Tunnel vrf "vrf-name", when tunnel source interface in GRT
Hello!
Following configuration is working on Cisco 871 (c870-advipservicesk9-mz.124-15.T8.bin) but doesn’t working on Cisco 881 (c880data-universalk9-mz.151-4.M4.bin, License Level: advipservices). What I missed?
ip vrf vrf_tun
rd 1:3
interface Tunnel0
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip mtu 1472
ip nhrp authentication 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp server-only
no ip nhrp cache non-authoritative
ip tcp adjust-mss 1400
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel vrf vrf_tun
interface FastEthernet4 (interface does not participate in the VRF!)
ip address i.i.i.i m.m.m.m
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
ip route 0.0.0.0 0.0.0.0 g.g.g.g
ip route vrf vrf_tun 0.0.0.0 0.0.0.0 FastEthernet4 g.g.g.g global
sh ip nh bri (C 871):
Target Via NBMA Mode Intfc Claimed
172.16.0.2/32 172.16.0.2 i.i.i.i dynamic Tu0 < >
sh ip nh bri (C 881):
Target Via NBMA Mode Intfc Claimed
debug nhrp on 881 not show anything. Configuration without "tunnel vrf vrf_tun" works perfect.
Hello, Peter.
So, I dug deeper. I tested my configuration on brand new C881 and even on C2911. On C881 I used c880data-universalk9_npe-mz.152-3.T and then c880data-universalk9-mz.124-20.T4 (the most oldest release on cisco.com).
I found that the router on opposite side receives packets. Look:
C881#ping 10.150.12.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 10.150.12.1, timeout is 2 seconds:
Success rate is 0 percent (0/1)
RouterOnOppositeSide#debug ip icmp
ICMP packet debugging is on
001150: Jan 19 23:36:44: ICMP: echo reply sent, src 10.150.12.1, dst 10.200.10.1, topology BASE, dscp 0 topoid 0
I guess that the problem lies in the part where router (C881) receives packets and decides what to do with them. Somehow in this part G1 and G2 routers behaves different.
Similar Messages
-
MGRE in VRF and Source Interface Issue
friends,
I have a scenario where i need to use multiple multi-point GRE tunnels and put them in VRF for each customer. The problem i am facing is that for each Tunnel i use Routers loopback in global table as source address. It works fine for one Tunnel. But as soon as i create another tunnel using the same loopback as source. Both tunnels go down. If i use different loopback addresses for each tunnel, all tunnels stays up. Can anyone tell me why i cannot use one loopback as source-address for all tunnels?? creating indiviual loopback for each tunnel doesn't seem scalable.
interface Tunnel0
ip vrf forwarding RED
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip nhrp map 10.0.0.4 172.16.1.4
ip nhrp map 10.0.0.5 172.16.1.5
ip nhrp network-id 1
tunnel source Loopback0
tunnel mode gre multipoint
end
interface Tunnel1
ip vrf forwarding BLUE
ip address 11.0.0.1 255.255.255.0
no ip redirects
ip nhrp map 11.0.0.6 172.16.1.6
ip nhrp network-id 2
tunnel source Loopback1
tunnel mode gre multipoint
end
interface FastEthernet0/0
description *** Connected to Customers for mGRE ***
ip address 172.16.1.1 255.255.255.0
end
interface Loopback0
ip address 1.1.1.254 255.255.255.255
endHello
Can you provide show interface tunnel
Harish -
Requirement:
How to make two clients on same VLAN communicate to each other when tunnel-loop-prevention is enabled on tunneled-node configuration at controller?
Whenever we enable tunnel-loop-prevention on controller while we configure tunneled-node, the communication between two tunneled-node client on same VLAN is blocked or dropped.
If the tunneled-node clients are of different VLANs then they can communicate between them even when the tunnel-loop-prevention is enabled on the controller.
Solution:
To make two tunneled-node client on same VLAN to communicate between them, we need to enable "local-proxy-arp" for the interface VLAN on the controller.
Once it is enabled now the tunneled-node clients on same VLAN can communicate between each other.
Configuration:
To enable "local-proxy-arp":
Get to the interface of the VLAN on the controller
Example :
(config)#interface vlan 5
(config)#ip local-proxy-arp
To enable tunnel loop prevention on controller
(config)# tunnel-loop-prevention
Verification
Show commands:
To check if tunnel-loop-prevention is enabled or disabled
#show tunneled-node config
Tunnelded node Server: Enabled
Tunnel Loop Prevention: Enabled
To check if local-proxy-ap is enabled:
#show interface vlan 5
Look for in the output "ProxyARP enable"streetfi8er wrote:
Server ready,waiting for client:
Exception in thread "New THREAD" java.lang.NullPointerException
at server4$server4Thread.run(server4.java:88)
Failed to accept client
when i run the second client programme on different a console in the same system i get the error that:
Unknown HostOK, I'm no socket programming expert; but I can see a few potential problems with what you've written.
1. First off, which line is line 88? Line numbers would be useful. Also, indenting your code properly would make it easier to read.
2. Your 'while(!str.equalsIgnoreCase("close"))' will always fail with a NullPointerException because 'str' is initially set to null.
3. Your 'while(true)' loop worries me. How does it exit? Relying on an exception is usually very bad practise.
4. You are not handling SecurityExceptions. While it's unlikely to happen on your machine; it could easily happen on another.
5. It might be worth indicating the actual exception thrown in your "Failed to accept client" message. accept() can throw three different types of IOException.
6. All the threads you create will be called "New THREAD", which doesn't provide much value.
HIH
Winston -
L2TP script to initiate a router reload when tunnel goes down - working
Hi,
Just thought I would post a working EEM script on doing a router reload when the L2TP tunnel goes down....
I am using a 3825 router to initiate a site-to-site tunnel with a 3rd party vpn service - StrongVPN. On the odd occasion when the tunnel goes down, the l2tp tunnel state goes to "no session left" and the virtual-ppp1 interface - which is tied to the l2tp vpn - goes down. Unfortunately, because I have no control on the far end router, the only way to bring it back up is thru a router reload....
Here you go:
event manager applet L2TP-DOWN
event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down"
action 1.0 syslog msg "The L2TP VPN is down"
action 1.1 cli command "enable"
action 1.2 cli command "reload in 10" pattern "confirm"
action 1.3 cli command ""
action 1.4 syslog msg "EEM scheduled reload in 10 minutes"
event manager applet L2TP-UP
event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up"
action 1.0 syslog msg "The L2TP VPN is up"
action 1.1 cli command "enable"
action 1.2 cli command "reload cancel"
JasonHi Arie,
So, here is the script I am using....
When the L2TP tunnel goes to "no sessions left", the virtual-ppp1 interface goes down. That's the typical message I get when it goes down. So, when I reboot the router, the script shows the message that the virtual-ppp1 interface is up when the L2TP tunnel comes up. I checked the debugs and that is the behaviour when the tunnel goes up / down...
Here you go:
event manager applet L2TP-DOWN
event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down"
action 1.0 syslog msg "The L2TP VPN is down"
action 1.1 cli command "enable"
action 1.2 cli command "reload in 10" pattern "confirm"
action 1.3 cli command ""
action 1.4 syslog msg "EEM scheduled reload in 10 minutes"
event manager applet L2TP-UP
event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up"
action 1.0 syslog msg "The L2TP VPN is up"
action 1.1 cli command "enable"
action 1.2 cli command "reload cancel"
Thanks. -
Baseline template - look for specific loopback interface when specifying "ip tftp source-interface"
Hello all
I'm new to regex and I'm trying to make a baseline template, that will check our network devices for our required basic configuration.
What I'm trying to do is to make a template that will look for either a loopback0 or loopback1 interface.
If eíther one is found (the loopback interfaces will not be there at the same time) it must apply the following command:
ip tftp source-interface loopback0 (or loopback1)
Is it even possible to make an if-then statement using regex?
Thank you in advance.
Best regards
Jesper Ross Petersen
Message was edited by: Jesper Ross PetersenYes, this can be done
#Go to the tcl shell of the device.
C1811#tclsh
C1811(tcl)#
#copy and paste this at the tcl prompt.
proc intf {} {
set runningcfg [exec show run | inc ^interface Loopback]
foreach line [split $runningcfg \n] {
if {[regexp {interface (Loopback[0-1])} $line -> interface] } {
ios_config "ip tftp source-interface $interface"
return "ip tftp source-interface $interface"
# now type the name of the proc (intf) at the tcl prompt.
C1811(tcl)#intf
# If loopback0 or 1 is present the tftp source interface is added to the running config.
ip tftp source-interface Loopback0
C1811(tcl)# -
VRF selector using PBR or Source IP address
Could anyone can tell which is the better choice of VRF selector using PBR or Source IP address? From Cisco doc, VRF selection based on Source take advance over PBR. My feeling is that PBR may match more criterias than just match source IP address.
ThanksI would personally use the "VRF selection based on source IP address" only where the "VRF selection using PBR" is not available since the latter is a superset of the former.
Hope this helps, -
Per-Tunnel QoS on a DMVPN Tunnel Not Working.
Hello, I am trying to get per-Tunnel QoS working on one of my Hub tunnels, and believe to have the configurations correctly, but when I do "show ip nhrp group-map" I get NONE. I am running a MPLS-VPN network and this router has multiple DMVPN Tunnels with different VRFs. I am not running QoS on the other tunnels.
router#show ip nhrp group-map
Interface: Tunnel1
NHRP group: testgroup
QoS policy: test-QoS
Tunnels using the QoS policy: None
here is my config
interface Tunnel1
ip vrf forwarding test
ip address 172.16.1.1 255.255.255.240
no ip redirects
ip mtu 1376
ip nhrp authentication test
ip nhrp map multicast dynamic
ip nhrp map group testgroup service-policy output TEST-QoS
ip nhrp network-id #####
ip tcp adjust-mss 1200
load-interval 30
tunnel source Loopback1
tunnel mode gre multipoint
tunnel key #####
tunnel vrf test_internet
tunnel protection ipsec profile IPSECPROFILE shared
Router Version
(C7200-ADVENTERPRISEK9-M), Version 15.0(1)M3
I understand that I could do qos pre-classify in the tunnel and then do a service policy on the physical interface, but the question I have is why does it say " Tunnels using the QoS policy: None " when I configured a qos policy on the tunnel interface? Is this a bug?
Thank you for your help!Ray,
There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
Also coexistance of other service-policy etc etc.
The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
M. -
Setting the source-interface in a tcl script for email.
So once again I am trying to figure this out and failing miserably. The only thin I can think of at the moment is that I need to tell it to source from a specific vrf interface. I've tried looking through possible enviornment variables. Hoping I could set it that way but have yet to find one. I have read varios settings for source-interface and attempted them. But fail every time with:
vpn_failure.tcl: smtp_send_email: error connecting to mail server:
EEM Version:
sho event manager version
Embedded Event Manager Version 4.00
Component Versions:
eem: (rel4)1.0.4
eem-gold: (rel1)1.0.2
eem-call-home: (rel2)1.0.0
Below is the stock format for sending the email from the script. If someone could guide me in the correct way to set this up to source the interface that would be awesome.
# create mail form
action_syslog msg "Creating mail header for vpn_failure.tcl script..."
set body [format "Mailservername: %s" "$_email_server"]
set body [format "%s\nFrom: %s" "$body" "$_email_from"]
set body [format "%s\nTo: %s" "$body" "$_email_to"]
set _email_cc ""
set body [format "%s\nCc: %s" "$body" ""]
set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]
set body [format "%s\n%s" "$body" "Report Summary:"]
set body [format "%s\n%s" "$body" " - syslog message"]
set body [format "%s\n%s" "$body" " - summary of interface(s) in an up/down state"]
set body [format "%s\n%s" "$body" " - show ip route $remote_peer"]
set body [format "%s\n%s" "$body" " - show crypto isakmp sa"]
set body [format "%s\n%s" "$body" " - show crypto session detail"]
set body [format "%s\n%s" "$body" " - show crypto engine connection active"]
set body [format "%s\n%s" "$body" " - show ip nhrp detail (DMVPN only)"]
set body [format "%s\n%s" "$body" " - show log"]
set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]
set body [format "%s\n%s" "$body" "$syslog_msg"]
set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]
set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_route"]
set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]
set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]
set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]
set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]
set body [format "%s\n\n%s" "$body" "---------- show log ----------"]
set body [format "%s\n\n%s" "$body" "$show_log"]
if [catch {smtp_send_email $body} result] {
action_syslog msg "smtp_send_email: $result"I got this far, saw the MAXRUN error, bumped that out and then turned on debugging. I am still not connecting to the mail server. So I don't think I am reaching the mail server yet. I don't think it is using the sourceinterface. In debugging everyting in the script works except for the mail portion.
Jul 29 16:01:00.334: %HA_EM-6-LOG: vpn_failure.tcl: Creating mail header for vpn_failure.tcl script...
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: while executing
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "action_syslog msg "smtp_send_email: $result""
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "$slave eval $Contents"
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: (procedure "eval_script" line 7)
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "eval_script slave $scriptname"
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: invoked from within
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: "if {$security_level == 1} { #untrusted script
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: interp create -safe slave
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: interp share {} stdin slave
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: interp share {} stdout slave
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: ..."
Jul 29 16:02:36.464: %HA_EM-6-LOG: vpn_failure.tcl: (file "tmpsys:/lib/tcl/base.tcl" line 50)
Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Tcl policy execute failed:
Jul 29 16:02:36.465: %HA_EM-6-LOG: vpn_failure.tcl: Process Forced Exit- MAXRUN timer expired.
Debugging On:
Jul 29 16:28:51.471: [fh_smtp_debug_cmd]
Jul 29 16:28:51.472: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 2
Jul 29 16:29:24.473: [fh_smtp_debug_cmd]
Jul 29 16:29:24.473: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 3
Jul 29 16:29:57.475: [fh_smtp_debug_cmd]
Jul 29 16:29:57.475: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 4
Jul 29 16:30:30.478: [fh_smtp_debug_cmd]
Jul 29 16:30:30.479: %HA_EM-6-LOG: vpn_failure.tcl : DEBUG(smtp_lib) : smtp_connect : attempt 5
Jul 29 16:31:00.482: %HA_EM-6-LOG: vpn_failure.tcl: smtp_send_email: error connecting to mail server:
cannot connect to all the candidate mail servers
Jul 29 16:31:00.483: %HA_EM-6-LOG: vpn_failure.tcl: vpn_failure.tcl script completed
event manager environment _email_server 10.79.1.126
event manager environment _email_from [email protected]
event manager environment _email_to [email protected]
interface Port-channel1.101
description MGMT-1
encapsulation dot1Q 101
vrf forwarding MGMT-1
ip address 10.79.1.252 255.255.255.0
ip nat inside
ip virtual-reassembly
redundancy rii 101
redundancy group 2 ip 10.79.1.254 exclusive decrement 10
end
#----------------------- send mail ----------------------
# create mail form
action_syslog msg "Creating mail header for vpn_failure.tcl script..."
set body [format "Mailservername: %s" "$_email_server"]
set body [format "%s\nFrom: %s" "$body" "$_email_from"]
set body [format "%s\nTo: %s" "$body" "$_email_to"]
set _email_cc ""
set body [format "%s\nCc: %s" "$body" "[email protected]"]
set body [format "%s\nSourceintf: %s" "$body" "port-channel1.101"]
set body [format "%s\nSubject: %s\n" "$body" "VPN Failure Detected: Router $routername Crypto tunnel is DOWN. Peer $remote_peer"]
set body [format "%s\n%s" "$body" "Report Summary:"]
set body [format "%s\n%s" "$body" " - syslog message"]
set body [format "%s\n%s" "$body" " - summary of interface(s) in an up/down state"]
set body [format "%s\n%s" "$body" " - show ip route $remote_peer"]
set body [format "%s\n%s" "$body" " - show crypto isakmp sa"]
set body [format "%s\n%s" "$body" " - show crypto session detail"]
set body [format "%s\n%s" "$body" " - show crypto engine connection active"]
set body [format "%s\n%s" "$body" " - show ip nhrp detail (DMVPN only)"]
set body [format "%s\n%s" "$body" " - show log"]
set body [format "%s\n\n%s" "$body" "---------- syslog message ----------"]
set body [format "%s\n%s" "$body" "$syslog_msg"]
set body [format "%s\n\n%s" "$body" "---------- summary of interface(s) in an up/down state ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_interface_brief_up_down"]
set body [format "%s\n\n%s" "$body" "---------- show ip route $remote_peer ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_route"]
set body [format "%s\n\n%s" "$body" "---------- show crypto isakmp sa ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_isakmp_sa"]
set body [format "%s\n\n%s" "$body" "---------- show crypto session detail ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_session_detail"]
set body [format "%s\n\n%s" "$body" "---------- show crypto engine connection active ----------"]
set body [format "%s\n\n%s" "$body" "$show_crypto_engine_connection_active"]
set body [format "%s\n\n%s" "$body" "---------- show ip nhrp detail (DMVPN only) ----------"]
set body [format "%s\n\n%s" "$body" "$show_ip_nhrp_detail"]
set body [format "%s\n\n%s" "$body" "---------- show log ----------"]
set body [format "%s\n\n%s" "$body" "$show_log"]
if [catch {smtp_send_email $body} result] {
action_syslog msg "smtp_send_email: $result"
action_syslog msg "vpn_failure.tcl script completed"
#------------------ end of send mail -------------------- -
Hi...
There is a way to configure an IPSEC VPN with a source-interface like in a router,? This is for a site to site VPN. I want to use a loopback interface.
When I configured one VPN, the only option is the IP from the interface where the traffic is going out.
Thanks.Whatever interface you enable ipsec on is the source interface.
crypto map MyMap interface [interface name]
ASA's don't support loopbacks so that is not possible. -
Hi All,
Is it necessary to mention snmp-server trap-source <interface name> while configuring SNMP in a router/switch?. what if we do not configure this command on a device having multiple interfaces?
Regards,
VBThe original post had a two part question, so I will provide a two part answer.
1) Is it necessary to specify the trap source interface? No it is not necessary to specify the trap source interface. Traps will be sent anyway but it becomes more difficult to predict what source address will be used.
2) What happens if we do not configure it. As Afroz explains the device will use what it considers to be the closest interface at that particular time to send the trap. The result is that as interface status may change or as routing table information changes some traps may be sent with Gig0/1 as the source while other traps are sent with Gig0/2 as the source. The reality is that all these traps are from the same device but it will be difficult to see that as you look at the received traps and see different sources.
So I would say that while it is not necessary it is certainly recommended, especially when the device has more than one interface that could potentially serve as the source.
HTH
Rick -
Tunnel Traffic going inside IPSEC tunnel
Hi Everyone,
Site A has IP Sec Tunnel to Site B via ASA.
Now Switch on Site A has GRE tunnel and destination of that tunnel is going inside the IPSEC tunnel.
In other words IPSEC tunnel between 2 sites is also carrying the GRE Tunnel Traffic.
Which command i can run on ASA to know if IPSEC is carrying GRE tunnel traffic or
What line in ASA config will tell me that this IPSEC is also carrying GRE tunnel traffic?
Thanks
MAheshHi Jouni,
I can not put config here.
But here is the info
sh crypto map shows ASA outside interface say GGG this interface has ipsec connection to other site.
also sh conn all | inc GRE shows bunch of output.
It shows ASA outside inetrface which is to WAN say GGG 8 times and it has say subnet range
GRE GGG 10.22.31.4 XY 10.x.x.x.x
GRE GGG 10.22.31.4 XY 10.x.x.x
GRE GGG 10.22.31.3
GRE GGG 10.22.31.3
GRE GGG 10.22.31.3
GRE GGG 10.22.31.4
GRE GGG 10.22.31.4
GRE GGG 10.22.31.4
Where XY is interface of ASA which is next hop to tunnel destination.
IP 10.x.x.x is the tunnel source IP which is loopback on the switch.
Do you know why it has 2 entries for same ASA interface XY ?
Also it has other entries for other ASA interface.
So does number of entries tell us number of GRE connections running ?
Thanks
MAhesh
Message was edited by: mahesh parmar -
2800 w/ site-site tunnel using NAT and user tunnels
I am using a 2800 to terminate a site-site IPSec tunnel using a crypto map. It is also used to terminate several user tunnels.
Because of overlapping private address space there is a source NAT rule in place that overloads addresses prior to routing them across the site-site tunnel.
The problem is that the user tunnels are not able to communicate with any host located on the far end of the site-site tunnel. The site-site tunnel (and it's NAT) works just fine for users coming from any other interface on the 2800.
Does anyone have any ideas? I've gone ahead and attached the existing configuration for those that are brave or incredibly smart :) It is a fairly trashed config though, and I'm still trying to clean it up from where it was.
Thank you VERY much ahead of time,
SteveDuplicate posts. :P
Go here: http://supportforums.cisco.com/discussion/12152361/2nd-site-site-ipsec-tunnel-nat-traversal-setting-fail-establish-however-1st -
How to change Nexus 1000v (N1KV) flow exporter's source interface?
Dear ALL,
I am trying to setup NetFlow from a N1000v towards a NAM, and I need to change the 'flow exporter's source interface from 'mgmt 0' to something else.
I've encountered the following problems:
1. Even tho the Cisco document here describes that the source interface can be changed, logging into the CLI of N1000v does not give alternative options:
N1k# conf t
N1k(config)# flow exporter TEST1
N1k(config-flow-explorter)# source ?
mgmt Management interface
N1k(config-flow-explorter)# source mgmt ?
<0-0> Management interface number
N1k(config-flow-explorter)# source mgmt 0 ?
<CR>
N1k(config-flow-explorter)#
2. In order to be able to use other source interface for NetFlow than 'mgmt 0' I would need a L3 interface. I am kind of missing the concept of a 'interface vlan' used in IOS from NX-OS. I tried to look around and find documentation, explanations, however could not find anything useful yet.
NX-OS running on N1k is 4.0(4)SV1(3b)
Could you please advise on this topic?
Thanks,
AndrasHi Padma,
and
Happy New Year. Best Whishes
I found some missconfiguration in my port profile, and when associate correct NIC with coreect port profiles everything work nice
Thank you. -
Certain characters not appearing in the "full name" when sending e-mail
I have certain characters in my full name of one of my e-mail aliases in iCloud. However, those characters are simply absent from the name shown as sender name when sending mail from Mail app in OS X. For me the problematic characters are C5 A1 and C4 8D (UTF-8 codes).
Yes, š and č are those. Sorry, I wasn't sure if they will work here. I have my full name containing the š and č in the "Full Name" field of the e-mail alias settings on web interface to the iCloud Mail. But in Mail on OS X my name in the "From" field appears without those two characters (other characters are OK) when I select this alias. Also, those two characters are invisible at the recipient's side. And yes, if I sent a copy of such a mail to myself the š and č are missing again in the "From" field.
However, I have the same full name with š and č for my main e-mail address (iCloud account name). Using this main e-mail address š and č appear everywhere!
Message was edited by: mikkec -
How to use for each loop in XSLT when my source is a multilayout file and db
How do I use a for each loop in XSLT when my source is multilayout file and db .
My multilayout file is basically contain 2 kind of data one for employee and another for dependent.
Now my requirement is I want to read each line of data whether it is it is employee or dependent do a join with db and write it in my target file.
eg : File content
1 RichaKumari 311289 TCS INDIA
2 KiarnKumar 456782 BRO RichaKumari 311289 INDIA
2 Ravi 456882 BRO RichaKumari 311289 INDIA
eg : db Content
311289 RichaKumari TCS INDIA Bangalore [email protected]
Now in Final File I need something like this :
1 RichaKumari 311289 TCS INDIA
2 KiarnKumar RichaKumari 311289 TCS INDIA
2 Ravi RichaKumari 311289 TCS INDIA
here 1 and 2 are the identifier which will decide which layout to follow .Hi,
I think you'll need two nested for-each's... Something like...
<xsl:for-each select="$root/row[layout = 1]">
<xsl:variable name="employee" select="."/>
... write employee ...
<xsl:for-each select="$root/row[layout = 2 and dependentid = $employee/id]">
... write dependent ...
</xsl:for-each>
</xsl:for-each>
Cheers,
Vlad
Maybe you are looking for
-
The problem about changing the SID
Hello, Due to some reasones ,we shoud chang the R3 sid from PR3(instance number is 00) to QR3 on one IBM iseries host .As we read some relatives doc about system copy ,we decide use method of exoprt/import to do this.But there are paramter that reall
-
Dear NI Please help me urgently I am in a solar car project and want to transmit the information I have collected using the compactRIO but am unsure of how to proceed. The options are ethernet switch, access point, wireless router...???which one? Mor
-
Getting struggle on BAPI_IPAK_START, Plz help SCM issue
HI Folks, I have a requirement: Uploading .exl file contains Quaterly buckets (Example Quater 2007001) to info cube then same copy from info cube to live cache. after processing i am able to see the data in correct data in info cube in weekly (13 wee
-
Need to save some e mails but my high water mark is on how do i have e mails
want to save e mails.have folder but my high water mark comes up.what to do
-
CS3 Program Has Encountered An Error
Hey, up until recently my Photoshop has performed perfectly well. Yesterday when I was trying to save an image as a PNG, I pressed save then clicked OK on the small PNG Options / Interlace box and then the program completely crashed, encountered an e