MPLS Config Help
This is driving me insane, it's not a difficult problem, I have a loopback in the VRF on both cores, configurations were copy and pasted to ensure they were identical, BGP peer's are up, redistribution is working fine, but I cannot ping between the loopbacks!
I have 2 6509's, connected with a 802.1q trunk
Configuration:
ip vrf Testing
rd 111:1
route-target both 111:1
int vlan 400
ip address 10.65.65.2 255.255.255.0
mpls ip
int loopback 0
ip address 10.65.64.255
router eigrp 64
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
address-family ipv4 vrf Testing
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
default-metric 10000 100 255 1 1500
autonomous 111
redistribute bgp 65064
router bgp 65064
no auto-summ
no synch
network 0.0.0.0
neighbor R peer-group
neighbor R remote-as 65064
neighbor R update-source loop 0
neighbor 10.65.64.254 peer-group R
address-family vpnv4
neighbor 10.65.64.254 peer-group R
neighbor R send-community both
address-family ipv4 vrf Testing
no auto-summ
no synch
redistribute eigrp 111
int loopback 99
ip vrf forward Testing
ip address 10.111.1.1 255.255.255.0
Router 1:
show ip bgp neighbor:
BGP neighbor is 10.65.64.254, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.254
BGP state = Established, up for 03:36:33
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 2 1 (Consumes 68 bytes)
show ip route vrf Testing:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.111.2.0 is directly connected, Loopback99
C 10.111.22.0 is directly connected, Loopback98
B 10.111.1.0 [200/0] via 10.65.64.254, 03:38:30
show mpls ldp neigh:
Peer LDP Ident: 10.65.64.254:0; Local LDP Ident 10.65.64.255:0
TCP connection: 10.65.64.254.646 - 10.65.64.255.36970
State: Oper; Msgs sent/rcvd: 793/795; Downstream
Up time: 02:12:39
LDP discovery sources:
Vlan400, Src IP addr: 10.65.65.3
Router 2:
show ip bgp neighbor:
BGP neighbor is 10.65.64.255, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.255
BGP state = Established, up for 03:39:34
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 1 2 (Consumes 136 bytes)
Prefixes Total: 1 3
Implicit Withdraw: 0 1
Explicit Withdraw: 0 0
Used as bestpath: n/a 2
Used as multipath: n/a 0
show ip route vrf Testing:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
B 10.111.2.0 [200/0] via 10.65.64.255, 03:41:22
B 10.111.22.0 [200/0] via 10.65.64.255, 02:35:31
C 10.111.1.0 is directly connected, Loopback99
From router 2:
R2#ping vrf Testing 10.111.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R2#ping vrf Testing 10.111.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Thanks for the reply, even with specifying a source address within the VRF I am unable to successfully ping.
R1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 111:1 (Testing)
10.111.1.0/24 10.65.64.254 nolabel/26
10.111.2.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
10.111.22.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
The forwarding detail is actually a large output (several hundred interfaces active on this router), so I grabbed the Testing VRF and a random label:
26 Pop Label IPv4 VRF[V] 0 aggregate/Testing
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: Testing
No output feature configured
31 No Label 10.6.16.0/24 0 Po1 10.64.1.254
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 0 4 8 12
No Label 10.6.16.0/24 0 Vl488 10.66.80.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 1 5 9 13
No Label 10.6.16.0/24 0 Vl493 10.66.85.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 2 6 10 14
No Label 10.6.16.0/24 0 Vl505 10.66.97.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 3 7 11 15
R1#show mpls int detail
Interface Vlan400:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
R1#show ip cef vrf Testing 10.111.1.1 detail
10.111.1.0/24, epoch 3, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.254 label 26
nexthop 10.64.1.254 Port-channel1 unusable: no label
R2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 111:1 (Testing)
10.111.1.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
10.111.2.0/24 10.65.64.255 nolabel/26
10.111.22.0/24 10.65.64.255 nolabel/26
26 Pop Label IPv4 VRF[V] 0 aggregate/Testing
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: Testing
No output feature configured
37 No Label 10.6.124.0/24 0 Se7/1/1 point2point
MAC/Encaps=4/4, MRU=4474, Label Stack{}
0F000800
No output feature configured
R2#show mpls int detail
Interface Vlan400:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
R2#show ip cef vrf Testing 10.111.2.1 detail
10.111.2.0/24, epoch 5, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.255 label 26
nexthop 10.64.1.253 Port-channel1 unusable: no label
Similar Messages
-
I want to create one scenario using L3 VPN MPLS.Can any one tell me what config is require on R1,R2,R3,R4 in MPLS cloud.
So that i can ping CE2 from CE1.
Pls find the attachment.
Thanx.....Hello Arjun,
the following steps are required:
a) building the network infrastructure using an IGP: for example OSPF
Allocate /32 loopbacks on all R1-R4.
For example:
Ri : Loop0 ip address 10.250.250.i/32
int loop0
ip address 10.250.250.i 255.255.255.255
desc loop used as LDP router-id, BGP RID
network infrastructure:
let's suppose we use 10.10.10.0/24 with subnettting for all backbone links between R1-R4
OSPF config
router ospf 10
router-id 10.250.250.i
network 10.10.10.0 0.0.0.255 area 0
network 10.250.250.i 0.0.0.0 area 0
verify you can ping from loopback to loopback using extended ping
b) enable MPLS on all routers
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loop0 force
on all backbone interfaces with ip addresses in 10.10.10.0/24 add
int type x/y
mpls ip
verify again connectivity of loopbacks
verify with
sh mpls forwarding 10.250.250.i
what action is associated to each loopback
c) enable iBGP multiprotocol
let's use AS 65000
router bgp 65000
bgp router-id 10.250.250.i
no bgp default ipv4-unicast
neigh 10.250.250.j remote-as 65000
neigh 10.250.250.j update-source loop0
! do it for all three other routers
address-family vpnv4
neigh 10.250.250.j activate
neigh 10.250.250.j send-community both
! again do this for all three routers
use
sh ip bgp vpvn4 all summary to check
every router should see 0 prefixes from the other three
d) create the VRF
ip vrf TEST
rd 65000:101
route-target export 65000:1001
router-targer import 65000:1001
associate the link to CE with the VRF
int type x/y
ip vrf forwarding TEST
! caution you need to retype the ip address command as desired
router bgp 65000
address-family ipv4 vrf TEST
red connected
no sync
do this on both R1 and R2
now if you do
sh ip bgp v a s you should 1 prefix advertised by R1 and 1 by R2.
Note:
there can be some syntax errors
I wrote on the fly
Edit:
to be able to ping from LAN to LAN you need to decide how PE and CE should communicate.
the simplest solutions are:
static routes
or an eBGP session to be configured on the PE side under
router bgp 65000
address-family ipv4 vrf TEST
for static routes:
red static
for eBGP session:
neighbor CE-address remote-as 65200
for static routes the keyword vrf TEST has to be added to the command
Hope to help
Giuseppe -
Airport General Config Help Required
I've got a wireless Thomson broadband router hooked up downstairs running DHCP server, and upstairs I've got an airport extreme configured in bridge mode. I've got a MAC Mini directly ethernet cabled to the AE.
I can connect to the internet from the Mac, but cannot see a couple of ethernet devices connected to the remaining two AE ethernet ports (Windows Home Server and Buffalo Linkstation).
I can change the config so that the AE acts as the DHCP server, am then able to use WHS and the Linkstation, but not internet.
Can anyone give me any pointers as to how to configure it up (if at all possible). Does the AE need to be hard wired to the router?
ThanksHello Sai Narayana,
Our client wants to implement whole travel management in ESS, I am new to SAP travel management, Could you please help me in starting the configuration of create travel request, which node the master cost center is configured. I looked under financial accounting->travel management->Travel Planning and Travel Expenses but couldnt figure out where the travel request will be configured. We are using ECC 6.0. Your help is very much appreciated as I am doing configuration alone i dont have any other help.
I have question regading Travel Planning if we want to implement travel planning do we have to use AMADEUS or can we integrate the clients present used travel link to R/3 using RFCs.
Regards,
Latha -
Autonomous 1231/1242 Radius Config Help. What is this not working?
Hey Guys,
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
And all help is appreciated.
Thanks,
Scott
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname TKS-AP1231-ICTServices
enable secret 5 $1$Izyg$qXSRYpFDI9ZX6F50vDrku0
clock timezone K 10
clock summer-time K recurring
ip subnet-zero
ip domain lookup source-interface BVI1
ip domain name domain.com.au
ip name-server 172.16.###.###
ip name-server 172.16.###.###
aaa new-model
aaa group server radius rad_eap
server 172.16.###.### auth-port 1812 acct-port 1813
ip radius source-interface BVI1
aaa group server tacacs+ tac_admin
aaa group server radius infrastructure
aaa group server radius clients
aaa group server radius central_auth
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa group server radius rad_eap1
server-private 172.16.###.### auth-port 1812 acct-port 1813 key 7 060D062F4B5D1B18045GHW1E0718
server 172.16.###.### auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login method_infrastructure group infrastructure
aaa authentication login method_clients group clients
aaa authentication login method_Central group central_auth local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa authorization exec method_Central group central_auth local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 vlan-name Conference vlan 150
dot11 ssid RadiusTest
vlan 18
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
dot11 ssid Staff
vlan 17
authentication open
authentication key-management wpa optional
wpa-psk ascii 7 055E5F5E0555401B161003171928013C22272D6B6370
dot11 ssid Student
vlan 16
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 02575102282A2323434F1B1D0C1915595A5C
dot11 network-map
dot11 arp-cache optional
username ########## privilege 15 password 7 ###################
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 17 mode ciphers tkip wep40
encryption vlan 16 mode ciphers tkip
encryption vlan 18 mode ciphers aes-ccm tkip
ssid RadiusTest
ssid Staff
ssid Student
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
no power client local
power client 50
power local cck 50
power local ofdm 20
channel 2437
station-role root
interface Dot11Radio0.6
encapsulation dot1Q 6 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 16
bridge-group 16 subscriber-loop-control
bridge-group 16 port-protected
bridge-group 16 block-unknown-source
no bridge-group 16 source-learning
no bridge-group 16 unicast-flooding
bridge-group 16 spanning-disabled
interface Dot11Radio0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
bridge-group 17 subscriber-loop-control
bridge-group 17 port-protected
bridge-group 17 block-unknown-source
no bridge-group 17 source-learning
no bridge-group 17 unicast-flooding
bridge-group 17 spanning-disabled
interface Dot11Radio0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 18
bridge-group 18 subscriber-loop-control
bridge-group 18 block-unknown-source
no bridge-group 18 source-learning
no bridge-group 18 unicast-flooding
bridge-group 18 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.6
encapsulation dot1Q 6 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 16
no bridge-group 16 source-learning
bridge-group 16 spanning-disabled
interface FastEthernet0.17
encapsulation dot1Q 17
no ip route-cache
bridge-group 17
no bridge-group 170 source-learning
bridge-group 17 spanning-disabled
interface FastEthernet0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 18
no bridge-group 18 source-learning
bridge-group 18 spanning-disabled
interface BVI1
ip address 172.16.#.### 255.255.255.192
no ip route-cache
ip default-gateway 172.16.#.###
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging history debugging
snmp-server view iso iso included
snmp-server community KingsRO RO
snmp-server community KingsWr1t3 RW
snmp-server trap-source BVI1
snmp-server location ###
snmp-server contact ############################################
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server host 172.16.###.## version 2c cisco udp-port 1620
radius-server host 172.16.###.### auth-port 1812 acct-port 1813 key ##########################
bridge 1 route ip
wlccp ap username wds password #################
wlccp authentication-server infrastructure method_infrastructure
wlccp authentication-server client any method_clients
banner login ^C
^C
line con 0
line vty 0 4
sntp server 172.16.###.###
sntp server 172.16.###.###
sntp server 172.16.###.###
sntp broadcast client
endYou configured your WDS to use empty radius methods. There's no much point to this apart from breaking your setup.
Remove all 3 "wlccp" commands. I suggest to have your normal radius working before you try and do WDS.
If behavior is still the same, then it means that the radius server has to get a request if the clients are proposed EAP-TLS and they are looking for a certificate to authenticate with ...
Did you pre-configure a profile on the client ? Did you configure them for PEAP ? EAP-TLS ? Which method do you allow on your radius server.
Nicolas -
Small photo studio needs config help
We are a small photo studio and we are about to purchase an xSERVE with 4 500GB drives and add drives to the system as time goes on. I need some advice on the best way to set it up and config it.
We will be using the xSERVE RAID attached via fibre to a new G5 Tower which will be connected to a gigbit switch. The switch has 3 computers connected @ gigabit. The xSERVE RAID will store all photography jobs currently in post-production and after post is complete the jobs will move off this system and be archived using another system to save space on the RAID.
3 users (computers) will need to access the RAID to edit the RAW files (15MB/each) jobs and work on photoshop files for retouching. We generate a lot of information and can produce as much as 50 GB / day of shooting. For these jobs we can shoot as many as 7 days in a row, so that would be 350 GB just for the RAW files. We then might retouch 150 files from that job or more depending on the client.
So my main questions would be how to best set up the RAID and different components? I think RAID 5 would be a good solution. But what other setup/config options should I be considering?
I know this is not an easy answer and there are multiple options. But if you could be as kind to give some different options/scenarios, I would greatly appreciate it.
I think its neat that the mac community supports these forums and they have been extremely helpful.
Thank you mac people.
Mac OS X (10.4.7) all computers are running OSX 10.4.7I like RAID5 for it's ability to tolerate losing a drive without losing data. One thing that you have to account for is that the price for that you pay for surviving a drive failure is 25% of your disk space. In other words, once you take these four drives and make them into a RAID5, you can expect to have ~1.5TB available. So you may want to add a 5th drive. Personally, as cheap as drives are, I'd put the full 7 in.
You really don't have enough client machines to bother with a lot of the esoteric stuff. A simple RAID5 gives you durability and enough speed that the network will be the speed bottleneck.
As you get into these larger filesystems, backups and disaster recovery become much more challenging because of the time it takes to handle massive amounts of data.
Roger -
I need to configure our Cisco Aironet 1200's for multiple VLANs. VLAN101 is for public use & VLAN2 is for employees only. Existing config is attached.
I need:
1. To disable the broadcast of VLAN2's SSID so that only VLAN101 shows up in the SSID list for visitors. Right now both are showing up.
2. To ensure the WEP key is setup correctly for VLAN2
Thanks in advance for your help!So are you saying both SSID's are currently broadcasting?
I would delete and re-create your client configurations. I don't think it's on the AP side. -
I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
hostname pixfirewall
domain-name jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted
no names
interface Ethernet0
nameif outside
security-level 0
ip address 24.234.xxx.xxx 255.255.255.224
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
shutdown
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 68.105.28.16
name-server 68.105.29.16
domain-name jkkcc.com
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxx eq smtp
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxx eq www
access-list ouside-acl extended permit tcp any host 24.234.xxx.xxxeq https
pager lines 24
mtu outside 1500
mtu inside 1500
mtu exchange 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image flash:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp 192.168.2.22 smtp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.2.22 https netmask 255.255.255.255
static (inside,outside) tcp interface www 192.168.2.22 www netmask 255.255.255.255
access-group ouside-acl in interface outside
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 24.234.118.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.0.20.0 255.255.255.248 inside
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:abd41b3df257873d44a6fc1545ae4418
: endHello,
Yes I know what the problem is
the Cipher used by the web browser is not the same than the one the ASA uses.
You will need to get the des/aes license and then change the SSL cipher
Unfortunatelly I do not have the link with me, but as soon as I has it ( tomorrow morning as maximum) I will give it to you
100 % sure this will solve your problem.
EDIT: Here is the link to get the license you need ( it will be for free)
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
After installing the license please add the following command:
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
Finally test it one more time! That should do it
DO rate all the helpful posts
Julio -
Hi All,
we need to create 2 communication channels from SCOT to transfer emails,
from one all the emails go via SMTP installed on local unix server
only for one destination (ex:abc a thotmail.com), email needs to be sent to specific SMTP which has encryption
is it possible from SCOT?
if not can we do it at config file of SMTP on unix server?
please let me know if we have any other way to do this
Thanks
SamratHi,
Refer link http://help.sap.com/saphelp_470/helpdata/en/af/73563c1e734f0fe10000000a114084/content.htm
Also ensure that Mail server allows SMTP relaying from SAP Server IP address.
Regards,
Deepak Kori -
please give me ESS and MSS config. docs and info docs too
http://help.sap.com/saphelp_erp60_sp/helpdata/en/f6/263359f8c14ef98384ae7a2becd156/frameset.htm
https://forums.sdn.sap.com/click.jspa?searchID=22541873&messageID=6683999
/message/6229160#6229160 [original link is broken]
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/208974c1-b4c2-2b10-cbb4-eac704d7b707 -
Hello all,
I am having 2 offices. 1 is my headoffice & other is my Branch Office.
I am having MPLS Connectivity at both ends & Internet Connectivity at Head office.
I am Having Cisco RV042 Routers at both ends. At my Head Office I terminated MPLS & Internet Link on RV042 & then i am having CISCO ASA 5510 Firewall.
I want to connect my 2 offices using MPLS & want my Branch office should get internet connetivity from my Headoffice Only Through MPLS.
& As i am having ASA 5510 a @ my Head office I want my Branch office traffic should follow the rules appliedin ASA Which is @ my Head office.
Head office LAN : 192.168.0.0/24
Branch Office LAN : 192.168.1.0 /24
Please Help me....indy suggests you chat online with a engineer, which is a good idea.
Since you have both RV042 communicating on a MPLS network. and there is no need for the routers to anything but route then I am wondering if the RV042 are in gateway mode (the default) or router mode ?
Router mode will disable the NAT and firewall (i believe) and just allow IP routing between the two networks. I think this is the better mode for just routing between networks. Allow the ASA to perform the NATting and firewall.
A default route at the far end router and a static route pointing to the remote router . I have no idea of the gateway adresses or RV042 WAN addresses, so my screen capture below of the HQ router looks a but exaggerated. The HQ router also needs a default route that point to the ASA5505 as the next hop. But your question lacks a topology diagram that better explains your setup.
I have shown a screen capture using old software on the RV042 that shows the section you may have to adjust.
At least it's something to think about and try, before you chat with a technician
regards Dave -
I searched the forums but I'm still a little lost. Trying to build xarchiver.
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for pkg-config... no
checking for PACKAGE... configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Now, the search on the forums told me I need to make sure the .pc file is in my package config path. However, I don't know what .pc file I'm looking for. Thanks for the help.[root@workstation64 andyrtr]# pacman -Qo /usr/bin/pkg-config
/usr/bin/pkg-config is owned by pkgconfig 0.19-1
So "pacman -Sy pkgconfig" should solve it. -
I just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access. Would anyone be able to please help resolve the issue for me?
Pix515E config:
pixfirewall# show run
: Saved
PIX Version 8.0(4)32
hostname pixfirewall
domain-name home.jkkcc.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
nameif DMZ
security-level 50
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns server-group DefaultDNS
domain-name home.jkkcc.com
pager lines 24
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:c7359e3905dd13a5aa1a1c0e85a91f52
: end
3745 Config:
3745-Internet#show run
Building configuration...
Current configuration : 2248 bytes
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname 3745-Internet
boot-start-marker
boot system flash:
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
memory-size iomem 25
no network-clock-participate slot 2
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.150
ip dhcp pool HOME-Network
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.127 192.168.1.128
ip dhcp pool home-network
ip domain name www.jkkcc.com
ip name-server 192.168.2.127
multilink bundle-name authenticated
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
username woodjl1650 privilege 15 password 0 henry999
archive
log config
hidekeys
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 10.0.20.2 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface Serial0/0
description $FW_INSIDE$
ip address 10.0.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description $FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface Serial0/1
description $FW_INSIDE$
ip address 10.0.10.2 255.255.255.248
ip nat inside
ip virtual-reassembly
router eigrp 1
network 10.0.0.0
network 192.168.0.0
network 192.168.2.0
network 192.168.4.0
auto-summary
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 15 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.21 80 interface FastEthernet0/0 80
ip nat inside source list 104 interface FastEthernet0/0 overload
access-list 15 permit 10.0.8.0 0.0.7.255
access-list 15 permit 192.168.4.0 0.0.0.255
access-list 104 permit ip any any
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps tty
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet
webvpn cef
endEverything seems to be working fine now, except one last issue. I can ping my exchange server. Do you see anything wrong or why my ping would not go through? I can ping 10.0.20.1 (Pix Ethernet 1) and I can ping from all my computers to the 10.0.20.1 but not I get this when trying to ping 10.0.30.1
C:\Users\Exchange>ping 10.0.30.1
Pinging 10.0.30.1 with 32 bytes of data:
Reply from 10.0.30.3: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Ping statistics for 10.0.30.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Exchange = 10.0.30.3 255.255.255.248
Pix Ethernet 2 (exchange) = 10.0.30.1 255.255.255.248
Current Config:
PIX Version 8.0(4)32
hostname pixfirewall
domain-name home.jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted
names
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
interface Ethernet2
nameif exchange
security-level 100
ip address 10.0.30.1 255.255.255.248
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.2.127
name-server 192.168.2.22
domain-name home.jkkcc.com
access-list inbound extended permit tcp any host 68.224.242.13 eq www
access-list inbound extended permit tcp any host 68.224.242.13 eq smtp
pager lines 24
mtu outside 1500
mtu inside 1500
mtu exchange 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
asdm image flash:/asdm-61551.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (exchange) 1 0.0.0.0 0.0.0.0
static (exchange,outside) tcp interface smtp 10.0.30.3 smtp netmask 255.255.255.
255
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
service-policy global_policy global
prompt hostname context
Cryptochecksum:3672d254988d246453e4be381a198858
: end
pixfirewall# -
B1UP Validation Config - help please
Hi Experts
I would like to create a validation on Sales Order for when a customer has a particular payment terms of Cash Basic.
In these cases I need users to record the method of payment on a UDF called U_CashBasicType
The UDF has a linked table and 7 options (not including blank) - BA, CA, CC, CH, OK, RP, VO
I would like SAP to throw an error message when the customer is cash basic (GroupNum field 139.47)
I have so far created a B1 Validation Config in Add/Update form mode on event Validate
The SQL condition is:
IF(SELECT GroupNum FROM OCRD WHERE CARDCODE=$[$4.0.0]) =-1 and ordr.U_CashBasicType is NULL)
BEGIN
SELECT 'CASH BASIC' FOR BROWSE
END
the function to execute is a simple status bar error which block the event.
All looks okay to me but it doesn't see to run when the customer is cash basic and the UDF is blank (null)
Any ideas what I'm doing wrong?
Fairly new to B1UP and my only training has been through the samples on the Boyum website (not great!) so apologies if this is an obvious fix.
Best Regards
GeoffHi Geoff,
i thing you want to Stop the Sales Order let suppose Payment Terms Is 'Net-30' And UDF is Null So
IF (ordr.[GroupNum]=-1 and isnull(ordr.U_Fetch,-1)=-1 )
BEGIN
SELECT 'CASH BASIC' FOR BROWSE
END
You can Also do it on the Back end in Transaction Notification SP ...
I Hope this may be Helpful .
Regards,
Mayank Shah -
Hi friends
I have installed HFM, shared services, Reporting and Analysis and -reporting and analysis UI IN xp I HAVE 2 GB RAM AND 2.4 GHZ PROCESSOR
I need help for HFM configuration utility.
i have hard time and don't understand where exactly i need to link the below sources
APPLICATION SERVER
1) C:\Hyperion\FinancialManagement\Server Working Folder
WEBSERVER tab
web directories
1) webservice installation directory
2) file transfer directory
3) URL for 1) financial reporting,
2) web analysis,
3) planning,
4) HAL translation manager URL and fianlly
5) financial data management URL
PLEASE DO HELP ME TO CONFIGURE THIS APPLICATION.APPLICATION SERVER
1) C:\Hyperion\FinancialManagement\Server Working Folder
This is the folder where all of your database files for each application will be stored. You will need to specify a datalink file in the next field down entitled “Database link file.” This will be a .UDL file if you are using Windows Servers.
WEBSERVER tab
web directories
1) webservice installation directory
2) file transfer directory
These are the webroot directories that correspond to your IIS virtual directories (file location for your website)
3) URL for 1) financial reporting,
2) web analysis,
3) planning,
4) HAL translation manager URL and fianlly
5) financial data management URL
Depending on which application and web servers you chose, these URL’s and port numbers should already have been configured in the Configuration Utility after the installation, so unless you are using HAL or FDM, you shouldn’t have to supply a URL here. If you haven’t configured them, you should do so in the Configuration Utility at Start | Programs | Hyperion | Foundation Services | Configuration Utility and not here. -
Hello Guru's,
I am new to IS-U and i have 3 years SD & BI Experience. I have been hired as a ISU-Billing & Invoicing consultant. Kindly helo me in this matter as i require guidence as to from where i should start for a better understanding about the whole isu process.
Best regards,
Shahzad
Moderator note - emailed OP to look at sticky threads Research Resources and Rules of Engagement for help documentation.
Edited by: William Eastman on Jun 8, 2010 3:59 PM
Edited by: William Eastman on Jun 8, 2010 4:08 PMHello Guru's,
I am new to IS-U and i have 3 years SD & BI Experience. I have been hired as a ISU-Billing & Invoicing consultant. Kindly helo me in this matter as i require guidence as to from where i should start for a better understanding about the whole isu process.
Best regards,
Shahzad
Moderator note - emailed OP to look at sticky threads Research Resources and Rules of Engagement for help documentation.
Edited by: William Eastman on Jun 8, 2010 3:59 PM
Edited by: William Eastman on Jun 8, 2010 4:08 PM
Maybe you are looking for
-
Is there a way to get around an embed conflict with a spark Label components and mx.Alert component? I have embedded the Arial font in to my application: @font-face { src:url("c:/windows/fonts/arial.ttf"); fontFamily: Arial; embedAsCFF: true
-
My music has a ! in front has ! in front of it and says it can't find it how do i get it back already look in my downloads its about 50 songs.
-
Hi I need to set password for transaction code(co11n) while entering the command field. Is there any user exit of badi etc.. or any idea with regards Anand kumar
-
Installed itunes update 10.5.0.142 and now get the error message "Disc Burner or Software Not Found" when trying to burn playlist to disc. Windows 7
-
After updating to iOS 7.0.4 the phone wants to set up. I choose I-tunes, it syncronises but then nothing else happens. I can't reach anything, I can't pass this step even though I can see at my computer that it syncronises. Hope someone knows what to