentication chap ppp-radius ppp multilink It's linked with the loopback100 but i put: Tunnel-Client-Endpoint:0 = 172.20.1.1 172.20.1.1 is not the IP of Loopback100, it's a problems ? because the first tunnel (my supplier to my router) work, this vpdn/virtual-template is good i think's but for the second tunnel, my router to my customer, it should not be a second vpdn/virtual-template in out ? thanks for your help 2015-03-19 10:37 GMT+01:00 Olivier CALVANO o.calv...@gmail.com: Hi i am search a vpdn config sample for my cisco 7301. I want forward a ppp connexion to another router. My radius sent to my router a Tunnel-End-Point but he don't forward (i see the connection in sh users) thanks for your help olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vpdn config ?
Hi thanks for your answer, yes it's a traditionnal LAC/LNS, i receive from my supplier Adsl connection on my router, and i forward it to my final customer (i am wolesaler) i have read your link but on my config, that's don't work. My router receive but don't forward my radius sent to my router: Sending Access-Accept of id 57 to 172.20.1.1 port 1645 Tunnel-Medium-Type:0 = IPv4 Tunnel-Server-Endpoint:0 = 172.20.2.100 Tunnel-Type:0 = L2TP Message-Authenticator = 0x Service-Type = Outbound-User Tunnel-Assignment-Id:0 = tunnel-lns Tunnel-Client-Auth-Id:0 = LAC-172-20-1-1 Tunnel-Server-Auth-Id:0 = LNS-172-20-1-1 Tunnel-Client-Endpoint:0 = 172.20.1.1 and on router debut: Mar 20 03:00:53.870: VPDN Received L2TUN socket message xCRQ - Session Incoming Mar 20 03:00:53.870: VPDN uid:71 L2TUN socket session accept requested Mar 20 03:00:53.870: VPDN uid:71 Setting up dataplane for L2-L2, no idb Mar 20 03:00:54.026: VPDN Received L2TUN socket message xCCN - Session Connected Mar 20 03:00:54.030: VPDN uid:71 VPDN session up L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0 L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0 Mar 20 03:00:54.170: VPDN uid:71 Virtual interface created for lab-adsl-1@my.realm bandwidth 608 Kbps Mar 20 03:00:54.170: VPDN Vi2.1 Virtual interface created for lab-adsl-1@my.realm, bandwidth 608 Kbps Mar 20 03:00:54.170: VPDN Vi2.1 Setting up dataplane for L2-L3, Vi2.1 L2X_ADJ: Vi2.1:allocated ctx, size 1 Mar 20 03:00:54.174: VPDN Received L2TUN socket message Dataplane UP L2X_ADJ: Vi2.1:adj notify change, event 5 L2X_ADJ: Vi2.1:adj notify change, event 2 L2X_ADJ: Vi2.1:midchain stacking IP 0.0.0.0 to 193.xx.xx.xx (VRF 0) L2X_ADJ: Vi2.1:adj notify change, event 8 L2X_ADJ: Vi2.1:adj notify change, event 3 C7301#sh vpdn L2TP Tunnel and Session Information Total tunnels 1 sessions 1 LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/Count VPDN Group 53404 2005 LAC-172-20-1-1 est193.xx.xx.xx 1 UserLNS LocID RemID TunID Username, Intf/ State Last Chg Uniq ID Vcid, Circuit 70 49653404 lab-adsl-1..., Vi2.1 est00:01:01 71 I see the session with my suplier (lac: 193.xx.xx.xx) i see the users in local: C7301-8.VEN01#sh users InterfaceUser Mode Idle Peer Address Vi2.1lab-adsl-1@my.realm PPPoVPDN - but he don't connecte to the remote router 172.20.2.100 do you have a idea ? thanks olivier 2015-03-19 19:17 GMT+01:00 James Bensley jwbens...@gmail.com: On 19 March 2015 at 09:37, Olivier CALVANO o.calv...@gmail.com wrote: Hi i am search a vpdn config sample for my cisco 7301. I want forward a ppp connexion to another router. My radius sent to my router a Tunnel-End-Point but he don't forward (i see the connection in sh users) Do you want to forward the PPP session on inside an L2TP tunnel like a traditional LAC/LNS service provider scenario? If so this is an example of such a config: This is an example config that might be what you are looking for; http://null.53bits.co.uk/index.php?page=lac-wholesale-pppoa-e-l2tp-tunnelling-with-freeradius-2 Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Question BGP Table
Hi i see in my network in sh ip bgp xxx: BGP routing table entry for xx.xx.xx.xx/30, version 534149 Paths: (2 available, best #1, table default, not advertised to EBGP peer, RIB-failure(17)) Not advertised to any peer Local on 3x /30, on the same router, i have: RIB-failure(17) and in logs: %IPRT-3-RIB_LOOP: Resolution loop formed by routes in RIB (it's a cisco 7201) Anyone know what is this failure ? regards Olivier. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Limitation on Cisco catalyst 3550 ?
Hi anyone know if it's possible on a cisco catalyst 3550 to limit the number of packets/sec and flow a on specific port ? if the limit is reached the port goes into shutdown thanks olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] No telnet access
Hi I have a small problems with a small lot of Cisco 6500: i use classical telnet access: line vty 0 4 exec-timeout 5 0 password xxx login transport input telnet ssh line vty 5 15 exec-timeout 5 0 password xxx login transport input telnet ssh Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXJ5, RELEASE SOFTWARE (fc2) No access list, no restriction. we have only this information in debug: TCP0: bad seg from 172.16.1.55 -- IDB not up: port 23 seq 2077473065 ack 0 rcvnxt 0 rcvwnd 4128 len 0 TCP0: bad seg from 172.16.1.55 -- IDB not up: port 23 seq 2077473065 ack 0 rcvnxt 0 rcvwnd 4128 len 0 TCP0: bad seg from 172.16.1.55 -- IDB not up: port 23 seq 2077473065 ack 0 rcvnxt 0 rcvwnd 4128 len 0 TCP0: bad seg from 172.16.1.55 -- IDB not up: port 23 seq 2077473065 ack 0 rcvnxt 0 rcvwnd 4128 len 0 TCP0: bad seg from 172.16.1.55 -- IDB not up: port 23 seq 2447906298 ack 0 rcvnxt 0 rcvwnd 4128 len 0 The problem does this product from certain IP source, not for all a idea of this problems ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] (no subject)
Hi A small question please, on Cisco ME3400/3800 With this config: interface GigabitEthernet0/15 switchport trunk allowed vlan none switchport mode trunk speed 100 duplex full no cdp enable service instance 11 ethernet encapsulation dot1q 1-4094 bridge-domain 909 ! The cisco encapsule the Spaning tree and other L2 Protocole into the vlan 909 ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Router for Transit to customer
Hi I want add a new router for supply Internet transit IPv4/IPv6 at my customer. Actually, i use a Cisco SUP720-3BXL for ~10 customers and ~400 Mbits but sup720 are now old and slow. Someone could advise me on what guide me? ASR1001 ? ASR1002 with RP1 ? With RP2 ? Cisco 6500 VS-S2T-10g-XL ? other ? My intention is not to be a very big suppliers and as I provides for the equipment to spare to go with a solution with a price / quality ratio Best Regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Router for Transit to customer
Yes full table Only 2 Interfaces, One for my network and one connected to a switch (vlan interface) 2014-03-02 12:32 GMT+01:00 Lukas Tribus luky...@hotmail.com: Hi, I want add a new router for supply Internet transit IPv4/IPv6 at my customer. Actually, i use a Cisco SUP720-3BXL for ~10 customers and ~400 Mbits but sup720 are now old and slow. Do you have the full BGP table in the FIB? What and how much interfaces do you need? Regards, Lukas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco CSR 1000V License ?
Hi anyone have the price list of Cisco CSR 1000v router for VMWare ? We can buy online this license ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco UCS C220
Hi i know that it's not a router, but i am search a solution at a small cisco UCS C220 Problems, if anyone can help me. We have a cisco UCS C220 M3 in lab, with only 1 SSD drive and LSI Soft Megaraid integred. I can install VMWare Esxi on, he detect the hard drive, but after i don't have a HDD choice in boot order. it's normal ? i don't see where i can boot on the SSD drive best regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco ME3800 and QinQ
Hi i want use a Cisco 3800 for change a old cisco 3750 but i have a problems: ME3800(config-if)#switchport mod ME3800(config-if)#switchport mode ? access Set trunking mode to ACCESS unconditionally trunk Set trunking mode to TRUNK unconditionally i don't have the dot1q-tunnel , anyone know why ? sh ver: *Dec 17 12:39:16.043: %SYS-5-CONFIG_I: Configured from console by consoler Cisco IOS Software, ME380x Software (ME380x-UNIVERSALK9-M), Version 15.2(4)S4, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Sun 01-Sep-13 18:29 by prod_rel_team ROM: Bootstrap program is WHALES boot loader BOOTLDR: ME380x Boot Loader (ME380X-HBOOT-M) Version 12.2(52r)EY2, RELEASE SOFTWARE (fc1) ME3800-1 uptime is 23 minutes System returned to ROM by power-on System image file is flash:/me380x-universalk9-mz.152-4.S4/me380x-universalk9-mz.152-4.S4.bin Last reload reason: Unknown reason This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to exp...@cisco.com. License Level: MetroEthServices License Type: Permanent Next reload license Level: MetroEthServices cisco ME-3800X-24FS-M (PowerPC8572) processor (revision A0) with 1015808K/32760K bytes of memory. Processor board ID FOC1545V26H Last reset from power-on 1 Virtual Ethernet interface 25 Gigabit Ethernet interfaces 2 Ten Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 1536K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : D4:D7:48:BC:43:80 Motherboard assembly number : 73-12068-07 Motherboard serial number : FOC154050PU Model revision number : A0 Motherboard revision number : B0 Model number: ME-3800X-24FS-M System serial number: FOC1545V26H Top Assembly Part Number: 800-31465-01 Top Assembly Revision Number: B0 Version ID : V01 CLEI Code Number: IPMSW00DRA Configuration register is 0xF thanks for your help best regard jerome ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Vlan ?
Hi a small question : i have a cisco 6503 with sup720, on this 6503, i have a interface: interface GigabitEthernet3/1.500 encapsulation dot1q 500 interface GigabitEthernet3/1.501 encapsulation dot1q 501 i want a ethernet link between vlan 500 and 501 it's possible ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6500 xconnect vlan mode and QinQ ?
HI small question please: We have a Cisco 6500 with Sup720, we use this config: pseudowire-class LayerOK encapsulation mpls interworking ethernet interface GigabitEthernet3/48 mtu 4470 no ip address ! interface GigabitEthernet3/48.3300 encapsulation dot1Q 3300 xconnect 172.16.1.24 3001 pw-class LayerOK ! interface GigabitEthernet3/48.3301 encapsulation dot1Q 3301 xconnect 172.16.1.43 3002 pw-class LayerOK ! interface GigabitEthernet3/48.3302 encapsulation dot1Q 3302 xconnect 172.16.1.23 3003 pw-class LayerOK My customer sent me two questions: - Each vlan (3300,3301,3302) can transport a QinQ tag ? - ethertype 0x9100 is supported/encapsuled ? thanks for your help Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco ME3800 license ?
Hi I am search a license for my Cisco Catalyst ME3800: L-ME3800X-A Metro Aggregation Svc Lic does anyone know if there is a partner program or other that allows beneifier of this license has more attractive price? best regards olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Xconnect between two interface on a Cisco 6500 vs-S2T-10G
Hi I am search a solution for a xconnect between two interface: I receive a Vlan 80: interface TenGigabitEthernet5/1 no ip address no ip redirects no ip proxy-arp no ip route-cache no cdp enable ! interface TenGigabitEthernet5/1.80 encapsulation dot1Q 80 no ip redirects no ip proxy-arp no ip route-cache no cdp enable I want transfert in layer 2 all packet to a other interface: interface GigabitEthernet3/24 no ip address Not a problems with a classic xconnect between two routers, but in this request, it's the same router A Idea ? Thanks for your help Best regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VS-S2T-10G card with WS-X6748-SFP Card = DFC Problems
Hi i have a Cisco 6504E with a VS-S2T-10G and a small problems with two card: *Mar 25 17:20:06.375: %C6KENV-2-DFCMISMATCH: Module 2 DFC incompatible with Supervisor DFC. Power denied *Mar 25 17:20:09.299: %C6KENV-2-DFCMISMATCH: Module 3 DFC incompatible with Supervisor DFC. Power denied Anyone know a solution to this problems ? Router#sh module Mod Ports Card Type Model Serial No. --- - -- -- --- 15 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1618BM8W 2 16 CEF720 16 port 10GEWS-X6716-10GE SAL16159VEP 4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1536PBFG Mod MAC addresses HwFw Sw Status --- -- -- --- 1 e05f.b910.942e to e05f.b910.9435 1.3 12.2(50r)SYS 15.1(1)SYOther 2 5057.a866.6828 to 5057.a866.6837 1.1 Unknown Unknown PwrDown 4 0007.7d36.9918 to 0007.7d36.9947 4.2 Unknown Unknown Other Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 1 Policy Feature Card 4 VS-F6K-PFC4SAL1616ACGX 1.2Other 1 CPU Daughterboard VS-F6K-MSFC5 SAL1618BNAS 1.4Other 2 Distributed Forwarding Card WS-F6700-DFC3C SAL16138H3N 1.5PwrDown 4 Centralized Forwarding Card WS-F6700-CFC SAL1538QQ27 4.1Other Mod Online Diag Status --- 1 Unknown 2 Not Applicable 4 Unknown Router# thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco IPSEC Client software for Windows 8 ?
Hi anyone know if they have a Cisco IPSec Client for Windows 8 ? for connect to my asa Thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6500/Sup720-3BXL: Limit Speed of a Vlan
Hi I have a lot of cisco 6500 with SUP720-3BLX cards. I use it for connect remote office. Office A1 == \ /== Office A2 Office B1 ===\ /=== Office B2 === Cisco 6500 1 Cisco 6500 2 === Office C1 ===/ \=== Office C2 Office D1 ==/ \== Office D2 My config: interface GigabitEthernet3/20 mtu 2000 no ip address interface GigabitEthernet3/20.1746 Description Office A1 encapsulation dot1Q 1746 xconnect 172.16.1.2 1746 encapsulation mpls interface GigabitEthernet3/20.1747 Description Office B1 encapsulation dot1Q 1747 xconnect 172.16.1.2 1747 encapsulation mpls interface GigabitEthernet3/20.1748 Description Office C1 encapsulation dot1Q 1748 xconnect 172.16.1.2 1748 encapsulation mpls interface GigabitEthernet3/20.1749 Description Office D1 encapsulation dot1Q 1749 xconnect 172.16.1.2 1749 encapsulation mpls Actually, this 4 offices don't have a real limit (only the 1 Gbits of ports) if a office use 1 Gbits, all other office are impacted. I want limit based on office: Office A: 250 Mbits Office B: 100 Mbits Office C: 100 Mbits Office D: 200 Mbits Any one know the configuration for this ? And same recherche in port mode: interface GigabitEthernet3/1 mtu 2000 no ip address xconnect 172.16.1.38 750 encapsulation mpls I have 1 Gbits of ports but want limit at 400 Mbits Thanks for your help Best Regards Olivier. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6506E/Sup720 = EoMPLS port mode support Full spanning tree ?
Hi Anyone know if i use a port of my cisco 6506E/Sup720 in EoMPLS Port mode, the Spanning tree and other is encapsuled into the EoMPLS ? Thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] LAG - Mode LACP Active on Cisco 7301 ?
Hi One of my supplier want that i active LAG on my Cisco Router but i don't know what is this. Anyone know the command or process for configure LAG (Mode LACP active) on a Cisco 7301 ? Thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Sup720-3B start in RomMon
Hi thanks for your answer but no change. I see a possible problems in boot message: System Bootstrap, Version 8.1(3) Copyright (c) 1994-2004 by cisco Systems, Inc. Testing lower main memory - data equals address Testing lower main memory - checkerboard Testing lower main memory - inverse checkerboard Clearing lower 16K memory for cache initialization Clearing bss Clearing autoboot state machine Reading monitor variables from NVRAM Warning: Rommon NVRAM area is corrupted. Initialize the area to default values NVRam corrupted ? best regards Olivier 2012/10/16 Steve Lalonde st...@enta.net: On 16 Oct 2012, at 10:12, Olivier CALVANO o.calv...@gmail.com wrote: Hi i have a small problems with a new Sup720-3B: When i start it, i have rommon .. at rommon, if i put boot, he load witout problems the IOS. In IOS, i have added boot system flash disk0:xxx.bin but no change in rommon, i have put confreg and select in boot 2 but no change any idea ? possibly the RP and SP config-reg are not the same or even set to go to rommon you can check with the following commands lab13#sh bootvar Configuration register is 0x2102 lab13#remote command switch sh bootvar Configuration register is 0x0 then fix it with lab13#conf t lab13(config)#config-register 0x2102 and the result lab13#sh bootvar Configuration register is 0x2102 lab13#remote command switch sh bootvar Configuration register is 0x2102 now should boot into IOS I have 1 sup720 in my lab that will not remember the config-reg on the SP if it gets powered off Steve ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Sup720-3B start in RomMon
Hi i have a small problems with a new Sup720-3B: When i start it, i have rommon .. at rommon, if i put boot, he load witout problems the IOS. In IOS, i have added boot system flash disk0:xxx.bin but no change in rommon, i have put confreg and select in boot 2 but no change any idea ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NAt on cisco ASA 5505
Hi i want nat on a cisco asa 5505 (ipsec tunnel site to site) : 192.168.10.0/24 in 192.168.235.0/24 it's possible ? all request from 192.168.10.0 to a IP into the ipsec tunnel are changer in 192.168.235.x thanks for your help olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7301 and STM-4 ?
Hi anyone know if the Cisco 7301 1U can support card STM-4 ? Best regards Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Help on redistribute OSPF/BGP
Hi i request a small help on my cisco 7301 because i never used OSPF. I have a OSPF session into a vrf: router ospf 1 vrf MYVRF router-id 172.16.1.254 log-adjacency-changes area 30 nssa no-redistribution on the same router, i have my full BGP on my AS: router bgp my-as-number address-family ipv4 vrf MYVRF redistribute connected redistribute static no synchronization exit-address-family i see the route: 7301#sh ip route vrf MYVRF Routing Table: MYVRF Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is xx.xx.xx.xx to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 17 subnets, 2 masks B 172.16.6.248/32 [200/0] via 78.41.184.12, 01:30:23 B 172.16.6.251/32 [200/0] via 78.41.184.12, 01:30:23 B 172.16.6.12/30 [200/0] via 78.41.184.12, 01:30:23 O N1172.16.7.29/32 [110/40] via 172.16.1.94, 00:48:50, GigabitEthernet0/1 O N1172.16.7.30/32 What is the configuration for sent to the OSPF all routes of BGP and same, sent into the bgp all route of the OSPF ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Help on redistribute OSPF/BGP
Hi Thanks, i have added this into my router: router bgp address-family ipv4 vrf MYVRF redistribute connected redistribute static redistribute ospf 1 vrf MYVRF match nssa-external 1 nssa-external 2 no synchronization exit-address-family and now, i see into my BGP the two prefixe: 7301#sh ip route vrf MYVRF ospf Routing Table: MYVRF 172.16.0.0/16 is variably subnetted, 17 subnets, 2 masks O N1172.16.7.29/32 [110/40] via 172.16.11.94, 01:37:04, GigabitEthernet0/1.713 O N1172.16.7.30/32 [110/40] via 172.16.1.94, 01:38:42, GigabitEthernet0/1.713 on a other router of the MPLS IP VPN: 7204#sh ip route vrf MYVRF | inc /32 B 172.16.7.29/32 [200/40] via xx.xx.xx.xx, 00:07:04 B 172.16.7.30/32 [200/40] via xx.xx.xx.xx, 00:07:04 but now i want sent the BGP routes into the OSPF, i have added: router ospf 1 vrf MYVRF router-id 172.16.1.254 log-adjacency-changes area 30 nssa no-redistribution redistribute bgp subnets but that's don't sent BGP route to the neighbor ospf (or i don't have the good command for see what route are sent ;=) Olivier 2012/8/30 Muhammad Atif Jauhar atif.jau...@gmail.com: Hi Olivier, 1. To redistribute OSPF routes in BGP router bgp my-as-number address-family ipv4 vrf MYVRF redistribute ospf 1 vrf MYVRF 2. To redistribute BGP routes in OSPF router ospf 1 vrf MYVRF redistribute bgp my-as-number subnets Hopefully this my answer your queries. Regards, Atif. On Thu, Aug 30, 2012 at 7:11 PM, Olivier CALVANO o.calv...@gmail.com wrote: Hi i request a small help on my cisco 7301 because i never used OSPF. I have a OSPF session into a vrf: router ospf 1 vrf MYVRF router-id 172.16.1.254 log-adjacency-changes area 30 nssa no-redistribution on the same router, i have my full BGP on my AS: router bgp my-as-number address-family ipv4 vrf MYVRF redistribute connected redistribute static no synchronization exit-address-family i see the route: 7301#sh ip route vrf MYVRF Routing Table: MYVRF Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is xx.xx.xx.xx to network 0.0.0.0 172.16.0.0/16 is variably subnetted, 17 subnets, 2 masks B 172.16.6.248/32 [200/0] via 78.41.184.12, 01:30:23 B 172.16.6.251/32 [200/0] via 78.41.184.12, 01:30:23 B 172.16.6.12/30 [200/0] via 78.41.184.12, 01:30:23 O N1172.16.7.29/32 [110/40] via 172.16.1.94, 00:48:50, GigabitEthernet0/1 O N1172.16.7.30/32 What is the configuration for sent to the OSPF all routes of BGP and same, sent into the bgp all route of the OSPF ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlkan mapping on Cisco ME3400E
Anyone can help me ??? Le 23 mars 2012 20:51, Olivier CALVANO o.calv...@gmail.com a écrit : Hi i request your help for resolv a problems. I want see in labs a specific configuration, for this i have: 1 Cisco 7301 router, labelled PE 2 Cisco 1841 router, labelled first CE1 and second CE2 1 Cisco ME3400E, labelled Gateway 1 Cisco 3750, labelled Transport 2 cisco 3750, labelled Delivery1 and Delivery2. For my labs, the C3750 Transport is only for simule the carrier. My config: Cisco 7301 is connected to ME3400E port 1 config Cisco 7301: C7301 interface GigabitEthernet0/2 mtu 1600 no ip address no ip route-cache cef no ip route-cache media-type rj45 speed auto duplex auto no negotiation auto interface GigabitEthernet0/2.500 encapsulation dot1Q 500 ip address 192.168.51.1 255.255.255.252 no ip route-cache interface GigabitEthernet0/2.600 encapsulation dot1Q 600 ip address 192.168.61.1 255.255.255.252 no ip route-cache On the ME3400E interface FastEthernet0/1 Descript port of C7301 switchport trunk allowed vlan 500,600 switchport mode trunk ! interface FastEthernet0/24 description Port to Transport port-type nni switchport mode trunk switchport vlan mapping 500-599 dot1q-tunnel 100 switchport vlan mapping 600-699 dot1q-tunnel 101 On C3750 transport: interface FastEthernet1/0/1 description Vers Switch Delivery1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 switchport mode trunk ! interface FastEthernet1/0/2 description Vers Switch Delivery2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk interface FastEthernet1/0/24 description Vers Switch ME3400E switchport trunk encapsulation dot1q switchport trunk allowed vlan 100,101 switchport mode trunk On C3750 Delivery1: interface FastEthernet1/0/1 description to CE1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 500-599 switchport mode trunk interface FastEthernet1/0/48 description to transport switchport access vlan 100 switchport mode dot1q-tunnel no cdp enable no cdp tlv server-location no cdp tlv app On C3750 Delivery2: interface FastEthernet1/0/1 description to CE2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 600-699 switchport mode trunk interface FastEthernet1/0/48 description to transport switchport access vlan 101 switchport mode dot1q-tunnel no cdp enable no cdp tlv server-location no cdp tlv app on CE1: interface FastEthernet0/0 no ip address speed auto full-duplex no mop enabled ! interface FastEthernet0/0.500 encapsulation dot1Q 500 ip address 192.168.51.2 255.255.255.252 on CE2 interface FastEthernet0/0 no ip address speed auto full-duplex no mop enabled ! interface FastEthernet0/0.600 encapsulation dot1Q 600 ip address 192.168.61.2 255.255.255.252 My objectif is encapsuled vlan 500 to 599 into the vlan transport 100 and encapsuled vlan 600 to 699 into the vlan transport 101. Where is my error? because all vlan are created on switch but C7301 don't ping CE1 or CE2 Transport is my carrier, i supply me 3 ports in trunk with two vlan. A friends say me : Use L2TP between ME3400E and each Delivery Switch thanks for your help. Olicier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Vlkan mapping on Cisco ME3400E
Hi i request your help for resolv a problems. I want see in labs a specific configuration, for this i have: 1 Cisco 7301 router, labelled PE 2 Cisco 1841 router, labelled first CE1 and second CE2 1 Cisco ME3400E, labelled Gateway 1 Cisco 3750, labelled Transport 2 cisco 3750, labelled Delivery1 and Delivery2. For my labs, the C3750 Transport is only for simule the carrier. My config: Cisco 7301 is connected to ME3400E port 1 config Cisco 7301: C7301 interface GigabitEthernet0/2 mtu 1600 no ip address no ip route-cache cef no ip route-cache media-type rj45 speed auto duplex auto no negotiation auto interface GigabitEthernet0/2.500 encapsulation dot1Q 500 ip address 192.168.51.1 255.255.255.252 no ip route-cache interface GigabitEthernet0/2.600 encapsulation dot1Q 600 ip address 192.168.61.1 255.255.255.252 no ip route-cache On the ME3400E interface FastEthernet0/1 Descript port of C7301 switchport trunk allowed vlan 500,600 switchport mode trunk ! interface FastEthernet0/24 description Port to Transport port-type nni switchport mode trunk switchport vlan mapping 500-599 dot1q-tunnel 100 switchport vlan mapping 600-699 dot1q-tunnel 101 On C3750 transport: interface FastEthernet1/0/1 description Vers Switch Delivery1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 switchport mode trunk ! interface FastEthernet1/0/2 description Vers Switch Delivery2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101 switchport mode trunk interface FastEthernet1/0/24 description Vers Switch ME3400E switchport trunk encapsulation dot1q switchport trunk allowed vlan 100,101 switchport mode trunk On C3750 Delivery1: interface FastEthernet1/0/1 description to CE1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 500-599 switchport mode trunk interface FastEthernet1/0/48 description to transport switchport access vlan 100 switchport mode dot1q-tunnel no cdp enable no cdp tlv server-location no cdp tlv app On C3750 Delivery2: interface FastEthernet1/0/1 description to CE2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 600-699 switchport mode trunk interface FastEthernet1/0/48 description to transport switchport access vlan 101 switchport mode dot1q-tunnel no cdp enable no cdp tlv server-location no cdp tlv app on CE1: interface FastEthernet0/0 no ip address speed auto full-duplex no mop enabled ! interface FastEthernet0/0.500 encapsulation dot1Q 500 ip address 192.168.51.2 255.255.255.252 on CE2 interface FastEthernet0/0 no ip address speed auto full-duplex no mop enabled ! interface FastEthernet0/0.600 encapsulation dot1Q 600 ip address 192.168.61.2 255.255.255.252 My objectif is encapsuled vlan 500 to 599 into the vlan transport 100 and encapsuled vlan 600 to 699 into the vlan transport 101. Where is my error? because all vlan are created on switch but C7301 don't ping CE1 or CE2 Transport is my carrier, i supply me 3 ports in trunk with two vlan. A friends say me : Use L2TP between ME3400E and each Delivery Switch thanks for your help. Olicier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QinQ Cisco 3750 ?
Hi I am search a solution for this project: Cisco 7301 connected to a Cisco 3750 A by a Fiber Gig port. Port is in trunk C7301 == C3750 port gig 0/24 The cisco 3750 A is connecter in trunk to a carrier by the Gig 0/23. The carrier supply 4 ports: 1 Central Port connected to C3750 A 1 Port connected to C3750 B 1 Port connected to C3750 C 1 Port connected to C3750 D And on each, he supply one vlan Vlan 100: From C3750A to Cisco 3750 B Vlan 101: From C3750A to Cisco 3750 C Vlan 102: From C3750A to Cisco 3750 D I want use QinQ for: Cisco 7301 use vlan 500 to 600 for going on 3750 B Cisco 7301 use vlan 700 to 800 for going on 3750 C Cisco 7301 use vlan 900 to 1000 for going on 3750 D Sample: C7301 ge0/1.500 = trunk = C3750 A == Dot1q Tunnel into Vlan 100 == C3750 B = Trunk = C2821 ge1/1.500 C7301 ge0/1.750 = trunk = C3750 A == Dot1q Tunnel into Vlan 101 == C3750 C = Trunk = C1841 ge1/1.750 C7301 ge0/1.950 = trunk = C3750 A == Dot1q Tunnel into Vlan 102 == C3750 D = Trunk = C2811 ge1/1.950 It's possible ? Thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ATM pvc l2transport xconnect on Cisco 7301 ??
Hi i have a big problems, On a Cisco 7204 VXR, i use this configuration: interface ATM2/0.1030 point-to-point mtu 1600 bandwidth 2048 no atm enable-ilmi-trap pvc MYLINKREF 1/1030 l2transport vbr-nrt 2048 2048 1 encapsulation aal5snap xconnect 192.168.10.100 1000 pw-class MplsLink i want tranfert this link on a Cisco 7301 with ios: Cisco IOS Software, 7301 Software (C7301-ADVENTERPRISEK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) i create the same config but: no atm enable-ilmi-trap are not accepted and after put pvc MYLINKREF 1/1030 l2transport i don't have vbr-nrt, encapsulation and xconnect command anyone know this problems ? thanks for your help best regards olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Netflow independent Hardware ?
Hi anyone know if they have a independent netflow probe ? A small box connected betwin a LAN and a Router and sent to a ntop or other server all netflow information ? Thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6500/SUP720-3B EtherChannel Sample ?
Hi I request a small help: We have two cisco 6500 with SUP720-3B and 4 port 10G card. First C6500 are not on the same site of the second and we have two fiber for the interconnect. Actually, only one fiber is used, we want connect the second for create a etherchannle (2x10GB) and for secure (don't lost the connection if one of the fiber are cut). I am search a very basic config sample for this, the cisco are used only in switch with vlan. Thanks for your help Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Limit Access right on Cisco 6500 IOS ?
Hi anyone know if it's possible to limit the access right on one user in telnet access on a cisco 6500 ? I want know if i can limit a user to : - See port states on of module card (not all) - See vlan database and can create/modofy/delete a vlan - Can configure a lot of Port on a specifique card thanks for your help Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Question on ISIS Cisco
Hello, I'm looking for information on configuring ISIS on cisco 6500/Sup720-3BXL: I have two Cisco 6500/Sup720-3BXL connected by Layer 2 link of 1 Gbit. My config: C6500-1: interface GigabitEthernet1/2 mtu 2000 ip address 192.168.100.1 255.255.255.252 ip router isis speed nonegotiate mpls label protocol ldp tag-switching ip clns mtu 1500 router isis net 49.0001...0424.00 is-type level-2-only metric-style wide redistribute connected C6500-2: interface GigabitEthernet3/2 mtu 2000 ip address 192.168.100.2 255.255.255.252 ip router isis speed nonegotiate mpls label protocol ldp mpls ip router isis net 49.0001...0421.00 is-type level-2-only metric-style wide redistribute connected ! Soon, I will add a new link between the two for backup. This link is on port Gigabit but there are only 100 Mbits of Commit I would like the cisco C6500 use it only on the 1 Gb link does not work more. I will add in config: C6500-1: interface GigabitEthernet1/3 mtu 2000 ip address 192.168.50.1 255.255.255.252 ip router isis speed nonegotiate mpls label protocol ldp tag-switching ip clns mtu 1500 C6500-2: interface GigabitEthernet3/3 mtu 2000 ip address 192.168.50.2 255.255.255.252 ip router isis speed nonegotiate mpls label protocol ldp mpls ip How can I do to make it a priority is having an link compared to another? Thank you in advance Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/