L3VPN on Cisco ASR9001 IOS XF 4.3.1 (PE router)

Similar Messages

• Nexus 2K to Cisco 2960 IOS Switch

  Hi,
  I am trying to connect Nexus 2K FEX to Cisco 2960 IOS Switch (Trunk config) and causing spanning tree loop having issues. I am aware that I should't be connecting non host port to 2K FEX but it's corner case. I have done similar setup with Access Port configuration and didn't faced any issues.
  Nexus 5K config Config 
  interface Ethernet107/1/47
    switchport mode trunk
    switchport trunk allowed vlan 500-501
    spanning-tree guard root
    spanning-tree bpdufilter enable 
  interface Ethernet108/1/47
    switchport mode trunk
    switchport trunk allowed vlan 500-501
    spanning-tree guard root
    spanning-tree bpdufilter enable 
  2960-Config 
  interface GigabitEthernet1/0/47
    switchport mode trunk
    switchport trunk allowed vlan 500-501
   spanning-tree bpdufilter enable
  interface GigabitEthernet1/0/48
    switchport mode trunk
    switchport trunk allowed vlan 500-501
   spanning-tree bpdufilter enable
  Error Log
  %FWM-2-STM_LOOP_DETECT: Loops detected in the network for mac 001b.1700.0130 among ports Eth107/1/47
  Eth108/1/47 vlan 500 - Disabling dynamic learn notifications for 180 seconds 
  Should I configure port as "spanning-tree port type network" and create VPC and "storm-control broadcast level" to stop future occurrence?  OR Do i have to configure anything else to prevent spanning-tree loops? 
  Thanks for your help
  Ritesh

  Hi,
  spanning-tree port type network is used for VPC peer-link.  Try creating a new VPC and add ports 107/1/47 and 108/1/47 to it and a Portchannel on the 2960 and test.
  HTH

• Can't find the cisco mobile ios type

  hello,
  i use CCA version 3.2, i want to add a cisco mobile ios to the UC520 system so i installed the cisco jabber in my phone but when i tried to add  the extension line of the phone in CCA i don't find the type cisco mobile ios with what type can i define the android phone?

  Your question is a bit confusing, but it looks like you are asking what phone type you should choose for an android phone?
  Android is NOT supported as a Jabber client on the UC5XX series.
  iPhone is the only supported platform, and only the voice/voicemail component (no video or chat). iPad/Android/etc are NOT supported at all.
  -Dan
  Please rate useful posts.

• [SOLVED]Failure of the ZBF migration from cisco 2811 ios 12.4/K9 to 1941 ios 15/k9

  Hello to everyone,
  I write because I have decided to pass from a cisco 2811 with ios 12.4/k9 to a cisco 1941 ios 15/k9, migrating configuration I have a problem with the ZBF.
  I do not know if it's a problem of policy or differences between ios.
  Could someone help me please?
  Thank you all in advance
  Regards,
  Salvatore
  Update: Configuration modified and IOS upgrade.

  Salvatore,
  I don't know what problem exactly you face with your ZBF, but this may help you trbouleshooting your ZBF.
  http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080a63b94.shtml
  Thanks!

• Can I use the Cisco license transfer tool to rehost licenses from router 2900 to new router 2900? is not rma process

  Can I use the Cisco license transfer tool to rehost licenses from router 2900 to new router 2900? is not rma process
  thank you

  Yes you can. 
  Alternatively, you can email [email protected]

• Cisco SSL-VPN / webvpn with Cisco 2901 IOS 15.3.3M

  Dear Community,
  I have a strange issue that I am hoping some of you will be able to assist with.
  I am running an environment with the following specifications
  Cisco ISR G2 2901 with IOS 15.3.3M
  Security Licence enabled
  Data Licence enabled
  VPN Licence enabled
  Cisco ISR G2 2951 with IOS 15.3.3M
  Security Licence enabled
  Data Licence enabled
  SM with ESX server.
  Desktop Environment
  Windows XP SP3
  Internet Explorer 8
  Desktop Environment 2
  Windows 8
  Internet Explorer 10
  I have a ESX server set up with a web page on the 2951. The 2901 unit has a SSL VPN / web vpn service set up on it to allow the Desktop Environments to connect to the 2951 web page. The Desktop Environments are not allowed to directly connect to the 2951 router that is why the SSL-VPN / web vpn is used.
  This system was initially working with IOS 15.2.4M2 however an update of the IOS was required and now the VPN does not fully function correctly.
  PROBLEM: Now the webvpn interface loads with the welcome screen and login. After logging in it has a screen with a link to the webpage on the 2951. When I try open this webpage on the 2951 and the SSL-VPN starts to build I only get half my web page. There seems to be a problem where I only get half a page loading or just a blank page with just HTML headers. I have tried changing the page to just HTML but it still does not display properly. This is with Internet Explorer ( all versions ). With firefox there are no problems but I cannot run this browser as my environment will not allow it.
  If anyone can assit me here it would really make my day.
  Thanks,
  Will

  Can anyone help with this ?

• Cisco wlc ios 7.2 with clients windows 8 can not authenticate with 802.1x

  Hello my name is Ivan:
  I have a solution a unified solution wireless with a cisco wlc 7.2 and ap cisco. My issue is the follow:
  My users are using laptops with OS windows 8, and they can not access to the network wireless because they authenticate in to the network using 802.1x wpa/wpa2 with tkip or aes.
  I find a bug in the ios of the wlc. The number is CSCua29504. I would not to change the drivers in the laptop to join the users in to the solution.
  Please is possible to find any software to do the upgrade in the wlc? Or perhaps we need to do an upgrade in to cisco lightweight access point?
  Please help me in this issue.
  Regards
  Ivan

  Bug ID CSCua29504 has been fixed in WLC firmware 7.0.235.3, 7.3.101.X or 7.4.100.X.
  So if you are NOT running any one of these codes, then yes.  Upgrade your firmware is your solution.
  Fixed in:  (12)
  7.4(100.0),7.4(1.20),7.3(112.0),7.3(101.0),7.3(1.67)
  7.2(111.3),7.2(111.1),7.2(110.4),7.0(236.0),7.0(235.3)

• How do you backup a Cisco 2950 IOS image?

  I cant find anywhere on Cisco's website on how to do this or anywhere else for that matter.

  Hector,
  The copy tftp method is the most commonly used method to copy files from flash to a TFTP server or vice versa. But if you have CMS (cluster management suite) instlled on your flash, there will be an associated html folder and many other files that are extracted in flash. To upload these files, along with the IOS image, you will need to use the following command.
  archive upload-sw tftp:///IOS-CMS2950.tar
  This will compress all the files (IOS and CMS files) together in a tar (compressed) format and upload it to the TFTP server specified by
  Copying each of the above files individually will consume a lot of time.

• Cisco IOS XE is vulnerable to CVE-2014-0160 - aka Heartbleed CSCuo19730 on Cisco 4500E IOS XE?

  Hello Experts,
  I need to find out what exact IOS XE software version on Catalyst 4507E will affect by Heartbleed.
  Cisco WS-C4507R+E
  WS-X45-SUP7-E
  Thanks in advance.

  @apieper, looking at the bug details, it doesn't look like you are affected.
  Conditions:
  Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled. No other versions of Cisco IOS XE are affected.
  Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:
  transport-map type persistent webui http-webui
  secure-server
  ip http secure-server
  transport type persistent webui input http-webui
  Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S but WITHOUT the WebUI interface enabled, or with the WebUI interface enabled but NOT using HTTPs as transport protocol are NOT AFFECTED by this vulnerability.
  Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S and with the HTTPs server enabled (by including in their configuration the line "ip http secure-server") are NOT affected. Both the HTTPs server and the WebUI interface need to be enabled for a device to be vulnerable.

• Cisco ASA IOS vulnerabilities

  Hi All ,
  Is there any document or a tool to know the vulnerabilities in the
  a specific asa version with a specific release?or any site can help
  to search on it with a specific version.my version is 8.2(2)17

  jkickli wrote:Ahmed, curious if you ever figured this out? I clicked on the links above but as you stated earlier, these only list the most recent advisories and do not specifically tell you all of the vulnerabilities are by version. Obviously they have this available for IOS versions but can't seem to find it for ASA/Pix. Did you ever find it?
  Cisco Security Advisories and Responses or
  Security Intelligence Operations

• Cisco Mobile 8.0 vs Cisco Jabber (iOS)

  Strange problem that a few users on my campus started noticing, that I also have been able to replicate.  I can sit at my desk (approximately 15ft. from an access point) and make a call with Cisco Jabber.  The call will be dropped within 2 minutes consistently.  With the same server settings, etc. loaded into Cisco Mobile 8.0 I can make a call to the same number, from the same location and stay connected for 30 minutes or more (as long as I tested).  2 or 3 other iOS users have been able to replicate this problem.  At least 2 of us are on iOS 5 and I believe the 3rd user is on IOS 4.3.x.
  Ideas?
  Thanks
  ~Tom

  We're having this same issue.  We're running CUCM 8.0.3.  Cisco Mobile 8.x worked great - but the latest Jabber for iPhone (8.6.5.18781) is experiencing these issues.  We are also running iOS 5.1.1 (the latest).
  This is causing alot of frustration for our users as I'm sure it is for other people also.
  Thanks,
  Jon

• Cisco 2500 IOS?

  I purchased a Cisco router (2514)from eBay and it came with everything to hook this router up however I was wondering how I can tell what IOS it is running and how I can see what the latest version IOS is available for this router? The documentaion that came w/ the router shows a software v. of 12.2, ROM System Bootstrap v. 11.0(10c) but that means nothing to me since I am kind of jumping in head first.
  I found this URL but can't find the info I was looking for unless I missed it.
  Thanks for any help.

  If you do a sh version - for ex: the following is output of one of the router I have here..The ones in bold indicate the version of IOS running on router.
  Router>sh ver
  Cisco Internetwork Operating System Software
  IOS (tm) 3600 Software (C3640-IK9O3S-M), Version 12.2(15)T9, RELEASE SOFTWARE (
  fc2)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 1986-2003 by cisco Systems, Inc.
  Compiled Sat 01-Nov-03 02:47 by ccai
  Image text-base: 0x60008950, data-base: 0x61D88000
  ROM: System Bootstrap, Version 11.1(20)AA1, EARLY DEPLOYMENT RELEASE SOFTWARE (f
  c1)
  GDT3640Int uptime is 8 weeks, 5 days, 11 hours, 31 minutes
  System returned to ROM by bus error at PC 0x62395B58, address 0x4953444E at 22:5
  1:38 cdt Fri Oct 8 2004
  System restarted at 22:54:55 cdt Fri Oct 8 2004
  System image file is "flash:c3640-ik9o3s-mz.122-15.T9.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco 3640 (R4700) processor (revision 0x00) with 124928K/6144K bytes of memory.
  Processor board ID 14465801
  R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
  Bridging software.
  X.25 software, Version 3.0.0.
  SuperLAT software (copyright 1990 by Meridian Technology Corp).
  Primary Rate ISDN software, Version 1.1.
  Basic Rate ISDN software, Version 1.1.
  2 Ethernet/IEEE 802.3 interface(s)
  25 Serial network interface(s)
  1 ISDN Basic Rate interface(s)
  1 Channelized T1/PRI port(s)
  DRAM configuration is 64 bits wide with parity disabled.
  125K bytes of non-volatile configuration memory.
  24576K bytes of processor board System flash (Read/Write)
  Configuration register is 0x2102

• Cisco 1040 IOS to CAPWAP possible?

  I´m looking to a project where we want to start using Autonomous AP with possibility to change to controller based on near future.
  Will Cisco Aironet 1040 Series Access Points allow us to change from IOS to CAPWAP when needed? I read some posts about the oposite process (CAPWAP to IOS) so I think it´s possible on both way. Can some one confirm this to me?

  Hi,
  Here is the way we convert the AP from LWAPP to IOS  (make sure you are using the right image), example is for 1142 AP..
  The  image that is on the device is LWAPP one, not the autonomous..  if  you  want to use the AP in autonomous mode then the image should be  W7..   that is..
  c1140-k9w7-tar.124-21a.JY.tar not c1140-rcvk9w8-tar.124-23c.JA.tar
  I request you to do download any image from the below link and perform the conversion from LWAPP image to autonomous..
  http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=IOS+Software&mdfid=282439881&treeName=Wireless&mdfLevel=Model&url=null&modelName=Cisco+Aironet+1140+Access+Point&isPlatform=N&treeMdfId=278875243&modifmdfid=null&imname=&hybrid=Y&imst=N
  the methos to convert is..
  download TFTPd32 from google and install it on ur PC.. point the image that you have downloaded in the TFTP server..
  connect    a ethernet cable between ur laptop and AP.. both should be in the  same   subnet.. and connect a console cable and get the hyperterminal  console   access and issue the command.. make sure you are able to ping  the PC  and the AP and vice versa!!
  AP>en
  AP#debug lwapp console cli or debug capwap console cli
  AP#config t
  AP(confg)int fa 0
  AP(confg-if)ip addr (same subnet as that of the laptop)
  AP(confg-if)end
  AP#archieve download-sw /force-reload /overwrite tftp:///
  AP#archieve download-sw /force-reload /overwrite tftp://<10.0.0.5>/c1140-k9w7-tar.124-21a.JY.tar
  The above command will do it for you!!
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Is it possible to use a Cisco 2800 IOS H323 voice gateway for video conferencing over ISDN?

  I have seen this page and was wondering if what it says actually is possible and works? I also have got a CUCM 8.6 that I would like to use for call routing via my old 2600XM gatekeeper.
  http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/h320gw.html#wp1047659

  I have seen this page and was wondering if what it says actually is possible and works? I also have got a CUCM 8.6 that I would like to use for call routing via my old 2600XM gatekeeper.
  http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/h320gw.html#wp1047659

• Cisco 4500X IOS upgrade through ISSU

  Hi,
  I am having 2 number of cisco 4500x switch and configured with VSS
  so one switch is active and another switch is standby.
  I am panning to upgrade IOS through ISSU
  i read in document that it required auto boot enable in switch.
  My switch current Configuration register = 0x2101
  do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.
  Please help....

  Hello Tarun,
  Please find below the steps to perform the ISSU:
  ISSU Prerequisites
  Before one can perform an ISSU, there are a few prerequisites one must verify for a successful ISSU. The following list explains what is initially required.
  • Must be using a redundant Cisco Catalyst 4500 switch with symmetric hardware (that is, supervisors, memory, rommon, NFL daughter card, and so on).
  • Both new and old Cisco IOS Software images must be preloaded to the file system on both supervisors.
  • SSO must be configured and working properly.
  • Config register must be configured to autoboot (that is, the value should have a "2" in the lowest byte).
  45010R-203# sh bootvar | i register
  Configuration register is 0x2102
  Standby Configuration register is 0x2102
  Several commands are available to verify if SSO is enabled:
  4510R-203# sh module | b Redundancy
  Mod  Redundancy role     Operating mode      Redundancy status
  ----+-------------------+-------------------+-------------------
   1   Standby Supervisor   SSO                  Standby hot        
   2   Active Supervisor    SSO                 Active
  45010R-203# sh redundancy states 
         my state = 13 -ACTIVE 
       peer state = 8   -STANDBY HOT 
             Mode = Duplex
             Unit = Secondary
          Unit ID = 2
  Redundancy Mode (Operational) =  Stateful Switchover
  Redundancy Mode (Configured)  =  Stateful Switchover
  Redundancy State              =  Stateful Switchover
               <snip>
  4507R-ISSU# sh run | b redundancy
  redundancy
   mode  sso
  As a step prior to the beginning of the ISSU process, the new version of the Cisco IOS Software image needs to be loaded into both the active and standby supervisors' file systems. Both active and standby supervisor need to contain both the new and old images in the file system. In order to store both new and old images, the supervisors should be upgraded to contain sufficient amounts of flash memory prior to the ISSU process.
  The new images can be downloaded into both supervisors using commands such as:
  copy tftp: bootflash:
  copy tftp: slavebootflash: 
  The example below illustrates this verification:
  4510R-203#dir
  Directory of bootflash:/
  1  -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
  2  -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
  4510R-203#dir slavebootflash:
  Directory of slavebootflash:/
  1  -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
  2  -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1 
  Once this check is verified, one can now proceed with the ISSU process.
  The ISSU process is started by typing the "issu loadversion" command on the active supervisor. This command directs the active supervisor to begin the ISSU process. The active supervisor, through intersupervisor communications, checks that the requested image has been downloaded into both the active and standby supervisors' file systems. If the required images are not present, the command is rejected, and an appropriate warning is generated.
  If the "issu loadversion" command is successful, the switch transitions into the "Load Version" ISSU state. The standby supervisor will reset and boot with the new version of the Cisco IOS Software image loaded into the file system.
  The following actions take place when the command is implemented:
  1. The standby supervisor (B) is reset.
  2. The standby supervisor (B) is booted with the new Cisco IOS Software image: Release 12.2(31)SGA1.
  3. If both Cisco IOS Software images are declared as compatible, the standby supervisor moves into SSO mode and is fully stateful for all compatible clients and applications. Compatibility allows for in-service software upgrade or downgrade between two versions to succeed with minimal service effect.
  4. If both Cisco IOS Software images are incompatible, the system moves into RPR mode, and the ISSU process is terminated with an appropriate message to the user. Images are declared incompatible when "required" clients or applications are not interoperable between two Cisco IOS Software releases.
  5. Standby "B" reaches the standby HOT state.
  6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
  7. The "issu loadversion" command also supports a "forced" option that allows the operator to force the system into entering RPR mode when incompatibility is detected.
  Note: When performing an ISSU, disable manual switchovers. Performing manual switchovers during the issu process is strongly discouraged. The current implementation does not prevent it, but it does display a warning to the user.
  An example of the CLI for implementing the issu loadversion command is displayed below.
  On the active supervisor, one would issue the following command:
  4510R-203#issu loadversion 1 bootflash:cat4500-entservices-mz.122-31.SGA1 2 slavebootflash: cat4500-entservices-mz.122-31.SGA1
  Syntax - issu loadversion active-slot active-image-new standby-slot standby-image-new
  The second step of the ISSU process is to perform the issu runversion CLI.
  The user can issue the " issu runversion" command when:
  1. The ISSU state is "Load Version"; this can be verified with the "show issu state detail" CLI.
  2. The standby supervisor is running the new version of the software.
  3. The standby supervisor has moved into the "Standby Hot " state.
  The following actions take place when the " issu runversion" command is executed:
  1. A switchover occurs; that is, the standby (B) becomes the new active, and the old active (A) is rebooted and comes up as a standby.
  2. A timer called "Rollback Timer" is started with a previously configured value.
  3. Move both supervisors to "Run Version" state.
  4. If the command "issu acceptversion" is not issued before the "Rollback timer" fires, then the entire ISSU process is aborted via the automatic rollback.
  5. If the active supervisor console connectivity is established and the "issu acceptversion" command is issued, then the rollback timer is stopped.
  6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
  An example of the CLI for implementing the issu runversion command is displayed below:
  On the active supervisor, one would issue the following command:
  4510R-203#issu runversion 2 slavebootflash:cat4500-entservices-mz.122-31.SGA1
  Syntax - issu runversion standby-slot [standby-image-new]
  Prior to issuing the `issu acceptversion' command the system will be counting down the rollback timer. If `issu acceptversion' is not completed before rollback timer expires an automatic abort will occur. This command stops the "Rollback Timer." This command serves as a feedback mechanism. This is an optional command and can be skipped in the ISSU process with the "issu commitversion" CLI.
  If this command is not issued within 45 minutes (default) from the time the standby supervisor moves into the "Standby Hot" state, it is assumed that the new active supervisor is not reachable and the entire ISSU process is rolled back to the previous version of the software. The acceptversion is not intended for long-term network operation. It is also important to note that none of the features available on the new version will work yet.
  The following actions take place when the command is implemented:
  1. The "Rollback Timer" is terminated. This means that the rollback timer is not looked at anymore. Therefore, the system can run in this state for an extended period.
  2. The user has an option to abort the ISSU process by issuing the command "issu abortversion."
  Aborting the ISSU process now causes the newly active supervisor (B) to fail over to the standby supervisor (A) running the old image and will also cause the rebooting supervisor (B) to load the original image. The issu acceptversion halts the rollback timer and helps ensure the ISSU process is not automatically aborted during the process.
  An example of the CLI for implementing the issu acceptversion command is displayed below:
  On the "New" active supervisor, one would issue the following command:
  4510R-203#issu acceptversion 2
  % Rollback timer stopped. Please issue the commitversion command.
  Syntax - issu acceptversion active-slot-number
  This is the last stage of the ISSU procedure. Once the user is satisfied with the new version of software, this must be committed by issuing the "issu commitversion" command. This command resets the standby supervisor and boots it with a new version of the software (same as the active supervisor). This concludes the ISSU process, and the new version of software is permanently committed on both supervisors. Since this is the conclusion of the ISSU process, the system can not be reverted back to the previous version of the software from this point onward as a part of this upgrade cycle. However, if for any reason users wish to go back to the previous version of the software, they can do so by starting a new upgrade/downgrade process.
  The following actions take place if the command is implemented:
  1. The standby supervisor (A) is reset and booted with the new version of Cisco IOS Software image.
  2. The standby supervisor (A) moves into the "Standby Hot" state in SSO mode and is fully stateful for all clients/applications that are compatible.
  3. Both supervisors are moved into "Final State," which is the same as "Initial State."
  4. Users can initiate switchovers from this point onward.
  An example of the CLI for implementing the issu commitversion command is displayed below:
  4510R-203#issu commitversion 1
  Syntax - issu commitversion standby-slot-number
  ISSU Process: issu abortversion
  One can abort the ISSU process at any stage manually (prior to issuing the issu commitversion command) by issuing the exec-level issu abortversion command. The ISSU process also aborts on its own if the software detects a failure.
  If a user aborts the process after issuing the issu loadversion command, then the standby supervisor engine is reset and reloaded with the original software.
  If the process is aborted after a user enters either the issu runversion or issu acceptversion command, then a second switchover is performed to the new standby supervisor engine that is still running the original software version.
  The supervisor engine that had been running the new software is reset and reloaded with the original software version. The command is accepted only in "Load Version" or "Run Version" states. In "Load Version" state, the active supervisor is running an old image and the standby supervisor is running new image.
  Syntax - issu abortversion active-slot [active-image-new]
  Let me know if you have any questions.