ASR9000 and SVI

Hi,
I was wondering if i can create SVI on ASR9000 ?
We have a metro deployment with L2 rings using REP and ME3400.
We are also considering of buying 2 ASR9000 routers.
For example we want to have a daisy chain of ME3400 interconnected via L2 trunk ports and have this daisy chain connected from one end to one of the ASR9000 and from the second end to the other. The ASRs would be interconnected with 10G dark fiber.
Since the chain is L2 we probably need to run REP over the ASRs to create a ring. Now the question is can ASR have SVI in those vlans ?

Hi Alex
Apologize that my question didn't relate to this topic but I can't reply into "ASR9000/XR: Monitoring CPU and memory" topic. I got error as below on all linecard.
LC/0/4/CPU0:Nov 8 19:00:02.119 GMT_TH: fib_mgr[163]: %PLATFORM-PLAT_FIB-6-INFO : PD FIB object LEAF OOR state changed to YELLOW
LC/0/4/CPU0:Nov 8 19:00:02.120 GMT_TH: fib_mgr[163]: %ROUTING-FIB-4-RSRC_LOW : CEF running low on DATA_TYPE_TABLE_SET resource memory. CEF will nowbegin resource constrained forwarding. Only route deletes will behandled in this state, which may result in mismatch between RIB/CEF.Traffic loss on certain prefixes can be expected. The CEF willautomatically resume normal operation, once the resource utilizationreturns to normal level
LC/0/2/CPU0:Nov 8 19:01:05.906 GMT_TH: fib_mgr[163]: %PLATFORM-PLAT_FIB-6-INFO : PD FIB object LEAF OOR state changed to GREEN
LC/0/2/CPU0:Nov 8 19:01:05.906 GMT_TH: fib_mgr[163]: %ROUTING-FIB-6-RSRC_OK : CEF resource state has returned to normal. CEF hasexited resource constrained operation and normal forwarding has beenrestored
From this error I have problem about some bgp route can't install into routing table which same as "adding route fail" section from troubleshooting guide. From that guide it has workaround by delete some existing route so my question is which prefix should I delete? I tried to delete some route already but it also happen again so what's should I do next?
Thank you
Pichet

Similar Messages

L2VPN between ASR9000 and ME3800x

Hi,
I'm trying to set up a L2VPN(Vlan Mode) between a trunk port on an ASR9000, and an ME3800x.
The ASR is set up with an EFP:
interface GigabitEthernet0/0/0/19.912 l2transport
encapsulation dot1q 912
rewrite ingress tag pop 1 symmetric
mtu 1618
l2vpn
pw-class VlanMode
encapsulation mpls
transport-mode vlan
xconnect group orkide
    p2p OrkideSurnadal
    interface GigabitEthernet0/0/0/19.912
    neighbor xxx.xxx.xxx.75 pw-id 912
     pw-class VlanMode
On the other side I have terminated the xconnect on an ME3800x:
interface Vlan912
   mtu 1600
   no ip address
   xconnect xxx.xxx.xxx.82 912 encapsulation mpls
end
The VC is UP:
Local intf     Local circuit              Dest address    VC ID      Status
Vl912          Eth VLAN 912               xxx.xxx.xxx.82    912        UP
Is this the correct way to to do this?
I can't get this to work like it should. If I should do this with switches, I would just configure a vlan from end-to-end.
Thanks in advance,
Jan Ove Greger

Hi,
I'm sorry for the confusion, but there is an MPLS network between them.
I tried using VC5/Ethernet mode, and the xconnect is UP again:
Group orkide, XC OrkideSurnadal, state is up; Interworking none
AC: GigabitEthernet0/0/0/19.912, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [912, 912]
MTU 1600; XC ID 0x40011; interworking none
Statistics:
packets: received 134, sent 12
bytes: received 9112, sent 816
drops: illegal VLAN 0, illegal length 0
PW: neighbor 85.93.224.75, PW ID 912, state is up ( established )
PW class not set, XC ID 0x40011
Encapsulation MPLS, protocol LDP
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS         Local                          Remote
Label        16003                          20
Group ID     0x5c0                          0x0
Interface    GigabitEthernet0/0/0/19.912    unknown
MTU          1600                           1600
Control word disabled                       disabled
PW type      Ethernet                       Ethernet
VCCV CV type 0x2                            0x2
(LSP ping verification)        (LSP ping verification)
VCCV CC type 0x6                            0x2
(router alert label)           (router alert label)
(TTL expiry)
MIB cpwVcIndex: 0
Create time: 30/01/2012 19:52:07 (00:04:34 ago)
Last time status changed: 30/01/2012 19:52:07 (00:04:34 ago)
Statistics:
packets: received 12, sent 134
bytes: received 816, sent 9112
But still no connection or mac-adresses on vlan 912 on the trunk of the ME3800x.
For testing we have setup a network 10.33.33.1/24 on vlan 912 of the AC on the ASR. On the trunk port of the ME3800x we have a 3560 where we also have configured 10.33.33.10/24 on vlan 912.
So they should be able to see each other, but they don't...
Regards,
JoG

Catalyst 4500-X, VSS, and SVI

Hello, everybody!
I have a proyect to implement the feature VSS, with two catalyst 4500-X, it will be the layer Core/Distribution.
So, I want integrate in the catalyst 4500X, Inter vlan routing (SVI) and vtp domain, in the layer access, we´ll have SW 3750-X with PoE.
Is possible configure SVI in my catalyst 4500-X. to separate traffic across VLANs. and the routing will be in the 4500X too. ???
My customer does not have sufficient space to mount the serie 4500E in the Rack, so he prefer the 4500-X.
Help me!
Thanks!
Regards

Hi,
Is possible configure SVI in my catalyst 4500-X. to separate traffic across VLANs. and the routing will be in the 4500X too. ???
Yes, there is no different between a VSS pair and non-VSS when it comes to SVI and inter-vlan routing. It works the same way as if the 4500-X ware separate.
HTH

Network management security - Switches and SVIs

Hello all.
I have created a management vlan on my 4506. There are also other SVIs for other VLANs. I understand configuring access-lists for the management vlan as well as for all vty lines limiting to an IT VLAN for example. How can I remove telnet or SSH access from the other SVIs?
I have found documentation on best practices for the management vlan but can't find anything on disabling telnet and ssh from the other vlan interfaces.
I imagine an access list just blocking the ports? What would you suggest?
Thanks in advance.

Hello all.
I
have created a management vlan on my 4506. There are also other SVIs
for other VLANs. I understand configuring access-lists for the
management vlan as well as for all vty lines limiting to an IT VLAN for
example. How can I remove telnet or SSH access from the other SVIs?
I
have found documentation on best practices for the management vlan but
can't find anything on disabling telnet and ssh from the other vlan
interfaces.
I imagine an access list just blocking the ports? What would you suggest?
Thanks in advance.
Hi,
If you have decided the source ip from where the telnet or ssh is allowed you can use access class configuration with acl applied on line vty which will only permit the particular host to telnet or ssh into device.
Following is the example for access class hope to help !!
The following example defines an access list that permits only hosts on network 192.89.55.0 to connect to the virtual terminal ports on the router:
access-list 12 permit 192.89.55.0 0.0.0.255
line 1 5
access-class 12 in
Hope to Help !!
Ganesh.H
Remember to rate the helpful post

Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)

Hello,
I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
well as the Wireless solution.
At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
between the two switches and their integrated controller.
Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
state of their connections to the WLAN infrastructure.
To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
subnets need to be assigned to the SSIDs.
As such, I have the following questions:
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
the solution as per the next question. Please advise which is a better option?
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
Regards,
Amir

Hi Amir,
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
MO is not required (it is only for very large scale deployments)
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Yes, documents are hard to find :(
These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
http://mrncciew.com/2014/05/06/configuring-new-mobility/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
*** Pls rate all useful responses ****

QoS Packets not matching on 6500 with SUP720-10GE and SU2T

Hi,
I do not see packets matching in policy.
output below:
Switch#sh policy-map interface vlan 2232
Vlan2232
Service-policy input: HARDPHONE-VVLAN
Class-map: VOICETRAFFIC (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICETRAFFIC
Class-map: VOICESIGNALING (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICESIGNALING
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
I also not find packets matching ACL:
switch#sh access-lists
Extended IP access list VIDEOTRAFFIC
10 permit udp any any range 16384 32767
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 range 16384 32767
I checked policies, they looks applied correctly.
On SUP-720-10GE, I modified ACL to 'permit udp any any' but not found any matching packets. There are plenty of IP phones connected directly to this switch belongs to voice VLAN. I applied VLAN based QoS under voice VLAN and other VLANs too.
I observed different thing on SUP 2T. I saw packets matching ACL statement 'permit udp any any' but when I took off this line, ACL was not showing packets matching.
OUTPUT of IP phones connected to switch:
switch#sh cdp neighbors | in SEP
SEP0008308A5D7B Gig 13/38 143 H P M IP Phone Port 1
SEP0008308A5DE0 Gig 10/1 121 H P M IP Phone Port 1
SEP0023049C6348 Gig 3/42 152 H P M IP Phone Port 1
SEP0021A02D64D4 Gig 9/28 120 H P M IP Phone Port 1
SEP1C6A7AE0588E Gig 3/9 127 H P M IP Phone Port 1
SEP00229059969E Gig 12/48 166 H P M IP Phone Port 1
SEP0008308AF26F Gig 2/7 161 H P M IP Phone Port 1
SEP00235EB7BE0E Gig 4/2 154 H P M IP Phone Port 1
SEP00229059BE5A Gig 6/37 158 H P M IP Phone Port 1
SEP1CAA07115CF3 Gig 12/29 148 H P M IP Phone Port 1
SEP00235EB7884F Gig 9/3 156 H P M IP Phone Port 1
SEP0008308B03FB Gig 2/30 178 H P M IP Phone Port 1
SEP006440B42CD3 Gig 3/45 132 H P M IP Phone Port 1
SEP0022905991C9 Gig 11/4 145 H P M IP Phone Port 1
SEP0008308A5E6C Gig 6/36 124 H P M IP Phone Port 1
SEP006440B427CA Gig 13/31 170 H P M IP Phone Port 1
SEP006440B425FF Gig 3/19 168 H P M IP Phone Port 1
SEP0008308A7AD7 Gig 2/3 159 H P M IP Phone Port 1
SEP0008308A3EB2 Gig 10/4 132 H P M IP Phone Port 1
SEP002414B45A0E Gig 10/28 170 H P M IP Phone Port 1
SEP04C5A4B19C8B Gig 2/15 162 H P M IP Phone Port 1
SEP006440B43DE6 Gig 9/48 162 H P M IP Phone Port 1
SEP006440B42B0D Gig 9/23 179 H P M IP Phone Port 1
Could anyone please help, how to make sure that packets are hitting correct ACL and policy on 6500 with SUP720-10GE and SUP2T.
Thanks,
Pruthvi

Please note that 6500 is used as L2 switch only and SVI are used for applying policies only.
Configuration below:
class-map match-all VOICESIGNALING
match access-group name VOICESIGNALING
class-map match-all VOICETRAFFIC
match access-group name VOICETRAFFIC
class-map match-all VIDEOTRAFFIC
match access-group name VIDEOTRAFFIC
policy-map HARDPHONE-VVLAN
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class class-default
police flow mask src-only 32000 8000 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STUDENT-DVLAN
class class-default
police flow mask src-only 25000000 1562500 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STAFF-DVLAN
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VIDEOTRAFFIC
police flow mask src-only 2000000 150000 conform-action set-dscp-transmit ef exceed-action drop
class class-default
police flow mask src-only 50000000 1000000 conform-action set-dscp-transmit ef exceed-action drop
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VOICETRAFFIC
permit udp any any dscp ef
permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
permit udp any any range 16384 32767 dscp ef
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VIDEOTRAFFIC
permit udp any any range 16384 32767 dscp ef
interface Vlan104
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan105
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan573
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan604
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan654
description PolicyOnlyInt
no ip address
service-policy input STUDENT-DVLAN
interface Vlan674
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan807
ip address 172.18.128.5 255.255.255.0
interface Vlan860
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan2016
description PolicyOnlyInt
no ip address
service-policy input HARDPHONE-VVLAN
interface Vlan3124
description PolicyOnlyInt
no ip address
shutdown
service-policy input HARDPHONE-VVLAN
switch#sh access-lists
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef <----- not showing any match
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 <----not shwoing any match
12 permit udp any any range 16384 32767 dscp ef<----not shwoing any match
If I user "permit udp any any ", acl is showing match.
switch#sh access-lists
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
12 permit udp any any range 16384 32767 dscp ef
13 permit udp any any (527055 matches)

Troubleshooting with IOS BGP and IOS XR BGP - routing table Empty

Hi
actually we tried to make a neigborhood between ASR9000 and Cisco 7600, we have the neigborhood active but on routing tables from ASR only have the networks locals or connected doesn´t learn anything from BGP 7600
the diagram is this:
When try to know the routes on ASR9000 from Cisco 7609 happen the follow
the neighbor is UP from Cisco 7600 and ASR 9000 but the routing table is empty.
the config on cisco 7600 is:
router bgp 2006
neighbor 172.16.14.6 remote-as 64512
address-family ipv4
neighbor 172.16.14.6 activate
the config on cisco ASR9000 is:
router bgp 64512
bgp router-id 172.16.161.1
address-family ipv4 unicast
neighbor 172.16.14.5
remote-as 2006
address-family ipv4 unicast
Help us
Best Regards

Another important one is the fact that in XR you need to have RPL policies (even if they only have a "pass-all" functionality) to accept inbound/outbound routes in eBGP.
Check the article on the asr9000 unequal cost multipath that has some sample BGP outputs and show command verifications that may help also.
If not the case, get us the XR config from the A9K side.
Also what does the bgp table on teh IOS side look like? as Richard suggests, there doesnt seem to be anything injected by the 7600 itself.
regards
xander
Xander Thuijs
Principal Engineer CCIE#6775, ASR9000

ASR9000 Architecture

Hi,
i have the following questions regarding ASR9000 family architecture:
1- as per Cisco documentation and presentations, ASR9922 has 1.2Tbps peer slot (bidirectional), meaning that the full chassis has 48Tbps. so how can this capacity acheived if each line card is connected to each fabric line with 110Gbps links, so each line card has 770Gbps to the fabric, so the total device capacity should be 770Gbps * 20 = 15.4 Tbps (bidirectional)
2- As per Cisco presentations, ASR9000 and ASR9900 AC power supplies configuration is N+N and DC power supply is N+1, does that mean that the chassis can only tolerate one DC power supply failure and half of the AC power supplies??
3- how can the ASR9904 chassis achieve 770Gbps/per slot, where the RSP440 used and the 2n generation line cards used are the same used on ASR9010 and ASR9006 which can only provide 440Gbps/slot, does that mean that the limitation is on the chassis of ASR9010 and ASR9006, and the RSP440 and 2nd generation line cards can support 770Gbps/slot?
4- as per cisco presentation, it says that the multicast traffic is passing through a different plane other than the unicast traffic, does that mean that the multicast traffic is passing through other fabric chips (sacramento) which are on the RSP 440?
5- for multicast traffic on ASR9K series, what is the difference between MGID on line cards and FGID on the fabric?

Hello,
1.
I recommend taking a look at this document
http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/117718-technote-asr9000-00.html
The 1.2Tbps is the chassis limit, as newer LCs and FCs come out we will be able to utilize more of the potential bandwidth.
2.
For power supplies you need N power modules to power all the HW in a particular router.
What if a single power supply fails? In order to prevent the system from shutting down a card due to lack of power its recommended to implement N+1 power supplies
What if your A or B feed fails?
For DC you have two power connectors to each power supply so you can connect both feeds, so if feed A goes out feed B can handle the load and therefore N+1 is okay for DC.
For AC you can only use a single feed, therefore is feed A goes all power supplies connected to feed A will no longer work. So for feed-level protection you need N+N protection.
3.
Correct, the 9904 has an enhanced backplane and a higher theoretical limit than the 9010 or 9006 which have been out for considerably longer.
4.
I am not sure where the term plane comes in effect here, can you share a link to the presentation that shows this? Unicast and multicast packets all go through the same ASICs but we have different queues for these traffic types.
5.
The MGID and FGID you should never need to worry about, these are calculated automatically.
HTH,
Sam

ASR9000 negotiating with ME3800X

Hi,
I'm frantically trying to get a connection between an ASR9000 and ME3800X with no joy. The ME3800X port is one of the SFP+ ports which can accept ordinary SFPs and in which I have a 1000BaseLX SFP. The ASR9000 also has a 1000BaseLX SFP in it. If I move the connection to an ordinary SFP port on the ME3800X then the link comes up.
Is there anything missing here or is it a known bug etc?
Thanks

AA2015 wrote:
Today I spoke with an representative and supervisor with Capital One Bank. I wanted to know, if I settle an debt with them would they be willing to remove all negative information such as account and trade line from Experian, Equifax, TransUnion, and any other credit reporting agency. Both, the representative and supervisor said, " Capital One does not participate in early removal." Is this information true? Any advice?Of course they do early removal but they're not going to tell you that, here's one of many, many examples, just search the forum: http://ficoforums.myfico.com/t5/Rebuilding-Your-Credit/WOW-Capital-One-Removing-Charge-Off/td-p/3381953 Send letter's/emails to the CEO offering a PFD, if that does not work then pay it then start a GW Removal campaign. http://bit.ly/1g0P1zO

Transitioning from a 4507 to a 7009 - Recommendations and New Issue

Any input you can provide is greatly appreciated! I am new to this position/employer and want to do the best job possible on this high visibility project.
I am responsible for transitioning our network devices from a 4507 to a 7009, while cleaning up, documenting, and designing our infrastructure.
These devices are trunked together using 2 ports as an etherchannel.
The 4507 has all our access devices (collapsed core design) attached to it, as well as the WLC, VG's, Cube, and our edge devices.
The 7009 has all our servers and SAN connections.
Luckily we have enough spare fiber connections and hardware that I can install newly updated and configured access devices and transition the access connections in an orderly manner while re-cabling/cleaning up the data closets.
This is a lot of fun!
Problem:
I finally came across an issue after moving approximately 60 connections consisting of PC's, printers, copiers, and Cisco IP Phones.
All of the PC's, phones, and printers were on separate VLAN's and I just recreated the VLAN and an SVI on the 7009 to facilitate connectivity.
All of the phones, PC's and printers are working well.
I noticed that whomever set up the copiers did not associate them with a unique VLAN, like all our other devices, and they are connected via VLAN1 to the 4507.
All the copiers are in the same subnet, 13 devices in total.
On the 4507 there is a Static route for this subnet, directly connected via VLAN1.
I connected a copier to the 7009 and attempted to configure a static route similar to what was done on the 4507.
I received the following error: "*Next-hop cannot be local address in same or different vrf"
None of the info I found regarding this error helped illuminate (in my head) a path to fixing the problem. So I decided to go with what I know that works.
Possible Fix:
My plan is to create a new VLAN and SVI's on both devices that are associated with the current subnet in place. Then I will have to create the VLAN on each access device and assign it to the copiers access ports. This work can only be done after hours and/or on a weekend and my gut tells me there may be a better way.
Does anyone have a suggestion for fixing this specific issue with the copiers?
Does anyone have any suggestions in general regarding this entire transitioning project?
Thanks for your time and take care.
Rich

Not sure why you would even need a static route . A printer is no different than any other device , just put it in the required vlan defined with the current addressing scheme if you are keeping it as is currently . If you don't want to use vlan 1 choose a different one such as vlan 100 say and create the SVI using the current address scheme on vlan 1 .

ASR9000 100G-SR with ONS-15454 100G-LC-C - problem with local SR connection

Hi
I need help with 100G IPoDWDM with ASR9000 ( DWDM bundle )
We have simple setup
ASR9000 -----100G-SR------ONS15454-------DirectFiber with attenuation ( using 1560,20 ) ------- ONS15454-----100G-SR------- ASR9000.
This is lab setup but in the future with will work as alien lambda (1560,20 ) for customer MUX/DEMUX.
But now we have just direct fiber patchcords with attenution in the LAB.
I have problem with 100G-SR optics with MPO cable - links between ASR9000s and ONS15454s never up.
Loop connection ( just for test ) with MPO cable between two asr9000 100G interface working well – link is up.(I can ping)
I can’t make link UP in any way with ONS15454 100G transponder card ( with 100G SR optics ) connected to asr9000 100G port.
DWDM side optics works well I see TX/RX power and other statistic – all are green.
I am sending and receving OTN string so this hopefuly working well.
I provisioned "Provisionable Patchcord" between both ONS15454 chassis and both 100G cards trunk port ( is green in CTC )
I made Circuit OTHCC between 100G cards 100G Ethernet client port on both side.
Still I don't see any RX/TX power on 100G side ( on any LANE in SR Optics )
Please share you experience with running up such configuration ?
Anybody had problem with 100-SR Optics ?
Any tricky part in this configuration ?
FYI
To rull out the faulty part I have made
- changed MPO cables
- changed SR optics in ONS and also CFP in asr9000 ( I have few such boxes )
- changed 100G cards and also diferrent ports on asr9000
- changed ONS chasiss and also ONS 100G Transpoder card

Hi,
- Try create OCHCC not 100G, try use OTU4 may be it will helpful. And what is the status of ASR 9k port in CTC( I mean in CTC network view and choose Show Router Port Status > rack/slot/module/port.)
- Are circuit up inside DWDM network? Try to make photonic test in Properties of OCH-Trail. May be you didn't Lanch ANS or problem inside network.
- Also Try generate traffic! not ping.

Is it better to use router port versus vlan member port?

Hi CSC,
This is more of a philosophical or "best practices" question.
I have a Cisco 3550 at the home office. Connected to the 3550 is a number of branch offices by way of T1 circuits or VDSL modems. They all come to the home office, where we have a central internet connection and server farm for our entire organization.
Except for one special case branch office, we don't forsee the need for appearances of the home office vlan at the branch office sites. In that case, we bring it into a trunk port at the home office, and at the special case branch office we have a dell 3024 switch and tag some ports as vlan 18 (the home office) or vlan 27 (the special case branch office).
We also do not forsee a need for the vlan from one branch office to appear at another branch office.
They are all (except for the special case mentioned above) currently configured something like this:
interface FastEthernet0/1
description home office
switchport access vlan 18
switchport mode access
interface FastEthernet0/2
description t1 to branch office 1
switchport access vlan 19
switchport mode access
interface Vlan18
description subnet for home office
ip address 192.168.18.1 255.255.255.0
interface Vlan19
description subnet for branch office 1
ip address 192.168.19.1 255.255.255.0
Is it better, in terms of reduced network complexity or performance on my 3550, to do something like this instead?
That is, to make the interfaces router ports as opposed to vlan member ports?
Of course, if we ever DID need to have appearances of the home office vlan at branch office sites, or appearances of one branch office's vlan at another branch office, we would lose that flexibility.
interface FastEthernet0/1
description home office
switchport access vlan 18
switchport mode access
interface FastEthernet0/2
description t1 to branch office 1
ip address 192.168.19.1 255.255.255.0
interface Vlan18
description subnet for home office
ip address 192.168.18.1 255.255.255.0
no vlan 19

Hello,
In my opinion there is no 100% right answer here. I think it depends also about network forecast. I'll try to add here some thoughts:
- if you use trunk interfaces from home to branch and SVI for L3 connection, in terms of scalability is much easier to expand (you have now only one p2p L3 link, but in future you'll need another one; if the port is a trunk one, you just configure another SVI interface, allow vlan on trunk and your good to go)
- trunk interfaces involve more configuration (L2 interface and SVI L3 interface)
- if you add in the home office another switch to existing one, and for some reason you have misconfiguration in STP / VTP, then you can run into problems like loops, vlan database modification (e.g. VTP server mode and the new added switch has a higher revision number than existing one)
- L3 physical interfaces are easier to configure and less complex, but in case you want to scale to additional p2p link will be harder
- L3 configuration is easier to troubleshoot as you avoid the L2 complexity
- in terms of packet exchange a L3 interface will exchange less packets than a L2 trunk with SVI (I'm talking here about control traffic, not user traffic)
- with L2 trunk you can have other problems like if somebody is "smart enough" to add a new switch into the existing switch (if you have a switch there) at the branch location; imagine that the new switch due to misconfigurated STP became root bridge; you have a large STP domain.
As I said, there is no good or bad approach. You have to guide yourself about forecasts in your network. For example if you know that a branch location will not be extended in the next 2 years, then go ahead with L3 interface and that's it. On the other hands if you have doubts you can add for another location L2 trunk with SVI. You can mix this two solution to obtain the best results for your network characteristics.
Cheers,
Calin

VDC 1 - is this for admin vdc only?

Hi,
I would like to ask expert's opinion about this: We are implementing OTV at our N7K at the distribution layer. Documentations says that OTV and SVI routing cannot happen at the same time, so we allocated 1 vdc just for the OTV functionality. My question however is this: can we use vdc 1 as the OTV vdc, instead of allocating a new vdc (vdc4 for example), so as not to waste any vdcs. We have heard from our colleagues that vdc1 should only be used as admin vdc and not do the routing/switching stuff, so we always left vdc1 not a part of the production network, but serves only as administration vdc. We just like to know how true is this?
Many Thanks,
Sonny

Sonny-
Best practices is to use one VDC for Admin. Functionally speaking you can use it for routing traffic, so if you have to do it you can.
FYI - The new Supervisors now come with a "built-in" Admin VDC

In ASR901 can you tag MSTP BPDU's

I have an ASR901 ring, dual homed to 2 ME3800's with a management VPLS connection between the 3800's. Running MPLS on all interfaces of the ring. Would like to use a VRF for in-band management of the 901's. These devices will be located at customer premises. I am using SVI's for MPLS interfaces and SVI's for in-band Management interfaces on the ring. Untagged encaps for MPLS and Tagged (vlan 2) for Management. In the 3800's, I have a VPLS to bring the traffic back to the Management router. So basically, in-band management uses a Layer 2 vlan switching on the ring, with vlan interfaces attached to a VRF. Customer traffic uses MPLS cross-connects.
Problem is the need for MSTP so management can be dual homed to both 3800's and Layer 2 Protocol forwarding over the VPLS in order for STP to work properly.
This doesn't work because the management traffic is tagged VLAN 2 and the BPDU's are untagged, therefore they are getting dropped at the service instance ingress to the 3800's (encap dot1q 2). Is there a way to tag MTSP BPDU's to make this work? MSTP is the only STP option on the ASR901.
Or is there a way to add a management interface to an EFP cross-connect? Or some other way to dual home the in-band management while using a VRF for management? Note ASR901 doesn't support VPLS.

Thanks for the link but unfortunately it didn't help. Although I did follow the instructions on the link but without success, I noticed that the link spoke of the iPod nano (5th generation). I'm wondering if the tagging feature isn't available for the iphone 4s. I bet it is but something just isnt right.

Campus Network Question

In a Campus Network design where you have Core switch, Distribution switch and Access switch layers and SVI's acting as your gateways for different VLANs.
Since it is advised that Core Switches should be the root bridges, does that mean that the Core Switches should be the default gateways for your Vlans?
I thought that it was the job of the distribution layer for being the default gateways.
Anyone clarify?

hi friend,
It generally depends on your LAN design.
If you follow Cisco's 3 tier architecture, you should restrict your VLAN boundaries on the distribution switch and should be running a L3 link between the core and the distribution. This means the SVI's are created on the distribution switch which will act as gateways for your VLANs.
This helps in restricting the broadcasts from reaching the core.
If your LAN is actually a collapsed core, you end up configuring the SVIs on the distribution switch which also acts as your core.
HTH, rate if it does
Narayan

ASR9000 and SVI

Similar Messages

Maybe you are looking for