Email relay next hop
what is the address of the FPOE relay ? My mail gateway server is currently pointing to mail.global.frontbridge.com.
Hi,
the right address is mail.messaging.microsoft.com.
Greetings
Christian
Christian Groebner MVP Forefront
Similar Messages
-
Ip next-hop verify-availability problem
track 123 rtr 1 reachability
track 124 rtr 2 reachability
route-map PBR_IN permit 10
match ip address RB_SWI_IN RB_HK_IN
set ip next-hop verify-availability x.x.x.x 10 track 123
set ip next-hop verify-availability x.x.x.x 20 track 124
route-map PBR_OUT permit 10
match ip address RB_SWI_OUT RB_HK_OUT
set ip next-hop verify-availability x.x.x.x 10 track 123
set ip next-hop verify-availability x.x.x.x 20 track 124
control-plane
rtr 1
!--- Define and start Router 1.
type echo protocol ipIcmpEcho x.x.x.x
rtr schedule 1 life forever start-time now
rtr 2
!--- Define and start Router 2.
type echo protocol ipIcmpEcho x.x.x.x
rtr schedule 2 life forever start-time now
interface GigabitEthernet0/0
ip policy route-map PBR_OUT
duplex auto
speed auto
interface GigabitEthernet0/1
ip policy route-map PBR_IN
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy input inbound
service-policy output outbound
This is my configuration and i wonder whether it need license or not!
The vendor didn't let me type it in my border-router,they say this configuration need license.
And they want us to buy it!
Is it necessary to buy the license?IOF-3945E#show version
Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.2(4)M4, R
ELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 14:38 by prod_rel_team
ROM: System Bootstrap, Version 15.1(1r)T5, RELEASE SOFTWARE (fc1)
IOF-3945E uptime is 17 hours, 25 minutes
System returned to ROM by power-on
System image file is "flash0:c3900e-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE250/K9 with 1792000K/305152
K bytes of memory.
Processor board ID FGL173811LR
8 Gigabit Ethernet interfaces
2 terminal lines
1 Virtual Private Network (VPN) Module
1 cisco UCSE Module(s)
DRAM configuration is 72 bits wide with parity enabled.
256K bytes of non-volatile configuration memory.
999936K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 C3900-SPE250/K9 FOC17356KNW
Technology Package License Information for Module:'c3900e'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None
Configuration register is 0x2102
IOF-3945E# -
BGP route-reflector next-hop issue
Hello,
I have a small GNS3 lab that is working with one exception: I cannot ping loopback0 on RRc2 and RRc3 from RRc1.
RRc1, RRc2 and RRc3 can all ping loopback0 on SmileyISP and RRc2 and RRc3 can ping each others loopback0
interfaces.
I am broken between the two route-reflectors: RRS1 and RRS2.
Given these conditions:
1) Do not configure any IGP.
2) No static routes
How do I get connectivity from RRc1's loopback0 interface to RRc2 loopback0 and RRc3 loopback0?
I used a route-map to set the next hop, but I am obviously doing something wrong.
I am providing relevant show command outputs, router configs, and the GNS3 topology.net config.
You will have to change the image and working directories to match your computer.
Not quite sure where I am going wrong.
Any help would be greatly appreciated.
Thanks.
-- Mark
RRc1#sh ip bgp
BGP table version is 53, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.25.5 0 100 0 100 i
*>i 10.1.12.0/24 10.1.26.2 0 100 0 i
*>i 10.1.13.0/24 10.1.12.1 0 100 0 i
*>i 10.1.14.0/24 10.1.12.1 0 100 0 i
*>i 10.1.15.0/24 10.1.12.1 0 100 0 i
*>i 10.1.25.0/24 10.1.26.2 0 100 0 i
* i 10.1.26.0/24 10.1.26.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*>i 172.16.2.0/24 10.1.12.1 0 100 0 i
*>i 172.16.3.0/24 10.1.12.1 0 100 0 i
RRc1#
RRc1#ping 172.16.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 0 percent (0/5)
RRc1#
RRc2#sh ip bgp
BGP table version is 31, local router ID is 172.16.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.15.5 0 100 0 100 i
* i 10.1.12.0/24 10.1.12.2 0 100 0 i
* i 10.1.13.0/24 10.1.13.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 10.1.14.0/24 10.1.13.1 0 100 0 i
*>i 10.1.15.0/24 10.1.13.1 0 100 0 i
* i 10.1.25.0/24 10.1.12.2 0 100 0 i
* i 10.1.26.0/24 10.1.12.2 0 100 0 i
* i 172.16.1.0/24 10.1.12.2 0 100 0 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
*>i 172.16.3.0/24 10.1.14.4 0 100 0 i
RRc2#
SmileyISP#sh run
Building configuration...
Current configuration : 988 bytes
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname SmileyISP
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.5 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.5 255.255.255.0
speed auto
duplex auto
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor 10.1.15.1 remote-as 200
neighbor 10.1.25.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS1#sh run
Building configuration...
Current configuration : 1594 bytes
! Last configuration change at 19:24:34 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.12.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.13.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
ip address 10.1.14.1 255.255.255.0
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 10.1.14.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.2 peer-group RouteReflectors
neighbor 10.1.13.3 peer-group RRClients
neighbor 10.1.14.4 peer-group RRClients
neighbor 10.1.15.5 remote-as 100
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS2#sh ru
Building configuration...
Current configuration : 1542 bytes
! Last configuration change at 19:42:06 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.26.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.12.0 mask 255.255.255.0
network 10.1.25.0 mask 255.255.255.0
network 10.1.26.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.1 peer-group RouteReflectors
neighbor 10.1.25.5 remote-as 100
neighbor 10.1.26.6 peer-group RRClients
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc1#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:43:57 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.26.6 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.26.0 mask 255.255.255.0
network 172.16.1.0 mask 255.255.255.0
neighbor 10.1.26.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc2#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:45:05 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.2.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.13.3 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
neighbor 10.1.13.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc3#wr term
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:31:12 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc3
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.3.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.14.4 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.14.0 mask 255.255.255.0
network 172.16.3.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
autostart = False
version = 0.8.6
[127.0.0.1:7202]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10200
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2005
aux = 2100
cnfg = configs\SmileyISP.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/0
f1/1 = RRS2 f1/1
x = -24.0
y = -259.0
z = 1.0
hx = -1.5
hy = -24.0
console = 2015
aux = 2101
cnfg = configs\RRc1.cfg
slot1 = PA-2FE-TX
f1/0 = RRS2 f2/0
x = -292.0
y = 200.0
z = 1.0
hx = -5.5
hy = -25.0
[127.0.0.1:7200]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10000
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2012
aux = 2102
cnfg = configs\RRS1.cfg
slot1 = PA-2FE-TX
f1/0 = SmileyISP f1/0
f1/1 = RRS2 f1/0
slot2 = PA-2FE-TX
f2/0 = RRc2 f1/0
f2/1 = RRc3 f1/0
x = 197.0
y = 6.0
z = 1.0
hx = 42.5
hy = -20.0
console = 2013
aux = 2103
cnfg = configs\RRS2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/1
f1/1 = SmileyISP f1/1
slot2 = PA-2FE-TX
f2/0 = RRc1 f1/0
x = -239.0
y = 9.0
z = 1.0
hx = 1.5
hy = -24.0
[127.0.0.1:7201]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10100
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2009
aux = 2104
cnfg = configs\RRc3.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/1
x = 337.0
y = 155.0
z = 1.0
hx = 17.5
hy = -25.0
console = 2008
aux = 2105
cnfg = configs\RRc2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/0
x = 149.0
y = 204.0
z = 1.0
hx = -13.5
hy = -23.0
[GNS3-DATA]
configs = configs
text = ".1"
x = 208.0
y = -23.0
text = "10.1.12.0/24"
x = -19.0
y = 5.0
text = ".1"
x = 153.0
y = 25.0
text = ".1"
x = 259.0
y = 33.0
text = "10.1.13.0/24"
x = 238.0
y = 84.0
rotate = 99
text = "10.1.25.0/24"
x = -188.0
y = -124.0
text = "l0: 172.16.2.1/24"
x = 125.0
y = 244.0
text = "l0:172.16.1.1/24"
x = -269.0
y = 240.0
text = "10.1.15.0/24"
x = 116.0
y = -127.0
text = "10.1.14.0/24"
x = 293.0
y = 53.0
rotate = 50
text = ".1"
x = 194.0
y = 68.0
text = "AS100"
x = -20.0
y = -342.0
text = ".2"
x = -148.0
y = 46.0
text = "AS200"
x = 33.0
y = 300.0
text = "l0: 1.1.1.1/24"
x = -42.0
y = -306.0
text = ".5"
x = 50.0
y = -213.0
text = ".2"
x = -248.0
y = 60.0
text = ".2"
x = -174.0
y = -52.0
text = ".5"
x = -54.0
y = -209.0
text = ".6"
x = -232.0
y = 189.0
text = "l0:172.16.3.1/24"
x = 299.0
y = 194.0
text = "10.1.26.0/24"
x = -274.0
y = 167.0
rotate = 290
text = ".3"
x = 208.0
y = 187.0
text = ".4"
x = 312.0
y = 155.0
type = ellipse
x = 50.0
y = -35.0
width = 385.0
height = 345.0
fill_color = "#ffff7f"
border_style = 2
z = -1.0
type = ellipse
x = -171.0
y = -346.0
width = 359.0
height = 200.0
fill_color = "#aaff7f"
border_style = 2
z = -1.0
type = ellipse
x = -407.0
y = -87.0
width = 883.0
height = 443.0
border_style = 2
z = -2.0
type = ellipse
x = -361.0
y = -29.0
width = 385.0
height = 326.0
fill_color = "#55aaff"
border_style = 2
z = -3.0BD,
Ahh...
OK. In the original article, the author states that the final piece with the route map
NEXTHOP was supposed to fix the reachability issue. Obviously it doesn't.
After reading your last post, I looked more carefully at the output from 'sh ip bgp'
on each of the client routers and I realized that several of the next hop addresses were
wrong for some of the prefixes.
1) I completely removed the 'neighbor RouteReflectors route-map NEXTHOP out'
from both RR's. Then I ran 'sh ip bgp' on the clients and noted a change in the next hop addresses. Still wrong, but it changed.
2) I then tried next-hop-self from the RR's to the clients, but it did not change from where
it was after I completed step 1. I am not sure why there was no change. (actually, see the very end of this post)
3) I then applied my version of the route map: route-map NEXTHOP permit 10
set ip next-hop peer-address
to the RR's with this: neighbor RRClients route-map NEXTHOP out
That fixed it. All three clients have as their next hop for all prefixes their respective
RR's (which is what they should have for this topology).
I have full connectivity everywhere, even loopback to loopback between all clients.
1) THANK YOU for pointing me in the right direction.
2) If I may ask, why did next hop self fail? More specifically, I saw no change at all
in the next hop for the advertised prefixes. Is it because next-hop-self should be used
for eBGP peers and all of the RR's and clients are all within the same AS? -
Hi All,
I want to discuss a problem that I am facing in the BGP scenario.
The problem is that I have 2 ISP connections from a service provider which is terminating on 6509 VSS and our companies 2 routers and ASA is also connected to 6509 VSS.
R5 is creating a eBGP peering with R3 (Primary ISP) and R4 (Secondary ISP) and in same way R6 is having eBGP peering with R3 and R4.
I am using 2 default routes 1st with default AD towards R3 (Pri ISP) and 2nd with a higher AD value towards R4 (Sec ISP).
After this I had changed Next-hop with the help of route-map.So, that the traffic will hit on ASAs interface from WAN side.
The route-map for R3 is having a set IP next-hop of ASAs IP address x.x.x.10 and the route-map for R4 is having a set IP next-hop of ASAs 2nd interface IP address y.y.y.10
So, now problem is when I use command on R5 to see which next-hop I am sending to customer(#sh ip bgp nei x.x.x.3 advertised-routes) than for R3 network it shows me the exact next-hop which I want of x.x.x.10 ASAs interfaces but when I use same command to check for R4 than the output is also same i.e. it is having the next-hop of ASAs IP x.x.x.10 even in my route-map I am having a entry to set next-hop for R4 is ASAs interface IP y.y.y.10
After this I used wireshark to capture packet and I also used debug but the output shows that next-hop is set for R4 is y.y.y.10
So, this is the problem i.e. in show output command it is showing wrong next-hop but in capturing it is acknowledging that it is using the next-hop mentioned in route-map.
This is my configuration on R5 and same is on R6 just IPs are like y.y.y.6
R5#
interface GigabitEthernet0/0
description TO Primary ISP
ip address x.x.x.5 255.255.255.248
duplex auto
speed auto
no shut
interface GigabitEthernet0/1
description To Secondary ISP
ip address y.y.y.5 255.255.255.248
duplex auto
speed auto
no shut
ip access-list standard BLOCK
deny any
route-map as_prepend_secondary permit 10
set ip next-hop y.y.y.10
route-map as_prepend_primary permit 10
set ip next-hop x.x.x.10
router bgp AAAAA
no synchronization
bgp log-neighbor-changes
network z.z.z.z mask 255.255.255.248
timers bgp 10 30
neighbor y.y.y.4 remote-as BBBBB
neighbor y.y.y.4 route-map as_prepend_secondary out
neighbor x.x.x.3 remote-as BBBBB
neighbor x.x.x.3 route-map as_prepend_primary out
distribute-list BLOCK in
no auto-summary
ip route x.x.x.0 255.255.255.0 x.x.x.3
ip route y.y.y.0 255.255.255.0 y.y.y.3 2
This is the output of Debug on R6
BGP: TX IPv4 Unicast Wkr global 7 Cur Processing.
BGP: TX IPv4 Unicast Wkr global 7 Cur Attr change from 0x0 to 0x68F081C8.
*Sep 15 13:16:15.056: BGP(0): y.y.y.4 NEXT_HOP is set to y.y.y.10 by policy for net y.y.y.128,
Thanks & Regards,
Rahul ChhabraTopology Diagram
-
anyone knows how to solve this problem
when sending massages this pops up!
email relay access denied
there are no support info from AppleCheck your outgoing server settings. Consult with your e-mail provider.
-
Policy Based Routing - set ip next-hop
All,
I am trying to change the next hop for selective traffic to route via a WAN optimiser rather than follow the default route. I am trying to achieve this on a 4506 with IOS 12.2(20)EW.
I have configured an ACL intended to capture traffic from my desired subnet, to my desired subnet:
ip access-list extended INTER-STOR permit ip 192.168.XX.0 0.0.0.128 192.168.YY.0 0.0.0.128 log
I have then created the route map:
route-map WAN-OPT permit 10 match ip address INTER-STOR set interface Vlan1 set ip next-hop 192.168.XX.50
I have tested both with and without setting the interface. Neither make any difference.
I am then applying the route map policy to the vlan in which the traffic I wish to re-route is originating.
ip policy route-map WAN-OPT
I am finding however that this configuration doesn't work.
I have reviewed a number of documents and can not find any limitations based on the version of IOS I am using or my configuration.
This switch performs the routing for this environment, however there are no interfaces assigned to this vlan for anything other than testing on this switch. They are assigned on a stack on 3750's running as a VTP client. Again - testing from a port in the relevant vlan on this switch doing the routing (4500) does not change the results. The traffic continues to be routed the via the default route.
I'm not so sure that it is even the route map that has the problem as if I look at the access lists I can not see any hits being registered. I'm not sure whether this is a red-herring or not as I can't see what is wrong with the ACL or anything to suggest this ACL would not be supported.
If anybody can offer any guidance or suggestions it would be very much appreciated.
Thanks,Below is the "offical" explanation, I have bolded and underlined ESTENTIAL information:-
set ip next-hop
•Specifies the next hop for which to route the packet (the next hop must be adjacent). This behavior is identical to a next hop specified in the normal routing table.
set interface
•Sets output interface for the packet. This action specifies that the packet is forwarded out of the local interface. The interface must be a Layer 3 interface (no switchports), and the destination address in the packet must lie within the IP network assigned to that interface. If the destination address for the packet does not lie within that network, the packet is dropped.
set ip default next-hop
•Sets next hop to which to route the packet if there is no explicit route for this destination. Before forwarding the packet to the next hop, the switch looks up the packet's destination address in the unicast routing table. If a match is found, the packet is forwarded by way of the routing table. If no match is found, the packet is forwarded to the specified next hop.
set default interface
•Sets output interface for the packet if there is no explicit route for this destination. Before forwarding the packet to the next hop, the switch looks up the packet's destination address in the unicast routing table. If a match is found, the packet is forwarded via the routing table. If no match is found, the packet is forwarded to the specified output interface. If the destination address for the packet does not lie within that network, the packet is dropped.
HTH> -
What is the second, third, etc. next-hop address in the route-map set command for?
route-map TEST_PBR permit 10 match
match ip address 101
router(config-route-map)#set ip next-hop 1.1.1.1 ?
A.B.C.D IP address of next hopHi,
You may get your answer in below link
http://www.groupstudy.com/archives/ccielab/200812/msg00999.html
First next-hop will be used unless until that is not unreachable. If first is unreachable, then next one will be used. Since these next-hops are directly connected, router can easily come to know whether they are active or not. In case you want to set some loopback ip as next-hop then you need to use keyword recursive "set ip next-hop recursive"
--Pls dont forget to rate helpful posts--
Regards,
Akash -
Importance of specifiying MAC add of next hop L3 device in FWSM config
Hi,
With refrence of Cisco Secure Firewall Services Module (FWSM) of Cisco Press book it's mentioned that
"While configuring the transparent mode in FWSM, it is important to specify the MAC address and the CAM entries on the Layer 3 next hop device of FWSM."
This part of configuration is not very much clear to me please let me know the logic of this things
The following are two examples:
Layer 3 Device A (PFC) at the Outside Security Domain
! IP address of the next hop for the outside security domain
interface Vlan20
mac-address 0000.0000.0001
ip address 10.10.1.1 255.255.255.0
! Specify the IP address and MAC address at the first hop layer 3 interface
! of the inside security domain
arp 10.10.1.21 0000.0000.0001 ARPA
Layer 3 Device B at the Inside Security Domain
! IP address of the next hop for the inside security domain
interface Vlan21
mac-address 0000.0000.0021
ip address 10.10.1.21 255.255.255.0
! Specify the IP address and MAC address defined at the first hop interface
! of the outside security domain
arp 10.10.1.21 0000.0000.0002 ARPA
Regards
Ambivert SkillHello Mikis,
Fair enough, Just remember beggining on 8.3 how the ASA handles the packets it's different from 8.2 and older versions.
As you said now the ASA is going to check the proper Nat rules first and then the Acl's that is why when we want to allow traffic from outside to an inside server we need to poing the ACL to the private or un-nated Ip as the nat rule was taken in place first
Good post by the way,
Remember to rate all the community answers, for us that is more important than a thanks
Julio -
BGP - next hop self command.
Hi,
I am learning bgp...need your help...
Connectivity is like as follows:
Router A (ebgp) Router B (ibgp) Router C (ibgp) Router D
when loopback subnet of Router A is received at Router C, defalult with next hop address of outgoing interface of router A.
after configuring next hop self command on router B to C, on Router C then show next hop add outgoing interface of router B. k no prob.
but same subnet isn't received on router D because of ibgp split horizon rule; used route-reflector client on router C. then router D received subnet of Router A; but shows next hop address outgoing interface of router B. even though i used next hop self on router C towards D.; router D didn't show next hop add of router C. Why ??
Its ok i used IGP i.e. EIGRP in between router B, C & D. it works.
=> why next hop self doesn't work in this scenario ?? & is it the reaseon we need to use IGP into IBGP AS ??
--Sandy.Hi,
I agree with Milan, you can use a route-map applied in the outbound direction to rewrite the next-hop.
Another option is to use the "next-hop-self all" (note the keyword all), that will update the next hop of both iBGP and eBGP learned prefixes:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/command/irg-cr-book/bgp-m1.html#wp4972925610
The use case for this (next-hop-self all) is I see is in a DMVPN Network, but not for an ISP - MPLS/VPN Provider.
Regarding BGP and the need of IGP, think that different protocols have different purposes. The IGP, specially used in large-scale deployments, is used to build the topology and provide reachability to internal prefixes. The IGPs used in large-scale designs, IS-IS/OSPF, are good here because as they are link-state protocols and have a complete view of the network and will detect fast a change and run SPF for a new topology if needed. Furthermore, they have extensions to use MPLS/Traffic Engineering.
Once the topology is build and the routers have reachability to internal prefixes, then you can run iBGP (typically between loopbacks) to provide reachability to external prefixes. BGP is very good to transport a good amount of prefixes, as it is based in TCP. If the IGPs could handle the amount of prefixes can handle BGP, then you would not need iBGP, you would redistribute (which is another option) them to the IGP and we will only have external BGP. However, in order to provide reachability and build and scalable network, you need BGP plus an IGP.
The reason of having the need of an iBGP full mesh is to prevent black-holes in the network. Think that routers A-B-C, A is running iBGP with C, which are edge routers receiving prefixes from other ASN´s. As B is not running BGP, when it receives a packet destined to an external network it will drop that packet as it has no information in the RIB.
There was also an old rule called synchronization that prevented the problem of advertising a black hole to another AS. The rule was that if the prefix is not in the IGP, BGP will not advertise that prefix. So, redistribution solved in the old days the problem of black holes and the rule of sync the problem of advertising them to other ASNs. As the networks got bigger and bigger, there was no point to redistribute the external prefixes to the IGP, so iBGP full-mesh/RRs were deployed and the sync rule disabled.
Hope this helps,
Jose. -
IP Route - Exit interface vs Next Hop
Hi guys,
I'm sure this has been asked before :) But are there any known issues when using an exit interface in a route statement as opposed to a next hop address?
I have had an issue this morning after a router change whereby some hosts were able to access a web server and some were unable to. My route statement to the web server was pointing to an exit interface and when this was changed to next hop, all users were able to access it. It is very puzzling!
The router is an ASR1001, running 15.4.
Thanks.I am sure that you added the information hoping that it would help us to understand your situation. But I am still not clear whether you are talking about doing something like
ip route x.x.x.x y.y.y.y Eth0/0
or
ip route x.x.x.x y.y.y.y Tun1 (and if it is Tun1 is this a point to point tunnel or a multipoint tunnel?)
As has been mentioned there are (multiple) issues with a static route which specifies only an exit interface if the interface is multipoint like Ethernet.
HTH
Rick -
Hi,
could someone please advice how to change a next-hop for incoming SMTP traffic? I've successfully created PBR to redirect customer SMTP traffic to a different next-hop:
C6509#access-list 150 permit tcp 85.175.191.0 0.0.0.255 any eq smtp (customer LAN is 85.175.191.0/24; from customer to the internet)
C6509#access-list 160 permit tcp any 85.175.191.0 0.0.0.255 eq smtp (from the internet to customer LAN; doesn't work!)
C6509#route-map MAIL-Redirect permit 10
C6509#match ip address 150
C6509#set ip next-hop 20.10.10.10
C6509#route-map MAIL-Redirect permit 20
C6509#match ip address 160
C6509#set ip next-hop 20.10.10.10
C6509#interface Vlan100
C6509#ip address 85.175.191.1 255.255.255.0
C6509#ip policy route-map MAIL-Redirect
Redirect customer SMTP traffic from inside to the internet works as expected:
IP: s=85.175.191.111 (Vlan16), d=173.19.66.27, len 60, FIB policy match
IP: s=85.175.191.111 (Vlan16), d=173.19.66.27, len 60, PBR Counted
IP: s=85.175.191.111 (Vlan16), d=173.19.66.27, g=20.10.10.10, len 60, FIB policy routed
C6509#sh access-list 150
Extended IP access list 150
10 permit tcp 85.175.191.0 0.0.0.255 any eq smtp (17 matches)
But the other direction (SMTP traffic coming in from the internet to 85.175.191.0/24) seems not working:
C6509#sh access-list 160
Extended IP access list 160
10 permit tcp any 5.175.191.0 0.0.0.255 eq smtp
Any ideas?
Thanks,
ThomasI think it's because PBR must be configured in interface receiving traffic; try configuring PBR on the WAN interface (obviously you can split the route-map in the routemaps: one for incoming traffic (used on WAN inertf) and one for outgoing traffic (used on VLAN 100))
Let me know, bye,
enrico
PS: please rate if useful -
(PBR) set next-hop to the same router?
Hi
I need to send some traffic to an external L2 device, and then get it back, to the same router.
I planned to use PRB, to set the outgoing interface, and the next-hop as the IP address of the incoming interface, from the same router.
Is that possible?
Can I set as the next-hop an IP address from the same router, forcing the traffic to go out, by specifying the outgoing interface too?
Thanks in advance
JMJM,
Good catch, I did try the command on a router today, and it did show up in the running config. Its indeed a warning message, but I m not sure whether the router will route packet to itself..if I get some time today i will test it out.
Sankar. -
Choosing next hop for traffic specific
Hello,
I would like to know how I can use "set tag" in Route-map in order to lead traffic specific throug static route with "ip route".
I believe that I can do the following:
access-list 101 permit ip 192.168.120.0 0.0.0.255 any /* Filtering Lan Traffic Specific 1 */
access-list 102 permit ip 192.168.180.0 0.0.0.255 any /* Filtering Lan Traffic Specific 2 */
route-map XXXX permit 10 /* Tag 20 is related to Lan traffic specific 1 */
match ip address 101
set tag 20
route-map YYYY permit 20 /* Tag 30 is related to Lan traffic specific 2 */
match ip address 102
set tag 30
interface GigabitEthernet0/1.20 /* Applying route-map to Lan subinterface */
encapsulation dot1Q 20
ip address 192.168.120.1 255.255.255.0
ip policy route-map XXXX
interface GigabitEthernet0/1.21 /* Applying route-map to Lan subinterface */
encapsulation dot1Q 21
ip address 192.168.180.1 255.255.255.0
ip policy route-map YYYY
ip route 172.18.70.0 255.255.255.0 11.0.15.1 tag 20 /* traffic specific 1 is transmit to 172.18.0.70 through next hop 11.0.15.1 */
ip route 172.18.70.0 255.255.255.0 11.0.15.5 tag 30 /* traffic specific 2 is transmit to 172.18.0.70 through next hop 11.0.15.5 */
Is this correct ?, or is there another way to approach this issue?
Thanks for your answer in advance.Hello Cadet,
Thanks for your feedback. Sorry, I was wrong. As you say, it looks correct. I did the mistake when I tested the ping from the Router-1 while the PRB applied to ingressing traffic and not to the generated traffic in the Router-1.
I have been doing this work remotely, because the sites are far each other.
Finally one person went to the remote site and verified, from de Lan1 and Lan2, that they was following the correct route.
Also, I was not sure about this routes:
ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21
Thanks for your advise.
The "ip route" in the Router-2, I have corrected too.
Thanks very much.
Best regards,
Sandro -
Hi Everyone,
if sh ip route shows
Gateway of last resort is 172.24.250.3 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 172.24.250.3
S 172.16.0.0/12 [1/0] via 172.24.250.1
We need to see destination IP subnet 172.24.150.x uses which IP as next hop
need to confirm it will use 172.24.250.1 as next hop right?
it will only go to default route unless it has no specfic route ?
Regards
MaheshMahesh,
According to your example, yes, the 172.24.150.x should use 172.24.250.1.
HTH,
John
*** Please rate all useful posts *** -
Hello everyone,
I can't catch by wireshark the packet RIPng with Next Hop RTE. I can see a lot of packets with RTEs, but no information about the Next Hop (no 0xFF in the metric field). I was trying to do it with a few different schemes, but no result... For example:
A---------B
| |
| |
| HUB |
|
|
C-----NET-C
Only A and B into a RIPng process. NET-C is redistributed as static into the RIPng process. B added it to the routing table with next hop A.
I was expected that A is sending C as NextHop for the prefix. How I can see the packet RIPng with the Next Hop RTE?
Thank you in advance.
Best regards,
DmitryDmitry,
The use of the Next Hop RTE is purely optional in RIPng (just as it was in RIPv2), and it is up to the implementor's choice to decide if the implementation is going to honor and properly fill in this field. Cisco's RIPng implementation does not seem to use the Next Hop RTE in RIPng at all, so unfortunately, you are not going to see any RIPng updates carrying this field sent by Cisco routers. I have tested it on 15.3 IOS just now.
Sorry to disappoint you.
Best regards,
Peter
Maybe you are looking for
-
I have a pornographic search line on the top banner of Safari just under the bookmark icons that appears whenever I open up the onscreen keyboard and the top drops down a bit. Don't know where it came from the iPad is only one day old brand-new. I've
-
Prompting of Auto-installtion of JRE1.5.0.06 if IE fails to load applet.
Hi, I have one requirement, in which if client browser is not having JRE1.5.0.06 intstalled on his m/c then script will automatically prompt to install JRE1.5.0.06. I have heard that we can implement this using JavaScript. Can anybody send me the cod
-
USB Cable for power only?
Hey everyone, I want to be able to use the USB cable to provide power to my Ipod, but not install Itunes. Here is the situation: I have a set of desktop speakers at work and I like to plug my Ipod into them to listen during the day. Of course over ti
-
ORA-29278: SMTP transient error: 401 4.1.7 Bad sender address syntax
Hello All, I am Facing an Error as below while trying to Execute a Developed EMAIL Trigger in DB : ORA-29278: SMTP transient error: 401 4.1.7 Bad sender address syntax I am totally surprised as i have checked both the addresses : Sender as well as Re
-
Negative Quantity of a Stock Material in a Maintenance order
Dear SAP Gurus, I know about the whole refurbishment order process. What I needed to know about was that if i enter negative quantity for a Stock material in my maintenance order? What does that signify? Is that an alternative to the refurbishment pr