ACE bridge and routed interface in the same context

Similar Messages

• Cisco 877w -Configuration of subinterfaces and main interface within the same bridge group is not permitted

  Hi,
  I have another problem - after upgrade ios wirelles connection not work.
  After reload i have :
  Configuration of subinterfaces and main interface
  within the same bridge group is not permitted
  STP: Unable to get the port parameters.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  Please configure the bridge group on this interface first.
  SETUP: new interface NVI0 placed in "shutdown" state
  my old configuration work propertly in the old software, but after update i have notificatio.
  Old thread:
  https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
  my current sh run:
  version 12.4 
  no service pad 
  service tcp-keepalives-in 
  service tcp-keepalives-out 
  service timestamps debug datetime msec localtime 
  service timestamps log datetime msec localtime 
  service password-encryption 
  hostname cisco 
  boot-start-marker 
  boot system flash:c870-advipservicesk9-mz.124-24.T6.bin 
  boot-end-marker 
  logging message-counter syslog 
  logging buffered 4096 informational 
  enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s. 
  aaa new-model 
  aaa session-id common 
  dot11 syslog 
  dot11 ssid ciscowifi 
   vlan 1 
   authentication open 
   authentication key-management wpa 
   guest-mode 
   wpa-psk ascii 7 050D031D26595D0617 
  dot11 wpa handshake timeout 500 
  ip source-route 
  no ip dhcp use vrf connected 
  ip dhcp excluded-address 192.168.56.1 
  ip dhcp pool CLIENT 
     import all 
     network 192.168.56.0 255.255.255.0 
     default-router 192.168.56.1 
     dns-server 8.8.8.8 194.204.159.1 194.204.152.34 
     lease 0 2 
  ip cef 
  no ip domain lookup 
  no ipv6 cef 
  multilink bundle-name authenticated 
  username marek password 7 00121A0908500A 
  archive 
   log config 
    hidekeys 
  ip tcp path-mtu-discovery 
  bridge irb 
  interface ATM0 
   description Polaczenie ADSL do ISP$ES_WAN$ 
   no ip address 
   no atm ilmi-keepalive 
   pvc 0/35 
    encapsulation aal5mux ppp dialer 
    dialer pool-member 1 
   hold-queue 224 in 
  interface FastEthernet0 
   description Edzia 
  interface FastEthernet1 
   description dom 
  interface FastEthernet2 
   description Dziadek 
  interface FastEthernet3 
  interface Dot11Radio0 
   no ip address 
   no ip redirects 
   ip local-proxy-arp 
   ip nat inside 
   ip virtual-reassembly 
   no dot11 extension aironet 
   encryption vlan 1 mode ciphers tkip 
   encryption mode ciphers aes-ccm tkip 
   broadcast-key change 3600 
   ssid ciscowifi 
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 
   station-role root 
   world-mode dot11d country AU indoor 
   no cdp enable 
   bridge-group 1 
   bridge-group 1 subscriber-loop-control 
   bridge-group 1 spanning-disabled 
   bridge-group 1 block-unknown-source 
   no bridge-group 1 source-learning 
   no bridge-group 1 unicast-flooding 
  interface Dot11Radio0.1 
   description ciscowifi 
   encapsulation dot1Q 1 native 
   no cdp enable 
  interface Vlan1 
   no ip address 
   bridge-group 1 
  interface Dialer0 
   description Interfejs dzwoniacy 
   ip address negotiated 
   ip nat outside 
   ip virtual-reassembly 
   encapsulation ppp 
   dialer pool 1 
   dialer-group 1 
   ppp chap hostname [email protected] 
   ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx 
  interface BVI1 
   description Polaczenie dla sieci LAN 
   ip address 192.168.56.1 255.255.255.0 
   ip nat inside 
   ip virtual-reassembly 
  no ip forward-protocol nd 
  ip route 0.0.0.0 0.0.0.0 Dialer0 
  no ip http server 
  no ip http secure-server 
  ip nat inside source list 100 interface Dialer0 overload 
  ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80 
  ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22 
  logging trap debugging 
  logging 192.168.56.10 
  access-list 100 permit ip 192.168.56.0 0.0.0.255 any 
  access-list 100 deny   ip any any 
  no cdp run 
  snmp-server community ciskacz RO 
  snmp-server chassis-id ciskacz 
  control-plane 
  bridge 1 protocol ieee 
  bridge 1 route ip 
  line con 0 
   no modem enable 
  line aux 0 
  line vty 0 4 
   exec-timeout 0 0 
   transport preferred ssh 
   transport input ssh 
  scheduler max-task-time 5000 
  end 
  please help - thanks!

  Hello Marek,
  I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
  In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
  Remove the Dot11Radio0.1 subinterface entirely
  In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
  In the dot11 ssid ciscowifi section, remove the vlan 1 command
  After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
  Best regards,
  Peter

• WLC-2106 and multiple interfaces on the same network

  Hi there,
  I recently created a TAC request to the Cisco support regarding our WLC-2106, but they could not help me. Basically I just learned that you can create new interfaces for the wireless LAN controller and then dedicate them to a given wireless network (SSID). This way I could more effectively utilize network bandwidth also. Problem is that all of the interfaces have to be in a different network segment in order to work, which is not what I want. I specifically want to have several interfaces on the same network segment.
  Has anyone tried to accomplish the same?

  Basically what I've misunderstood is that all the traffic generated by our wireless clients have been going through the single 100Mbit/s ethernet port on the wireless LAN controller (management interface), and to mitigate this I thought I could create new interfaces (ports) and dedicate those to given WLAN networks.. I see now that this is not supported. Not inside the same network at least.
  So, by reading further and consulting my best friend Google I learned about a setting called "AP Mode". Changing that from Local (the default) to H-REAP the APs should not route their traffic anymore through the management interface on the wireless controller, but instead route all the client traffic directly to the local LAN. This way you effectively remove the 100Mbit/s bottle-neck when all the APs were using the management interface both for configuration and client data traffic.
  It seems you also have to enable H-REAP Local switching from a given WLAN network in addition to changing the AP Mode of your access points to H-REAP. I'm still in the testing phase here so should anyone have any insight to this, I'd be greatful to hear more.

• Configuring 2 Router Interfaces to the same subnet

  Hi There,
  I have the following setup: Border router which has a serial interface connected to the ISP and 2 internal FE interfaces which need to be connected to 2 different switches in the LAN-side for redundancy. Of course, the 2 FE interfaces should have addresses from the same subnet; but when I try to assign those interfaces different IP addresses from the same subnet an error message reading Overlap in IP addresses appear to me.
  The question is how can I assign the 2 interfaces different addresses from the same subnet to achieve redundancy? Thanks!
  Regards,
  Haitham

  hi Haitham
  on the following link you can find configuratiion example.
  http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094663.shtml
  remember to rate the post if it helps
  regards
  Devang

• Can I configure csm as one arm and routing mode at the same time?

  My csm currently is configured as the routing mode and bridge mode, resently I have a service requirement which I think the one arm mode should be the best resolution. Can anybody let me know if there will be any affect if I add the one arm mode to the currently production environment?
  Thanks in advance.
  Jason

  Gille,
  Thanks for your quick response. I notice you have same opinion about the one arm mode in your other post, but I think in the multi-tire data center design with fw in bridge mode and csm in one arm mode with RHI, do give us a lot of flexibilty. If I use policy routing instead of source nat, can I overcome these limit you metioned?
  Do you know who csm could handle the TFTP traffic? I may have too much question, I am realy looking for your suggestion.
  Thanks
  Jason

• CSM concurrent bridge and router mode

  Hi,
  Is it possible on the CSM to use bridge and router mode at the same time ? Or is it only router mode or only bridge mode ?
  E.g. in the example below, when using HTTPS entering the vlan 3 , it will be bridged to vlan 3....But when using HTTP entering vlan 3...it will be routed to vlan 4... Will that work ?
  Thanks
  vlan 3 client
  ip address 3.3.3.1 255.255.255.0
  vlan 3 server
  ip address 3.3.3.1 255.255.255.0
  vlan 4 server
  ip address 4.4.4.1 255.255.255.0
  vserver HTTPS
  vlan 3
  virtual 3.3.3.10 tcp https
  serverfarm HTTPS
  serverfarm HTTPS
  no nat server
  no nat client
  real 3.3.3.11
  inservice
  real 3.3.3.12
  inservice
  vserver HTTP
  vlan 3
  virtual 3.3.3.11 tcp http
  serverfarm HTTP
  serverfarm HTTP
  nat server
  no nat client
  real 4.4.4.10
  inservice
  real 4.4.4.11
  inservice

  HI Michel,
  first of all you can run bridged and routed mode at the same time but you can not define the same vlan as client and server. If you would change the above config from vlan 3 server to vlan 30 server and place the reals in vlan 30 it will work. A proper layer 2 configuration is for sure the prerequisit.
  Kind regards,
  Joerg

• CSM route mode and bridge mode can exist at the same time?

  I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.

  you can use bridge mode and route mode at the same time.
  Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
  Gilles.

• Control surface and interface at the same time

  Is it possible to plug in a control surface and an interface at the same time? My plan is to use a Mackie Control Universal Pro (USB) for my control surface and a Focusrite Saffire Pro 40 IO Firewire Interface for monitor use during mixing. Will Logic Pro 9 allow me to do this?

  Thank you

• PPDS: I have a setup matrix in SAP ECC 6.0, and want to transfer the same to APO using Core Interface.

  PPDS: I have a setup matrix in SAP ECC 6.0, and want to transfer the same to APO using Core Interface. Has anyone done it before?

  Hi Subhash,
  Please open this link to see the details:
  http://help.sap.com/saphelp_scm70/helpdata/EN/89/bd3e42ce98033be10000000a1550b0/frameset.htm
  You perform the data transfer in the following sequence:
  Plant
  Setup groups
  Work centers
  Routings
  You check the setup groups in SAP APO.
  You create the setup matrixes in SAP SCM.
  Thanks, Marius

• Hi, Ive been trying to hook up my M-Audio interface to my Mac Book Pro 15 laptop and it doesnt have the same size firewire port is there some kind of adapter i can buy?

  Hi, Ive been trying to hook up my M-Audio interface to my Mac Book Pro 15 laptop and it doesnt have the same size firewire port is there some kind of adapter i can buy?

  Just Google for a Firewire 400 to Firewire 800 cable, you are sure that this is what you have I hope?

• How do I load balance TFTP between two servers and a client on the same subnet?

  Hi,
  I have trawled through several documents and tried umpteen different configs, all to no avail. I have a PXE boot client trying to access a boot file via TFTP from a couple of TFTP servers on the same VLAN/subnet. For HA purposes I want to load balance the two TFTP servers.
  Config is currently;
  =====
  probe icmp ICMP_PROBE
    description icmp probe for default gateway tracking
    interval 5
    passdetect interval 15
  rserver host server1
    description Server1
    ip address 10.0.0.1
    inservice
  rserver host server2
    description Server 2
    ip address 10.0.0.2
    inservice
  serverfarm host serverfarm_01
    description servers used
    probe ICMP_PROBE
    rserver server1
      inservice
    rserver server2
      inservice
  class-map match-all L4_VIP_TFTP
    10 match virtual-address 10.0.0.10 udp eq 69
  policy-map type loadbalance first-match L7_TFTP
    class class-default
      serverfarm serverfarm_01
  policy-map multi-match L4_LB_VIP_POLICY
    class L4_VIP_TFTP
      loadbalance vip inservice
      loadbalance policy L7_TFTP
      loadbalance vip icmp-reply active
  nat dynamic 1 vlan 200
  interface vlan 200
    ip address 10.0.0.250 255.255.255.0
    nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.255 pat
    service-policy input L4_LB_VIP_POLICY
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.0.0.254
  =====
  I have read the doco by Ivan Kovacevic amongst many others but as my clients and servers are on the same subnet, the config doesnt work.
  Can anybody point me in the right direction please. The devices are ACE 4710 running A3(2.3).
  Thanks

  Try using the following configuration:
  Note: Please make sure to configure also a udp probe to probe udp port 69, in case the application is down.
  You need to configure a management policy on the interface when using a UDP probe.
  That is because, when port 69 on the server will be unreachable, the server will send an ICMP unreachable.
  ACE will consider a udp probe as "failed" only when it sees ICMP unreachable.
  Without a management policy-map, the ICMP unreachable message will be dropped.
  Also, add an ICMP probe to the rserver because udp probe will not be enough when the physical interface will be down.
  That is because UDP is a connection-less protocol. To consider a UDP probe successfull, ACE need to see NO answer from the server in respose to the probe.
  The ACE will not see any answer from the server when the interface is down and thus, will consider the probe as "sucessful".
  With ICMP probe attached to the rserver, you also test the reachability of the server and not only the UDP port.
  Here is the configuration (of course, you can chage the names of the of the objects to the name you are using if you want) :
  access-list ALL line 10 extended permit ip any any
  probe udp TFTP
    port 69
    interval 5
    passdetect interval 15
  probe icmp ICMP_PROBE
    interval 5
    passdetect interval 15
  rserver host TFTP_1
    ip address 10.0.0.1
    probe TFTP
    probe ICMP_PROBE
    inservice
  rserver host TFTP_2
    ip address 10.0.0.2
    probe TFTP
    probe ICMP_PROBE
    inservice
  serverfarm host TFTP-SFARM
    rserver TFTP_1
      inservice
    rserver TFTP_2
      inservice
  sticky ip-netmask 255.255.255.255 address source TFTP-STICKY
    timeout 10
    replicate sticky
    serverfarm TFTP-SFARM
  class-map type management match-any MANAGE
    2 match protocol icmp any
  class-map match-all NAT
    2 match virtual-address 0.0.0.0 0.0.0.0 udp any
  class-map match-all TFTP
    2 match virtual-address 10.0.0.10 udp eq 69
  policy-map type management first-match MANAGE
    class MANAGE
      permit
  policy-map type loadbalance first-match ROUTE
    class class-default
      forward
  policy-map type loadbalance first-match TFTP-POL
    class class-default
      sticky-serverfarm TFTP-STICKY
  policy-map multi-match TFTP-MULTI
    class TFTP
      loadbalance vip inservice
      loadbalance policy TFTP-POL
      nat dynamic 1 vlan 212
    class NAT
      loadbalance vip inservice
      loadbalance policy ROUTE
      nat dynamic 2 vlan 212
  interface vlan 212
    ip address 10.0.0.250 255.255.255.0
    no normalization
    access-group input ALL
    nat-pool 1 10.0.0.241 10.0.0.243 netmask 255.255.255.0 pat
    nat-pool 2 10.0.0.10 10.0.0.10 netmask 255.255.255.0 pat
    service-policy input TFTP-MULTI
    service-policy input MANAGE
    no shutdown
  Let me know how it goes.
  Good luck!

• Use two interfaces on the same network

  Hello every one,
  I actually starting to work on a cisco project. I'm a beginner on networking and cisco technologie.
  For my project we use a router 2921.
  We got two network:
  - Network A: 192.198.0.X / 255.255.255.0 / Gateway 192.198.0.1
  - Network B: 162.168.0.X / 255.255.0.0 / Gateway 162.168.0.1
  Each network use switch, Switch A (connecting to network A) is connected to interface G0/0.
  And Switch B (connecting to network B) is connected to interface G0/1.
  Router well configured as:
  - G0/0: ip address 192.198.0.1 255.255.255.0 (network A)
  - G0/1: ip address 162.168.0.1 255.255.0.0 (network B)
  Every think working fine.
  The problem is with this one, we need to connect a computer on G0/2. This computer is configure as network A (192.198.0.10 / 255.255.255.0 and same gateway).
  I can't configure G0/2 as 192.198.0.1 255.255.255.0 (network A), cause G0/0 use this adresse.
  I can't put this computer on the switch A, my only physical possibilité is to connect him on G0/2.
  We just need to use interface G0/0 and G0/2 as a switch on the router with the same gateway (192.198.0.1)
  How can i connect this computeur? How can i configure two interfaces on the same network and same gateway?
  Thanks you

  I would just put the PC on a different network, but if you really want it to be in the same network, you could use IRB to connect two of the interfaces on the router at layer 2.
  Here is an example config for IRB:
  interface FastEthernet0/0
  bridge-group 1
  interface FastEthernet0/1
  bridge-group 1
  bridge irb
  interface BVI1
  ip address 192.168.0.1 255.255.255.0
  bridge 1 route ip
  Notice that the physical ports do not have IP addresses on them, the IP for the subnet is on the BVI interface.

• How to import nef and psd versions of the same file ?

  Hi, I am new to this so please forgive any daftness. I am trying to import from a folder with nef and psd versions of the same file. Lightroom does not seem to recognise the nef if a psd exists. In fact if I specifically try to import the nef later, I get the message that says lightroom will not import the file because it already exists. The import is set to keep the originals in the existing location and the database is new. This is the first import I have done and noticed that the file count did not match.
  I need to do this because I need to create alternative psd files from the same raw file but I do not see how.
  The psd were created via the bridge to photoshop route.
  Please what am I doing wrong ?
  Many thanks

  Hi thanks for the quick reply. For a "database" application that seems a bit scary. Also I have found that it will import psd and tif and jpg versions of the same file which makes it even odder.
  Do you know if there is a way to tell it to favour nef rather than psd ?
  thanks,

• How to use multiple Interfaces for the same BS?

  Hi @ ,
  Is it possible to have a scenarion where i am using multiple interfaces in the same BS based upon some conditional field in the message.
  I amnot able to get the solution I know with condition editor I can have multiple receivers but in my scenarion based upon message fiels i have to decide which BAPI to be used and wht mapping and then post it to the same System
  Any help will be highly rewarded
  Regards

  Hi-
  Yes it is possible you can use multimapping for mapping the interfaces.
  To know more about multimapping see
  http://help.sap.com/saphelp_nw04/helpdata/en/21/6faf35c2d74295a3cb97f6f3ccf43c/content.htm
  Some more helpful links
  /people/jin.shin/blog/2006/02/07/multi-mapping-without-bpm--yes-it146s-possible

• Can you run Edirol / Focusrite firewire interfaces at the same time?

  Hey Guys,
  I have an Edirol FA-101 but i'm just about to get a Focusrite Saffire (or maybe a Motu 8pre...haven't decided yet) and was wondering if I can run the 2 interfaces at the same time for more inputs...i know i can chain 2 of the edirol ones but i'm not sure if it works with different makes.
  Thanks

  so I actually did get myself a focusrite saffire pro 26 and it's pretty cool (apart from the focusrite computer side interface that seems to have a few bugs when you control by hardware...)
  I'm probably gonna get myself an octopre or a twintrack pro to make use of at least some of the extra digital inputs but for now I have the semi redundant Edirol FA-101 in my rack, if I can get the two working together then that's great!
  I have tried what you said and it did pair them together however it made a really awful noise when trying to record, just intense digital distortion and i'm not really sure why. I'm running it all from a macbook pro with only one FW port (that has the Saffire / Edirol / FW Hard drive / Liquid Mix running from it in that order) do you think this order is more the problem?
  Dave