CGN Configuration for BGP Router
Hi all,
I am in the middle of NAT configuration testing for new ASR9010 implementation. Customer need NAT feature and ordered ISM for the CGN. Need your help to check our configuration and the testing environtment, because we found this configuration didn't work with this testing environtment. The testing environtment is described below.
The configurations are:
vrf InsideUserNAT
address-family ipv4 unicast
vrf InsideWifiNAT
address-family ipv4 unicast
vrf InsideOfficeNAT
address-family ipv4 unicast
hw-module service cgn location 0/0/CPU0
interface GigabitEthernet0/1/1/0
description NAT Test 1
ipv4 address 10.1.9.129 255.255.255.0
transceiver permit pid all
interface GigabitEthernet0/1/1/1
description NAT Test 2
ipv4 address 100.62.16.5 255.255.255.252
transceiver permit pid all
interface ServiceApp1
description ASVI for InsideUserNAT
vrf InsideUserNAT
ipv4 address 1.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp2
description ASVI for OutsideUserNAT
ipv4 address 2.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp3
description ASVI for InsideOfficeNAT
vrf InsideOfficeNAT
ipv4 address 3.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp4
description ASVI for OutsideOfficeNAT
ipv4 address 4.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp5
description ASVI for InsideWifiNAT
vrf InsideWifiNAT
ipv4 address 5.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp6
description ASVI for OutsideWifiNAT
ipv4 address 6.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceInfra1
ipv4 address 100.10.10.1 255.255.255.252
service-location 0/0/CPU0
router static
address-family ipv4 unicast
100.62.16.0/22 Null0 210
100.62.16.0/24 ServiceApp2
100.62.17.0/24 ServiceApp4
100.62.18.0/24 ServiceApp6
vrf InsideUserNAT
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
10.1.9.0/24 GigabitEthernet0/1/1/0 10.1.9.130
vrf InsideWifiNAT
address-family ipv4 unicast
0.0.0.0/0 ServiceApp5
vrf InsideOfficeNAT
address-family ipv4 unicast
0.0.0.0/0 ServiceApp3
service cgn cgn1
service-location preferred-active 0/0/CPU0
service-type nat44 nat1
inside-vrf InsideUserNAT
map ip one-to-one
map address-pool 100.62.16.0/24
inside-vrf InsideWifiNAT
map address-pool 100.62.17.0/24
inside-vrf InsideOfficeNAT
map address-pool 100.62.18.0/24
protocol udp
session active timeout 20
end
RP/0/RSP0/CPU0:BGP-NAT#term leng 24
Wed Jul 10 00:08:35.907 UTC
We can reach internet ip address from GigabitEthernet0/1/1/1. ServiceInfra interface and all serviceapp interfaces are up. Need help check this issue because we will do migration by the end of this week.
Thanks in advance and really appreciate your help.
@Nicolas:
The way I change the vrf is by assign different port to each InsideOfficeNat, InsideWifiNat and InsideUserNat. When testing each vrf I move the physical connection. When I was experienced problem using InsideOfficeNat, the Inside to Outside Packet result in "show cgn nat44 nat1 outside-translation protocol udp outside-vrf default outside-address 100.62.16.126 port start 1 end 65535" is counting but not for Outside to Inside Packets. And same symptom with InsideWifiNat.
@Nicolas and Harold:
Actually right now all vrf-inside successful doing translation and we also change the CGN configuration without vrf on physical inside interface. But we found the browsing experiences are very slow and some contents were not loaded successfully. Any idea what happened?
Here the configuration:
ipv4 access-list inside-nat-abf-test
10 permit ipv4 10.3.15.0/24 any nexthop1 vrf InsideOfficeNAT ipv4 3.1.1.2
20 permit ipv4 10.1.9.0/24 any nexthop1 vrf InsideUserNAT ipv4 1.1.1.2
30 permit ipv4 10.5.5.0/24 any nexthop1 vrf InsideWifiNAT ipv4 5.1.1.2
interface GigabitEthernet0/1/1/0
description NAT Test 1
ipv4 address 10.1.9.129 255.255.255.0
transceiver permit pid all
ipv4 access-group inside-nat-abf-test ingress
interface GigabitEthernet0/1/1/1
description NAT Test 2
ipv4 address 10.3.15.1 255.255.255.0
transceiver permit pid all
ipv4 access-group inside-nat-abf-test ingress
interface GigabitEthernet0/1/1/2
description NAT Test 3
ipv4 address 10.5.5.1 255.255.255.0
transceiver permit pid all
ipv4 access-group inside-nat-abf-test ingress
interface ServiceApp1
description ASVI for InsideUserNAT
vrf InsideUserNAT
ipv4 address 1.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp2
description ASVI for OutsideUserNAT
ipv4 address 2.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp3
description ASVI for InsideOfficeNAT
vrf InsideOfficeNAT
ipv4 address 3.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp4
description ASVI for OutsideOfficeNAT
ipv4 address 4.1.1.1 255.255.255.252
service cgn cgn1 service-type nat44
interface ServiceApp5
description ASVI for InsideWifiNAT
vrf InsideWifiNAT
ipv4 address 5.1.1.1 255.255.255.252
service cgn cgn service-type nat44
interface ServiceApp6
description ASVI for OutsideWifiNAT
ipv4 address 6.1.1.1 255.255.255.252
service cgn cgn service-type nat44
router static
address-family ipv4 unicast
100.62.16.0/22 Null0 210
100.62.16.0/24 ServiceApp2
100.62.17.0/24 ServiceApp6
100.62.18.0/24 ServiceApp4
vrf InsideUserNAT
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
10.1.9.0/24 vrf default GigabitEthernet0/1/1/0 10.1.9.130
vrf InsideWifiNAT
address-family ipv4 unicast
0.0.0.0/0 ServiceApp5
10.5.5.0/24 vrf default GigabitEthernet0/1/1/2 10.5.5.2
vrf InsideOfficeNAT
address-family ipv4 unicast
0.0.0.0/0 ServiceApp3
10.3.15.0/24 vrf default GigabitEthernet0/1/1/1 10.3.15.2
service cgn cgn
service-location preferred-active 0/0/CPU0
service-type nat44 nat
inside-vrf InsideUserNAT
map outsideServiceApp ServiceApp2 address-pool 100.62.16.0/24
protocol tcp
mss 1400
portlimit 65535
o2i-vrf-override default
inside-vrf InsideWifiNAT
map outsideServiceApp ServiceApp6 address-pool 100.62.17.0/24
protocol tcp
mss 1400
portlimit 65535
o2i-vrf-override default
inside-vrf InsideOfficeNAT
map outsideServiceApp ServiceApp4 address-pool 100.62.18.0/24
protocol tcp
mss 1400
portlimit 65535
o2i-vrf-override default
end
Similar Messages
-
Lync router configuration for MI424WR Router
Has anybody gotten the router port forwarding configuration to work for Microsoft Lync? I can hear everybody on Lync but nobody can hear me. I've followed the recommendations from Microsoft as much as I can figure on adding the port forwarding information but it's still not working.
-->NAT the current public IP to the internal IP of the 2 new CAS server (which also got the HT
role installed),
You should NAT 2 internal IPs of the (CAS servers) to 1 external IP. Add these CAS servers as the source
servers in the send connector.
-->Internally, I would need to update the CASArray DNS record (currently pointing to old CAS server) to
point to the WNLB virtual IP
This is correct
Configure send connector to use external DNS for dns lookup
Go to send connector properties and tick "use the external dns lookup settings on the transport
server" and add external DNS IPs in your transport server properties using this command.
Set-TransportServer Hub01 -ExternalDNSAdapterEnabled $false -ExternalDNSServers {192.168.1.1, 192.168.1.2}
You may face some unknown issues depends on how you maintain.
I had one issue long back in exchange2007 CCR with NLB. I
was clearing the DNS cache every1-2 days due to email delay.
Final I gave them a script to clear the DNS cache. -
Configuring bgp route preference
I have a situation where an outside vendor is hosting some Oracle servers for my company. I have routers at 2 of their data centers, one west coast and one east coast. The Oracle servers are hosted at their east coast data center. The connections from my routers at their DC's connect back into my company's MPLS cloud with ATT. I am trying to set it up so that my east coast router is the preferred connection into the hosting service. All my offices and data centers on the east coast prefer this connection, but my west coast dc and offices prefer the west coast connection. How to I configure my bgp settings on the west coast router to make that route appear to be less desirable.
I was told that I should be able to change the as-hops from my west coast router that would make that route less desirable to all devices on my clould, but wouldn't stop it from becoming the primary path if there was a failure at the east coast dc.
East Coast router bgp configs
router bgp 65466
bgp log-neighbor-changes
network 10.23.123.64 mask 255.255.255.192
network 10.120.23.23 mask 255.255.255.255 (oracle server at host facility)
network 10.226.200.34 mask 255.255.255.255
neighbor 10.200.102.50 remote-as 13979
West coast router bgp configs
router bgp 64565
bgp log-neighbor-changes
network 10.23.123.64 mask 255.255.255.192
network 10.120.23.23 mask 255.255.255.255 (oracle server at host facility)
network 10.226.200.33 mask 255.255.255.255
neighbor 10.200.102.46 remote-as 13979
Thanks in advance for your assistance,
PaulHello
yes as-pending would be a viable option on the West cost router to make the advertisement of it's route less preferred.
Example:
aceess-list 10 permit 10.12.23.23
route-map prepending permit 10
match IP address 10
set as-path prepend 64565 64565 64565
route-map prepending permit 99
Router bgp 64565
neighbour 10.200.102.46 route-map prepending out
clear IP bgp * 10.200.102.46 soft out
res
paul -
Optimal configuration for Cisco E3000 Router
Hi All,
Following are the details of my current home network setup, I would like to hear more recommendations and drawbacks of this setup.
ISP has provided with a Cisco DPC3825 DOCSIS 3.0 Gateway which has 4 Ethernet ports and a wireless networking but only 2.4 GHz.. This router is connected to the cable CPE box to internet. I have enabled the Firewall features of this router and disabled the Wireless network. This has also the DHCP server running.
The Second router is a Cisco E3000 which supports 2.4 GHz / GHz wireless networking. Connection to gateway is made via the 1st Ethernet port of gateway and then to the Internet port of E3000 router. I have connected my wireless devices to E3000 with GHz wifi lan. This router also has the firewall activated and DHCP server running as well.
Both routers have WEP2 Personal / AES security configured. Currently these two devices are on two different IP ranges ..etc gateway is 192.168.0.1 and e3000 is 192.168.1.1.
The E3000 is primarily configured for my online video for TV (Panasonic Vireacast). Please let me know if this is the best configuration or any other possible options.
Thanks,
RGThis configuration is called LAN to WAN configuration and this is the best configuration considering that you want to behave both the router as a router.
Because the other confiuration would be LAN to LAN then you can only use 1 router as a router and 2nd router as a switch.
http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=529c188bc0ee4f7da79ffc22f2be33ec_4579.xml&pid=80&r...
The first configuration in the article is is LAN to LAN, scroll down the window for LAN to WAN configuration. -
Cisco works LMS 3.0.1 does not archiever configuration for cisco 7201 router
Hi All,
We have Cisco works LMS 3.0.1 and it does not archiever configuration for cisco 7201 router.
Any help would be appriciated.
Thanks in advance
SamirHi,
*** Device Details for d0151-100 ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> TFTP,SSH,HTTPS
Execution Result:
Unable to get results of job execution for device. Retry the job after increasing the job result wait time using the option:Resource Manager Essentials -> Admin -> Config Mgmt -> Archive Mgmt ->Fetch Settings
This is the error while doing syn archieve.
I am not sure about Rtr7000 version but we have latest Rtr7000.
Waiting for your kind reply.
Samir -
Need Help for configuring Floating static route in My ASA.
Hi All,
I need your support for doing a floating static route in My ASA.
I have tried this last time but i was not able to make it. But this time i have to Finish it.
Please find our network Diagram and configuration of ASA
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.3.77 255.255.255.255 inside
http 10.10.8.157 255.255.255.255 inside
http 10.10.3.59 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set cpa esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map vpn_cpa 1 match address acl_cpavpn
crypto map vpn_cpa 1 set peer a.a.a.a
crypto map vpn_cpa 1 set transform-set abc
crypto map vpn_cpa 1 set security-association lifetime seconds 3600
crypto map vpn_cpa interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 10.10.3.77 255.255.255.255 inside
telnet 10.10.8.157 255.255.255.255 inside
telnet 10.10.3.61 255.255.255.255 inside
telnet timeout 500
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.10.3.14
webvpn
tunnel-group .a.a.a.a ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 10.10.5.11
prompt hostname context
Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
: end
i think half of the configuration stil there in the ASA.
Diagram.
Thanks
RoopeshYou have missed the last command in your configuration, Please check it again
route ISP1 0.0.0.0 0.0.0.0 6.6.6.6 track 1
route ISP2 0.0.0.0 0.0.0.0 3.3.3.3
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
You can do NAT in same way, here the logical name of the interface will be different.
Share the result
Please rate any helpful posts. -
891W: Configuring NTP for both router and embedded AP?
Hi all. I've configured the main router as an NTP client to an external pool of NTP servers and have also entered ntp update-calendar so the hardware clock also syncs to NTP basically, but am wondering do I also need to do any NTP commands on the embedded AP too or does the AP take time from the main router? If so, what source? (clock, calendar, or other?).
Also I'm a bit new to NTP config (just figured it out an hour ago) in the IOS. I'm wondering, after configuring it, the time is right and reflects my time zone. How does it know? Does the NTP server out on the Internet reognize my location by IP or something and sends me UTC offset data? Otherwise I don't see how my router could know which time zone it is in since I've never set that.
Thanks!
Update: Definitely the AP does not get time from the main router, as my AP's time is somewhere in 1993. It seems the only IOS options (version 15.2) to set for time are #clock set hh:mm:ss . Then in conf t there is a couple of settings for daylight savings and time zone. But this won't prevent clock drift so I guess I'll just need to set the AP to also talk to NTP servers out on the Internet, seperately from the main router. I'm trying to think of the IOS firewall implications.....I thinmk I have ip address unnumbered vlan1 set for the AP wlan-ap0 interface, so I suppose any zone firewall settings that apply to the router zone self would also work for the AP. Ugh, well I guess I'll just give it a whirl.Hi all. I've configured the main router as an NTP client to an external pool of NTP servers and have also entered ntp update-calendar so the hardware clock also syncs to NTP basically, but am wondering do I also need to do any NTP commands on the embedded AP too or does the AP take time from the main router? If so, what source? (clock, calendar, or other?).
Also I'm a bit new to NTP config (just figured it out an hour ago) in the IOS. I'm wondering, after configuring it, the time is right and reflects my time zone. How does it know? Does the NTP server out on the Internet reognize my location by IP or something and sends me UTC offset data? Otherwise I don't see how my router could know which time zone it is in since I've never set that.
Thanks!
Update: Definitely the AP does not get time from the main router, as my AP's time is somewhere in 1993. It seems the only IOS options (version 15.2) to set for time are #clock set hh:mm:ss . Then in conf t there is a couple of settings for daylight savings and time zone. But this won't prevent clock drift so I guess I'll just need to set the AP to also talk to NTP servers out on the Internet, seperately from the main router. I'm trying to think of the IOS firewall implications.....I thinmk I have ip address unnumbered vlan1 set for the AP wlan-ap0 interface, so I suppose any zone firewall settings that apply to the router zone self would also work for the AP. Ugh, well I guess I'll just give it a whirl. -
Configure Huawei hg655b router for bonjour
This may be of use at least to Romanian AppleTV owners that have Romtelecom their Internet provider. After some struggle I've been able to properly configure Huawei hg655b router so that my AppleTV 3 is seen by iPad and macbook, both wired and wireless.
Here are the settings I tinkered with (after logging in into admin
- Basic -> Lan -> uncheck permanent lease
- Basic -> WLAN -> Select the SSID we use and: check WMM, uncheck AP isolation
- Advanced -> Firewall -> Select low (though I believe medium works fine, too)
- Advanced-> IGMP Snooping -> disable IGMP snooping
- (I'm not sure this is needed) Advanced -> UPnP -> enable UPnP
This way I've been able to finally see the airplay icon (and use it) in iTunes, mountain lion mirroring and iPad tray.
HTH.It worked for me as well, thank you very much! I am using Huawei HG658 as main router and gateway? The only thing I had to do with respect to your post was uncheck IGMP snooping.
Again, thanks! -
Best configuration for a LinkSys Router
I've had the best wifi signal using a new LinkSys E3000 router, but it's varied depending on the band/channel. Can anyone else with a LinkSys router recommend settings that work best with an iPad?
Here's mine:
LinkSys E3000
5GHz
N-only
20MHz channels
Static IP, using DHCP reservation
36-48 channels
SSID broadcast enabledLet me know the distance between wrt54gs router and the access point...
If the distance is 60 to 70 feet you may try this...Though AP Client will only work with another WAP54G you may still try this...This set up will not work if you try to communicate the WRT54GX2 router with WAP54G, so you need to configure the WRT54GS router with WAP54G...
1) Connect the WRT54GS router to the modem and configure the WRT54GS router for internet access...Once you are done configure your Access Point in Access Point Client Mode...For this you need to log in to your wrt54gs router and go to status tab, click on Wireless subtab under Status...Note down the MAC Address...
2) Now access the set-up page of your Access Point, click on AP Mode and select AP Client and in the Remote Access Point's LAN MAC Address field type the Wireless MAC Address you took note in Step1 and click Save Settings...
3) Match the Wireless Settings and IP Address settings on both the devices(WRT54GS and WAP54G)...
4) Connect the WAP54G on the LAN/ETHERNET Port of the WRT54GX2 router and disable it's DHCP...Change the Wireless Settings on the WRT54GX2 router and connect your wireless clients to the router...See if this works... -
Ipx configuration for router 2800
please help me to have ipx configuration for router 2800 work with novel ver4 server.
please help me to have ipx configuration for router 2800 work with novel ver 4 server.
-
6602: Want to route a dedicated DIO (0-7) Line configured for output to a RTSI line
PXI-6602: I want to use a dedicated DIO (0-7) line configured for output to trigger all 8 counters on the 6602 card. The counters are configured for two-signal-edge-separation measurement. I Have tried to use Route-Signal.vi to route PFIn (0-7) to RTSI bus with no luck.
You should be able to trigger counters on the 6602 using the Digital Lines DIO (0-7).
Use the Set Attribute VI and set the attribute value type to Enabled and attribute ID to Start Trigger.
Wire the output of Set Attribute Task ID to the Task ID input of the Route Signal VI. Select the start trigger for the Signal Name input, PFI n for Signal Source input and PFI line Number for Signal Source Line Number input. Try this and see if this works.
Regards,
Bharat Sandhu
Applications Engineering
National Instruments."
Penny -
I am trying to configure BFD for static routing on a 2431 running IOS 15.1(2)T to detect and route around simple multihoming faults. According to Cisco Feature Navigator, BFD for static routes is supported on c2430-ik9o3s-mz.151-2.T.bin. But when I follow the config guide steps to configure it, IOS does not recognize the commands, such as:
ERC3-IAD2431-3(config)#int fa0/0
ERC3-IAD2431-3(config-if)#bfd ?
% Unrecognized command
ERC3-IAD2431-3(config-if)#
and:
ERC3-IAD2431-3(config)#ip route static bfd fa0/0 172.19.113.241
% BFD is not supported on FastEthernet0/0
ERC3-IAD2431-3(config)#
Am I missing some prerequisite, or restriction?Vignesh,
As requested:
ERC3-IAD2431-3#show version
Cisco IOS Software, 2400 Software (C2430-IK9O3S-M), Version 15.1(2)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 16:23 by prod_rel_team
ROM: System Bootstrap, Version 12.3(7r)T2, RELEASE SOFTWARE (fc1)
ERC3-IAD2431-3 uptime is 1 week, 20 hours, 31 minutes
System returned to ROM by reload at 15:45:52 EDT Mon Oct 27 2014
System restarted at 15:47:56 EDT Mon Oct 27 2014
System image file is "flash:c2430-ik9o3s-mz.151-2.T.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco IAD2431 (R527x) processor (revision 4.1) with 250880K/11264K bytes of memory.
Processor board ID FHK1444F1GM
R527x CPU at 225MHz, Implementation 40, Rev 3.1
2 FastEthernet interfaces
48 Serial interfaces
2 Channelized T1/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
63K bytes of non-volatile configuration memory.
System fpga version is 250027
System readonly fpga version is 250027
Option for system fpga is 'system'.
126976K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102
ERC3-IAD2431-3#show int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 5475.d026.3019 (bia 5475.d026.3019)
Description: Uplink to TWC/Avaya VoIP Network
Internet address is 24.30.210.144/27
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
40541 packets input, 6155984 bytes
Received 20517 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
149623 packets output, 22178324 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
17 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
ERC3-IAD2431-3#show int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 5475.d026.301a (bia 5475.d026.301a)
Internet address is 172.19.113.242/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:44, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
14829 packets input, 3324508 bytes
Received 7916 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
78596 packets output, 7819210 bytes, 0 underruns
0 output errors, 0 collisions, 13 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
ERC3-IAD2431-3#
Thanks,
Alfy -
SNMP for monitoring BGP routes
Is there any way by which we can find the number of routes and number of received routes using snmpget.
OID - 1.3.6.1.4.1.9.9.187.1.2.4.1.1 gives us information about the routes accepted after appling filters. But is there and OID for received-routes for a neighbour.SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.1.192.168.1.2.1.1 = Counter32: 151
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.2.192.168.1.2.1.1 = Gauge32: 2521
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.3.192.168.1.2.1.1 = Gauge32: 0
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.4.192.168.1.2.1.1 = Gauge32: 0
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.5.192.168.1.2.1.1 = Gauge32: 0
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.6.192.168.1.2.1.1 = Gauge32: 2213402
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.7.192.168.1.2.1.1 = Gauge32: 108514
SNMPv2-SMI::enterprises.9.9.187.1.2.4.1.8.192.168.1.2.1.1 = Gauge32: 986169
sh ip bgp neighbors 192.168.1.2
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 55785 151 (Consumes 8424 bytes)
Prefixes Total: 2213421 1822
Implicit Withdraw: 1220931 1649
Explicit Withdraw: 986180 22
Used as bestpath: n/a 34
Used as multipath: n/a 34
Saved (soft-reconfig): n/a 84 (Consumes 4368 bytes) -
Cisco tool for building router/switch configurations
Is there a tool on Cisco website that lets you build your own configurations of Cisco routers etc prior to you purchasing them? i.e. Giving you a complete list of part IDs ?
Hi
Your question is not clear , if you asked about a tool which can help you to do a configuration for your purchase order for routers , switches , any solution for Cisco . You can configure your chassis , cards , SFPs, Power , and so on. Please use the below link:-
https://cisco-apps.cisco.com/cisco/psn/commerce
Thank you
please rate all useful infomration -
EIGRP vs BGP route path selection scenario
I am looking for a routing solution to the following scenario. It is a fairly simple design.
I have two WAN connections between sites A and B. One is a 20 Meg Metro Ethernet Circuit running EIGRP. The other is a 10 Meg MPLS running BGP. What do I need to do in my configuration to make sure that the 20 Meg connection is the chosen path based off the fact that it has better speed and bandwidth? It appears to me that the MPLS is the preferred path even though it is slower.
See attached Diagram:
Site A Config
interface GigabitEthernet1/0/12
description PADC COX P2P 20 Meg
no switchport
bandwidth 20480
ip address 172.20.1.1 255.255.255.252
interface GigabitEthernet2/0/2
description LEVEL 3 MPLS
no switchport
bandwidth 10240
ip address 172.22.0.2 255.255.255.252
router eigrp 1
network 10.0.1.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.76.8 0.0.0.3
redistribute bgp 65003 metric 100 1 255 1 1500 route-map MPLS_NETWORKS
redistribute static route-map DEFAULT_ROUTE
router bgp 65003
bgp log-neighbor-changes
redistribute static
redistribute eigrp 1
neighbor 172.22.0.1 remote-as 1
default-information originate
Site B Config
interface GigabitEthernet0/1
description COX Communications 10 Meg to Venyu
bandwidth 20480
ip address 172.20.1.2 255.255.255.252
duplex auto
speed auto
service-policy output VOIP
interface GigabitEthernet0/2
description Level 3 MPLS
bandwidth 10240
ip address 172.22.1.2 255.255.255.252
duplex full
speed 100
router eigrp 1
network 10.3.1.0 0.0.0.31
network 10.52.1.0 0.0.0.255
network 10.76.6.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.63.64 0.0.0.63
network 192.168.76.249 0.0.0.0
passive-interface default
no passive-interface GigabitEthernet0/0
no passive-interface GigabitEthernet0/1
router bgp 65003
bgp log-neighbor-changes
network 10.3.1.0 mask 255.255.255.224
network 10.52.1.0 mask 255.255.255.0
network 10.76.6.0 mask 255.255.255.0
network 192.168.76.249 mask 255.255.255.255
neighbor 172.22.1.1 remote-as 1If each router is receiving advertisements for the same networks/subnet masks from both BGP and EIGRP it will always choose the BGP routes because they have a lower AD ie. 20 vs EIGRP 90.
Doesn't matter what the bandwidth is.
If you want to prefer the 20Mbps links then there are a number of options -
1) if you can summarise each sites subnets then advertise the summary via BGP and the more specific via EIGRP. More specific will be chosen even before AD is taken into account.
2) change the AD of either BGP or EIGRP so EIGRP ends up with the lower AD
3) run BGP on both links although you would still need to manipulate the attributes to make sure the link you want is used.
Jon
Maybe you are looking for
-
One Apple ID, Multiple devices
Getting married soon and joining two Apple households. We will have an iMac, iPad, MacBook and two iPhones. Is it possible to have one apple Id for all of these computers/devices? Thanks in advance.
-
Why does the Apple logo appears and disappears when I'm the iphone 4?
When I'm using iphone 4 the Apple logo appears and disappears and appears lock screen. What to do? It' s a bug or a hardware problem?
-
i just got a sandisk PC card adapter to read/write to a compact flash card. can i leave the adapter in the PC slot (w/o a card) when i'm not using it? i won't lose it that way. thanks , barbara power book G5 Mac OS X (10.4.3)
-
Web Proxy Server 3.6 with Administration Server using SSL connection
In your manual: Administrator�s Guide Sun� ONE Web Proxy Server Version 3.6 SP3 for UNIX you wrote: You should also make the administrative connection a mandatory SSL connection Instead of using http://servername:port_number I need to use: https://se
-
Hi, I want to install Oracle service bus on top of Weblogic server. I have already installed Oracle WebLogic Server + Coherence - Package Installer 10.3.4, Repository Creation Utility 11.1.1.4.0 and SOA Suite 11.1.1.4.0. Since the WLS installation di