[SOLVED] Routing with OSPF

Similar Messages

• How to do destination NAT in a 2600 router with IOS 12.3?

  Hi All
  I have a 2600 router with two LAN interfaces which I am using for a PoC and has the following settings:
  FE 0/0 - 10.0.0.1/24 - client LAN - inside 
  FE 0/1 - 10.1.1.1/24 - server LAN - outside 
  The direction of the flows are from the clients to the servers. What I would like to achieve is when clients accessing the web server 10.1.1.10, this to be replaced by 10.1.1.100.
  I have tried the above a few times but doesn't work. Is the above possible? And If so please provide me with a sample config.
  Many Thanks
  [email protected]  

  Yes, you can do this.  You don't need destination NAT.  Source NAT translations work both ways.  This should work:
  ip nat inside source static tcp 10.1.1.100 80 10.1.1.10 80
  int fa 0/0
  ip nat inside
  int fa 0/1
  ip nat outside
  The bigger question is why you'd want to.  Just because you CAN do something doesn't mean you SHOULD.  Unless you have the 10.1.1.0 network subnetted or some sort of firewall/blocking in place, both IPs should be reachable by the hosts.  Why not just have them go directly to 10.1.1.100 instead of going to 10.1.1.10?  If there's a firewall or similar blocking 10.1.1.100, why not adjust your firewall settings instead?  You could have a valid reason for doing this but I can't think of very many scenarios off the top of my head where this would make sense.  If you can post more details on what you're trying to accomplish, you might get better advice on a better way to solve the problem.

• Load Balancing with OSPF and maximum-paths command

  Hello,
  Just a quick query really, we have a disribution layer 3 switch, in its routing table it has 3 default routes all with the same metric from the core router, this is because the core router is setup with the comamnd "default-information originate always metric 50" which obviously proagates the default route around the area and the metric never changes from 50.
  So i have a routing table that looks like this:
  O*E2 0.0.0.0/0 [110/50] via 77.95.176.9, 06:44:51, GigabitEthernet4/9
                 [110/50] via 77.95.176.17, 06:44:51, Vlan903
                 [110/50] via 91.203.72.5, 06:44:51, Vlan262
  Three default routes with the same metric, does this mean that the router IOS will load balance traffic over all three routes evenly?  I mean i have been reading up on it and appartemtly i dont have the command "maximum-paths 3" under my ospf process?
  I have been doing some traceroutes from this switch to the internet (various sites) and all the traffic seems to be going out over the first  route in the table that next hop is 77.95.176.9
  My question is how can i verify that load balancing is taking place, or if its not then i need to add this "maximum-paths 3" command to the ospf on the local switch?  I would say load balancing is not taking place but im sure i have seen traffic from one customer being routes over all 3 paths due to matching spikes on the SNMP sensors?
  Many Thanks.
  Matt

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Yes, your traffic should use all three paths, as Rick notes, OSPF, on Cisco, normally defaults to using up to 4 equal cost paths.
  As Rick also notes mentioning CEF, how actual traffic is forwarded across ECMP can vary.  Often, the device will keep all traffic for the same flow on the same egress port, and attributes selected for actual egress port selection might be deterministic.  I.e. it's possible same traffic flow will always be sent to the same egress port.  (This means even with ECMP, you may not see an equal load distribution.)

• Filtering External Type 1 routes between OSPF areas

  Hello. I have a situation where I have two different telco's providing Metro Ethernet services to my site. Both providers will be sending me routes as OSPF external type 1's. I want to prevent the ISP's routers from peering with one another. One way I was thinking of accomplishing this is by making the connection to ISP1 under OSPF area 1 and to ISP2 area 2.
  Is there a way I can filter the LSA's so no information is transferred between the two ISP routers in the two areas? Specifically, I don't want the type 5 LSA's generated by each ISP router to be sent to the other ISP router.
  Thanks

  Mike
  I do not think that configuring two areas will do what you need. But I think that you could achieve this by configuring separate OSPF processes. When you have separate processes they do not share information automatically. You must redistribute routes from one process to another and you can control what routes are redistributed.
  Finding the optimum solution would require more knowledge of your environment and your complete requirements than we have. But I syspect that something like this will work for you:
  configure ospf 1 and put the connection from ISP 1 into it. configure ospf 2 and put the connection from ISP 2 into it. configure ospf 99 (or whatever number you like) and put the connections from your network into that process. Then you can redistribute from 1 and 2 into 99 but not redistribute between 1 and 2. And if you need to advertise your routes to the ISPs then you probably need to redistribute from 99 into 1 and 2.
  HTH
  Rick

• If equal cost routes exist, OSPF uses CEF load balancing?

  Hi All,
  Can anyone explain about:
  . If equal cost routes exist, OSPF uses CEF load balancing?

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Rick is correct, but if his response, with mine, causes any confusion. . .
  To OP's original question:
  If equal cost routes exist, OSPF uses CEF load balancing?
  The answer is technically no, for the reason Rick describes.
  But if we rephrase, such as:
  Does CEF load balance across multiple equal cost routes generated by OSPF?
  The answer would be yes.
  I suspect the latter question is what the OP really had in mind, but again, Rick is correct to distinguish that OSPF doesn't use CEF.

• Routed access OSPF design

  Hi All,
  I need some advise on the following design.
  I am designing a campus network using routed access with OSPF. I will have 3 tiers - core, distribution and access. I am looking to configure the core/distribution links in OSPF area 0 and then the distribution/access links in a non-backbone area such as 1. I will then be able to filter/summarize etc as the ABR boundary.
  I only have 2 links from my core to distribution layer and I'm planning to terminate them on separate distribution switches (dist1 and dist2), see attached diagram.
  The links facing the DC will be in area0 and the links facing the access will be area1 but what area should the distribution to distribution link be in? I understand that if it is in the non-backbone area1 then I will loose the ability to use the link to the second core as intra area routes will be preferred by dist1. Are there any other considerations here? Should I connect two links between the the 4500s and configure 1 link in area 0 and 1 link in area1?
  Thanks,

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  About how many L3 routing devices, and how many subnets, do you anticipate?  Depending on that, you might one to consider a single area design.

• WRTP54G (wireless router with phone hookup) with Panasonic network camera BL-C30A (WEP only)

  hi
  I would like to use this wireless router with WEP so I can access the camera wirelessly (camera only does WEP encryption).
  The camera should be the only device allowed to connect to this router wirelessly.
  I can dedicate channel 11 so only this wireless router uses it
  I know WEP can be cracked but I'm thinking maybe I can setup the router so it doesn't matter, i.e.,
  so only the camera can be accessed through this particular router
  so my questions are:
  1. can I setup the router so only outgoing local LAN http requests are allowed?
  2. any other suggestions on router setup that will prevent access to my network?
  (using MAC address filtering (for camera mac address only) is worth doing but I guess MAC address can be spoofed so not a complete solution)
  thanks,
  Tom
  Solved!
  Go to Solution.

  I think "toomanydonuts" has provided my solution in this thread:
  solution thread
  thanks,
  Tom
  Message Edited by coffee_addict on 01-03-2010 02:27 PM

• Routing with vipa - urgent

  We are trying to run rip with the mainframe and configure vipa omproute. the mainframe is getting rip routes from the router. however, the router does not see the vipa address in it's routing table. according to ibm "routing with vipa" manual, when configured omproute the vipa interface needs to conifgure as
  Interface IP_Address=9.63.3.18
  Name=VIPA
  Subnet_Mask=255.255.255.0
  MTU=1500
  This however does not seem to advertise the vipa address in rip.
  The following cisco white paper shows the key word "RIP" preceding the interface. Which i believed how it advertise this interface in rip.
  RIP_Interface IP_Address=10.64.3.17
  Name=VIPALINK
  Subnet_Mask=255.255.255.240
  MTU=1470
  http://www.cisco.com/en/US/products/hw/modules/ps2643/products_tech_note09186a00800b4525.shtml
  Can someone please clarify the correct configuration how i would advertise the vipa address in rip? or do i need to advertise it at all? thanks.

  Hi Wayne,
  I am not quite clear from your note whether you are running RIP on the Host and is trying to run OSPF as well. I guess you are trying to say that you are running RIP outside of the host and setup OSPF(OMPROUTE) on the Host. You will have to configure the VIPA in the OSPF configuration file and below is an example of how I have done this for quite a few customers.
  OSPF_INTERFACE
  IP_address=XX.XX.XX.141
  Subnet_mask=255.255.255.252
  Name=VLINK1
  Demand_Circuit=no
  Attaches_To_Area=1.2.0.1
  MTU=1500
  Retransmission_Interval=5
  Router_Priority=0
  Hello_Interval=3
  Dead_Router_Interval=12
  Cost0=3
  I take it that you are redistrubuting the OSPF into the RIP and visa versa. It's also advisable to configure the Host OSPF area as a Total Stubby Area if possible but that will require some additional configuration changes on the router.
  Hope this helps.
  Regards
  Rudi

• External route with Down Bit set by CE router

  I have a question regarding the Down Bit. All the documentation I see concentrates on the redistribution of the MP-BGP into OSPF but I want to know more about the OSPF redistribution into MP-BGP. I think the rule is different for Type3 and Type5 LSAs.
  Lets say the CE redistributes a RIP route into OSPF, creating an LSA Type 5 route sent to the PE router - with the Down Bit set.
  Will this PE router redistribute this route into MP-BGP?
  I know that LSA Type 3 summary routes will not be redistributed into MP-BGP if the Down Bit is set but I am wondering about external OSPF routes with the Down Bit set????
  I am assuming that redistribution of RIP into OSPF at the CE does infact set this Down Bit before passing on to the PE router?

  How can step 2 in the sequence description say that PE2-AS1 receives an OSPF route with the Down Bit already set? This comes from the CE.
  I find this all very confusing when I check out these sequences - I thought only the PE router assigns Down Bit to LSA Type 3 routes?
  All the other references I see show how PE1-AS1 would normally set the Down Bit as it is redistributed back into OSPF?
  Thanks for your help - I feel I am getting closer. It is just this second step that is throwing me!
  Cheers
  Walter

• Using Westell 7500 DSL Modem as Secondary Router with Actiontec Router?

  Hi, I had just recently switched to Verizon FiOS internet from Verizon DSL service, and I'm happy with the service so far. But I have found the range of the Actiontec router to fall short of what I need it to be. I was wondering whether anyone here has tried repurposing the Westell 7500 modem as a secondary router? 
  I spent the better part of two days looking up ways to do this and couldn't find anything regarding my specific situation. I know one can repurpose a DSL modem as a router to be used with a cable internet modem (have not done this myself), and I also stumbled upon this FAQ (http://www.dslreports.com/faq/12506) on how to connect a secondary router to the Actiontec router. However I couldn't find anything specifically regarding the Westell modem. I've tweaked many settings in the modem without success. 
  Is this even possible? 
  Thank you.
  Solved!
  Go to Solution.

  #1 You logged into your primary router, found the DHCP range, and re-adjusted it as need be (From step 1 to step 5) of http://www.dslreports.com/faq/12506 ?
  #2 If not, do that first.
  #3 If so, great.
  If the Westell is using the Red and Black Firmware - In the Westell..
  a) Select the My Network icon, then select Network Connections from the left menu.
  b) On the Broadband Connection screen, click the word LAN
  c) On the next screen remove the checkmark from Private LAN DHCP Server enable.
  d) Where it says Modem IP Address, make that IP Address outside of the primary router's DHCP Server Range.
  For exampe if the Primary router's IP Address is 192.168.1.1, the Starting IP Address is 192.168.1.11, the Ending IP Address is 192.168.1.254 - then you could make the secondary router's LAN IP 192.168.1.2
  e) Click Apply or Save Settings.
  As addressed on http://www.dslreports.com/faq/13600
  there is also the White and Blue firmware.
  If your Westell looks more like the sample screens that you see at
  http://myplace.frontier.com/~paradise.cowgirl/6100​.htm
  Then
  a) In the Westell select Configuration and select Private LAN Connection.
  b) Uncheck Private LAN DHCP Server Enable
  c) Where it says Modem IP Address, make that IP Address outside of the primary router's DHCP Server Range.
  For exampe if the Primary router's IP Address is 192.168.1.1, the Starting IP Address is 192.168.1.11, the Ending IP Address is 192.168.1.254 - then you could make the secondary router's LAN IP 192.168.1.2
  d) Click Apply or Save Settings.
  Please note this only how to convert a router (including a DSL modem) into acting as a Hub/Switch/Wap.
  This is not how to use this device as your primary router with any broadband type of device that is not (or can not be) configured to handle the public IP.
  For example, not how to have a Westell 6100 be in bridge mode (bridge-bridge, not bridge-routed bridge or not PPPoE) and have your Westell 7500 handle the public IP (bridge-routed bridge or PPPoE).
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Help with OSPF RA VPN

  Hello everyone!
  I'm trying to use Cisco ASA 5510 with IOS 9.1(2) and I faced with one big problem: when any client connect to Remote Access VPN and receive IP address my ASA thinks that IP packets from this client should go via it's default gateway, For example, if OSPF neighbour and default gateway is 10.1.2.2/30 and IP of my cisco is 10.1.2.1/30 and client's IP is 172.16.15.223 I see this route in my routing table:
  S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.2
  I switched on reverse route injection, I include VPN network to OSPF advirtismets. But when I set up route summarization - I get route:
  O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X
  on my router, but ASA made the same route as I wrote above.
  Does anybody can Help what the problem is?
  My configuration is:
  access-list redistribute standard permit 172.16.15.0 255.255.255.0
  access-list filter-default-static-route remark filter static default route from OSPF Redistribution
  access-list filter-default-static-route standard deny host 0.0.0.0
  access-list filter-default-static-route standard permit 172.16.15.0 255.255.255.0
  route-map vpn-routes permit 10
  match ip address filter-default-static-route
  route-map vpn-routes permit 20
  match interface outside
  set metric-type type-2
  route-map redistribute-map permit 1
  match ip address redistribute
  router ospf 1
  network 172.16.15.0 255.255.255.0 area 5
  network 82.179.131.116 255.255.255.252 area 5
  area 5 range 172.16.15.0 255.255.255.0
  log-adj-changes
  redistribute connected
  redistribute static subnets route-map vpn-routes
  summary-address172.16.15.0 255.255.255.0
  crypto dynamic-map TEST_DYN_MAP 7 set ikev1 transform-set ESP-3DES-SHA
  crypto dynamic-map TEST_DYN_MAP 7 set ikev2 ipsec-proposal 3DES
  crypto dynamic-map TEST_DYN_MAP 7 set nat-t-disable
  crypto dynamic-map TEST_DYN_MAP 7 set reverse-route
  crypto map outside_map 65535 ipsec-isakmp dynamic TEST_DYN_MAP
  crypto map outside_map interface outside

  hello,
  I expect to see THIS on my router:
       O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X
  or something like this, and THIS on my ASA:
       S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.1
  I just realised that I wrote wrong config in ospf configuration. it should be like
      router ospf 1
       network 172.16.15.0 255.255.255.0 area 5
       network 10.1.2.0 255.255.255.252 area 5
       area 5 range 172.16.15.0 255.255.255.0
       log-adj-changes
       redistribute connected
       redistribute static subnets route-map vpn-routes
       summary-address172.16.15.0 255.255.255.0
  and 10.1.2.1/30 - my cisco ASA, 10.1.2.2/30 - my cisco router
  172.16.15.0/24 - network to assign addresses to users.
  I don't understand why ASA tries to forward packets from/to connected clients via its default gateway but not via itself.

• Setup 1941 router with cable modem and 2 vlan?

  hello everyone,
  i need a little help setting up my new 1941 router with cable modem using 2 vlns.
  this is what i have:
  1- 1941 router configured as g0/0 wan port facing isp configured as (dhcp). g0/1 is lan facing the switch (192.168.1.1)
  dhcp pool (192.168.1.x)
  2- sg300-28pp switch.
  3- wap371 AP/ 11pcs..
  now everything is working perfect except sometimes we have more than 250 to 300 people trying to connect to the wifi, the router will have no enough ip addresses.
  i heard that i can setup 2 vlans to solve this problem? and is there any setup that i have to do on switch and Access points? 
  please i will appreciate any little help 
  Regards 

  hello Andre Neethling  i added network 192.168.0.0 255.255.254.0 to dhcp pool config and it seems that it is working but i am concern that i am going to have problem in the future so please take a look at the running config and let me know if i have everything done right. also we want to order static ip address from the provider for our security camera system and we will not longer receive dhcp ip from them and my router setup is to receive it as dhcp on g0/0 so what i should do about changing the settings on g0/0?
  i appreciate your help
  Building configuration...
  Current configuration : 1163 bytes
  ! Last configuration change at 00:46:35 UTC Wed Apr 15 2015
  version 15.0
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Abdullah
  boot-start-marker
  boot-end-marker
  no aaa new-model
  no ipv6 cef
  ip source-route
  ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.50
  ip dhcp pool Local
     import all
     network 192.168.0.0 255.255.254.0
     default-router 192.168.1.1
  multilink bundle-name authenticated
  license udi pid CISCO1941/K9 sn FTX1523022E
  redundancy
  interface GigabitEthernet0/0
   ip address dhcp
   ip nat outside
   ip virtual-reassembly
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   ip address 192.168.1.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   duplex auto
   speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list 101 interface GigabitEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
  access-list 101 permit ip 192.168.1.0 0.0.0.255 any
  control-plane
  line con 0
  line aux 0
  line vty 0 4
   login
  scheduler allocate 20000 1000
  end

• High CPU Utilization in 7603 router with RSP720-10GE

  Hi everyone
  We have a 7603 router with "RSP720-10GE" and we have high cpu utilization due to high amount of interrupts.
  The output of “show cef drop” and “show ip cef switching statistics” commands show lots of packets that have been dropped by CEF.
  But CEF is enabled on every physical interfaces and on every GRE tunnel that we have on this router.
  As I understand the output of “show ip cef switching statistics” command shows some of the reasons for CEF dropping packets like “Routed to Null0” but I don’t know how to solve them. For example I can’t delete routes to Null0 because it’s going to cause routing loops in our network. Could you please help me

  Hey,
  The output shows high interrupt to CPU, So collect the last output multiple times to see if the DROP values are incrementing. Also configure NetDr captures to see what packets are punted to CPU. I am adding a link for same:
  http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/116475-technote-product-00.html
  HTH.
  Regards,
  RS

• Specific routing in ospf

  Hi
  I have two mpls links on single router configured in ospf. One is for data traffic and other one I want to use only for Videoconferencing with my other office'ss VC devices. There are obvious Static IPs for VC devices in all remote locations.
  At one location IP series is we can assume as 10.64.241.0/24 and VC device IPs are 10.64.241.19 & 10.64.241.20
  At other location IP series is we can assume as 10.64.31.0/24 and VC device IPs are 10.64.31.19 , 10.64.31.20 and 10.64.31.21
  Data Link Wan IP 192.168.35.42/30
  VC Link Wan IP 192.168.235.102/30
  Area 0  configured for both the links.
  Can I do it with route map using set ip next hop command. I want to use VC traffic to travel through VC link only and not via data link.
  If VC link will get down then VC traffic should be dropped so that data traffic should not get affected.
  R's
  Manjeet

  since you don't have a VC network IP address (is just "human" readable, but for the routers the VC device is part of the /24 network) you may need to generate the /32 prefix (maybe a static to LAN interface), and then you can redistribute that route on OSPF process, BUT, you're running same process on both WAN interface, SO the remotes are going to see the /32 via both links.
  Options: 
  * Distribute lists
  * split the OSPF process (data + voice)
  neither of the options are scalable.... but it can apply if you don't have a lot of networks
  We can try to think something better
  regards!
  Pablo

• [SOLVED] Problem with "su" and "login".

  Hi, I reinstalled Arch Linux today when I updated "filesystem" and reboot appeared an error with root device, but I solved with installation CD.
  I restarted laptop after solving error with root device when I went to XFCE4 and open a terminal I tried to login as root with "su" and "su -" but showed this error:
  bash: su: command not found
  So I rebooted to start in text mode.
  When loaded SLIM I press ctrl+alt+F1 to enter text mode.
  I type root to login but did'nt appear to enter the pass, appeared again to enter login. I tried type my user but did the same.
  Someone can help me?
  Thanks!
  Last edited by surrealistic (2012-10-12 08:54:58)

  Thank you falconindy. I upgrade with --force because I search in Google the problem show "filesystem" when I tried install and I read that solution is upgrade "filesystem" with --foce.
  I tried to reinstall util-linux and now works. Thank you!