Config 1 interface
Hello Guru's,
In design I have 1 source interface, this source interface is mapped to to 2 different target interfaces for one business service. How do I configure that in config?
Best regards,
Guido
Hi
Looking at your scenario, you should go for enhanced interface determination.
In an enhanced interface determination you do not enter the inbound interfaces manually, but instead first select a multi-mapping. You get the inbound interfaces from the target interfaces of the multi-mapping. The inbound interfaces are determined at runtime during the mapping step.
You typically use an enhanced interface determination if the source message has an element with occurrence 0 ... unbounded (for multiple items of a data record) and you want multiple messages (for the individual items) to be generated at runtime.
http://help.sap.com/saphelp_nw04/helpdata/en/42/ed364cf8593eebe10000000a1553f7/frameset.htm
Please Check
/people/jin.shin/blog/2006/02/07/multi-mapping-without-bpm--yes-it146s-possible
/people/venkataramanan.parameswaran/blog/2006/03/17/illustration-of-enhanced-receiver-determination--sp16
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/a5f2066340332de10000000a11466f/frameset.htm
/people/shabarish.vijayakumar/blog/2006/06/07/customise-your-xpath-expressions-in-receiver-determination
http://help.sap.com/saphelp_nw04/helpdata/en/42/ed364cf8593eebe10000000a1553f7/frameset.htm
Hope this clears your doubts
Thanks
Saiyog
Similar Messages
-
Explain Build.XML and config-interface.xml
Can anyone explain the Functionality of Build.XMl and config-interface.XML in the J2ee Environment and what should be the directory structure if i create a new(not from sun examples) Servlet or any EJB component .
Build file is run by Ant tool.
Refer following link for more info:
http://ant.apache.org/ -
WRT54G firmware failure leaving no access to router config
I have a WRT54G router. Running Vista SP2 64-bit on a laptop wired to router. When I first tried to upgrade the firmware I was connected wirelessly. (I know, please just think it but don't type it) During the upgrade the internet connection disconnected and the upgrade failed. I am connecting right now wirelessly using someones unsecure network. I attempted to upgrade the firmware to 8.00.7. Since then I am unable to access the router config using IP 192.168.1.1. I have read as many posts as I can handle. I have checked and that is the IP showing in Vista, (Network & Sharing, view status, properties) however I cannot ping that IP. It times out every time. I have done all the resets (10 seconds and up to 1 minute) on the router and power cycle etc. Nothing. I downloaded the firmware utility and I get an error message everytime that it is unable to get responses from the server. I have tried my password, which I think is gone due to all the resets, and am using admin as the password. I have disabled my firewall. I do have Network Magic and when I checked control internet access it says I am able to do so. Is there a way to disable Network Magic? Can that be the issue? When all this started I had my own internet connetion. I'm in the process of moving so I have disconnected my internet service. Since I'm only trying to connect to the router locally, do I really need to have a live internet connection? Please, HELP! I don't want to buy a new router. This one has been very reliable. If I do have to buy something new, can you recommend something just as reliable.
There have been 2 or 3 times where it looked as though I was going to be able to connect to config interface and the firsrt basic screen loads with minimal data and no clickable links to allow me to change screens. The "&" from one of the links that is supposed to appear but does not, is the only thing that appears in that area and if I click it, I either get a error from IE that it cannot connect, or, it takes me to the Ports screen with minimal data and I cannot progress from there. In the top right corner of the screen, it does show the firmware version is 8.00.7. ?????
P.S. Obviously, I'm not very computer savvy so excuse me if I'm missing the obvious.
Message Edited by Steviegt on 09-29-2009 08:38 AM
Message Edited by Steviegt on 09-29-2009 08:43 AM
Windows Vista Home Premium SP2 64-bit
Internet Explorer v8
Office 2007 SP2 Home and Student
Outlook 2007 Standalone
ESET Smart Security
WRT54G v8.00.6
Solved!
Go to Solution.Its Great that your issue has been resolved now...
-
Need help with QoS config/setup for my home network.
I have a home network that spans two buildings, has and FTP download server, VoIP phones,and several computers among other IP devices. I run a home based business where my clients get access to the company FTP download server (NOT illegal file sharing). the problem is that when they are downloading files my VoIP takes a big hit and gets choppy when speaking to my customers. Below is the layout of the network.
Our Internet access is Verizon 4G, there are no other options available at this time or we would switch. The Verizon 4G MiFi connects to a TP-Link wifi router that then connects to port fa0/5 on the Office 3550PoE switch. There is a trunk between the Office switch to the House 3550PoE switch. The House switch then connects to the Shop 3524XL switch also using a trunk. Please note that EVERYTHING works fine other than the VoIP issue, VoIP makes and receives calls without connections issues.
Auto QoS has been run on the Office switch ports fa0/1 and fa0/2 as well as on the House switch ports fa0/3 and fa0/5. There is NO auto QoS on the 3524XL
What is the best way to give VoIP traffic top priority over FTP and web browsing when going out port fa0/5 on the Office Switch? Over the internal network we are not having any call quality issues between the IP phones, just calls to our SIP provider. Yes, I understand that once calls exit the Office switch to the TP-Link wifi router there will not be any QoS. But, if I can give priority to the packets at the layer 3 Office switch (or wherever you suggest) then at least I will not have to kill a users FTP download while I am on the phone.
Thank YouI can make ANY changes necessary, just need to know what to do.
First, did you notice the output of the command sh mls qos fa0/5 above? Is it working correctly?
Next, Yes I do have version W17 and can install if if needed. The lost of possible commands I listed above was from the conf t - config interface fa0/x level. There is class and policy mapping commands the the config global level along with all these other commands:
aaa Authentication, Authorization and Accounting.
access-list Add an access list entry
alias Create command alias
arp Set a static ARP entry
banner Define a login banner
boot Boot Commands
buffers Adjust system buffer pool parameters
cdp Global CDP configuration subcommands
cgmp Global CGMP configuration commands
class-map Configure QoS Class Map
clock Configure time-of-day clock
cluster Cluster configuration commands
default Set a command to its defaults
default-value Default character-bits values
downward-compatible-config Generate a configuration compatible with older software
enable Modify enable password parameters
end Exit from configure mode
errdisable Error disable
exception Exception handling
exit Exit from configure mode
file Adjust file system parameters
help Description of the interactive help system
hostname Set system's network name
interface Select an interface to configure
ip Global IP configuration subcommands
line Configure a terminal line
logging Modify message logging facilities
mac-address-table Configure the MAC address table
map-class Configure static map class
map-list Configure static map list
mvr Enable/Disable MVR on the switch
no Negate a command or set its defaults
ntp Configure NTP
policy-map Configure QoS Policy Map
power power configuration
priority-list Build a priority list
privilege Command privilege parameters
queue-list Build a custom queue list
rmon Remote Monitoring
scheduler Scheduler parameters
service Modify use of network based services
shutdown Shutdown system elements
snmp-server Modify SNMP parameters
spanning-tree Spanning Tree Subsystem
stackmaker Specify stack name and add its member
tacacs-server Modify TACACS query parameters
tftp-server Provide TFTP service for netload requests
time-range Define time range entries
udld Configure global UDLD setting
username Establish User Name Authentication
vmps VMPS settings
vtp Configure global VTP state -
storage-vdc(config-if)# show module
Mod Ports Module-Type Model Status
2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
sw1-gd78(config-if)# sh module
Mod Ports Module-Type Model Status
2 48 1/2/4/8 Gbps FC Module DS-X9248-96K9 ok
4 8 10 Gbps FCoE Module DS-X9708-K9 ok
7 0 Supervisor/Fabric-2a DS-X9530-SF2AK9 active *
8 0 Supervisor/Fabric-2a DS-X9530-SF2AK9 ha-standby
10 22 4x1GE IPS, 18x1/2/4Gbps FC Module DS-X9304-18K9 ok
Mod Sw Hw World-Wide-Name(s) (WWN)
2 5.2(2) 1.1 20:41:00:0d:ec:fb:8a:00 to 20:70:00:0d:ec:fb:8a:00
4 5.2(2) 0.107 --
7 5.2(2) 1.8 --
8 5.2(2) 1.8 --
10 5.2(2) 1.3 22:41:00:0d:ec:fb:8a:00 to 22:52:00:0d:ec:fb:8a:00
sw1-gd78(config-if)# sh run int ethernet4/6
!Command: show running-config interface Ethernet4/6
!Time: Mon Feb 20 22:56:12 2012
version 5.2(2)
interface Ethernet4/6
no shutdown
sw1-gd78(config-if)# no shut
sw1-gd78(config-if)# speed 1000
ERROR: Ethernet4/6: Configuration does not match the port capability.
sw1-gd72# sh int ethernet4/6 capabilities
Ethernet4/6
Model: DS-X9708-K9
Type (SFP capable): 10Gbase-SR
Speed: 1000,10000
Duplex: full
Trunk encap. type: 802.1Q
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off/on/desired),tx-(off/on/desired)
Rate mode: dedicated
QOS scheduling: rx-(2q4t),tx-(1p3q4t)
CoS rewrite: yes
ToS rewrite: yes
SPAN: yes
UDLD: yes
Link Debounce: yes
Link Debounce Time: yes
MDIX: no
Port Group Members: none
TDR capable: no
FabricPath capable: yes
Port mode: Switched
sw1-gd72# sh int ethernet4/6 transceiver details
Ethernet4/6
transceiver is present
type is 10Gbase-SR
name is CISCO-FINISAR
part number is FTLX8571D3BCL-CS
revision is C
serial number is FNS12090EMJ
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM2 fiber is 82 m
Link length supported for 50/125um OM3 fiber is 300 m
Link length supported for 62.5/125um fiber is 26 m
cisco id is --
cisco extended id number is 4
SFP Detail Diagnostics Information (internal calibration)
Alarms Warnings
High Low High Low
Temperature 36.21 C 75.00 C -5.00 C 70.00 C 0.00 C
Voltage 3.29 V 3.63 V 2.97 V 3.46 V 3.13 V
Current 8.11 mA 11.80 mA 4.00 mA 10.80 mA 5.00 mA
Tx Power -2.65 dBm 1.49 dBm -11.30 dBm -1.50 dBm -7.30 dBm
Rx Power -2.21 dBm 1.99 dBm -13.97 dBm -1.00 dBm -9.91 dBm
Transmit Fault Count = 0
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warningAnkit,
You are trying to set speed 1000 on a 10g sfp.
type is 10Gbase-SR
You will need to insert a 1gig sfp and then you will be able to set the speed.
Also, I noticed that you posted first with interface 2/6 and the output you gave me was for 4/6. Are you sure you're in the right interface? -
Router Dead , when i applied QOS on virtual-temp interface for vpn !!
hi all ,
i have a simple brief topology below :
PSTN======(R1-7206)>F1=======F2>(R2-7604 catalyst)>>>F1=========Internet
i have two router
R2========>MLS 7604
R1======>cisco 7204
on R2 , Im doing matching to QOS by dscp , im matching acls ips from internet with dscp values :
here is CONFIG for matching :
Gateway7600#sh policy-map LLQX
Policy Map LLQX
Class YOUTUBE
set ip dscp af43
Class FACEBOOKVIDEOS
set ip dscp af33
Class HTTP
set dscp af23
Class DNSQOS
set dscp af13
Class class-default
set ip dscp af11
================
Gateway7600#sh class-map
Class Map match-all FACEBOOKVIDEOS (id 7)
Match access-group name facebookvideos
Class Map match-all DNSQOS (id 8)
Match access-group name dnsqos
Class Map match-all HTTP (id 6)
Match access-group name browsing
Class Map match-any class-default (id 0)
Match any
Class Map match-all YOUTUBE (id 5)
Match access-group name youtube
Gateway7600#
=========================================================
on this router i applied this policy map on interfaxce F1 in direction
and here matching is well :
Gateway7600#sh policy-map interface gigabitEthernet 1/5 in
GigabitEthernet1/5
Service-policy input: LLQX
class-map: rate-limit (match-all)
Match: access-group name rate-limit
police :
4088000 bps 384000 limit 384000 extended limit
Earl in slot 1 :
139044930 bytes
30 second offered rate 143032 bps
aggregate-forwarded 134420937 bytes action: transmit
exceeded 4623993 bytes action: drop
aggregate-forward 22544 bps exceed 0 bps
class-map: YOUTUBE (match-all)
Match: access-group name youtube
set dscp 38:
Earl in slot 1 :
132693939697 bytes
30 second offered rate 212144928 bps
aggregate-forwarded 132693939697 bytes
class-map: FACEBOOKVIDEOS (match-all)
Match: access-group name facebookvideos
set dscp 30:
Earl in slot 1 :
10726758352 bytes
30 second offered rate 20682720 bps
aggregate-forwarded 10726758352 bytes
class-map: HTTP (match-all)
Match: access-group name browsing
set dscp 22:
Earl in slot 1 :
56874058537 bytes
30 second offered rate 92669832 bps
aggregate-forwarded 56874058537 bytes
class-map: DNSQOS (match-all)
Match: access-group name dnsqos
set dscp 14:
Earl in slot 1 :
160308954 bytes
30 second offered rate 303552 bps
aggregate-forwarded 160308954 bytes
class-map: class-default (match-any)
Match: any
set dscp 10:
Earl in slot 1 :
67394864030 bytes
30 second offered rate 126884864 bps
aggregate-forwarded 67394864030 bytes
=================================================================================
now the problem is below
on router 7200 , it is LNS router connected with LAC roiuter for ADSL customers.
now here is config of policy map on 7200 router:
R11#sh policy-map
Policy Map MATCH_MARKS
Class MATCH_YOUTUBE
bandwidth 220000 (kbps)
Class MATCH_FACEBOOKVIDEOS
bandwidth 20000 (kbps)
Class MATCH_HTTP
bandwidth 100000 (kbps)
=========================================================
R1#sh class-map
Class Map match-all MATCH_FACEBOOKVIDEOS (id 2)
Match ip dscp af33 (30)
Class Map match-all MATCH_HTTP (id 3)
Match ip dscp af23 (22)
Class Map match-any class-default (id 0)
Match any
Class Map match-all MATCH_YOUTUBE (id 1)
Match ip dscp af43 (38)
==========================================================
here is virtual-template interface before i apply the QOS
R1#sh running-config interface virtual-template 1
Building configuration...
Current configuration : 352 bytes
interface Virtual-Template1
bandwidth 1000000
ip unnumbered Loopback0
ip tcp adjust-mss 1412
ip policy route-map private
no logging event link-status
qos pre-classify
peer default ip address pool bitsead1 bitsead2
ppp mtu adaptive
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
max-reserved-bandwidth 90
end
=========================================
when i apply the command
(service-poliy output MATCH_MAKRS ) under virtual-template interface i have console logs :
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
also i have
*Jul 9 22:28:38.242: Interface Virtual-Access2551 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.250: Interface Virtual-Access627 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.258: Interface Virtual-Access786 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.266: Interface Virtual-Access623 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.274: Interface Virtual-Access2559 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.282: Interface Virtual-Access2281 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.290: Interface Virtual-Access142 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACCD0z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACD28z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
after i apply it ,
the cpu is 100 % and the router got down !!!
now
what is the problem ????
here is ios for 7200 router
R1#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
Bras1 uptime is 13 weeks, 1 day, 9 hours, 24 minutes
System returned to ROM by reload at 16:24:51 GMT+3 Tue Jun 17 2003
System image file is "disk2:c7200p-adventerprisek9-mz.124-24.T7.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36858624
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================================
wish to Help ASAP
regardshi ,
i did
the same issue ,
i did a TEST policymap that has 30 percent gurantee
but the same result!!!!!!!!!!!!!!!!
the router god down agian !
here is logs :
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.605: Interface Virtual-Access1896 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.797: Interface Virtual-Access1317 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.809: Interface Virtual-Access993 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.817: Interface Virtual-Access1699 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.981: Interface Virtual-Access254 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.993: Interface Virtual-Access687 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.001: Interface Virtual-Access35 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.009: Interface Virtual-Access160 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.017: Interface Virtual-Access1337 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.029: Interface Virtual-Access1670 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.037: Interface Virtual-Access1948 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.049: Interface Virtual-Access1669 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.109: Interface Virtual-Access1334 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.117: Interface Virtual-Access151 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.125: Interface Virtual-Access761 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.137: Interface Virtual-Access810 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.197: Interface Virtual-Access1522 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.237: Interface Virtual-Access1692 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.257: Interface Virtual-Access368 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.305: Interface Virtual-Access1758 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.317: Interface Virtual-Access2061 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.325: Interface Virtual-Access1203 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.337: Interface Virtual-Access188 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.345: Interface Virtual-Access1975 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.357: Interface Virtual-Access1172 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.509: Interface Virtual-Access1647 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.517: Interface Virtual-Access458 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.609: Interface Virtual-Access608 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.621: Interface Virtual-Access2128 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.633: Interface Virtual-Access1167 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.641: Interface Virtual-Access487 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.653: Interface Virtual-Access1793 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.665: Interface Virtual-Access2280 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.769: Interface Virtual-Access839 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.781: Interface Virtual-Access2311 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.793: Interface Virtual-Access1788 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.857: Interface Virtual-Access8 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.869: Interface Virtual-Access2243 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.881: Interface Virtual-Access580 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.057: Interface Virtual-Access6 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.065: Interface Virtual-Access1331 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.077: Interface Virtual-Access1235 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.177: Interface Virtual-Access1748 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.189: Interface Virtual-Access2262 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.205: Interface Virtual-Access2136 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
i want to ask a question , could this be from IOS ???? -
Having issues on ASA 5510 pass traffic between interfaces
I am trying to pass traffic between two internal interfaces but am unable to. Been searching quite a bit and have tried several things to no avail. I feel like there is a simple solution here I am just not seeing. Here is the relevant portion of my config:
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.5.1 255.255.255.0
interface Ethernet0/2
nameif ct-users
security-level 100
ip address 10.12.0.1 255.255.0.0
same-security-traffic permit inter-interface
access-list inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.12.0.0 255.255.0.0
access-list inside_access_in extended permit ip any any
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (ct-users) 0 access-list inside_nat0_outbound
nat (ct-users) 1 0.0.0.0 0.0.0.0
static (inside,ct-users) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
access-group outside_access_in in interface outside
access-group outside_access_ipv6_in in interface outside
access-group inside_access_in in interface inside
access-group inside_access_ipv6_in in interface inside
access-group inside_access_in in interface ct-users
access-group inside_access_ipv6_in in interface ct-users
On both networks I am able to access the internet, just not traffic between each other.
A packet-tracer reveals the following (it's hitting some weird rules on the way):
cybertron# packet-tracer input inside tcp 192.168.5.2 ssh 10.12.0.2 ssh detailed
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab827020, priority=1, domain=permit, deny=false
hits=8628156090, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
match ip ct-users 10.12.0.0 255.255.0.0 inside any
static translation to 10.12.0.0
translate_hits = 0, untranslate_hits = 6
Additional Information:
NAT divert to egress interface ct-users
Untranslate 10.12.0.0/0 to 10.12.0.0/0 using netmask 255.255.0.0
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad5bec88, priority=12, domain=permit, deny=false
hits=173081, user_data=0xa8a76ac0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab829758, priority=0, domain=inspect-ip-options, deny=true
hits=146139764, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad48c860, priority=6, domain=nat-exempt-reverse, deny=false
hits=2, user_data=0xad4b5e98, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=192.168.5.0, mask=255.255.255.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
match ip inside any ct-users 10.12.0.0 255.255.0.0
NAT exempt
translate_hits = 2, untranslate_hits = 2
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad3b1f70, priority=6, domain=nat-exempt, deny=false
hits=2, user_data=0xad62b7a8, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=10.12.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 7
Type: NAT
Subtype:
Result: ALLOW
Config:
static (inside,ct-users) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
match ip inside 192.168.5.0 255.255.255.0 ct-users any
static translation to 192.168.5.0
translate_hits = 1, untranslate_hits = 15
Additional Information:
Forward Flow based lookup yields rule:
in id=0xadf7a778, priority=5, domain=nat, deny=false
hits=6, user_data=0xad80cfd0, cs_id=0x0, flags=0x0, protocol=0
src ip=192.168.5.0, mask=255.255.255.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) udp 184.73.2.1 1514 192.168.5.2 1514 netmask 255.255.255.255
match udp inside host 192.168.5.2 eq 1514 outside any
static translation to 184.73.2.1/1514
translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab8e2928, priority=5, domain=host, deny=false
hits=9276881, user_data=0xab8e1d20, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=192.168.5.2, mask=255.255.255.255, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 9
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
match ip ct-users 10.12.0.0 255.255.0.0 inside any
static translation to 10.12.0.0
translate_hits = 0, untranslate_hits = 6
Additional Information:
Forward Flow based lookup yields rule:
out id=0xad158dc0, priority=5, domain=nat-reverse, deny=false
hits=6, user_data=0xac0fb6b8, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=10.12.0.0, mask=255.255.0.0, port=0, dscp=0x0
Phase: 10
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
match ip ct-users 10.12.0.0 255.255.0.0 inside any
static translation to 10.12.0.0
translate_hits = 0, untranslate_hits = 6
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xada0cd38, priority=5, domain=host, deny=false
hits=131, user_data=0xac0fb6b8, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=10.12.0.0, mask=255.255.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 11
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xad5c1ab0, priority=0, domain=inspect-ip-options, deny=true
hits=130, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 12
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 189385494, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: ct-users
output-status: up
output-line-status: up
Action: allowhow are you testing? if you are pinging between the subnets, make sure you have disabled windows firewall and/or any other firewall that is installed on the PCs (remember to re-enable it later).
Are the NAT commands there because you were trying different things to get this working? I suggest you use the command no nat-control instead. Depending on the version of ASA you are running it may already be disabled by default. In version 8.4 and later nat-control has been removed completely.
Please remember to select a correct answer and rate helpful posts -
One other thing - I had a problem with the key pairing so I rebuilt the rsa 1024 and the unit started working. Unfortunately I reloaded without the config in place and now I cannot get it to work again. Any help will be greatly apprecaited although I did review a dozen other posts of people having similar problems and for some reason there is never any conclusion as to the solution and I am not sure why.
Some other info from the client end:
I just ran the stats on the client and packets are being encrypted BUT none are decrypted.
Also Tunnel received 0 and sent 115119
Encryption is 168-bit 3-DES
Authentication is HMAC-SHA1
also even though the allow LAN is selected in the Cisco VPN client it states the local LAN is disabled in the client stats
also Transparent tunneling is selcted but in the stats it states it is inactive
I am connecting with the Cisco VPN Client Ver 5.0.07.0440
This config works. It is on the internal net 192.168..40.x and all users obtain dhcp and surf the web. It has required ports opened.The problem is that you can connect remotely via the VPN and you receive an IP address from the remote-vpn pool but you cannot see any machines on the internal network. The pix is at 40.2 and you cannot ping the pix and the pix from the remote PC connecting via the VPN and youcannot ping the remote PC from the PIX console when the remote is connected and receives the first IP address in the VPN pool of 192.168.40.25
I need to see the internal network and map network drives. I have another friend that is running the same config and it works but his computer is on a linksys wireless and has an IP of 192.168.1.x and the IP he receives from the VPN pool is 192.168.1.25 so I do not know if the same network is allowing this config to work even if there is an error in the config. In my present case I obtain the ip of 192.168.40.25 from the VPN pool and my connecting pc on 192.168.1.x I really am not sure how the VPN virtual adapter works. I am assuming it routes all traffic from your connecting PC to and from the virtual adapater but I really do not know for sure.
Other people have had similar issues with accessing the internal network from the VPN. One solution was the split-tunnel, another was the natting and another had to do with the encrption where there and an issue with the encrypt and ecrypt which was stopping the communicaton via the VPN.
I still cannot seem to find the issue with this config and any help will be greatly appreciated.
This is the config
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password somepassword
hostname hostname
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group network internal_trusted_net
network-object 192.168.40.0 255.255.255.0
object-group icmp-type icmp_outside
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
icmp-object source-quench
access-list OutToIn permit icmp any xxx.xxx.xxx.0 255.255.255.248 object-group icmp_outside
access-list no_nat_inside permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list split_tunnel permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list OutToIn permit ip any any
access-list outbound permit ip any any
(NOTE: I had many more entries in the access list but removed them. Even with the above two allowing everything it does not work)
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address inside 192.168.40.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_client_pool 192.168.40.25-192.168.40.30
pdm history enable
arp timeout 14400
global (outside) 1 interface
I had this statement missing from the previous posted config but even with the nat (inside) 0 access-list no_nat_inside it still does not work.
nat (inside) 0 access-list no_nat_inside
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_outside_in in interface outside
access-group outbound in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.40.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community $XXXXXX$
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set 3des_strong esp-3des esp-sha-hmac
crypto dynamic-map clientmap 50 set transform-set 3des_strong
crypto map vpn 50 ipsec-isakmp dynamic clientmap
crypto map vpn client configuration address initiate
crypto map vpn client configuration address respond
crypto map vpn client authentication LOCAL
crypto map vpn interface outside
isakmp enable outside
isakmp identity address
isakmp client configuration address-pool local vpn_client_pool outside
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup remote-vpn split-tunnel split_tunnel
vpngroup remote-vpn idle-time 10800
vpngroup remote-vpn password ANOTHER PASSWORD
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.40.0 255.255.255.0 inside
ssh timeout 30
console timeout 60
dhcpd address 192.168.40.100-192.168.40.131 inside
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
username AUSER password PASSWORD privilege 15
terminal width 80
****************** End of config
I have been searching docs and other people's postings trying to obtain the info to make this work. It appears pretty much boiler plate but I believe my problem is in the natting. I am using a range in the internal network for the VPN pool and I have tried switching this to other networks but this has not helped. Unfortunately I have been unable to get the PDM to work and I believe this is a PC config thing and I did not want to waste the time on it. I read a post where a person using the PDM interface with the same problem (not being able to access the internal network) was able to go to a section in the VPN wizard and set the Address Exeption Translation. They said they originally set the VPN subnet when they did not have to. Many of the other blogs I read also stated that if the natting is not proper for the VPN pool- that it will not work but I am confused by the examples. They show as I do the complete range for an access-list called no_nat_inside but I believe it should only have the VPN pool IP range and not the entire network since the others do require natting - not sure if my thought process is correct here. Any help will be greatly apprecaited. Also this morning I just tried a boiler plate example from CISCO and it also did not do what I need for it to do. And I also connect a PC to obtain an IP to see if I can see it - no good. The PC can ping the PIX and viceversa but no one can ping the remote PC that connects via the CISCO Remote VPN client even though it receive an address from the vpnpool. Also include LAN is checked off on the client. This was mentioned in anther post.
Thank you once again.Hi,
PIX501 is a very very old Cisco firewall that has not been sold for a long time to my understanding. It also doesnt support even close to new software levels.
If you wanted to replace the PIX501 the corresponding model nowadays would be ASA5505 which is the smallest Cisco ASA firewall with 8 switch port module. There is already a new ASA5500-X Series (while ASA5505 is of the original ASA 5500 Series) but they have not yet introduced a replacing model for this model nor have they stopped selling this unit. I have a couple of them at home. Though naturally they are more expensive than your usual consumer firewalls.
But if you wanted to replace your PIX firewall then I would probably suggest ASA5505. Naturally you could get some other models too but the cost naturally rises even more. I am not sure at what price these are sold as used.
I used some PIX501 firewalls at the start of my career but have not used them in ages since ASA5505 is pretty much the firewall model we use when we need a firewall/vpn device for a smaller network/branch site.
Here is a PDF of the original ASA5500 Series.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
Here is a PDF of the new ASA5500-X Series
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf
I am afraid that its very hard for me atleast to troubleshoot this especially since I have not seen any outputs yet. Also the very old CLI and lack of GUI (?) make it harder to see what the problem is.
Could you provide the requested outputs?
From the PIX after connection test
show crypto ipsec sa
Screen captures of the VPN Client routing and statistics sections.
- Jouni -
In desperate need of config assistance for 6513 trunking to Netapp controller
We are building a new SAN using a Netapp Fas3160 with 2 controllers in failover mode. We have 1 6513 switch they will connect to for the etherchannels. Each Netapp controller will need an LACP port channel with 4 gig interfaces in each running to the 6513. I have tried to set up the port channels on the 6513 by adding the interfaces into them with the following port config. The channel comes up fine, but routing to the netapp fails immediately after bringing up the trunk, and the port channel will eventually show down/down but the individual interfaces stay up/up. I have tried creating the trunks using the mode "on" command also and it will not stay up either.I am at a loss as to why the channels quit routing and eventually go down.
partial cisco config
interface Port-channel10
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
spanning-tree guard loop
interface GigabitEthernet1/29
description NetApp
switchport
switchport access vlan 34
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
spanning-tree guard loop
channel-protocol lacp
channel-group 10 mode active
Anyone with any experience of this type, please help. This should not be that hard, but the Netapp doco has conflicting info for modes, etc. I can provide more detail if someone needs it.Hi, here is my config for my trunk from a Cisco 4507R switch trunking to a NetApp FAS2050:
interface GigabitEthernet5/14
description NetApp Controller
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 22 mode active
end
UK-LON-SW01#sh run int gi6/14
Building configuration...
Current configuration : 183 bytes
interface GigabitEthernet6/14
description NetApp Controller
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 22 mode active
end
UK-LON-SW01#sh run int po22
Building configuration...
Current configuration : 149 bytes
interface Port-channel22
description NetApp
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
My initial troubles in getting the port-channel to come up were related to the config SAN admin did on the netapp controller, the cisco config is pretty basic/straightforward.
hope that helps.
Ashar. -
Default interface command for SG50052
Hello
I am trying to set an interface back to its defaults but with no success at all. Actually is a trunk interface and I want to make it access again. With no switchport mode and then switchport mode trunk I get a message about wrong VLAN assignments.Hi,
Configure as below:
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# no switchport mode trunk
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2(required vlan number)
regards
Moorthy -
Why the Fibre uplink ports are down state even after giving no shutdown command at the interface
Hi
My Predecessors brought 2 CISCO 3750 switches and implemented LACP on these core switches. Due to looping in the network the Fibre uplink ports GigabitEthernet1/1/3 and GigabitEthernet2/1/3 are down (I think these uplink ports are mirrored in the LACP concept)
Please see below from the configuration.
I logged into the core switch and went to this particular interface GigabitEthernet1/1/3 and I gave the following command and still the port is in the down state after I gave no shutdown command. Do I need to give the same no shutdown command at interface GigabitEthernet2/1/3 as well ?
Switch-Core1(config) interface GigabitEthernet1/1/3
Switch-Core1(config-if)#no shutdown
Switch-Core1(config-if)#
Please see below After no shutdown command given still these 2 Gigabit fibre uplink ports are down.
GigabitEthernet1/0/20 unassigned YES unset up up
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 unassigned YES unset up up
GigabitEthernet1/1/1 unassigned YES unset up up
GigabitEthernet1/1/2 unassigned YES unset up up
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset up up
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
GigabitEthernet2/0/1 unassigned YES unset up up
GigabitEthernet2/0/2 unassigned YES unset up up
GigabitEthernet2/0/3 unassigned YES unset up up
GigabitEthernet2/0/4 unassigned YES unset down down
GigabitEthernet2/0/5 unassigned YES unset up up
GigabitEthernet2/0/6 unassigned YES unset down down
GigabitEthernet2/0/7 unassigned YES unset down down
GigabitEthernet2/0/8 unassigned YES unset up up
GigabitEthernet2/0/9 unassigned YES unset up up
GigabitEthernet2/0/10 unassigned YES unset down down
GigabitEthernet2/0/11 unassigned YES unset down down
GigabitEthernet2/0/12 unassigned YES unset down down
GigabitEthernet2/0/13 unassigned YES unset down down
GigabitEthernet2/0/14 unassigned YES unset up up
GigabitEthernet2/0/15 unassigned YES unset up up
GigabitEthernet2/0/16 unassigned YES unset up up
GigabitEthernet2/0/17 unassigned YES unset up up
GigabitEthernet2/0/18 unassigned YES unset up up
GigabitEthernet2/0/19 unassigned YES unset down down
GigabitEthernet2/0/20 unassigned YES unset up up
GigabitEthernet2/0/21 unassigned YES unset down down
GigabitEthernet2/0/22 unassigned YES unset up up
GigabitEthernet2/0/23 unassigned YES unset down down
GigabitEthernet2/0/24 unassigned YES unset up up
GigabitEthernet2/1/1 unassigned YES unset up up
GigabitEthernet2/1/2 unassigned YES unset up up
GigabitEthernet2/1/3 unassigned YES unset down down
GigabitEthernet2/1/4 unassigned YES unset up up
Te2/1/1 unassigned YES unset down down
Te2/1/2 unassigned YES unset down down
Port-channel1 unassigned YES unset down down
Port-channel2 unassigned YES unset down down
Please let me know if I am doing something wrong .Please post me some tutorial to sort this.It is possible you are overloading that little 4215. If that is the case you should also be seeing "missed packet percentage" messages in your events.
How much traffic is your 4215 getting? Those sensors will start to drop packets for inspection at about 30 Mb/s.
- Bob -
How to config MSI AP-54G wireless router?
:angryfire:Hi,anybody.I have got a MSI AP 54G wireless roter from my friend,but no manual.I tried link it to my computer use it's LAN interface and I tried http://192.168.0.1 & http://192.168.1.1.But I can't access it's config interface.
HOW?AP54G is only an access point, not a router.
Download the manual and see specs here:
http://global.msi.eu/index.php?func=proddesc&prod_no=89&maincat_no=131 -
Admin Context - Do i need to assign interfaces for Mgmt?
I am building out 2 virtual firewalls using contexts in an active/active F/O pair, and would like to know if it is necessary to assign at least one interface to the admin context?
My other contexts will have outside, inside, DMZ and stateful F/O interfaces. And i plan on administering these contexts by SSH to the inside of one of the active Firewall contexts.
Also from what i am reading i see the system/admin context does AAA, Syslog, F/O config, interface allocations, etc. So, in the Firewalls I assume i dont need to configure AAA, syslog, etc. Is this a correct statement?
Thanks,
MikeWe do not assign interfaces to admin context but to do assign interfaces to other context from admin. So innitially you get only admin context from where you allocate interface/resources to other contexts.
Here are the links for ref-
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml
Thanks
Ajay -
AP 1262 don´t negotiate with Gig Interface
Hi !!
I have new 1262 APs, this have Gig Interface, when I connect the AP in my 6500 with PoE Gig Interface, the AP turn on, but the interface never get up.
I need to change the speed to 100 in the 6500 switch port, when I do this, the interface become UP.
This is the model of the card WS-X6148A-GE-45AF
This is the Switch IOS s3223-ipservicesk9_wan-mz.122-18.SXF11.bin
The controller is 5500 version 7.2
This is the interface config:
interface GigabitEthernet4/36
switchport
switchport access vlan 308
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
no ip address
speed 100
duplex full
wrr-queue bandwidth 30 40 30
wrr-queue queue-limit 40 30 15
wrr-queue threshold 2 60 80 100 100 100 100 100 100
wrr-queue threshold 3 60 80 100 100 100 100 100 100
wrr-queue random-detect min-threshold 1 40 60 80 80 80 80 80 80
wrr-queue random-detect max-threshold 1 70 80 100 100 100 100 100 100
no wrr-queue random-detect 2
no wrr-queue random-detect 3
wrr-queue cos-map 1 1 1
wrr-queue cos-map 1 3 0
wrr-queue cos-map 2 2 2
wrr-queue cos-map 2 3 4
wrr-queue cos-map 3 2 3
wrr-queue cos-map 3 3 6 7
mls qos vlan-based
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
end
switch#sh power inline | i Gi4/36
Gi4/36 auto on 17.3 15.4 cisco AIR-LAP1262N- 3
Have you seen this before?I need to change the speed to 100 in the 6500 switch port, when I do this, the interface become UP.Have you seen this before?
Yes I do. ALL the time.
This is caused by a fault in your cable. Pair D of your cable controls GigabitEthernet and it could be the fault. There's one way of testing and it would mean running a TDR from the 6500. Here are the process:
1. Command: test cable tdr int Gi4/36;
2. Wait for 61 seconds (Yes, it takes THAT long when dealing with 4500/6500 line cards);
3. Command: sh cable tdr int Gi4/36;
4. Please post the output. -
WLC CT2504: Interface IP can not be used as internal DHCP server IP
Hello all,
I've got a new CT2504 controller with software version 7.0.220.0
Regarding to
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:
(Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3
vlan401 Interface IP can not be used as internal DHCP server IP
It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:xx:xx:xx
IP Address....................................... 10.2.x.135
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.2.x.129
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 400
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.2.x.135
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
Scopes are defined and Proxy is enabled.
(Cisco Controller) >show dhcp summary
Scope Name Enabled Address Range
ap Yes 10.2.x.137 -> 10.2.x.140
intern Yes 172.16.x.20 -> 172.16.x.30
(Cisco Controller) >show dhcp proxy
DHCP Proxy Behaviour: enabled
Has somebody an explanation for this issue?
Thanks in advance,
Regard,
RobertYou can use the internal dhcp, but you need to set the primary dhcp as the management ip. So in your dynamic interface, your primary dhcp is configure with the wlc management ip address. Dhcp proxy also needs to be enabled and is enabled by default.
Thanks,
Scott Fella
Sent from my iPhone -
Policy based routing on VRF interfaces to route traffic through TE Tunnel
Hi All,
Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
The tunnel is already build up with these below config
interface Tunnel25
ip unnumbered Loopback0
tunnel destination 10.250.16.250
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 10 explicit name test
ip explicit-path name test enable
next-address x.x.x.x
next-address y.y.y.y
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng tunnels
nterface GigabitEthernet5/2
mpls traffic-eng tunnels
mpls ip
Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
Any help would be really appreciated
Thanks
Regards
Anantha Subramanian Natarajanhi Anantha!
I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
For your second question, the answer would be easy :
If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
Regards,
Niranjan
Maybe you are looking for
-
Tables for Materials in Maintenance Order
Hi experts, I need to implement a program that let me view the materials contained in the maintenance order, but I can not find the tables that contain this information. Can anyone help me or tell me how to get this information (Function or other)? T
-
Custom UICommand Opening in a New Window
I have followed the Simple One Step Screenflow tutorial but I have a question as to how I can open the screens in a new window? For example, if I was to click "My Button", I would like the screenflow to open in a new window instead of within the actu
-
Link not working..PL/SQL Cartridge
hi, i am trying to create a link on a page which calls another procedure passing certain parameters to it... term IN.. CRN IN.. gcom_id IN.. v_order_by2 varchar2(1) ; twbkfrmt.P_TableData ( twbkfrmt.F_PrintAnchor ( curl => twbkfrmt.f_encodeurl ( twbk
-
Hey, So I opened up the terminal, to try and make it so that I could see my ~/Library/ folder. It didn't work, but I started noticing that my desktop folders wouldn't have anything in them. I checked out a bunch of suggestions online, about how if yo
-
PLEASE...Any Suggestions on What Could Cause This?
Logic has been pretty darned stable for me and I'm getting a lot of work done now, having been a user now about a month or so. The ONLY consistent bug I have is this. 1 When I close a song, and open a new one, I hit PLAY and get loud digital noise. I