HA NAT and %IP-4-DUPADDR: Duplicate address messages
Are the messages %IP-4-DUPADDR: Duplicate address expected with HA NAT?
With Stateful NAT they were seen if the "redundancy GROUP_NAME" was not added to the static NAT.
I am seeing them with a correctly configured HA NAT Box to Box set up and there does not seem to be anything missing that will stop the messages.
Is this a bug? Should the duplicate IP messages have been suppressed?
James,
We have implemented it in 3 customers, all of them got the same crash problem (just 10 customers in the world opened a ticket with TAC and just opened 3 of them).
It will happen a lot o times during the day. Be prepared. I didnt monitor the frequency but we needed to shut the secondary router down until Cisco do something to solve.
Unfortunately this is becoming very common with Cisco softwares. Not only with routers and switches, but with others solution too.
Similar Messages
-
%IP-4-DUPADDR: Duplicate address
Hi, I've been getting the follwoing message on my c2600 (version 13.3) router since last december (according to the log file).
005179: .Dec 28 04:35:08.652 AUS: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xx on
FastEthernet0/0, sourced by 0015.f987.941a
The symptom of the problem is that occassionally the network looses connactivity.
The mac addresses are both for Cisco devices. One is the router and i'm not sure what the other is possibly a firewall.
The Cisco site says that we can change the mac address of one of the offending items ?
Which would be the best one to change?
How can i find out what the other device is?
What if any issue arise with changing the mac address ?
Proably other questions that i should be asking as well, but i'll get to those later.
thanks in advance for any reponses.changing the mac-address will not help.
You have to change the ip address.
You first have to find out what/where is the other device.
For that you can follow the L2 path.
Go the switch to which the router is connected on fast0/0. If you don't know the switch, try 'sho cdp nei'.
Once on the switch, check the mac-address with the command 'show mac-address address x.x.x'. It should give the port.
Check what device is attached to this port.
If another switch, repeat the operation above until you find the end device.
Gilles. -
Hi,
There is two 4500 switches installed as distribution switches.
HSRP and .1q trunk has been enabled between these two switches.
access switches connected redundantly to these switches.
mistp has been configured for layer 2 loop avoidance.
I have checked native vlan and ip address configuration on both the distribution switches.
still it gives the error messages continuouly
"%HSRP-4-DUPADDR: Duplicate address 10.229.56.3 on Vlan151, sourced by 0013.c383.cebf."
what could be the problem.
Thank in advance.
Thanks & regards
RajeshHi
Duplicate Address errors always related to some miconfiguration with the ip address on the interfaces.
i also did try the error message decoder which also proved to be same..
do find the same and find the recommended action to overcome this problem..
The IP address in an HSRP message that was received on the specified interface is the same as the IP address of the router. Another router might be configured with the same IP address. The most likely cause of this condition is a network loop or a misconfigured switch that is causing the router to see its own HSRP hello messages.
Recommended Action: Check the configurations on all the HSRP routers to ensure that the interface IP addresses are unique. Make sure that no network loops exist. If port channels are configured, check that the switch is correctly configured for port channels. Enter the standby use-bia command so that the error message displays the interface MAC address of the sending router, which can be used to determine if the error message is caused by a misconfigured router or a network loop
regds -
HI,
I am getting the following log message on my L3 device and the L3 switch hangs. I have restricted telnet session on the L3 device. What is causing this ?
32w1d: %AUTOSTATE-6-SHUT_DOWN: Putting interface Port-channel10.131 into Autostate mode
32w1d: %SYS-5-CONFIG_I: Configured from console by vty0 (127.0.0.2)
32w1d: %AUTOSTATE-6-BRING_UP: Taking interface Port-channel10.131 out of Autostate mode
32w1d: %AUTOSTATE-6-SHUT_DOWN: Putting interface Port-channel10.131 into Autostate mode
32w1d: %AUTOSTATE-6-BRING_UP: Taking interface Port-channel10.131 out of Autostate mode
39w3d: %IP-4-DUPADDR: Duplicate address x.x.85.254 on Port-channel10.101, sourced by 0080.7733.b2f9
48w2d: %STANDBY-3-DUPADDR: Duplicate address x.x.83.251 on Port-channel10.102, sourced by 0000.0c07.ac66
I tried to track these two mac addresses 0080.7733.b2f9 and 0000.0c07.ac66
These mac addresses belong to IP phones which are connected to a L2 device which in turn cascaded to the L3 switch.
Whats the meaning of "Duplicate address x.x.85.254 on Port-channel10.101, sourced by 0080.7733.b2f9 "
x.x.85.254 is the L3 IP(Virtual L3 interface) on the L3 switch.
Is the IP phones MAC address conflicting with the mac address of the L3 switch?
How can I find the L3 switch's system mac addresses.
Appreciate some detailed explanation.Hi,
Just an idea : look at the STP instance of the concerned VLAN (Virtual L3 interface). it can be caused by a loop.
symptoms ("show proc cpu hist" and "sh spann vlan x detail") and try to look at "Number of topology changes ".
it was just an idea, hope it helps -
Hi,
I would appreciate some advise on the following:
1) If 2 PCs have the same IP address on the network, what would be the impact?
2) If a PC is having the same IP address as the gateway, what would be the impact? How do we track on the network if it happens?
3) What would be the impact when I encountered %HSRP-4-DUPADDR: Duplicate address 192.168.1.1 on Vlan502, sourced by 0000.0c07.ac46? I tried to look into the configurations of the network devices but do not find any duplicate HSRP ip addresses, could it be the external WAN link which is using the same HSRP ip address as the router which causes it?
4) Any impact of having same HSRP groups for 2 different VTP domains?
5) For the above, to avoid unauthorised people to access the network, especially those who plug in a switch to disrupt the network, as well as avoid people from using the same ip address as the gateway, other than or in addition to bpdu guard, is it advisable to implement mac address tie to IP address on the DHCP server? If not, any suggestions?
Thanks
ChristinaWhen Hot Standby Router Protocol (HSRP) is running on a device, the %HSRP-4-DUPADDR:Duplicate address [IP_address] on [chars], sourced by [enet] error message can appear on the console if the IP address in an HSRP message received on the specified interface is the same as the IP address of the router receiving the message. The most likely cause of this condition is a network loop or a misconfigured switch that is causing the router to see its own HSRP hello messages.
Check the configurations on all the HSRP routers to ensure that the interface IP addresses are unique. Check that no Layer-2 loops exist. If port channels are configured, check that the switch is configured correctly for port channels. Issue the standby use-bia command so that the error message displays the interface MAC address of the sending router, which can be used to determine if the error message is caused by a misconfigured router or a network loop. -
Duplicate text messages Handcent msgs
I downloaded the handcent application and it sends out duplicate text messages. People have gotten the same message from me anywheres from 2-5 times. Not everytime, but still annoying is there a way to fix this problem. It has gotten worse just recently
When you download a new messaging application on the phone you would want to make sure that the old messaging application is closed. The default messaging application is probably running in the back ground causing duplicate messages.
Lets try 3 things to correct this issue:
First you would want to disable the default messaging application.
From the home screen, touch the applications tab (located at the bottom of the display).
Touch Settings.
Touch Applications.
Touch Running services.
Touch a service (select the default messaging application).
Choose the default messaging application.Touch Stop.
Second could I get you to do a soft reset on the device.
Soft Reset
Press the Power key.
Touch Power off.
Touch OK.
Press the Power key to power on the device.
Third:
Could I get you to dial *228 send and option 1 on the device.
From the home screen, touch the applications tab (located at the bottom of the display).
Touch Settings.
Touch Applications.
Touch Running services.
Then re-check your applications, making sure the default messaging application is not running. -
Duplicate IPs while using NAT and HSRP
When using two routers in the same HSRP group and the same static NAT table on each, I run into Duplicate IP address messages detected on the interface where the routers are communicating to each other for redundancy.
HSRP is working properly because when I do a show standby one router is active and one is standby.
Any ideas on how to eliminate this problem?
BSCWhat you need is a feature called Stateful Fail-over of Network Address Translation or SNAT. This feature enables transparent failover of NAT sessions to the standby HSRP router if the primary HSRP device goes down.
The link below should provide the info you need about SNAT.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008060c61d.html#wp1049970
HTH,
Sundar
*Please rate all helpful posts. -
Static NAT and same IP address for two interfaces
We have a Cisco ASA 5520 and in order to conserve public IP addresses and configuration (possibly) can we use the same public IP address for a static NAT with two different interfaces? Here is an example of what I'm refering too where 10.10.10.10 would be the same public IP address.
static (inside,Outside) 10.10.10.10 access-list inside_nat_static_1
static (production,Outside) 10.10.10.10 access-list production_nat_static_1
Thanks for any help.
JeffHi Jeff,
Unfortunately this cannot be done, on the ASA packet classification is done on the basis of mac-address, destination nat and route, and here you are confusing the firewall, to which interface does the ip belong to. I haven't ever tried to do it, but it should cause you issues.
Thanks,
Varun Rao
Security Team,
Cisco TAC -
Howto: Zones in private subnets using ipfilter's NAT and Port forwarding
This setup supports the following features:
* Requires 1 Network interface total.
* Supports 1 or more public ips.
* Allows Zone to Zone private network traffic.
* Allows internet access from the global zones.
* Allows direct (via ipfilter) internet access to ports in non-global zones.
(change networks to suit your needs, the number of public and private ip was lowered to simplify this doc)
Network setup:
iprb0 65.38.103.1/24
defaultrouter 65.38.103.254
iprb0:1 192.168.1.1/24 (in global zone)
Create a zone on iprb0 with an ip of 192.168.1.2
### Example /etc/ipf/ipnat.conf
# forward from a public port to a private zone port
rdr iprb0 65.38.103.1/32 port 2222 -> 192.168.1.2 port 22
# force outbound zone traffic thru a certain ip address
# required for mail servers because of reverse lookup
map iprb0 192.168.1.2/32 -> 65.38.103.1/32 proxy port ftp ftp/tcp
map iprb0 192.168.1.2/32 -> 65.38.103.1/32 portmap tcp/udp auto
map iprb0 192.168.1.2/32 -> 65.38.103.1
# allow any 192.168.1.x zone to use the internet
map iprb0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map iprb0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto
map iprb0 192.168.1.0/24 -> 0/32For testing purposes you can leave /etc/ipf/ipf.conf empty.
Be aware the you must "svcadm disable ipfilter; svcadm enable ipfilter" to reload rules and the rules stay loaded if they are just disabled(bug).
Zones can't modify their routes and inherit the default routes of the global zone. Because of this we have to trick the non-global zones into using a router that doesn't exist.
Create /etc/init.d/zone_route_hack
Link this file to /etc/rc3.d/S99zone_route_hack.
#/bin/sh
# based on information found at
# http://blogs.sun.com/roller/page/edp?entry=using_branded_zones_on_a
# http://forum.sun.com/jive/thread.jspa?threadID=75669&messageID=275741
fake_router=192.168.1.254
public_net=65.38.103.0
router=`netstat -rn | grep default | grep -v " $fake_router " | nawk '{print $2}'`
# send some data to the real network router so we look up it's arp address
ping -sn $router 1 1 >/dev/null
# record the arp address of the real router
router_arp=`arp $router | nawk '{print $4}'`
# delete any existing arp address entry for our fake private subnet router
arp -d $fake_router >/dev/null
# assign the real routers arp address to our fake private subnet router
arp -s $fake_router $router_arp
# route our private subnet through our fake private subnet router
route add default $fake_router
# Can't create this route until the zone/interface are loaded
# Adjust this based on your hardware and number of zones
sleep 300
# Duplicate this line for every non-global zone with a private ip that
# will have ipfilter rdr (redirects) pointing to it
route add -net $public_net 192.168.1.2 -ifaceNow we have both public and private ip addresses on our one iprb0 interface. If we'd really like our private zone network to really be private we don't want any non-NAT'ed 192.168.1.x traffic leaving the interface. Since ipfilter can't block traffic between zones because they use loopbacks we can just block the 192.168.1.x traffic and the zones can still talk.
The following /etc/ipf/ipf.conf defaults to deny.
# ipf.conf
# IP Filter rules to be loaded during startup
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
# INCOMING DEFAULT DENY
block in all
block return-rst in proto tcp all
# two open ports one of which is redirected in ipnat.conf
pass in quick on iprb0 proto tcp from any to any port = 22 flags S keep state keep frags
pass in quick on iprb0 proto tcp from any to any port = 2222 flags S keep state keep frags
# INCOMING PING
pass in quick on iprb0 proto icmp from any to 65.38.103.0/24 icmp-type 8 keep state
# INCOMING GLOBAL ZONE UNIX TRACEROUTE FIX PART 1
#pass in quick on iprb0 proto udp from any to 65.38.103.0/24 keep state
# OUTGOING RULES
block out all
# ALL INTERNAL TRAFFIC STAYS INTERNAL (Zones use non-filtered loopback)
# remove/edit as needed to actually talk to local private physical networks
block out quick from any to 192.168.0.0/16
block out quick from any to 172.16.0.0/12
block out quick from any to 10.0.0.0/8
block out quick from any to 0.0.0.0/8
block out quick from any to 127.0.0.0/8
block out quick from any to 169.254.0.0/16
block out quick from any to 192.0.2.0/24
block out quick from any to 204.152.64.0/23
block out quick from any to 224.0.0.0/3
# Allow traffic out the public interface on the public address
pass out quick on iprb0 from 65.38.103.1/32 to any flags S keep state keep frags
# OUTGOING PING
pass out quick on iprb0 proto icmp from 65.38.103.1/32 to any icmp-type 8 keep state
# Allow traffic out the public interface on the private address (needs nat and router arp hack)
pass out quick on iprb0 from 192.168.1.0/24 to any flags S keep state keep frags
# OUTGOING PING
pass out quick on iprb0 proto icmp from 192.168.1.0/24 to any icmp-type 8 keep state
# INCOMING TRACEROUTE FIX PART 2
#pass out quick on iprb0 proto icmp from 65.38.103.1/32 to any icmp-type 3 keep stateIf you want incoming and outgoing internet in your zones it is easier if you just give them public ips and setup a firewall in the global zone. If you have limited public ip address(I'm setting up a colocation 1u server) then you might take this approach. One of the best things about doing thing this way is that any software configured in the non-global zones will never be configured to listen on an ip address that might change if you change public ips.Instead of using the script as a legacy_run script, set it up in SMF.
First create the file /var/svc/manifest/system/ip-route-hack.xml with
the following
---Start---
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM
"/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
ident "@(#)ip-route-hack.xml 1.0 09/21/06"
-->
<service_bundle type='manifest' name='NATtrans:ip-route-hack'>
<service
name='system/ip-route-hack'
type='service'
version='1'>
<create_default_instance enabled='true' />
<single_instance />
<dependency
name='physical'
grouping='require_all'
type='service'
restart_on='none'>
<service_fmri value='svc:/network/physical:default' />
</dependency>
<dependency
name='loopback'
grouping='require_all'
type='service'
restart_on='none'>
<service_fmri value='svc:/network/loopback:default' />
</dependency>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/svc-ip-route-hack start'
timeout_seconds='0' />
<property_group name='startd' type='framework'>
<propval name='duration' type='astring'
value='transient' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>
Hack to allow zone to NAT translate.
</loctext>
</common_name>
<documentation>
<manpage
title='zones'
section='1M'
manpath='/usr/share/man' />
</documentation>
</template>
</service>
</service_bundle>
---End---
then modify /var/svc/manfiest/system/zones.xml and add the following
dependancy
---Start---
<dependency
name='inet-ip-route-hack'
type='service'
grouping='require_all'
restart_on='none'>
<service_fmri value='svc:/system/ip-route-hack' />
</dependency>
---End---
Finally create the file /lib/svc/method/svc-ip-route-hack with the
contents of S99zone_route_hack, minus the sleep timer (perms 0755). Run
'svccfg import /var/svc/manifest/system/ip-route-hack.xml' and 'svccfg
import /var/svc/manifest/system/zones.xml'.
This will guarantee that ip-route-hack is run before zones are started,
but after the interfaces are brought on line. It is worth noting that
zones.xml may get overwritten during a patch, so if it suddenly stops
working, that could be why. -
I'm having a problem involving IPv6 with stateless autoconfig on my network. I have a Cisco 800 series router and we have several VLAN interfaces each configured with an IPv6 prefix. The problem I'm noticing is that whenever any host on the network tries to start up with stateless autoconfig they immediately detect a duplicate address for whatever address they are trying to use.
I performed a packet capture and what I'm seeing is that when the host selects an IPv6 address to use, it performs the Neighbor Solicitation to check if the address is in use. I immediately see the exact same Neighbor Solicitation message echo'd back with the source MAC being the Cisco router. This causes the host to reject the address as a duplicate since it is receiving a Neigbor Soliciation for the same address it is attempting to use.
This happens on all of the VLANs I have configured for IPv6. The basic VLAN config is like this:
interface Vlan109
description Engineering VLAN
ip address .....
ip helper-address .....
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1300
ipv6 address HE-ENG ::/64 eui-64
ipv6 enable
ipv6 nd ra interval 60
Attached is a PCAP with some ICMPv6 traffic. You can see that the NS messages are duplicated and the source of the duplicates seems to be the Cisco router (70:ca:9b:e0:94:2e). Does anyone know what is going on here?Hi,
Under you interface val config can you try adding:-
int vlan 109
ipv6 address autoconfig
Worth a try
Regards
Alex -
I recently had a security system installed in my house. One of the features is an EPAD which enables me to have a virtual keypad on my iphone, and computer to operate the alarm system. The technician was not familiar with Mac's and Airports. How do I open port 80 to 80 in my airport and assign a fixed IP address for the EPAD? Apparently this is what is needed to make this work.
There are three ranges of "strictly local" IP addresses reserved for local Network use:
192.168.xxx.yyy
172.16.xxx.yyy
10.xxx.yyy.zzz
What your Router does for you is to act as your agent on the Internet.Your requests are packaged up and forwarded on your behalf, and only when a response is expected is the response returned to your local IP address.
Directing Network Traffic to a Specific Computer on Your
Network (Port Mapping)
AirPort Extreme uses Network Address Translation (NAT) to share a single IP address with the computers that join the AirPort Extreme network. To provide Internet access to several computers with one IP address, NAT assigns private IP addresses to each computer on the AirPort Extreme network, and then matches these addresses with port numbers. The wireless device creates a port-to-private IP address table entry when a computer on your AirPort (private) network sends a request for information to the Internet.
If you’re using a web, AppleShare, or FTP server on your AirPort Extreme network, other computers initiate communication with your server. Because the Apple wireless device has no table entries for these requests, it has no way of directing the information to the appropriate computer on your AirPort network.
To ensure that requests are properly routed to your web, AppleShare, or FTP server, you need to establish a permanent IP address for your server and provide inbound port mapping information to your Apple wireless device.
To set up inbound port mapping:
1) Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
2) Click the Advanced button, and then click Port Mapping.
3) Click the Add button and choose a service, such as Personal File Sharing, from the Service pop-up menu. -
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
Can I use Mackeeper to remove duplicate address book entries?
On my MacBook using OS 10.7.2 and iTunes 10.5.1, after syncing with iPad2 and iPod Touch I now have 3 and 4 copies of most Address Book entries ON MY MAC BOOK. Can I use Mackeeper to remove duplicates? No option to remove duplicates ever appeared during the sync process.
I suggest if you have MacKeeper install, that your first move be to uninstall it.
Here is a script to find duplicates in addressbook
http://hints.macworld.com/article.php?story=20060322202753429
Allan -
How to get rid of duplicate addresses all over the place?
Duplicate addresses appears all over the places: on my mac (in the mail program) and in my ios devices.
I suspect that it occurs during some synchronisation activities but how to get rid of this once and for all?
Thanks for your help. It helps also if some tell me that I am not alone in that kind of troubleiCloud- Resolving duplicate Contacts after setting up iCloud Contacts
-
NAT and Routed Network with Two ISP's on one router
I'm sure this has been done covered many times, but I am not finding it.
I have two ISP connections.
With ISP-A I have a /30 between us and 200.100.100.0/24 is routed to me via the /30 for thsi example we will say the /30 is 1.1.1.1 on isp end and 1.1.1.2 on my end
With ISP-B I have a 100.0.0.0/29 subnet. and the ISP gateway is on that subnet at 100.0.0.1
On the inside of my network I have devices using both 200.100.100.x addresses and devices on 192.168.100.x that need to use NAT.
I would like all of the devices on 200.100.100.x addresses to continue using ISP-A as their gateway.
Everything on 192.168.100.x should use NAT and go out ISP-B
I have tried
ip nat inside source route-map ISP-A interface GigabitEthernet0/1 overload
route-map ISP-B permit 10
match ip address 101
match interface GigabitEthernet0/1
set ip next-hop 100.0.0.1
route-map ISP-A permit 10
match ip address 111
match interface Multilink1
set ip next-hop 1.1.1.1
The problem comes when I have default routes to ISP-A in the router than none of the ISP-B traffic works, and vice versa.I think for this to work correctly and be able to split traffic between the 2 ISPs, you would need to use BGP, because default is going to use one ISP or the other.
If you can use BGP, this link will help you in load shearing between multiple ISPs when you have one router.
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html#conf4
HTH
Maybe you are looking for
-
Hi there. If I use itunes over home sharing in my house on 2 pc's, does it use data from my internet, or does it work over local home network?
-
Icon missing from System Preference on MacBook Pro. Please Help
The icon for my mail, contacts and calendars is no longer under my System Preferences. Can someone help me get it back? Thanks.
-
Set Field as text before exporting to excel
HELLO GURUS, i have a program which exports material numbers and other relevant data from sap tables to excel sheet. certain material numbers contain text 'E' in between the material number (Eg. 17700E0056). When such data is exported to excel, Excel
-
Export OLAP 11G AW/Cubes to OBIEE 11g
Hi Experts, If anyone has handled this assignment of exporting OLAP 11G AW/Cubes to OBIEE 11g, Please share all details. Currently we use BO for reporting requirements and before going ahead with OBIEE 11g would like to make sure there is not much of
-
Hi hussein/helios EBS R12.1.1 OEL 5.4 I am cloning our EBS and I got another error: [oratest@apps2 ~]$ cd /u02/oratest/TEST/db/tech_st/10.2.0/appsutil/clone/bin [oratest@apps2 bin]$ perl adcfgclone.pl dbTier Copyright (c) 2002 Or