High receive discards on Sub-Interfaces in Cisco ASA.
Hello Everyone,
Over the past few weeks Solarwinds is reporting high receive discards on two of our subinterfaces created on Cisco ASA. No errors are observed on other subinterfaces. I checked the trunk port interface on the switch for any errors but found none. These errors are visible only under subinterface. What could be the issue?
Regards
I have the same problem too.
I have Cisco ASA 5515 with the next version:
Cisco Adaptive Security Appliance Software Version 9.1(4)
My interface configuration is the next:
PortChannel5 made with Interface GigabitEthernet 0/2 + Interface GigabitEthernet 0/3
Subinterfaces in PortChannel5
Nagios Graphs shows:
- many input discards in virtual subinterfaces
- many output discards in interface Gi0/2 and Gi0/3
- PortChannel5 output discards is the sum of discards in interface Gi0/2 and Gi0/3
if I run the snmpwalk command against the ASA the following results were obtained:
Interface description
[user@FIREWALL01 ~]$ snmpwalk -v 2c -c XXXXXXX 10.255.16.1 | grep ifDescr
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'asa_mgmt_plane' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'Internet' interface
IF-MIB::ifDescr.4 = STRING: Adaptive Security Appliance 'LAN_MPLS' interface
IF-MIB::ifDescr.5 = STRING: Adaptive Security Appliance 'GigabitEthernet0/2' interface
IF-MIB::ifDescr.6 = STRING: Adaptive Security Appliance 'GigabitEthernet0/3' interface
IF-MIB::ifDescr.7 = STRING: Adaptive Security Appliance 'stateifha' interface
IF-MIB::ifDescr.8 = STRING: Adaptive Security Appliance 'statelink' interface
IF-MIB::ifDescr.9 = STRING: Adaptive Security Appliance 'Internal-Data0/1' interface
IF-MIB::ifDescr.10 = STRING: Adaptive Security Appliance 'cplane' interface
IF-MIB::ifDescr.11 = STRING: Adaptive Security Appliance 'mgmt_plane_int_tap' interface
IF-MIB::ifDescr.12 = STRING: Adaptive Security Appliance 'management' interface
IF-MIB::ifDescr.13 = STRING: Adaptive Security Appliance 'Virtual254' interface
IF-MIB::ifDescr.14 = STRING: Adaptive Security Appliance 'Port-channel5' interface
IF-MIB::ifDescr.15 = STRING: Adaptive Security Appliance 'VLAN_USGLB_OOB' interface
IF-MIB::ifDescr.16 = STRING: Adaptive Security Appliance 'VLAN_USGLBHSTHYP_MGNT' interface
IF-MIB::ifDescr.17 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_OM' interface
IF-MIB::ifDescr.18 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_MGNTOM' interface
IF-MIB::ifDescr.19 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_MGNT' interface
IF-MIB::ifDescr.20 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_SRVF' interface
IF-MIB::ifDescr.21 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_SRVB' interface
IF-MIB::ifDescr.22 = STRING: Adaptive Security Appliance 'VLAN_USGLB_DMZ' interface
Input discards
[user@FIREWALL01 ~]$ snmpwalk -v 2c -c xxxxxxxxxx 10.255.16.1 | grep ifInDiscards
IF-MIB::ifInDiscards.2 = Counter32: 0
IF-MIB::ifInDiscards.3 = Counter32: 0
IF-MIB::ifInDiscards.4 = Counter32: 0
IF-MIB::ifInDiscards.5 = Counter32: 0
IF-MIB::ifInDiscards.6 = Counter32: 0
IF-MIB::ifInDiscards.7 = Counter32: 0
IF-MIB::ifInDiscards.8 = Counter32: 0
IF-MIB::ifInDiscards.9 = Counter32: 0
IF-MIB::ifInDiscards.10 = Counter32: 0
IF-MIB::ifInDiscards.11 = Counter32: 0
IF-MIB::ifInDiscards.12 = Counter32: 0
IF-MIB::ifInDiscards.13 = Counter32: 0
IF-MIB::ifInDiscards.14 = Counter32: 0
IF-MIB::ifInDiscards.15 = Counter32: 12481926
IF-MIB::ifInDiscards.16 = Counter32: 9927941
IF-MIB::ifInDiscards.17 = Counter32: 134120211
IF-MIB::ifInDiscards.18 = Counter32: 124695686
IF-MIB::ifInDiscards.19 = Counter32: 27081148
IF-MIB::ifInDiscards.20 = Counter32: 2941537222
IF-MIB::ifInDiscards.21 = Counter32: 32714719
IF-MIB::ifInDiscards.22 = Counter32: 4008856
Output discards
[user@FIREWALL01 ~]$ snmpwalk -v 2c -c xxxxxxxxxxxx 10.255.16.1 | grep ifOutDiscards
IF-MIB::ifOutDiscards.2 = Counter32: 0
IF-MIB::ifOutDiscards.3 = Counter32: 0
IF-MIB::ifOutDiscards.4 = Counter32: 0
IF-MIB::ifOutDiscards.5 = Counter32: 3635696
IF-MIB::ifOutDiscards.6 = Counter32: 119099
IF-MIB::ifOutDiscards.7 = Counter32: 0
IF-MIB::ifOutDiscards.8 = Counter32: 0
IF-MIB::ifOutDiscards.9 = Counter32: 0
IF-MIB::ifOutDiscards.10 = Counter32: 0
IF-MIB::ifOutDiscards.11 = Counter32: 0
IF-MIB::ifOutDiscards.12 = Counter32: 0
IF-MIB::ifOutDiscards.13 = Counter32: 0
IF-MIB::ifOutDiscards.14 = Counter32: 3754795
IF-MIB::ifOutDiscards.15 = Counter32: 0
IF-MIB::ifOutDiscards.16 = Counter32: 0
IF-MIB::ifOutDiscards.17 = Counter32: 0
IF-MIB::ifOutDiscards.18 = Counter32: 0
IF-MIB::ifOutDiscards.19 = Counter32: 0
IF-MIB::ifOutDiscards.20 = Counter32: 0
IF-MIB::ifOutDiscards.21 = Counter32: 0
IF-MIB::ifOutDiscards.22 = Counter32: 0
Output discards may be normals, but I don't understand input discards in virtual subinterfaces of PortChannel5
By the other hand, show interface command in subinterfaces don't show error or discards packets
FIREWALL01/pri/act# sh interface VLAN_USGLBVRM_SRVB detail
Interface Port-channel5.1020 "VLAN_USGLBVRM_SRVB", is up, line protocol is up
Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
VLAN identifier 1020
Description: VLAN_USGLBVRM_SRVB
MAC address 6073.5c69.0917, MTU 1500
IP address 10.255.19.65, subnet mask 255.255.255.192
Traffic Statistics for "VLAN_USGLBVRM_SRVB":
42067433644 packets input, 45125599467459 bytes
28153119062 packets output, 8866514693262 bytes
32715765 packets dropped
Control Point Interface States:
Interface number is 21
Interface config status is active
Interface state is active
Control Point Vlan1020 States:
Interface vlan config status is active
Interface vlan state is UP
FIREWALL01/pri/act# sh interface VLAN_USGLBVRM_SRVF detail
Interface Port-channel5.1019 "VLAN_USGLBVRM_SRVF", is up, line protocol is up
Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
VLAN identifier 1019
Description: VLAN_USGLBVRM_SRVF
MAC address 6073.5c69.0917, MTU 1500
IP address 10.255.19.1, subnet mask 255.255.255.192
Traffic Statistics for "VLAN_USGLBVRM_SRVF":
30475814698 packets input, 14615432248013 bytes
27472348465 packets output, 20872697455933 bytes
2941588838 packets dropped
Control Point Interface States:
Interface number is 20
Interface config status is active
Interface state is active
Control Point Vlan1019 States:
Interface vlan config status is active
Interface vlan state is UP
FIREWALL01/pri/act#
Can anyone explain why so many input errors appear in the subinterfaces?
Thanks in advance!
Similar Messages
-
Include multiple sub-interfaces in Cisco ASA for VPN tunnel
I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
Inside, int0/1 : 10.1.1.0/24
DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
Additional settings:
Have ACL to allow all sub interfaces to access outsite ( lower security level)
NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet.
I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
Inside, int0/1 : 10.1.1.0/24
DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
Additional settings:
Have ACL to allow all sub interfaces to access outsite ( lower security level)
NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet.
I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site. -
Can I rate-limit on the sub-interface in cisco asr 1013?
Hi,
I am looking for the command of rate-limit on a sub-interface in cisco asr 1013.
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)
IOS XE Version: 03.06.00.S
Please let me know if it is possible in cisco asr 1013. If yes then what are the commands.
ZobairThe ASR no longer supports the rate-limit command, but it does support the same functionality in a QoS policy.
Please find a sample configuration -
ASR1004(config)#policy-map test
ASR1004(config-pmap)#class class-default
ASR1004(config-pmap-c)#shape average 10000
Applying for both ingress and egress : -
ASR1004(config)#int gig1/1/0
ASR1004(config-if)#service-policy output test
or
ASR1004(config-if)#service-policy input test -
High CPU due to dispatch unit in cisco ASA 5540
Hi Any suggestion help
High CPU due to dispatch unit in cisco ASA 5540
ciscoasa# sh processes cpu-usage
PC Thread 5Sec 1Min 5Min Process
0805520c ad5afdf8 0.0% 0.0% 0.0% block_diag
081a8d34 ad5afa08 82.6% 82.1% 82.3% Dispatch Unit
083b6c05 ad5af618 0.0% 0.0% 0.0% CF OIR
08a60aa0 ad5af420 0.0% 0.0% 0.0% lina_int
08069f06 ad5aee38 0.0% 0.0% 0.0% Reload Control Thread
08072196 ad5aec40 0.0% 0.0% 0.0% aaa
08c76f3d ad5aea48 0.0% 0.0% 0.0% UserFromCert Thread
080a6f36 ad5ae658 0.0% 0.0% 0.0% CMGR Server Process
080a7445 ad5ae460 0.0% 0.0% 0.0% CMGR Timer Process
081a815c ad5ada88 0.0% 0.0% 0.0% dbgtrace
0844d75c ad5ad2a8 0.0% 0.0% 0.0% 557mcfix
0844d57e ad5ad0b0 0.0% 0.0% 0.0% 557statspoll
08c76f3d ad5abef8 0.0% 0.0% 0.0% netfs_thread_init
09319755 ad5ab520 0.0% 0.0% 0.0% Chunk Manager
088e3f0e ad5ab328 0.0% 0.0% 0.0% PIX Garbage Collector
088d72d4 ad5ab130 0.0% 0.0% 0.0% IP Address Assign
08ab1cd6 ad5aaf38 0.0% 0.0% 0.0% QoS Support Module
08953cbf ad5aad40 0.0% 0.0% 0.0% Client Update Task
093698fa ad5aab48 0.0% 0.0% 0.0% Checkheaps
08ab6205 ad5aa560 0.0% 0.0% 0.0% Quack process
08b0dd52 ad5aa368 0.0% 0.0% 0.0% Session Manager
08c227d5 ad5a9f78 0.0% 0.0% 0.0% uauth
08bbf615 ad5a9d80 0.0% 0.0% 0.0% Uauth_Proxy
08bf5cbe ad5a9798 0.0% 0.0% 0.0% SSL
08c20766 ad5a95a0 0.0% 0.0% 0.0% SMTP
081c0b4a ad5a93a8 0.0% 0.0% 0.0% Logger
08c19908 ad5a91b0 0.0% 0.0% 0.0% Syslog Retry Thread
08c1346e ad5a8fb8 0.0% 0.0% 0.0% Thread Logger
08e47c82 ad5a81f0 0.0% 0.0% 0.0% vpnlb_thread
08f0f055 ad5a7a10 0.0% 0.0% 0.0% pci_nt_bridge
0827a43d ad5a7620 0.0% 0.0% 0.0% TLS Proxy Inspector
08b279f3 ad5a7428 0.0% 0.0% 0.0% emweb/cifs_timer
086a0217 ad5a7230 0.0% 0.0% 0.0% netfs_mount_handler
08535408 ad5a7038 0.0% 0.0% 0.0% arp_timer
0853d18c ad5a6e40 0.0% 0.0% 0.0% arp_forward_thread
085ad295 ad5a6c48 0.0% 0.0% 0.0% Lic TMR
08c257b1 ad5a6a50 0.0% 0.0% 0.0% tcp_fast
08c28910 ad5a6858 0.0% 0.0% 0.0% tcp_slow
08c53f79 ad5a6660 0.0% 0.0% 0.0% udp_timer
080fe008 ad5a6468 0.0% 0.0% 0.0% CTCP Timer process
08df6853 ad5a6270 0.0% 0.0% 0.0% L2TP data daemon
08df7623 ad5a6078 0.0% 0.0% 0.0% L2TP mgmt daemon
08de39b8 ad5a5e80 0.0% 0.0% 0.0% ppp_timer_thread
08e48157 ad5a5c88 0.0% 0.0% 0.0% vpnlb_timer_thread
081153ff ad5a5a90 0.0% 0.0% 0.0% IPsec message handler
081296cc ad5a5898 0.0% 0.0% 0.0% CTM message handler
089b2bd9 ad5a56a0 0.0% 0.0% 0.0% NAT security-level reconfiguration
08ae1ba8 ad5a54a8 0.0% 0.0% 0.0% ICMP event handler
I want exact troubleshooting.
(1) Steps to follow.
(2) Required configuration
(3) Any good suggestions
(4) Any Tool to troubleshoot.
Suggestions are welcomeHello,
NMS is probably not the right community to t/s this. You probably want to move this to Security group (Security > Firewalling).
In the meanwhile, i have some details to share for you to check, though i am not a security/ASA expert.
The Dispatch Unit is a process that continually runs on single-core ASAs (models 5505, 5510, 5520, 5540, 5550). The Dispatch Unit takes packets off of the interface driver and passes them to the ASA SoftNP for further processing; it also performs the reverse process.
To determine if the Dispatch Unit process is utilizing the majority of the CPU time, use the command show cpu usage and show process cpu-usage sorted non-zero
show cpu usage (and show cpu usage detail) will show the usage of the ASA CPU cores:
ASA# show cpu usage
CPU utilization for 5 seconds = 0%; 1 minute: 1%; 5 minutes: 0%
show process cpu-usage sorted non-zero will display a sorted list of processes that are using the CPU usage.
In the example below, the Dispatch Unit process has used 50 percent of the CPU for the last 5 seconds:
ASA# show process cpu-usage sorted non-zero
0x0827e731 0xc85c5bf4 50.5% 50.4% 50.3% Dispatch Unit
0x0888d0dc 0xc85b76b4 2.3% 5.3% 5.5% esw_stats
0x090b0155 0xc859ae40 1.5% 0.4% 0.1% ssh
0x0878d2de 0xc85b22c8 0.1% 0.1% 0.1% ARP Thread
0x088c8ad5 0xc85b1268 0.1% 0.1% 0.1% MFIB
0x08cdd5cc 0xc85b4fd0 0.1% 0.1% 0.1% update_cpu_usage
If Dispatch Unit is listed as a top consumer of CPU usage, then use this document to narrow down what might be causing the Dispatch Unit process to be so active.
Most cases of high CPU utilization occur because the Dispatch Unit process is high. Common causes of high utilization include:
Oversubscription
Routing loops
Host with a high number of connections
Excessive system logs
Unequal traffic distribution
More t/s details can be shared by the ASA members from the community.
HTH
-Thanks
Vinod -
How to Clear the Input errors in a Cisco ASA Interface?
Hi Everyone,
My Expertise with Cisco ASA is Very less. I have observed Input errors in a Couple of Interfaces in Cisco ASA 5540 Firewall.
296867 input errors, 0 CRC, 0 frame, 296867 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
102091138038 packets output, 96596756282996 bytes, 2683 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 2 interface resets
0 late collisions, 0 deferred
52 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/0)
I need to Clear the Input errors on this particular Interface.
Will Clear interface GigabitEthernet 0/0 will help?
Thanks in Advance,
NandaHi,
Here is an example of using the command on my own ASA5505 firewall
interface Ethernet0/0
description WAN Access
switchport access vlan 10
ASA# sh interface Ethernet 0/0
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Description: WAN Access
Available but not configured via nameif
MAC address 0025.45f4.0a9a, MTU not set
IP address unassigned
9679 packets input, 6532697 bytes, 0 no buffer
Received 2 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
8421 packets output, 2202683 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
ASA# clear interface Ethernet0/0
ASA# sh interface Ethernet 0/0
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Description: WAN Access
Available but not configured via nameif
MAC address 0025.45f4.0a9a, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
interface Ethernet0/0
description WAN Access
switchport access vlan 10
- Jouni -
Hi, I have put 2 physicl interfaces (te0/8 & 9) on the ASA-5585 into a PO and am assigning ips/vlans to the sub-interfaces. I have 2 issues: - Why am I not able to ping the other sub-interface from the ASA itself? (I can ping the 1st one), Secondly, why the IPs are not visible in "sh int ip brief" ?Although I can see them in "sh ip" ..
/actNoFailover(config-if)# int po17.100
/actNoFailover(config-subif)# vlan 100
/actNoFailover(config-subif)# ip add
/actNoFailover(config-subif)# ip address 100.1.1.1 255.255.255.0
/actNoFailover(config-subif)# int po17.101
/actNoFailover(config-subif)# vlan 101
/actNoFailover(config-subif)# ip address 101.1.1.1 255.255.255.0
/actNoFailover(config-subif)# int po17.102
/actNoFailover(config-subif)# vlan 102
/actNoFailover(config-subif)# ip address 102.1.1.1 255.255.255.0
/actNoFailover(config-subif)# ping 100.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 30/32/40 ms
/actNoFailover(config-subif)# ping 101.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 101.1.1.1, timeout is 2 seconds:
/actNoFailover(config)# sh int ip brie
Interface IP-Address OK? Method Status Protocol
TenGigabitEthernet0/8 unassigned YES unset up up
TenGigabitEthernet0/9 unassigned YES unset up up
Port-channel17 unassigned YES unset up up
Port-channel17.100 unassigned YES manual up up
Port-channel17.101 unassigned YES manual up up
Port-channel17.102 unassigned YES manual up up
Please advise?Hello Sande,
That is correct! Please mark this question as answered so future users having a similar problem can learn from your
solution.
Regards,
Julio -
Issue in Sub-interface traffic on cisco 7609-s router
Hello please support,
I configured sub-interfaces and it is working properly, but some time sub-interface show traffic more then physical interface .
Like
int gi 3/32 0.13 Mbps 12:00 PM
int gi 3/32.11 855 Mbps 12:00 PM
as per my knowledge physical interface have cumulative traffic of all sub-interfaces.
interface GigabitEthernet3/32
no ip address
interface GigabitEthernet3/32.10
encapsulation dot1Q 10
ip address 172.20.128.77 255.255.255.252
ip ospf network point-to-point
ip ospf bfd
bfd interval 50 min_rx 50 multiplier 5
no bfd echo
no cdp enable
interface GigabitEthernet3/32.11
description interlink MPLS
encapsulation dot1Q 11
ip address 172.20.129.73 255.255.255.252
ip ospf network point-to-point
mpls ip
mpls label protocol ldp
Regards,
Damodar NagarI have not that graph so I am just guessing that you are noticing the difference between policing and shaping. It seems to me you are applying these techniques on each platform on a different way. Try to shape/police in the same order or only to shape.
Hope to help
Alessio
Sent from Cisco Technical Support iPad App -
Cisco Prime Monitor Sub Interfaces
We are currently running Cisco Prime 2.1 and trying to monitor sub interfaces on our Cisco 7606. We can see the sub interfaces by:
Operate | Device Work Center
Select Quick Filter (to find the 7606)
Select Interfaces
Select IP Interfaces
The sub interfaces that we wish to monitor are displayed (with the above steps). However, when we try to select the interface to monitor, the sub interfaces do not appear:
Home | Detail Dashboard
Select Interface
Select the interface pull-down | All | 7606
We do not see the sub interfaces, only 2 interfaces are displayed. We do not see the interface GigabitEthernet4/7 at all. What are we missing here?i couldn't find the appropriate MIB to monitor the call session
-
Sub interface features only in cisco routers?
is sub interface feature available only in cisco routers? any body has any clue?
as far as I know, only router provides sub-interface.
Gilles. -
Asa 5505 sub interface plus ports
I have never used 5505 I gave used higher firewalls and all of them can do sub interfaces normally we make sub interfaces and vlans are assigned to them I m trying to config 5505 can someone tell me how I can create sub interfaces ? As I saw few config and it seems that you config vlans like switch ??? Secondly all interfaces have to b part of vlan ? Ie outside which is g0/0 ....can I config it as normall routed port ?
The 5505 is configured nearly the same a a L3-switch. You configure the Vlan-interfaces and assign these to your switch-ports. The switch ports can be configured as access- or as trunk-ports (if you have a SecPlus license).
You find more on this topic on the Config-Guide:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start_5505.html -
Hello, networkers!
Long time no see ;-)
Straight on question now. Imagine a MPLS network with the following topology:
A B C D E
(X) --- (X) --- (X) --- (X) --- (X)
CE PE P PE CE
Router A & E are customer's routers.
Router B & D are PE routers
Let's say that we have created MPLS ATOM using Xconnect in between routers B and D. They are both using FastEthernet interfaces with sub-interfaces configured on. Router D is configured to RouterE in this way:
interface FastEthernet0/0.15
description ** RouterD->RouterE **
encapsulation dot1Q 15
no cdp enable
xconnect 2.2.2.2 666 encapsulation mpls
on the other end, router B is configured as follow:
interface FastEthernet0/0.26
description ** RouterB->RouterA **
encapsulation dot1Q 26
no cdp enable
xconnect 1.1.1.1 666 encapsulation mpls
end
Where 1.1.1.1 is RouterD loopback and 2.2.2.2 is Router B lo0.
What do you think about that scenario? Should it work with this configuration when the dot1q vlans differs? In my opinion this shouldn't work as expected as long as MPLS is doing just transparent transport of entire L2 frame (instead of using internetworking on IP level)
Can anyone, please explain how does Cisco handle this? I remember that I've read somewhere during my CCIE journey that there are different types of AtOM VC's which can either carry the dot1q tag or not.
Thank you in advance!
Kind regards,
Dani Petrov
P.p. I tried it in a few different configurations and the results are very interesting but please first share your thoughts ;-)Hi,
You can't force the vc-type and don't need to.
To summarize:
- switchport trunk mode and subinterfaces will always pop the outer tag
- EVC interfaces do nothing by default.
On top of that vc-type 4 will add a service-delimiter tag to the frame received from the AC. It's the responsibility of the egress router to know what to do with this tag (rewrite or remove it).
GSR and 7200 will negotiate a vc-type 4 if the AC is a subinterface. 7600 will always negotiate a vc-type 5 except if the peer wants a vc-type 4.
HTH
Laurent. -
We currently have 7,500 broadband subscribers that we will be terminating on our ASR 9001.
Each one of our customers will be terminating on a sub-interface on a bundle.
On the 9k, there will be a QoS policy applied to rate-limit their broadband connection (see example below).
The challenge that we are running into right now is scaling beyond 4096 L3 sub-interfaces. When running through this in our lab, we receive the following fail message:
RP/0/RSP0/CPU0:BNG(config-subif)#show config failed
Tue Mar 10 18:32:07.552 UTC
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
interface Bundle-Ether10.6941171
!!% The L3 sub-interface limit for the trunk interface has been reached: Trunk limit for L3 subinterfaces on Bundle-Ether10 is 4096
We have added the following on to each of the sub-interfaces to "fake" out the NPU, but even with SPD configured, we are receiving the max 4096 message:
service-policy output <POLICY> subscriber-parent resource-id 0
service-policy output <POLICY> subscriber-parent resource-id 1
service-policy output <POLICY> subscriber-parent resource-id 2
service-policy output <POLICY> subscriber-parent resource-id 3
It is my understanding that we have a total of 4 resource ID's to use (0-3) and the ASR 9001 will support up to 32,000 sub-interfaces (system wide or 8,000 sub interfaces per resource-id).
See attached image for reference this design.
Main question to the community is what is the work around to scale beyond 4096 L3 sub-interfaces??
In our case it is not feasible to bring in additional bundles and spread the customers out.
Look forward to your responses.
Below is a sample configuration:
policy-map 10M_D
class class-default
shape average 10100000 bps
end-policy-map
policy-map 10M_U
class class-default
police rate 10300000 bps
exceed-action drop
end-policy-map
interface Bundle-Ether10.650102
description ---INT: GigabitEthernet0/0/1.650102 NAME: TEST #1---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 0
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 102
interface Bundle-Ether10.650103
description ---GigabitEthernet0/0/1.650103 NAME: TEST #2---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 1
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 103
interface Bundle-Ether10.650104
description ---INT: GigabitEthernet0/0/1.650104 NAME: TEST #3---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 2
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 104
interface Bundle-Ether10.650105
description ---INT: GigabitEthernet0/0/1.650105 NAME: TEST #4---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 3
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 105
interface Bundle-Ether10.650106
description ---INT: GigabitEthernet0/0/1.650106 NAME: TEST #5---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 0
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 106
interface Bundle-Ether10.650107
description ---INT: GigabitEthernet0/0/1.650107 NAME: TEST #6---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 1
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 107
interface Bundle-Ether10.650108
description ---INT: GigabitEthernet0/0/1.650108 NAME: TEST #7---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 2
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 108
interface Bundle-Ether10.650109
description ---INT: GigabitEthernet0/0/1.650109 NAME: TEST #8---
service-policy input 10M_U
service-policy output 10M_D subscriber-parent resource-id 3
ipv4 point-to-point
local-proxy-arp
ipv4 unnumbered Loopback10
encapsulation dot1q 650 second-dot1q 109xander,
Thanks for sharing the QinQ username, works perfectly.
couple of design questions for you.
#1 - If i have >7500 subscribers that will be terminating on this bundle, would this be the best design to ensure that i can scale up to 32,000 subscribers on the BE <leveraging the subscriber-parent resource-id (0-4)>
EXAMPLE
interface Bundle-Ether10.100
description BE10.100 – Area 1 - BNG customers - QinQ
ipv4 point-to-point
ipv4 unnumbered Loopback0
service-policy output <POLICY> subscriber-parent resource-id 0
service-policy type control subscriber IP_PM
ipsubscriber ipv4 l2-connected
initiator dhcp
encapsulation ambiguous dot1q 100 second-dot1q any
interface Bundle-Ether10.200
description BE10.200 – Area 2 - BNG customers - QinQ
ipv4 point-to-point
ipv4 unnumbered Loopback0
service-policy output <POLICY> subscriber-parent resource-id 1
service-policy type control subscriber IP_PM
ipsubscriber ipv4 l2-connected
initiator dhcp
encapsulation ambiguous dot1q 200 second-dot1q any
interface Bundle-Ether10.300
description BE10.300 – Area 3 - BNG customers - QinQ
ipv4 point-to-point
ipv4 unnumbered Loopback0
service-policy output <POLICY> subscriber-parent resource-id 3
service-policy type control subscriber IP_PM
ipsubscriber ipv4 l2-connected
initiator dhcp
encapsulation ambiguous dot1q 300 second-dot1q any
interface Bundle-Ether10.400
description BE10.400 – Area 4 - BNG customers - QinQ
ipv4 point-to-point
ipv4 unnumbered Loopback0
service-policy output <POLICY> subscriber-parent resource-id 4
service-policy type control subscriber IP_PM
ipsubscriber ipv4 l2-connected
initiator dhcp
encapsulation ambiguous dot1q 400 second-dot1q any
#2 - How do I verify in XR the CoA speed profile that is pushed down from RADIUS to a given subscriber?
I thought I might see the dynamic policy using the command below, but no luck.
Do you know the correct command?
RP/0/RSP0/CPU0:bng-asr9001#show policy-map inter be10.1.ip5
Wed Apr 1 14:12:06.390 UTC
Bundle-Ether10.1.ip5 input: __sub_55ffffff8b7dffffffad
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 126959/10831088 14
Transmitted : N/A
Total Dropped : N/A
Policy __sub_55ffffff8b7dffffffad_child1 Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 126959/10831088 14
Transmitted : N/A
Total Dropped : 325/322582 0
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 126634/10508506 14
Policed(exceed) : 325/322582 0
Policed(violate) : 0/0 0
Policed and dropped : 325/322582
Policed and dropped(parent policer) : N/A
Bundle-Ether10.1.ip5 output: __sub_6effffff81ffffffbfffffffdb
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 199642/280153690 453
Transmitted : N/A
Total Dropped : N/A
Policy __sub_6effffff81ffffffbfffffffdb_child1 Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 199642/280153690 453
Transmitted : N/A
Total Dropped : 26930/38989025 61
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 172712/241164665 392
Policed(exceed) : 26930/38989025 61
Policed(violate) : 0/0 0
Policed and dropped : 26930/38989025
Policed and dropped(parent policer) : N/A
RP/0/RSP0/CPU0:bng-asr9001#
#3 - CoA QoS profile -> I'm using the following avpair for ingress / egress qos. However when validating against a speed test server, my results are well above the 10Mbps / 10Mbps I have provisioned. Actual is more of in the ~15Mbps/15Mbps range.
Am I missing additional config in the policing section?
cisco-avpair = "ip:qos-policy-in=add-class(sub, (class-default,class-default),police(10000))",
cisco-avpair += "ip:qos-policy-out=add-class(sub, (class-default,class-default),police(10000))"
Appreciate it in advance xander!
-ae -
The difference between IEEE802.1Q Native VLAN sub-interface and Physical interface?
Hello
I think the following topologies are supported for Cisco Routers
And the Physical interface also can be using as Native VLAN interface right?
Topology 1.
R1 Gi0.1 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
R1 - configuration
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.255.255.0
Topology 2.
R1 Gi0 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
And is it ok to use the physical interface and sub-interface with dynamic routing such as EIGRP or OSPF etc?
R1 Gi 0 ---- Point to Multipoint EIGRP or OSPF ---- Gi0 R2 / R3
Gi 0.20--- Point to Point EIGRP or OSPF --- Gi0.10 R4 (same VLAN-ID)
R1 - configuration
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
interface GigabitEthernet8.20
encapsulation dot1Q 20
ip address 20.0.0.1 255.255.255.0
Any information is very appreciated. but if there is any CCO document please let me know.
Thank you very much and regards,
Masanobu HiyoshiHello,
The diagram is helpful.
If I am getting you correctly, you have three routers interconnected by a switch, and you want them to operate in a hub-and-spoke fashion even though the switch is capable of allowing direct communication between any of these routers.
Your first scenario is concerned with all three routers being in the same VLAN, and by using neighbor commands, you force these routers to establish targeted EIGRP adjacencies R1-R2 and R1-R3, with R1 being the hub.
Your second scenario is concerned with creating one VLAN per spoke, having subinterfaces for each spoke VLAN created on R1 as the router, and putting each spoke just in its own VLAN.
Your scenarios are not really concerned with the concept of native VLAN or the way it is configured, to be honest. Whether you use a native VLAN in either of your scenarios, or whether you configure the native VLAN on a subinterface or on the physical interface makes no difference. There is simply no difference to using or not using a native VLAN in any of your scenarios, and there is no difference to the native VLAN configuration being placed on a physical interface or a subinterface. It's as plain as that. Both your scenarios will work.
My personal opinion, though, is that forcing routers on a broadcast multi-access segment such as Ethernet to operate in a hub-and-spoke fashion is somewhat artificial. Why would you want to do this? Both scenarios have drawbacks: in the first scenario, you need to add a neighbor statement for each spoke to the hub, limiting the scalability. In the second scenario, you waste VLANs and IP subnets if there are many spokes. The primary question is, though: why would you want an Ethernet segment to operate as a hub-and-spoke network? Sure, these things are done but they are motivated by specific needs so I would like to know if you have any.
Even if you needed your network to operate in a hub-and-spoke mode, there are more efficient means of achieving that: Cisco switches support so-called protected ports that are prevented from talking to each other. By configuring the switch ports to spokes as protected, you will prevent the spokes from seeing each other. You would not need, then, to configure static neighbors in EIGRP, or to waste VLANs for individual spokes. What you would need to do would be deactivating the split horizon on R1's interface, and using the ip next-hop-self eigrp command on R1 to tweak the next hop information to point to R1 so that the spokes do not attempt to route packets to each other directly but rather route them over R1.
I do not believe I have seen any special CCO documents regarding the use of physical interfaces or subinterfaces for native VLAN or for your scenarios.
Best regards,
Peter -
Cisco ASA VPN question: %ASA-4-713903: IKE Receiver: Runt ISAKMP packet
Dear community,
quite frequently I am now receiving the following error message in my ASA 5502's log:
Oct 17 12:52:17 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
Oct 17 12:52:22 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
Oct 17 12:52:27 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
The VPN Clients (in the last case: A linux vpnc) disconnect with message
vpnc[7736]: connection terminated by dead peer detection
The ASA reports for that <some_ip> at around the same time:
Oct 17 12:52:32 <myASA> %ASA-4-113019: Group = blah, Username = johndoe, IP = <some_ip>, Session disconnected. Session Type: IPSecOverNatT, Duration: 2h:40m:35s, Bytes xmt: 2410431, Bytes rcv: 23386708, Reason: User Requested
A google search did not reveal any explanation to the "%ASA-4-713903: IKE Receiver: Runt ISAKMP packet..." message -- so my questions would be
1) What does the message exactly mean -- I know runts as a L2 problem so I d suppose it means the same: The ISAKMP packet is somehow
crippled (I d suppose this happens during rekeying) ?
2) Any idea where to look for the cause of this
WAN related (however I d assume no -- why does this happen in these regular time frames as show above)?
SW related (vpnc bug)?
Thanks in advance for any pointer...
JoachimYes. You need to eliminate the things I've said to eliminate with the other side. Ensure your configs are matching exactly. They probably are, whatever, just make sure of it because it's easy. You both need to run packet captures on your interfaces both in and out to even begin to have an idea of where to look.
The more info you can have just one person responsible for the better. What I mean by that is, it's typically a nice step for the 'bigger end' to have the 'smaller end's' config file to look at.
If you are seeing packets come in your inside, leave your outside, and never make it to his inside, then take it a step at a time.
If you're seeing them come in his interface and never come back out, you know where to look.
Set your caps to a single host to single host if need be, and generate traffic accordingly.
You need to narrow down where NOT to look so that you know where TO look. I would say then, and only then, do you get the ISP involved. Once you're sure the problem exists between his edge device and your edge device.
I do exactly this for a living on a daily basis...day after day after day. I'm responsible for over 200 IPSec s2s connections and thousands of SSL VPN sessions. I always start the exact same way...from the very bottom. -
NAT on sub-interface with no internet access
Good morning,
Please I have a router 2901, which I configured tow sub-interfaces for Voice and Data. Everything seems to be working fine but I can't access the internet after configuring NAT.
Config below
Router1#sh config
Using 5392 out of 262136 bytes
! No configuration change since last restart
! NVRAM config last updated at 16:15:07 UTC Wed Jul 2 2014 by aadmin
! NVRAM config last updated at 16:15:07 UTC Wed Jul 2 2014 by aadmin
version 15.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname A
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/0
logging buffered 51200 warnings
enable secret 4 U3/EVMmZsx9ys3vbB8aDhHy.5h4qh2V8/DkTGNsxvTA
enable password 7 06150E2C5F5B071E
aaa new-model
aaa authentication login default local
aaa session-id common
memory-size iomem 25
ip cef
ip dhcp excluded-address 10.10.36.1 10.10.36.25
ip dhcp excluded-address 10.10.36.200 10.10.36.254
ip dhcp pool DATA
network 10.10.36.0 255.255.255.0
default-router 10.10.36.1
dns-server 8.8.8.8 4.2.2.2
ip dhcp pool VOICE
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 10.10.36.4
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3112445314
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3112445314
revocation-check none
rsakeypair TP-self-signed-3112445314
crypto pki certificate chain TP-self-signed-3112445314
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
voice-card 0
license udi pid CISCO2901/K9 sn FCZ1808C4L8
hw-module pvdm 0/0
username a password 7 1416111F05557C
username e privilege 15 password 7 1437455E0E2A25382525260B67
username c password 7 030B580E0701284F165B5C
username a password 7 01000709481E0808
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address #.#.#.58 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no keepalive
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no keepalive
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.10.36.1 255.255.255.0
ip verify unicast reverse-path
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip address 10.1.1.1 255.255.255.0
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list LAN_NAT_POLICY interface GigabitEthernet0/1.1 ov
ip route 0.0.0.0 0.0.0.0 #.#.#.57
ip access-list extended LAN_NAT_POLICY
permit ip 10.0.0.0 0.255.255.255 any
access-list 23 permit 10.10.36.0 0.0.0.255
access-list 23 permit 10.10.0.0 0.0.0.255
access-list 23 permit 10.10.0.0 0.0.255.255
access-list 101 permit tcp 10.10.36.0 0.0.0.255 host 10.10.36.1 eq telnet
control-plane
mgcp profile default
gatekeeper
shutdown
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you hav
already used the username "cisco" to login to the router and your IOS imag
supports the "one-time" user option, then this username has already expire
You will not be able to login to the router with this username after you e
this session.
It is strongly suggested that you create a new username with a privilege l
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want
use.
^C
banner login ^C
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
password 7 13041406025D52
line aux 0
exec-timeout 0 1
no exec
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password 7 094D4D1D105441
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
ntp master
ntp server 10.10.36.1
end
Please I need a quick response
Thank you.Can you change the interface to outside interface in this command
ip nat inside source list LAN_NAT_POLICY interface GigabitEthernet0/1.1 ov
can you try this below command
ip nat inside source list LAN_NAT_POLICY interface GigabitEthernet0/0 ov
Regards
PrajithTR
Maybe you are looking for
-
Want to generate a report for displaying the top 30 revenue generating regn
Hi Team I was trying to generate top 30 revenue generating regions using " Edit Formula " option (Ofcouse there are other methods to do it , but i was trying out with this one ). The scenario is : - I have selected four columns i.e Year , Region , Pr
-
PO with Reference to RFQ (Qty, Price) could not be changed
Hi All Please help how to restric user not to change Qty, Prices of PO if created with reference to RFQ. Regards Aamir
-
My LACIE hard drive shows up on some computers but not all.
Dear Apple Community I need your help, as I have searched around and can't find a solution to my peculiar problem. I have a 500gb LACIE Rugged hard drive product ID. RUG FWSA It has these connections: firewire 800, firewire 400, mini-usb, power I hav
-
Migrating old account to new Macbook Pro
I got a nice new Macbook Pro (2010 version) with the i7 processor. I had to get a new cable to migrate my information from my old Macbook Pro (2006?)so I performed the migration the next day. The computer ran fine for several days until I rebooted it
-
Knowledge Center unaccessible after installation completed
Hello. I am installing UPK 11.1 ESP 2 version of Knowledge Center in Win2008R2 and we are using SQL Server 2008 R2 SP2. Note: We are using Windows Authentication Every time after complete with installation, i am unable to access the KCenter site. Bel