Nhrp issue
my company uses dmvpn to connect with branch,but sometime when i “show ip nhrp bri " , i got some issus ,
the show information
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.3/32 192.168.96.3 incomplete
192.168.96.4/32 192.168.96.4 incomplete
192.168.96.5/32 192.168.96.5 incomplete
192.168.96.6/32 192.168.96.6 incomplete
192.168.96.7/32 192.168.96.7 incomplete
192.168.96.8/32 192.168.96.8 incomplete
192.168.96.9/32 192.168.96.9 incomplete
192.168.96.10/32 192.168.96.10 incomplete
192.168.96.11/32 192.168.96.11 incomplete
192.168.96.12/32 192.168.96.12 incomplete
192.168.96.13/32 192.168.96.13 incomplete
192.168.96.14/32 192.168.96.14 incomplete
192.168.96.15/32 192.168.96.15 incomplete
192.168.96.16/32 192.168.96.16 incomplete
192.168.96.17/32 192.168.96.17 incomplete
192.168.96.18/32 192.168.96.18 incomplete
192.168.96.19/32 192.168.96.19 incomplete
192.168.96.20/32 192.168.96.20 incomplete
192.168.96.21/32 192.168.96.21 incomplete
192.168.96.22/32 192.168.96.22 incomplete
192.168.96.23/32 192.168.96.23 incomplete
192.168.96.24/32 192.168.96.24 incomplete
192.168.96.25/32 192.168.96.25 incomplete
192.168.96.27/32 192.168.96.27 incomplete
192.168.96.28/32 192.168.96.28 incomplete
192.168.96.29/32 192.168.96.29 incomplete
192.168.96.30/32 192.168.96.30 incomplete
192.168.96.31/32 192.168.96.31 incomplete
192.168.96.32/32 192.168.96.32 incomplete
192.168.96.33/32 192.168.96.33 incomplete
192.168.96.34/32 192.168.96.34 incomplete
192.168.96.35/32 192.168.96.35 incomplete
192.168.96.36/32 192.168.96.36 incomplete
192.168.96.37/32 192.168.96.37 incomplete
192.168.96.38/32 192.168.96.38 incomplete
192.168.96.39/32 192.168.96.39 incomplete
192.168.96.40/32 192.168.96.40 incomplete
192.168.96.41/32 192.168.96.41 incomplete
192.168.96.42/32 192.168.96.42 incomplete
192.168.96.43/32 192.168.96.43 incomplete
192.168.96.44/32 192.168.96.44 incomplete
192.168.96.45/32 192.168.96.45 incomplete
192.168.96.46/32 192.168.96.46 incomplete
192.168.96.47/32 192.168.96.47 incomplete
192.168.96.48/32 192.168.96.48 incomplete
192.168.96.49/32 192.168.96.49 incomplete
192.168.96.50/32 192.168.96.50 incomplete
192.168.96.51/32 192.168.96.51 incomplete
192.168.96.52/32 192.168.96.52 incomplete
192.168.96.53/32 192.168.96.53 incomplete
192.168.96.54/32 192.168.96.54 incomplete
192.168.96.55/32 192.168.96.55 incomplete
192.168.96.56/32 192.168.96.56 incomplete
192.168.96.57/32 192.168.96.57 incomplete
192.168.96.58/32 192.168.96.58 incomplete
192.168.96.59/32 192.168.96.59 incomplete
192.168.96.60/32 192.168.96.60 incomplete
192.168.96.61/32 192.168.96.61 incomplete
192.168.96.62/32 192.168.96.62 incomplete
192.168.96.63/32 192.168.96.63 incomplete
192.168.96.64/32 192.168.96.64 incomplete
192.168.96.65/32 192.168.96.65 incomplete
192.168.96.66/32 192.168.96.66 incomplete
192.168.96.67/32 192.168.96.67 incomplete
192.168.96.68/32 192.168.96.68 incomplete
192.168.96.69/32 192.168.96.69 incomplete
192.168.96.70/32 192.168.96.70 incomplete
192.168.96.71/32 192.168.96.71 incomplete
192.168.96.72/32 192.168.96.72 incomplete
192.168.96.73/32 192.168.96.73 incomplete
192.168.96.74/32 192.168.96.74 incomplete
192.168.96.75/32 192.168.96.75 incomplete
192.168.96.76/32 192.168.96.76 incomplete
192.168.96.77/32 192.168.96.77 incomplete
192.168.96.78/32 192.168.96.78 incomplete
192.168.96.79/32 192.168.96.79 incomplete
192.168.96.80/32 192.168.96.80 incomplete
192.168.96.81/32 192.168.96.81 incomplete
192.168.96.82/32 192.168.96.82 incomplete
192.168.96.83/32 192.168.96.83 incomplete
192.168.96.84/32 192.168.96.84 incomplete
192.168.96.85/32 192.168.96.85 incomplete
192.168.96.86/32 192.168.96.86 incomplete
192.168.96.87/32 192.168.96.87 incomplete
192.168.96.88/32 192.168.96.88 incomplete
192.168.96.89/32 192.168.96.89 incomplete
192.168.96.90/32 192.168.96.90 incomplete
192.168.96.91/32 192.168.96.91 incomplete
192.168.96.92/32 192.168.96.92 incomplete
192.168.96.93/32 192.168.96.93 incomplete
192.168.96.94/32 192.168.96.94 incomplete
192.168.96.95/32 192.168.96.95 incomplete
192.168.96.96/32 192.168.96.96 incomplete
192.168.96.97/32 192.168.96.97 incomplete
192.168.96.98/32 192.168.96.98 incomplete
192.168.96.99/32 192.168.96.99 incomplete
192.168.96.100/32 192.168.96.100 incomplete
192.168.96.101/32 192.168.96.101 incomplete
192.168.96.102/32 192.168.96.102 incomplete
192.168.96.103/32 192.168.96.103 incomplete
192.168.96.104/32 192.168.96.104 incomplete
192.168.96.105/32 192.168.96.105 incomplete
192.168.96.106/32 192.168.96.106 incomplete
192.168.96.107/32 192.168.96.107 incomplete
192.168.96.108/32 192.168.96.108 incomplete
192.168.96.109/32 192.168.96.109 incomplete
192.168.96.110/32 192.168.96.110 incomplete
192.168.96.111/32 192.168.96.111 incomplete
192.168.96.112/32 192.168.96.112 incomplete
192.168.96.113/32 192.168.96.113 incomplete
192.168.96.114/32 192.168.96.114 incomplete
192.168.96.115/32 192.168.96.115 incomplete
192.168.96.116/32 192.168.96.116 incomplete
192.168.96.117/32 192.168.96.117 incomplete
192.168.96.118/32 192.168.96.118 incomplete
192.168.96.119/32 192.168.96.119 incomplete
192.168.96.120/32 192.168.96.120 incomplete
192.168.96.121/32 192.168.96.121 incomplete
192.168.96.122/32 192.168.96.122 incomplete
192.168.96.123/32 192.168.96.123 incomplete
192.168.96.124/32 192.168.96.124 incomplete
192.168.96.125/32 192.168.96.125 incomplete
192.168.96.126/32 192.168.96.126 incomplete
192.168.96.127/32 192.168.96.127 incomplete
192.168.96.128/32 192.168.96.128 incomplete
192.168.96.129/32 192.168.96.129 incomplete
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
192.168.96.137/32 192.168.96.137 incomplete
192.168.96.138/32 192.168.96.138 incomplete
192.168.96.139/32 192.168.96.139 incomplete
192.168.96.140/32 192.168.96.140 incomplete
192.168.96.141/32 192.168.96.141 incomplete
192.168.96.142/32 192.168.96.142 incomplete
192.168.96.143/32 192.168.96.143 incomplete
192.168.96.144/32 192.168.96.144 incomplete
192.168.96.145/32 192.168.96.145 incomplete
192.168.96.146/32 192.168.96.146 incomplete
192.168.96.147/32 192.168.96.147 incomplete
192.168.96.148/32 192.168.96.148 incomplete
192.168.96.149/32 192.168.96.149 incomplete
192.168.96.150/32 192.168.96.150 incomplete
192.168.96.151/32 192.168.96.151 incomplete
192.168.96.152/32 192.168.96.152 incomplete
192.168.96.153/32 192.168.96.153 incomplete
192.168.96.154/32 192.168.96.154 incomplete
192.168.96.155/32 192.168.96.155 incomplete
192.168.96.156/32 192.168.96.156 incomplete
192.168.96.157/32 192.168.96.157 incomplete
192.168.96.158/32 192.168.96.158 incomplete
192.168.96.159/32 192.168.96.159 incomplete
192.168.96.160/32 192.168.96.160 incomplete
192.168.96.161/32 192.168.96.161 incomplete
192.168.96.162/32 192.168.96.162 incomplete
192.168.96.163/32 192.168.96.163 incomplete
192.168.96.164/32 192.168.96.164 incomplete
192.168.96.165/32 192.168.96.165 incomplete
192.168.96.166/32 192.168.96.166 incomplete
192.168.96.167/32 192.168.96.167 incomplete
192.168.96.168/32 192.168.96.168 incomplete
192.168.96.169/32 192.168.96.169 incomplete
192.168.96.170/32 192.168.96.170 incomplete
192.168.96.171/32 192.168.96.171 incomplete
192.168.96.172/32 192.168.96.172 incomplete
192.168.96.173/32 192.168.96.173 incomplete
192.168.96.174/32 192.168.96.174 incomplete
192.168.96.175/32 192.168.96.175 incomplete
192.168.96.176/32 192.168.96.176 incomplete
192.168.96.177/32 192.168.96.177 incomplete
192.168.96.178/32 192.168.96.178 incomplete
192.168.96.179/32 192.168.96.179 incomplete
192.168.96.180/32 192.168.96.180 incomplete
192.168.96.181/32 192.168.96.181 incomplete
192.168.96.182/32 192.168.96.182 incomplete
192.168.96.183/32 192.168.96.183 incomplete
192.168.96.184/32 192.168.96.184 incomplete
192.168.96.185/32 192.168.96.185 incomplete
192.168.96.186/32 192.168.96.186 incomplete
192.168.96.187/32 192.168.96.187 incomplete
192.168.96.188/32 192.168.96.188 incomplete
192.168.96.189/32 192.168.96.189 incomplete
192.168.96.190/32 192.168.96.190 incomplete
192.168.96.191/32 192.168.96.191 incomplete
192.168.96.192/32 192.168.96.192 incomplete
192.168.96.193/32 192.168.96.193 incomplete
192.168.96.194/32 192.168.96.194 incomplete
192.168.96.195/32 192.168.96.195 incomplete
192.168.96.196/32 192.168.96.196 incomplete
192.168.96.197/32 192.168.96.197 incomplete
192.168.96.198/32 192.168.96.198 incomplete
192.168.96.199/32 192.168.96.199 incomplete
192.168.96.200/32 192.168.96.200 incomplete
192.168.96.201/32 192.168.96.201 incomplete
192.168.96.202/32 192.168.96.202 incomplete
192.168.96.203/32 192.168.96.203 incomplete
192.168.96.204/32 192.168.96.204 incomplete
192.168.96.205/32 192.168.96.205 incomplete
192.168.96.206/32 192.168.96.206 incomplete
192.168.96.207/32 192.168.96.207 incomplete
192.168.96.208/32 192.168.96.208 incomplete
192.168.96.209/32 192.168.96.209 incomplete
192.168.96.210/32 192.168.96.210 incomplete
192.168.96.211/32 192.168.96.211 incomplete
192.168.96.212/32 192.168.96.212 incomplete
192.168.96.213/32 192.168.96.213 incomplete
192.168.96.214/32 192.168.96.214 incomplete
192.168.96.215/32 192.168.96.215 incomplete
192.168.96.216/32 192.168.96.216 incomplete
192.168.96.217/32 192.168.96.217 incomplete
192.168.96.218/32 192.168.96.218 incomplete
192.168.96.219/32 192.168.96.219 incomplete
192.168.96.220/32 192.168.96.220 incomplete
192.168.96.221/32 192.168.96.221 incomplete
192.168.96.222/32 192.168.96.222 incomplete
192.168.96.223/32 192.168.96.223 incomplete
192.168.96.224/32 192.168.96.224 incomplete
192.168.96.225/32 192.168.96.225 incomplete
192.168.96.226/32 192.168.96.226 incomplete
192.168.96.227/32 192.168.96.227 incomplete
192.168.96.228/32 192.168.96.228 incomplete
192.168.96.229/32 192.168.96.229 incomplete
192.168.96.231/32 192.168.96.231 incomplete
192.168.96.232/32 192.168.96.232 incomplete
192.168.96.233/32 192.168.96.233 incomplete
192.168.96.234/32 192.168.96.234 incomplete
192.168.96.235/32 192.168.96.235 incomplete
192.168.96.236/32 192.168.96.236 incomplete
192.168.96.237/32 192.168.96.237 incomplete
192.168.96.238/32 192.168.96.238 incomplete
192.168.96.239/32 192.168.96.239 incomplete
192.168.96.240/32 192.168.96.240 incomplete
192.168.96.241/32 192.168.96.241 incomplete
192.168.96.242/32 192.168.96.242 incomplete
192.168.96.243/32 192.168.96.243 incomplete
192.168.96.244/32 192.168.96.244 incomplete
192.168.96.245/32 192.168.96.245 incomplete
192.168.96.246/32 192.168.96.246 incomplete
192.168.96.247/32 192.168.96.247 incomplete
192.168.96.248/32 192.168.96.248 incomplete
192.168.96.249/32 192.168.96.249 incomplete
192.168.96.250/32 192.168.96.250 incomplete
192.168.96.251/32 192.168.96.251 incomplete
192.168.96.252/32 192.168.96.252 incomplete
192.168.96.253/32 192.168.96.253 incomplete
192.168.96.254/32 192.168.96.254 incomplete
usually, when i show the same information after a while ,the nhrp get the normal
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.132/32 192.168.96.132 incomplete
192.168.96.133/32 192.168.96.133 incomplete
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
why this happened ,top players , thx~~~~~
pradeepde,
Thank you very much for your response. I think you may be right, I have upgraded the IOS to a maintenance release 12.4.15T9 and this does appear to have fixed the problem.
Thanks again
Similar Messages
-
I have a phase 2 DMVPN network with approx 40 spoke routers and dual hub routers. 90% of this is working very well. However I have 3 or 4 spoke routers that are unable to communicate with each other directly (traffic goes via the hub router between these specific sites) however they are able to coomunicate directly with the other 35 or so routers. I think this is an NHRP issue as when I do show ip nhrp detail on one of these 4 routers, the other 3 routers display a (no socket) entry. I am able to clear this "sometimes" by clear ip nhrp. Whenever the (no scoket) entry is there spoke to spoke communication does not work. Any help would be greatly appreciated.
pradeepde,
Thank you very much for your response. I think you may be right, I have upgraded the IOS to a maintenance release 12.4.15T9 and this does appear to have fixed the problem.
Thanks again -
my company uses dmvpn to connect with branch,but sometime when i “show ip nhrp bri " , i got some issus ,
the show information
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.3/32 192.168.96.3 incomplete
192.168.96.4/32 192.168.96.4 incomplete
192.168.96.5/32 192.168.96.5 incomplete
192.168.96.6/32 192.168.96.6 incomplete
192.168.96.7/32 192.168.96.7 incomplete
192.168.96.8/32 192.168.96.8 incomplete
192.168.96.9/32 192.168.96.9 incomplete
192.168.96.10/32 192.168.96.10 incomplete
192.168.96.11/32 192.168.96.11 incomplete
192.168.96.12/32 192.168.96.12 incomplete
192.168.96.13/32 192.168.96.13 incomplete
192.168.96.14/32 192.168.96.14 incomplete
192.168.96.15/32 192.168.96.15 incomplete
192.168.96.16/32 192.168.96.16 incomplete
192.168.96.17/32 192.168.96.17 incomplete
192.168.96.18/32 192.168.96.18 incomplete
192.168.96.19/32 192.168.96.19 incomplete
192.168.96.20/32 192.168.96.20 incomplete
192.168.96.21/32 192.168.96.21 incomplete
192.168.96.22/32 192.168.96.22 incomplete
192.168.96.23/32 192.168.96.23 incomplete
192.168.96.24/32 192.168.96.24 incomplete
192.168.96.25/32 192.168.96.25 incomplete
192.168.96.27/32 192.168.96.27 incomplete
192.168.96.28/32 192.168.96.28 incomplete
192.168.96.29/32 192.168.96.29 incomplete
192.168.96.30/32 192.168.96.30 incomplete
192.168.96.31/32 192.168.96.31 incomplete
192.168.96.32/32 192.168.96.32 incomplete
192.168.96.33/32 192.168.96.33 incomplete
192.168.96.34/32 192.168.96.34 incomplete
192.168.96.35/32 192.168.96.35 incomplete
192.168.96.36/32 192.168.96.36 incomplete
192.168.96.37/32 192.168.96.37 incomplete
192.168.96.38/32 192.168.96.38 incomplete
192.168.96.39/32 192.168.96.39 incomplete
192.168.96.40/32 192.168.96.40 incomplete
192.168.96.41/32 192.168.96.41 incomplete
192.168.96.42/32 192.168.96.42 incomplete
192.168.96.43/32 192.168.96.43 incomplete
192.168.96.44/32 192.168.96.44 incomplete
192.168.96.45/32 192.168.96.45 incomplete
192.168.96.46/32 192.168.96.46 incomplete
192.168.96.47/32 192.168.96.47 incomplete
192.168.96.48/32 192.168.96.48 incomplete
192.168.96.49/32 192.168.96.49 incomplete
192.168.96.50/32 192.168.96.50 incomplete
192.168.96.51/32 192.168.96.51 incomplete
192.168.96.52/32 192.168.96.52 incomplete
192.168.96.53/32 192.168.96.53 incomplete
192.168.96.54/32 192.168.96.54 incomplete
192.168.96.55/32 192.168.96.55 incomplete
192.168.96.56/32 192.168.96.56 incomplete
192.168.96.57/32 192.168.96.57 incomplete
192.168.96.58/32 192.168.96.58 incomplete
192.168.96.59/32 192.168.96.59 incomplete
192.168.96.60/32 192.168.96.60 incomplete
192.168.96.61/32 192.168.96.61 incomplete
192.168.96.62/32 192.168.96.62 incomplete
192.168.96.63/32 192.168.96.63 incomplete
192.168.96.64/32 192.168.96.64 incomplete
192.168.96.65/32 192.168.96.65 incomplete
192.168.96.66/32 192.168.96.66 incomplete
192.168.96.67/32 192.168.96.67 incomplete
192.168.96.68/32 192.168.96.68 incomplete
192.168.96.69/32 192.168.96.69 incomplete
192.168.96.70/32 192.168.96.70 incomplete
192.168.96.71/32 192.168.96.71 incomplete
192.168.96.72/32 192.168.96.72 incomplete
192.168.96.73/32 192.168.96.73 incomplete
192.168.96.74/32 192.168.96.74 incomplete
192.168.96.75/32 192.168.96.75 incomplete
192.168.96.76/32 192.168.96.76 incomplete
192.168.96.77/32 192.168.96.77 incomplete
192.168.96.78/32 192.168.96.78 incomplete
192.168.96.79/32 192.168.96.79 incomplete
192.168.96.80/32 192.168.96.80 incomplete
192.168.96.81/32 192.168.96.81 incomplete
192.168.96.82/32 192.168.96.82 incomplete
192.168.96.83/32 192.168.96.83 incomplete
192.168.96.84/32 192.168.96.84 incomplete
192.168.96.85/32 192.168.96.85 incomplete
192.168.96.86/32 192.168.96.86 incomplete
192.168.96.87/32 192.168.96.87 incomplete
192.168.96.88/32 192.168.96.88 incomplete
192.168.96.89/32 192.168.96.89 incomplete
192.168.96.90/32 192.168.96.90 incomplete
192.168.96.91/32 192.168.96.91 incomplete
192.168.96.92/32 192.168.96.92 incomplete
192.168.96.93/32 192.168.96.93 incomplete
192.168.96.94/32 192.168.96.94 incomplete
192.168.96.95/32 192.168.96.95 incomplete
192.168.96.96/32 192.168.96.96 incomplete
192.168.96.97/32 192.168.96.97 incomplete
192.168.96.98/32 192.168.96.98 incomplete
192.168.96.99/32 192.168.96.99 incomplete
192.168.96.100/32 192.168.96.100 incomplete
192.168.96.101/32 192.168.96.101 incomplete
192.168.96.102/32 192.168.96.102 incomplete
192.168.96.103/32 192.168.96.103 incomplete
192.168.96.104/32 192.168.96.104 incomplete
192.168.96.105/32 192.168.96.105 incomplete
192.168.96.106/32 192.168.96.106 incomplete
192.168.96.107/32 192.168.96.107 incomplete
192.168.96.108/32 192.168.96.108 incomplete
192.168.96.109/32 192.168.96.109 incomplete
192.168.96.110/32 192.168.96.110 incomplete
192.168.96.111/32 192.168.96.111 incomplete
192.168.96.112/32 192.168.96.112 incomplete
192.168.96.113/32 192.168.96.113 incomplete
192.168.96.114/32 192.168.96.114 incomplete
192.168.96.115/32 192.168.96.115 incomplete
192.168.96.116/32 192.168.96.116 incomplete
192.168.96.117/32 192.168.96.117 incomplete
192.168.96.118/32 192.168.96.118 incomplete
192.168.96.119/32 192.168.96.119 incomplete
192.168.96.120/32 192.168.96.120 incomplete
192.168.96.121/32 192.168.96.121 incomplete
192.168.96.122/32 192.168.96.122 incomplete
192.168.96.123/32 192.168.96.123 incomplete
192.168.96.124/32 192.168.96.124 incomplete
192.168.96.125/32 192.168.96.125 incomplete
192.168.96.126/32 192.168.96.126 incomplete
192.168.96.127/32 192.168.96.127 incomplete
192.168.96.128/32 192.168.96.128 incomplete
192.168.96.129/32 192.168.96.129 incomplete
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
192.168.96.137/32 192.168.96.137 incomplete
192.168.96.138/32 192.168.96.138 incomplete
192.168.96.139/32 192.168.96.139 incomplete
192.168.96.140/32 192.168.96.140 incomplete
192.168.96.141/32 192.168.96.141 incomplete
192.168.96.142/32 192.168.96.142 incomplete
192.168.96.143/32 192.168.96.143 incomplete
192.168.96.144/32 192.168.96.144 incomplete
192.168.96.145/32 192.168.96.145 incomplete
192.168.96.146/32 192.168.96.146 incomplete
192.168.96.147/32 192.168.96.147 incomplete
192.168.96.148/32 192.168.96.148 incomplete
192.168.96.149/32 192.168.96.149 incomplete
192.168.96.150/32 192.168.96.150 incomplete
192.168.96.151/32 192.168.96.151 incomplete
192.168.96.152/32 192.168.96.152 incomplete
192.168.96.153/32 192.168.96.153 incomplete
192.168.96.154/32 192.168.96.154 incomplete
192.168.96.155/32 192.168.96.155 incomplete
192.168.96.156/32 192.168.96.156 incomplete
192.168.96.157/32 192.168.96.157 incomplete
192.168.96.158/32 192.168.96.158 incomplete
192.168.96.159/32 192.168.96.159 incomplete
192.168.96.160/32 192.168.96.160 incomplete
192.168.96.161/32 192.168.96.161 incomplete
192.168.96.162/32 192.168.96.162 incomplete
192.168.96.163/32 192.168.96.163 incomplete
192.168.96.164/32 192.168.96.164 incomplete
192.168.96.165/32 192.168.96.165 incomplete
192.168.96.166/32 192.168.96.166 incomplete
192.168.96.167/32 192.168.96.167 incomplete
192.168.96.168/32 192.168.96.168 incomplete
192.168.96.169/32 192.168.96.169 incomplete
192.168.96.170/32 192.168.96.170 incomplete
192.168.96.171/32 192.168.96.171 incomplete
192.168.96.172/32 192.168.96.172 incomplete
192.168.96.173/32 192.168.96.173 incomplete
192.168.96.174/32 192.168.96.174 incomplete
192.168.96.175/32 192.168.96.175 incomplete
192.168.96.176/32 192.168.96.176 incomplete
192.168.96.177/32 192.168.96.177 incomplete
192.168.96.178/32 192.168.96.178 incomplete
192.168.96.179/32 192.168.96.179 incomplete
192.168.96.180/32 192.168.96.180 incomplete
192.168.96.181/32 192.168.96.181 incomplete
192.168.96.182/32 192.168.96.182 incomplete
192.168.96.183/32 192.168.96.183 incomplete
192.168.96.184/32 192.168.96.184 incomplete
192.168.96.185/32 192.168.96.185 incomplete
192.168.96.186/32 192.168.96.186 incomplete
192.168.96.187/32 192.168.96.187 incomplete
192.168.96.188/32 192.168.96.188 incomplete
192.168.96.189/32 192.168.96.189 incomplete
192.168.96.190/32 192.168.96.190 incomplete
192.168.96.191/32 192.168.96.191 incomplete
192.168.96.192/32 192.168.96.192 incomplete
192.168.96.193/32 192.168.96.193 incomplete
192.168.96.194/32 192.168.96.194 incomplete
192.168.96.195/32 192.168.96.195 incomplete
192.168.96.196/32 192.168.96.196 incomplete
192.168.96.197/32 192.168.96.197 incomplete
192.168.96.198/32 192.168.96.198 incomplete
192.168.96.199/32 192.168.96.199 incomplete
192.168.96.200/32 192.168.96.200 incomplete
192.168.96.201/32 192.168.96.201 incomplete
192.168.96.202/32 192.168.96.202 incomplete
192.168.96.203/32 192.168.96.203 incomplete
192.168.96.204/32 192.168.96.204 incomplete
192.168.96.205/32 192.168.96.205 incomplete
192.168.96.206/32 192.168.96.206 incomplete
192.168.96.207/32 192.168.96.207 incomplete
192.168.96.208/32 192.168.96.208 incomplete
192.168.96.209/32 192.168.96.209 incomplete
192.168.96.210/32 192.168.96.210 incomplete
192.168.96.211/32 192.168.96.211 incomplete
192.168.96.212/32 192.168.96.212 incomplete
192.168.96.213/32 192.168.96.213 incomplete
192.168.96.214/32 192.168.96.214 incomplete
192.168.96.215/32 192.168.96.215 incomplete
192.168.96.216/32 192.168.96.216 incomplete
192.168.96.217/32 192.168.96.217 incomplete
192.168.96.218/32 192.168.96.218 incomplete
192.168.96.219/32 192.168.96.219 incomplete
192.168.96.220/32 192.168.96.220 incomplete
192.168.96.221/32 192.168.96.221 incomplete
192.168.96.222/32 192.168.96.222 incomplete
192.168.96.223/32 192.168.96.223 incomplete
192.168.96.224/32 192.168.96.224 incomplete
192.168.96.225/32 192.168.96.225 incomplete
192.168.96.226/32 192.168.96.226 incomplete
192.168.96.227/32 192.168.96.227 incomplete
192.168.96.228/32 192.168.96.228 incomplete
192.168.96.229/32 192.168.96.229 incomplete
192.168.96.231/32 192.168.96.231 incomplete
192.168.96.232/32 192.168.96.232 incomplete
192.168.96.233/32 192.168.96.233 incomplete
192.168.96.234/32 192.168.96.234 incomplete
192.168.96.235/32 192.168.96.235 incomplete
192.168.96.236/32 192.168.96.236 incomplete
192.168.96.237/32 192.168.96.237 incomplete
192.168.96.238/32 192.168.96.238 incomplete
192.168.96.239/32 192.168.96.239 incomplete
192.168.96.240/32 192.168.96.240 incomplete
192.168.96.241/32 192.168.96.241 incomplete
192.168.96.242/32 192.168.96.242 incomplete
192.168.96.243/32 192.168.96.243 incomplete
192.168.96.244/32 192.168.96.244 incomplete
192.168.96.245/32 192.168.96.245 incomplete
192.168.96.246/32 192.168.96.246 incomplete
192.168.96.247/32 192.168.96.247 incomplete
192.168.96.248/32 192.168.96.248 incomplete
192.168.96.249/32 192.168.96.249 incomplete
192.168.96.250/32 192.168.96.250 incomplete
192.168.96.251/32 192.168.96.251 incomplete
192.168.96.252/32 192.168.96.252 incomplete
192.168.96.253/32 192.168.96.253 incomplete
192.168.96.254/32 192.168.96.254 incomplete
usually, when i show the same information after a while ,the nhrp get the normal
3925VPN#sho ip nhrp bri
Target Via NBMA Mode Intfc Claimed
192.168.96.2/32 192.168.96.2 58.22.127.76 dynamic Tu100 < >
192.168.96.130/32 192.168.96.130 180.213.2.250 dynamic Tu100 < >
192.168.96.131/32 192.168.96.131 202.100.251.242 dynamic Tu100 < >
192.168.96.132/32 192.168.96.132 incomplete
192.168.96.133/32 192.168.96.133 incomplete
192.168.96.134/32 192.168.96.134 219.143.238.165 dynamic Tu100 < >
192.168.96.135/32 192.168.96.135 221.226.40.34 dynamic Tu100 < >
192.168.96.136/32 192.168.96.136 180.166.39.6 dynamic Tu100 < >
why this happened ,top players , thx~~~~~pradeepde,
Thank you very much for your response. I think you may be right, I have upgraded the IOS to a maintenance release 12.4.15T9 and this does appear to have fixed the problem.
Thanks again -
Hello, i am working with 871w and i am trying to switch form ip inspect to zone-based firewall. Below are the class-maps, policy-map, zone-pairs, zones, and ACLs. The issues i am having is that onces i depoly the ZBF, i can not get ip via DHCP. Please review and suggest any impovements or fixes needed?
class-map type inspect match-any Egress-Filter match access-group name egress-filter
class-map type inspect match-any Guest_Protocols match protocol http
match protocol https match protocol dns
class-map type inspect match-any Ingress-Filter match access-group name ingress-filter
class-map type inspect match-any All_Protocols match protocol tcp
match protocol udp match protocol icmp
class-map type inspect match-all DHCP-Allow match access-group name dhcp-allow
policy-map type inspect Self_to_Internet class type inspect Egress-Filter
inspect
class class-default
drop log
policy-map type inspect Internet_to_Self class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_To_Self class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Guest_to_Internet class type inspect Guest_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Guest class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_to_Self class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Trusted class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Trusted_to_Internet class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Trusted class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Guest_to_Self class type inspect All_Protocols inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Guest
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
zone-pair security Trusted->Internet source Trusted destination Internet service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet service-policy type inspect Guest_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted service-policy type inspect Internet_to_Trusted
zone-pair security Internet->Guest source Internet destination Guest service-policy type inspect Internet_to_Guest
zone-pair security Self->Internet source self destination Internet service-policy type inspect Self_to_Internet
zone-pair security Internet->Self source Internet destination self service-policy type inspect Internet_to_Self
zone-pair security Self->Trusted source self destination Trusted service-policy type inspect Self_to_Trusted
zone-pair security Trusted->Self source Trusted destination self service-policy type inspect Trusted_to_Self
zone-pair security Self->Guest source self destination Guest service-policy type inspect Self_to_Guest
zone-pair security Guest->Self source Guest destination self service-policy type inspect Guest_to_Self
zone security Trustedzone security Guestzone security Internet
ip access-list extended NAT deny ip 192.168.16.0 0.0.0.63 192.168.16.64 0.0.0.15
permit ip any any
ip access-list extended dhcp-allow permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any eq bootpc any
ip access-list extended egress-filter permit ip <REMOVED> 0.0.0.2 any
remark ----- Junk Traffic -----
deny ip any host <REMOVED>
deny ip any host <REMOVED>
deny ip host <REMOVED> any
deny ip host <REMOVED> any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip any any
ip access-list extended ingress-filter remark ----- Allow access from work
permit ip <REMOVED> 0.0.0.127 any
permit ip <REMOVED 0.0.0.31 any
permit ip <REMOVED> 0.0.0.255 any
permit esp any host <REMOVED>
permit gre any host <REMOVED>
permit udp any host <REMOVED> eq isakmp
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc deny icmp any any
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host <REMOVED>
deny ip any host <REMOVED>
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip <REMOVED> 0.0.0.3 any
deny ip any anyRunning Config
! Last configuration change at 05:24:59 AZT Sun Feb 19 2012 by asucrews
! NVRAM config last updated at 05:25:57 AZT Sun Feb 19 2012 by asucrews
version 12.4
configuration mode exclusive auto expire 600
parser cache
no service log backtrace
no service config
no service exec-callback
service nagle
service slave-log
no service slave-coredump
no service pad to-xot
no service pad from-xot
no service pad cmns
no service pad
no service telnet-zeroidle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service exec-wait
service linenumber
no service internal
no service scripting
no service compress-config
service prompt config
no service old-slip-prompts
service pt-vty-logging
no service disable-ip-fast-frag
service sequence-numbers
hostname rtwan
boot-start-marker
boot-end-marker
logging exception 4096
logging count
no logging message-counter log
no logging message-counter debug
logging message-counter syslog
no logging snmp-authfail
no logging userinfo
logging buginf
logging queue-limit 100
logging queue-limit esm 0
logging queue-limit trap 100
logging buffered 65536
no logging persistent
logging rate-limit 512 except critical
logging console guaranteed
logging console critical
logging monitor debugging
logging on
enable secret 5
enable password 7
aaa new-model
aaa group server radius rad_eap
server auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa accounting network acct_methods
action-type start-stop
group rad_acct
aaa session-id common
memory-size iomem 10
clock timezone AZT -7
clock save interval 8
errdisable detect cause all
errdisable recovery interval 300
dot11 syslog
dot11 activity-timeout unknown default 60
dot11 activity-timeout client default 60
dot11 activity-timeout repeater default 60
dot11 activity-timeout workgroup-bridge default 60
dot11 activity-timeout bridge default 60
dot11 ssid guestonpg
vlan 2
authentication open
authentication key-management wpa optional
guest-mode
wpa-psk ascii 7
dot11 ssid playground
vlan 1
authentication open
authentication key-management wpa optional
wpa-psk ascii 7
dot11 aaa csid default
no ip source-route
no ip gratuitous-arps
ip icmp redirect subnet
ip spd queue threshold minimum 73 maximum 74
ip options drop
ip dhcp bootp ignore
ip dhcp excluded-address 192.168.16.33 192.168.16.40
ip dhcp excluded-address 192.168.16.1 192.168.16.7
ip dhcp pool vlan1pool
import all
network 192.168.16.0 255.255.255.224
default-router 192.168.16.1
domain-name jeremycrews.home
lease 4
ip dhcp pool vlan2pool
import all
network 192.168.16.32 255.255.255.224
default-router 192.168.16.33
domain-name guest.jeremycrews.home
lease 0 6
ip cef
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
no ip bootp server
no ip domain lookup
ip domain name jeremycrews.home
ip host rtwan.jeremycrews.home 192.168.16.1 192.168.16.33
ip host ap1.jeremycrews.home 192.168.16.2 192.168.16.34
ip host ap2.jeremycrews.home 192.168.16.3 192.168.16.35
ip host ap3.jeremycrews.home 192.168.16.4 192.168.16.36
ip host ooma.jeremycrews.home 192.168.16.5
ip host xbox.jeremycrews.home 192.168.16.6
ip host wii.jeremycrews.home 192.168.16.7
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip accounting-threshold 100
ip accounting-list 192.168.16.0 0.0.0.31
ip accounting-list 192.168.16.32 0.0.0.31
ip accounting-transits 25
ip igmp snooping vlan 1
ip igmp snooping vlan 1 mrouter learn pim-dvmrp
ip igmp snooping vlan 2
ip igmp snooping vlan 2 mrouter learn pim-dvmrp
ip igmp snooping
login block-for 120 attempts 5 within 60
login delay 5
login on-failure log
parameter-map type inspect log
audit-trail on
dot1x system-auth-control
memory free low-watermark processor 65536
memory free low-watermark IO 16384
file prompt alert
emm clear 1b5b324a1b5b303b30480d
vtp file flash:vlan.dat
vtp mode server
vtp version 1
username privilege 15 password 7
username privilege 15 password 7
no crypto isakmp diagnose error
archive
log config
no record rc
logging enable
no logging persistent reload
no logging persistent
logging size 255
notify syslog contenttype plaintext
no notify syslog contenttype xml
hidekeys
path tftp://192.168.16.12/rtwan-config
maximum 10
no rollback filter adaptive
rollback retry timeout 0
write-memory
time-period 10080
scripting tcl low-memory 28965007
scripting tcl trustpoint untrusted terminate
no scripting tcl secure-mode
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh break-string ~break
ip ssh logging events
ip ssh version 2
ip ssh dh min size 1024
class-map type inspect match-any Egress-Filter
match access-group name egress-filter
class-map type inspect match-any Guest_Protocols
match protocol http
match protocol https
match protocol dns
match protocol bootpc
match protocol bootps
class-map type inspect match-any Ingress-Filter
match access-group name ingress-filter
class-map type inspect match-any All_Protocols
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all DHCP-Allow
match access-group name dhcp-allow
policy-map type inspect Self_to_Internet
class type inspect Egress-Filter
inspect
class class-default
drop log
policy-map type inspect Internet_to_Self
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Self_To_Self
class class-default
drop log
policy-map type inspect Trusted_To_Self
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Guest_to_Internet
class type inspect Guest_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Guest
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Trusted_to_Self
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Self_to_Trusted
class type inspect All_Protocols
inspect
class type inspect DHCP-Allow
pass
class class-default
drop log
policy-map type inspect Trusted_to_Internet
class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Internet_to_Trusted
class type inspect Ingress-Filter
inspect
class class-default
drop log
policy-map type inspect Guest_to_Self
class type inspect All_Protocols
inspect
class class-default
drop log
policy-map type inspect Self_to_Guest
class type inspect All_Protocols
inspect
class class-default
drop log
zone security Trusted
zone security Guest
zone security Internet
zone-pair security Trusted->Internet source Trusted destination Internet
service-policy type inspect Trusted_to_Internet
zone-pair security Guest->Internet source Guest destination Internet
service-policy type inspect Guest_to_Internet
zone-pair security Internet->Trusted source Internet destination Trusted
service-policy type inspect Internet_to_Trusted
zone-pair security Internet->Guest source Internet destination Guest
service-policy type inspect Internet_to_Guest
zone-pair security Self->Internet source self destination Internet
service-policy type inspect Self_to_Internet
zone-pair security Internet->Self source Internet destination self
service-policy type inspect Internet_to_Self
zone-pair security Self->Trusted source self destination Trusted
service-policy type inspect Self_to_Trusted
zone-pair security Trusted->Self source Trusted destination self
service-policy type inspect Trusted_to_Self
zone-pair security Self->Guest source self destination Guest
service-policy type inspect Self_to_Guest
zone-pair security Guest->Self source Guest destination self
service-policy type inspect Guest_to_Self
bridge irb
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
snmp trap link-status
interface Null0
no ip unreachables
interface FastEthernet0
description To switch
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode trunk
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
interface FastEthernet1
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode trunk
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet2
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet3
description Ooma Hub 192.168.16.5
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
shutdown
snmp trap link-status
spanning-tree portfast
ip igmp snooping tcn flood
interface FastEthernet4
description Cox Internet Connection
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
snmp trap link-status
no cdp enable
zone-member security Internet
interface Dot11Radio0
description Radio b/g
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
beacon period 100
beacon dtim-period 2
dot11 extension aironet
encryption vlan 1 mode ciphers aes-ccm tkip wep128
encryption vlan 2 mode ciphers aes-ccm tkip wep128
broadcast-key vlan 1 change 3600 membership-termination
broadcast-key vlan 2 change 3600 membership-termination
ssid guestonpg
ssid playground
countermeasure tkip hold-time 60
short-slot-time
speed ofdm join
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 64
preamble-short
channel least-congested
fragment-threshold 2346
station-role root
rts threshold 2312
rts retries 64
antenna receive diversity
antenna transmit diversity
payload-encapsulation rfc1042
snmp trap link-status
interface Dot11Radio0.1
description Home WLAN
encapsulation dot1Q 1 native
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description Guest WLAN
encapsulation dot1Q 2
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Vlan1
description Home LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
autostate
snmp trap link-status
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan2
description Guest LAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
autostate
snmp trap link-status
bridge-group 2
bridge-group 2 spanning-disabled
interface BVI1
description Home Bridge LAN to WLAN
ip address 192.168.16.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
snmp trap link-status
zone-member security Trusted
interface BVI2
description Guest Bridge LAN to WLAN
ip address 192.168.16.33 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip virtual-reassembly
snmp trap link-status
zone-member security Guest
ip classless
ip forward-protocol nd
no ip http server
ip http port 80
ip http authentication enable
no ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 5
ip http timeout-policy idle 180 life 180 requests 1
ip http active-session-modules all
ip http digest algorithm md5
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source static tcp 192.168.16.6 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.16.6 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.6 3074 interface FastEthernet4 3074
ip nat inside source static tcp 192.168.16.6 80 interface FastEthernet4 80
ip nat inside source static udp 192.168.16.6 88 interface FastEthernet4 88
ip nat inside source static udp 192.168.16.6 53 interface FastEthernet4 53
ip nat inside source list NAT interface FastEthernet4 overload
ip access-list extended NAT
deny ip 192.168.16.0 0.0.0.63 192.168.16.64 0.0.0.15
permit ip any any
ip access-list extended dhcp-allow
permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any any eq bootps
permit udp any eq bootpc any
ip access-list extended egress-filter
permit ip 0.0.0.2 any
remark ----- Junk Traffic -----
deny ip any host
deny ip any host
deny ip host any
deny ip host any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip any any
ip access-list extended ingress-filter
remark ----- Allow access from work
permit ip 0.0.0.127 any
permit ip 0.0.0.31 any
permit ip 0.0.0.255 any
permit esp any host
permit gre any host
permit udp any host eq isakmp
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc
deny icmp any any
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host
deny ip any host
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip 0.0.0.2 any
deny ip any any
no ip sla logging traps
ip sla 1
icmp-echo 8.8.4.4 source-interface FastEthernet4
frequency 120
history hours-of-statistics-kept 1
history filter failures
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-interface FastEthernet4
frequency 30
history hours-of-statistics-kept 1
history filter failures
ip sla reaction-configuration 1 react connectionLoss threshold-type consecutive 5 action-type trapAndTrigger
ip sla reaction-trigger 1 2
logging history size 1
logging history warnings
logging trap informational
logging delimiter tcp
logging facility local7
no logging source-interface
access-list 1 permit 192.168.16.0 0.0.0.63
access-list 20 permit 127.127.1.1
access-list 20 permit 192.43.244.18
access-list 20 permit 204.235.61.9
access-list 20 permit 173.201.38.85
access-list 20 permit 216.229.4.69
access-list 20 permit 152.2.21.1
access-list 20 permit 130.126.24.24
access-list 21 permit 192.168.16.0 0.0.0.63
access-list 22 permit 192.168.16.0 0.0.0.63
mac-address-table aging-time 300
cdp run
snmp-server engineID local
snmp-server view *ilmi system included
snmp-server view *ilmi atmForumUni included
snmp-server view v1default iso included
snmp-server view v1default internet.6.3.15 excluded
snmp-server view v1default internet.6.3.16 excluded
snmp-server view v1default internet.6.3.18 excluded
snmp-server view v1default ciscoMgmt.394 excluded
snmp-server view v1default ciscoMgmt.395 excluded
snmp-server view v1default ciscoMgmt.399 excluded
snmp-server view v1default ciscoMgmt.400 excluded
snmp-server view *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F ieee802dot11 included
snmp-server view *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F internet included
snmp-server community 1682CrewsSNMP v1default RW 22
snmp-server priority normal
no snmp-server trap link ietf
snmp-server trap authentication vrf
snmp-server trap authentication acl-failure
snmp-server trap authentication unknown-content
snmp-server packetsize 1500
snmp-server queue-limit notification-host 10
snmp-server chassis-id FHK111016LX
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps tty
snmp-server enable traps pw vc
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps adslline
snmp-server enable traps flash insertion removal
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ipsla
snmp-server host 192.168.16.10 traps version 1 udp-port 162
snmp-server inform retries 3 timeout 15 pending 25
snmp mib nhrp
snmp mib notification-log globalsize 500
snmp mib notification-log globalageout 15
snmp mib community-map ILMI engineid
snmp mib community-map engineid
radius-server local
no authentication mac
eapfast authority id
eapfast authority info
eapfast server-key primary 7
eapfast server-key secondary 7
nas key 7
group users
vlan 1
ssid playground
block count 5 time 60
reauthentication time 3600
group guest
vlan 2
ssid guestonpg
block count 3 time 60
reauthentication time 3600
user nthash 7 group users
user nthash 7 group guest
radius-server attribute 32 include-in-access-req format %h
radius-server host auth-port 1645 acct-port 1646 key 7
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
alias exec h help
alias exec lo logout
alias exec p ping
alias exec r resume
alias exec s show
alias exec u undebug
alias exec un undebug
alias exec w where
default-value exec-character-bits 7
default-value special-character-bits 7
default-value data-character-bits 8
line con 0
password 7
logging synchronous
no modem enable
transport output ssh
line aux 0
password 7
logging synchronous
transport output ssh
line vty 0 4
password 7
logging synchronous
transport preferred ssh
transport input all
transport output ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
process cpu threshold type total rising 80 interval 10 falling 40 interval 10
ntp authentication-key 1 md5 7
ntp authenticate
ntp trusted-key 1
ntp source FastEthernet4
ntp access-group peer 20
ntp access-group serve-only 21
ntp master 1
ntp server 152.2.21.1 maxpoll 4
ntp server 204.235.61.9 maxpoll 4
ntp server 130.126.24.24
ntp server 216.229.4.69 maxpoll 4
ntp server 173.201.38.85 maxpoll 4
cns id hostname
cns id hostname event
cns id hostname image
cns image retry 60
netconf max-sessions 4
netconf lock-time 10
netconf max-message 0
event manager scheduler script thread class default number 1
event manager scheduler applet thread class default number 32
event manager history size events 10
event manager history size traps 10
end -
DmVPN MM_NO_STATE ISSUE
dear all,
am trying to connect a dynamic vpn between hq with public static ip 82.114.179.120 and branch with dynamic ip 46.35.80.59.
state is varying between CONF_XAUTH and MM_NO_STATE.
please can you go through the debug files to help solving the issue. Tunnel interface is 10. show run is after the debug.
thanks for your support.
regards,Hi Mr. Freak again,
below is the latest config with MM_NO_STATE state.
HQ which is configured to accecpt remote vpn client using crypto map is configured for dynamic vpn with branch.
HQ static public ip is 82.114.179.120, tunnel 10 ip 172.16.10.1 and local lan is 192.168.1.0
Branch has dynamic public ip ,tunnel 10 ip 172.16.10.32 and local lan is 192.168.32.0. It is also configured using tunnel 0 with another Hq which works fine.
Branch Lan(192.168.32.0) is needed to access HQ lan(192.168.1.0)....
HQ:
aaa authentication login acs local
aaa authorization network acs local
aaa session-id common
ip cef
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
redundancy
controller VDSL 0/1/0
crypto keyring ccp-dmvpn-keyring
pre-shared-key address 0.0.0.0 0.0.0.0 key users@NAMA
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 3600 5
crypto isakmp nat keepalive 3600
crypto isakmp xauth timeout 60
crypto isakmp client configuration group NAMA
key namanama
pool mypool
acl 101
save-password
crypto isakmp profile ccp-dmvpn-isakmprofile
keyring ccp-dmvpn-keyring
match identity address 0.0.0.0
crypto ipsec transform-set test esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ESP-AES-MD5 esp-aes esp-md5-hmac comp-lzs
mode transport
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-AES-MD5
set isakmp-profile ccp-dmvpn-isakmprofile
crypto dynamic-map map 10
set transform-set test
reverse-route
crypto map i-map client authentication list acs
crypto map i-map isakmp authorization list acs
crypto map i-map client configuration address respond
crypto map i-map 10 ipsec-isakmp dynamic map
interface Tunnel10
bandwidth 1000
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip tcp adjust-mss 1360
delay 1000
shutdown
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile CiscoCP_Profile1
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface ATM0/1/0
description DSL Interface
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
interface Dialer0
no ip address
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname nama20004
ppp chap password 0 220004
ppp pap sent-username nama20004 password 0 220004
crypto map i-map
ip local pool mypool 192.168.30.1 192.168.30.100
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list 171 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.32.0 255.255.255.0 172.16.10.32
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.32.0 0.0.0.2
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.35.0 0.0.0.2
access-list 171 deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 171 deny ip 192.168.1.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 171 deny ip 192.168.1.0 0.0.0.255 192.168.35.0 0.0.0.2
access-list 171 deny ip 192.168.1.0 0.0.0.255 192.168.32.0 0.0.0.2
access-list 171 permit ip any any
dialer-list 2 protocol ip permit
HQ#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
82.114.179.120 78.137.84.92 CONF_XAUTH 1486 ACTIVE
82.114.179.120 78.137.84.92 MM_NO_STATE 1483 ACTIVE (deleted)
82.114.179.120 78.137.84.92 MM_NO_STATE 1482 ACTIVE (deleted)
Branch show run:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key users@NAMA address 82.114.179.105
crypto isakmp key users@NAMA address 82.114.179.120
crypto isakmp keepalive 10 periodic
crypto ipsec transform-set ESP-AES-MD5 esp-aes esp-md5-hmac comp-lzs
mode transport
crypto ipsec transform-set To-Taiz esp-aes esp-md5-hmac comp-lzs
mode transport
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-AES-MD5
crypto ipsec profile To-Taiz-Profile
set transform-set To-Taiz
interface Tunnel0
bandwidth 1000
ip address 172.16.0.32 255.255.255.0
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map 172.16.0.1 82.114.179.105
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp nhs 172.16.0.1
ip tcp adjust-mss 1360
delay 1000
tunnel source Dialer0
tunnel destination 82.114.179.105
tunnel key 100000
tunnel protection ipsec profile CiscoCP_Profile1
interface Tunnel10
bandwidth 1000
ip address 172.16.10.32 255.255.255.0
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map 172.16.10.1 82.114.179.120
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp nhs 172.16.10.1
ip tcp adjust-mss 1360
delay 1000
tunnel source Dialer0
tunnel destination 82.114.179.120
tunnel key 22334455
tunnel protection ipsec profile To-Taiz-Profile
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
description ## CONNECT TO LAN ##
no ip address
interface FastEthernet1
description ## CONNECT TO LAN ##
no ip address
interface FastEthernet2
description ## CONNECT TO LAN ##
no ip address
interface FastEthernet3
description ## CONNECT TO LAN ##
no ip address
interface Vlan1
description ## LAN INTERFACE ##
ip dhcp client hostname none
ip address 192.168.32.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname mohammadaa
ppp chap password 0 123456
ppp pap sent-username mohammadaa password 0 123456
ip forward-protocol nd
ip http server
ip http access-class 10
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 172.16.0.1
ip route 192.168.1.0 255.255.255.0 172.16.10.1
ip sla auto discovery
dialer-list 1 protocol ip permit
access-list 1 permit 192.168.32.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.0.0 0.0.0.255
Branch#sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
82.114.179.120 78.137.84.92 MM_NO_STATE 2061 ACTIVE (deleted)
82.114.179.120 78.137.84.92 MM_NO_STATE 2060 ACTIVE (deleted) -
Config:
Hub:
interface Virtual-Template1 type tunnel
description FlexVPN hub-to-spokes
ip unnumbered Loopback100
ip mtu 1400
ip nhrp network-id 1
ip nhrp redirect
ip tcp adjust-mss 1360
tunnel path-mtu-discovery
tunnel protection ipsec profile default
Spokes:
interface Tunnel0
description FlexVPN tunnel
ip address negotiated
ip mtu 1400
ip nhrp network-id 1
ip nhrp shortcut virtual-template 1
ip nhrp redirect
ip tcp adjust-mss 1360
delay 1000
tunnel source Vlan1
tunnel destination x.x.x.x
tunnel path-mtu-discovery
tunnel protection ipsec profile default
interface Virtual-Template1 type tunnel
description FlexVPN spoke-to-spoke
ip unnumbered Loopback101
ip nhrp network-id 1
ip nhrp shortcut virtual-template 1
ip nhrp redirect
tunnel protection ipsec profile default
Hub-Spoke works perfectly.
When pinging from a spoke to another spoke's LAN IP, the router misses one ping, returns 1 or two, then missing all other pings until the next reload (clear crypto session does not reset fully). The spoke used to ping will bring up a Virtual Access interface, and then immediately bing up a second Virtual Access interface, then show an invalid SPI is shown (authentication is identical).
Unfortunately, the issue is not always consistent. Sometimes, after a reload on all routers, one router will retain the ability to ping, other times no routers can ping. Here is an example:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.3.1, timeout is 2 seconds:
Dec 21 19:38:20.793: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=x.x.x.x,
prot=50, spi=0xE4981ED6(3835174614), srcaddr=x.x.x.x, input interface=Dialer0...
Success rate is 40 percent (2/5), round-trip min/avg/max = 96/100/104 ms
Thanks for any helpJohn,
The error means that no matching SPI was found for inbound encrypted traffic on that ingress interface.
Is that your interface towards ISP? If so and the SPI actually exists in your SADB but somehow is not associated properly.
When/if opening a case please attach:
- show crypto ipsec sa
- show crypto map
(taken ideally before and after trying to do spoke-to-spoke tunnel)
I found reference to a similar problem in our archive, but customer become unresponsive after a while and no resolution was provided.
One thing you CAN try is to go to 15.2.4M-latest. And see if the problem persists.
M. -
DMVPN phase 3 - scalability - nhrp generates high cpu load
Hey all.
Been running into a scalability issues with DMVPN. Mainly caused (as I see it) by NHRP.
Scenario:
IOS-SLB-based DMVPN solution in a dual-cloud setup. Practically it's 2 separate solutions with spokes having 2 tunnels (one in each cloud). See attachment sketch. We're running a phase 3 hierarchy design (trying at least)
Spoke routers:
- 2500 routers in a mixture of c871, c881, c2800, c2900. Need to scale to at least twice that.
- Spoke-to-spoke is heavily used
Farm routers:
- Cisco 7201 with VAM2+. Around 1 router per 350 spokes (+1 for secondary tunnel)
Superhub:
- ASR 1004 (one for primary and one for secondary dmvpn-cloud).
We're not running any IPSEC between the farms and the superhubs. Just regular unencrypted DMVPN (mGRE).
Problem:
- NHRP is causing high CPU load on the ASRs. With around 2000 spokes up and running on DMVPN the CPU is overloaded with NHRP traffic. We're talking like 60-70% load caused by the NHRP process alone!
We're using 'ip nhrp interest' on all the spokes - and farms. We're in need of the spoke-to-spoke functionality so we allowing LAN-segments of our customers but denying everything else.
Solutions?
1. Turning off all NHRP resolutions? Basically remove any directly spoke-spoke communications (denying everything on the interest list). We can't go there since a lot of our customers are in dire need for directly spoke-spoke connectivity (due to latency). Haven't tested that it will actually give the much needed scalable solution either (we're facing around 5000 spokes in the next 2-3 years).
2. Chopping the DMVPN solution up in lesser VPN-blocks. This will administratively be a nightmare.
3. ?
Will really appreciate if anyone have a input here. It's really hard finding anything about a LARGE scale phase3 design on the web. Everything I find seems to mix stuff from small-scale phase 2 and 3 - making it rather messy cooking reciept for a small breakfast while I need a 7 course perfect dinner
When will Cisco come with an updated design guide btw?
Thanks in advance!Thank you for your quick reply.
Our ASRs (rp1) are acting as BGP RR while the farm routers are setup as RR clients.
We haven't tried connecting spokes directly to the ASRs but we have seen the same symptoms on the 7613s (sup720) and the 7200-platform.
Earlier the 7600 had the same role the ASRs have today. We were expecting that the ASRs should be doing "a better job" in terms of CPU load but we were wrong (NHRP generated around 10% more cpu load on the ASRs in comparison).
We concluded that the ASRs have a less optimized OS (coding) being rather new and all. Further we're not all happy about the stability of the platform (clear ip nhrp or taking a shutdown on the tunnel in the current situation will crash the router. 15.1(2)S1 and 15.1(3)S0a adv ip services). Haven't made a TAC case of it yet but will (has to be a bug as I see it since the 7200/7600 is handling this just fine).
Due to what I mentioned above I don't dare to debug the problem in production time and have to wait until the next scheduled maintenance window for some decent debug output (24. Oct).
We've contacted Cisco AS for assistance since it's hard to find local consultants (Norway) with enough knowledge of such scenario.
I just hope it's a config-issue and not a design issue, but we're willing to to whatever for this to scale to the thousands. -
Cisco 880G+7 3G connection issue
Hi all ,
There is a problem with 3G all time on 880G router . It seem that i doing someting wrong or cisco modem is not working well
On few modems i cant get 3g data connection , and when that same SIM card i put in phone internet works , but on 880G router dont want.
How to get this to work stable ?
boot system flash flash:c880data-universalk9-mz.154-2.T1.bin
chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
interface Cellular0
description WAN towards MTS
ip address negotiated
ip mtu 1452
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer idle-timeout 2147483
dialer string hspa-R7
dialer-group 1
async mode interactive
dialer-list 1 protocol ip permit
line 3
exec-timeout 0 0
script dialer hspa-R7
login
modem InOut
no exec
transport input all
transport output all
cellular 0 gsm band wcdma-all-bands
cellular 0 gsm profile create 1 gprswap chap mts 064
cellular 0 gsm plmn select auto
#sh cellular 0 network
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = UMTS/WCDMA (Attached)
Packet Session Status = Inactive <-----
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = SRB, Network = MTS
Mobile Country Code (MCC) = 220
Mobile Network Code (MNC) = 3
Location Area Code (LAC) = 40203
Routing Area Code (RAC) = 1
Cell ID = 35420
Primary Scrambling Code = 236
PLMN Selection = Automatic
Registered PLMN = , Abbreviated =
Service Provider = mt:s
#sh cellular 0 connection
Data Transmitted = 0 bytes, Received = 0 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Service option not subscribed
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 6, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 7, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 8, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 9, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 10, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 11, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 12, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 13, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 14, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 15, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 16, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
#sh cellular 0 profile
Profile 1 = INACTIVE* **
PDP Type = IPv4
Access Point Name (APN) = gprswap
Authentication = CHAP
Username: mts
Password: 064
#sh cellular 0 hardware
Modem Firmware Version = T1_0_3_2AP R361 CNSZ
Modem Firmware built = 04/15/11
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) =
International Mobile Equipment Identity (IMEI) = 357115041460655
Integrated Circuit Card ID (ICCID) = 89381030000075802506
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) =
Factory Serial Number (FSN) = CC3022411121011
Modem Status = Online
Current Modem Temperature = 28 deg C, State = Normal
PRI SKU ID = 9900198, SKU Rev. = 1.2
#sh cellular 0 radio
Radio power mode = ON
Current Band = WCDMA 2100, Channel Number = 10663
Current RSSI(RSCP) = -91 dBm
Band Selected = WCDMA All(800/850/900/1900/IMT 2000)
Number of nearby cells = 1
Cell 1
Primary Scrambling Code = 0xEC
RSCP = -90 dBm, ECIO = -11 dBm
Other issue that i want ot check , after reload of router it seems like ip sla dont want to start
config is :
ip sla 1
icmp-echo 8.8.8.8
frequency 20
ip sla schedule 1 life forever start-time now
track 1 ip route 8.8.8.8 255.255.255.255 reachability
ip route 8.8.8.8 255.255.255.255 Cellular0
I need this because after router reload , i need some packets to get cellular int up and so on ...
Any idea?
Please i need urent help
KR
VZThx for document , i solved this .
Still i have another issue with dmvpm because nat over 3g .
9 212.200.65.244 172.29.3.1 UP 00:20:37 DN
0 UNKNOWN 172.29.3.5 NHRP never IX
0 UNKNOWN 172.29.3.8 NHRP never IX
0 UNKNOWN 172.29.3.9 NHRP never IX
0 212.200.65.244 172.29.3.13 UP 00:01:10 DN
172.29.3.21 UP 00:27:48 DN
0 UNKNOWN 172.29.3.25 NHRP never IX
0 UNKNOWN 172.29.3.30 NHRP never IX
0 212.200.65.244 172.29.3.34 UP 00:15:10 DN
1 212.200.65.243 172.29.3.26 UP 00:07:28 DN
As you can see few sites use same (nated ) public ip , so some dmvpn tunnels dont works.
Any solution for this ? -
Hi All,
I am currently trying to configure DMVPN for the first time. I have been following the cisco config guide and googling a few other bits however I seem to have hit a brick wall.
The setup is in a lab environment so i can post up as much info as required but here are the important bits:
I have 3 Cisco 2821 routers running IOS 12.4(15) with a Layer 3 switch in the middle connecting the "wan" ports together. the routing is working fine, I can ping each router from each other router.
A few snippets from the hub router config:
crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac!crypto ipsec profile DMVPN_PRJ set transform-set DMVPN_SET!interface Tunnel0 bandwidth 10000 ip address 172.17.100.1 255.255.255.0 no ip redirects ip mtu 1500 ip nhrp authentication secretid ip nhrp map multicast dynamic ip nhrp network-id 101 ip nhrp holdtime 450 ip tcp adjust-mss 1460 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 10101 tunnel protection ipsec profile DMVPN_PRJ!interface GigabitEthernet0/0 description HQ WAN ip address 1.1.1.1 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto!
and heres the config on the first spoke router:
crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac!crypto ipsec profile DMVPN_PRJ set transform-set DMVPN_SET!interface Tunnel0 bandwidth 3000 ip address 172.17.100.10 255.255.255.0 no ip redirects ip mtu 1500 ip nhrp authentication secretid ip nhrp map 172.17.100.1 1.1.1.1 ip nhrp map multicast 1.1.1.1 ip nhrp network-id 101 ip nhrp holdtime 450 ip nhrp nhs 172.17.100.1 ip tcp adjust-mss 1460 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 10101 tunnel protection ipsec profile DMVPN_PRJ!interface GigabitEthernet0/0 description Site 1 WAN ip address 11.11.11.1 255.255.255.248 ip nat outside ip virtual-reassembly duplex auto speed auto!
if I shut/no shut the tunnel0 interface on spoke 1, I get the following error on the hub router:
Mar 30 13:41:17.075: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /1.1.1.1, src_addr= 11.11.11.1, prot= 47
so I feel im missing some config on the spoke side to encrypt the traffic but im not sure what.
the following are outputs from the spoke router:
RTR_SITE1#sh dmvpn detailLegend: Attrb --> S - Static, D - Dynamic, I - Incompletea N - NATed, L - Local, X - No Socket # Ent --> Number of NHRP entries with same NBMA peer -------------- Interface Tunnel0 info: --------------Intf. is up, Line Protocol is up, Addr. is 172.17.100.10 Source addr: 11.11.11.1, Dest addr: MGRE Protocol/Transport: "multi-GRE/IP", Protect "DMVPN_PRJ",Tunnel VRF "", ip vrf forwarding ""NHRP Details: NHS: 172.17.100.1 EType:Spoke, NBMA Peers:1# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb Target Network----- --------------- --------------- ----- -------- ----- ----------------- 1 1.1.1.1 172.17.100.1 IKE never S 172.17.100.1/32 Interface: Tunnel0Session: [0x48E31B98] Crypto Session Status: DOWN fvrf: (none), IPSEC FLOW: permit 47 host 11.11.11.1 host 1.1.1.1 Active SAs: 0, origin: crypto map Outbound SPI : 0x 0, transform : Socket State: ClosedPending DMVPN Sessions:
RTR_SITE1#sh ip nhrp detail172.17.100.1/32 via 172.17.100.1, Tunnel0 created 00:33:44, never expire Type: static, Flags: used NBMA address: 1.1.1.1
RTR_SITE1#sh crypto ipsec sainterface: Tunnel0 Crypto map tag: Tunnel0-head-0, local addr 11.11.11.1 protected vrf: (none) local ident (addr/mask/prot/port): (11.11.11.1/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0) current_peer 1.1.1.1 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 46, #recv errors 0 local crypto endpt.: 11.11.11.1, remote crypto endpt.: 1.1.1.1 path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0 current outbound spi: 0x0(0) inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas:
All of these commands show up as blank when i run them on the hub router.
Any help appreciated.
ThanksThanks for the help
I was following this guide: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_DMVPN.html#wp1118625
I am using NAT, g0/1 on the routers in the LAN interface with a difference 10.x.x.x/24 on each router.
isakmp policy solved my issue, fixed the MTU as well.
What do i need to add to allow the 10.x.x.x networks to use the tunnels to communicate? I can now ping each end of the tunnel from both routers but not the LAN interfaces.
Thanks -
Hi!
I am in the process of building a template for DMVPN Spokes on the Cisco 828. During the initial phase, I noticed that 12.4(5c) in the k9osy6-mz suite lack support for NHRP.
After a few searches I came up with "http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/prod_release_note09186a00801c46b5.html", which doesn't specifically speak about this, but mentions the use of NHRP on this platform, and some issues with NHRP covered in "CSCin95836".
Was NHRP support removed in 12.4, or am I missing something? The router will not accept any "ip nhrp" command.
I've tried this on 12.3(9) and 12.4(5c).
Router(config)#int tunnel0
Router(config-if)#ip nhrp ?
% Unrecognized command
Any input is apreciated!
Best regards,
Tord Forland - NorwayUnfortunately I couldn't find any IOS for the Cisco 828 platform which supports the Next Hop Resolution Protocol (NHRP) feature.
You can check the the support of the NHRP feature with the Cisco Feature navigator:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp -
New DVR Issues (First Run, Channel Switching, etc.)
I've spent the last 30 minutes trying to find answers through the search with no luck, so sorry if I missed something.
I recently switched to FIOS from RCN cable in New York. I've gone through trying to setup my DVR and am running into issues and was hoping for some answers.
1. I setup two programs to record at 8PM, I was watching another channel at the time and only half paying attention. Around 8:02 I noticed a message had popped up asking if I would like to switch channels to start recording. I was expecting it to force it to switch like my old DVR, but in this case it didn't switch and I missed the first two minutes of one of the shows. I typically leave my DVR on all day and just turn off the TV, this dual show handling will cause issues with that if I forget to turn off the DVR. Is there a setting I can change that will force the DVR to choose one of the recording channels?
2. I setup all my recordings for "First Run" because I only want to see the new episodes. One show I setup was The Daily Show on comedy central, which is shown weeknights at 11pm and repeated 3-4 times throughout the day. My scheduled recordings is showing all these as planned recordings even though only the 11pm show is really "new". Most of the shows I've setup are once a week so they aren't a problem, but this seems like it will quickly fill my DVR. Any fixes?
Thanks for the help.
Solved!
Go to Solution.I came from RCN about a year ago. Fios is different in several ways, not all of them desirable. Here are several ways to get--and fix--unwanted recordings from a series recording setup.
Some general principles.
Saving changes. When you originally create a series with options, or if you go back to edit the options for an existing series, You MUST save the Series Options changes. Pretty much everywhere else in the user interface, when you change an option, the change takes effect immediately--but not in Series Options. Look at the Series Options window. Look at the far right side. There is a vertical "Save" bar, which you must navigate to and click OK on to actually save your changes. Exiting the Series Options window without having first saved your changes loses all your attempted changes--immediately.
Default Series Options. This is accessed from [Menu]--DVR--Settings--Default Series Options. This will bring up the series options that will automatically be applied to the creation of a NEW series. The options for every previously created series will not be affected by a subsequent modification of the Default Series Options. You should set these options to the way you would like them to be for the majority of series recordings that you are likely to create. Be sure to SAVE your changes. This is what you will get when you select "Create Series Recording" from the Guide. When creating a new series recording where you think that you may want options different from the default, select "Create Series with Options" instead. Series Options can always be changed for any individual series set up later--but not for all series at once.
Non-series recordings. With Fios you have no directly available options for these. With RCN and most other DVRs, you can change the start and end times for individual episodes, including individual episodes that are also in a series. With Fios, your workarounds are to create a series with options for a single program, then delete the series later; change the series options if the program is already in a series, then undo the changes you made to the series options later; or schedule recordings of the preceding and/or following shows as needed.
And now, to the unwanted repeats.
First, make sure your series options for the specific series in question--and not just the series default options--include "First Run Only". If not, fix that and SAVE. Then check you results by viewing the current options using the Series Manager app under the DVR menu.
Second, and most annoying, the Guide can have repeat programs on your channel tagged as "New". It happens. Set the series option "Air Time" to "Selected Time". To make this work correctly, you must have set up the original series recording after selecting the program in the Guide at the exact time of a first run showing (11pm, in your case), and not on a repeat entry in the Guide. Then, even it The Daily Show is tagged as New for repeat showings, these will be ignored.
Third, another channel may air reruns of the program in your series recording, and the first showing of a rerun episode on the other channel may be tagged as "New". These can be ignored in your series if you set the series option "Channel" to "Selected Channel". Related to this, if there is both an SD and HD channel broadcasting you series program, you will record them both if the series option "Duplicates" is set to "Yes". However, when the Channel option is set to "Selected Channel", the Duplicates Option is always effectively "No", regardless of what shows up on the options screen.
As for you missing two minutes, I have sereral instances in which two programs start recording at the same time. To the best of my recollection, whenever the warning message has appeared, ignoring it has not caused a loss of recording time. You might have an older software version. Newest is v.1.8. Look at Menu--Settings--System Info. Or, I might not have noticed the loss of minutes. I regularly see up to a minute of previous programming at the start of a recording, or a few missing seconds at the beginning or end of a recording. There are a lot of possibilities for that, but the DVR clock being incorrect is not one of them. With RCN, the DVR clocks occasionally drifted off by as much as a minute and a half. -
Pension issue Mid Month Leaving
Dear All,
As per rule sustem should deduct mid month joining/leaving/absences or transfer scenarios, the Pension/PF Basis will be correspondingly prorated. But our system is not doing this. In RT table i have found 3FC Pension Basis for Er c 01/2010 0.00 6,500.00.
Employee leaving date is 14.04.2010. system is picking pension amout as 541. Last year it was coming right.
Please suggest.
AshwaniDear Jayanti,
We required prorata basis pension in case of left employees and system is not doing this. This is the issue. As per our PF experts Pension amount should come on prorata basis for left employees in case they left mid of month.System is doing prorata basis last year but from this year it is deducting 541. I am giving two RT cases of different years.
RT table for year 2010. DOL 26.04.2010
/111 EPF Basis 01/2010 0.00 8,750.00
/139 VPF Basis 01/2010 0.00 8,750.00
/3F1 Ee PF contribution 01/2010 0.00 1,050.00
/3F3 Er PF contribution 01/2010 0.00 509.00
/3F5 Ee Mon PF contribution 01/2010 0.00 1,050.00
/3F6 Ee Ann PF contribution 01/2010 0.00 12,600.00
/3F9 PF adm chrgs * 1,00,00 01/2010 0.00 96.25
/3FA PF basis for Ee contri 01/2010 0.00 8,750.00
/3FB PF Basis for Er Contri 01/2010 0.00 8,750.00
/3FJ VPF basis for Ee contr 01/2010 0.00 8,750.00
/3FL PF Basis for Er Contri 01/2010 0.00 6,500.00
/3F4 Er Pension contributio 01/2010 0.00 541.00
/3FC Pension Basis for Er c 01/2010 0.00 6,500.00
/3FB PF Basis for Er Contri 01/2010 0.00 8,750.00
/3FC Pension Basis for Er c 01/2010 0.00 6,500.00
/3FJ VPF basis for Ee contr 01/2010 0.00 8,750.00
/3FL PF Basis for Er Contri 01/2010 0.00 6,500.00
/3R3 Metro HRA Basis Amount 01/2010 0.00 8,750.00
1BAS Basic Salary 01/2010 0.00 8,750.00
RT table for year 2009. DOL 27.10.2009
/111 EPF Basis 07/2009 0.00 9,016.13
/139 VPF Basis 07/2009 0.00 9,016.13
/3F1 Ee PF contribution 07/2009 0.00 1,082.00
/3F3 Er PF contribution 07/2009 0.00 628.00
/3F5 Ee Mon PF contribution 07/2009 0.00 1,082.00
/3F6 Ee Ann PF contribution 07/2009 0.00 8,822.00
/3F9 PF adm chrgs * 1,00,00 07/2009 0.00 99.18
/3FA PF basis for Ee contri 07/2009 0.00 9,016.00
/3FB PF Basis for Er Contri 07/2009 0.00 9,016.00
/3FJ VPF basis for Ee contr 07/2009 0.00 9,016.00
/3FL PF Basis for Er Contri 07/2009 0.00 5,452.00
/3FB PF Basis for Er Contri 07/2009 0.00 9,016.00
/3FC Pension Basis for Er c 07/2009 0.00 5,452.00
/3FJ VPF basis for Ee contr 07/2009 0.00 9,016.00
/3FL PF Basis for Er Contri 07/2009 0.00 5,452.00
/3R4 Non-metro HRA Basis Am 07/2009 0.00 9,016.13
1BAS Basic Salary 07/2009 0.00 9,016.13
Now please suggest what to do. where is the problem ? If have also checked EXIT_HINCALC0_002 but nothing written in it.
With Regards
Ashwani -
Open PO Analysis - BW report issue
Hello Friends
I constructed a query in BW in order to show Open Purchase Orders. We have custom DSO populated with standard
datasource 2lis_02_itm (Purcahse Order Item). In this DSO we mapped the field ELIKZ to the infoobject 0COMP_DEL
(Delivery completed).
We loaded the data from ECC system for all POs and found the following issue for Stock Transport Purchase orders (DocType = UB).
We have a PO with 4 line items. For line items 10 and 20, Goods issued, Goods received and both the flags "Delivery
complete" and "Final delivery" checked. For line items 30 and 40, only delivery indicator note is issued for zero
quantity and Delivery complete flag is checked (Final delivery flag is not checked) in ECC system. For this PO, the
delivery completion indicator is not properly updated in the DSO for line items 30 and 40. The data looks like the
following:
DOC_NUM DOC_ITEM DOCTYPE COMP_DEL
650000001 10 UB X
650000001 20 UB X
650000001 30 UB
650000001 40 UB
When we run the Open PO analysis report on BW side this PO is appearing in the report but the same is closed in ECC
system.
Any help is appreciated in this regard.
Thanks and Regards
sampathHi Priya and Reddy
Thanks for your response.
Yes the indicator is checked in EKPO table for items 30 and 40 and delta is running regularly for more than 1 year and no issues with other POs. This is happening only for few POs of type Stock Transport (UB).
I already checked the changes in ME23N and the Delivery completed indicator was changed and it reflected in EKPO table. Further, i checked the PSA records for this PO and i am getting the records with the Delivery completed flag but when i update from PSA to DSO the delivery completed indicator is not updating properly.
In PSA, for item 30 i have the following entries. Record number 42 is capturing the value X for ELIKZ but after that i am getting two more records 43 and 44 with process key 10 and without X for ELIKZ. I think this is causing the problem.
Record No. Doc.No. Item Processkey Rocancel Elikz
41 6500000001 30 11 X ---
42 6500000001 30 11 --- X
43 6500000001 30 10 X ---
44 6500000001 30 10 --- ---
(Here --- means blank)
Thanks and Regards
sampath -
HP LaserJet Enterprise 600 M602 driver issue
Hello,
I've got issue with 600-series printers. We use the latest UPD drivrer ver. 61.175.1.18849 and print from XenApp 6.5. The error occurs every time when users try to print jpg files from XenApp session. It only happens with 600 series printers and UPD.
Also I've tried to assign native 600-series driver ver. 6.3.9600.16384 and it works good. But with that driver system says that it's color printer and it brokes our printing reports. These reports are very important for us. So we can't use printer and that driver as well.
Printer installed on Windows Server 2012 R2. All clients are Windows 7 x64. XenApp Servers are Server 2008R2.
Is it possible to get fixed UPD driver or correct native driver for Server 2012 R2?
Regards,
AnatolyI am sorry, but to get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial printer. You can do this at Printers - LaserJet.
Click on New Post.
I hope this helps.
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
Gemini02
I work on behalf of HP -
Windows 7 displays error message when exiting +cursor issue
Two issues here. CS5 Phoshop on Wind 7 64 bit.
Physical processor count: 8
Processor speed: 3073 MHz
Built-in memory: 12279 MB
Free memory: 9577 MB
Memory available to Photoshop: 10934 MB
Memory used by Photoshop: 80 %
Image tile size: 128K
First issue is since the latest automatic Adobe update (why fix what isn't broken?) Every time I now exit Photoshop I get the message "Adobe QT Server has stoped working" and occasionally it happens when I exit bridge. Indesign is also behaving badly. I can no longer start a previous document from file manager without ID crashing out.
The other is the cursors in Clone and erase lose their edge (become invisable) for no reason - well not quite. Noise Ninja crashed Photoshop when I tried to use it. I reinstalled it and all is well. The cursor issue seems to be intermittant but came back (for no reason) after I reinstalled NN. I can't seem to change the cursor, no matter what I do. The problem is now seriously affecting how I work. Almost enough to go back to Win XP which ran CS5 Photoshop flawlessly.
Any help will be gratefully accepted.
Dougfunction(){return A.apply(null,[this].concat($A(arguments)))}
doug87510 wrote:
The recent problem is the entire outline of the cursor (including the crosshair in the middle) was missing at any size of cursor. All I had was exactly what I'd get if I used a real spraygun.
Well, that issue is simply a matter of hitting the Caps Lock key. When Caps Lock is on, you'll see the cursor outline, and when it is off you'll see a crosshair. That's a feature, not a bug.
Glad to hear the 11.1 drivers are out. I will download them and try them now myself.
Regarding "Adobe QT" crashing... QT brings to mind QuickTime, though that is Apple, not Adobe. Do you have Apple QuickTime installed?
Regarding memory usage, with 12 GB of installed RAM, you should be able to set Photoshop to use 90% or more in Edit - Preferences - Performance.
-Noel
Maybe you are looking for
-
Dear all, I installed IDES on ERP 2004 SR1 ECC 5.0 System. After starting central instance, Regularly (every 5 min.) I get an error described in System Log (transaction sm21): --- Details - Task: 25418 / Background Processor No. 04 User: DDIC Client
-
Need indefinite slide duration
Hi folks - I'm dreadfully new to Captivate and am having a problem. My slides are all currently set to automatically proceed to the next slide in sequence after 7 seconds. While I can change the duration of the slides, I can't figure out how to set t
-
Lenovo z570 and Fedora 15 - can not adjust brightness.
When I installed fedora 15 on lenovo ideapad z570 all goes ok. but I can not adjust screen brightness. I updated kernel twice upto 3.0.1 but still problem persists. Please give me a solution. CPKulkarni
-
HT201272 How can I transfer my audiobook to my newly purchased iPod nano?
I have purchased an audiobook thru my iPhone and I cannot transfer it to my iPod nano that I just purchased it because I cannot find imy audiobook on iTunes on my macbook pro. What should I do? It would disppointing if I purchase something and I cann
-
Can i use singleton for storing current login id
hello, can i use a singleton for storing login userid temporarilary for application lifetime. Is there any issue if more than 2 users login at the same time as the singleton object will be static ! ..