Traceroute issue- MPLS VPN on directly connected interfaces
I have 2 Catalyst 6509 Switches that Im trying to bring up and MPLS VPN connection between. The loopbacks can ping each other, as well as the directly connected interfaces (the interfaces travel through 2 switches, but no routing etc in between). An OSPF neighbor relationship DOES come up, and the routing tables appear normal. However, the MPLS VPN does NOT come up.
After further review, I found that the routing tables are correct on either side for the loopbacks (public addresses X’d out on first 3 octets):
SWITCH A:
Bryan-26th-CAT-2#sh ip route 10.255.2.2
Routing entry for 10.255.2.2/32
Known via "ospf 23532", distance 110, metric 2, type intra area
Last update from X.X.X.70 on Vlan65, 00:10:25 ago
Routing Descriptor Blocks:
* X.X.X.70, from 10.255.2.2, 00:10:25 ago, via Vlan65
Route metric is 2, traffic share count is 1
SWITCH B:
DAL-COLO-6509-1#sh ip route 10.255.2.3
Routing entry for 10.255.2.3/32
Known via "ospf 23532", distance 110, metric 2, type intra area
Last update from X.X.X.69 on Vlan65, 02:26:50 ago
Routing Descriptor Blocks:
* X.X.X.69, from 10.255.2.3, 02:26:50 ago, via Vlan65
Route metric is 2, traffic share count is 1
This is exactly the same for the directly connected interfaces on VLAN65. (X.X.X.69 and X.X.X.70). The ARP cache also shows to be correct:
SWITCH A:
Bryan-26th-CAT-2#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet X.X.X.70 147 0009.b6a4.b800 ARPA Vlan65
Internet X.X.X.69 - 001c.b144.5800 ARPA Vlan65
SWITCH B:
DAL-COLO-6509-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet X.X.X.70 - 0009.b6a4.b800 ARPA Vlan65
Internet X.X.X.69 141 001c.b144.5800 ARPA Vlan65
And once again, the OSPF Neighbor relationship does come up:
SWITCH A:
Bryan-26th-CAT-2# sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
10.255.2.2 1 FULL/BDR 00:00:30 X.X.X.70 Vlan65
SWITCH B:
DAL-COLO-6509-1#sh ip ospf neig
Neighbor ID Pri State Dead Time Address Interface
10.255.2.3 1 FULL/DR 00:00:33 X.X.X.69 Vlan65
In the Troubleshooting MPLS VPN manuals- it shows to test trace routes. All of our other connections like this the trace routes work fine. In this case though, I cannot trace route not only between the loopback interfaces, but between the DIRECTLY CONNECTED interfaces. I don’t know what this is. It should simply be a one hop trace route. I believe this is what is keeping the MPLS VPN from coming up. Any ideas? Here are the relevant OSPF configs and interface configs as well:
SWITCH A:
interface Vlan65
description Connection to DAL-COLO-6509-2
mtu 1580
ip address X.X.X.69 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-dense-mode
ip ospf mtu-ignore
mpls label protocol ldp
mpls ip
router ospf 23532
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan65
network 10.255.2.3 0.0.0.0 area 0
network X.X.X.69 0.0.0.0 area 0
SWITCH B:
interface Vlan65
description Connection to Bryan-26th-CAT-2
mtu 1580
ip address X.X.X.70 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-dense-mode
ip ospf mtu-ignore
mpls label protocol ldp
mpls ip
router ospf 23532
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan65
network 10.255.2.2 0.0.0.0 area 0
network X.X.X.70 0.0.0.0 area 0
Any ideas would be appreciated.
Thanks
Greg
Greg,
Can you explain more about your issue?. When you say MPLS VPN is not coming up, do you mean the ping (or traffic) from CE connected to one 6509 is not traversing the MPLS cloud to otehr CE connected to remote 6509?.
Do you have VRF enabled with respective RT import/export?. Do you have MP-BGP with VPNv4 AF enabled?.
To confirm if basic MPLS is working fine, Can you check if you have LDP neighborship up and running?. Use "show mpls ldp neighbor" to see the session.
Also do a "ping mpls ipv4 <remote-loopback> <mask>" and see if it works?.
-Nagendra
Similar Messages
-
Time Capsule connection issues - only VPN use will connect
After hours of troubleshooting with Comcast and Apple trying to establish internet connection, I accidentally discovered that I could get on when connected to company's VPN. Why would this happen? I don't have VPN on my Mac and don't want to set it up on my iPhone. I need to get on the internet without it. Apple has been helpful on the phone, but they are just as stumped as I am -- we've tried everything! Help!
I'm running 10.5.2 on Mac, and use XP on my PC's. The cable modem is an Arris through Comcast. I never had problems with my old wireless router (Netgear).Wired or wireless didn't matter, it was baffling.
I did get it resolved, however. Evidently Comcast's DNS address wasn't working properly. The Apple rep was able to provide a public DNS address (not affiliated with Comcast) that did the trick. The VPN thing was what tipped him off.
Works fine from the Mac, but my PC's give me constant warnings since they are set up with all of my company's security settings. I can live with it though! Just happy to finally get some work done! -
Interprovider MPLS VPN - "drop -- rewrite null"
Hi,
i have an interprovider VPN where a remote route is received on ASBR and forwarded to my AS PE but traffic coing from my PE is dropped because label forwarding is not installed:
c2851-ASBR#sh ip bgp vpnv4 all la
Network Next Hop In label/Out label
Route Distinguisher: 3302:141141
10.0.0.0/24 172.26.107.94 20/100192
81.114.246.16/29 172.16.0.4 22/18
192.168.0.0 172.16.0.4 21/16
c2851-ASBR#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 172.16.0.4/32 0 Gi0/1 172.26.0.2
21 16 3302:141141:192.168.0.0/24 \
0 Gi0/1 172.26.0.2
22 18 3302:141141:81.114.246.16/29 \
0 Gi0/1 172.26.0.2
As you can see the label 100192 is not present in the mpls forwarding.
If i create the vrf on the ASBR everithing works correctly:
c2851-ASBR#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 172.16.0.4/32 0 Gi0/1 172.26.0.2
20 100192 10.0.0.0/24[V] 488 Gi0/0.124 172.26.107.94
21 16 192.168.0.0/24[V] 472 Gi0/1 172.26.0.2
22 18 81.114.246.16/29[V] \
0 Gi0/1 172.26.0.2
Thanks
S.the lab setup is quite simple:
AS1 PE --ibgp-- AS1 ASBR (172.26.107.94) ----ebgp---- AS2 ASBR (172.26.107.93) --ibgp-- AS2 PE (lo0 172.16.0.4)
From the AS2 ASBR the next hop for the internal route is the lo0 of the AS2 PE and the next hop for the AS1 route is the ip address of the btb interface (the ebgp peer is built on the directed connected interface). So no problem on the ebgp next hop.
The label swap from 22 to 18 is unidirectional and is used for the traffic coming from AS1 PE directed to the AS2 PE for destination network annouced by AS2PE.
From the AS2PE point of view there is no problem on the traffic forwarding (label 20 is imposed to the packet and this is the right behaviour) but AS2ASBR doesn't swap it with label 100192 because it is not in the mpls forwarding table. so i think that the problem is not on the PE but in the behaviour of the ASBR.
s. -
Please Help!! - Ping to and from MPLS/VPN
I am having strange ping results and cannot understand why. My gut feeling is that this stems from a lack of understanding of the technology.
First, I have leaked a Vrf subnet into the global vrf so that I can have reachability to some devices in the vrf and the devices themselves can have reachability to services outside of the cloud.
I know this design is going to seem a little convoluted so bear with me. I have built a model of my providers network whereby the connected routes between the CE and PE are public addresses, the internal routes are private addresses in the 10.0.0.0/8 network. I am running BGP between the PE and CE, and then redistributing static routesinto OSPF for the actual MPLS network routing.
Then of the backbone (Area 0) of the OSPF network, I have a connection to what I will call my Services network where resources such as DNS/DHCP, Internet, and Call Manager reside.(See diagram).
What happens is that on the PE that is directly connected to the CE, I cannot ping the network contained in the CE unless I actually specify an interface other than the address of the directly connected interface.
If I go to the P router I can ping just fine. Even if I go to the Services network I am successful so I know that I have been somewhat successful in leaking the subnet located in the VPN vrf.
On the flip side, When I am in the CE, I cannot ping to the Services network, or any network that is in the 10.0.0.0/8 space, so I am almost certain there is a routing principle that I am missing here.
Sorry for the long post, but I am trying to include the pertinent information that I hope will lead to some assistance.Lejoe,
You were correct in discovering that the route was missing from the 3750 metro point back to the connected route between the PE and CE. I added this and I am not able to ping the services network from the CE router. Thanks very much for this. I am glad it was a simple resolution.
As far as the duplicate address on the 3750 Metro and the PE, the interface on the 3750 was left over from a previous design and is inactive. Thanks for catching as I would need to clean it up regardless.
You were also correct in saying that if I source the ping from within the vrf, then I am able to ping. However, I thought that I took care of this by leaking the route to the global config. Here is the global ruoting table on the PE router.
S 68.139.201.28/30 is directly connected, FastEthernet1/0
C 68.1.1.4/30 is directly connected, FastEthernet0/0
O IA 68.2.1.4/30 [110/12] via 68.1.1.5, 23:30:42, FastEthernet0/0
O IA 68.1.2.4/30 [110/2] via 68.1.1.5, 23:30:42, FastEthernet0/0
O IA 68.1.0.1/32 [110/2] via 68.1.1.5, 23:30:42, FastEthernet0/0
C 68.1.1.1/32 is directly connected, Loopback0
O IA 68.0.1.0/30 [110/2] via 68.1.1.5, 23:30:42, FastEthernet0/0
O IA 68.2.1.1/32 [110/13] via 68.1.1.5, 23:30:42, FastEthernet0/0
O IA 68.0.2.0/30 [110/3] via 68.1.1.5, 23:30:42, FastEthernet0/0
O IA 68.2.0.1/32 [110/3] via 68.1.1.5, 23:30:42, FastEthernet0/0
O IA 68.255.1.0/30 [110/2] via 68.1.1.5, 23:30:42, FastEthernet0/0
10.0.0.0/16 is subnetted, 1 subnets
S 10.152.0.0 [1/0] via 68.139.201.30, FastEthernet1/0
O*E2 0.0.0.0/0 [110/1] via 68.1.1.5, 23:30:42, FastEthernet0/0
If you take a look at the configs, I have placed the directly connected route into the global table by using a static route on the PE router:
ip route 68.139.201.28 255.255.255.252 FastEthernet1/0
I would like to understand why I cannot ping the directly connected route from the PE, especially when it is in the routing table. Would you know why this is? -
Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1 172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 117.239.xx.xx
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.2/32 is directly connected, Loopback0
C 10.10.7.0/24 is directly connected, FastEthernet0/1
L 10.10.7.1/32 is directly connected, FastEthernet0/1
C 10.10.8.0/22 is directly connected, FastEthernet0/1
L 10.10.10.1/32 is directly connected, FastEthernet0/1
117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 117.239.xx.xx/28 is directly connected, FastEthernet0/0
L 117.239.xx.xx/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/22 is directly connected, FastEthernet0/1
L 172.16.0.1/32 is directly connected, FastEthernet0/1
172.18.0.0/32 is subnetted, 1 subnets
S 172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
117.239.xx.xx 49.206.59.86 QM_IDLE 1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: giet-vpn, local addr 117.239.xx.xx
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
current_peer 49.206.59.86 port 50083
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x550E70F9(1427009785)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5668C75(90606709)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550169/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550E70F9(1427009785)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550170/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance.... -
Traceroute issue - CE router replys 2 hops on ingress & egress interfaces
Hi Guys,
Please help to explain the following traceroute issue :
I have 2 Cisco Routers R1 & R2 on two sites, both of them are connecting to Telco MPLS/VPN cloud. When I do traceroute from R1 to R2, I found the first 2 hops reflect the ingress and egress interfaces on the same CE router, which is connecting to R1. Please see following details:
Traceroute path (on R1, do traceroute R2's loopback address):
R1 -- CE1 -- PE1 -- PE2 -- CE2 -- R2
Tracing output:
1. CE1_ingress_int
2. CE1_egress_int
3. CE2_ingress_int
4. R2_ingress_int
FYI: the /30 link route between CE1 & PE1 is not advertised to R1. not sure if this affects or not.
I have no access to to the Telco CEs & PEs , I assume it might be related to CE1's MPLS traceroute configuration. Or it might be related to the ttl propagation between the IP & MPLS domain?
Your help is highly appreciated!
Thanks and best regards
JerryIt is hard to figure out what the issue is without having a look at CE1.
Are you certain that the second entry you are seeing is CE1 egress interface IP address and not PE1 ingress interface IP address?
The fact that the CE-PE /30 subnet is not known by R1 has nothing to do with the behavior you are seeing.
Hope this helps, -
Central Site Internet Connectivity for MPLS VPN User
What are the solutions of Central site Internet connectivity for a MPLS VPN user, and what is the best practice?
Hello,
Since you mentioned that Internet Access should be through a central site, it is clear that all customer sites (except the central) will somehow have a default (static/dynamic) to reach the central site via the normal VPN path for unknown destinations. Any firewall that might be needed, would be placed at the central site (at least). So, the issue is how the central site accesses the Internet.
Various methods exist to provide Internet Access to an MPLS VPN. I am not sure if any one of them is considered the best. Each method has its pros and cons, and since you have to balance various factors, those factors might conflict at some point. It is hard to get simplicity, optimal routing, maximum degree of security (no matter how you define "security"), reduced memory demands and cover any other special requirements (such as possibility for overlapping between customer addresses) from a single solution. Probably the most secure VPN is the one which is not open to the Internet. If you open it to the Internet, some holes also open inevitably.
One method is to create a separate Internet_Access VPN and have other VPNs create an extranet with that Internet_Access VPN. This method is said to be very secure (at least in terms of backbone exposure). However, if full routing is a requirement, the increased memory demands of this solution might lead you to prefer to keep the internet routing table in the Global Routing Table (GRT). You might have full routing in the GRT of PEs and Ps or in PEs only (second is probably better).
Some names for solutions that exist are: static default routing, dynamic default routing, separate BGP session between PE and CE (via separate interface, subinterface or tunnel), extranet with internet VRF (mentioned earlier), extranet with internet VRF + VRF-aware NAT.
The choice will depend on the requirements of your environment. I cannot possibly describe all methods here and I do not know of a public document that does. If you need an analysis of MPLS VPN security, you may want to take a look at Michael Behringer's great book with M.Morrow "MPLS VPN Security". Another book that describes solutions is "MPLS and VPN Architectures" by Ivan Pepelnjak. There is a Networkers session on MPLS VPNs that lists solutions. There is also a relevant document in CCO:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801445fb.shtml (covering static default routing option).
Kind Regards,
M. -
MPLS-VPN w/NAT for Internet connectivity.
We have implemented MPLS-VPN and site-to-site connectivity seems to be working fairly well. However, we are having strange issue when trying to access the Internet. For some odd reason, we are not able to get to some sites such as ebay.com, latimes.com, nytimes.com, moviefone.com. We are running dynamic NAT and the topology looks like this:
Laptop----CE-------PE-----NAT------BR-----Internet
This is a simple layout of what we have currently in the lab. NAT router is not running MPLS but we are using VRF to create sub-interfaces on FE connecting PE and NAT router for each customers. I have access-list allowing 10.x.x.x/8.
Laptop-CE - 10.0.0.8/30
CE-PE - 10.0.0.0/30
PE-NAT - 10.0.1.0/30
Also, we are able to ping, trace, ftp, use remote desktop, pcanywhere. It seems to be only affecting http. We've been working on this for couple of days now and we've hit a wall. Any help will be greatly appreciated.
JKI had a slightly different yet similar problem a few months ago on our mpls network with the CE devices, and turned out the DF bit had to be set to 0 to enable fragmentation _prior_ to traffic entering the core.
Fixed it right up by setting a policy on the ethernet port.
-Jeff -
8350i direct connect messages issue
Hi I was wondering if there was a solution for the messages popping up in the messages folder when someone direct connects me? Yes I have turned off the forward to none and really could not make heads or tails of the one post there is on this issue. I am assuming that us 8350 owners have to wait for a software upgrade. Is this correct or has this issue been solved in another way.
ThanksI have the 8350i and a Mac.
I have my info on iCal and Address Book.
When I sync, everything is ok, except 2 problems.
The Direct Connect ID's and the BB PIN's do not sync.
In the Mac's Address Book, I have them under:
DCID = 'Home 2'
BB PIN = 'Home Fax'
I have them labeled like that because that's how Entourage/Address Book syncs them.
For example,
When I create a new contact on my BB that has email, phone, address, direct connect#, PIN, company... and then I sync with my mac... I will see in the Mac's Address Book the new contact with the email, phone, address, company... but no direct connect# and no PIN.
In short, there is no field that corresponds to Direct Connect# and PIN# when trying to sync with BlackBerry Desktop Manager for Mac and a BlackBerry Curve 8350i. Is this true?
THX
Message Edited by framal on 10-05-2009 02:19 PM -
you are running the latest version of iTunes, have no other USB devices attached, have no security software installed, and are directly connected to your ISP source, simply restarting the computer and the iOS device can clear up certain issues that could prevent you from restoring. After restarting the computer and iOS device, attempt to restore again.
How big is your library? I would recommend the following troubleshooting steps:
- Backup your library. Always a good idea before messing with things.
- Create a new library. Refer to this article for details: http://support.apple.com/kb/HT1589. This won't delete your old library, you're just creating a new empty one. Also refer to this article to get back to your old library later.
- Add a few albums into this new library. Not everything, just a small sampling, as a test.
- Activate Match on this new library. You shouldn't have to re-pay, it should just say "Add Computer" or similar.
- At this point, Match should run again. With just a few albums it should complete in just a few minutes.
If iTunes doesn't crash at this point, then likely there's something about your original library that Match doesn't like - what that is I don't know, but at least you'll know it's not your PC. If iTunes still crashes, then if could be a number of other things, but probably not your library. My next suggestion (if you haven't already done this) is to uninstall / reinstall iTunes. If that doesn't work, then my next ideas you won't like. -
MPLS VPNs alongwith T1 and sub-rate SONET/SDH connections
Hi,
I know this question might seem out of place in this particular forum, I apologize for that.
We currently offer MPLS VPN services on my Cisco 7600 platform with supported FE/GE modules.
Coming to my question, can I offer DS0/T1 services without adding a new optical (SONET/SDH) box and on the same 7600 (I have enough slots available)
I was thinking of this particular module for delivering the required additional services:
http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/Prtn.html
and
http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/crns.html
Is anyone of you guys doing something similar?
I would request for some inputs w.r.t. stability and/or other factors I should consider before I start to seriously think of them as an alternative option instead of going for separate Optical devices.
P.S.: This is not MPLS VPNs on subrate interfaces but subrate/T1 'IPLC' service by itself.
Thanks
Cheers
~sultanNo, you will need to put an additional module to support DS0/T1 services on your 7600. Following link may help you
http://www.cisco.com/en/US/products/hw/modules/ps2831/products_data_sheet09186a008015cfe9.html -
L3 MPLS-VPN with ATM Interfaces
Hi
I tacked a L3 MPLS-VPN from a MPLS service provider.My VPN have three points.
In first point, I have a PA-A3-OC3 over cisco router 7206. how can I config to place PVC1/2 into VPN?You need that pvc to be under a separate sub-interface and then you can configure "ip vrf for " under that sub-interface.
Hope this helps, -
MPLS VPN / BGP Netflow Issue
I have followed all of the configuration steps given for egress accounting with netflow on a MPLS VPN link. However, it is only showing flows coming into the router. I need to be able to account both ways- any recommendations? Config below:
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 5
ip flow-export destination XX.XX.XX.XX 9996
IP packet size distribution (10730093 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .098 .645 .011 .016 .012 .009 .010 .000 .001 .000 .001 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .002 .185 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
4 active, 65532 inactive, 464700 added
6109192 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 336520 bytes
0 active, 16384 inactive, 20706 added, 20706 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 7 0.0 20 233 0.0 7.0 11.3
TCP-FTP 3 0.0 1 40 0.0 0.4 1.6
TCP-WWW 5757 0.0 6 389 0.0 1.1 3.0
TCP-SMTP 7 0.0 1 40 0.0 0.7 1.6
TCP-X 244 0.0 1 54 0.0 0.0 1.5
TCP-other 304762 0.2 7 346 1.6 2.2 4.8
UDP-DNS 346 0.0 1 127 0.0 0.0 15.4
UDP-NTP 3323 0.0 1 80 0.0 0.0 15.4
UDP-other 131041 0.0 62 341 5.4 17.6 13.2
ICMP 64291 0.0 1 79 0.0 0.0 15.4
Total: 509781 0.3 21 341 7.1 5.9 8.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Mu12 10.50.66.218 Null 10.105.0.1 11 0675 00A1 84
Mu12 10.50.66.218 Null 10.105.19.10 11 0675 00A1 2
Mu12 10.50.66.218 Null 10.105.19.3 11 0675 00A1 4
Mu12 10.50.66.42 Null 10.105.19.10 06 0B3C 01BD 12Update on this- Im now receiving all traffic incoming into the interface, but am tracking only about 10% of the outgoing traffic- revised config below:
ip flow-cache timeout active 1
ip flow-cache mpls label-positions 1 2 3
ipv6 flow-cache mpls label-positions 1 2 3
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
service-policy output cbwfq-voice20per
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 9 origin-as
ip flow-export destination XX.XX.XX.XX 9996 -
Direct Connect Migration Issues
So I'm about to get my MacBook Pro in the mail soon and I was looking at Apple's Great Migration page. Here is what I want to do (direct connect):
Direct connect
To move files by connecting your Mac directly to your PC:
1. Connect your Mac to your PC using a standard Ethernet cable.
2. Make sure that both computers are turned on.
3. In the Finder on your Mac, choose Connect to Server from the Go menu to open the window.
4. Type your PC's network address in the Server Address text box using one of these formats:
* smb://DNSname/ShareName
* smb://IPaddress/ShareName
5. Click Connect.
6. Follow the onscreen instructions to enter your PC's workgroup name, user name, password, and the volume or folder you wish to access.
7. Your PC volume should appear on your Mac Desktop.
8. Open the volume and drag and drop files directly from it to anywhere on your Mac.
9. When finished, drag your PC volume to the Trash to unmount it.
For #4, what do I enter in for this?:
* smb://DNSname/ShareName
* smb://IPaddress/ShareName
Thanks so much!There are several BDE replacements that allow you to connect to
Oracle from Delphi with out BDE or ODBC
DOA- Direct Oracle Access from Allaround Automation ~$200.00
http://www.allroundautomations.nl/index.html
NCOCI8 is freeware.
Goto to www.kylecords.com and they list BDE replacements.
I use DOA and their PL/SQL developer systems from Allaround
Automations and they are both excellent systems with excellent
support. -
Remote access VPN client gets connected fails on hosts in LAN
Hi,
VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)Hi Mashal,
Thanks for your time,
VPN Pool(Client) 192.168.100.0/24
Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
=============
On the Switch
=============
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.5 to network 0.0.0.0
172.32.0.0/24 is subnetted, 1 subnets
C 172.32.0.0 is directly connected, Vlan101
C 192.168.200.0/24 is directly connected, Vlan2000
C 192.9.200.0/24 is directly connected, Vlan4000
S 192.168.250.0/24 [1/0] via 192.9.200.125
S 192.168.1.0/24 [1/0] via 192.9.200.125
C 192.168.2.0/24 is directly connected, Vlan1000
S 192.168.252.0/24 [1/0] via 192.9.200.125
S* 0.0.0.0/0 [1/0] via 192.168.2.5
===============
On ASA
===============
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 172.32.0.2 to network 0.0.0.0
C 172.32.0.0 255.255.255.0 is directly connected, outside
C 192.9.200.0 255.255.255.0 is directly connected, inside
C 192.168.168.0 255.255.255.0 is directly connected, failover
C 192.168.2.0 255.255.255.0 is directly connected, MGMT
S 192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
S 192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route on the being pointing to on the switch.
So we are left to do with how to on the switch with default route.
Maybe you are looking for
-
Copy and paste text while typing
i am sure that someone somewhere has posted this but i couldnt find it. LOVE the Iphone BUT wish it had the ability to allow copy and paste of text. These are basic to most phones, and word processors, and would make it easier to use....ALSO it would
-
What is Gateway User and password in Oracle Discoverer Administrator
hi. i have install BI tools and want to connect to database. what is Gateway user ID / Password and Foundation Name and what username i give in it and how i can use discoverer desktop. plz urgent thx
-
BW Statistics - Is it transportable ?
Hello Gurus, This is a question on BW Statistics. I have made the necessary settings to switch on BW Statistics. My question is, Are these settings Transportable or do they need to be maintained in each landscape. Thanks in advance
-
Chroma key use: Photoshop (version) or can Elements 13 be utilized?
Chroma key use: Photoshop (version) or can Elements 13 be utilized? I do not want to purchase plugs-in etc.
-
Hi Guys, I really need your help. I used to use Flash MX a while back. I can animate in flash really well. but my problem is the action script. Basicly, i'm design a simple learning interface. at the begining, theintro loads up, but then i need it to