Ethernet CFM in Cisco7600
Hi
I try monitoring accessport both Router use the Ethernet CFM .
Please teach me. How to configure Ethernet CFM this topology
C7600 IOS is 12.2(33)SRE2
[SW1]---(vlan10)g1/2[R1]g1/1----(dot1qtrunk)----g1/1[R2]g1/2(vlan10)----[SW2]
MEP:Both Router g1/2
MIP:Both Router g1/1
When R1g1/2 not responding passage of 10 seconds
then R2 detected R1g1/2 is linkdown by Ethernet CFM Continuity Check messages.
I want to achieve implementation Ethetnet CFM in C7600.
Regards.
Have you opened a TAC case for it ?
Can you share output of:
show module 1
Similar Messages
-
ME3400E: Unable to delete a service under ethernet cfm domain
Hello all,
With a ME3400E running IOS Version 12.2(55)SE4 sometimes when we try to remove a service we get an error:
EDD-1001111111(config)#ethernet cfm domain PT level 6
EDD-1001111111(config-ecfm)#no service 1000 vlan 100
An EVC is associated with this service. Remove all EVC's associated before removing the service. Command Aborted.
Only with a reboot we can remove the service.
Bug ? Order of operations ? Can anyone help me ?
Thanks !
DavidHi Manpreet,
Once you deleted the Business Service, it comes into your change list as it is one of the changes in your objects.
Now to confirm the delete operation just right click on your change list and click activate, and it will be permanently deleted.
Or if you just want to remove the service from your scenario then just right click on the service and select remove from the scenario and again activate your changes.
I hope it helps.....
Do get back for more doubts.
Thanks and Regards,
Varun Joshi
Message was edited by: Varun Joshi -
Ethernet cfm: question on RDI allarm cisco 7609
Hi all,
I have ethernet cfm configured on two Cisco 7609s and two UP MEPs configured under xconnect PW MPLS on the same domain, level and service MA so they became CFM peers.
I notice that after removing and re-configuring olny one UP MEP under xconnect PW, the Cisco 7609 send a SYSLOG message indicating a RDI defect alarm and the show ethernet cfm errors showed RDI defect too.
Aftert 18 seconds this alarm is cleared and the show ethernet cfm errors is empty.
I don't undestand this behaviour..why the Cisco send the RDI alarm in this situation?Have you opened a TAC case for it ?
Can you share output of:
show module 1 -
Ethernet OAM CFM to take interface down
Hi,
I'd like to use CFM to take a link down when the remote side is not responding any more as the link is disrupted.
Platform is CRS-1 w. IOS-XR 4.1:
Here my configuration:
ethernet cfm
domain md0 level 4 id string crs_196_P2
service ma0 down-meps
continuity-check interval 100ms loss-threshold 3
efd
interface TenGigE0/2/0/2
description ->t1600_195_P3, xe-1/0/2
mtu 4474
service-policy output VF-QOS
ipv4 address 172.20.23.1 255.255.255.252
load-interval 30
ethernet cfm
mep domain md0 service isis-eoam mep-id 1
I get an error message that there is an MAID mismatch and the link is being taken down:
sh eth cfm lo meps
Defects (from at least one peer MEP):
A - AIS received I - Wrong interval
R - Remote Defect received V - Wrong level
L - Loop (our MAC received) T - Timed out
C - Config (our ID received) M - Missing (cross-check)
X - Cross-connect (wrong MAID) U - Unexpected (cross-check)
P - Peer port down
Domain md0 (level 4), Service ma0
ID Interface (State) Dir MEPs/Err RD Defects AIS
1 Te0/2/0/2 (Down) Dn 1/1 Y X
When I do a debug ethernet cfm packets I see the following messages that do not indicate an error to me:
LC/0/2/CPU0:Jul 7 23:55:26.424 : cfmd[138]: PKT-RX: IFH TenGigE0/2/0/2 ingress: CCM packet received at level 4 for domain md0, service ma0: length 75, source MAC 28c0.da4e.9900, destination MAC 0180.c200.0034: Packet processed successfully
LC/0/2/CPU0:Jul 7 23:55:26.480 : cfmd[138]: PKT-TX: IFH TenGigE0/2/0/2 egress: CCM packet sent at level 4 for domain md0, service ma0: length 98, source MAC 0007.0e50.95c5, destination MAC 0180.c200.0034
LC/0/2/CPU0:Jul 7 23:55:26.524 : cfmd[138]: PKT-RX: IFH TenGigE0/2/0/2 ingress: CCM packet received at level 4 for domain md0, service ma0: length 75, source MAC 28c0.da4e.9900, destination MAC 0180.c200.0034: Packet processed successfully
From the documentation I see that the MAID is made up of the MDID and the SMAN, but from the debug above they do seem to match.
Any ideas on what I am missing here?
TIAWrong Section, You should be asking it in IOS-XR section.
-
Oam/cfm on cisco 888E and tagged pkt
I'm configuring cisco 888E for oam functionality using tag.
I created controller shdsl without bounding, it is possible to associate vlan to Ethernet interface automatically configured when dsl-group is created?
For default all pkt received from FastEthernet 0 are forwarded on Ethernet 0?
from configuration file:
controller SHDSL 0
dsl-group pairs 0
shdsl annex G
I receive tagged pkt from FastEthernet 0 (conncted to switch) but pkt aren't forwarded on Ethernet 0 interface (line side).
Oam/cfm is configured as following:
ethernet cfm ieee
ethernet cfm global
ethernet cfm domain md2 level 7
ethernet cfm domain md1 level 5
service ma1 vlan 213 direction down
mep mpid 3
continuity-check
continuity-check static rmep
sender-id chassis
ais period 1
ais level 7
no ais suppress-alarms
lck level 5
I tried to enable debug
Sep 30 12:49:32.819: EOAM PD(Et0): total_rx_frames= 290
rx_error_frames= 0
rx_error_symbols= 0
rx_crc_error_frames= 0
tx_crc_error_frames= 0
Sep 30 12:49:32.819: EOAM PD(Et0): pqii_pro_ucc_fe_get_oam_counters: Returned
Sep 30 12:49:32.819: EOAM LM(Et0): SYMPRD w=104857600 lt=1 ht=0 elapsed_time=7000(ms) rx_sym=39872000 err_sym=0 bw=5696
Sep 30 12:49:32.819: EOAM LM(Et0): FRM w=1 lt=1 ht=0 t_frm=0 err_frm=0
Sep 30 12:49:32.819: EOAM LM(Et0): FRMPRD w=10000000 lt=1 ht=0 t_frm=290 err_frm=0
Sep 30 12:49:32.819: EOAM LM(Et0): RXCRC w=1 lt=10 ht=0 err_frm=0
Sep 30 12:49:32.819: EOAM LM(Et0): TXCRC w=1 lt=10 ht=0 err_frm=0
Sep 30 12:49:33.815: EOAM TX PAK(Et0) size 20:
Sep 30 12:49:33.815: 03 00 08 00 01 10 01 00 01 00 0D 05 DC 00 00 0C
Sep 30 12:49:33.815: 00 00 00 02
Sep 30 12:49:33.819: EOAM PD(Et0): pqii_pro_ucc_fe_get_oam_counters: Called
I enabled EOAM only on Ethernet 0.
I have problem on EOAM tagged pkt and also using tagged traffic.
Cisco#show vlan-switch
VLAN Name Status Ports
1 default active Fa1, Fa2, Fa3
213 shdsl active Fa0
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Any suggestion on configuration?
ThanksWrong Section, You should be asking it in IOS-XR section.
-
Cisco 7206 has with LLQ QOS and cpu 85 %
hi all ,
i want to mention issue about cisco router 7206 npeg2 :
can this router handle traffic 780 Mbps as download and 75 MBps as upload ?? with cpu 85 % and with LLQ qos ??
im asking this question because my QOS althoug it matched alot of traffic , it some time get slow and seems that QOS not working fine , im sure that my work is fine, because it was fine , but recent days i added more bw ???!!!!!
dont know if need more memory for router for QOS :
===============================================================
7200Gateway#sh memory
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 6B97A80 1883669308 114125456 1769543852 1768174580 1760364316
I/O 78000000 67108864 4482572 62626292 62598896 62617884
Transient 77000000 16777216 22196 16755020 16222412 16728368
Processor memory
Address Bytes Prev Next Ref PrevF NextF Alloc PC what
06B97A80 0000010004 00000000 06B9A1C4 001 -------- -------- 01A493D8 CEF: fib
06B9A1C4 0000000028 06B97A80 06B9A210 000 87F3D04 87FD620 015FC24C AAA Attr Binary/String
06B9A210 0000004700 06B9A1C4 06B9B49C 001 -------- -------- 01AC85B4 ADJ: adjacency
06B9B49C 0000004100 06B9A210 06B9C4D0 001 -------- -------- 0011245C HTTP CORE
06B9C4D0 0000004100 06B9B49C 06B9D504 001 -------- -------- 00112548 HTTP CORE
06B9D504 0000004100 06B9C4D0 06B9E538 001 -------- -------- 00112548 HTTP CORE
06B9E538 0000004100 06B9D504 06B9F56C 001 -------- -------- 00112548 HTTP CORE
06B9F56C 0000004100 06B9E538 06BA05A0 001 -------- -------- 00112548 HTTP CORE
06BA05A0 0000000756 06B9F56C 06BA08C4 001 -------- -------- 0343C38C Process
06BA08C4 0000000204 06BA05A0 06BA09C0 001 -------- -------- 0343FAB4 Process Events
06BA09C0 0000022764 06BA08C4 06BA62DC 001 -------- -------- 04055CB4 IPSM Octet Str
06BA62DC 0000014488 06BA09C0 06BA9BA4 001 -------- -------- 0405C0C4 ipsm IPSEC Fai
06BA9BA4 0000004100 06BA62DC 06BAABD8 001 -------- -------- 00112548 H
===========================================================================
==========================================
7200Gateway#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
7200Gateway uptime is 2 weeks, 5 days, 19 hours, 43 minutes
System returned to ROM by power-on
System image file is "disk2:/c7200p-adventerprisek9-mz.124-24.T7.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE-G2) processor (revision A) with 1966080K/65536K bytes of memory.
Processor board ID 13252317
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.0
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================
7200Gateway#sh processes cpu
CPU utilization for five seconds: 85%/84%; one minute: 84%; five minutes: 84%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 32 416 76 0.00% 0.00% 0.00% 0 Chunk Manager
2 32788 342520 95 0.00% 0.05% 0.05% 0 Load Meter
3 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha
4 0 1 0 0.00% 0.00% 0.00% 0 EDDRI_MAIN
5 2624584 213262 12306 0.00% 0.03% 0.04% 0 Check heaps
6 56 373 150 0.00% 0.00% 0.00% 0 Pool Manager
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio
9 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea
10 16 28543 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
11 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager
12 688 1670887 0 0.00% 0.00% 0.00% 0 IPC Periodic Tim
13 520 1670887 0 0.00% 0.00% 0.00% 0 IPC Deferred Por
14 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
15 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure
16 9007072 30711869 293 1.35% 0.15% 0.11% 0 EnvMon
17 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler
18 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
19 1380 3892 354 0.00% 0.00% 0.00% 0 ARP Input
20 1584 1784473 0 0.00% 0.00% 0.00% 0 ARP Background
21 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
22 0 1 0 0.00% 0.00% 0.00% 0 CEF MIB API
23 4 134 29 0.00% 0.00% 0.00% 0 AAA high-capacit
24 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
25 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
26 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
27 0 5 0 0.00% 0.00% 0.00% 0 Entity MIB API
28 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
29 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
30 0 1 0 0.00% 0.00% 0.00% 0 RMI RM Notify Wa
31 28 281 99 0.00% 0.00% 0.00% 0 EEM ED Syslog
32 0 2 0 0.00% 0.00% 0.00% 0 SMART
33 724 1712571 0 0.00% 0.00% 0.00% 0 GraphIt
34 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
35 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
36 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client
37 0 2 0 0.00% 0.00% 0.00% 0 VSA background
38 0 1 0 0.00% 0.00% 0.00% 0 VSA Cleanup Proc
39 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
40 4348 444483 9 0.00% 0.00% 0.00% 0 Net Background
41 0 2 0 0.00% 0.00% 0.00% 0 IDB Work
42 32 501 63 0.00% 0.00% 0.00% 0 Logger
43 1236 1710802 0 0.00% 0.00% 0.00% 0 TTY Background
44 16504 1712627 9 0.07% 0.00% 0.00% 0 Per-Second Jobs
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
45 20 34 588 0.00% 0.00% 0.00% 0 IF-MGR control p
46 8 40 200 0.00% 0.00% 0.00% 0 IF-MGR event pro
47 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
48 0 1 0 0.00% 0.00% 0.00% 0 IKE HA Mgr
49 0 1 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr
50 4 4 1000 0.00% 0.00% 0.00% 0 rf task
51 12808 179149 71 0.00% 0.00% 0.00% 0 Net Input
52 1304 342532 3 0.00% 0.00% 0.00% 0 Compute load avg
53 610136 28974 21058 0.00% 0.00% 0.00% 0 Per-minute Jobs
54 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon
55 4 10570 0 0.00% 0.00% 0.00% 0 Transport Port A
56 1272 505453 2 0.00% 0.00% 0.00% 0 HC Counter Timer
57 0 1 0 0.00% 0.00% 0.00% 0 Coproc Event Pro
58 0 1 0 0.00% 0.00% 0.00% 0 POS APS Event Pr
59 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time
60 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer
61 204 4 51000 0.00% 0.00% 0.00% 0 USB Startup
62 0 2 0 0.00% 0.00% 0.00% 0 FPD Management P
63 0 1 0 0.00% 0.00% 0.00% 0 FPD Action Proce
64 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN
65 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_DELA
66 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP
67 464 1712577 0 0.00% 0.00% 0.00% 0 ISA Common Helpe
68 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update
69 0 58 0 0.00% 0.00% 0.00% 0 Flash Card Oir
70 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi
71 0 1 0 0.00% 0.00% 0.00% 0 CF_INTERDEV_SCTP
72 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
73 0 2 0 0.00% 0.00% 0.00% 0 Ethernet CFM
74 736 1670893 0 0.00% 0.00% 0.00% 0 Ethernet Timer C
75 0 1 0 0.00% 0.00% 0.00% 0 delayed evt hand
76 28 112 250 0.00% 0.00% 0.00% 0 AAA Server
77 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
78 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
79 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
80 744 1670882 0 0.00% 0.00% 0.00% 0 BGP Scheduler
81 0 2 0 0.00% 0.00% 0.00% 0 Ethernet OAM Pro
82 0 2 0 0.00% 0.00% 0.00% 0 Ethernet LMI
83 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
84 3684 14726 250 0.00% 0.00% 0.00% 0 ADJ resolve proc
85 8 30 266 0.00% 0.00% 0.00% 0 IP ARP Adjacency
86 0 1 0 0.00% 0.00% 0.00% 0 IP ARP Retry Age
87 3481296 6804010 511 0.00% 0.02% 0.01% 0 IP Input
88 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
89 0 9 0 0.00% 0.00% 0.00% 0 TurboACL
90 0 2 0 0.00% 0.00% 0.00% 0 TurboACL chunk
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
91 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
92 16 2854 5 0.00% 0.00% 0.00% 0 MOP Protocols
93 0 1 0 0.00% 0.00% 0.00% 0 LSP Tunnel FRR
94 0 1 0 0.00% 0.00% 0.00% 0 MPLS Auto-Tunnel
95 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks
96 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
97 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
98 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
99 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Time
100 0 2 0 0.00% 0.00% 0.00% 0 Spanning Tree
101 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
102 20 96 208 0.00% 0.00% 0.00% 0 SSM connection m
103 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
104 4 5709 0 0.00% 0.00% 0.00% 0 Authentication P
105 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
106 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP Process
107 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr
108 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
109 1152 49386 23 0.00% 0.00% 0.00% 0 IP Background
110 2276 28582 79 0.00% 0.00% 0.00% 0 IP RIB Update
111 60 34442 1 0.00% 0.00% 0.00% 0 CEF background p
112 6784 2485297 2 0.00% 0.00% 0.00% 0 CEF: IPv4 proces
113 12 104 115 0.00% 0.00% 0.00% 0 ADJ background
114 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
115 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
116 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
117 7292 7550370 0 0.00% 0.00% 0.00% 0 TCP Timer
118 1300 10511 123 0.00% 0.00% 0.00% 0 TCP Protocols
119 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
120 18228 11429 1594 0.00% 0.00% 0.00% 0 HTTP CORE
121 0 2 0 0.00% 0.00% 0.00% 0 RLM groups Proce
122 0 1 0 0.00% 0.00% 0.00% 0 L2X Data Daemon
123 0 1 0 0.00% 0.00% 0.00% 0 ac_atm_state_eve
124 0 2 0 0.00% 0.00% 0.00% 0 SNMP Timers
125 1320 1710737 0 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
126 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
127 568 1710728 0 0.00% 0.00% 0.00% 0 bsm_xmt_proc
128 0 1 0 0.00% 0.00% 0.00% 0 COPS
129 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
130 0 3 0 0.00% 0.00% 0.00% 0 Flow Exporter Ti
131 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input
132 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER
133 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
134 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim
135 0 1 0 0.00% 0.00% 0.00% 0 LAPB Process
136 0 2 0 0.00% 0.00% 0.00% 0 LFDp Input Proc
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
137 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
138 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
139 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
140 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
141 0 1 0 0.00% 0.00% 0.00% 0 MQC Flow Event B
142 35504 424737438 0 0.23% 0.25% 0.23% 0 HQF Shaper Backg
143 4068 17031478 0 0.00% 0.00% 0.00% 0 RBSCP Background
144 0 2 0 0.00% 0.00% 0.00% 0 SCTP Main Proces
145 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
146 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLE
147 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest
148 0 1 0 0.00% 0.00% 0.00% 0 IPS Process
149 0 2 0 0.00% 0.00% 0.00% 0 IPS Auto Update
150 0 2 0 0.00% 0.00% 0.00% 0 SDEE Management
151 948 3338807 0 0.00% 0.00% 0.00% 0 Inspect process
152 0 1 0 0.00% 0.00% 0.00% 0 xcpa-driver
153 52 136947 0 0.00% 0.00% 0.00% 0 FW DP Inspect pr
154 1112 3338806 0 0.00% 0.00% 0.00% 0 CCE DP URLF cach
155 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc
156 0 1 0 0.00% 0.00% 0.00% 0 XSM_EVENT_ENGINE
157 144 171238 0 0.00% 0.00% 0.00% 0 XSM_ENQUEUER
158 68 171238 0 0.00% 0.00% 0.00% 0 XSM Historian
159 0 1 0 0.00% 0.00% 0.00% 0 Select Timers
160 4 2 2000 0.00% 0.00% 0.00% 0 HTTP Process
161 0 2 0 0.00% 0.00% 0.00% 0 CIFS API Process
162 0 2 0 0.00% 0.00% 0.00% 0 CIFS Proxy Proce
163 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
164 56 114166 0 0.00% 0.00% 0.00% 0 ACE policy loade
165 156 68505 2 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
166 36688 172862 212 0.00% 0.00% 0.00% 0 BGP I/O
167 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
168 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
169 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
170 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke
171 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
172 44 112 392 0.00% 0.00% 0.00% 0 LOCAL AAA
173 0 42 0 0.00% 0.00% 0.00% 0 MPLS Auto Mesh P
174 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
175 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR
176 0 1 0 0.00% 0.00% 0.00% 0 FW_TEST_TRP
177 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
178 4 3 1333 0.00% 0.00% 0.00% 0 Crypto WUI
179 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
180 0 1 0 0.00% 0.00% 0.00% 0 IPSECv6 PS Proc
181 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_HTSP
182 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
183 0 1 0 0.00% 0.00% 0.00% 0 EPHONE MWI Refre
184 0 1903 0 0.00% 0.00% 0.00% 0 FB/KS Log HouseK
185 0 2 0 0.00% 0.00% 0.00% 0 EPHONE MWI BG Pr
186 0 1 0 0.00% 0.00% 0.00% 0 Skinny HW confer
187 0 1 0 0.00% 0.00% 0.00% 0 CCSWVOICE
188 206492 114180 1808 0.00% 0.00% 0.00% 0 BGP Scanner
189 0 1 0 0.00% 0.00% 0.00% 0 http client proc
190 0 3 0 0.00% 0.00% 0.00% 0 BGP Event
191 0 1 0 0.00% 0.00% 0.00% 0 QOS_MODULE_MAIN
192 0 1 0 0.00% 0.00% 0.00% 0 RPMS_PROC_MAIN
193 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA
194 0 2 0 0.00% 0.00% 0.00% 0 Dialog Manager
195 184 104 1769 0.00% 0.00% 0.00% 0 crypto engine pr
196 0 4 0 0.00% 0.00% 0.00% 0 Crypto CA
197 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
198 28008 64288 435 0.00% 0.00% 0.00% 0 encrypt proc
199 384768 28300 13596 0.00% 0.00% 0.00% 0 crypto sw pk pro
200 8 27 296 0.00% 0.00% 0.00% 0 Crypto INT
201 456 2019 225 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
202 2128 2714 784 0.00% 0.00% 0.00% 0 Crypto IKMP
203 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
204 180 85737 2 0.00% 0.00% 0.00% 0 IPSEC key engine
205 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce
206 28 142 197 0.00% 0.00% 0.00% 0 Crypto ACL
207 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
208 0 1 0 0.00% 0.00% 0.00% 0 GDOI GM Process
209 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY
210 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY AC
211 0 1 0 0.00% 0.00% 0.00% 0 MV64 TDR Process
212 0 1 0 0.00% 0.00% 0.00% 0 IMA Traps
213 0 1 0 0.00% 0.00% 0.00% 0 SYSMGT Events
214 0 2 0 0.00% 0.00% 0.00% 0 Control-plane ho
215 0 1 0 0.00% 0.00% 0.00% 0 DATA Transfer Pr
216 0 1 0 0.00% 0.00% 0.00% 0 DATA Collector
217 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
218 116 292 397 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
219 136 171243 0 0.00% 0.00% 0.00% 0 RMON Recycle Pro
220 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se
221 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
222 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Resource
223 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Routing
224 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Track
225 80 53575 1 0.00% 0.00% 0.00% 0 Crypto cTCP proc
226 0 1 0 0.00% 0.00% 0.00% 0 IP SLAs Ethernet
227 4 1 4000 0.00% 0.00% 0.00% 0 RMON Packets
228 820 1709984 0 0.00% 0.00% 0.00% 0 trunk conditioni
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
229 0 1 0 0.00% 0.00% 0.00% 0 trunk conditioni
230 12 120 100 0.00% 0.00% 0.00% 0 EEM Server
231 4 2 2000 0.00% 0.00% 0.00% 0 Call Home proces
232 52 260 200 0.00% 0.00% 0.00% 0 Syslog
233 0 1 0 0.00% 0.00% 0.00% 0 VPDN Test
234 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
235 0 2 0 0.00% 0.00% 0.00% 0 EEM ED CLI
236 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Counter
237 0 3 0 0.00% 0.00% 0.00% 0 EM ED GOLD
238 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Interface
239 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD
240 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Ipsla
241 0 3 0 0.00% 0.00% 0.00% 0 EEM ED None
242 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Nf
243 0 3 0 0.00% 0.00% 0.00% 0 EEM ED OIR
244 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RF
245 0 3 0 0.00% 0.00% 0.00% 0 EEM ED SNMP
246 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP Noti
247 36 42890 0 0.00% 0.00% 0.00% 0 EEM ED Timer
248 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Test
249 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Config
250 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Env
251 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RPC
252 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_
253 0 1 0 0.00% 0.00% 0.00% 0 Key Proc
254 36 28543 1 0.00% 0.00% 0.00% 0 Call Home Timer
255 0 1 0 0.00% 0.00% 0.00% 0 tHUB
256 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
257 104 953 109 0.00% 0.00% 0.00% 0 SSH Event handle
258 16 28543 0 0.00% 0.00% 0.00% 0 Secure Login
259 84 54 1555 0.00% 0.00% 0.00% 0 Tunnel Security
260 56 67 835 0.00% 0.00% 0.00% 0 Crypto SS Proces
261 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ
262 0 1 0 0.00% 0.00% 0.00% 0 TCP Listener
263 0 2 0 0.00% 0.00% 0.00% 0 IP Flow Top Talk
264 1180 3338804 0 0.00% 0.00% 0.00% 0 IP NAT Ager
265 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN
266 24 28563 0 0.00% 0.00% 0.00% 0 IP SLAs Event Pr
267 434504 1489526 291 0.00% 0.00% 0.00% 0 IP SNMP
268 170304 877961 193 0.00% 0.00% 0.00% 0 PDU DISPATCHER
269 495704 877992 564 0.00% 0.00% 0.00% 0 SNMP ENGINE
270 0 2 0 0.00% 0.00% 0.00% 0 IP SNMPV6
271 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
272 0 1 0 0.00% 0.00% 0.00% 0 SNMP Traps
273 1185420 1715196 691 0.00% 0.00% 0.00% 0 NTP
274 412 29 14206 0.00% 0.00% 0.00% 0 VTEMPLATE Backgr
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
275 18608 174262 106 0.00% 0.00% 0.00% 0 BGP Router
276 36 27171 1 0.00% 0.00% 0.00% 0 DFS flush period
277 8 12 666 0.00% 0.00% 0.00% 0 Collection proce
278 16 651 24 0.00% 0.00% 0.00% 0 CRYPTO IKMP IPC
279 1724 850 2028 0.00% 0.00% 0.00% 2 SSH Process
281 0 1 0 0.00% 0.00% 0.00% 0 Skinny MOH Event
282 64 173856 0 0.00% 0.00% 0.00% 0 Skinny Socket Se
283 0 1451 0 0.00% 0.00% 0.00% 0 Web Write Housek
==============================================================
wish to help ASAPJosephDoherty wrote:DisclaimerThe Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.Liability DisclaimerIn no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.PostingThe fact you are matching with any ACLs, will decrease maximum performance.The fact you are using a policy-may, will decrease maximum performance.The fact is a -G2 only has finite capacity.In other words, what you're seeing might be completely normal for your traffic volume, your traffic composition and your configuration.If you believe your router is overloaded, and generally above 75% CPU might be so considered, either you'll need a faster device (see ASR 1Ks), or you might try changing your configuration to decrease your configuration load on the router.What's your CPU load if your remove the policy-map from the interface?If removing the policy-map from the interface shows a significant CPU loading decrease - QED.If you need/desire such QoS, then you'll want a "faster" router.You might be also able to decrease your CPU a little by some "tuning". I already mention the TurboACL feature statement. With ACLs, fewer are faster, and how they ordered (especially without TurboACL) impacts CPU. How you order you class-maps, within a policy, and how the match statements are ordered will also have some impact on the CPU load. If buffers are being allocated/deallocated, that too will impact CPU loading. I assume CEF is enabled, but for some traffic, flow caching might decrease CPU load.Remember a software based router, like the 7200s, are, more or less, a computer that takes your configuration and determines what's to be done with every packet it "sees". The more your configuration requires for per packet analysis, the more load for each packet.There are whitepapers addressing high CPU load caused by "process switching", but what you posted appears to be mostly all interrupt processing, which is "fast path", or optimal, packet forwarding. There's not much you can normally do to improve against that, other than insuring your configuration is as optimal as possible for your needs (again, things like sequencing/ordering of statements).
hi ,
thanks very very much for this nice information,
let me answer you :
you said that NPE G2 has finite capacity , but how to know this full capacity ???
i mean that my policy map is matching the traffic , but the matched traffic is not being enhancemend ??!!!
last about two weeks , the matched traffic of youtube was excellent and no interrupt durting the my rush hour.
i didnt change any thing, but my bw increased from 730 Mbps to 760Mbps ,
im un able to make sure that i need to chnage my platform to faster one.
agian
my cpu is 60 % without QOS
after QOS it increase to 80-85 %
agian ,
about NBAR
i want to tell you that i cant depend on NBAR , as an example , im matching the ips of videos of facebook , i cant depend on NBAR because it is https videos.
but in summary ,
my qos is matching well , but i have no real enhancement for my traffic.
did you face my issue before ???
i mean have you see like my problem ?
like my router platform with cpu over 80 % and 750Mbps , and matched qos without good result ??
note that i upgraded to iso 15 , but seems same issue !!!
regards -
Remote site to site VPN user cannot access LAN resources
Users in remote site can get ping response but no http service from local web server where the local web server also has NAT rule allowing access from WAN. In the below config, users in remote 10.10.10.160/27 can ping 10.10.10.30 and 10.10.10.95, but http packets are not returned.
What do I need to do to fix this?
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SFGallery
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authentication login ciscocp_vpn_xauth_ml_3 group radius local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone PCTime -7 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 172.16.0.1 172.16.3.99
ip dhcp excluded-address 172.16.3.200 172.16.3.254
ip dhcp pool SFGallery172
import all
network 172.16.0.0 255.255.252.0
domain-name xxxxxxxxxxxx
dns-server 10.10.10.10
default-router 10.10.10.94
netbios-name-server 10.10.10.10
ip domain name gpgallery.com
ip name-server 10.10.10.10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 10.10.10.80
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki trustpoint SFGallery_Certificate
enrollment selfsigned
serial-number none
ip-address none
revocation-check crl
rsakeypair SFGallery_Certificate_RSAKey 512
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain SFGallery_Certificate
certificate self-signed 01
xxxxxx
quit
license udi pid CISCO2911/K9 sn FTX1542AKJ3
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
hw-module sm 1
object-group network Corp
172.16.4.0 255.255.252.0
10.10.10.128 255.255.255.224
object-group network SFGallery
172.16.0.0 255.255.252.0
10.10.10.0 255.255.255.128
object-group network NY
10.10.10.160 255.255.255.224
172.16.16.0 255.255.252.0
object-group network GPAll
group-object SFGallery
group-object NY
group-object Corp
username xxx
username xxx
username xxx
username xxx
redundancy
no ip ftp passive
ip ssh version 1
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
zone security sslvpn-zone
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key TempVPN1# address xx.xx.xx.xx
crypto isakmp client configuration group SFGallery
key Peters2011
dns 10.10.10.10 10.10.10.80
wins 10.10.10.10 10.10.10.80
domain gpgallery.com
pool SDM_POOL_1
acl 111
save-password
split-dns gpgallery.com
max-users 25
max-logins 3
netmask 255.255.252.0
banner ^CYou are now connected to the Santa Fe Gallery and Corp. ^C
crypto isakmp profile ciscocp-ike-profile-1
match identity group SFGallery
client authentication list ciscocp_vpn_xauth_ml_3
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 3
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 43200
set transform-set ESP-3DES-SHA3
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxx.xx.xx.xx
set peer xx.xx.xx.xx
set transform-set ESP-3DES-SHA1
match address 107
reverse-route
interface Loopback1
ip address 192.168.5.1 255.255.255.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description T1 Cybermesa$ETH-WAN$
ip address xx.xx.xx.xx 255.255.255.240
ip access-group 105 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
interface GigabitEthernet0/1
description LANOverloadNet$ETH-WAN$
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description LAN$ETH-LAN$
ip address 10.10.10.2 255.255.255.128
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
ip access-group ReplicationIN out
duplex auto
speed auto
interface GigabitEthernet1/0
description $ETH-LAN$
ip address 172.16.0.1 255.255.252.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet1/1
description Internal switch interface connected to EtherSwitch Service Module
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
interface Virtual-Template2
ip unnumbered Loopback1
zone-member security sslvpn-zone
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
no ip address
ip local pool SDM_POOL_1 172.16.3.200 172.16.3.254
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 60000
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static tcp 10.10.10.95 25 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 25 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static udp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static udp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.30 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.104 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.115 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.115 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.80 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent
ip route 10.10.10.0 255.255.255.128 GigabitEthernet0/2 10 permanent
ip route 10.10.10.44 255.255.255.255 10.10.10.1 permanent
ip route 10.10.10.128 255.255.255.224 10.10.10.126 permanent
ip route 10.10.10.172 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.175 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.177 255.255.255.255 10.10.10.3 permanent
ip route 172.16.4.0 255.255.252.0 10.10.10.126 permanent
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0/0 permanent
ip route 192.168.101.0 255.255.255.0 10.10.10.126 permanent
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended ReplicationIN
remark CCP_ACL Category=1
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
deny ip any any
ip access-list extended ReplicationOUT
remark CCP_ACL Category=1
deny ip any any
no logging trap
logging 10.10.10.107
access-list 1 permit 192.168.1.2
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 72.216.51.56 0.0.0.7
access-list 1 permit 172.16.0.0 0.0.3.255
access-list 1 permit 172.16.4.0 0.0.3.255
access-list 1 permit 10.10.10.128 0.0.0.31
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 permit xx.xx.xx.xx 0.0.0.15
access-list 1 permit 10.10.10.0 0.0.0.127
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp object-group GPAll object-group NY eq www
access-list 100 permit udp host 10.10.10.10 eq 1645 host 10.10.10.2
access-list 100 permit udp host 10.10.10.10 eq 1646 host 10.10.10.2
access-list 100 permit ip any host 10.10.10.2
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq telnet
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq telnet
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 22
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 22
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq www
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq www
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 443
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 443
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq cmd
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq cmd
access-list 100 deny tcp any host 10.10.10.2 eq telnet
access-list 100 deny tcp any host 10.10.10.2 eq 22
access-list 100 deny tcp any host 10.10.10.2 eq www
access-list 100 deny tcp any host 10.10.10.2 eq 443
access-list 100 deny tcp any host 10.10.10.2 eq cmd
access-list 100 deny udp any host 10.10.10.2 eq snmp
access-list 100 permit udp any eq domain host 10.10.10.2
access-list 100 permit udp host 10.10.10.80 eq domain any
access-list 100 permit udp host 10.10.10.10 eq domain any
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 72.216.51.56 0.0.0.7 any
access-list 101 permit ip 172.16.0.0 0.0.3.255 any
access-list 101 permit ip 172.16.4.0 0.0.3.255 any
access-list 101 permit ip 10.10.10.128 0.0.0.31 any
access-list 101 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip 10.10.10.0 0.0.0.127 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 72.216.51.56 0.0.0.7 any
access-list 102 permit ip 172.16.0.0 0.0.3.255 any
access-list 102 permit ip 172.16.4.0 0.0.3.255 any
access-list 102 permit ip 10.10.10.128 0.0.0.31 any
access-list 102 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 102 permit ip host 192.168.1.2 any
access-list 102 permit ip 10.10.10.0 0.0.0.127 any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq telnet
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 22
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq www
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 443
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq cmd
access-list 103 deny tcp any host 172.16.0.1 eq telnet
access-list 103 deny tcp any host 172.16.0.1 eq 22
access-list 103 deny tcp any host 172.16.0.1 eq www
access-list 103 deny tcp any host 172.16.0.1 eq 443
access-list 103 deny tcp any host 172.16.0.1 eq cmd
access-list 103 deny udp any host 172.16.0.1 eq snmp
access-list 103 permit ip any any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 105 remark Auto generated by SDM Management Access feature
access-list 105 remark CCP_ACL Category=1
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.128 0.0.0.31
access-list 105 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 22
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq www
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq www
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq www
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 443
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq cmd
access-list 105 deny tcp any host xx.xx.xx.xx eq telnet
access-list 105 deny tcp any host xx.xx.xx.xx eq 22
access-list 105 deny tcp any host xx.xx.xx.xx eq www
access-list 105 deny tcp any host xx.xx.xx.xx eq 443
access-list 105 deny tcp any host xx.xx.xx.xx eq cmd
access-list 105 deny udp any host xx.xx.xx.xx eq snmp
access-list 105 permit tcp any host xx.xx.xx.xx eq 443
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.0 0.0.0.127
access-list 105 permit udp any eq domain host xx.xx.xx.xx
access-list 105 permit ahp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit esp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq isakmp
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq non500-isakmp
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 105 permit ip any any
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 106 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 106 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 106 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 107 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 107 remark IPSec Rule
access-list 107 deny ip 172.16.0.0 0.0.255.255 host 10.10.10.177
access-list 108 remark CCP_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 108 permit ip 70.56.215.0 0.0.0.255 any
access-list 109 remark CCP_ACL Category=2
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 109 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 109 remark IPSec Rule
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 109 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 109 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 109 permit ip 172.16.0.0 0.0.255.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.10.10.0 0.0.0.127 any
access-list 111 permit ip 10.10.10.128 0.0.0.31 any
access-list 111 permit ip 172.16.0.0 0.0.3.255 any
access-list 111 permit ip 172.16.4.0 0.0.3.255 any
access-list 111 permit ip 10.10.10.160 0.0.0.31 any
route-map SDM_RMAP_4 permit 1
match ip address 109
route-map SDM_RMAP_1 permit 1
match ip address 106
route-map SDM_RMAP_2 permit 1
match ip address 108
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.10.10.107 public
radius-server host 10.10.10.10 key HelloSFGal1#
control-plane
banner login ^CCCWelcome to Santa Fe Gallery Cisco 2911 router 10.10.10.1.^C
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line vty 0 4
access-class 102 in
transport input telnet
line vty 5 15
access-class 101 in
transport input telnet
scheduler allocate 20000 1000
endThanks so much, Herbert.
As an alternative to what you suggest, what do you think of this? I got it from Cisco's support document, http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
I would delete these lines:
no ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 extendable
and replace with these
ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 route-map nonat extendable
Then add:
access-list 150 deny ip host 10.10.10.95 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.95 172.16.8.0 0.0.3.255
access-list 150 deny ip host 10.10.10.130 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.130 172.16.8.0 0.0.3.255
access-list 150 permit ip host 10.10.10.95 any
access-list 150 permit ip host 10.10.10.130 any
route-map nonat permit 10
match ip address 150 -
ARP table not populating mac address for previously reachable IP address
Router has been online and working fine with one BGP neighbor for almost 2 years and no downtime. 2 weeks ago, added a 2nd BGP peer. Everything worked fine for 2 weeks, then all of a sudden yesterday the 2nd BGP peer is disconnected and does not come back. ISP checks and sees everything looks fine on their end. We cannot even ping each other now.
Upon investigation, the ARP table is not even populating the MAC address for the BGP peer IP anymore (same local subnet). Stays "incomplete" in the table no matter what we do, including clearing arp table, changing IP address, etc.
Plug a laptop directly into the 2nd BGP peer FE port and replicate the IP addressing. Laptop cannot ping Router, but Router CAN ping laptop. Check ARP table, but STILL no mac address assigned and now not even the ARP table showing "incomplete".
Thinking it could be the FE interface, switch to the 2nd FE interface and perform same laptop test, this time with arbitrary IP addressing. Now cannot ping each other, no MAC in ARP table.
End up rebooting the router and lo-and-behold, everything is working normally again. 2nd BGP peer peers up instantly.
I should also mention that the 1st BGP peer worked flawlessly throughout, taking all the Internet load and having no issues throughout.
Also, the FE ports for the 2nd BGP peer are on an HWIC FE card plugged into the router. The 1st BGP peer is plugged into the built-in GE interface. 2901 running: c2900-universalk9-mz.SPA.151-4.M4.bin
Lastly, no router resource issues, no error messages, no logs. Just the BGP peer disconnecting.
I have never, in 20 years working with Cisco routers seen something like this before. This is the most fundamental aspect of IP and Ethernet that was not working.
Has anyone ever seen this behavior before??
Here is the router config (IP's changed):
version 15.1
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
boot-start-marker
boot-end-marker
logging buffered 150000
aaa new-model
aaa authentication login LAUTHEN local
aaa authentication login TAUTHEN local group tacacs+ enable
aaa authorization console
aaa authorization exec LAUTHOR local if-authenticated
aaa authorization exec TAUTHOR local group tacacs+ if-authenticated
aaa session-id common
clock timezone PST -8 0
clock summer-time PDT recurring
no ipv6 cef
no ip source-route
ip cef
no ip domain lookup
multilink bundle-name authenticated
username ubiadmin privilege 15 secret 4 .JbeuWXuZvchrG0OL.5BftFtqrrEyxcnVHn5rIuCnTk
username umitsnoc01 privilege 15 secret 4 cUmoRUjey9O1x.wk9S.kleX.iAAhCwihupr6Z98p6OA
redundancy
ip ssh version 2
track 1 interface GigabitEthernet0/0 line-protocol
class-map match-any AutoQoS-VoIP-RTP-Trust
match access-group name SIP-Media-INBOUND
class-map match-any AutoQoS-VoIP-Control-Trust
match ip dscp cs3
match ip dscp af31
class-map match-any Customer-Voice
match access-group name Customer-VPNs
class-map match-any media
match access-group name SIP-Media
class-map match-any signaling
match access-group name SIP-Signaling
policy-map AutoQoS-Policy-Trust
class AutoQoS-VoIP-RTP-Trust
priority percent 70
class AutoQoS-VoIP-Control-Trust
bandwidth percent 5
class class-default
fair-queue
policy-map queue
class signaling
bandwidth percent 5
class media
priority percent 50
class Customer-Voice
priority percent 40
class class-default
fair-queue
policy-map shape
class class-default
shape average 10000000
service-policy queue
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description BGP Peer 1
ip address 2.2.2.2 255.255.255.252
no ip redirects
ip flow ingress
ip flow egress
duplex auto
speed auto
service-policy output shape
interface GigabitEthernet0/1
description LAN
ip address 1.2.3.4 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
standby 255 ip 1.2.3.1
standby 255 priority 105
standby 255 preempt
standby 255 mac-address 1a2b.3c4d.5e6f
standby 255 track 1 decrement 10
duplex auto
speed auto
service-policy output AutoQoS-Policy-Trust
interface FastEthernet0/0/0
description BGP Peer 2
ip address 1.1.1.1 255.255.255.252
ip flow ingress
ip flow egress
duplex full
speed 100
service-policy output shape
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
router bgp 7777
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 1.2.3.0 mask 255.255.255.0
neighbor 1.1.1.2 remote-as 5555
neighbor 1.1.1.2 update-source FastEthernet0/0/0
neighbor 1.1.1.2 prefix-list L3-DEFGW in
neighbor 1.1.1.2 route-map L3-LPREF-IN in
neighbor 2.2.2.1 remote-as 6666
neighbor 2.2.2.1 ebgp-multihop 2
neighbor 2.2.2.1 update-source GigabitEthernet0/0
neighbor 2.2.2.1 send-community
neighbor 2.2.2.1 prefix-list COLO-DEFGW in
neighbor 2.2.2.1 route-map COLO-LPREF-IN in
neighbor 2.2.2.1 route-map COLO-OUT out
ip forward-protocol nd
ip bgp-community new-format
ip as-path access-list 5 permit _5555_
ip as-path access-list 5 deny .*
ip as-path access-list 10 permit ^6666$
no ip http server
no ip http secure-server
ip flow-top-talkers
top 50
sort-by bytes
ip route 0.0.0.0 0.0.0.0 1.1.1.2 254 name L3
ip route 0.0.0.0 0.0.0.0 2.2.2.1 255 name COLO1
ip route 10.0.0.0 255.0.0.0 10.10.10.10 name FW_OUTSIDE
ip tacacs source-interface GigabitEthernet0/1
ip access-list standard SNMP_SOURCES
permit 12.12.12.0 0.0.0.255
deny any log
ip prefix-list L3-DEFGW seq 5 permit 0.0.0.0/0
ip prefix-list COLO-DEFGW seq 5 permit 0.0.0.0/0
ip prefix-list COLO-LPREF-OUT seq 5 permit 1.2.3.0/24
route-map COLO-LPREF-IN permit 5
match as-path 5
set local-preference 250
route-map COLO-LPREF-IN permit 10
set local-preference 150
route-map COLO-LPREF-IN permit 20
route-map COLO-OUT permit 10
match ip address prefix-list COLO-LPREF-OUT
set as-path prepend 7777 7777 7777
set community 29795:1004
route-map COLO-OUT permit 20
route-map L3-LPREF-IN permit 10
match as-path 10
set local-preference 200
route-map L3-LPREF-IN permit 20
set local-preference 150
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps mac-notification
snmp-server enable traps aaa_server
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps ipslaWhen you were checking the ARP table was there an entry for Fast0/0/0?
HTH
Rick -
NCS 2.1.1 - strange behavior with wired clients
Hello guys!
I have a problem regarding the NCS 2.1.1. I have the NCS 2.1.1 connected with the ISE 1.2.1 patch 1. and have a handful of switches configured into the ncs.
If a client connects, with 802.1x port security the ncs takes AGES to register the fact. If it does, the window often doesn´t show the correct status:
As you can see, the status in the first line ist "disassociated" and in the client attributes field - its associated, authorization succeeded.
If you disconnect the client, it might take a hour or more for the ncs to register the fact. and yes, I have configured the snmp traps up / down / change and what not, on the switches..
(I have tried this collection:
snmp-server community *edited* RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps rf
snmp-server enable traps memory
snmp-server enable traps cpu_threshold
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps flex-links status
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ether-oam
snmp-server enable traps aaa_server
snmp-server enable traps flash insertion removal
snmp-server enable traps l2tc threshold sys-threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vswitch dual-active vsl
snmp-server enable traps udld link-fail-rpt status-change
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps port-security
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps energywise
snmp-server enable traps ipsla
snmp-server enable traps vstack
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps errdisable
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down)
and it still wont change the status in a timely manner.. Is it just me, or am I expecting to much :D
thanks alot for your help!Logged
Bug 9205959 - rc1: otn: setting data in grid cell make the scrollbar go to bottom
-Raghu -
Getting High cpu in s720 due to snmp(Prime)
Hi Team,
We are getting high cpu Spike in our all distribution switches in many locations.
Also we found our Cisco prime infrastructure causing the high cpu.but the spike only for 20 to 30 seconds.
If we deny the PI there will be no CPU spike..
Is there any troubleshooting or configuration need to done for this issue..but we are getting in all our sites due to this in different cpu process I'd ..
Affected sup like 720 but in core we are not getting that issue with same sup and ios.
Kindly suggest any action plan regarding the high cpu due to the High cpu due to snmp..
Regards,
ArunHi Afroj,
PFB
i have attached the EEM logs during high snmp cpu(605).
Please expertise
Process 605: SNMP ENGINE
Stack segment 0x528E3084 - 0x528E5F64
FP: 0x528E5E88, RA: 0x413DFB00
FP: 0x528E5EB8, RA: 0x41200E60
Process 605: SNMP ENGINE
Stack segment 0x528E3084 - 0x528E5F64
FP: 0x528E5E88, RA: 0x413DFB00
FP: 0x528E5EB8, RA: 0x41200E60
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.237.102.34 162 10.251.1.1 52465 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.238.53.198 162 10.251.1.1 53296 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.238.53.200 162 10.251.1.1 61585 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.238.53.202 162 10.251.1.1 58228 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.242.225.134 162 10.251.1.1 52865 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.242.225.136 162 10.251.1.1 50720 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.10 162 10.251.1.1 51376 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.21 162 10.251.1.1 49787 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.25 162 10.251.1.1 58862 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.3 162 10.251.1.1 56352 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.40 162 10.251.1.1 53080 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.41 162 10.251.1.1 59354 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 209.51.49.42 162 10.251.1.1 64147 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.251.1.14 56112 10.251.1.1 2228 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 1)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 10.251.1.66 1645 0 0 11 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 10.251.1.66 1646 0 0 11 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.184.66.171 67 10.251.9.225 67 0 0 2211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 22)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.238.53.198 1342 10.251.1.1 161 0 0 1001 0
Queues: output 0
input 0 (drops 0, max 50, highwater 28)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 10.251.1.66 162 0 0 1011 0
Queues: output 0
input 0 (drops 0, max 50, highwater 2)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 10.251.1.66 55325 0 0 1011 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17(v6) --listen-- --any-- 161 0 0 20001 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17(v6) --listen-- --any-- 162 0 0 20011 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17(v6) --listen-- --any-- 61700 0 0 20001 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- 10.251.1.66 123 0 0 1 0
Queues: output 0
input 0 (drops 0, max 50, highwater 2)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.237.100.198 514 10.251.1.1 57434 0 0 400241 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.237.204.214 514 10.251.1.1 50817 0 0 400241 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.238.60.34 514 10.251.1.1 51858 0 0 400241 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.243.115.105 162 10.251.1.1 52505 0 0 0 0
Queues: output 0
input 0 (drops 0, max 0, highwater 0)
11:50:13.680 IST Wed Jan 8 2014
Process 605: SNMP ENGINE
Stack segment 0x528E3084 - 0x528E5F64
FP: 0x528E5E88, RA: 0x413DFB00
FP: 0x528E5EB8, RA: 0x41200E60
Process 605: SNMP ENGINE
Stack segment 0x528E3084 - 0x528E5F64
FP: 0x528E5E88, RA: 0x413DFB00
FP: 0x528E5EB8, RA: 0x41200E60
CPU utilization for five seconds: 40%/7%; one minute: 23%; five minutes: 16%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
169 12896 12026 1072 23.10% 9.12% 2.93% 2 SSH Process
11 103780680 268103677 387 2.95% 2.77% 2.70% 0 ARP Input
323 59149684 230740289 256 1.67% 1.50% 1.40% 0 IP Input
215 112 632 177 1.67% 0.13% 0.02% 3 Virtual Exec
412 35386816 13614064 2599 0.63% 0.69% 0.69% 0 CEF: IPv4 proces
214 12 47 255 0.39% 0.03% 0.00% 0 EEM Callback Thr
608 23656 4174 5667 0.23% 0.02% 0.00% 0 SNMP Traps
268 1711956 38291258 44 0.23% 0.21% 0.22% 0 cpf_process_tpQ
85 11661952 28435848 410 0.23% 0.28% 0.29% 0 ARP HA
317 3057232 14577406 209 0.15% 0.17% 0.16% 0 CDP Protocol
350 1365761024332778 0 0.15% 0.17% 0.16% 0 Ethernet Msec Ti
2 9760 1621549 6 0.15% 0.01% 0.00% 0 Load Meter
601 9567588 11060330 865 0.15% 0.20% 0.21% 0 DHCPD Receive
455 159172 114655346 1 0.07% 0.04% 0.02% 0 OSPF-1 Hello
168 20 6694 2 0.07% 0.00% 0.00% 0 TACACS+
50 804004 8351522 96 0.07% 0.09% 0.11% 0 Per-Second Jobs
454 59648 252056393 0 0.07% 0.03% 0.02% 0 RADIUS
325 1268180 11957057 106 0.07% 0.02% 0.00% 0 ADJ resolve proc
456 9988 34907 286 0.07% 0.03% 0.01% 0 TPLUS
293 56980 16209877 3 0.07% 0.01% 0.00% 0 ACE Config Prop
267 6486544 1768422 3667 0.07% 0.07% 0.07% 0 Compute load avg
577 516 47525 10 0.07% 0.00% 0.00% 0 EEM ED SNMP
23 74331892 646724056 114 0.00% 0.90% 0.83% 0 IPC Seat Manager
22 0 1 0 0.00% 0.00% 0.00% 0 IPC Process leve
25 0 1 0 0.00% 0.00% 0.00% 0 IPC Stdby Update
24 0 1 0 0.00% 0.00% 0.00% 0 IPC Session Serv
21 7584 8101413 0 0.00% 0.00% 0.00% 0 IPC Deferred Por
28 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
29 0 12 0 0.00% 0.00% 0.00% 0 ifIndex Receive
30 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
20 232492 8101397 28 0.00% 0.04% 0.05% 0 IPC Periodic Tim
26 176 810789 0 0.00% 0.00% 0.00% 0 Compute SRP rate
33 0 1 0 0.00% 0.00% 0.00% 0 VSL LTL PACL ICC
27 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
35 280 2529 110 0.00% 0.00% 0.00% 0 rf proxy rp agen
19 0 1 0 0.00% 0.00% 0.00% 0 NTI Example Proc
37 4 3 1333 0.00% 0.00% 0.00% 0 client_entity_se
38 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
39 0 1 0 0.00% 0.00% 0.00% 0 Connection Mgr
40 4 40 100 0.00% 0.00% 0.00% 0 Snmp ICC Process
41 60 262 229 0.00% 0.00% 0.00% 0 Cat6k SNMP
42 8 239 33 0.00% 0.00% 0.00% 0 Cat6k SNMP Trap
31 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
32 1182260 6068061 194 0.00% 0.01% 0.00% 0 EnvMon
45 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
46 70304 1415029 49 0.00% 0.00% 0.00% 0 Net Background
18 2224 135036 16 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
48 212 8653 24 0.00% 0.00% 0.00% 0 Logger
49 24752 8101358 3 0.00% 0.00% 0.00% 0 TTY Background
34 25544 8101346 3 0.00% 0.00% 0.00% 0 GraphIt
36 0 41 0 0.00% 0.00% 0.00% 0 rf proxy message
52 28 209 133 0.00% 0.00% 0.00% 0 Cat6k NTI ICC pr
53 152 511 297 0.00% 0.00% 0.00% 0 IF-MGR control p
43 0 1 0 0.00% 0.00% 0.00% 0 ARP Snoop
55 60 583 102 0.00% 0.00% 0.00% 0 Env action
56 0 2 0 0.00% 0.00% 0.00% 0 Flash ICC Server
57 0 13514 0 0.00% 0.00% 0.00% 0 foundation
58 0 1 0 0.00% 0.00% 0.00% 0 VS Redirect EOBC
59 3450908 116847868 29 0.00% 0.04% 0.04% 0 VSIBC process
60 8 80 100 0.00% 0.00% 0.00% 0 ICC Nego
61 0 13522 0 0.00% 0.00% 0.00% 0 itasca
62 124 67 1850 0.00% 0.00% 0.00% 0 EOBC Monitor Pro
63 2543040 128884246 19 0.00% 0.03% 0.02% 0 Net Input
64 12 45 266 0.00% 0.00% 0.00% 0 draco-oir-proces
65 0 1 0 0.00% 0.00% 0.00% 0 EnergyWise incre
66 0 1 0 0.00% 0.00% 0.00% 0 K+ RED MAMBA pr
67 0 1 0 0.00% 0.00% 0.00% 0 K+ RED MAMBA Adj
68 0 9 0 0.00% 0.00% 0.00% 0 MWAM CONFIG ON S
44 11928 8101398 1 0.00% 0.00% 0.00% 0 Dynamic ARP Insp
47 0 3 0 0.00% 0.00% 0.00% 0 IDB Work
71 0 1 0 0.00% 0.00% 0.00% 0 PF Sync process
72 0 1 0 0.00% 0.00% 0.00% 0 PF SCP process
73 0 8 0 0.00% 0.00% 0.00% 0 RPC rf_rfmib_not
74 12 11 1090 0.00% 0.00% 0.00% 0 RPC Sync
75 0 11 0 0.00% 0.00% 0.00% 0 SCP Multicast
76 0 2 0 0.00% 0.00% 0.00% 0 SCP Generic Unso
77 16 487 32 0.00% 0.00% 0.00% 0 TCAM API Process
17 0 1 0 0.00% 0.00% 0.00% 0 IFS Agent Manage
79 7608 8101392 0 0.00% 0.00% 0.00% 0 VS CHASSIS Info
80 0 16 0 0.00% 0.00% 0.00% 0 VS ICC request p
81 0 2 0 0.00% 0.00% 0.00% 0 cpf_msg_holdq_pr
82 336 1211 277 0.00% 0.00% 0.00% 0 cpf_msg_rcvq_pro
16 336 4338 77 0.00% 0.00% 0.00% 0 EEM ED Syslog
51 6060004 221751 27328 0.00% 0.07% 0.05% 0 Per-minute Jobs
14 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
54 36 524 68 0.00% 0.00% 0.00% 0 IF-MGR event pro
87 0 2 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr
88 14092 135040 104 0.00% 0.00% 0.00% 0 RF CWAN HA Proce
89 0 3 0 0.00% 0.00% 0.00% 0 CWAN HA VLAN SYN
90 0 7 0 0.00% 0.00% 0.00% 0 CWAN IF EVENT HA
91 0 3 0 0.00% 0.00% 0.00% 0 CWAN APS HA Proc
69 12 386 31 0.00% 0.00% 0.00% 0 svclc
93 0 5 0 0.00% 0.00% 0.00% 0 DHCP Snooping HA
94 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
95 0 1 0 0.00% 0.00% 0.00% 0 FM HA Sync
96 26576 8102313 3 0.00% 0.00% 0.00% 0 Heartbeat Proces
97 4 108 37 0.00% 0.00% 0.00% 0 Const ICC reques
98 0 1 0 0.00% 0.00% 0.00% 0 Const ICC event
99 0 1 0 0.00% 0.00% 0.00% 0 Const ICC except
100 0 1 0 0.00% 0.00% 0.00% 0 ICC Local Reques
101 16660 246024 67 0.00% 0.00% 0.00% 0 ICC Async mcast
102 0 1 0 0.00% 0.00% 0.00% 0 ICC_REQ Debug Pr
103 16 148 108 0.00% 0.00% 0.00% 0 ICC FC Process
104 0 1 0 0.00% 0.00% 0.00% 0 ICC FC Test Send
105 0 1 0 0.00% 0.00% 0.00% 0 ICC FC Test Low
106 0 1 0 0.00% 0.00% 0.00% 0 L3 Manager HA
107 0 1 0 0.00% 0.00% 0.00% 0 FWSM HA Sync
108 0 1 0 0.00% 0.00% 0.00% 0 QoS HA CHKPT
109 0 5 0 0.00% 0.00% 0.00% 0 CWRP SPA TSM HA
110 4 4 1000 0.00% 0.00% 0.00% 0 Switch IP Host T
111 0 3 0 0.00% 0.00% 0.00% 0 RPC virtual_mode
112 0 3 0 0.00% 0.00% 0.00% 0 RPC vs_sp_print_
113 0 3 0 0.00% 0.00% 0.00% 0 RPC vs_rp2sp_rpc
114 4 20 200 0.00% 0.00% 0.00% 0 IP Admission HA
115 0 1 0 0.00% 0.00% 0.00% 0 Mistral Reset Pr
116 0 1 0 0.00% 0.00% 0.00% 0 ECC correctable
117 300 44 6818 0.00% 0.00% 0.00% 0 PF_Init Process
118 0 1 0 0.00% 0.00% 0.00% 0 K+ RED MAMBA STA
119 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
120 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
121 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
122 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
70 0 21 0 0.00% 0.00% 0.00% 0 PF IPC ICC Init
78 0 3 0 0.00% 0.00% 0.00% 0 RPC vs_prov_lc-R
125 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
126 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
127 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
128 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
129 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
130 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
131 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
132 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
133 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
134 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
135 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
136 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
137 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
138 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
139 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
83 0 1 0 0.00% 0.00% 0.00% 0 CHKPT Test clien
141 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
142 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
143 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
144 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
145 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
146 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
147 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
148 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
149 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
84 7804 68315 114 0.00% 0.00% 0.00% 0 DHCP Snooping
151 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
86 0 2 0 0.00% 0.00% 0.00% 0 IKE HA Mgr
153 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
154 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
155 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
92 0 3 0 0.00% 0.00% 0.00% 0 CWAN SRP HA Proc
157 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
158 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
159 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
160 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
161 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
162 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
163 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
164 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
165 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
166 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
167 0 35 0 0.00% 0.00% 0.00% 0 KEYSTORE HA IPC
123 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
13 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
170 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
171 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
172 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
173 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
174 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
175 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
176 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
177 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
178 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
179 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
180 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
181 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
182 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
183 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
184 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
185 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
186 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
187 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
188 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
189 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
190 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
191 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
192 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
193 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
194 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
195 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
196 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
197 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
198 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
199 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
200 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
201 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
202 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
203 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
204 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
205 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
206 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
207 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
208 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
209 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
210 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
211 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
212 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
213 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
12 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
10 0 2 0 0.00% 0.00% 0.00% 0 Timers
217 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
218 0 196 0 0.00% 0.00% 0.00% 0 SNMP Timers
219 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
220 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
221 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
222 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
223 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
224 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
225 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
9 448 1689 265 0.00% 0.00% 0.00% 0 Pool Manager
227 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
228 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
229 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
230 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
231 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
124 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
140 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
235 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
236 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
237 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
238 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
239 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
240 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
241 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
242 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
243 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
244 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
245 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
246 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
247 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
248 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
249 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
250 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
251 4 1 4000 0.00% 0.00% 0.00% 0 IPC ISSU Version
252 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
253 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
254 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
255 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
256 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
257 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
258 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
259 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
260 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
261 0 1 0 0.00% 0.00% 0.00% 0 Cat6k NTI RP Exa
262 0 3 0 0.00% 0.00% 0.00% 0 RPC rpc-slave-11
263 16 126 126 0.00% 0.00% 0.00% 0 PF_Split Sync Pr
264 36 233 154 0.00% 0.00% 0.00% 0 RPC pf-split-rp
265 40 104 384 0.00% 0.00% 0.00% 0 RPC idprom-MP
266 0 1 0 0.00% 0.00% 0.00% 0 BACK CHECK
150 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
8 33163948 1904341 17414 0.00% 0.31% 0.37% 0 Check heaps
269 0 13 0 0.00% 0.00% 0.00% 0 IPC Apps Task
271 12 13 923 0.00% 0.00% 0.00% 0 RTTYS Process
272 0 8 0 0.00% 0.00% 0.00% 0 RFS server proce
273 0 35 0 0.00% 0.00% 0.00% 0 OBFL Cfg Dispatc
274 8 2254 3 0.00% 0.00% 0.00% 0 PF Clock Process
275 0 1 0 0.00% 0.00% 0.00% 0 PPP IP Add Route
276 16 16330 0 0.00% 0.00% 0.00% 0 Transport Port A
277 0 15 0 0.00% 0.00% 0.00% 0 AggMgr Process
278 48 59125 0 0.00% 0.00% 0.00% 0 SFF8472
279 0 1 0 0.00% 0.00% 0.00% 0 const_dump_info_
280 0 1 0 0.00% 0.00% 0.00% 0 POS APS Event Pr
281 0 1 0 0.00% 0.00% 0.00% 0 DSX3MIB ll handl
282 0 1 0 0.00% 0.00% 0.00% 0 FPD Management P
283 0 1 0 0.00% 0.00% 0.00% 0 FPD Action Proce
284 16 253 63 0.00% 0.00% 0.00% 0 Remote Console P
285 0 1 0 0.00% 0.00% 0.00% 0 DIAG-RP-PROC
286 0 1 0 0.00% 0.00% 0.00% 0 DiagErrorLogProc
287 0 3 0 0.00% 0.00% 0.00% 0 Remote CWAN OIR
152 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
289 0 1 0 0.00% 0.00% 0.00% 0 SCP async: LCP#5
290 0 2 0 0.00% 0.00% 0.00% 0 CWAN ACD tasks
291 0 4 0 0.00% 0.00% 0.00% 0 ACE_REQUESTS han
292 61004 252151322 0 0.00% 0.04% 0.02% 0 ACE Tunnel Task
156 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
294 0 3 0 0.00% 0.00% 0.00% 0 ACE VRF Task
295 13552 8101376 1 0.00% 0.00% 0.00% 0 CWAN CHOCX PROCE
296 0 1 0 0.00% 0.00% 0.00% 0 HAL Mailbox
297 22672 8101370 2 0.00% 0.00% 0.00% 0 CWAN CHDSX PROCE
298 0 1 0 0.00% 0.00% 0.00% 0 CT3 Mailbox
299 0 1 0 0.00% 0.00% 0.00% 0 CE3 Mailbox
15 244 647 377 0.00% 0.00% 0.00% 0 Entity MIB API
301 0 1 0 0.00% 0.00% 0.00% 0 CWAN OIR Handler
302 4 7 571 0.00% 0.00% 0.00% 0 Earl NDE Task
7 0 1 0 0.00% 0.00% 0.00% 0 PF Redun ICC Req
304 1619456 4378957 369 0.00% 0.01% 0.00% 0 esw_vlan_stat_pr
6 0 1 0 0.00% 0.00% 0.00% 0 PF Redun ICC Req
306 0 1 0 0.00% 0.00% 0.00% 0 CWRP SPA ATM OIR
307 0 1 0 0.00% 0.00% 0.00% 0 ACE event
308 0 1 0 0.00% 0.00% 0.00% 0 ACE HAPI
309 2128 540126 3 0.00% 0.00% 0.00% 0 ACE policy loade
310 40 191 209 0.00% 0.00% 0.00% 0 CMFI RP process
311 132 3822 34 0.00% 0.00% 0.00% 0 AAA Server
312 88 3276 26 0.00% 0.00% 0.00% 0 AAA ACCT Proc
313 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
314 0 1 0 0.00% 0.00% 0.00% 0 AAA System Acct
315 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
316 24 27027 0 0.00% 0.00% 0.00% 0 IP Admin SM Proc
5 0 10 0 0.00% 0.00% 0.00% 0 IPC ISSU Dispatc
319 0 3 0 0.00% 0.00% 0.00% 0 BFD HA
320 44 4952 8 0.00% 0.00% 0.00% 0 CDP EXPORT PROCE
321 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
322 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
4 0 150 0 0.00% 0.00% 0.00% 0 Retransmission o
324 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
232 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
326 0 1 0 0.00% 0.00% 0.00% 0 PPCP RP Stats Ba
327 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
328 0 2 0 0.00% 0.00% 0.00% 0 PASVC create VA
330 0 3 0 0.00% 0.00% 0.00% 0 HDLC HA
331 0 2 0 0.00% 0.00% 0.00% 0 Spanning Tree
332 0 2 0 0.00% 0.00% 0.00% 0 SpanTree Msg
333 8 5 1600 0.00% 0.00% 0.00% 0 EAPoUDP Process
334 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
335 0 3 0 0.00% 0.00% 0.00% 0 CTS CORE
336 24 381 62 0.00% 0.00% 0.00% 0 SXP CORE
337 0 1 0 0.00% 0.00% 0.00% 0 LSP Tunnel FRR
338 0 3 0 0.00% 0.00% 0.00% 0 MPLS Auto-Tunnel
339 0 1 0 0.00% 0.00% 0.00% 0 O-UNI Client Msg
340 8 266 30 0.00% 0.00% 0.00% 0 SSM connection m
341 4 4 1000 0.00% 0.00% 0.00% 0 cv6 per prefix a
342 0 2 0 0.00% 0.00% 0.00% 0 REP Topology cha
343 0 1 0 0.00% 0.00% 0.00% 0 AUTH POLICY Fram
344 52 255 203 0.00% 0.00% 0.00% 0 Auth Manager
345 0 1 0 0.00% 0.00% 0.00% 0 CMD HANDLER
346 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Mgr Proces
347 0 1 0 0.00% 0.00% 0.00% 0 EAP Framework
348 0 2 0 0.00% 0.00% 0.00% 0 Ethernet CFM
349 7040 48484291 0 0.00% 0.00% 0.00% 0 Ethernet Timer C
3 316 905 349 0.00% 0.00% 0.00% 1 SSH Process
351 0 2 0 0.00% 0.00% 0.00% 0 Ethernet LMI
352 0 1 0 0.00% 0.00% 0.00% 0 MAB Framework
353 244 690 353 0.00% 0.00% 0.00% 0 SW VLAN RP
354 0 9 0 0.00% 0.00% 0.00% 0 const ipfib per-
355 0 2 0 0.00% 0.00% 0.00% 0 CFMPAL-RP Proces
356 0 2 0 0.00% 0.00% 0.00% 0 CFMPAL RPC Proce
357 8 7 1142 0.00% 0.00% 0.00% 0 Const Rate Limit
358 0 1 0 0.00% 0.00% 0.00% 0 802.1x Webauth F
360 0 2 0 0.00% 0.00% 0.00% 0 Ethernet OAM Pro
361 0 1 0 0.00% 0.00% 0.00% 0 DMLP Counter
362 388 1200 323 0.00% 0.00% 0.00% 0 HWIF QoS Process
363 0 5 0 0.00% 0.00% 0.00% 0 MLS FIB RP
364 12 47 255 0.00% 0.00% 0.00% 0 mcast_rp_icc Pro
365 0 2 0 0.00% 0.00% 0.00% 0 QOS Stats Export
366 5543336 4050397 1368 0.00% 0.06% 0.05% 0 QOS Stats Gather
367 0 1 0 0.00% 0.00% 0.00% 0 satvs_interf_pro
368 8 264 30 0.00% 0.00% 0.00% 0 Switch IP Host T
369 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
370 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
371 9872 31671669 0 0.00% 0.00% 0.00% 0 SSS Feature Time
372 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
373 0 3 0 0.00% 0.00% 0.00% 0 ATM HA
374 15156 162270 93 0.00% 0.00% 0.00% 0 CEF background p
375 0 1 0 0.00% 0.00% 0.00% 0 IP IRDP
376 269560 141933 1899 0.00% 0.00% 0.00% 0 IP Background
377 44808 135215 331 0.00% 0.00% 0.00% 0 IP RIB Update
378 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
379 0 30 0 0.00% 0.00% 0.00% 0 Socket Timers
380 0 3 0 0.00% 0.00% 0.00% 0 FR HA
381 4 4 1000 0.00% 0.00% 0.00% 0 GLBP HA
382 224 29448 7 0.00% 0.00% 0.00% 0 TCP Timer
383 712 3708 192 0.00% 0.00% 0.00% 0 TCP Protocols
384 0 27049 0 0.00% 0.00% 0.00% 0 HTTP CORE
385 0 4 0 0.00% 0.00% 0.00% 0 HSRP HA
386 0 6 0 0.00% 0.00% 0.00% 0 MRIB RP Proxy
387 0 9 0 0.00% 0.00% 0.00% 0 PIM HA
388 0 3 0 0.00% 0.00% 0.00% 0 XDR background p
389 278160 298487 931 0.00% 0.00% 0.00% 0 XDR mcast
390 17463136 4115749 4243 0.00% 0.22% 0.23% 0 IPC LC Message H
391 0 3 0 0.00% 0.00% 0.00% 0 XDR RP Ping Back
392 185652 143551 1293 0.00% 0.00% 0.00% 0 XDR RP backgroun
393 0 1 0 0.00% 0.00% 0.00% 0 XDR RP Test Back
394 0 1 0 0.00% 0.00% 0.00% 0 RETRY_REPOPULATE
395 0 3 0 0.00% 0.00% 0.00% 0 LSD HA Proc
396 0 11 0 0.00% 0.00% 0.00% 0 PPP HA
397 0 3 0 0.00% 0.00% 0.00% 0 PPP IPC flow con
398 0 1 0 0.00% 0.00% 0.00% 0 SLB CF process
399 0 4 0 0.00% 0.00% 0.00% 0 VRRP HA
400 0 2 0 0.00% 0.00% 0.00% 0 CTS DATAPATH
401 0 1 0 0.00% 0.00% 0.00% 0 ac_atm_state_eve
402 0 1 0 0.00% 0.00% 0.00% 0 Inspect Timer
403 0 4 0 0.00% 0.00% 0.00% 0 IPv6 ACL RP Proc
404 0 1 0 0.00% 0.00% 0.00% 0 MFI Comm RP Proc
405 0 10 0 0.00% 0.00% 0.00% 0 MPLS ACL IPC Bac
406 0 16 0 0.00% 0.00% 0.00% 0 LDP HA
407 0 3 0 0.00% 0.00% 0.00% 0 MPLS VPN HA Clie
408 0 4 0 0.00% 0.00% 0.00% 0 RSVP HA Services
409 0 6 0 0.00% 0.00% 0.00% 0 TSPTUN HA
410 0 4 0 0.00% 0.00% 0.00% 0 Inter Chassis Pr
411 0 2 0 0.00% 0.00% 0.00% 0 LFDp Input Proc
1 19280 100248 192 0.00% 0.00% 0.00% 0 Chunk Manager
413 0 4 0 0.00% 0.00% 0.00% 0 ADJ background
414 0 1 0 0.00% 0.00% 0.00% 0 Cv6 RP Process
415 4 10 400 0.00% 0.00% 0.00% 0 mfib-const-rp Pr
416 0 3 0 0.00% 0.00% 0.00% 0 AAA HA INT
417 0 1 0 0.00% 0.00% 0.00% 0 Critical Auth
418 0 1 0 0.00% 0.00% 0.00% 0 COPS
419 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Supplicant
420 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Supplicant
421 0 2 0 0.00% 0.00% 0.00% 0 Dot1x Supplicant
422 0 3 0 0.00% 0.00% 0.00% 0 ECFM HA IPC flow
423 4525688 8507921 531 0.00% 0.01% 0.01% 0 L3 Manager
424 0 6 0 0.00% 0.00% 0.00% 0 L3 Manager Commo
425 84556 10616336 7 0.00% 0.00% 0.00% 0 FM core
426 0 1 0 0.00% 0.00% 0.00% 0 Probe Input
427 0 2 0 0.00% 0.00% 0.00% 0 Netflow XDR Mana
428 0 2 0 0.00% 0.00% 0.00% 0 RARP Input
429 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
430 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
431 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
432 36 67566 0 0.00% 0.00% 0.00% 0 DHCPD Timer
433 3164500 4053966 780 0.00% 0.04% 0.05% 0 HIDDEN VLAN Proc
434 0 1 0 0.00% 0.00% 0.00% 0 CWAN LTL manager
435 0 1 0 0.00% 0.00% 0.00% 0 CWAN-RP SCP Proc
436 0 14 0 0.00% 0.00% 0.00% 0 CWAN-RP SCP Inpu
437 0 14 0 0.00% 0.00% 0.00% 0 IPHC RP Process
438 0 6 0 0.00% 0.00% 0.00% 0 L2TRACE SERVER
439 0 1 0 0.00% 0.00% 0.00% 0 MLSM-CC Process
440 0 2 0 0.00% 0.00% 0.00% 0 MWAM_CONSOLE Tim
441 0 2 0 0.00% 0.00% 0.00% 0 CWPA QoS
442 0 2 0 0.00% 0.00% 0.00% 0 Const TCAM Mgr R
443 0 2 0 0.00% 0.00% 0.00% 0 Dual active proc
444 8 2 4000 0.00% 0.00% 0.00% 0 BFD Splitb
445 0 1 0 0.00% 0.00% 0.00% 0 ATM HA AC
446 4 2 2000 0.00% 0.00% 0.00% 0 CMFI VPN HA Proc
447 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
448 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
449 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
450 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
451 16 132 121 0.00% 0.00% 0.00% 0 LOCAL AAA
452 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
453 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
233 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
226 0 1 0 0.00% 0.00% 0.00% 0 IPC ISSU Version
288 0 1 0 0.00% 0.00% 0.00% 0 SEA_SCP_PRC
457 8 7 1142 0.00% 0.00% 0.00% 0 CEF RP IPC Backg
458 0 1 0 0.00% 0.00% 0.00% 0 CWAN OIR IPC Rea
459 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
460 4 52 76 0.00% 0.00% 0.00% 0 MPLS Auto Mesh P
461 0 12 0 0.00% 0.00% 0.00% 0 crypto engine pr
462 0 1 0 0.00% 0.00% 0.00% 0 encrypt proc
463 0 7 0 0.00% 0.00% 0.00% 0 Crypto CA
464 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
465 0 1 0 0.00% 0.00% 0.00% 0 Crypto SSL
466 0 35 0 0.00% 0.00% 0.00% 0 Crypto ACL
467 0 1 0 0.00% 0.00% 0.00% 0 Crypto INT
468 0 2 0 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
469 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKMP
470 3844 405097 9 0.00% 0.00% 0.00% 0 IPSEC key engine
471 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
472 0 1 0 0.00% 0.00% -
Cisco Prime Infrastructure 2.0 - no traps/info are pushed from devices
Good evening,
I have setup Cisco Prime Infrastructure 2.0 and, though I have added manually my 4 network cores as devices without any problem, I can't get a single trap or a single SNMP information to be pushed into my Cisco Prime Infra.
Here is my SNMP config on my core :
snmp-server user *edited* *edited* v3
snmp-server group *edited* v3 noauth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server community *edited* RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps rf
snmp-server enable traps memory
snmp-server enable traps cpu_threshold
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps flex-links status
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ether-oam
snmp-server enable traps aaa_server
snmp-server enable traps flash insertion removal
snmp-server enable traps l2tc threshold sys-threshold
snmp-server enable traps power-ethernet police
snmp-server enable traps rep
snmp-server enable traps vswitch dual-active vsl
snmp-server enable traps udld link-fail-rpt status-change
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps port-security
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps energywise
snmp-server enable traps ipsla
snmp-server enable traps vstack
snmp-server enable traps bfd
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps errdisable
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host *ip-address-edited* version 3 noauth *edited*
Basically all traps are enabled but absolutely nothing is showing up in my Prime Infra except that my 4 devices are "Reachable".
Here is a show snmp on the same device :
sh snmp
Chassis: *S/N Edited*
38554534 SNMP packets input
0 Bad SNMP version errors
14 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
38453185 Number of requested variables
0 Number of altered variables
17790703 Get-request PDUs
20583581 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
38490708 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
38371069 Response PDUs
13 Trap PDUs
SNMP global trap: enabled
SNMP agent enabled
SNMP logging: enabled
Logging to *edited*, 0/10, 13 sent, 0 dropped.
Can anyone point out what is wrong or missing in my configuration? I can't seem to single it out myself.
Thanks
JeremyHi Jeremy,
SNMP traps are shown in the events and alerts section of PI.
SNMP config looks fine. Can you run the SNMP debug (debug snmp packets ) .check the logs and see if the device is actually sending the TRAPS to the PI server.
Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors **** -
Troubleshooting high cpu on ciso 7200 for ADSL L2tp
hi all ,
i have cisco 7200 as LNS router for ADSL.
now there is cpu 10 % differ between hardware & software !!
in rush hour the differ is 20 % and cpu is 95 % !!!!
here i want to ask ,
does a high value if (IP INPUT)
i have the cpu as :
Bras2#sh processes cpu sorted
CPU utilization for five seconds: 46%/36%; one minute: 48%; five minutes: 47%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
87 17598348 81792634 215 3.75% 3.82% 3.85% 0 IP Input
122 6780696 68885502 98 1.43% 1.49% 1.51% 0 L2X Data Daemon
267 652328 3839852 169 0.87% 0.83% 0.80% 0 PPP Events
261 837328 436010 1920 0.55% 0.44% 0.35% 0 L2TP mgmt daemon
275 1665220 1634254 1018 0.55% 0.57% 0.55% 0 SNMP ENGINE
262 574524 378112 1519 0.39% 0.29% 0.24% 0 L2TUN Applicatio
52 1019288 22961 44392 0.39% 0.39% 0.39% 0 Compute load avg
112 951036 174201 5459 0.31% 0.31% 0.31% 0 CEF: IPv4 proces
142 59512 26465240 2 0.15% 0.19% 0.18% 0 HQF Shaper Backg
256 89812 1276789 70 0.15% 0.15% 0.15% 0 IPHC Admin
102 182336 433843 420 0.15% 0.10% 0.08% 0 SSM connection m
97 150508 128933 1167 0.15% 0.09% 0.08% 0 SSS Manager
258 486356 1268702 383 0.15% 0.18% 0.16% 0 RADIUS
78 83244 300654 276 0.15% 0.15% 0.14% 0 ACCT Periodic Pr
56 225176 23195 9707 0.15% 0.08% 0.05% 0 HC Counter Timer
273 623508 3248144 191 0.15% 0.20% 0.21% 0 IP SNMP
16 780412 2008294 388 0.07% 0.55% 0.46% 0 EnvMon
291 176 380 463 0.07% 0.01% 0.00% 2 SSH Process
289 3296 447173 7 0.07% 0.00% 0.00% 0 MLD
20 992 117612 8 0.07% 0.00% 0.00% 0 ARP Background
80 41692 18825 2214 0.07% 0.02% 0.00% 0 CDP Protocol
266 30024 3564894 8 0.07% 0.05% 0.07% 0 PPP manager
274 323728 1633937 198 0.07% 0.11% 0.13% 0 PDU DISPATCHER
139 35600 64784 549 0.07% 0.01% 0.00% 0 PPP Bind
25 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
26 636 16121 39 0.00% 0.00% 0.00% 0 DDR Timers
24 0 8 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
28 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
29 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
27 0 5 0 0.00% 0.00% 0.00% 0 Entity MIB API
30 0 1 0 0.00% 0.00% 0.00% 0 RMI RM Notify Wa
32 0 2 0 0.00% 0.00% 0.00% 0 SMART
33 576 112990 5 0.00% 0.00% 0.00% 0 GraphIt
34 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
35 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
36 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client
31 12 220 54 0.00% 0.00% 0.00% 0 EEM ED Syslog
23 166932 860 194106 0.00% 0.02% 0.01% 0 AAA high-capacit
39 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
40 33388 90640 368 0.00% 0.05% 0.01% 0 Net Background
41 0 4 0 0.00% 0.00% 0.00% 0 IDB Work
42 16 412 38 0.00% 0.00% 0.00% 0 Logger
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
43 852 112782 7 0.00% 0.00% 0.00% 0 TTY Background
44 2484 112998 21 0.00% 0.00% 0.00% 0 Per-Second Jobs
45 8444 30499 276 0.00% 0.00% 0.00% 0 IF-MGR control p
46 612 33340 18 0.00% 0.00% 0.00% 0 IF-MGR event pro
47 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
48 0 1 0 0.00% 0.00% 0.00% 0 IKE HA Mgr
49 0 1 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr
50 0 4 0 0.00% 0.00% 0.00% 0 rf task
37 0 2 0 0.00% 0.00% 0.00% 0 VSA background
38 0 1 0 0.00% 0.00% 0.00% 0 VSA Cleanup Proc
22 0 1 0 0.00% 0.00% 0.00% 0 CEF MIB API
54 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon
55 8 1553 5 0.00% 0.00% 0.00% 0 Transport Port A
17 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler
57 0 1 0 0.00% 0.00% 0.00% 0 Coproc Event Pro
58 0 1 0 0.00% 0.00% 0.00% 0 POS APS Event Pr
59 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time
60 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer
61 204 4 51000 0.00% 0.00% 0.00% 0 USB Startup
62 0 2 0 0.00% 0.00% 0.00% 0 FPD Management P
63 0 1 0 0.00% 0.00% 0.00% 0 FPD Action Proce
64 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN
65 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_DELA
66 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP
67 312 112992 2 0.00% 0.00% 0.00% 0 ISA Common Helpe
68 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update
69 0 137 0 0.00% 0.00% 0.00% 0 Flash Card Oir
70 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi
71 0 1 0 0.00% 0.00% 0.00% 0 CF_INTERDEV_SCTP
72 608 13885 43 0.00% 0.00% 0.00% 0 Collection proce
73 0 2 0 0.00% 0.00% 0.00% 0 Ethernet CFM
74 420 110120 3 0.00% 0.00% 0.00% 0 Ethernet Timer C
75 0 1 0 0.00% 0.00% 0.00% 0 delayed evt hand
76 14204 76635 185 0.00% 0.01% 0.00% 0 AAA Server
77 152732 330843 461 0.00% 0.07% 0.07% 0 AAA ACCT Proc
15 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure
79 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
51 1360 34703 39 0.00% 0.00% 0.00% 0 Net Input
18 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
82 0 2 0 0.00% 0.00% 0.00% 0 Ethernet LMI
53 27432 2073 13232 0.00% 0.01% 0.00% 0 Per-minute Jobs
21 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
85 4 14 285 0.00% 0.00% 0.00% 0 IP ARP Adjacency
86 0 1 0 0.00% 0.00% 0.00% 0 IP ARP Retry Age
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
14 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
88 340 22531 15 0.00% 0.00% 0.00% 0 ICMP event handl
89 0 5 0 0.00% 0.00% 0.00% 0 TurboACL
90 0 2 0 0.00% 0.00% 0.00% 0 TurboACL chunk
91 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
92 52 191 272 0.00% 0.00% 0.00% 0 MOP Protocols
93 0 1 0 0.00% 0.00% 0.00% 0 LSP Tunnel FRR
94 0 1 0 0.00% 0.00% 0.00% 0 MPLS Auto-Tunnel
95 7280 94698 76 0.00% 0.00% 0.00% 0 PPP Hooks
96 3312 186 17806 0.00% 0.21% 0.05% 0 AAA aux
13 300 110122 2 0.00% 0.00% 0.00% 0 IPC Deferred Por
98 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
99 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Time
100 0 2 0 0.00% 0.00% 0.00% 0 Spanning Tree
101 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
12 420 110123 3 0.00% 0.00% 0.00% 0 IPC Periodic Tim
103 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
104 4 377 10 0.00% 0.00% 0.00% 0 Authentication P
105 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
106 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP Process
107 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr
108 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
109 10700 103089 103 0.00% 0.00% 0.00% 0 IP Background
110 20472 32419 631 0.00% 0.01% 0.00% 0 IP RIB Update
111 28 2276 12 0.00% 0.00% 0.00% 0 CEF background p
11 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager
113 2984 18512 161 0.00% 0.00% 0.00% 0 ADJ background
114 38364 30893 1241 0.00% 0.02% 0.00% 0 PPP IP Route
115 16196 84753 191 0.00% 0.00% 0.00% 0 PPP IPCP
116 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
117 296 3464 85 0.00% 0.00% 0.00% 0 TCP Timer
118 252 1714 147 0.00% 0.00% 0.00% 0 TCP Protocols
119 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
120 0 377 0 0.00% 0.00% 0.00% 0 HTTP CORE
121 0 2 0 0.00% 0.00% 0.00% 0 RLM groups Proce
10 0 1884 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
123 0 1 0 0.00% 0.00% 0.00% 0 ac_atm_state_eve
124 0 2 0 0.00% 0.00% 0.00% 0 SNMP Timers
125 876 112720 7 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
126 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
127 416 112720 3 0.00% 0.00% 0.00% 0 bsm_xmt_proc
128 0 1 0 0.00% 0.00% 0.00% 0 COPS
129 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
130 0 3 0 0.00% 0.00% 0.00% 0 Flow Exporter Ti
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
131 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input
132 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER
133 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
134 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim
135 0 1 0 0.00% 0.00% 0.00% 0 LAPB Process
136 0 2 0 0.00% 0.00% 0.00% 0 LFDp Input Proc
137 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
9 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea
81 0 2 0 0.00% 0.00% 0.00% 0 Ethernet OAM Pro
140 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
141 0 1 0 0.00% 0.00% 0.00% 0 MQC Flow Event B
83 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
143 4904 1113579 4 0.00% 0.00% 0.00% 0 RBSCP Background
144 0 2 0 0.00% 0.00% 0.00% 0 SCTP Main Proces
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
84 4388 11191 392 0.00% 0.00% 0.00% 0 ADJ resolve proc
8 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio
148 0 1 0 0.00% 0.00% 0.00% 0 IPS Process
149 0 2 0 0.00% 0.00% 0.00% 0 IPS Auto Update
150 0 2 0 0.00% 0.00% 0.00% 0 SDEE Management
151 620 219806 2 0.00% 0.00% 0.00% 0 Inspect process
152 0 1 0 0.00% 0.00% 0.00% 0 xcpa-driver
153 60 9030 6 0.00% 0.00% 0.00% 0 FW DP Inspect pr
154 640 219803 2 0.00% 0.00% 0.00% 0 CCE DP URLF cach
155 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc
156 0 1 0 0.00% 0.00% 0.00% 0 XSM_EVENT_ENGINE
157 284 11275 25 0.00% 0.00% 0.00% 0 XSM_ENQUEUER
158 196 11275 17 0.00% 0.00% 0.00% 0 XSM Historian
159 0 1 0 0.00% 0.00% 0.00% 0 Select Timers
160 0 2 0 0.00% 0.00% 0.00% 0 HTTP Process
161 0 2 0 0.00% 0.00% 0.00% 0 CIFS API Process
162 0 2 0 0.00% 0.00% 0.00% 0 CIFS Proxy Proce
163 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
164 24 7532 3 0.00% 0.00% 0.00% 0 ACE policy loade
165 60 4521 13 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
166 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_
167 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
168 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
169 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
170 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke
171 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
172 28872 54359 531 0.00% 0.00% 0.00% 0 LOCAL AAA
173 0 6 0 0.00% 0.00% 0.00% 0 MPLS Auto Mesh P
174 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
175 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR
176 0 1 0 0.00% 0.00% 0.00% 0 FW_TEST_TRP
177 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
178 4 3 1333 0.00% 0.00% 0.00% 0 Crypto WUI
179 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
180 0 1 0 0.00% 0.00% 0.00% 0 IPSECv6 PS Proc
181 4 1 4000 0.00% 0.00% 0.00% 0 CCVPM_HTSP
182 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2
183 0 1 0 0.00% 0.00% 0.00% 0 EPHONE MWI Refre
184 0 126 0 0.00% 0.00% 0.00% 0 FB/KS Log HouseK
185 0 2 0 0.00% 0.00% 0.00% 0 EPHONE MWI BG Pr
186 0 1 0 0.00% 0.00% 0.00% 0 Skinny HW confer
187 0 1 0 0.00% 0.00% 0.00% 0 CCSWVOICE
188 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ
189 0 1 0 0.00% 0.00% 0.00% 0 http client proc
190 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
191 0 1 0 0.00% 0.00% 0.00% 0 QOS_MODULE_MAIN
192 0 1 0 0.00% 0.00% 0.00% 0 RPMS_PROC_MAIN
193 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA
194 0 2 0 0.00% 0.00% 0.00% 0 Dialog Manager
195 36 9 4000 0.00% 0.00% 0.00% 0 crypto engine pr
196 0 4 0 0.00% 0.00% 0.00% 0 Crypto CA
197 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
198 0 1 0 0.00% 0.00% 0.00% 0 encrypt proc
199 18492 1442 12823 0.00% 0.00% 0.00% 0 crypto sw pk pro
200 0 1 0 0.00% 0.00% 0.00% 0 Crypto INT
201 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
202 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKMP
203 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
204 56 5652 9 0.00% 0.00% 0.00% 0 IPSEC key engine
205 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce
206 4 8 500 0.00% 0.00% 0.00% 0 Crypto ACL
207 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
208 0 1 0 0.00% 0.00% 0.00% 0 GDOI GM Process
209 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY
210 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY AC
211 0 1 0 0.00% 0.00% 0.00% 0 MV64 TDR Process
212 0 1 0 0.00% 0.00% 0.00% 0 IMA Traps
213 0 1 0 0.00% 0.00% 0.00% 0 SYSMGT Events
214 0 2 0 0.00% 0.00% 0.00% 0 Control-plane ho
215 0 1 0 0.00% 0.00% 0.00% 0 DATA Transfer Pr
216 0 1 0 0.00% 0.00% 0.00% 0 DATA Collector
217 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
218 22396 77367 289 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
219 24 11298 2 0.00% 0.00% 0.00% 0 RMON Recycle Pro
220 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se
221 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
222 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Resource
223 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Routing
224 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Track
225 20 3531 5 0.00% 0.00% 0.00% 0 Crypto cTCP proc
226 0 1 0 0.00% 0.00% 0.00% 0 IP SLAs Ethernet
227 0 1 0 0.00% 0.00% 0.00% 0 RMON Packets
228 780 112376 6 0.00% 0.00% 0.00% 0 trunk conditioni
229 0 1 0 0.00% 0.00% 0.00% 0 trunk conditioni
230 0 157 0 0.00% 0.00% 0.00% 0 EEM Server
231 4 2 2000 0.00% 0.00% 0.00% 0 Call Home proces
232 48 213 225 0.00% 0.00% 0.00% 0 Syslog
233 0 1 0 0.00% 0.00% 0.00% 0 VPDN Test
234 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
235 0 2 0 0.00% 0.00% 0.00% 0 EEM ED CLI
236 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Counter
237 0 3 0 0.00% 0.00% 0.00% 0 EM ED GOLD
238 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Interface
239 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD
240 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Ipsla
241 0 3 0 0.00% 0.00% 0.00% 0 EEM ED None
242 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Nf
243 0 3 0 0.00% 0.00% 0.00% 0 EEM ED OIR
244 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RF
245 0 3 0 0.00% 0.00% 0.00% 0 EEM ED SNMP
246 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP Noti
247 12 2881 4 0.00% 0.00% 0.00% 0 EEM ED Timer
248 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Test
249 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Config
250 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Env
251 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RPC
252 0 1 0 0.00% 0.00% 0.00% 0 L2X Socket proce
253 0 1 0 0.00% 0.00% 0.00% 0 Key Proc
254 4 1884 2 0.00% 0.00% 0.00% 0 Call Home Timer
255 0 1 0 0.00% 0.00% 0.00% 0 tHUB
6 3008 10386 289 0.00% 0.00% 0.00% 0 Pool Manager
257 16 65 246 0.00% 0.00% 0.00% 0 SSH Event handle
5 541952 28222 19203 0.00% 0.12% 0.15% 0 Check heaps
259 0 3 0 0.00% 0.00% 0.00% 0 WCCP V2 Protocol
260 8 1887 4 0.00% 0.00% 0.00% 0 Secure Login
4 0 1 0 0.00% 0.00% 0.00% 0 EDDRI_MAIN
3 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
263 11512 129066 89 0.00% 0.00% 0.00% 0 VPDN failure man
264 1044 22558 46 0.00% 0.00% 0.00% 0 Track
265 0 1 0 0.00% 0.00% 0.00% 0 IP VFR proc
19 14880 59648 249 0.00% 0.00% 0.00% 0 ARP Input
2 2376 22599 105 0.00% 0.01% 0.00% 0 Load Meter
268 316 112815 2 0.00% 0.00% 0.00% 0 Multilink PPP
269 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
270 736 219805 3 0.00% 0.00% 0.00% 0 IP NAT Ager
271 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN
272 620 24477 25 0.00% 0.00% 0.00% 0 IP SLAs Event Pr
138 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
147 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest
145 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
276 0 2 0 0.00% 0.00% 0.00% 0 IP SNMPV6
277 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
278 0 1 0 0.00% 0.00% 0.00% 0 SNMP Traps
279 360116 45545 7906 0.00% 0.22% 0.11% 0 VTEMPLATE Backgr
280 0 4 0 0.00% 0.00% 0.00% 0 IP-EIGRP Router
281 40020 226871 176 0.00% 0.03% 0.00% 0 IP-EIGRP: PDM
282 10660 92668 115 0.00% 0.00% 0.00% 0 IP-EIGRP: HELLO
283 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
284 20 1869 10 0.00% 0.00% 0.00% 0 DFS flush period
285 1764 61146 28 0.00% 0.00% 0.00% 0 IPv6 IDB
286 8 1870 4 0.00% 0.00% 0.00% 0 IPv6 Input
287 0 1 0 0.00% 0.00% 0.00% 0 IPv6 ND
288 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Address
1 156 2155 72 0.00% 0.00% 0.00% 0 Chunk Manager
290 0 3 0 0.00% 0.00% 0.00% 0 IPv6 RIB Event H
146 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLEIn an Adaptive Session Redundancy (ASR) environment, if you run traffic to a configuration that contains discrepancies between the redundant indexes on the two CSSs, the CPU utilization for each processor on the CSS may climb to an abnormal level (at 2000 flows/second, approximately 50 percent utilization for each processor).
If you set the logging level to notice-5 or higher, the SCM utilization may peak at approximately 90 percent because each connection generates a redundant index mismatch log entry. For example:
AUG 7 14:12:15 3/1 1124272 SLR-5: Rejected. Redundant global rule index (7) not found.
This might probably the reason for the High CPU utilization.
The CSS 11800 with CSS8-SCM Redundant System Control Module (SCM) is designated for end of sales.
The recommended replacements for the Cisco CSS 11800 include the Cisco CSS 11500 Series Content Services Switch or the Content Switching Module (CSM)an integrated services module for the Cisco Catalyst. 6500 Series Switch and the Cisco 7600 Internet Router. -
Port Forwarding & Access List Problems
Good morning all,
I am trying to set up port forwarding for a Webserver we have hosted here on ip: 192.168.0.250 - I have set up access lists, and port forwarding configurations and I can not seem to access the server from outside the network. . I've included my config file below, any help would be greatly appreciated! I've researched a lot lately but I'm still learning. Side note: I've replaced the external ip address with 1.1.1.1.
I've added the bold lines in the config file below in hopes to forward port 80 to 192.168.0.250 to no avail. You may notice I dont have access-list 102 that i created on any interfaces. This is because whenever I add it to FastEthernet0/0, our internal network loses connection to the internet.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname pantera-office
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$JP.D$6Oky5ZhtpOAbNT7fLyosy/
aaa new-model
aaa authentication login default local
aaa session-id common
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.150
ip dhcp excluded-address 192.168.0.251 192.168.0.254
ip dhcp pool private
import all
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.0.1
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name network.local
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-4211276024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4211276024
revocation-check none
rsakeypair TP-self-signed-4211276024
crypto pki certificate chain TP-self-signed-4211276024
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323131 32373630 3234301E 170D3132 30383232 32303535
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32313132
37363032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B381 8073BAC2 C322B5F5 F9595F43 E0BE1A27 FED75A75 68DFC6DD 4C062626
31BFC71F 2C2EF48C BEC8991F 2FEEA980 EA5BC766 FEBEA679 58F15020 C5D04881
1D6DFA74 B49E233A 8D702553 1F748DB5 38FDA3E6 2A5DDB36 0D069EF7 528FEAA4
93C5FA11 FBBF9EA8 485DBF88 0E49DF51 F5F9ED11 9CF90FD4 4A4E572C D6BE8A96
D61B0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 82217061 6E746572 612D6F66 66696365 2E70616E 74657261
746F6F6C 732E6C6F 63616C30 1F060355 1D230418 30168014 31F245F1 7E3CECEF
41FC9A27 62BD24CE F01819CD 301D0603 551D0E04 16041431 F245F17E 3CECEF41
FC9A2762 BD24CEF0 1819CD30 0D06092A 864886F7 0D010104 05000381 8100604D
14B9B30B D2CE4AC1 4E09C4B5 E58C9751 11119867 C30C7FDF 7A02BDE0 79EB7944
82D93E04 3D674AF7 E27D3B24 D081E689 87AD255F B6431F94 36B0D61D C6F37703
E2D0BE60 3117C0EC 71BB919A 2CF77604 F7DCD499 EA3D6DD5 AB3019CA C1521F79
D77A2692 DCD84674 202DFC97 D765ECC4 4D0FA1B7 0A00475B FD1B7288 12E8
quit
username pantera privilege 15 password 0 XXXX
username aneuron privilege 15 password 0 XXXX
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxx address 2.2.2.2
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 2.2.2.2
set peer 2.2.2.2
set transform-set ESP-3DES-SHA
match address 100
interface FastEthernet0/0
description $ETH-WAN$
ip address 2.2.2.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface Serial0/0/0
no ip address
shutdown
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.254 20 1.1.1.1 20 extendable
ip nat inside source static tcp 192.168.0.254 21 1.1.1.1 21 extendable
ip nat inside source static tcp 192.168.0.252 22 1.1.1.1 22 extendable
ip nat inside source static tcp 192.168.0.252 25 1.1.1.1 25 extendable
ip nat inside source static tcp 192.168.0.250 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.0.252 110 1.1.1.1 110 extendable
ip nat inside source static tcp 192.168.0.250 443 1.1.1.1 443 extendable
ip nat inside source static tcp 192.168.0.252 587 1.1.1.1 587 extendable
ip nat inside source static tcp 192.168.0.252 995 1.1.1.1 995 extendable
ip nat inside source static tcp 192.168.0.252 8080 1.1.1.1 8080 extendable
ip nat inside source static tcp 192.168.0.249 8096 1.1.1.1 8096 extendable
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 remark Web Server ACL
access-list 102 permit tcp any any
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps envmon
snmp-server enable traps flash insertion removal
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps bgp
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ipsla
snmp-server enable traps rf
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
line con 0
logging synchronous
line aux 0
line vty 0 4
scheduler allocate 20000 1000
end
Any/All help is greatly appreciated! I'm sorry if I sound like a newby!
-EvanHello,
According to the config you posted 2.2.2.2 is your wan ip address and 1.1.1.1 is the next hop address for your wan connection. The ip nat configuration for port forwarding should look like
Ip nat inside source static tcp 192.168.0.250 80 2.2.2.2 80
If your provider assigns you a dynamic ipv4 address to the wan interface you can use
Ip nat inside source static tcp 192.168.0.250 80 interface fastethernet0/0 80
Verify the settings with show ip nat translation.
Your access list 102 permits only tcp traffic. If you apply the acl to an interface dns won't work anymore (and all other udp traffic). You might want to use a statefull firewall solution like cbac or zbf combined with an inbound acl on the wan interface.
Best Regards
Lukasz -
Vlan Putting in err-disable state.
How to troubleshoot this log:
%PM-4-ERR_DISABLE_VP: elmi evc down error detected on Fa0/24, vlan 101. Putting in err-disable state.
Thank you very much.
upe11#sho ethern cfm dom
Domain Name: provider_domain
Level: 4
Total Services: 2
Services:
Type Id Dir CC CC-int Static-rmep Crosscheck MaxMEP MA-Name
Vlan 101 Up Y 1s Disabled Disabled 100 customer_101_provider
Vlan 110 Up Y 1s Disabled Disabled 100 customer_110_provider
ce11#sho int f0/1
FastEthernet0/1 is up, line protocol is up (connected)
ce21#sho int f0/1
FastEthernet0/1 is up, line protocol is up (connected) (vlan-err-dis)
pe1#
interface Vlan101
mtu1526
no ip address
xconnect 10.0.0.3 101 encapsulation mpls
interface GigabitEthernet9/3.110
mtu1526
no ip address
xconnect 10.0.0.3 110 encapsulation mpls
pe2#
interface Vlan101
mtu1526
no ip address
xconnect 10.0.0.2 101 encapsulation mpls
interface GigabitEthernet9/3.110
mtu1526
no ip address
xconnect 10.0.0.2 110 encapsulation mpls
upe11#
ethernet cfm ieee
ethernet cfm global
ethernet cfm traceroute cache
ethernet cfm domain provider_domain level 4
service customer_101_provider vlan 101
continuity-check
continuity-check interval 1s
service customer_110_provider vlan 110
continuity-check
continuity-check interval 1s
ethernet evc evc_p2p_101
oam protocol cfm svlan 101 domain provider_domain
ethernet evc evc_p2p_110
oam protocol cfm svlan 110 domain provider_domain
ethernet lmi global
interface GigabitEthernet0/1
description ce1
switchport trunk allowed vlan 101,110
switchport mode trunk
load-interval 30
media-type rj45
ethernet cfm mep domain provider_domain mpid 1101 vlan 101
ethernet cfm mep domain provider_domain mpid 1110 vlan 110
ethernet uni id ce11
ethernet oam
service instance 101 ethernet evc_p2p_101
ethernet lmi ce-vlan map 101
service instance 110 ethernet evc_p2p_110
ethernet lmi ce-vlan map 110
interface GigabitEthernet0/15
description pe1
port-type nni
switchport mode trunk
load-interval 30
ethernet cfm mip level 4 vlan 1-4094
upe21#
ethernet cfm ieee
ethernet cfm global
ethernet cfm traceroute cache
ethernet cfm domain provider_domain level 4
interface GigabitEthernet0/2
description upe22
port-type nni
switchport mode trunk
load-interval 30
media-type sfp
ethernet cfm mip level 4 vlan 1-4094
interface GigabitEthernet0/1
description pe2
port-type nni
switchport mode trunk
load-interval 30
media-type sfp
ethernet cfm mip level 4 vlan 1-4094
upe22#
ethernet cfm ieee
ethernet cfm global
ethernet cfm traceroute cache
ethernet cfm domain provider_domain level 4
service customer_101_provider vlan 101
continuity-check
continuity-check interval 1s
service customer_110_provider vlan 110
continuity-check
continuity-check interval 1s
ethernet evc evc_p2p_101
oam protocol cfm svlan 101 domain provider_domain
ethernet evc evc_p2p_110
oam protocol cfm svlan 110 domain provider_domain
ethernet lmi global
interface GigabitEthernet0/1
description ce21
switchport trunk allowed vlan 101,110
switchport mode trunk
load-interval 30
ethernet cfm mep domain provider_domain mpid 2110 vlan 110
ethernet cfm mep domain provider_domain mpid 2101 vlan 101
ethernet uni id ce21
ethernet oam
service instance 101 ethernet evc_p2p_101
ethernet lmi ce-vlan map 101
service instance 110 ethernet evc_p2p_110
ethernet lmi ce-vlan map 110
interface GigabitEthernet0/15
description upe21
port-type nni
switchport mode trunk
load-interval 30
media-type sfp
ethernet cfm mip level 4 vlan 1-4094
ce11#
ethernet lmi ce
interface FastEthernet0/24
description upe11
switchport trunk allowed vlan 101,110
switchport mode trunk
ethernet lmi interface
ethernet oam remote-loopback supported
ethernet oam
interface Vlan101
ip address 101.1.1.1 255.255.255.0
interface Vlan110
ip address 110.1.1.1 255.255.255.0
ce21#
ethernet lmi ce
interface FastEthernet0/1
description upe22
switchport trunk allowed vlan 101,110
switchport mode trunk
ethernet lmi interface
ethernet oam remote-loopback supported
ethernet oam
interface Vlan101
ip address 101.1.1.2 255.255.255.0
interface Vlan110
ip address 110.1.1.2 255.255.255.0Sorry, This problem is solved. I forgot create vlan database in upe.
-
I have an IPSEC VPN across a satellite connection. My satellite provider provides TCP acceleration from both ends to make the experience better, which it does for most traffic. However, with my IPSEC VPN (router on my end and pix on the other), the traffic is encrypted in UDP 500 traffic so the TCP headers are never seen and can't be accelerated. My thoughts on this is to use IPSEC over TCP, much like some people do when NAT comes into play or some weird firewall. Would this work? If I configure my 2811 to use IPSEC over TCP (isakmp ctcp port 45 or something similar), then the TCP acceleration would be able to do it's job. My only fear is the PIX 515e on the other end of the tunnel won't support this feature. Any help is appreciated.
OK, attached are the configs. I left both versions of IPSEC on the 2811 so that I could still remote in. Again, the PIX logs show that Phase 1 completes, but then Phase 2 never completes.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.04.11 12:12:43 =~=~=~=~=~=~=~=~=~=~=~=
show run
Building configuration...
Current configuration : 12673 bytes
! Last configuration change at 19:12:30 UTC Wed Apr 11 2012 by craigrobertlee
! NVRAM config last updated at 19:12:25 UTC Wed Apr 11 2012 by craigrobertlee
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname craig_afg_router
boot-start-marker
boot system flash:c2800nm-adventerprisek9_ivs-mz.124-24.T7.bin
boot-end-marker
logging message-counter syslog
logging buffered 4096
no logging console
enable secret 5 XXXXXXXX
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip dhcp pool DATA
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
option 150 ip 192.168.11.1
dns-server 109.235.205.49 109.235.204.7
ip dhcp pool VOICE_LAN
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
option 150 ip 192.168.11.1
ip domain name craig.net
ip inspect name FW tcp
ip inspect name FW udp
ip inspect name FW bittorrent
ip inspect name FW http
no ipv6 cef
multilink bundle-name authenticated
voice service voip
allow-connections h323 to h323
fax protocol cisco
h323
sip
voice-card 0
dspfarm
dsp services dspfarm
username craigrobertlee privilege 15 password 7 XXXXXXXXXXX
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXX address 68.0.184.178 no-xauth
crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
crypto ipsec transform-set SET2 esp-3des esp-sha-hmac
crypto ipsec transform-set SET3 esp-aes esp-sha-hmac
crypto ipsec transform-set SET4 esp-3des esp-md5-hmac comp-lzs
crypto ipsec client ezvpn VPN1
connect auto
group afghanclient key XXXXXXX
mode network-extension
username afghanrouter password XXXXXXXX
xauth userid mode local
crypto map ipsec-maps 10 ipsec-isakmp
set peer 68.0.X.X
set security-association idle-time 60
set transform-set SET1
match address 102
qos pre-classify
crypto ctcp port 10000
archive
log config
hidekeys
ip ssh time-out 60
ip ssh source-interface Vlan1
ip ssh rsa keypair-name craigkey
ip ssh version 2
class-map match-any WEB_BROWSERS
match protocol dns
match protocol secure-http
class-map match-all TORRENTS
match protocol bittorrent
match protocol edonkey
match protocol directconnect
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
class-map match-any packet-40
match packet length min 40 max 89
class-map match-any packet-90
match packet length min 90 max 159
class-map match-any VOIP_PHONES
match protocol rtp
match dscp ef
match access-group 103
class-map match-any VOIP_SOFTWARE
match protocol h323
match protocol skype
class-map match-any DOWNLOADERS
match protocol ftp
match protocol secure-ftp
policy-map PRIORITIZE_PROTOCOLS
class VOIP_PHONES
bandwidth percent 28
class VOIP_SOFTWARE
bandwidth percent 20
class WEB_BROWSERS
bandwidth percent 50
class DOWNLOADERS
bandwidth percent 1
set dscp cs1
class TORRENTS
drop
class class-default
fair-queue
policy-map POLICE
class class-default
shape average 200000 220000 0
service-policy PRIORITIZE_PROTOCOLS
interface FastEthernet0/0
description Link to SAT Modem
bandwidth 240
bandwidth receive 900
ip address 109.235.X.X 255.255.255.252
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect FW out
no ip virtual-reassembly
load-interval 30
duplex auto
speed auto
crypto map ipsec-maps
crypto ipsec client ezvpn VPN1
service-policy output POLICE
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet0/1/0
description Trunk to Switch
switchport mode trunk
load-interval 30
interface FastEthernet0/1/1
description David Gray/Javier Aanonsen
switchport voice vlan 11
load-interval 30
spanning-tree portfast
interface FastEthernet0/1/2
description Wireless Router
switchport voice vlan 11
interface FastEthernet0/1/3
description Craig
switchport voice vlan 11
interface FastEthernet0/1/4
description Thomas Coulbourne
switchport voice vlan 11
shutdown
interface FastEthernet0/1/5
description Keith Sifford
switchport voice vlan 11
interface FastEthernet0/1/6
description Joe Jordan
switchport voice vlan 11
interface FastEthernet0/1/7
description Rene Mendez
switchport voice vlan 11
shutdown
interface FastEthernet0/1/8
description Wayne Bradley
switchport voice vlan 11
shutdown
interface GigabitEthernet0/2/0
no ip address
shutdown
negotiation auto
interface Vlan1
description DATA VLAN
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip inspect FW in
no ip virtual-reassembly
crypto ipsec client ezvpn VPN1 inside
interface Vlan11
description VOICE LAN
ip address 192.168.11.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
h323-gateway voip bind srcaddr 192.168.11.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 109.235.205.49
no ip http server
no ip http secure-server
ip flow-cache timeout active 5
ip flow-export version 5
ip flow-export destination 192.168.1.10 2055
ip flow-export destination 192.168.10.36 2055
ip nat inside source route-map nonat interface FastEthernet0/0 overload
access-list 5 remark SSH_ACL
access-list 5 permit 192.168.10.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.3.255
access-list 6 permit 192.168.1.10
access-list 6 remark SNMP
access-list 6 permit 192.168.10.0 0.0.0.255
access-list 101 remark NO_NAT
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.11.0 0.0.0.255 any
access-list 102 remark CRAIG_HOME_VPN
access-list 102 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.11.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip 192.168.11.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip 192.168.11.0 0.0.0.255 any
route-map nonat permit 10
match ip address 101
snmp-server community CRAIGNET RW 6
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps gatekeeper
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps adslline
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps license
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bstun
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dial
snmp-server enable traps dlsw
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps stun
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps event-manager
snmp-server enable traps firewall serverstatus
snmp-server enable traps rf
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps mpls vpn
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server host 192.168.1.10 version 2c CRAIGNET
control-plane
dspfarm profile 20 transcode
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 4
dial-peer voice 1 voip
description 11 Digit Dialing
destination-pattern 1[2-9].........
session target ipv4:192.168.2.5
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 2 voip
description 10 Digit Dialing
destination-pattern [2-9].........
session target ipv4:192.168.2.5
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 3 voip
destination-pattern 10..
session target ipv4:192.168.2.5
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 4 voip
incoming called-number .
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 5 voip
description International Dialing
destination-pattern 9800*
session target ipv4:192.168.2.5
dtmf-relay h245-alphanumeric
no vad
gatekeeper
shutdown
telephony-service
video
max-ephones 10
max-dn 10
ip source-address 192.168.11.1 port 2000
auto assign 1 to 1
service phone VideoCapability 1
service phone videoCapability 1
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp 7960 Mar 09 2012 00:47:38
ephone-dn 1 dual-line
number 2001
ephone-dn 2 dual-line
number 2002
ephone-dn 3 dual-line
number 2003
ephone 1
no phone-ui speeddial-fastdial
no phone-ui snr
no multicast-moh
device-security-mode none
video
mac-address 0019.E89A.834F
codec g729r8
type 7911
ephone 2
device-security-mode none
video
mac-address B8AC.6F79.3677
codec g729r8
type CIPC
button 1:2
ephone 3
device-security-mode none
mac-address 0019.E89A.8E4F
codec g729r8
type 7911
button 1:1
ephone 4
device-security-mode none
video
mac-address 001F.166B.89D3
codec g729r8
type CIPC
button 1:3
line con 0
exec-timeout 0 0
login local
line aux 0
line vty 0 4
access-class 5 in
login local
transport input ssh
line vty 5 15
login
no exec
scheduler allocate 20000 1000
ntp server 192.43.244.18
end
craig_afg_router#exit
Maybe you are looking for
-
2nd monitor has suddenly duplicated 1st one. What happened?
I don't know what happened. But my second monitor, which I have connected to my laptop, used to be seperate. I could drag things into it, and use it as a 2nd screen. But all of the sudden they are both the same. How do I change that? Thanks all. -ch
-
Hi Gurus, The user submitted an excel sheet of TB and COPA reconciliation. One column contains the TB amounts and the COPA in another column. I can not run the COPA report by myself. The report also contains rel. gl numbers. When I tried to get l
-
Mail sender name repeats middle initial
A small but aggravating issue. My name in Address Book has a middle initial: "T". When sending mail it displays the name as "<First> T T <Last>" but not for all accounts. I can not find any "T T" names in the system except in previous emails. Looked
-
Hello, We have SAP on HP-UX. While tuning the memory parameters, I read the documentation of em/max_size_MB in RZ11. It says - Limitations for operating systems: Parameter is only valid for Windows NT So, is this not valid in HP-UX? We have set em/in
-
Why do I get a flash of white screen then forced back to my home screen?
When I open some apps like Facebook or even mail, the screen goes white for a second then closes the program and takes me back to my home screen. I've tried a reset and a restore but no luck. Any ideas?