Tunnel vrf "vrf-name", when tunnel source interface in GRT

Similar Messages

• MGRE in VRF and Source Interface Issue

  friends,
  I have a scenario where i need to use multiple multi-point GRE tunnels and put them in VRF for each customer. The problem i am facing is that for each Tunnel i use  Routers loopback in global table as source address.  It works fine for one Tunnel. But as soon as i create another tunnel using the same loopback as source. Both tunnels go down.  If i use different loopback addresses for each tunnel, all tunnels stays up.    Can anyone tell me why i cannot use one loopback as source-address for all tunnels??  creating indiviual loopback for each tunnel doesn't seem scalable. 
  interface Tunnel0
   ip vrf forwarding RED
   ip address 10.0.0.1 255.255.255.0
   no ip redirects
   ip nhrp map 10.0.0.4 172.16.1.4
   ip nhrp map 10.0.0.5 172.16.1.5
   ip nhrp network-id 1
   tunnel source Loopback0
   tunnel mode gre multipoint
  end
  interface Tunnel1
   ip vrf forwarding BLUE
   ip address 11.0.0.1 255.255.255.0
   no ip redirects
   ip nhrp map 11.0.0.6 172.16.1.6
   ip nhrp network-id 2
   tunnel source Loopback1
   tunnel mode gre multipoint
  end
  interface FastEthernet0/0
   description *** Connected to Customers  for mGRE ***
   ip address 172.16.1.1 255.255.255.0
  end
  interface Loopback0
   ip address 1.1.1.254 255.255.255.255
  end

  Hello
  Can you provide  show interface tunnel
  Harish

• How to make 2 clients on same VLAN communicate to each other when tunnel-loop-prevention is enabled?

  Requirement:
  How to make two clients on same VLAN communicate to each other when tunnel-loop-prevention is enabled on tunneled-node configuration at controller?
  Whenever we enable tunnel-loop-prevention on controller while we configure tunneled-node, the communication between two tunneled-node client on same VLAN is blocked or dropped.
  If the tunneled-node clients are of different VLANs then they can communicate between them even when the tunnel-loop-prevention is enabled on the controller.
  Solution:
  To make two tunneled-node client on same VLAN to communicate between them, we need to enable "local-proxy-arp" for the interface VLAN on the controller.
  Once it is enabled now the tunneled-node clients on same VLAN can communicate between each other. 
  Configuration:
  To enable "local-proxy-arp":
  Get to the interface of the VLAN on the controller
  Example :
  (config)#interface vlan 5
  (config)#ip local-proxy-arp
  To enable tunnel loop prevention on controller
  (config)# tunnel-loop-prevention
  Verification
  Show commands:
  To check if tunnel-loop-prevention is enabled or disabled
  #show tunneled-node config
  Tunnelded node Server: Enabled
  Tunnel Loop Prevention: Enabled
  To check if local-proxy-ap is enabled:
  #show interface vlan 5
  Look for in the output "ProxyARP enable"

  streetfi8er wrote:
  Server ready,waiting for client:
  Exception in thread "New THREAD" java.lang.NullPointerException
       at server4$server4Thread.run(server4.java:88)
  Failed to accept client
  when i run the second client programme on different a console in the same system i get the error that:
  Unknown HostOK, I'm no socket programming expert; but I can see a few potential problems with what you've written.
  1. First off, which line is line 88? Line numbers would be useful. Also, indenting your code properly would make it easier to read.
  2. Your 'while(!str.equalsIgnoreCase("close"))' will always fail with a NullPointerException because 'str' is initially set to null.
  3. Your 'while(true)' loop worries me. How does it exit? Relying on an exception is usually very bad practise.
  4. You are not handling SecurityExceptions. While it's unlikely to happen on your machine; it could easily happen on another.
  5. It might be worth indicating the actual exception thrown in your "Failed to accept client" message. accept() can throw three different types of IOException.
  6. All the threads you create will be called "New THREAD", which doesn't provide much value.
  HIH
  Winston

• L2TP script to initiate a router reload when tunnel goes down - working

  Hi,
       Just thought I would post a working EEM script on doing a router reload when the L2TP tunnel goes down....
  I am using a 3825 router to initiate a site-to-site tunnel with a 3rd party vpn service - StrongVPN.  On the odd occasion when the tunnel goes down, the l2tp tunnel state goes to "no session left" and the virtual-ppp1 interface - which is tied to the l2tp vpn - goes down.  Unfortunately, because I have no control on the far end router, the only way to bring it back up is thru a router reload....
  Here you go:
  event manager applet L2TP-DOWN
  event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down"
  action 1.0 syslog msg "The L2TP VPN is down"
  action 1.1 cli command "enable"
  action 1.2 cli command "reload in 10" pattern "confirm"
  action 1.3 cli command ""
  action 1.4 syslog msg "EEM scheduled reload in 10 minutes"
  event manager applet L2TP-UP
  event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up"
  action 1.0 syslog msg "The L2TP VPN is up"
  action 1.1 cli command "enable"
  action 1.2 cli command "reload cancel"
  Jason

  Hi Arie,
       So, here is the script I am using....
  When the L2TP tunnel goes to "no sessions left", the virtual-ppp1 interface goes down.  That's the typical message I get when it goes down.  So, when I reboot the router, the script shows the message that the virtual-ppp1 interface is up when the L2TP tunnel comes up.  I checked the debugs and that is the behaviour when the tunnel goes up / down...
  Here you go:
  event manager applet L2TP-DOWN
  event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down"
  action 1.0 syslog msg "The L2TP VPN is down"
  action 1.1 cli command "enable"
  action 1.2 cli command "reload in 10" pattern "confirm"
  action 1.3 cli command ""
  action 1.4 syslog msg "EEM scheduled reload in 10 minutes"
  event manager applet L2TP-UP
  event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up"
  action 1.0 syslog msg "The L2TP VPN is up"
  action 1.1 cli command "enable"
  action 1.2 cli command "reload cancel"
  Thanks.

• Baseline template - look for specific loopback interface when specifying "ip tftp source-interface"

  Hello all
  I'm new to regex and I'm trying to make a baseline template, that will check our network devices for our required basic configuration.
  What I'm trying to do is to make a template that will look for either a loopback0 or loopback1 interface.
  If eíther one is found (the loopback interfaces will not be there at the same time) it must apply the following command:
  ip tftp source-interface loopback0 (or loopback1)
  Is it even possible to make an if-then statement using regex?
  Thank you in advance.
  Best regards
  Jesper Ross Petersen
  Message was edited by: Jesper Ross Petersen

  Yes, this can be done
  #Go to the tcl shell of the device.
  C1811#tclsh
  C1811(tcl)#
  #copy and paste this at the tcl prompt.
  proc intf {} {
  set runningcfg [exec show run | inc ^interface Loopback]
  foreach line [split $runningcfg \n] {
  if {[regexp {interface (Loopback[0-1])} $line -> interface] } {
  ios_config "ip tftp source-interface $interface"
  return "ip tftp source-interface $interface"
  # now type the name of the proc (intf) at the tcl prompt.
  C1811(tcl)#intf
  # If loopback0 or 1 is present the tftp source interface is added to the running config.
  ip tftp source-interface Loopback0
  C1811(tcl)#

• VRF selector using PBR or Source IP address

  Could anyone can tell which is the better choice of VRF selector using PBR or Source IP address? From Cisco doc, VRF selection based on Source take advance over PBR. My feeling is that PBR may match more criterias than just match source IP address.
  Thanks

  I would personally use the "VRF selection based on source IP address" only where the "VRF selection using PBR" is not available since the latter is a superset of the former.
  Hope this helps,

• Per-Tunnel QoS on a DMVPN Tunnel Not Working.

  Hello, I am trying to get per-Tunnel QoS working on one of my Hub tunnels, and believe to have the configurations correctly, but when I do "show ip nhrp group-map" I get NONE. I am running a MPLS-VPN network and this router has multiple DMVPN Tunnels with different VRFs. I am not running QoS on the other tunnels.
  router#show ip nhrp group-map
  Interface: Tunnel1
  NHRP group: testgroup
    QoS policy: test-QoS
    Tunnels using the QoS policy: None
  here is my config
  interface Tunnel1
  ip vrf forwarding test
  ip address 172.16.1.1 255.255.255.240
  no ip redirects
  ip mtu 1376
  ip nhrp authentication test
  ip nhrp map multicast dynamic
  ip nhrp map group testgroup service-policy output TEST-QoS
  ip nhrp network-id #####
  ip tcp adjust-mss 1200
  load-interval 30
  tunnel source Loopback1
  tunnel mode gre multipoint
  tunnel key #####
  tunnel vrf test_internet
  tunnel protection ipsec profile IPSECPROFILE shared
  Router Version
  (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M3
  I understand that I could do qos pre-classify in the tunnel and then do a service policy on the physical interface, but the question I have is why does it say " Tunnels using the QoS policy: None " when I configured a qos policy on the tunnel interface? Is this a bug?
  Thank you for your help!

  Ray,
  There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
  Also coexistance of other service-policy etc etc.
  The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
  M.

• Setting the source-interface in a tcl script for email.

  So once again I am trying to figure this out and failing miserably. The only thin I can think of at the moment is that I need to tell it to source from a specific vrf interface. I've tried looking through possible enviornment variables. Hoping I could set it that way but have yet to find one. I have read varios settings for source-interface and attempted them. But fail every time with:
  vpn_failure.tcl: smtp_send_email: error connecting to mail server:
  EEM Version:
  sho event manager version
  Embedded Event Manager Version 4.00
  Component Versions:
  eem: (rel4)1.0.4
  eem-gold: (rel1)1.0.2
  eem-call-home: (rel2)1.0.0
  Below is the stock format for sending the email from the script. If someone could guide me in the correct way to set this up to source the interface that would be awesome.
  # create mail form
    action_syslog msg "Creating mail header for vpn_failure.tcl script..."
    set body [format "Mailservername: %s" "$_email_server"]
    set body [format "%s\nFrom: %s" "$body" "$_email_from"]
    set body [format "%s\nTo: %s" "$body" "$_email_to"]
    set _email_cc ""
    set body [format "%s\nCc: %s" "$body" ""]
    set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]
    set body [format "%s\n%s" "$body" "Report Summary:"]
    set body [format "%s\n%s" "$body" "   - syslog message"]
    set body [format "%s\n%s" "$body" "   - summary of interface(s) in an up/down state"]
    set body [format "%s\n%s" "$body" "   - show ip route $remote_peer"]
    set body [format "%s\n%s" "$body" "   - show crypto isakmp sa"]
    set body [format "%s\n%s" "$body" "   - show crypto session detail"]
    set body [format "%s\n%s" "$body" "   - show crypto engine connection active"]
    set body [format "%s\n%s" "$body" "   - show ip nhrp detail (DMVPN only)"]
    set body [format "%s\n%s" "$body" "   - show log"]
    set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]
    set body [format "%s\n%s" "$body" "$syslog_msg"]
    set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]
    set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]
    set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]
    set body [format "%s\n\n%s" "$body" "$show_ip_route"]
    set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]
    set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]
    set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]
    set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]
    set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]
    set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]
    set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]
    set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]
    set body [format "%s\n\n%s" "$body" "---------- show log ----------"]
    set body [format "%s\n\n%s" "$body" "$show_log"]
    if [catch {smtp_send_email $body} result] {
      action_syslog msg "smtp_send_email: $result"

  I got this far, saw the MAXRUN error, bumped that out and then turned on debugging. I am still not connecting to the mail server. So I don't think I am reaching the mail server yet. I don't think it is using the sourceinterface. In debugging everyting in the script works except for the mail portion.
  Jul 29 16:01:00.334: %HA_EM-6-LOG: vpn_failure.tcl: Creating mail header for vpn_failure.tcl script...
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     while executing
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "action_syslog msg "smtp_send_email: $result""
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     invoked from within
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "$slave eval $Contents"
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     (procedure "eval_script" line 7)
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     invoked from within
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "eval_script slave $scriptname"
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     invoked from within
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "if {$security_level == 1} {       #untrusted script
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:      interp create -safe slave
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:      interp share {} stdin slave
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:      interp share {} stdout slave
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: ..."
  Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl:     (file "tmpsys:/lib/tcl/base.tcl" line 50)
  Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Tcl policy execute failed:
  Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.
  Debugging On:
  Jul 29 16:28:51.471: [fh_smtp_debug_cmd]
  Jul 29 16:28:51.472: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 2
  Jul 29 16:29:24.473: [fh_smtp_debug_cmd]
  Jul 29 16:29:24.473: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 3
  Jul 29 16:29:57.475: [fh_smtp_debug_cmd]
  Jul 29 16:29:57.475: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 4
  Jul 29 16:30:30.478: [fh_smtp_debug_cmd]
  Jul 29 16:30:30.479: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 5
  Jul 29 16:31:00.482: %HA_EM-6-LOG: vpn_failure.tcl: smtp_send_email: error connecting to mail server:
  cannot connect to all the candidate mail servers
  Jul 29 16:31:00.483: %HA_EM-6-LOG: vpn_failure.tcl: vpn_failure.tcl script completed
  event manager environment _email_server 10.79.1.126
  event manager environment _email_from [email protected]
  event manager environment _email_to [email protected]
  interface Port-channel1.101
  description MGMT-1
  encapsulation dot1Q 101
  vrf forwarding MGMT-1
  ip address 10.79.1.252 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  redundancy rii 101
  redundancy group 2 ip 10.79.1.254 exclusive decrement 10
  end
  #----------------------- send mail ----------------------
  # create mail form
    action_syslog msg "Creating mail header for vpn_failure.tcl script..."
    set body [format "Mailservername: %s" "$_email_server"]
    set body [format "%s\nFrom: %s" "$body" "$_email_from"]
    set body [format "%s\nTo: %s" "$body" "$_email_to"]
    set _email_cc ""
    set body [format "%s\nCc: %s" "$body" "[email protected]"]
    set body [format "%s\nSourceintf: %s" "$body" "port-channel1.101"]
    set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]
    set body [format "%s\n%s" "$body" "Report Summary:"]
    set body [format "%s\n%s" "$body" "   - syslog message"]
    set body [format "%s\n%s" "$body" "   - summary of interface(s) in an up/down state"]
    set body [format "%s\n%s" "$body" "   - show ip route $remote_peer"]
    set body [format "%s\n%s" "$body" "   - show crypto isakmp sa"]
    set body [format "%s\n%s" "$body" "   - show crypto session detail"]
    set body [format "%s\n%s" "$body" "   - show crypto engine connection active"]
    set body [format "%s\n%s" "$body" "   - show ip nhrp detail (DMVPN only)"]
    set body [format "%s\n%s" "$body" "   - show log"]
    set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]
    set body [format "%s\n%s" "$body" "$syslog_msg"]
    set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]
    set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]
    set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]
    set body [format "%s\n\n%s" "$body" "$show_ip_route"]
    set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]
    set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]
    set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]
    set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]
    set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]
    set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]
    set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]
    set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]
    set body [format "%s\n\n%s" "$body" "---------- show log ----------"]
    set body [format "%s\n\n%s" "$body" "$show_log"]
    if [catch {smtp_send_email $body} result] {
      action_syslog msg "smtp_send_email: $result"
    action_syslog msg "vpn_failure.tcl script completed"
  #------------------ end of send mail --------------------

• ASA IPSEC Source Interface

  Hi...
  There is a way to configure an IPSEC VPN with a source-interface like in a router,? This is for a site to site VPN. I want to use a loopback interface.
  When I configured one VPN, the only option is the IP from the interface where the traffic is going out.
  Thanks.

  Whatever interface you enable ipsec on is the source interface.
  crypto map MyMap interface [interface name]
  ASA's don't support loopbacks so that is not possible.

• SNMP Source interface issue

  Hi All,
  Is it necessary to mention snmp-server trap-source <interface name> while configuring SNMP in a router/switch?. what if we do not configure this command on a device having multiple interfaces?
  Regards,
  VB

  The original post had a two part question, so I will provide a two part answer.
  1) Is it necessary to specify the trap source interface? No it is not necessary to specify the trap source interface. Traps will be sent anyway but it becomes more difficult to predict what source address will be used.
  2) What happens if we do not configure it. As Afroz explains the device will use what it considers to be the closest interface at that particular time to send the trap. The result is that as interface status may change or as routing table information changes some traps may be sent with Gig0/1 as the source while other traps are sent with Gig0/2 as the source. The reality is that all these traps are from the same device but it will be difficult to see that as you look at the received traps and see different sources.
  So I would say that while it is not necessary it is certainly recommended, especially when the device has more than one interface that could potentially serve as the source.
  HTH
  Rick

• Tunnel Traffic going inside IPSEC tunnel

  Hi Everyone,
  Site A  has IP Sec Tunnel to Site B via ASA.
  Now Switch on Site A has GRE tunnel and destination of that tunnel is going inside the IPSEC tunnel.
  In other words IPSEC tunnel between 2 sites is also carrying the GRE Tunnel Traffic.
  Which command i can run on ASA to know if IPSEC is carrying GRE tunnel traffic  or
  What line in ASA config will tell me that this IPSEC is also carrying GRE tunnel traffic?
  Thanks
  MAhesh

  Hi Jouni,
  I can not put config here.
  But here is the info
  sh crypto map shows ASA  outside interface say GGG this interface has ipsec connection to other site.
  also sh conn all | inc GRE shows bunch of output.
  It shows ASA outside inetrface which is to WAN say GGG   8 times and it has say subnet range
  GRE GGG  10.22.31.4  XY 10.x.x.x.x
  GRE GGG  10.22.31.4  XY  10.x.x.x
  GRE GGG  10.22.31.3
  GRE GGG  10.22.31.3
  GRE GGG  10.22.31.3
  GRE GGG  10.22.31.4
  GRE GGG  10.22.31.4
  GRE GGG  10.22.31.4
  Where XY is interface of ASA which is next hop to tunnel destination.
  IP 10.x.x.x  is the tunnel source IP which is loopback on the switch.
  Do you know why it has 2 entries for same ASA  interface XY ?
  Also it has other entries for other ASA  interface.
  So does number of entries tell us number of GRE connections running ?
  Thanks
  MAhesh
  Message was edited by: mahesh parmar

• 2800 w/ site-site tunnel using NAT and user tunnels

  I am using a 2800 to terminate a site-site IPSec tunnel using a crypto map. It is also used to terminate several user tunnels.
  Because of overlapping private address space there is a source NAT rule in place that overloads addresses prior to routing them across the site-site tunnel.
  The problem is that the user tunnels are not able to communicate with any host located on the far end of the site-site tunnel. The site-site tunnel (and it's NAT) works just fine for users coming from any other interface on the 2800.
  Does anyone have any ideas? I've gone ahead and attached the existing configuration for those that are brave or incredibly smart :) It is a fairly trashed config though, and I'm still trying to clean it up from where it was.
  Thank you VERY much ahead of time,
  Steve

  Duplicate posts.  :P
  Go here:  http://supportforums.cisco.com/discussion/12152361/2nd-site-site-ipsec-tunnel-nat-traversal-setting-fail-establish-however-1st

• How to change Nexus 1000v (N1KV) flow exporter's source interface?

  Dear ALL,
  I am trying to setup NetFlow from a N1000v towards a NAM, and I need to change the 'flow exporter's source interface from 'mgmt 0' to something else.
  I've encountered the following problems:
  1. Even tho the Cisco document here describes that the source interface can be changed, logging into the CLI of N1000v does not give alternative options:
  N1k# conf t
  N1k(config)# flow exporter TEST1
  N1k(config-flow-explorter)# source ?
      mgmt    Management interface
  N1k(config-flow-explorter)# source mgmt ?
      <0-0>    Management interface number
  N1k(config-flow-explorter)# source mgmt 0 ?
      <CR>
  N1k(config-flow-explorter)#
  2. In order to be able to use other source interface for NetFlow than 'mgmt 0' I would need a L3 interface. I am kind of missing the concept of a 'interface vlan' used in IOS from NX-OS. I tried to look around and find documentation, explanations, however could not find anything useful yet.
  NX-OS running on N1k is 4.0(4)SV1(3b)
  Could you please advise on this topic?
  Thanks,
  Andras

  Hi Padma,
  and
  Happy New Year. Best Whishes
  I found some missconfiguration in my port profile, and when associate correct NIC with coreect port profiles everything work nice
  Thank you.

• Certain characters not appearing in the "full name" when sending e-mail

  I have certain characters in my full name of one of my e-mail aliases in iCloud. However, those characters are simply absent from the name shown as sender name when sending mail from Mail app in OS X. For me the problematic characters are C5 A1 and C4 8D (UTF-8 codes).

  Yes, š and č are those. Sorry, I wasn't sure if they will work here. I have my full name containing the š and č in the "Full Name" field of the e-mail alias settings on web interface to the iCloud Mail. But in Mail on OS X my name in the "From" field appears without those two characters (other characters are OK) when I select this alias. Also, those two characters are invisible at the recipient's side. And yes, if I sent a copy of such a mail to myself the š and č are missing again in the "From" field.
  However, I have the same full name with š and č for my main e-mail address (iCloud account name). Using this main e-mail address š and č appear everywhere!
  Message was edited by: mikkec

• How to use for each loop in XSLT when my source is a multilayout file and db

  How do I use a for each loop in XSLT when my source is multilayout file and db .
  My multilayout file is basically contain 2 kind of data one for employee and another for dependent.
  Now my requirement is I want to read each line of data whether it is it is employee or dependent do a join with db and write it in my target file.
  eg :  File content
  1 RichaKumari 311289 TCS INDIA
  2 KiarnKumar 456782 BRO RichaKumari 311289 INDIA
  2 Ravi            456882 BRO RichaKumari 311289 INDIA
  eg : db Content
  311289 RichaKumari TCS INDIA Bangalore [email protected]
  Now in Final File I need something like this :
  1 RichaKumari 311289 TCS INDIA
  2 KiarnKumar RichaKumari 311289 TCS INDIA
  2 Ravi            RichaKumari 311289 TCS INDIA
  here 1 and 2 are the identifier which will decide which layout to follow .

  Hi,
  I think you'll need two nested for-each's... Something like...
  <xsl:for-each select="$root/row[layout = 1]">
  <xsl:variable name="employee" select="."/>
  ... write employee ...
  <xsl:for-each select="$root/row[layout = 2 and dependentid = $employee/id]">
  ... write dependent ...
  </xsl:for-each>
  </xsl:for-each>
  Cheers,
  Vlad