ASR 1000 election
Hello all,
We are about to change our Internet Gateway Routers in our main datacenter. Now we have two C3945 as a Internet Gateway Routers and other two C3945E as Core Routers.
We are evaluating the possible alternatives and we think that the ASR 1000 series is the better solution for us. But we have reviewed the Ordering Guide and we have several doubts about that. Our first approach was buy two ASR 1001 in order to substitute the actual four routers. In theory this solutions offers us 100% redundant scenario (hardware and software) but in the Ordering Guide specifies the following: software redundancy (FLSASR1-IOSRED) is not recommended for Internet Gateway deployments.
What means this exactly ? Why is not recommended the software redundancy in the Internet Gateway deployments?
The second approach is install just one 1006 with redundant RP and ESP. But maybe this deployment is too big for our organizations. Also in this case the solution is not 100% redundant.
Could someone help us with this topic?
Regrads,
Hi Xander,
Thanks for your reply. I apologize if it is not the correct sub-forum to post my question. Maybe the forum description confused me:
Access troubleshooting, configuration, protocols, and technical resource topics on Cisco XR OS and Platforms for enterprise applications and Cisco Product connections, including: XR OS and Platforms, ASR 1000, ASR 9000, ASR9K, MPLS, IOS XR, XR PIEs, XR AS9000.
Anyway, I can understand from your answer that Cisco has not tested yet certain functionalites with dual-IOSd. I do not understand how this can affect in a scenario with double chassis (two ASR1001 for example). Maybe I'm forgetting something important...
I will take a look to the Cisco ASR9001 as you recommend.
Regards,
Similar Messages
-
Hello,
please Urgent Help
I have ASR 1000 with asr1000rp2-adventerprisek Version, when I give PPP Multilink to the dialer interface it show following error :
FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:
MLP bundle , link download to CPP failed
please urgent helpthis error comes with the command PPP multilink, it is a lot of letters and numbers and then this last line comes this message
FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:
MLP bundle 181, link 178 download to CPP failed
the configuration still not installed but I configured just the following lines
interface Virtual-Template
ip unnumbered Loopback2
ip mtu 1440
ip load-sharing per-packet
ip tcp adjust-mss 1400
no logging event link-status
peer default ip address pool
ipv6 unnumbered Loopback2
ipv6 enable
no ipv6 nd suppress-ra
ppp authentication pap chap callin
ppp multilink
ppp multilink fragment delay 100
ppp multilink mrru local 1546
that were the lines used to configure this Dialer, the image must be asr1000rp2-adventerprisek and not Ipbase but I dont tried to use IPbase.
what do think ? -
Error message on ASR 1000 logs.
Hi Everyone,
Good day.
I am seeing the below errors from the ASR 1000 that I have and It is not very clear on what the error actually means.
If someone have had experience with this kind of similar error message, kindly assist:
Apr 11 12:02:08.744 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:09.442 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:13.381 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:13.986 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:18.312 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:18.765 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:22.827 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:23.449 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:27.777 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:28.090 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:32.649 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:32.686 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:37.397 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:37.552 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:42.062 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:42.259 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:46.775 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:47.200 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:51.347 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:51.977 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:56.271 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:02:56.835 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:01.140 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:01.787 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:06.064 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:06.325 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:10.949 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:11.039 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:15.533 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Apr 11 12:03:15.858 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
Thanks
Kanes.RHi,
Ok, the message is indicating that one of the tunnels can't find the adj device through default route (0.0.0.0)
Check your tunnels and make sure they are all working correctly and have peering. I am not sure if this is possible, but see if you can figure out if the tunnels have been running for some times or anyone of them flapping
HTH -
hi,
We are planning to change our 7206VXR as P/PE routers. Currently we only have 2 nodes that is running on STM-1. on each node we have 7206VXR NPEG2 that is acting as PE and P router.
our requirement is getting bigger we will be upgrading our WAN links to STM-4 soon (and to STM-12 in the future) and we will also be adding more nodes.
I'm confused on what platform would be best for our network, 7600 or ASR1000......7600???? 7606 or 7604? ASR 1000???? ASR1004 or ASR 1006.
I want my router to accomodate the growth in the network.
I need your advise/expertise on this.
Thanks in advance....
RachelleHi,
ASR1k runs IOS-XE, which is IOS. It does not run IOS-XR. ASR9k runs IOS-XR.
The newer platforms, like ASR1k, ASR9k, have more throughput, while 7200 e.g. has a bigger
range in different kinds of port adaptors. If you only plan to use ethernet interfaces for example, then
you could only look at the newer platforms like ASR1k, ASR9k, or even 7600 and choose
a specific model based on the number of ports you'd need.
Thanks,
Luc -
Hi All,
I need to extend Layer 2 between two Data Centers over IP cloud. I am looking at the EoMPLSoGRE option and wondering which ASR I need to buy to have this feature working. Will basic model of ASR 1000 do? Or, do we have to buy any specific model of ASR ( and SPAs) for this EoMPLSoGRE to be working. Any specific version of IOS needed for this feature?
As of now, we have L3 MPLS VPN between the sites, terminated on Cisco 3900 series routers. We want to use this IP cloud to build this L2 extension just temporaily for migrating some servers where we cannot change the IP address of the servers due to application complexities.
Any help is hightly appreciated. Also, if you can point me to a sample setup and configuration for EoMPLSoGRE, it would be of great help.
Thanks and Regards,
Mohan MuthuAny ASR Model running IOS XE 2.4+ supports ATOM Over GRE, i would recommend you to read this document in detail, and tell us if you need any further help.
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/Deploying_and_Configuring_MPLS_Virtual_Private_Networks_In_IP_Tunnel_Environments.pdf -
Where to check license details - ASR 1000 firewall
Hi,
I am looking for for details meaning of license because I cannot found the details install. The license call
FLASR1-FW-RTU(=)
that is used to enable the firewall function in ASR 1000 series. But I don't clear about what feature inside, it is because it only show the "firewall" from website. Is that same as IOS firewall?
Thanks!Hello,
If you look at the ordering guide: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html
Firewall service: The Cisco ASR 1000 Series Router Firewall application requires a RTU license (FLASR1-FW-RTU(=)), which allows you to enable Layer 4-through-Layer 7 firewalling. To enable per subscriber/user firewall in broadband and enterprise deployments, the firewall RTU license, as well as the number-of-session licenses listed in the "Broadband service" section, is required. Please refer to the "Per subscriber/user firewall service" section.
Now, if you want to know more in detail what the ASR1000 can do, you can refer to the product documentation: Network Security Features for Cisco ASR 1000 Series Routers: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet__network_security_features_for_cisco_asr_1000_series_routers.html
You have a full paragraph explaning zone based firewall, search for "Cisco IOS Zone-Based Firewall" -
Hello!
I have an issue regarding to an ASR 1006 RP2 (Cisco IOS XE Software, Version 03.10.01.S)
I was removing a prefix, to stop announcing to an ISP:
no ip prefix-list announced_prefixes seq 10 permit X.X.X.X/Y
router bgp XXXX
address-family ipv4
no network X.X.X.X mask Y.Y.Y.Y
Then this log messages start to appear and there are constant:
Nov 13 22:10:46.880 Mexico: OER BGP: Inside withdrawn X.X.X.X/Y
Nov 13 22:10:46.880 Mexico: OER BGP: Inside withdrawn X.X.X.X/Y
Nov 13 22:10:46.882 Mexico: OER BGP: Inside withdrawn X.X.X.X/Y
Nov 13 22:10:46.882 Mexico: OER BGP: Inside withdrawn X.X.X.X/Y
Nov 13 22:10:46.882 Mexico: OER BGP: Inside withdrawn X.X.X.X/Y
Each of those are for different prefixes (which I don't announce) and there's no sight of this messages on the logging:
ASR1006#sh log | in Nov 13
Nov 13 22:09:27.950 Mexico: %SYS-5-CONFIG_I: Configured from console by user on vty0 (X.X.X.X)
Nov 13 22:10:58.247 Mexico: %SYS-5-CONFIG_I: Configured from console by user on vty0 (X.X.X.X)
Nov 13 22:12:07.172 Mexico: %SYS-5-CONFIG_I: Configured from console by user on vty0 (X.X.X.X)
ASR1006#
I have no configuration of OER on the device nor on the infraestructure, and it's the only ASR that is presenting this log.
Does anyone have the same problem??
Can anyone help us with information about it?
I appreciate for your help.
Alejandro MadridHi,
Ok, the message is indicating that one of the tunnels can't find the adj device through default route (0.0.0.0)
Check your tunnels and make sure they are all working correctly and have peering. I am not sure if this is possible, but see if you can figure out if the tunnels have been running for some times or anyone of them flapping
HTH -
Ip port-map user on ASR 1000 IOS XE
Hi.
I'm trying to build a firewall and wanted to use the "ip port-map user-xxx ..." command to make a custom protocol that I could then use in protocol statement insice a class-map type inspect.
Is this yet another thing missing from IOS XE, like the lack of object-group command?
Best regards.Hello Damjan,
You are right Sr,
ASR ZBFW does not support user defined port-mapping
Now, you could match the traffic with an ACL and inspect it, the ZBFW will not break the connection, it will actually be succesfull so even though the command is not supported on the ASR1K you could still make it happen
EDIT: If you are going to create a user-defined protocol the ACL would be the same thing,
If you are trying to map a standard protocol to a non-standard protocol then you need to use the IP port-map command (not supported ASR1K)
So bottom line: In your case with the ACL you will be more than fine
For Networking Posts check my blog at http://laguiadelnetworking.com/
Cheers,
Julio Carvajal Segura -
Hello all,
We are having problems with our slow OTV. The topology is setup as:
Main DC:::::::::::::Servers --> Nexus 5K --> ASR1K -----> (Core)---> (WAN)---->::::::::::::DR site::::::::::::::: ASR1K ---> Nexus5K ---> servers (for replication)
We have a 1 gig connection of WAN. but when our server group do replication the maximum speed is 60-70 Mbps on the WAN using the OTV link.
Other configurations are:
No Jumbo frames are allowed.
Fragmentation is allowed at the join interface of both the ASR because the of OTV header of 42 bytes.
We have full connectivity but the link is slow. What could be the possible solution?
Response will really appreciated.
ThanksHello, can you run ttcp along with iperf end to end and see what speeds you actually getting (not OTV but routed)
Then set your benchmark, OTV should not be extremely far off the actual speed. Please also make sure MTU is enough all the way from end to end WAN links.
Bilal - CCIE #45032 -
IPsec over GRE in ASR 1000 with VRF
Hi
I´m trying to configure IPsec over GRE tunnel between Cisco 819G remote router and ASR 1002 central router using crypto maps. Currently ASR router has two vrf´s (management vrf and EXTERNOS2 vrf) and in the future we are going to deploy different "virtual" routers from this box. I don´t know why it doesn´t work, tunnel interface doesn´t go up. Taking a view to debugs obtained from ASR router (debug crypto isakmp and debug crypto ipsecI see the following errors:
Oct 3 13:11:33: IPSEC(validate_proposal_request): proposal part #1
Oct 3 13:11:33: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 10.255.68.246:0, remote= 10.200.25.106:0,
local_proxy= 10.255.68.246/255.255.255.255/256/0,
remote_proxy= 10.200.25.106/255.255.255.255/256/0,
protocol= ESP, transform= NONE (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Oct 3 13:11:33: Crypto mapdb : proxy_match
src addr : 10.255.68.246
dst addr : 10.200.25.106
protocol : 0
src port : 0
dst port : 0
Oct 3 13:11:33: map_db_check_isakmp_profile profile did not match
Oct 3 13:11:33: Crypto mapdb : proxy_match
src addr : 10.255.68.246
dst addr : 10.200.25.106
protocol : 0
src port : 0
dst port : 0
Oct 3 13:11:33: map_db_check_isakmp_profile profile did not match
Oct 3 13:11:33: map_db_find_best did not find matching map
Oct 3 13:11:33: IPSEC(ipsec_process_proposal): proxy identities not supported
Oct 3 13:11:33: ISAKMP:(35001): IPSec policy invalidated proposal with error 32
Oct 3 13:11:33: ISAKMP:(35001): phase 2 SA policy not acceptable! (local 10.255.68.246 remote 10.200.25.106)
anybody could help me to troubleshoot why it doesn´t work?
I post you involved configuration sections from ASR and 819G routers
B.R.Ops!! I forgot to paste involved routes from both devices.
ASR router
ip route vrf EXTERNOS2 10.200.24.0 255.255.248.0 10.255.68.245 tag 6
ip route vrf EXTERNOS2 185.1.1.0 255.255.255.0 Tunnel21 tag 6 <--- c819G LAN network
Cisco 819G
ip route 0.0.0.0 0.0.0.0 Tunnel1
ip route 10.255.68.246 255.255.255.255 Cellular0
B.R. -
7600 or ASR 1000 Series as ISP EDGE WAN
Hi experts,
I want your opinion on something.
We currently have 6 STM1 and will soon have an additional 2x STM4.
The existing STM's are connected on a 7600.
We are planning to do a major upgrade in order to cater for the additional STM4 and will be grateful if i can have your views on the matter.
Right now we cannot accept full BGP table from our upstream provider due to the low mem on the 7600.
So we are thinking on either going towards two 7600 with SUP3cXL which will be able to cater for the full BGP table + we need to buy additional line cards. Or we go towards the ASR1000 series, which i think might be an overkill, but am definitely thinking of future growth.
Thanks to advise.
Regards,
SteveThanks vmiller.
We don't need any additional cards apart for the POS ports and 3X10G interfaces.
Plus we need something that will be able to cater for the whole BGP table.
I was task to build a business case on the matter. But it will be a bit difficult to convince the business on the go about of the ASR (if you know what i mean). So my business case needs to be solid.
Anyway thanks for your help.
Regards,
Steve -
Dear Sirs!
Approximately once in week, my friends get reload F0 card - ESP-10:
Sep 13 00:50:19.676: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Sep 13 00:50:19.677: %CPPHA-3-FAULTCRASH: F0: cpp_ha: CPP 0.0 unresolved fault detected, initiating crash dump.
Sep 13 00:50:19.681: %CPPHA-3-FAULTCRASH: F0: cpp_ha: CPP 0.0 unresolved fault detected, initiating crash dump.
Sep 13 00:50:19.683: %CPPDRV-6-INTR: F0: cpp_driver-0: CPP10(0) Interrupt : 14-Sep-13 00:50:19.668657 UTC+0800:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0
Sep 13 00:50:20.299: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
Sep 13 00:50:22.324: %CPPDRV-3-LOCKDOWN: F0: cpp_cp: CPP10(0) CPP Driver LOCKDOWN due to fatal error.
Sep 13 00:50:22.341: %CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error -Traceback= 1#74fded098ef464b6f57a79773f56a094 errmsg:C5B4000+2230 cpp_common_os:CC6B000+C6D0 cpp_common_os:CC6B000+C4D0 cpp_common_os:CC6B000+19E5C cpp_fnf_svr_lib:FDCB000+209D4 cpp_fnf_svr_lib:FDCB000+2A29C cpp_fnf_svr_lib:FDCB000+167CC cpp_fnf_svr_lib:FDCB000+1B3F4 cpp_fnf_svr_lib:FDCB000+19C64 cpp_common_os:CC6B000+11644 cpp_common_os:CC6B000+11C7C evlib:C98A000+E16C evlib:C98A000+10554 cpp_common_os:CC6B000+133EC :
Sep 13 00:50:23.064: %CPPDRV-3-LOCKDOWN: F0: cpp_ha: CPP10(0) CPP Driver LOCKDOWN due to fatal error.
Sep 13 00:50:23.143: %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error -Traceback= 1#d64be460d611c48bfcaa0aaccc425965 errmsg:C58A000+2230 cpp_common_os:90E8000+C6D0 cpp_common_os:90E8000+C4D0 cpp_client_ha:96C0000+4DE4 cpp_client_ha_mib:838E000+2908 cpp_common_os:90E8000+11644 cpp_common_os:90E8000+11C7C evlib:9BF7000+E16C evlib:9BF7000+10554 :10000000+42E6F8 c:7226000+1E938 c:7226000+1EAE0
Sep 13 00:50:23.967: %EVENTLIB-3-CPUHOG: F0: cpp_cp: undefined: 1467ms, Traceback=1#74fded098ef464b6f57a79773f56a094 binos:C85B000+D9D8 :100000+344 c:996F000+562A8 c:996F000+562A8 btrace:C893000+6FAC btrace:C893000+5B24 btrace:C893000+5D18 infra:A151000+95AC infra:A151000+9748 cpp_common_os:CC6B000+10D40 cpp_common_os:CC6B000+10484
Sep 13 00:50:24.014: %CPPCDM-3-ERROR_NOTIFY: F0: cpp_cdm: QFP 0 thread 158 encountered an error -Traceback= 1#ecad428d7a76a0c2d30601e2384ed030 8029927F 80291440 802988F4 80299090 802993F4 8029A029 8029AB88 8029B7A0 802A7451 802A00BD 8079020B 8201E701 80674280 8067428A 80020064 80020055 80000000
Sep 13 00:50:24.290: %IOSXE-3-PLATFORM: F0: cpp_cdm: CPP crashed, core file /tmp/corelink/Sibline_BRAS_ESP_0_cpp-mcplo-ucode_091314005024.core.gz
Sep 13 00:50:25.342: %CPPDRV-3-LOCKDOWN: F0: fman_fp_image: CPP10(0) CPP Driver LOCKDOWN due to fatal error.
they use IOS: bootflash:/asr1000rp1-adventerprisek9.03.11.00.S.154-1.S-std.bin
but they try to use older IOS and gets same errors.
Aug 5 13:00:48.770: %IDMGR-3-INVALID_ID: bad id in id_to_ptr (id: 0xB0D0B0D)
-Traceback= 1#b75fa949d5bbbf210afd90208a9e8534 :10000000+EA0DEC :10000000+EA1198 :10000000+ECB68C :10000000+280D7DC :10000000+282A858 :10000000+3944F90 :10000000+395019C :10000000+2819F38 :10000000+5FC0BB0 :10000000+5FC0F78
Aug 18 07:39:43.714: %CPPHA-3-CDMDONE: F0: cpp_ha: CPP 0 microcode crashdump creation completed.
Aug 18 07:39:43.718: %IOSXE-6-PLATFORM: F0: cpp_cdm: Shutting down CPP MDM while client(s) still connected
Aug 18 07:39:43.725: %IOSXE-6-PLATFORM: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected
Aug 18 07:39:43.729: %IOSXE-6-PLATFORM: F0: cpp_ha: Shutting down CPP CDM while client(s) still connected
Aug 18 07:39:44.195: %PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_cdm_svr has been helddown (rc 69)
Aug 18 07:39:44.220: %PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)
Aug 18 07:39:44.688: %PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process fman_fp_image has been helddown (rc 134)
Aug 18 07:41:09.867: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
Aug 18 07:41:45.571: %CPPHA-7-START: F0: cpp_ha: CPP 0 preparing image /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/qfp-ucode-esp10
Aug 18 07:41:47.203: %CPPHA-7-START: F0: cpp_ha: CPP 0 startup init image /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/qfp-ucode-esp10
Aug 18 07:41:53.155: %CPPHA-7-START: F0: cpp_ha: CPP 0 running init image /tmp/sw/fp/0/0/fp/mount/usr/cpp/bin/qfp-ucode-esp10
Aug 18 07:41:53.450: %CPPHA-7-READY: F0: cpp_ha: CPP 0 loading and initialization complete
Aug 18 07:41:54.982: %IOSXE-6-PLATFORM: F0: cpp_cp: Process CPP_PFILTER_EA_EVENT__API_CALL__REGISTER
What we can determine type of this errors - hardwre/software?
Thanks!
PS:
Alsow I visualy check memory module on the ESP-10 - it based on Micron chips manufactured in 2008 years - it can be bad.
Please help me.Thanks!
But they do not have SmartNet.
But I can replace memory module on ESP.
Now, on ESPN, installed module based on Micron IC's - 2008 Year.
I know it is chips may be bad (I frequently replace Micron IC's on Catalyst 2960 and 3750).
I attached new tech-info - I always see %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8 -
What is the Max Nat Session supported on ASR 1002 with ASR1002-5G/K9
Hello,
I am going for ASR 1002 With ASR1002-5G/K9 ESP, Can any 1 help me to know how many NAT translation is possible.
As I got the Datasheet for ASR1000 it say’s 1M translation is Supported by ESP10 but it’s not giving any information regarding ESP5.
Thanks in advanceFirewall or NAT: 250,000 sessions and 50,000 sessions-per-sec setup rate
This is from the datasheet. Pls check.
Table 3. Cisco ASR 1000 Series 5-Gbps ESP Module Performance and Scaling
Regards
Durga Prasad - Datasoft Comnet
Pls rate helpful posts
Sent from Cisco Technical Support Android App -
ASR 1001 L2TP sessions // License issue?
Hello,
This is my first post, in the fisrt place, sorry for my english, is not my native language.
I have purchased a refurbished ASR 1001 without any license for using as LNS:
Cisco IOS XE Software, Version 03.12.00.S - Standard Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
asr1001-universalk9.03.12.00.S.154-2.S-std.bin
The scenario is this:
LAC (from network provider) send L2TP packet sessions-> LNS (ASR 1001, assign public IP to user and close the L2TP session).
The configuration of ASR is the typical for xDSL connections.
1) The LAC send requests to LNS Loopback interface:
interface Loopbacktest1
ip address 5.6.7.8 255.255.255.255
snmp ifindex persist
2) LNS assign the loopback interface to vpdn group, that points to virtual-template:
vpdn-group VpdnG1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname Provider01
dsl-line-info-forwarding
source-ip 5.6.7.8
lcp renegotiation always
l2tp tunnel password 7 XXXXXXXX
interface Virtual-Template1
description Int-Vi1 VpdnG1
mtu 1501
ip unnumbered GigabitEthernetX/X/X
ip mtu 1460
ip tcp adjust-mss 1400
no peer default ip address
ppp max-terminate 255
ppp max-configure 255
ppp max-failure 255
ppp max-bad-auth 10
ppp authentication pap chap ppp_authent2
ppp multilink
Since here, all is OK, but the problem is that the ASR cannot reach connected users and evidently the user doesn't have internet connectivity because he cannot reach the gateway IP (ASR IP).
Interface User Mode Idle Peer Address
Vi1.1 test1 PPPoVPDN - 1.2.3.4
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
1589 3324 Provider01 est 5.6.7.8 1 VpdnG1
ASR1001#ping 1.2.3.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.2.3.4, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASR1001 in not forwardinf the traffic to end users
Exactly the same configuration works fine in 7201 cisco router.
After read some information in internet and cisco web and test several IOS images and configurations I have activated 2 of 3 (marked in bold down) possible licenses that are available to test in the router (these are available during 60 days).
SLASR1-IPB
Cisco ASR 1000 IP BASE License
SLASR1-AIS
Cisco ASR 1000 Advanced IP Services License
SLASR1-AES
Cisco ASR 1000 Advanced Enterprise Services License
***Result-> After apply Advanced IP Service or Advanced Enterprise license the ASR works perfectly, forwarding the traffic to the end users. The router can reach gateway and have internet connection.
I would like to try IP BASE License but there is no possibility to activate the test period in the router, I don't know if you knows any way to test it. This is the details that router shows about this 3 license types:
Index 1 Feature: adventerprise
Period left: 8 weeks 1 day
Period Used: 2 days 12 hours
License Type: EvalRightToUse
License State: Active, In Use
License Count: Non-Counted
License Priority: Low
Index 2 Feature: advipservices
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: ipbase
-->There is no more info about IP base license<---
If I use the command "license boot level" I can apply the IP base license, but after reload the router, nothing happens.
ASR1001(config)#license boot level ?
adventerprise Advanced Enterprise License Level
advipservices Advanced IP Services License Level
ipbase IP Base License Level
Then my answers are:
1) Is 100% necessary to have a license in ASR1001 to use the router as LNS as showed? Apparently after my tests I will answer "yes", but I'm not sure if my configuration is the only one that I can configure. Maybe exist another way to config the required scenario and avoid the purchase license.
2) Do you know if IP Base license will active the forwarding packet function in the ASR? I think yes, but before buy this license I need to be sure. As you know Ip Base is the most cheap license.
Thanks in advantage!
RegardsHello,
Documentation states that licensing on the ASR 1000 are now honor-based since 3.7s. I didn't test it though.
Basically, your license marked now as "EvalRTU" will be moved to an "RTU" license, indicating you would need to buy a license to keep your honor intact, but no disruption in features or connectivity will happen.
Since your test was more than 60 days ago, can you confirm this behavior with 3.12 ?
Thanks,
Kind regards,
Sources:
- All Cisco ASR 1000 feature and performance upgrade licenses are honor-based; that is, they are not enforced through a PAK (Product Activation Key). Note: Prior to Cisco IOS XE Software Release 3.7S, performance upgrade licenses that are required to upgrade the Cisco ASR 1001 from 2.5 to 5 Gbps or the Cisco ASR 1002-X from 5 to 10 to 20 to 36 Gbps are enforced through a PAK. Similarly, prior to Cisco IOS XE Software Release 3.6S, technology package licenses are enforced through a PAK. [1]
- When the 60-Day Evaluation Period expires, the license automatically changes to an RTU license. As with all other RTU licenses, there is no functionality disruption or accessibility concerns following this transition. [2]
[1] http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/guide-c07-731639.html
[2] http://www.cisco.com/c/en/us/td/docs/routers/asr1000/install/guide/1001-x/asr1hig/asr1lic.html -
ASR 1001 Router enquiry on fiber handoff
Cisco ASR 1001 Router would support fiber hand-off of the link. Below is the Specifications of the Router - we received from vendor:
Description
Quantity
Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/S
1
Cisco 5-Port Gigabit Ethernet Shared Port Adapter
1
1000BASE-LX/LH SFP transceiver module, MMF/SMF, 1310nm, DOM
2
Cisco ASR1001 AC Power Supply
2
Power Cord India, Right Angle
2
Cisco ASR 1001 IOS XE UNIVERSAL - NO ENCRYPTION
1
Cisco ASR 1000 IP BASE License
1
SPA for ASR1000; No Physical Part; For Tracking Only
1
Cisco ASR1001 4GB DRAM
1
PRTNR SS 8X5XNBD Cisco ASR1001 System,Crypto
1
PRTNR SS 8X5XNBD Cisco ASR 1000 IP BASE License
1
PRTNR SS 8X5XNBD 5-Pt Gigabit Enet Shared Pt Adptr
1
Datacenter feature: There will be fiber connections already installed at the DMZ site from the meet me telco room to the partner racks. Therefore, your service provider must understand that they will do a circuit handoff to fiber and order the routers, interface cards, connectors, etc. to support fiber circuit extension.You can use standard Ethernet copper or Fiber, providing that you have the correct SFP/GBICs.
As long as you have the correct SFP's you need for the ASR - All should be good.
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/ASRintro.html#wp1235447
http://www.cisco.com/en/US/prod/collateral/modules/ps5455/ps6577/product_data_sheet0900aecd8033f885.html
hth
Maybe you are looking for
-
Fehlerhaftes Creative Cloud Abonnement und Probleme mit dem Support von Adobe
Liebe Adobe Gemeinschaft. Vor ca. einem Jahr bin ich in die Adobe Creative Cloud eingestiegen obschon ich etwas dagegen war. Meine Kreditkarten Informationen einfach so bekannt zu geben. Alles lief ohne Probleme ein halbes Jahr lang bis wir die Kredi
-
Database link to SQL Server Init error
Hi all, i´m tryng to create a dblink between Oracle 10.2.0 in a RHEL4 and a SQL Server. I can connect using isql but when i try using sqlplus i obtain this error: SQL> CREATE DATABASE LINK dbl CONNECT TO "user" IDENTIFIED BY "pwd" USING 'hsodbc'; 2 3
-
Hi I have had problems with Apple's white keyboard. I believe it's still the latest one. Every 3-4 months of normal usage of my keyboard, the keys start sticking and I find it very hard to type. I have brought the keyboard back, and now this is my FO
-
Very basic compiling question: multiple c files
Hi, I've been playing with alchemy for a few days, and hit a road block. I'm sure there is an easy answer, but I can't find it... I have a .c file "alchemy_project.c" that lets me call 3 functions from actionscript. I have the basic main() function t
-
How should a SSD cache be partitioned upon installation?
I know there are various wiki pages for creating a bcache, but none of them seem to go into detail about how they should initially be partitioned. In my case, lsblk shows an sda partition (1 and 2) which is my live USB stick, a sdb partition which is