Cisco 1700 with MP-BGP and VRF support

Similar Messages

• Order Miix 2 10 With sim card and 3G support

  Hi,
  I want order and buy Miix 2 10 With sim card and 3G support, please help me how i can order this tablet with these features?
  i'm not in us/canada.
  thanks in advance.
  Moderator comment: Please refrain from bumping your thread(s) / post(s) more frequently than 3 days. Doing so, unfairly, pushes other members' threads downwards. Bumping post(s) removed.

  As long as it's not a Verizon iPad, sure.

• Cisco ISE with EAP-FAST and PAC provisioning

  Hi,
  I have search with no result on this topic. So, Does anyone have implemented Cisco ISE authentication with EAP-FAST and PAC provisioning ?
  Since I have an issue with internal proxy, user required to authenticate with an internal proxy before granting access to the internet.
  If you have any documents, it would be appreciated for me.
  Thanks,
  Pongsatorn

  From what I understand a Internet proxy PAC and a eap-fast PAC are two different purposes.
  Is that what you are trying to get clarification on.
  Basically eap fast PAC provisioning is a PAC that s provisioned when a client authenticates successfully. The client provides this PAC for network authentication and not proxy authentication.
  Sent from Cisco Technical Support iPad App

• My Iphone4 Home button sometimes work nicely and sometimes it stop working. India Apple care says they cant give me even paid support because i bought phone from Australia. i don't know what to do. i m disappointed with the product and service support

  My Iphone4 Home button sometimes work nicely and sometimes it stop working. India Apple care says they cant give me even paid support because i bought phone from Australia. i don't know what to do. i m disappointed with the product and service support

  When you buy an iPhone in the U.S. it's locked to that country with the carrier you bought it for.
  If you bought the device unlocked in the U.S. it's unlocked, you can use it on any carrier. Even one's outside the country.
  If you want to do a repair on a device you bought in the U.S. and your using it in another country, you must send it back to the U.S. Why? That's where you bought it from.
  AppleCare Protection Plans and AppleCare Limited Warranties are registered to your hardware.
  Your hardware is your iPhone.
  Wherever hardware that was bought then that's the country it was designed to be used in and that's where it was manufactured.
  Apple is very localized - if you call U.S. tech support, you'll speak to somone in your country.
  So, what does all this mean?
  In order to do a repair, you need to send it back to the country you got it from.
  And we're all customers like you. We understand that you're upset, but Apple isn't gonna bend the rules to one individual.
  Policy is policy. Get over it.

• Cisco ISE with both internal and External RADIUS Server

  Hi
  I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
  I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
  So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
  I will like to know if it is possible to configure it and how I can do it ?
  Thanks in advance for your help
  Regards
  Blaise

  Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
  Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
  The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

• Troubleshooting with IOS BGP and IOS XR BGP - routing table Empty

  Hi
  actually we tried to make a neigborhood between ASR9000 and Cisco 7600, we have the neigborhood active but on routing tables from ASR only have the networks locals or connected doesn´t learn anything from BGP 7600
  the diagram is this:
  When try to know the routes on ASR9000 from Cisco 7609 happen the follow
  the neighbor is UP from Cisco 7600 and ASR 9000 but the routing table is empty.
  the config on cisco 7600 is:
  router bgp 2006
  neighbor 172.16.14.6 remote-as 64512
  address-family ipv4
  neighbor 172.16.14.6 activate
  the config on cisco ASR9000 is:
  router bgp 64512
  bgp router-id 172.16.161.1
  address-family ipv4 unicast
  neighbor 172.16.14.5
    remote-as 2006
    address-family ipv4 unicast
  Help us
  Best Regards

  Another important one is the fact that in XR you need to have RPL policies (even if they only have a "pass-all" functionality) to accept inbound/outbound routes in eBGP.
  Check the article on the asr9000 unequal cost multipath that has some sample BGP outputs and show command verifications that may help also.
  If not the case, get us the XR config from the A9K side.
  Also what does the bgp table on teh IOS side look like? as Richard suggests, there doesnt seem to be anything injected by the 7600 itself.
  regards
  xander
  Xander Thuijs
  Principal Engineer CCIE#6775, ASR9000

• Design Help with MPLS/BGP and Point to Point VPNs using OSPF as backup

  I need some advice on the configuration I want to implement. Basically we have a MPLS cloud using BGP. We are using OSPF for internal routing. Everything is working fine. Now we want to add a Point to Point VPN using new Cisco ASA's for a backup path at all of our remote locations. We want it to be on standby. I want to use OSPF for this. Miami and LA are datacenters. I want the VPN's to go into both datacenters if possible running OSPF for backups. I have a feeling this will be very tricky. I also wanted to use floating routes. Now I know I get the VPN's up and running using OSPF with no problem. Here are my questions:
  But being that I am using different areas, will OSPF through the VPN work correctly? I have the Cisco PDF on setting this up but it looks like they are using the same, AREA0, in the example.
  Can I get both VPN's to work with no problems? Or will it be too much of a pain?
  What would you guys suggest?
  Thanks.

  We are implementing the same solution, and was only able to make this work using HSRP one router for the MPLS connection and one for the VPN tunnel. I opened a TAC case and the tech couldn't get it to work either. I was able to establish the Lan-2-lan tunnel but triggering the route update was the problem. We ended up pulling our ASA5505's out and putting in 1841 routers.

• Problems with Adobe account and Adobe support!

  We bought in December 2012 "Creative Cloud for teams" (10 licenses).
  I have since started our problems with support Adobe that continue today: (
  1. We do not receive invoices by e-mail - every month we have to ask several times adobe support on the current invoice and then wait for it a few weeks!
  2. We receive e-mail confirmation with errors - confirmation of transactions on a credit card that we receive by e-mail are wrong - no part of the information.
  3. No confirmation on Adobe account - on account do not have Adobe confirmation of financial operations for the month.
  4. No information about the subscription on Adobe account - There is no information about subscriptions purchased
  We contact every few days with Adobe and get the standard answer "please wait 2-3 business days..." ..... and nothing.
  Adobe...  why you're doing jokes about the business customer?

  Ehhh...
  Every company in Poland who buys a service or product Adobe need VAT invoice (
  required document).
  I have in my Adobe account information only payments for the month of December.
  For this month I print the invoice (screenshot below).
  But unfortunately there is no information on payments for the next month - a technical error Adobe account!
  My friend also has a company and subscription and have all the information in Adobe account (screenshot below).

• Acceleration API in Parallels with SLS guest (and Rosetta support)

  Hi,
  after reading a lot about Rosetta's support to get it to work on my brand new MacBook Pro, I bought Parallels 8 in a Bundle and a copy of Snow Leopard Server from Apple to install on it and finally get Rosetta working. Great !
  But...
  A lot of my PPC apps won't work. Paralles support explains : "There's no hardware acceleration for OS X guests. Apple doesn't open their API so Parallels can write the drivers.". OK, sorry not to have known that before ! I understand Apple wants to protect their soft.
  I also read that Apple sells different versions of Parallels.Maybe so there is a version that does support acceleration API?
  Thanks for your help

  Apple doesn't focus on keeping old software and old hardware going and never really has, so the usual recommended course is to migrate off of the PPC software and to more recent and native applications. 
  As an option, keep an older Mac around and screen-share with it pending retirement of the PPC software.
  Whether the PPC software failures are due to bugs in the virtual machine (fairly unlikely, but possible) or due to latent timing or other bugs in the application code, or due to bugs in the Rosetta image translation itself, would require research into the apps and the failures.
  As for the question, I see no reason to doubt what the Parallels support folks have stated; that there's no documented API for the hardware accelleration — though whichever particular hardware support for accelleration isn't clear.   Hardware accelleration for VM guests is usually a reference to the Intel chips and the associated VM assists present in recent versions of those chips, but the references to drivers implies this might possibly be a reference to graphics drivers or otherwise.
  I'd expect Parallels would know about other versions of Parallels, so I'm not sure where that's headed.  I'd expect the same limitations would also effect VMware, if they're also following the documented APIs, but it might still be worth a try, to see of the translated PPC applications work there; if this is a Parallels bug, or something else.
  Using undocumented APIs means the applications can break at random OS X patches and upgrades, too, and that's something most large-volume vendors want to deal with, too.
  Coding applications directly to the drivers or bypassing the operating system entirely and going directly to the hardware is how Microsoft and their third-party providers got into their current mess with compatibility with Windows software for older versions of Windows, FWIW.  Various vendors bypassed the Windows software stacks, an approach which has led to legions of compatibility and security issues for Windows users over the years. 
  If anything, OS X is headed the other direction here entirely with sandboxing and gatekeeper and trying to keep applications to specific and documented APIs, too.
  FWIW...

• Sony phone with Quadband GSM and CDMA support

  Can someone please recommend me a Sony phone comparable to Nokia 2730?
  I'm looking for a Sony Ericsson phone with the following capability:
  Quad-band GSM 850/900/1800/1900
  WCDMA 900/2100 and GSM 850/900/1800/1900
  WCDMA 850/1900 and GSM 850/900/1800/1900
  Automatic switching between GSM bands
  It doesn't have to be a high-end 3G or smart phone. A simple one that could support those operating bands would be great. Sony Ericcson's website is not much help at these things, emphasizing too much on content capability but not the raw technical specifications.
  Appreciate your suggestions. Thanks!

  In fact the SE website does give precise information on GSM and UMTS frequencies under the Specifications section of each phone.

• Cisco 5 with Exchange 2010 and Database Availability Groups

  Hi,
  Unity 5 was installed a long time. Recently installed with the latest ES88 to the system. The fact is we have Exchange 2007 (clustered) mailbox server in the network environment, and introduced the Exchange 2010 (with DAG activated).
  So far we didn't do any "re-partnering" from the Exchange 2007 to Exchange 2010. The end users are working fine by leaving voice message and can retreive their voice without too much issue, no matter where the End Users account are located, Exchange 2007 or Exchange 2010.
  But lately, there was some actions taken in the Exchange environment. Some Exchange 2010 mailstore databases in one of the Exchange 2010 server, with DAG has been activated.
  In this case, we are now unable to leave any voice messages to the end usrs. All the voice messages are now being held in C:\CommServer\UnityMTA.
  Want to ask, does Unity 5 and Exchange 2010 compatible with DAG? Also, is that my problem is caused by re-partnering server not taken place? If yes, which Exchange 2010 mailbox database server I should point to? Reason is, there will have 3 physical servers, and with several DB mailstore, if I select one of the physical server, and one of the D mailstore, will this be affected when the DAG is activated?
  Thanks
  Timothy

  Hi Yancy,
  If you're referring to integrating Microsoft Exchange 2010 with Cisco Unified Communications Manager (CUCM) 5.x for voicemail purposes, via a SIP Trunk, then you could certainly have a go at it (a Media Termination Point would be required and the codec would be G.711).   However, I'm not aware of anyone having properly tested it with CUCM 5.x; given that it's not having software maintenance releases written for it anymore.   CUCM 5.0 stopped having software maintenance releases written for it in June 2009, and CUCM 5.1 in February this year.
  The following Tech Tip is likely to assist:
  https://supportforums.cisco.com/docs/DOC-12544
  Kind regards,
  Craig

• Cisco products with IEEE 802.1 AVB support

  Hi, can anyone give me some information on availability of Cisco products supporting the 802.1 AVB standards/drafts ?

  Allyson,
  Is 802.1v supported on Cisco L3 switches (3560, 3750, 3560-X, 3750-X and 3850)?
  Answer:  NO we dont support this feature.
  =====
  HTH

• Very very upset with Verizon service and tech support. Ready to cancell

  I have been on the phone and live chat for over 10 hours with several different tech people.  Each one says they have fixed the problem but to no avail.  I am really really upset about this and would like to talk to some who can FIX the problems.  I am ready to cancel Verizon all together.

  My email was hacked.  So I did live chat and they told me that I needed to change my password.  So I did.  When I went to sign on again it wouldn't let me.  So I did live chat again they tried for about an hour via access to my computer, could not figure it out.  Then I was told that Verizon is no longer going to associate with Yahoo that I need to just go thru Veizon.  This person did not know how to do that so I called and talked to a Rich {edited for privacy} he tried to fix this again via access to my computer to no avail.  He told me that he would have someone call me back the next night who could fix this.  No one called me the next night.  I called again I tried to get back with Rich but the person said I could not do that.  So I began again explaining my situation, this person said that I would need to update my router, but of course it was going to cost me an additional $10.00 a month.  So I ordered the new router.  I was then transferred to James {edited for privacy} he transfered everything from my Yahoo account and was going to set it up under Verizon.  He could not get the information transferred so he told me that someone would call me back the next night to help me.  No one called me back.  I received a phone message from Jack that he cancelled my Yahoo account but I couldn't understand what he was saying because he was cutting in and out.  Called again and told the person that I was having trouble again and that I been having the same problem for awhile and wanted to talk to a supervisor.  I was told that she would send me an "escalation email" and I would be able to get help right away.  When I tried to download this email it takes me to Photo Shop??!!!   Was then transferred to Dan.  He told me that my files, contacts from Yahoo were gone.  He tried via access to my computer and said there was no way to get my files back.  He told me that this should not have been done like this.  After about 3 hours on the phone with him he was able to get my files back but all my contacts were gone.  I now have Verizon email but is not working properly.  My phone is no longer connected to my computer all my notes are gone, etc.   I was told my router would give me faster internet speed 75/75.  My computer is slower now then it ever has been, just signes out in the middle of doing something.  I did live chat again to question my internet speed and was given a link to check my speed.  It came back as 47.48 dowload and 44.78 for uploading.  When I questioned why it was not 75/75 he said something must be wrong. 
  I have ask several times for a person to come out and fix my computer but am told it must be fixed on the phone by tech support.  I have tried several times and it is not working.  I have been a customer for over 15 years and I have never had such poor customer support.  I just want my computer back to the way it was before. 

• IKEv2 with NAT-T and VRF (FlexVPN)

  Hi,
  I'm struggling to get this to work and the IOS debug commands show nothing.
  Spoke1
  ======
  crypto ikev2 keyring LAN-to-LAN
  peer HUB
    identity address 93.174.221.254
    pre-shared-key local TEST
    pre-shared-key remote TSET
  crypto ikev2 profile IPSEC_IKEv2
  match identity remote address 93.174.221.254 255.255.255.255
  identity local fqdn spoke1.domain.com
  authentication remote pre-share
  authentication local pre-share
  keyring local LAN-to-LAN
  crypto ipsec transform-set ESP-TUNNEL esp-aes esp-sha-hmac
  mode tunnel
  crypto ipsec profile IPSEC
  set transform-set ESP-TUNNEL
  set ikev2-profile IPSEC_IKEv2
  interface Tunnel2
  description VTI2 | CUSTOMER2
  vrf forwarding CUSTOMER2
  ip unnumbered Loopback2
  tunnel source Dialer1
  tunnel mode ipsec ipv4
  tunnel destination 93.174.221.254
  tunnel path-mtu-discovery
  tunnel protection ipsec profile IPSEC
  interface Loopback2
  vrf forwarding CUSTOMER2
  ip address 10.47.255.1 255.255.255.255
  interface Dialer1
  ip address negociated
  HUB
  ====
  crypto ikev2 keyring LAN-to-LAN
  peer spoke1.domain.com
    identity fqdn spoke1.domain.com
    pre-shared-key local TSET
    pre-shared-key remote TEST
  crypto ikev2 profile IPSEC_IKEv2
  match identity remote fqdn spoke1.domain.com
  identity local address 93.174.221.254
  authentication remote pre-share
  authentication local pre-share
  keyring local LAN-to-LAN
  virtual-template 2
  crypto ipsec transform-set ESP-TUNNEL esp-aes esp-sha-hmac
  mode tunnel
  crypto ipsec profile IPSEC
  set transform-set ESP-TUNNEL
  set ikev2-profile IPSEC_IKEv2
  interface Virtual-Template2 type tunnel
  description VTI2 | CUSTOMER2
  vrf forwarding CUSTOMER2
  ip unnumbered Loopback2
  tunnel source Loopback254
  tunnel mode ipsec ipv4
  tunnel path-mtu-discovery
  tunnel protection ipsec profile IPSEC
  interface Loopback2
  vrf forwarding CUSTOMER2
  ip address 10.47.255.252 255.255.255.255
  interface Loopback254
  ip address 93.174.221.254 255.255.255.255
  The spoke can ping anything on the internet including the hub public facing address 93.174.221.254 but the tunnel does not come up. Each end is running RIPv2 under the "CUSTOMER2" context with "network 10.0.0.0" and no auto-summary. Static routes don't seem to kick it into life either. Any help would be much appreciated, thanks.

  thanks for the response.
  For some unexplainable reason when I switch on the following debugs:
  Spoke1#debug crypto ikev2 client flexvpn
  FlexVPN debugging is on
  Spoke1#debug crypto ikev2 error
  IKEv2 error debugging is on
  Spoke1#debug crypto ikev2 packet
  IKEv2 packet debugging is on
  Nothing seems to show on the console
  Spoke1#ping 8.8.8.8
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 580/645/700 ms
  Spoke1#ping 93.174.221.254
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 93.174.221.254, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 580/645/700 ms
  *The high latency is because Dialer1 is currently on GPRS because 3G coverage where i'm testing is poor.
  I have this in the Spoke1 config:
       ip route vrf CUSTOMER2 10.47.0.0 255.255.0.0 Tunnel2
  So I'd have thought pinging something like 10.47.255.252 would bring Tunnel2 up or show some debug messsages. Unfortunately all I get is this:
  Spoke1#ping vrf CUSTOMER2 10.47.255.252
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.47.255.252, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  Spoke1#sh ip route vrf CUSTOMER2:
        10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
  C        10.47.1.0/24 is directly connected, Vlan2
  L        10.47.1.1/32 is directly connected, Vlan2
  C        10.47.255.1/32 is directly connected, Loopback2
  How do I enable crypto logging session ?
  And i'll try an MTU of 1452 just encase path-discovery isn't working?
  My understanding is that a virtual-access interface should appear for each spoke that connects, but that doesn't seem to be happening.

• Configure a Cisco router with telnet Username and Password.

  Hello Guys,
  Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.
  Regards,
  Eben.

  From this forum description:
  Note: If your questions pertain to specific Cisco technology or solution, please post them in the proper community by leveraging the Community Directory so that folks who have expertise within those areas can engage and collaborate to it.
  You should consider to delete your question here and recreate in in more appropriate forum. You can wish for quick response then ...
  Edit: Thread has been moved by moderator, the notice no longer apply.