C7600 MVPN Issue
Hi guys,
I am witnessing a stange behaviour on one of my PEs, which seems to be breaking all conventional norms for multicast routing. Any inputs in diagnosing the root cause of this issue will be of great help. Let me give you some backgroud info first.
I have a MVPN implemented with PIM SSM in the global context and also within the VPN. The network diagram is attached with this thread. MVPN is working OK between PE1, PE2 and PE4, but not via PE3. All P/PEs use same hardware and software platforms – c7609-S with 12.2(33) SRC2. PE3 configuration is similar to other PEs.
Following discrepancies are observed on PE3:
1. The incoming interface in global context mroute table does not list links to P1 & P2.
PE3# sh ip mroute IP Multicast Routing Table
--output deleted for brevity ------
(10.172.100.9, 232.172.0.5), 3d08h/00:03:18, flags: sT
Incoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFD
Outgoing interface list:
TenGigabitEthernet7/6, Forward/Sparse, 07:41:15/00:03:18, H
TenGigabitEthernet6/6, Forward/Sparse, 3d08h/00:02:51, H
(10.172.100.10, 232.172.0.5), 3d08h/stopped, flags: sTIZ
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
MVRF V59:CCTV, Forward/Sparse, 3d08h/00:01:26
(10.172.100.4, 232.172.0.5), 3d08h/stopped, flags: sTIZ
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
MVRF V59:CCTV, Forward/Sparse, 3d08h/00:01:26
(10.172.100.3, 232.172.0.5), 3d08h/stopped, flags: sTIZ
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
MVRF V59:CCTV, Forward/Sparse, 3d08h/00:01:24
Even though route to the multicast source (PEs) exists in the global routing table
PE3#sh ip route 10.172.100.3
---output deleted for brevity ----
10.172.50.57, from 10.172.100.3, 07:44:54 ago, via TenGigabitEthernet7/6
Route metric is 21, traffic share count is 1
* 10.172.50.33, from 10.172.100.3, 07:44:54 ago, via TenGigabitEthernet6/6
Route metric is 21, traffic share count is 1
PE3#sh ip route 10.172.100.4
Routing entry for 10.172.100.4/32
Known via "ospf 1", distance 110, metric 21, type intra area
---output deleted for brevity ----
* 10.172.50.57, from 10.172.100.4, 07:44:56 ago, via TenGigabitEthernet7/6
Route metric is 21, traffic share count is 1
10.172.50.33, from 10.172.100.4, 07:44:56 ago, via TenGigabitEthernet6/6
Route metric is 21, traffic share count is 1
PE3#sh ip route 10.172.100.10
Routing entry for 10.172.100.10/32
Known via "ospf 1", distance 110, metric 21, type intra area
---output deleted for brevity ----
* 10.172.50.57, from 10.172.100.10, 07:44:58 ago, via TenGigabitEthernet7/6
Route metric is 21, traffic share count is 1
10.172.50.33, from 10.172.100.10, 07:44:58 ago, via TenGigabitEthernet6/6
Route metric is 21, traffic share count is 1
2. No PIM neighbour relations with other PEs over the MTI (Tunnel 3)
PE3#sh ip pim vrf V59:CCTV nei
---output deleted for brevity ----
Address Prio/Mode
10.163.0.130 Port-channel10.560 1w5d/00:01:36 v2 1 / DR
10.163.0.134 Port-channel12.561 1w5d/00:01:33 v2 1 / DR
10.163.0.10 Te8/1.112 2w5d/00:01:19 v2 1 / DR S P
3. Inspite of having no PIM neighbours on MTI, the VPN mroute table shows the MTI as the incoming interface, which is misleading.
woking-manpe01#sh ip mroute vrf V59:CCTV
---output deleted for brevity ----
Interface state: Interface, Next-Hop or VCD, State/Mode
(10.163.37.2, 232.2.2.2), 1w5d/00:03:09, flags: sT
Incoming interface: Tunnel3, RPF nbr 10.172.100.4, RPF-MFD
Outgoing interface list:
Port-channel12.561, Forward/Sparse, 22:58:39/00:03:09, H
Thanks
Hi Luc,
First of all thanks for your posting.
Yes lets focus on the Core multicast routing first.
The global multicast table pn PE3 is not listing its neighbor Ps as incoming interfaces, for the Core SSM. Even though the unicast routing for the sources (other PEs) point to the Ps as the next hop.
The mroute and unicast routing table is shown in the original posting. As can be seen in the mroute table SSM is enabled for the MDT group (default range) .Here are other details:
PE3#sh ip pim nei
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.172.50.57 TenGigabitEthernet7/6 5d05h/00:01:33 v2 1 / S P
10.172.50.33 TenGigabitEthernet6/6 5d05h/00:01:30 v2 1 / S P
! On the Egress router
PE3#sh ip bgp ipv4 mdt rd 65535:51056
BGP table version is 35, local router ID is 10.172.100.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65535:51056
* i10.172.100.4/32 10.172.100.4 0 100 0 ?
*>i 10.172.100.4 0 100 0 ?
PE3#
PE3#sh ip pim mdt bgp
MDT (Route Distinguisher + IPv4) Router ID Next Hop
MDT group 232.172.0.5
65535:51055:10.172.100.3 10.172.100.5 10.172.100.3
65535:51056:10.172.100.4 10.172.100.5 10.172.100.4
65535:51059:10.172.100.10 10.172.100.5 10.172.100.10
PE3#
!On the Ingress router
PE2#sh ip pim mdt bgp
MDT (Route Distinguisher + IPv4) Router ID Next Hop
MDT group 232.172.0.5
65535:51055:10.172.100.3 10.172.100.5 10.172.100.3
65535:51058:10.172.100.9 10.172.100.5 10.172.100.9
65535:51059:10.172.100.10 10.172.100.5 10.172.100.10
PE2#sh ip bgp ipv4 mdt rd 65535:51058
BGP table version is 34, local router ID is 10.172.100.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65535:51058
* i10.172.100.9/32 10.172.100.9 0 100 0 ?
*>i 10.172.100.9 0 100 0 ?
Cheers
Guru
Similar Messages
-
MVPN Extranet Issues in IOS XR (ASR9k)
Hello Experts !
We have analyzed and worked through a customer scenario where the following situation was given and did not work properly:
3 vrfs on various PEs where interconnected by matching imp and exp Rts (so they are ONE core unicast domain)
Mc sources, MC receivers and RPs are distributed over those 3 vrfs
each vrf has its own MDT Default and MDT Data setup (so in MC we have 3 differnt core multicast domains )
so because of various problems we found out that:
by using MVPN Extranet (implicitely) the following problems arose:
the follwing scenarios DID not work:
•More than 2 vrfs
• - vrf RED[source], vrf GREEN [rec], RP in vrf BLUE
•2 vrfs and local RP in one PE
–PE1 ( vrf RED[source], vrf GREEN [rec], local RP in vrf GREEN)
•Crossing the MVPN core 2 times
–PE1 (vrf RED[source])
+++core+++
PE2 (vrf GREEN link to[RP])
+++core+++
PE3 (vrf GREEN [rec])
so as the unicast vrfs are really ONE domain we tried to also use one multicast domain by trying to set the same MDT Default and Data group adresses on all the 3 vrfs.
BUT when committing we failed as IOS XR told us that we are not allowed to use the same MDT default and MDT data tree on more than one vrf
so for me there are 2 possible reasons for that
1.) the programmer wanted to help the user from accidentially selecting the same MC tree for 2 vrf s
[ in that case the restriction would be easy to remove, or reduces to a warning]
OR
2.) the MDT Default group address is a kind of unique pointer inside the MTI and thus no 2 vrf s can have the same (kind of same design fault which was the RD on IOS)
[ in that case the restrictions would need heavy reprogramming to remove]
Maybe someone more knowledgeable could help me clearing that out
By the way, we know that SSM would solve that problem, but.... there are reasons to not use SSM in this customer scenario
with best regards
Alexander MarholdI also need to add something:
MVPN extranet is turned on IMPLICITELY whenever you are exchanging routes between vrfs and it seems that there is NO way to turn it off.
I would consider MVPN Extranet a little bit to be for multicast what route leaking is for unicast.
Therefore I would at least like to see a possibility to turn it off on a vrf base
multicast-routing
address-family ipv4
vrf GREEN
address-family ipv4
NO MVPN-Extranet
mdt data ...
mdt default ipv4 ...
interface all enable
with best regards
alexander -
Hello, i am working with 871w and i am trying to switch form ip inspect to zone-based firewall. Below are the class-maps, policy-map, zone-pairs, zones, and ACLs. The issues i am having is that onces i depoly the ZBF, i can not get ip via DHCP. Please review and suggest any impovements or fixes needed?
class-map type inspect match-any Egress-Filter match access-group name egress-filter
class-map type inspect match-any Guest_Protocols match protocol http
match protocol https match protocol dns
class-map type inspect match-any Ingress-Filter match access-group name ingress-filter
class-map type inspect match-any All_Protocols match protocol tcp
match protocol udp match protocol icmp
class-map type inspect match-all DHCP-Allow match access-group name dhcp-allow
policy-map type inspect Self_to_Internet class type inspect Egress-Filter
inspect
class class-default
drop log
policy-map type inspect Internet_to_Self class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_To_Self class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Guest_to_Internet class type inspect Guest_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Guest class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_to_Self class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Trusted class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Trusted_to_Internet class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Trusted class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Guest_to_Self class type inspect All_Protocols inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Guest
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
zone-pair security Trusted->Internet source Trusted destination Internet service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet service-policy type inspect Guest_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted service-policy type inspect Internet_to_Trusted
zone-pair security Internet->Guest source Internet destination Guest service-policy type inspect Internet_to_Guest
zone-pair security Self->Internet source self destination Internet service-policy type inspect Self_to_Internet
zone-pair security Internet->Self source Internet destination self service-policy type inspect Internet_to_Self
zone-pair security Self->Trusted source self destination Trusted service-policy type inspect Self_to_Trusted
zone-pair security Trusted->Self source Trusted destination self service-policy type inspect Trusted_to_Self
zone-pair security Self->Guest source self destination Guest service-policy type inspect Self_to_Guest
zone-pair security Guest->Self source Guest destination self service-policy type inspect Guest_to_Self
zone security Trustedzone security Guestzone security Internet
ip access-list extended NAT deny ip 192.168.16.0 0.0.0.63 192.168.16.64 0.0.0.15
permit ip any any
ip access-list extended dhcp-allow permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any eq bootpc any
ip access-list extended egress-filter permit ip <REMOVED> 0.0.0.2 any
remark ----- Junk Traffic -----
deny ip any host <REMOVED>
deny ip any host <REMOVED>
deny ip host <REMOVED> any
deny ip host <REMOVED> any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip any any
ip access-list extended ingress-filter remark ----- Allow access from work
permit ip <REMOVED> 0.0.0.127 any
permit ip <REMOVED 0.0.0.31 any
permit ip <REMOVED> 0.0.0.255 any
permit esp any host <REMOVED>
permit gre any host <REMOVED>
permit udp any host <REMOVED> eq isakmp
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc deny icmp any any
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host <REMOVED>
deny ip any host <REMOVED>
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip <REMOVED> 0.0.0.3 any
deny ip any anyRunning Config
! Last configuration change at 05:24:59 AZT Sun Feb 19 2012 by asucrews
! NVRAM config last updated at 05:25:57 AZT Sun Feb 19 2012 by asucrews
version 12.4
configuration mode exclusive auto expire 600
parser cache
no service log backtrace
no service config
no service exec-callback
service nagle
service slave-log
no service slave-coredump
no service pad to-xot
no service pad from-xot
no service pad cmns
no service pad
no service telnet-zeroidle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service exec-wait
service linenumber
no service internal
no service scripting
no service compress-config
service prompt config
no service old-slip-prompts
service pt-vty-logging
no service disable-ip-fast-frag
service sequence-numbers
hostname rtwan
boot-start-marker
boot-end-marker
logging exception 4096
logging count
no logging message-counter log
no logging message-counter debug
logging message-counter syslog
no logging snmp-authfail
no logging userinfo
logging buginf
logging queue-limit 100
logging queue-limit esm 0
logging queue-limit trap 100
logging buffered 65536
no logging persistent
logging rate-limit 512 except critical
logging console guaranteed
logging console critical
logging monitor debugging
logging on
enable secret 5
enable password 7
aaa new-model
aaa group server radius rad_eap
server auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa accounting network acct_methods
action-type start-stop
group rad_acct
aaa session-id common
memory-size iomem 10
clock timezone AZT -7
clock save interval 8
errdisable detect cause all
errdisable recovery interval 300
dot11 syslog
dot11 activity-timeout unknown default 60
dot11 activity-timeout client default 60
dot11 activity-timeout repeater default 60
dot11 activity-timeout workgroup-bridge default 60
dot11 activity-timeout bridge default 60
dot11 ssid guestonpg
vlan 2
authentication open
authentication key-management wpa optional
guest-mode
wpa-psk ascii 7
dot11 ssid playground
vlan 1
authentication open
authentication key-management wpa optional
wpa-psk ascii 7
dot11 aaa csid default
no ip source-route
no ip gratuitous-arps
ip icmp redirect subnet
ip spd queue threshold minimum 73 maximum 74
ip options drop
ip dhcp bootp ignore
ip dhcp excluded-address 192.168.16.33 192.168.16.40
ip dhcp excluded-address 192.168.16.1 192.168.16.7
ip dhcp pool vlan1pool
import all
network 192.168.16.0 255.255.255.224
default-router 192.168.16.1
domain-name jeremycrews.home
lease 4
ip dhcp pool vlan2pool
import all
network 192.168.16.32 255.255.255.224
default-router 192.168.16.33
domain-name guest.jeremycrews.home
lease 0 6
ip cef
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
no ip bootp server
no ip domain lookup
ip domain name jeremycrews.home
ip host rtwan.jeremycrews.home 192.168.16.1 192.168.16.33
ip host ap1.jeremycrews.home 192.168.16.2 192.168.16.34
ip host ap2.jeremycrews.home 192.168.16.3 192.168.16.35
ip host ap3.jeremycrews.home 192.168.16.4 192.168.16.36
ip host ooma.jeremycrews.home 192.168.16.5
ip host xbox.jeremycrews.home 192.168.16.6
ip host wii.jeremycrews.home 192.168.16.7
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip accounting-threshold 100
ip accounting-list 192.168.16.0 0.0.0.31
ip accounting-list 192.168.16.32 0.0.0.31
ip accounting-transits 25
ip igmp snooping vlan 1
ip igmp snooping vlan 1 mrouter learn pim-dvmrp
ip igmp snooping vlan 2
ip igmp snooping vlan 2 mrouter learn pim-dvmrp
ip igmp snooping
login block-for 120 attempts 5 within 60
login delay 5
login on-failure log
parameter-map type inspect log
audit-trail on
dot1x system-auth-control
memory free low-watermark processor 65536
memory free low-watermark IO 16384
file prompt alert
emm clear 1b5b324a1b5b303b30480d
vtp file flash:vlan.dat
vtp mode server
vtp version 1
username privilege 15 password 7
username privilege 15 password 7
no crypto isakmp diagnose error
archive
log config
no record rc
logging enable
no logging persistent reload
no logging persistent
logging size 255
notify syslog contenttype plaintext
no notify syslog contenttype xml
hidekeys
path tftp://192.168.16.12/rtwan-config
maximum 10
no rollback filter adaptive
rollback retry timeout 0
write-memory
time-period 10080
scripting tcl low-memory 28965007
scripting tcl trustpoint untrusted terminate
no scripting tcl secure-mode
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh break-string ~break
ip ssh logging events
ip ssh version 2
ip ssh dh min size 1024
class-map type inspect match-any Egress-Filter
match access-group name egress-filter
class-map type inspect match-any Guest_Protocols
match protocol http
match protocol https
match protocol dns
match protocol bootpc
match protocol bootps
class-map type inspect match-any Ingress-Filter
match access-group name ingress-filter
class-map type inspect match-any All_Protocols
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all DHCP-Allow
match access-group name dhcp-allow
policy-map type inspect Self_to_Internet
class type inspect Egress-Filter
inspect
class class-default
drop log
policy-map type inspect Internet_to_Self
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Self_To_Self
class class-default
drop log
policy-map type inspect Trusted_To_Self
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Guest_to_Internet
class type inspect Guest_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Guest
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_to_Self
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Trusted
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Trusted_to_Internet
class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Trusted
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Guest_to_Self
class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Self_to_Guest
class type inspect All_Protocols
inspect
class class-default
drop log
zone security Trusted
zone security Guest
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet
service-policy type inspect Guest_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted
service-policy type inspect Internet_to_Trusted
zone-pair security Internet->Guest source Internet destination Guest
service-policy type inspect Internet_to_Guest
zone-pair security Self->Internet source self destination Internet
service-policy type inspect Self_to_Internet
zone-pair security Internet->Self source Internet destination self
service-policy type inspect Internet_to_Self
zone-pair security Self->Trusted source self destination Trusted
service-policy type inspect Self_to_Trusted
zone-pair security Trusted->Self source Trusted destination self
service-policy type inspect Trusted_to_Self
zone-pair security Self->Guest source self destination Guest
service-policy type inspect Self_to_Guest
zone-pair security Guest->Self source Guest destination self
service-policy type inspect Guest_to_Self
bridge irb
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
snmp trap link-status
interface Null0
no ip unreachables
interface FastEthernet0
description To switch
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode trunk
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
interface FastEthernet1
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode trunk
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet2
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet3
description Ooma Hub 192.168.16.5
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet4
description Cox Internet Connection
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
snmp trap link-status
no cdp enable
zone-member security Internet
interface Dot11Radio0
description Radio b/g
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
beacon period 100
beacon dtim-period 2
dot11 extension aironet
encryption vlan 1 mode ciphers aes-ccm tkip wep128
encryption vlan 2 mode ciphers aes-ccm tkip wep128
broadcast-key vlan 1 change 3600 membership-termination
broadcast-key vlan 2 change 3600 membership-termination
ssid guestonpg
ssid playground
countermeasure tkip hold-time 60
short-slot-time
speed ofdm join
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 64
preamble-short
channel least-congested
fragment-threshold 2346
station-role root
rts threshold 2312
rts retries 64
antenna receive diversity
antenna transmit diversity
payload-encapsulation rfc1042
snmp trap link-status
interface Dot11Radio0.1
description Home WLAN
encapsulation dot1Q 1 native
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description Guest WLAN
encapsulation dot1Q 2
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Vlan1
description Home LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
autostate
snmp trap link-status
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan2
description Guest LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
autostate
snmp trap link-status
bridge-group 2
bridge-group 2 spanning-disabled
interface BVI1
description Home Bridge LAN to WLAN
ip address 192.168.16.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
snmp trap link-status
zone-member security Trusted
interface BVI2
description Guest Bridge LAN to WLAN
ip address 192.168.16.33 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
snmp trap link-status
zone-member security Guest
ip classless
ip forward-protocol nd
no ip http server
ip http port 80
ip http authentication enable
no ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 5
ip http timeout-policy idle 180 life 180 requests 1
ip http active-session-modules all
ip http digest algorithm md5
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source static tcp 192.168.16.6 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.16.6 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.6 3074 interface FastEthernet4 3074
ip nat inside source static tcp 192.168.16.6 80 interface FastEthernet4 80
ip nat inside source static udp 192.168.16.6 88 interface FastEthernet4 88
ip nat inside source static udp 192.168.16.6 53 interface FastEthernet4 53
ip nat inside source list NAT interface FastEthernet4 overload
ip access-list extended NAT
deny ip 192.168.16.0 0.0.0.63 192.168.16.64 0.0.0.15
permit ip any any
ip access-list extended dhcp-allow
permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any eq bootpc any
ip access-list extended egress-filter
permit ip 0.0.0.2 any
remark ----- Junk Traffic -----
deny ip any host
deny ip any host
deny ip host any
deny ip host any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip any any
ip access-list extended ingress-filter
remark ----- Allow access from work
permit ip 0.0.0.127 any
permit ip 0.0.0.31 any
permit ip 0.0.0.255 any
permit esp any host
permit gre any host
permit udp any host eq isakmp
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc
deny icmp any any
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host
deny ip any host
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip 0.0.0.2 any
deny ip any any
no ip sla logging traps
ip sla 1
icmp-echo 8.8.4.4 source-interface FastEthernet4
frequency 120
history hours-of-statistics-kept 1
history filter failures
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface FastEthernet4
frequency 30
history hours-of-statistics-kept 1
history filter failures
ip sla reaction-configuration 1 react connectionLoss threshold-type consecutive 5 action-type trapAndTrigger
ip sla reaction-trigger 1 2
logging history size 1
logging history warnings
logging trap informational
logging delimiter tcp
logging facility local7
no logging source-interface
access-list 1 permit 192.168.16.0 0.0.0.63
access-list 20 permit 127.127.1.1
access-list 20 permit 192.43.244.18
access-list 20 permit 204.235.61.9
access-list 20 permit 173.201.38.85
access-list 20 permit 216.229.4.69
access-list 20 permit 152.2.21.1
access-list 20 permit 130.126.24.24
access-list 21 permit 192.168.16.0 0.0.0.63
access-list 22 permit 192.168.16.0 0.0.0.63
mac-address-table aging-time 300
cdp run
snmp-server engineID local
snmp-server view *ilmi system included
snmp-server view *ilmi atmForumUni included
snmp-server view v1default iso included
snmp-server view v1default internet.6.3.15 excluded
snmp-server view v1default internet.6.3.16 excluded
snmp-server view v1default internet.6.3.18 excluded
snmp-server view v1default ciscoMgmt.394 excluded
snmp-server view v1default ciscoMgmt.395 excluded
snmp-server view v1default ciscoMgmt.399 excluded
snmp-server view v1default ciscoMgmt.400 excluded
snmp-server view *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F ieee802dot11 included
snmp-server view *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F internet included
snmp-server community 1682CrewsSNMP v1default RW 22
snmp-server priority normal
no snmp-server trap link ietf
snmp-server trap authentication vrf
snmp-server trap authentication acl-failure
snmp-server trap authentication unknown-content
snmp-server packetsize 1500
snmp-server queue-limit notification-host 10
snmp-server chassis-id FHK111016LX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps pw vc
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps adslline
snmp-server enable traps flash insertion removal
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ipsla
snmp-server host 192.168.16.10 traps version 1 udp-port 162
snmp-server inform retries 3 timeout 15 pending 25
snmp mib nhrp
snmp mib notification-log globalsize 500
snmp mib notification-log globalageout 15
snmp mib community-map ILMI engineid
snmp mib community-map engineid
radius-server local
no authentication mac
eapfast authority id
eapfast authority info
eapfast server-key primary 7
eapfast server-key secondary 7
nas key 7
group users
vlan 1
ssid playground
block count 5 time 60
reauthentication time 3600
group guest
vlan 2
ssid guestonpg
block count 3 time 60
reauthentication time 3600
user nthash 7 group users
user nthash 7 group guest
radius-server attribute 32 include-in-access-req format %h
radius-server host auth-port 1645 acct-port 1646 key 7
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
alias exec h help
alias exec lo logout
alias exec p ping
alias exec r resume
alias exec s show
alias exec u undebug
alias exec un undebug
alias exec w where
default-value exec-character-bits 7
default-value special-character-bits 7
default-value data-character-bits 8
line con 0
password 7
logging synchronous
no modem enable
transport output ssh
line aux 0
password 7
logging synchronous
transport output ssh
line vty 0 4
password 7
logging synchronous
transport preferred ssh
transport input all
transport output ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
process cpu threshold type total rising 80 interval 10 falling 40 interval 10
ntp authentication-key 1 md5 7
ntp authenticate
ntp trusted-key 1
ntp source FastEthernet4
ntp access-group peer 20
ntp access-group serve-only 21
ntp master 1
ntp server 152.2.21.1 maxpoll 4
ntp server 204.235.61.9 maxpoll 4
ntp server 130.126.24.24
ntp server 216.229.4.69 maxpoll 4
ntp server 173.201.38.85 maxpoll 4
cns id hostname
cns id hostname event
cns id hostname image
cns image retry 60
netconf max-sessions 4
netconf lock-time 10
netconf max-message 0
event manager scheduler script thread class default number 1
event manager scheduler applet thread class default number 32
event manager history size events 10
event manager history size traps 10
end -
Hello my friends,
Looking at the MVPN implementation on the ME3600&3800 on link
http://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/software/release/15.2_4_S/configuration/guide/swmvpn.html
We can see the following restrictions (among several others):
Pseudowire towards the core svi is not supported.
I really don't understand this restriction .. If the Core SVI is the MPLS enabled interface toward the Core, it shouldn't have no PSW there .. Can anybody clarify this ?
Maximum number of OIFs supported is 62.
So we can assume that the maximum MDT number is 62, am i right ?
Did anyone used this equipments for MVPN, care to share your experience please ?
Thanks !
DavidThanks Yasir, but still i don't understand:
What a PW has to do with MVPN (this statement is on the MVPN ?
Since we've raised this issue, the core facing interface should be a routed MPLS enable interface to PWs work ?
Regarding the OIF:
there will be 1 OIF for each Default-MDT
there will be 1 OIF for each Data-MDT activated for each group whenever threshold is passed
So, if we have a maximum of 62 OIF per group we can say that we can have 61 OIF per MDT (excluding the 1 OIF for the Default-MDT). Is this assumption right ? (i'm a bit confused with the wording!)
A couple of more questions:
What's the maximum number of MDTs per ME3600 & 3800 ?
Is Labeled Switch Multicast on the road-map for this equipments ?
Many many thanks Yasir!
David -
Combining PE-CE eBGP VPNv4 prefix exchange with mVPN?
Background:
Present MPLS backbone based on 3750ME and 6504/Sup32 to all main locations.
Rigid (and stable) structure at each site with C - CE - PE, eBGP pr. VRF between CE and PE, static/HSRP between C and CE.
C typically 6500/Sup720, CE either 3560(G) or 3750(G).
Only backside to present design is that connectivity between to CEs at a site is via L2 in Cs, that is CE - C - C - CE.
That has provided some interesting failure scenarios :(.
Static configuration with many configuration steps for new networks also provides possible errors.
We're looking at removing the CE and combine the C/CE functionality into the 6500/Sup720 on each campus.
Then we can either run traditional eBGP pr. VRF between C/CE and PE or we could move to a solution with PE-CE eBGP VPNv4 prefix exchange, such as would be used when service providers exchange label info across AS boundaries.
The latter solution means all PEs will accept all VPNv4 routes rather than just the ones for which they have locally defined VRFs.
But it also provides flexibility combined with ease of the configuration, as the PEs are basically reduced to P functionality, and at the same time the usage of eBGP between C/CE and PE means we don't have to include the C/CEs in the IGP (IS-IS) of the backbone and convert them to full PEs, compromising the stability of the MPLS core, while maintaining all the control handles of BGP.
The C/CEs would need to BGP peer with the PEs in the global routing table for exchange of VPNv4 routes and next hop information.
Does this sound like a feasible solution? Caveats?
Next issue at hand is mVPN.
We'd like to support pr. VRF multicast across the MPLS backbone, and mVPN seems like the answer to that. Unfortunately it's not supported now nor will it apparently be so on the 3750ME.
The obvious answer is to move to e.g. 7604 as PE platform, which is a long term strategic option, but it's not gonna happen overnight.
Assuming we implement the PE-CE eBGP VPNv4 route exchange, would we be able to switch the mVPN functionality into the C/CE routers, this taking away the restraints of the 3750MEs?
We would run pr. VRF PIM on the C/CE and define default- and data-MDTs for each VRF on the C/CE.
Obviously we would need multicast routing in the global routing table, both on the PEs (based on PIM-SM, Bidir or SSM), and between the C/CEs and the PEs (based on PIM or perhaps MP-BGP?).
Would this work? Caveats?Hi elawaetz
From the above I come to know that for the first solution actually you should go with the vrf lite, if you want to club your customers on 6500. For PE-CE a bgp instance is required and it will work only for vpnv4 not in global and its a feasible solution you can go with this.
Solution For MVPN:-
For MVPN you need not worry about the clinet end. You have to take care for the folowing points for mvpn:-
a) Use ip pim-spare-mode for your backhaul, so hat in case of rp failures your clients will not be affected.
b)Choose a suitable multicast protocol like autorp if you are having full cisco domain or BSR for mix breed.
c)If you r using auto-rp advertise your rp information with the help of acl which includes the 239 group becasue by default it takes 224 group.
d)For your cloud default mdt is required (unique for per vrf)and it is only in the global multicast routing table.
e)Data mdt can be used but its an optioal component.
f)Per vrf rp should be required.
g)MP-BGP update should be with one loopback only, if u r having multiple loopbacks for bgp peering then rpf failures problems will arise and you wonot be able to send or receive the streams.
h)3750is specially deisgned for ME; By defaut cisco switches forward the multicast traffic but if u want ot create the vrf then u need a router and 7600 is gud one becasue with this you can go with extranet also.
You last point i already cleared, in global multicast routing table only default mdt groups will be enterted.
regards
shivlu -
Does anyone know if there are any specific performance limitations given the following:
Catalyst 6500 with Supervisor 720
6708 linecard
Configured as a MPLS PE using SXI software
multicast VPN (standard service provider setup, with multicast enabled mpls core)
I understand that due to ingress replication, and subsequent recirculation, I won't get line rate performance with multicast over a mVPN. In fact, problems may start with a throughput as low as 3Gbps on a PE port)
Does anyone have any real-world experience on this topic that they could share?I have implementation done on campus MPLS Backbone. I do have 100+ Channels using mVPN with 6704 linecards.
though mVPN is actually and IP based swithching and not on label based, I have not experienced any bottle neck in throughput. My traffic is constant 500 Mbps from head end to campus and there is no signs of any issue. CPU of by core backbone is less than 8% :-).......
it equally matters your packet size too...
Please review the report below
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd800c958a.pdf
regards
Prasad -
New DVR Issues (First Run, Channel Switching, etc.)
I've spent the last 30 minutes trying to find answers through the search with no luck, so sorry if I missed something.
I recently switched to FIOS from RCN cable in New York. I've gone through trying to setup my DVR and am running into issues and was hoping for some answers.
1. I setup two programs to record at 8PM, I was watching another channel at the time and only half paying attention. Around 8:02 I noticed a message had popped up asking if I would like to switch channels to start recording. I was expecting it to force it to switch like my old DVR, but in this case it didn't switch and I missed the first two minutes of one of the shows. I typically leave my DVR on all day and just turn off the TV, this dual show handling will cause issues with that if I forget to turn off the DVR. Is there a setting I can change that will force the DVR to choose one of the recording channels?
2. I setup all my recordings for "First Run" because I only want to see the new episodes. One show I setup was The Daily Show on comedy central, which is shown weeknights at 11pm and repeated 3-4 times throughout the day. My scheduled recordings is showing all these as planned recordings even though only the 11pm show is really "new". Most of the shows I've setup are once a week so they aren't a problem, but this seems like it will quickly fill my DVR. Any fixes?
Thanks for the help.
Solved!
Go to Solution.I came from RCN about a year ago. Fios is different in several ways, not all of them desirable. Here are several ways to get--and fix--unwanted recordings from a series recording setup.
Some general principles.
Saving changes. When you originally create a series with options, or if you go back to edit the options for an existing series, You MUST save the Series Options changes. Pretty much everywhere else in the user interface, when you change an option, the change takes effect immediately--but not in Series Options. Look at the Series Options window. Look at the far right side. There is a vertical "Save" bar, which you must navigate to and click OK on to actually save your changes. Exiting the Series Options window without having first saved your changes loses all your attempted changes--immediately.
Default Series Options. This is accessed from [Menu]--DVR--Settings--Default Series Options. This will bring up the series options that will automatically be applied to the creation of a NEW series. The options for every previously created series will not be affected by a subsequent modification of the Default Series Options. You should set these options to the way you would like them to be for the majority of series recordings that you are likely to create. Be sure to SAVE your changes. This is what you will get when you select "Create Series Recording" from the Guide. When creating a new series recording where you think that you may want options different from the default, select "Create Series with Options" instead. Series Options can always be changed for any individual series set up later--but not for all series at once.
Non-series recordings. With Fios you have no directly available options for these. With RCN and most other DVRs, you can change the start and end times for individual episodes, including individual episodes that are also in a series. With Fios, your workarounds are to create a series with options for a single program, then delete the series later; change the series options if the program is already in a series, then undo the changes you made to the series options later; or schedule recordings of the preceding and/or following shows as needed.
And now, to the unwanted repeats.
First, make sure your series options for the specific series in question--and not just the series default options--include "First Run Only". If not, fix that and SAVE. Then check you results by viewing the current options using the Series Manager app under the DVR menu.
Second, and most annoying, the Guide can have repeat programs on your channel tagged as "New". It happens. Set the series option "Air Time" to "Selected Time". To make this work correctly, you must have set up the original series recording after selecting the program in the Guide at the exact time of a first run showing (11pm, in your case), and not on a repeat entry in the Guide. Then, even it The Daily Show is tagged as New for repeat showings, these will be ignored.
Third, another channel may air reruns of the program in your series recording, and the first showing of a rerun episode on the other channel may be tagged as "New". These can be ignored in your series if you set the series option "Channel" to "Selected Channel". Related to this, if there is both an SD and HD channel broadcasting you series program, you will record them both if the series option "Duplicates" is set to "Yes". However, when the Channel option is set to "Selected Channel", the Duplicates Option is always effectively "No", regardless of what shows up on the options screen.
As for you missing two minutes, I have sereral instances in which two programs start recording at the same time. To the best of my recollection, whenever the warning message has appeared, ignoring it has not caused a loss of recording time. You might have an older software version. Newest is v.1.8. Look at Menu--Settings--System Info. Or, I might not have noticed the loss of minutes. I regularly see up to a minute of previous programming at the start of a recording, or a few missing seconds at the beginning or end of a recording. There are a lot of possibilities for that, but the DVR clock being incorrect is not one of them. With RCN, the DVR clocks occasionally drifted off by as much as a minute and a half. -
Pension issue Mid Month Leaving
Dear All,
As per rule sustem should deduct mid month joining/leaving/absences or transfer scenarios, the Pension/PF Basis will be correspondingly prorated. But our system is not doing this. In RT table i have found 3FC Pension Basis for Er c 01/2010 0.00 6,500.00.
Employee leaving date is 14.04.2010. system is picking pension amout as 541. Last year it was coming right.
Please suggest.
AshwaniDear Jayanti,
We required prorata basis pension in case of left employees and system is not doing this. This is the issue. As per our PF experts Pension amount should come on prorata basis for left employees in case they left mid of month.System is doing prorata basis last year but from this year it is deducting 541. I am giving two RT cases of different years.
RT table for year 2010. DOL 26.04.2010
/111 EPF Basis 01/2010 0.00 8,750.00
/139 VPF Basis 01/2010 0.00 8,750.00
/3F1 Ee PF contribution 01/2010 0.00 1,050.00
/3F3 Er PF contribution 01/2010 0.00 509.00
/3F5 Ee Mon PF contribution 01/2010 0.00 1,050.00
/3F6 Ee Ann PF contribution 01/2010 0.00 12,600.00
/3F9 PF adm chrgs * 1,00,00 01/2010 0.00 96.25
/3FA PF basis for Ee contri 01/2010 0.00 8,750.00
/3FB PF Basis for Er Contri 01/2010 0.00 8,750.00
/3FJ VPF basis for Ee contr 01/2010 0.00 8,750.00
/3FL PF Basis for Er Contri 01/2010 0.00 6,500.00
/3F4 Er Pension contributio 01/2010 0.00 541.00
/3FC Pension Basis for Er c 01/2010 0.00 6,500.00
/3FB PF Basis for Er Contri 01/2010 0.00 8,750.00
/3FC Pension Basis for Er c 01/2010 0.00 6,500.00
/3FJ VPF basis for Ee contr 01/2010 0.00 8,750.00
/3FL PF Basis for Er Contri 01/2010 0.00 6,500.00
/3R3 Metro HRA Basis Amount 01/2010 0.00 8,750.00
1BAS Basic Salary 01/2010 0.00 8,750.00
RT table for year 2009. DOL 27.10.2009
/111 EPF Basis 07/2009 0.00 9,016.13
/139 VPF Basis 07/2009 0.00 9,016.13
/3F1 Ee PF contribution 07/2009 0.00 1,082.00
/3F3 Er PF contribution 07/2009 0.00 628.00
/3F5 Ee Mon PF contribution 07/2009 0.00 1,082.00
/3F6 Ee Ann PF contribution 07/2009 0.00 8,822.00
/3F9 PF adm chrgs * 1,00,00 07/2009 0.00 99.18
/3FA PF basis for Ee contri 07/2009 0.00 9,016.00
/3FB PF Basis for Er Contri 07/2009 0.00 9,016.00
/3FJ VPF basis for Ee contr 07/2009 0.00 9,016.00
/3FL PF Basis for Er Contri 07/2009 0.00 5,452.00
/3FB PF Basis for Er Contri 07/2009 0.00 9,016.00
/3FC Pension Basis for Er c 07/2009 0.00 5,452.00
/3FJ VPF basis for Ee contr 07/2009 0.00 9,016.00
/3FL PF Basis for Er Contri 07/2009 0.00 5,452.00
/3R4 Non-metro HRA Basis Am 07/2009 0.00 9,016.13
1BAS Basic Salary 07/2009 0.00 9,016.13
Now please suggest what to do. where is the problem ? If have also checked EXIT_HINCALC0_002 but nothing written in it.
With Regards
Ashwani -
Open PO Analysis - BW report issue
Hello Friends
I constructed a query in BW in order to show Open Purchase Orders. We have custom DSO populated with standard
datasource 2lis_02_itm (Purcahse Order Item). In this DSO we mapped the field ELIKZ to the infoobject 0COMP_DEL
(Delivery completed).
We loaded the data from ECC system for all POs and found the following issue for Stock Transport Purchase orders (DocType = UB).
We have a PO with 4 line items. For line items 10 and 20, Goods issued, Goods received and both the flags "Delivery
complete" and "Final delivery" checked. For line items 30 and 40, only delivery indicator note is issued for zero
quantity and Delivery complete flag is checked (Final delivery flag is not checked) in ECC system. For this PO, the
delivery completion indicator is not properly updated in the DSO for line items 30 and 40. The data looks like the
following:
DOC_NUM DOC_ITEM DOCTYPE COMP_DEL
650000001 10 UB X
650000001 20 UB X
650000001 30 UB
650000001 40 UB
When we run the Open PO analysis report on BW side this PO is appearing in the report but the same is closed in ECC
system.
Any help is appreciated in this regard.
Thanks and Regards
sampathHi Priya and Reddy
Thanks for your response.
Yes the indicator is checked in EKPO table for items 30 and 40 and delta is running regularly for more than 1 year and no issues with other POs. This is happening only for few POs of type Stock Transport (UB).
I already checked the changes in ME23N and the Delivery completed indicator was changed and it reflected in EKPO table. Further, i checked the PSA records for this PO and i am getting the records with the Delivery completed flag but when i update from PSA to DSO the delivery completed indicator is not updating properly.
In PSA, for item 30 i have the following entries. Record number 42 is capturing the value X for ELIKZ but after that i am getting two more records 43 and 44 with process key 10 and without X for ELIKZ. I think this is causing the problem.
Record No. Doc.No. Item Processkey Rocancel Elikz
41 6500000001 30 11 X ---
42 6500000001 30 11 --- X
43 6500000001 30 10 X ---
44 6500000001 30 10 --- ---
(Here --- means blank)
Thanks and Regards
sampath -
HP LaserJet Enterprise 600 M602 driver issue
Hello,
I've got issue with 600-series printers. We use the latest UPD drivrer ver. 61.175.1.18849 and print from XenApp 6.5. The error occurs every time when users try to print jpg files from XenApp session. It only happens with 600 series printers and UPD.
Also I've tried to assign native 600-series driver ver. 6.3.9600.16384 and it works good. But with that driver system says that it's color printer and it brokes our printing reports. These reports are very important for us. So we can't use printer and that driver as well.
Printer installed on Windows Server 2012 R2. All clients are Windows 7 x64. XenApp Servers are Server 2008R2.
Is it possible to get fixed UPD driver or correct native driver for Server 2012 R2?
Regards,
AnatolyI am sorry, but to get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial printer. You can do this at Printers - LaserJet.
Click on New Post.
I hope this helps.
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
Gemini02
I work on behalf of HP -
Windows 7 displays error message when exiting +cursor issue
Two issues here. CS5 Phoshop on Wind 7 64 bit.
Physical processor count: 8
Processor speed: 3073 MHz
Built-in memory: 12279 MB
Free memory: 9577 MB
Memory available to Photoshop: 10934 MB
Memory used by Photoshop: 80 %
Image tile size: 128K
First issue is since the latest automatic Adobe update (why fix what isn't broken?) Every time I now exit Photoshop I get the message "Adobe QT Server has stoped working" and occasionally it happens when I exit bridge. Indesign is also behaving badly. I can no longer start a previous document from file manager without ID crashing out.
The other is the cursors in Clone and erase lose their edge (become invisable) for no reason - well not quite. Noise Ninja crashed Photoshop when I tried to use it. I reinstalled it and all is well. The cursor issue seems to be intermittant but came back (for no reason) after I reinstalled NN. I can't seem to change the cursor, no matter what I do. The problem is now seriously affecting how I work. Almost enough to go back to Win XP which ran CS5 Photoshop flawlessly.
Any help will be gratefully accepted.
Dougfunction(){return A.apply(null,[this].concat($A(arguments)))}
doug87510 wrote:
The recent problem is the entire outline of the cursor (including the crosshair in the middle) was missing at any size of cursor. All I had was exactly what I'd get if I used a real spraygun.
Well, that issue is simply a matter of hitting the Caps Lock key. When Caps Lock is on, you'll see the cursor outline, and when it is off you'll see a crosshair. That's a feature, not a bug.
Glad to hear the 11.1 drivers are out. I will download them and try them now myself.
Regarding "Adobe QT" crashing... QT brings to mind QuickTime, though that is Apple, not Adobe. Do you have Apple QuickTime installed?
Regarding memory usage, with 12 GB of installed RAM, you should be able to set Photoshop to use 90% or more in Edit - Preferences - Performance.
-Noel -
Issue in Creation of Periodicals for Contracts in CRM7.0
Hello,
I have a requirement to create Contracts in CRM7.0 system.
And I am doing this using the BAPI *BAPI_BUSPROCESSND_CREATEMULTI*
Good part is Contract Order gets created, but onlywith Header Details.
The issues i am facing --
1. I need to know what kind/type of data must be passed to the interface parameters, the F1 Help/Documentation is vague.
2. I am passing data in the INPUT FIELDS structure with the Object ID, Handle Number, Reference GUID and Fieldname,
here what does 'Logical Key' field indicate? What should be passed here.
What does 'REFERENCE KIND' field indicate, i have been passng 'A' for everything (to be frank i dont know whats its significance is!!).
3. With so much, My Order gets created but with less than half details, i.e. the Objects not getting created are - Partner, Product, terms/appointments, Status, LongTexts......
Any help/inputs would be appreciated.
Hope my problem is stated clearly ...
--Regards
DedeepyaHi Anu,
i found my solution by debugging with existing data or while creating it in CRMD_ORDER.
Ensure that you are passing a correct entry in INPUT_FIELDS structure.
As i haven't worked on rebates i woudlnt be able to help you, I suggest you debug to arrive at a solution.
You can preset your break-points at :-
1. FM - CRM_ORDER_MAINTAIN
2. CRM_ORDER_MAINTAIN_MULTI_OW -- Debug through the complete FM.
3. CRM_ORDER_PREPARE_MULTI_OW -- The data is set in this function module.
Regards
Dedeepya C -
Issue in creation of plant related data at receiving server using BD10
Hi all,
This is regarding Material master creation using B10.I am using MATMAS05 message type for sending data from one system to another.Data is sent and received successfully.When i go in mm03 i can see all the views created successfully accept views related to PLANT.Please guide to resolve the issue.
When i entered into Log-
1)"The field MBEW-BKLAS is defined as a required field; it does not contain an entry".
2)"No material master data exists for material AB_08.04.09(30) in plant 4001".
My segemnt is as follows-
ZMATMAS05 matmas05
E1MARAM Master material general data (MARA)
Z1KLART KLART----
My extention
E1MARA1 Additional Fields for E1MARAM
E1MAKTM Master material short texts (MAKT)
E1MARCM Master material C segment (MARC)
Z1AUSPM E1AUSPMDistribution of Classification:----
My extention
E1MARC1 Additional Fields for E1MARCM
E1MARDM Master material warehouse/batch segment (MARD)
E1MFHMM Master material production resource/tool (MFHM)
E1MPGDM Master material product group
E1MPOPM Master material forecast parameter
E1MPRWM Master material forecast value
E1MVEGM Master material total consumption
E1MVEUM Master material unplanned consumption
E1MKALM Master material production version
E1MARMM Master material units of measure (MARM)
E1MBEWM Master material material valuation (MBEW)
E1MLGNM Master material material data per warehouse number (MLGN)
E1MVKEM Master material sales data (MVKE)
E1MLANM Master material tax classification (MLAN)
E1MTXHM Master material long text header
E1CUCFG CU: Configuration data
E1UPSLINK Reference from Object to Superior UPS
Thanks.
Edited by: sanu debu on Apr 27, 2009 7:10 PMCREATE CONTROLFILE SET DATABASE "NEWDB" NORESETLOGS ARCHIVELOGAlso when you are setting a new database, the option should be RESETLOGS and not NORESETLOGS.
'D:\APP\ADMINISTRATOR\ORADATA\NEWDB\ONLINELOG\O1_MF_2_7FK0XKB8_.LOG
D:\APP\ADMINISTRATOR\ORADATA\NEWDB\DATAFILE\O1_MF_SYSTEM_7FK0SKN0_.DBFWhy underscore(_) at the end of the datafile name. Any specific reason ? -
Issue in Creation of new Value Field in CO-PA
Hi,
I have a query in CO-PA Value Field Linking.
In my Development Client,
1. Created a New Value Field (No Transport Request Generated)
2. Linked to the above to new Conditon type created in SD. (Tranport request was generated) i.e. in Flow of Actual Values->Transfer of Billing Documents->Assign Value Fields
However then i try creating a new Value Field in my Production Client it throws a message 'You have no authorization to change Fields".
Is this an issue with authorization or i need to transport the Value field too from Development to Production client.
Please Advise.
Thanks in Advance,
SafiThanks Phaneendra for the response.
The creation of Value field did not create any tranportation request. Will this too be transported if i transport the Operating Concern.
Please Advise.
Thanks,
Safi -
Dear All
I have some is my current assignment-Customer is buying some material say "A" want "B,C" as exclusive free goods
is it possible to give two free at a time in same order ?
I only know one exlusive free good can be give to one material with combination of customer ( Customer/Material)
Looking for some inputs regarding the issue.
Can you plz suggest me if there is any possiblities for BOM?
Many Thanks
Rakesh NaveenDear Rakesh,
Be informed that free goods is not currently supported in combination with material structures (e.g. product selection,
bills of material, variants with BOM explosion), see note 796926.
Determination of free goods is performed in include FV45PF0N_NATRAB_SELECTION and the check is hardcoded. You will have to modify the program to get that functionality, but be carfull that any modification won't be supported by SAP, see note 170183.
I hope it can help you.
Ruy Castro
Maybe you are looking for
-
How to modify Time Capsule wireless clients?
I have a Time Capsule that I use as the router for the house. We've had a lot of computers connected to it over the years. What I am wanting to know if it is possible to remove wireless clients that are connected or previously connected. Under Finder
-
OM- Reporting Structure report
Hi Experts, I am generation reporting structure report through standard report T.codes(S_AHR_61016512 - Report Structure Without Persons ,S_AHR_61016513 - Report Structure with Persons ). but i am unable to download to excel formate. can anyone help
-
Error when running report in CMC and Infoview_2
I made this same thread in BOBJ Administration section but maybe it belongs here.......... Hi all, i have this following problem: - when i try to run report in cmc it fails and i get this error message: Error in File ~tmp1a745af945b59b0.rpt: Failed t
-
2 MERGE statements in same trigger - is it possible ?
Hi guys, I have an After Insert trigger (on table A) that takes the last record from table A and insert/update it on another table (B) then insert /update in same table (B) some records which depends on it. When trying to insert data in table A, the
-
Printing problem using Photoshop
When I print from my Imac using Photoshop CS5 the picture and the whole sheet of paper is overlaid with print ink. Any ideas how I fix this?