Applying "route-map" in interfaces with encapsulation dot1q
Hello,
I would like to ask you if there were some trouble in applying route-maps in a interface and its subinterfaces, as it is shown:
interface GigabitEthernet0/2
ip address 11.0.9.26 255.255.255.252
ip policy route-map GestionRadios
interface GigabitEthernet0/2.11
encapsulation dot1Q 11
ip address 11.0.9.18 255.255.255.252
ip policy route-map RedOperativaA
interface GigabitEthernet0/2.12
encapsulation dot1Q 12
ip address 11.0.9.22 255.255.255.252
ip policy route-map RedOperativaB
I am not sure if it is correct totally. Besides I get this informacion doing "show ip policy" and it seems to be right.
Router#show ip policy
Interface Route map
Gi0/2 GestionRadios
Gi0/2.11 RedOperativaA
Gi0/2.12 RedOperativaB
I would be very grateful for your help.
Thanks in advance
Regards,
Sandro
Sandro
We do not have much to work with in your post so giving you really good answers is difficult. You do not tell us what type of device this is (I assume probably a router, but perhaps it is a layer 3 switch?) or what version of code it is running. These things make a difference sometimes in what is supported or is not supported. But since you get output in show ip policy then I assume that the device does support configuration of this feature.
You show us the configuration of the interfaces but not the configuration of the route maps or the access lists which the route maps probably use. So we can not form an opinion of the validity of the route maps or the access lists.
And you do not tell us whether the Policy Based Routing is working or not (and in fact you do not tell us for sure that you are doing PBR - though that is generally what route maps on the interfaces are doing) so we are not clear whether there is a problem here or not.
But based on what you show us in this post I do not see any particular problems with the route maps and the way that you have applied them to interfaces (assuming that your goal is really to do PBR).
HTH
Rick
Similar Messages
-
I have a 6509 that I've setup with route-maps in order to route VLANs in different ways. For example, if we wanted some vlans to get out to the internet we would route them to a certain address. Then there is another vlan that we route to another internet gateway. It was all working pretty good until we swapped out another switch gateway in the network and every since things have been wonky. It seems as though the switch is routing packets that would normally stay on that switch out of the switch then back in, even though my access-list are set to deny the traffic. Here are the access-list and route-maps:
access-list 10 permit 192.168.24.101
access-list 10 permit 192.168.24.102
access-list 100 permit tcp any 172.16.0.0 0.0.255.255 established
access-list 100 permit tcp 192.168.4.0 0.0.3.255 host 172.16.1.10 eq www
access-list 100 permit tcp 192.168.4.0 0.0.3.255 host 172.16.1.11 eq www
access-list 104 permit ip host 172.16.4.11 host 65.54.150.19
access-list 104 permit tcp host 172.16.4.20 any eq www
ip access-list extended BITCENTRAL_INTERNET
deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.3.255
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
permit ip host 172.16.1.170 any
permit ip host 172.16.1.150 any
ip access-list extended EDIT_BAYS
deny ip any 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 any
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
permit ip host 192.168.25.2 any
permit ip host 192.168.26.80 any
permit ip host 192.168.25.104 any
permit ip host 192.168.25.3 any
permit ip host 192.168.26.69 any
permit ip host 192.168.26.71 any
permit ip host 192.168.27.33 any
ip access-list extended ENPS
deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.3.255
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
permit ip host 192.168.24.101 any
permit ip host 192.168.24.102 any
permit ip host 192.168.24.103 any
ip access-list extended ENTRIQ
deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.3.255
deny ip 172.16.0.0 0.0.255.255 192.168.24.0 0.0.3.255
deny ip 192.168.24.0 0.0.3.255 172.16.0.0 0.0.255.255
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
permit ip 172.16.8.0 0.0.0.255 any
ip access-list extended MISC
deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.3.255
deny ip 172.16.0.0 0.0.255.255 192.168.24.0 0.0.3.255
deny ip 192.168.24.0 0.0.3.255 172.16.0.0 0.0.255.255
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
permit ip 172.16.11.0 0.0.0.255 any
ip access-list extended Omneon
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.3.255
deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
permit ip host 172.16.2.11 any
permit ip host 172.16.2.2 any
ip access-list extended ROSS-VLAN
deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
deny ip 172.16.0.0 0.0.255.255 192.168.4.0 0.0.3.255
deny ip 192.168.4.0 0.0.3.255 172.16.0.0 0.0.255.255
permit ip host 172.16.4.20 any
permit ip host 172.16.4.32 any
permit ip host 172.16.4.31 any
permit ip host 172.16.4.29 any
permit ip host 172.16.4.30 any
permit ip host 172.16.4.28 any
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
interface Vlan1
no ip address
shutdown
interface Vlan10
ip address 172.16.1.1 255.255.255.0
ip policy route-map BITCENTRAL
interface Vlan20
ip address 172.16.2.1 255.255.255.0
ip policy route-map OMNEON
interface Vlan30
ip address 172.16.3.1 255.255.255.0
interface Vlan40
ip address 172.16.4.1 255.255.255.0
ip policy route-map ROSS-VLAN
interface Vlan50
ip address 172.16.5.1 255.255.255.0
interface Vlan60
ip address 172.16.6.1 255.255.255.0
interface Vlan70
ip address 172.16.7.1 255.255.255.0
interface Vlan80
ip address 172.16.8.1 255.255.255.0
ip policy route-map ENTRIQ
interface Vlan100
ip address 192.168.27.1 255.255.252.0
ip helper-address 192.168.7.255
ip policy route-map OMNIBUS-VLAN
interface Vlan110
ip address 172.16.11.1 255.255.255.0
ip helper-address 192.168.27.200
ip policy route-map MISC
interface Vlan120
ip address 172.16.10.1 255.255.255.240
ip policy route-map EDIT_BAYS
interface Vlan140
ip address 192.168.4.15 255.255.255.0
ip directed-broadcast 10
interface Vlan500
ip address 192.168.1.19 255.255.255.224
ip classless
ip route 172.22.0.0 255.255.255.248 192.168.4.1
ip route 192.168.0.0 255.255.255.224 192.168.4.254
ip route 192.168.5.0 255.255.255.0 192.168.4.1
route-map BITCENTRAL permit 60
match ip address BITCENTRAL_INTERNET
set ip next-hop 192.168.4.1
route-map EDIT_BAYS permit 50
match ip address EDIT_BAYS
set ip next-hop 192.168.4.1
route-map ENTRIQ permit 80
match ip address ENTRIQ
set ip next-hop 172.16.8.254
route-map MISC permit 40
match ip address MISC
set ip next-hop 192.168.4.1
route-map MSN permit 10
match ip address 104
set ip next-hop 192.168.4.1
route-map OMNEON permit 20
match ip address Omneon
set ip next-hop 192.168.4.1
route-map OMNIBUS-VLAN permit 30
match ip address EDIT_BAYS
set ip next-hop 192.168.4.1
route-map OMNIBUS-VLAN permit 40
match ip address ENPS
set ip next-hop 192.168.4.1
route-map ROSS-VLAN permit 70
match ip address ROSS-VLAN
set ip next-hop 192.168.4.1
route-map SEC-VLAN permit 30
match ip address SEC-VLAN
set ip next-hop 192.168.4.1
Here is how we tested the system and found the error. We cut the connection to 192.168.4.1 router, and when we try to ping a host on the 100 VLAN with the ip address of 192.168.24.101 from the MISC vlan with a ip address of 172.168.11.9 the ping just fails. When we enable the connection to the 192.168.4.1 router the pings go through again. What in my route-map is causing this, I thought I setup the deny rules pretty good?Hi Mike,
Between you and me, this is a lengthy config you have there.
Next don't forget that a route-map doesn't apply to traffic originated or destined to the self-device, unless you use ip local policy in which might work, but there I have seen some nasty bugs.
So if you can shorten your config to one example, then do the tests :
- sourced from device A (it can be the SVI of another switch)
- through your 6509
- destined to device B (it also can be the SVI of another switch, or even simpler some loopback inteface). -
Why packets are being translated by one route-map and not the other?
Hi,
I have 2 NAT rules, each with a route-map to determine which packets are translated. What I don't understand is how to control which NAT rule is applied first..?
In my config, the first of the following rules is applied first, and then the other. I would like to have it the other way round, the second being applied first, and the first being applied second.
ip nat inside source route-map NAT_INTERNET_ACCESS_RMAP interface GigabitEthernet0/1 overload
ip nat inside source static 172.16.101.1 10.10.11.1 route-map NAT_RADIANZ_PIXACCESS_RMAP
The reason why I want it this way round is because the first rule NAT's almost everything so that I can access the Internet. The second rule NAT's specific traffic to a different address.
If I want traffic to be NATTED according to the second rule, I have to deny traffic in the first associated ACL, and permit it in the second ACL. That means I basically have to configure each ACL each time I want packets to be matched by the second NAT rule - there must be a better way of doing it!!!
Any help would be most appreciated.
Many thanks,
Michael.Hello, here's the basic (shortened list). If I want packets to be matched by NAT_RADIANZ_PIXACCESS_ACL I have to put a deny in NAT_INTERNET_ACCESS_ACL. If I could make sure that the first list is used first, and then anything left over compared against the second, then it would make life/editing much easier...
Cheers,
Michael
ip nat inside source route-map NAT_INTERNET_ACCESS_RMAP interface GigabitEthernet0/1 overload
ip nat inside source static udp 10.10.11.1 500 10.10.11.1 500 extendable
ip nat inside source static udp 10.10.11.1 4500 10.10.11.1 4500 extendable
ip nat inside source static 172.16.101.1 10.10.11.1 route-map NAT_RADIANZ_PIXACCESS_RMAP
ip access-list extended NAT_INTERNET_ACCESS_ACL
remark Traffic to Branch A (over VPN)
deny ip 172.16.101.0 0.0.0.255 192.168.1.0 0.0.0.255
remark Traffic to Branch B (over VPN)
deny ip 172.16.101.0 0.0.0.255 172.16.0.0 0.0.0.255
deny ip 172.16.101.0 0.0.0.255 172.16.1.0 0.0.0.255
deny ip 172.16.101.0 0.0.0.255 172.16.2.0 0.0.0.255
deny ip 172.16.101.0 0.0.0.255 172.16.3.0 0.0.0.255
remark Traffic to Cust A (over VPN)
deny ip host 172.16.101.1 host 192.168.0.1
deny ip host 172.16.101.2 host 192.168.0.1
remark Traffic to Cust B (over VPN)
deny ip host 172.16.101.1 host 192.168.0.2
deny ip host 172.16.101.2 host 192.168.0.2
remark Traffic to Cust C (over Radianz VPN)
deny ip host 172.16.101.1 host 192.168.0.3
deny ip host 172.16.101.2 host 192.168.0.3
remark Traffic to Cust D (over Radianz VPN)
deny ip host 172.16.101.1 host 192.168.0.4
deny ip host 172.16.101.2 host 192.168.0.4
permit ip any any
ip access-list extended NAT_RADIANZ_PIXACCESS_ACL
remark Manangement Traffic to Cust C
permit icmp host 172.16.101.1 host xxx.xxx.xxx.xxx
permit icmp host 172.16.101.2 host xxx.xxx.xxx.xxx
permit tcp host 172.16.101.1 host xxx.xxx.xxx.xxx eq 22
permit tcp host 172.16.101.2 host xxx.xxx.xxx.xxx eq 22
remark Manangement Traffic to Cust D
permit icmp host 172.16.101.1 host xxx.xxx.xxx.xxx
permit icmp host 172.16.101.2 host xxx.xxx.xxx.xxx
permit tcp host 172.16.101.1 host xxx.xxx.xxx.xxx eq 22
permit tcp host 172.16.101.2 host xxx.xxx.xxx.xxx eq 22
route-map NAT_RADIANZ_PIXACCESS_RMAP permit 10
match ip address NAT_RADIANZ_PIXACCESS_ACL
set ip next-hop 10.10.11.14
route-map NAT_INTERNET_ACCESS_RMAP permit 40
match ip address NAT_INTERNET_ACCESS_ACL
set ip next-hop xxx.xxx.xxx.xxx -
Hi,
how can apply route-map rules to an interface ?
i set up some rules but i cannot apply these rules any interface.
Thanks a lot.Thank you Kanwal.
in a cisco router you can apply your route-map by using command ip policy map ... İ didnt find any command like this. İ set up some match and set conditions but i do not apply any interface.
can i use route-map to manipulate routing table İn asa 5585-x.?
sincerely -
HI
please help me for the following config if there is any wrong configuration
**** PLEASE ITS CRITICAL PEOBLEM HELP ME ****
i Have 2 cacheServer in my network and it connected to a Border Router Via different link for each Cache Server
and the border router connect to 2 Router Users
i create route map to send traffic User 1 to cache server 1 and send traffic User 2 to Cache Server 2
User 1 IP range : 20.20.20.0 255.255.255.0
User 2 IP range : 30.30.30.0 255.255.255.0
CacheServer 1 : 1.1.1.2
CacheServer 2 : 2.2.2.2
Port gig 0/25 connect to my ISP
interface gig 0/1
description " To - CacheServer 1 "
no switchport
ip address 1.1.1.1 255.255.255.252
interface gig 0/2
description " To - CacheServer 2 "
no switchport
ip address 2.2.2.1 255.255.255.252
shutdown
interface gig 0/3
description " To - User 1 "
no switchport
ip address 10.10.2.1 255.255.255.248
ip policy route-map Cient_side_map1
interface gig 0/4
description "To- User 2"
no switchport
ip address 10.10.3.1 255.255.255.248
ip policy route-map Client_side_map2
interface gig 0/25
description " Tishknet-To-ISP "
no switchport
ip address 192.168.1.2 255.255.255.248
ip policy route-map Internet_side_map
ip access-list extended Client_side1
permit tcp 20.20.20.0 0.0.0.255 any eq www
ip access-list extended Client_side2
permit tcp 30.30.30.0 0.0.0.255 any eq www
ip access-list extended Internet_side1
permit tcp any eq www 20.20.20.0 0.0.0.255
ip access-list extended Internet_side2
permit tcp any eq www 30.30.30.0 0.0.0.255
route-map Cient_side_map1 permit 10
match ip address Client_side1
set ip next-hop 1.1.1.2
route-map Internet_side_map permit 10
match ip address Internet_side1
set ip next-hop 1.1.1.2
route-map Internet_side_map permit 20
match ip address Internet_side2
set ip next-hop 2.2.2.2
route-map Client_side_map2 permit 20
match ip address Client_side2
set ip next-hop 2.2.2.2
****PLEASE INFORM ME IF THERE IS ANY ERROR PLEASE ASS SOON AS POSSIBLE *****Rawa
Do you mean this -
route-map Internet_side_map permit 10
match ip address Internet_side1
set ip next-hop 1.1.1.2
route-map Internet_side_map permit 20
match ip address Internet_side2
set ip next-hop 2.2.2.2
the above will -
1) if the packet matches the first permit statement it will be sent to 1.1.1.2. If there is no match then -
2) if the packet matches the second permit it will be sent to 2.2.2.2. If there is no match then -
3) the packet will be routed using the routing table.
That is how it will work. I don't know whether this will do what you want though without knowing how your network is setup.
Jon -
Can't apply policy route-map on C3750 stack vlan interface
Hi All.
I've come up with this problem and i could see some people have had the same issue. I've tried to overlook and check other replies but it didn't help me. So I'm hoping someone could spot the problem. Here are the details:
2 x WS-C3750G-24T-E in stack
Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
switch#sh sdm prefe
The current template is "desktop IPv4 and IPv6 routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 1.5K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 2.75K
number of directly-connected IPv4 hosts: 1.5K
number of indirect IPv4 routes: 1.25K
number of IPv6 multicast groups: 1.125k
number of directly-connected IPv6 addresses: 1.5K
number of indirect IPv6 unicast routes: 1.25K
number of IPv4 policy based routing aces: 0.25K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 0.5K
number of IPv6 policy based routing aces: 0.25K
number of IPv6 qos aces: 0.5K
number of IPv6 security aces: 0.5K
There are 2 ISPs, G1/0/1 and G2/0/1. After creating a route-map i can apply a policy route-map to Vlan5 and it accepts without any errors. But when you do sh run vlan5 the command is not there, it's not applied.
Any help will be appretiated.
Thanks.Hi Jon.
Thanks for your reply. I didn't put those configs as they're basic without use of VRF and WCCP. Also i've checked or tried to find the list of unsupported commands and didn't see them in that list. See config below with some extras:
track 11 rtr 1 reachability
track 22 rtr 2 reachability
ip routing
no ip dhcp use vrf connected
interface GigabitEthernet1/0/1
description ISP1
no switchport
ip address 9.9.9.2 255.255.255.252
no ip proxy-arp
no ip mroute-cache
speed 100
duplex full
ipv6 address 2B01:4B8:0:3::2/64
ipv6 ospf 1 area 0
no mdix auto
no cdp enable
interface GigabitEthernet2/0/1
description ISP2
no switchport
ip address 9.9.9.5 255.255.255.252
ip ospf cost 10000
speed 1000
duplex full
ipv6 address 2B01:4B8:0:7::2/64
ipv6 enable
ipv6 ospf cost 10000
ipv6 ospf 1 area 0
interface Vlan5
description Company Ext Subnet
ip address 9.9.8.1 255.255.255.128
no ip proxy-arp
no ip mroute-cache
ipv6 address 2B01:4B8:1:22::1/64
ipv6 ospf 1 area 15
access-list 111 permit tcp any any eq www
route-map pbr1 permit 10
match ip address 111
set interface GigabitEthernet2/0/1 GigabitEthernet1/0/1
route-map pbr1 permit 20
set interface GigabitEthernet1/0/1 GigabitEthernet2/0/1
route-map pbr2 permit 10
match ip address 111
set ip next-hop verify-availability 9.9.9.6 1 track 11
set ip next-hop 9.9.9.1
route-map pbr2 permit 20
set ip next-hop verify-availability 9.9.9.1 1 track 22
set ip next-hop 9.9.9.6
I've tried to apply both policies pbr1 and pbr2, it allowed to do that without errors but at the end it wasn't there.
Cheers, -
Route map does not applied on interface vlan
Hi all,
could you pls tell me why i can't apply a route-map on an interface vlan,
belown my config:
SWBBO(config-if)#ip policy route-map TEST
^
% Invalid input detected at '^' marker.
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 04-Jan-13 01:38 by prod_rel_team
ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
BBWMASALE01 uptime is 40 weeks, 1 day, 6 minutes
System returned to ROM by power-on
System restarted at 22:12:07 UTC Mon Feb 18 2013
System image file is "flash:/c3750e-universalk9-mz.150-2.SE1.bin"
Best regards,
JamesHi jon,
belown the result of sh sdm prefer,so need i a licence ip service to apply the route-maap on the interface vlan,or just entrer the config"sdm prefer routing" and reboot the switch?
SWBB0#sh sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv6 multicast groups: 64
number of directly-connected IPv6 addresses: 74
number of indirect IPv6 unicast routes: 32
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 0.875k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0
number of IPv6 security aces: 60 -
Encapsulation dot1q is not working?, 2600 Cisco router
I am trying to config a 2620 Cisco router to perform subintreface (F0/0.1) for Vlan Trunk Protocol, however when I try to configure the encapsulation dot1q, I continue to receive error massage with ^ symbol below the 'c' See below, the platform version is a 12.3(26) which should be acceptable to perform an (encapsulation dot1q). The Ethernet is a fast-Ethernet 10/100 port. I also try the ISL, I receive the same massage.
Can anyone suggest what could be the problem!!
Thank you all!!!!!
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
Router(config-subif)#encapsulation dot1q 1
^ % Invalid input detected at '^' marker. Router(config-subif)#
==================================================================================================== Router#show version
Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 15:23 by dchih ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1) Router uptime is 5 minutes System returned to ROM by power-on System image file is "flash:c2600-i-mz.123-26.bin" cisco 2620 (MPC860) processor (revision 0x600) with 28672K/4096K bytes of memory . Processor board ID JAD05440GAN (1508240486) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 1 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Router#
==================================================================================================
Router#sh flash
System flash directory:
File Length Name/status
1 7754580 c2600-i-mz.123-26.bin [7754644 bytes used, 633960 available, 8388604 total]
8192K bytes of processor board System flash (Read/Write)
Router#jesse rodriguez wrote:I am connected through the console, Here are the output.Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Router(config)# Router(config)#int f0/0 Router(config-if)#no ip address Router(config-if)#no shutdown Router(config-if)# *Mar 1 00:01:36.891: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t o up Router(config-if)# Router(config-if)#int f0/0.1Router(config-subif)#enc ? % Unrecognized commandRouter(config-subif)#en? % Unrecognized command Router(config-subif)#en ? % Unrecognized command Router(config-subif)#enJesse
It's possible your feature set it not good enough to run trunking.
Trunking apparently requires a minimum of the IP PLUS feature set according to this document
http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml
table 2 shows a minimum IOS of 12.0(1)T and IPPLUS/IPPLUS on the 2620 - so your IOS revision is OK, but maybe your feature set is not.
You can figure which feature set you have by going here
http://tools.cisco.com/ITDIT/CFN/Dispatch?act=rlsSelect&task=search&searchby=image
and entering your image name (assuming it's not been stuffed with) which you can find by doing "show flash" or "dir"
If you don;t have the right feature set, then you're out of luck unless you can upgrade/change the IOS image the router is booting with.
Cheers. -
Hi all,
may some of you tell me the real meaning of the sub-command "set interface <intf>" under the route-map section?
I thought it was like the <intf> parameter whe you set a route out of an interface.
I tried it with a PIX that should have to act as proxy-arp device but nothing happened.
Everything worked fine using "set ip next-hop ..."
The topology appears a little bit complicated if explained how I built it in practice.
Just a PIX525, a switch and a router 877 that manages VLANS.
I reproduced the environment that doesn't see 2 ethernet interfaces on the router where the policy is applied but 1 serial and 1 ethernet. By now there are 2 devices, one per link, and the def route is based on proxy-arp both for the serial and the ethernet.
Hope the scenario was clearly depicted.
TIA
AlexPlease refer to this document..
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml
HTH,
Ahmed -
Can you help? Two dialer interfaces with IP SLA for default route failover - issues
I have an issue with a Cisco 2821, it has an ADSL2+ HWIC whose ATM interfaces is linked to dialer 1 and a Gi0/1 interface with a pppoe client which is linked to dialer 2. Both dialer interfaces are up with their respective IP addresses. If the ADSL on dialer 1 fails i want the IP SLA to kick and and replace the default route for dialer 1 with one for dialer 2.
This config works if you manually shut down the dialer 1 interface, it injects the default route for dialer 2 and then when you unshut the interface, the default route for dialer 1 comes back. The problem i have is if you take out the cable for the ATM interface and take it down, it does not take the route out the routing table and the default route for dialer2, which works if you just shut down dialer 1 does not appear.
whats the difference between shutting down dialer1 and it fails over the default route and taking the cable out then it does not?
Here is my config, i'm sure its something simple i'm doing wrong, can anyone help???
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 $1$qOOJ$HV5AH6US/YZMuCGPYp3pP.
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.0.1
ip dhcp pool pool1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 188.92.232.50 188.92.232.100
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
archive
log config
hidekeys
track 1 ip sla 1 reachability
interface GigabitEthernet0/0
description Gi0/30 Local LAN
ip address 192.168.0.1 255.255.255.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
snmp trap ip verify drop-rate
no mop enabled
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
interface ATM0/2/0
description ATM0_DSL
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname ********@ccsleeds.net
ppp chap password 0 ********
ppp pap sent-username *******@ccsleeds.net password 0 ********
interface Dialer2
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
encapsulation ppp
dialer pool 2
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname **********@adsllogin.co.uk
ppp chap password 0 *********
ppp pap sent-username *********@adsllogin.co.uk password 0 ***********
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2 10
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip sla 1
icmp-echo 8.8.8.8 source-interface di1
timeout 1000
threshold 100
frequency 3
ip sla schedule 1 life forever start-time now
access-list 1 permit 192.168.0.0 0.0.0.255
control-plane
gatekeeper
shutdown
line con 0
line aux 0
line vty 0 4
password test
login
scheduler allocate 20000 1000
endSure that EEM can shut/unshut interface...you have "event track" in EEM for monitoring track events...for example:
event manager applet test
event track 1 state down
action 1.0 command "enable"
action 1.1 command "conf t"
action 1.2 command "interfac dialer 1"
action 1.3 command "shut"
action 1.4 syslog "Dialer 1 down!!!"
action 1.5 end
This would be an example from head :)
You would need another EEM similar to this one for unshutting interface with "event track 1 state up" for bringing interface up again.
Again as I said you would need to test this before putting in production and you would maybe need to tweak this a little bit acording to your needs...
BR,
Dragan -
PBR - adding a route map to an interface
Hello.
I cannot add a route-map to an interface on a C3750 stack
I have copied the switch details below
#sho ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 19-Jul-07 19:15 by nachen
Image text-base: 0x00003000, data-base: 0x01280000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE3, RELEASE SOFTWARE (fc1)
Pleidelsheim_V1B_Core uptime is 16 hours, 43 minutes
System returned to ROM by power-on
System restarted at 22:01:48 CET Wed Mar 3 2010
System image file is "flash:/c3750-ipservices-mz.122-35.SE5.bin"
cisco WS-C3750G-24TS (PowerPC405) processor (revision P0) with 118784K/12280K bytes of memory.
Processor board ID CAT1130ZK5F
Last reset from power-on
9 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1D:46:8C:22:80
Motherboard assembly number : 73-7058-14
Power supply part number : 341-0045-01
Motherboard serial number : CAT113059LV
Power supply serial number : PHI1114L1PJ
Model revision number : P0
Motherboard revision number : A0
Model number : WS-C3750G-24TS-E
System serial number : CAT1130ZK5F
Top Assembly Part Number : 800-22348-07
Top Assembly Revision Number : A0
Version ID : V07
CLEI Code Number : COM7700ARA
Hardware Board Revision Number : 0x09
Switch Ports Model SW Version SW Image
* 1 28 WS-C3750G-24TS 12.2(35)SE5 C3750-IPSERVICES-M
2 28 WS-C3750G-24TS 12.2(35)SE5 C3750-IPSERVICES-M
Switch 02
Switch Uptime : 16 hours, 43 minutes
Base ethernet MAC Address : 00:21:A1:2E:78:00
Motherboard assembly number : 73-7058-15
Power supply part number : 341-0045-01
Motherboard serial number : FDO121903D2
Power supply serial number : LIT121603VV
Model revision number : Q0
Motherboard revision number : A0
Model number : WS-C3750G-24TS-E
System serial number : CAT1105RGN2
Top assembly part number : 800-22348-08
Top assembly revision number : A0
Version ID : V08
CLEI Code Number : COMUJ10ARA
Configuration register is 0xF
#sho sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
When I try to add the route map
interface Vlanx
ip policy route-map xx
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map xx not supported for Policy-Based Routing
Can anyone see what could be wrong?Okay, just realised the route-map is not valid.
The settings are okay.
access-list 160 remark WIRELESS GUEST PBR FWD TRAFFIC
access-list 160 permit tcp 172.16.168.128 0.0.0.63 any
access-list 160 permit udp 172.16.168.128 0.0.0.63 any
access-list 160 permit ip 172.16.168.128 0.0.0.63 any
access-list 160 permit icmp 172.16.168.128 0.0.0.63 any
route-map GUEST_VLAN-to-WEB permit 20
description FWD REMAINING GUEST TRAFFIC TO PROXY
match ip address 160
set interface Null0
Doesn't like the set interface Null0
How else could I setup a black hole -
3845 Router do not work with NME-X23ES-1GP Interface card
Need help!
I Trying install interface card NME-X 23ES-1GP on 3845 Router. I installed this card in slot 4, but router could not communicate with this card.
IOS version in Router 12.3
Here is results show diag command:
Slot 4:
Unknown (type 1187) Port adapter
Port adapter is disabled deactivated
Port adapter insertion time unknown
EEPROM contents at hardware discovery:
Hardware Revision : 1.0
Top Assy. Part Number : 800-25011-01
Board Revision : A0
Deviation Number : 0-0
Fab Version : 03
PCB Serial Number : FOC090009VC
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : NME-X-23ES-1G-P
Version Identifier : V01
Base MAC Address : 0013.8088.9f80
MAC Address block size : 128
EEPROM format version 4
EEPROM contents (hex):
Possibly IOS release too old?Thank you for link. I read all information on this link. But I can't solve the problem.
Commands "show version" and "show flash:" show my the IOS image file version on Router (but not on interface modules). Here is Routers IOS image:
c3845-advipservicesk9-mz.123-11.T5.bin
I Can't connect to and open a session on the interface module. Command service-module interface slot/port session don't work.
What I should do next?
May is ncessarily upgrade Software on router?
Here is results show version and show flash:
BIG1#show flash:
-#- --length-- -----date/time------ path
1 29801400 Jun 28 2005 04:47:46 +00:00 c3845-advipservicesk9-mz.123-11.T5.bin
2 1651 Jun 28 2005 04:55:18 +00:00 sdmconfig-38xx.cfg
3 3085312 Jun 28 2005 04:55:40 +00:00 sdm.tar
4 763392 Jun 28 2005 04:55:56 +00:00 es.tar
5 820224 Jun 28 2005 04:56:10 +00:00 common.tar
6 1038 Jun 28 2005 04:56:24 +00:00 home.shtml
7 113152 Jun 28 2005 04:56:36 +00:00 home.tar
8 749101 Jun 28 2005 04:56:52 +00:00 256MB.sdf
9 1208320 Jun 28 2005 04:57:08 +00:00 ips.tar
27451392 bytes available (36560896 bytes used)
BIG1#show version
Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.3(11)T5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Sat 02-Apr-05 15:14 by yiyan
ROM: System Bootstrap, Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)
BIG1 uptime is 57 minutes
System returned to ROM by reload at 07:11:45 UTC Tue Jul 12 2005
System image file is "flash:c3845-advipservicesk9-mz.123-11.T5.bin"
Cisco 3845 (revision 1.0) with 223232K/38912K bytes of memory.
Processor board ID FCZ0927714C
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
4 Voice FXS interfaces
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
62720K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102 -
Mapping in Services Interface with multiple operation... ?
Hi ALL,
I have a SOAP to SOAP scenario here Just PI 7.1 with EHP1 acting a bus no mapping nothing .
1) I have the WSDL file from the receiver system with multiple synchronous operations in it ..i imported the wsdl as External Definition .. i used the same the WSDL file to create the sender Service interface also...
when i created the service interface with the operation in it , i just gave the same operation name from the WSDL.this i followed for the sender and receiver service interface.
1)now the issue is do i need any operation mapping if the service interface has more than one operation ...?
2) I compelted the scenario without any operation mapping ..but i am getting this error ..Problem occurred in receiver agreement for sender -ICRM_D to receiver -EXACTTGETWEBSERVICE_D,http://ICRMtoExactTaetWebservice.com.si_os_ICRM_EXACTTETWEBSERVICE: No standard agreement found for , ICRM_D, , EXACTTARGEBSERVICE_D, http://ICRMtoExactarebservice.com, si_os_ICRM_EXACGETWEBSERVICE..?
pls help me in this issue..
Thanks
Souzyou might want to read this /people/shabarish.vijayakumar/blog/2010/09/08/service-interface-and-multiple-operations--is-it-just-an-hype
you will need to create additional configurations for multiple operations to be supported -
Problem in configuring IPv6 interface with default Router lifetime.
I'm facing Problem in configuring IPv6 interface with default
Router lifetime through a router advertisement.
I'm also see an unusual behavior that even after configuring accept_rtadv=0,
the ipv6 address is configured.
Please help in out .Mac OS 9 does not support IPv6. While you can have IPv6 on your network, a Macintosh running Mac OS 9.2.2 or earlier cannot make connections to services using this network protocol.
To use IPv6 on a Macintosh, you need Mac OS X 10.1 or later (as far as I know).
—tonza -
Non existent route-map applied to redistribution
If a non existent route-map is referred in a redistribute command . How does it effect ?
Example configuration
address-family ipv4 vrf VRF:MMS:MGD:XLC:190
redistribute connected route-map MGD_XLC
redistribute static route-map VPN_XLC
no synchronization
exit-address-family
The above mentioned route-maps don't exist in the configurationHi,
By its very nature, this is an incorrect configuration. Different IOS versions may react differently to incorrect configuration. Therefore, do not take the results you find out on your particular router as a general rule.
In principle, there are only two possibilities when you reference a non-existent route-map in your redistribution: Either all routes are redistributed indiscriminately, or no routes are redistributed at all. Now, in your case, checking the show ip bgp vpnv4 vrf VRF:MMS:MGD:XLC:190 and comparing it with show ip route vrf VRF:MMS:MGD:XLC:190 static and show ip route vrf VRF:MMS:MGD:XLC:190 connected should tell you right away whether any (that is, all) or no routes have been injected into BGP RIB from this VRF.
Best regards,
Peter
Maybe you are looking for
-
Problems with a Restore after trying to resolve problems with Yosemite
Hi there, I stupidly upgraded my OS to Yosemite without waiting a month or so for any problems to be fixed. After the upgrade which went really well, or so I thought, all my apps worked, and I was very happy with it until I switched to Bootcamp to to
-
Hello Experts, I am wondering if there is a way that i can control the report link. I have a report which has action link to another report and i have the report which has action link on the dashboard. I have choosen the customize option for the repo
-
BO BI 4.0 java sdk NoClassDefFoundError IException
We are upgrade current system BO XI R2-->BO BI 4.0. Everything is ok in windows environment. After we deploy web app to websphere unix environment, we get java exception: java.lang.NoClassDefFoundError: com/businessobjects/foundation/exception/IExcep
-
Can anyone tell me where mail keeps its error logs. I got some weird message while closing mail the other day on my .mac account about not being able to delete or something with imap. Please Help Thanks
-
From http://www.w3schools.com/rdf/rdf_owl.asp: <quote>OWL is Different from RDF OWL and RDF are much of the same thing, but OWL is a stronger language with greater machine interpretability than RDF. OWL comes with a larger vocabulary and stronger syn