Vrf config for virtual interface
Dears ,
Im trying to create MPLS VPN for my ADSL subscribers .
I'm sending the vrf config. from the radius and On the radius debugs I can see that see that configuration is sending correctly to the router , but on the router Virtual access interface not configured for vrf forwarding .
The tf:rd is configured on the router
07A8 NAS-Port-Type = Virtual
07A8 Service-Type = Framed-User
07A8 NAS-IP-Address = 172.16.120.1
07A8 Sending Code=2, Id=23 to 172.16.120.1
07A8 Profile = "ADSLPPPoE"
07A8 Cisco-AVpair = "lcp:Interface-config= ip vrf forwarding mpls-test2"
07A8 Service-Type = Framed-User
07A8 Framed-Protocol = PPP
Try associating a VRF loopback with the DSL VPN user:
interface loopback1
ip vrf forwarding mpls-test2
ip address 172.16.1.1 255.255.255.255
Then make sure in the AVPair it looks like this
Cisco-AVPair "lcp:interface-config=ip vrf forwarding mpls-test2\nip unnumbered loopback 1"
the \n is a carriage return
Similar Messages
-
Switch config for Inline Interface Pair
Hello all
Am having a doubt here, so need your help.
I want to configure an IPS in inline interface mode. What I have is
internet rtr---->Switch----->outside intrface of ASA
Here, I want to monitor/inspect the traffic coming from the internet.
I am planning to connect the inline interfaces to the same switch.
What am not sure is what will be the switchport configuration for the inline interface pair?
Also, How the switch will forward traffic to the IPS and then IPS to the ASA?
Thanks in advance
..AbhiWhat are you using for an IPS, an appliance? an IOS IPS in the Internet router or the ASA?
If you want to feed the output of your IPS into the same switch as the input, you'll need to create two separate VLANS, one for the switch interfaces that are outside your IPS and the other for the interfaces that are inside your IPS.
interface Gi0/1
switchport access vlan 10
switchport mode access
switchport nonegotiate
interface Gi0/5
switchport access vlan 20
switchport mode access
switchport nonegotiate
interface vlan 10
interface vlan 20
- Bob -
LUN config for virtualized Exchange server
Hi All,
What would be the preferred LUN congfiguration for a virtualized Exchange server. It will be a 2 server multi-role configuration on a 3 node hyper-v cluster. 1 LUN per database. Exchange servers will not be configured to be highly available. Failover on
application level.
1. Present the LUN as an iscsi target to the hyper-v host and create a VHD on it for the Exchange server.
Benefit: VHDX is flexible
Drawback: No snapshotting of database via backup app etc.
2. Present the LUN as a pass-through disk to the Exchange server via the Hyper-v host
Benefit: no hyper-v overhead?
Drawback: not flexible
3. Add a vnic to the Exchange server and configure the iscsi initiator on the exchange server.
Benefit: no hyper-v overhead
Drawback: Little more complex configuration
Which one is best? I would prefer option 2, but I might miss something?
Je suis er even nieHonestly, it's tough to say which one is the best option, b\c it really depends on you and your environment. I typically do deployments on Vmware and not Hyper-v as alot of the clients I work with already have VMWare entrentched in their environment,
but it's really the same concept. Typically we use option 1, where we let Vmware handle the iSCSI connections to the SAN and we present the storage to the VM as vmdk file. Option 1 eliminates the complexity and is usually the easiest to configure
for people and allows for easy administration.
Since you mentioned backup snapshots, I would stay away from option 2. Depending on the method and application you are using for backup passthrough disks can cause issue. If you were initiating the hardware snapshot from inside the VM I believe
that would fail with a passthrough disk as well since the guest is not communicating directly to the SAN.
Option 3 would allow you to take hardware snapshots of the drives that the database reside on and you would do all the management of the device from the SAN level. This would be the most complicated to set up since you have to zone it out and make
sure the guest can communicate with the SAN.
If it was me, I would probably deploy option 1 since that usually seems to be the easiest to manage and configure and in my experience, the less complex you make something, the easier it is to manage.
-
WLC Virtual Interface config for a public SSL cert for Web Authentication
I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
In the document "Generate CSR for Third−Party Certificates and
Download Chained Certificates to the WLC"
Document ID: 109597 it states the following
"Note: It is important that you provide the correct Common Name. Ensure that the host name that is
used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
you make the change to the VIP interface, you must reboot the system in order for this change to take
effect.
Here are my questions.
1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
2. In the "DNS Host Name" Field do I simply put the domain or the FQDN? Example. Company.com or hostname.company.comHi,
1) You can change that if you want. Normally it is non-Public and non-routable in your network.
2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
Regards
Dhiresh
** Please rate helpful posts** -
What's the purpose when we config ipv6 address for an interface with 128bit mask
What's the purpose when we config ipv6 address for an interface with 128bit mask?
ThanksIf you configure a loopback-interface you can use a /128 there.
"Normal" interfaces should always use /64 (RFC 4291) while on router-to-router-links you can use a /127 (RFC 6164).
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
How to change Virtual interfaces in SE80 for a web service under ECC6.0?
hi
I find a article, "Changing The Function Interface of Web Service Enabled Functions"
http://www.dataxstream.com/2009/11/changing-the-function-interface-of-web-service-enabled-functions/,
But, i cannot find the "Virtual interfaces" menu item under SE80, because its example is ECC5.0, my SAP is ECC6.0.
So, anybody can tell me how to change it under ECC6.0?
Thanks a lot.
Edited by: CSDN2008 on Mar 18, 2010 12:23 PMHi,
Please share your solution here as I am having the same issue.
Thank you
Muthaheera -
Hi,
In all Cisco documentation 1.1.1.1 is always specified as Virtual Interface IP address.
Here is my concern. When wireless client gets an IP address (through DHCP), 1.1.1.1 is entered as DHCP server which means that at 50% lease time client will attempt DHCP Request to 1.1.1.1
1.1.1.1 is not routable on the wired network, but controller makes sure that it is accessible on the wireless network.
The problem is if you have both wired and wireless connected, default gateway through wired connection wil have less cost, so client will attempt to send traffic to 1.1.1.1 using wired interface and will obviously fail.
At 83.5% of lease time client will attempt full DHCP process starting from Discovery and I guess this is when the IP on wireless NIC will be renewed, cause those Discovery messages are to 0.0.0.0....
Is my understanding correct?
Thanks!
DavidHi,
With both wired and wireless active at the same time (when laptop is docked for example)DHCP Request to 1.1.1.1 will fail cause it will be sent using wired interface and not wireless (default route metric in the host's routing table). This will cause this DHCP Request to fail at 50% lease time.
Next step is DHCP Discover at 83.5% of lease time. Destination IP will be 255.255.255.255 and it will be generated specifically on wireless interface, since this in the interface that needs to renew the IP.
This is exactly my question. Will this Discover to 255.255.255.255 go through wireless interface, cause this is the interface that needs IP addresses renewed. If so, I assume it will succeed and client's IP address will be renewed.
A bit worse than renewing at 50% lease time as a normal DHCP process, but better than loosing the IP at all when 100% lease time hits. 83.5% is somewhere in between...
Comments?
Can you also advise how do you disable DHCP Relay function on the controller? Do you need to remove DHCP IP addresses in WLAN configs?
Another question is about needing WLAN for Management interface. Is it needed for any reason? WLANs are always documented to be bound to Dynamic Interfaces and not Management, however Management interface does appear in the drop down menu under WLAN configuration. Thoughts?
Thanks!
David -
CSS- traffic orignating from real server + Virtual interface
Hi all,
I am designing a solution at the moment, in which I shall have 2 servers behind a pair of CSS & their default gateway will be the Virtual Interface ip address of CSS.
Is there any problem forseen in traffic getting initiated from the server to any other subnet in the network and the return traffic to the server.
Servers shall connect to a pair of 3750 being used as L2 in stack .
The Stacked 3750's shall be placed below the CSS pair & the CSS pair shall further connects to a single 6509 upstream....
Each 3750-L2 connects single port to each CSS
(3750-L2-1 to CSS1 &
3750-L2-2 to CSS 2)
Both CSS connect to the SINGLE 6509 on diff blades. for better redundency.
The CSS shall not be connected to each other directly.
Both 3750-L2 connect to each other as well
IIS-1---L2_Sw1---CSS1---6509---Othr_Subent
IIS-1---L2_Sw2---CSS2---6509---Othr_Subent
Note: I shall have VIP/Virtual Interface config on my CSS's.
Appreciate validation and recomendations on this design.
Many Thanks,
gaganHi Gilles,
Many thanks for the confirmation.
Request verification on the below as well~
1. With the above scenario; I do not require any group (NAT) configuration, either for my servers initiating traffic for going out or for clients hitting the VIP to reach servers. The client & server shall be in diff VLAN?s of course.
2. With VIP & Virtual Interface configuration & couple of server VLAN's below on server side, I should be able to use both the gigabit interfaces on the 11503 to connect up and down stream as TRUNK. I mean to ask Virtual intf. & VIP has no problems working on the same TRUNK interface?
3. I understand that Fate sharing and critical service helps full failover (client & server side).
As an upstream router or L3 switch fails or the upstream connecting gigabit interface on CSS fails, the failover happens.
Will the same be applicable to downstream L2 switch & CSS interface failure? If any of these on the downstream fails will the CSS failover to the standby unit.
I think this above should work, just need confirmation coz I have not done this before.
Thanks a lot again,
Gagan -
Virtual interface (BINDTODEVICE)
I want to bind a socket to one defined virtual interface ( like hme0:10).
In Linux you can use a special socket-option:
int skfd;
struct ifreq interface;
skfd = socket(AF_INET, SOCK_DGRAM, 0);
strncpy(interface.ifr_ifrn.ifrn_name, "eth1", IFNAMSIZ);
if (setsockopt(skfd, SOL_SOCKET, SO_BINDTODEVICE,(char *)&interface, sizeof(interface)) < 0) {
perror("sendpacket: setting SO_BINDTODEVICE");
exit(1);
Is there any equivalent solution for Solaris?Thanks for your reply.
Well, the use of virtual interaces is part of the customers specification (so he will able to specify different interfaces in the config-file without caring about the physical interfaces underneath).
The SO_BINDTODEVICE is part of the only example I�ve found. I didn�t test it yet.
But if there is no such option in Solaris, I must get the relationship between virtual interface/physical intface 'by hand'.
Any idea how that works?
Thank you
Siegmar -
How to add vlan virtual interface on a Catalyst Using SNMP
Hi,
I need some assistance in locating the mib/variables to allow me to add and remove vlan
virtual interface on Catalyst 3759G. If I understand correctly CISCO-VTP-MIB can not carry
out this requirement.
Is there another way of accomplishing this using SNMP ?
Thanks,
ZhouYou cannot add a new interface directly using SNMP. However, you can use the CISCO-CONFIG-COPY-MIB to copy a config snippet into the running configuration which can create a new VLAN interface. See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml for more details.
-
Max-reserved-bandwidth 100% for the interface
According to CCO as following text, the remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic. I want to know why cisco choose 25 percent. why not 30% or 20%?
If I config the max-reserved-bandwidth 100% for the interface, does it will effect the routing protocol? also effect the network conectivity?
thanks for your answer
=======
Usage Guidelines for max-reserved-bandwidth
The sum of all bandwidth allocation on an interface should not exceed 75 percent of the available bandwidth on an interface. The remaining 25 percent of bandwidth is used for overhead, including Layer 2 overhead, control traffic, and best-effort traffic.
If you need to allocate more than 75 percent for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP RTP Priority, and Frame Relay PIPQ, you can use the max-reserved-bandwidth command. The percent argument specifies the maximum percentage of the total interface bandwidth that can be used.
If you do use the max-reserved-bandwidth command, make sure that not too much bandwidth is taken away from best-effort and control traffic.
The max-reserved-bandwidth command is intended for use on main interfaces only; it has no effect on virtual circuits (VCs) or ATM permanent virtual circuits (PVCs).Kevin,
this is the wrong group for this question.
Gilles. -
Virtual Interface generation bug in NetWeaver ?
I use the Web Service generation wizard to generate a virtual interface which exposes methods in an EJB. As one of the parameters I pass a simple java bean, lets say:
public class StatusCode
private String name;
private boolean buggy;
public String getName() {...}
public void setName(String newName){...}
public boolean isBuggy() {...}
public void setBuggy(boolean trueOrFalse){...}
When I look at the virtual interface generated, especially at the Types tab, my boolean attribute is not included.
If I change the getter to "getBuggy()", the attribute is included in the VI. The only problem is that the typical Java Bean framework, say from sun or ibm, always map 'boolean' getters to 'isSomething()' and not 'getSomething()'.
Is this a bug with NW? Is there a fix or workaround for this ?
My version of NW:
Version: 2.0.7
Build id: 200407270250
Thanks in advance,
Mark
I posted this question also in the NW development forum, but so far no replies.I try to login by use:
username : Administrator
password : <master password> (at least 1 number)
I try to login many times but it always fails.
(I am very sure about my password since i also try to reinstall many times - 10th. both J2EE 1.4 and Java EE 5)
Ivaylo Ivanov, do you sure that you test with this new edition. (Not the previous edition)
I see the other persons get the result like me:
Telnet Administration
SAP J2EE Engine v7.100
User name: Administrator
Password:
The user account is either expired, or not valid yet.
Login failed. Reason: The user account is either expired, or not valid yet.
Connection to host lost.
if my login is not correct, it will tell the other messags.
Telnet Administration
SAP J2EE Engine v7.100
User name: f
Password:
Cannot authenticate the user.
Login failed. Reason: Cannot authenticate the user. -
Virtual Interface generation bug with NetWeaver ?
I use the Web Service generation wizard to generate a virtual interface which exposes methods in an EJB. As one of the parameters I pass a simple java bean, lets say:
public class StatusCode
private String name;
private boolean buggy;
public String getName() {...}
public void setName(String newName){...}
public boolean isBuggy() {...}
public void setBuggy(boolean trueOrFalse){...}
When I look at the virtual interface generated, especially at the Types tab, my boolean attribute is not included.
If I change the getter to "getBuggy()", the attribute is included in the VI. The only problem is that the typical Java Bean framework, say from sun or ibm, always map 'boolean' getters to 'isSomething()' and not 'getSomething()'.
Is this a bug with NW? Is there a fix or workaround for this ?
My version of NW:
Version: 2.0.7
Build id: 200407270250
Thanks in advance,
Mark
(If this is not the right forum, could someone suggest where I can post this question?)Hi. As of Netweaver 2004s, the virtual interface piece has be absorbed into the creation of the web service definition, so there is no need to create it as well. When you are getting the 403, how are you trying to run this, using the Web Service Homepage? If so, you will need to configure what j2e engine that you want to use to use. You can do this in WSADMIN under the Administration settings. Check that this is set. YOu must know the URL of your j2e engine.
Regards,
Rich Heilman -
Transaction code to create virtual interface.
I want to create a web service from a RFC. For that first, virtual interface needs to be created which will be linked to the RFC. Can u please tell me what is the transaction code to create a virtual interface.
Thankx for ur reply.
Now I have created the Web service. To do this I have done the followings-
1. created one RFC enabled Function Module.
2. Created one virtual interface
3. Created Web service defination.
4. Released Web service from the wsconfig transaction.
Then from The transaction wsadmin I have opened the browser by clicking Web Service > Web Service Homepage (from menu)
After logging in it , shows the web service and RFC with in it. Now after clicking the Test link from the browser it asks for the parameter of the RFC. But After populating the parameters and clicking send button. it gives NullpointerException.
exact err message is --
An error has occurred. Maybe the request is not accepted by the server:
java.lang.NullPointerException -
WLAN Controller learning IP/MAC on wrong virtual interface
Hello
I believe since I upgraded my WiSM to 7.0.250.0 is it learning a MAC address on the wrong virtual interface.
The setup:
- a Linux server with 2 virtual interfaces, both use the same MAC address, one is the gateway of VLAN 116 and one is the gateway of VLAN 240
- a WiSM with several virtual interfaces, including one in 116 and one in 240
Here the arp table with the problem:
MAC Address IP Address Port VLAN Type
00:50:56:BD:32:92 172.16.240.9 29 240 Host
00:1E:4A:FA:87:8B 172.16.102.12 29 0 Permanent
00:1E:4A:FA:50:0B 172.16.102.13 29 0 Permanent
00:1E:4A:FA:81:2B 172.16.102.14 29 0 Permanent
00:50:56:BD:32:92 172.16.116.9 29 240 Host
00:1D:E0:31:55:23 172.16.116.185 29 116 Client
58:94:6B:68:50:E8 172.16.118.201 29 116 Client
1C:B0:94:B7:38:08 172.16.118.234 29 116 Client
And here after I made a PING from the controller to the listed ip address:
MAC Address IP Address Port VLAN Type
00:50:56:BD:32:92 172.16.240.9 29 240 Host
00:1E:4A:FA:87:8B 172.16.102.12 29 0 Permanent
00:1E:4A:FA:50:0B 172.16.102.13 29 0 Permanent
00:1E:4A:FA:81:2B 172.16.102.14 29 0 Permanent
00:50:56:BD:32:92 172.16.116.9 29 116 Host
00:1D:E0:31:55:23 172.16.116.185 29 116 Client
38:E7:D8:D3:7C:FA 172.16.118.92 29 116 Client
58:94:6B:68:50:E8 172.16.118.201 29 116 Client
1C:B0:94:B7:38:08 172.16.118.234 29 116 Client
18:AF:61:12:E9:FB 192.168.1.59 29 117 Client
Has anybody else the same problem?
The host 172.16.116.9 is also the configured DHCP server on VLAN 116.
Is there a way to statically configure this IP address on that VLAN? Because it causes every few days a service outage on that VLAN (which is bound to an SSID).Yup, I'd say still valid. Seeing as it is the gateway, if it had different mac addresses per interface, it might still work.
No, clients in the same subnet can communicate, but it is not recommended to 'bridge' wired and wireless with a WLC. The WLC doesn't like to bridge the communication by default, though there are work arounds.
I might also say that as it uses the same MAC address for both virtual interfaces L2 is going to be messed up as each time there were an ARP the entry would change.
Take a look and see if you can manually change the mac for one of the interfaces and test again.
HTH,
Steve
Maybe you are looking for
-
How do you prevent pages on iPad from skipping lines in a letter format?
I have copied my own data into a letter template. Whenever I try to add the recipients address, pages will skip a line between the street address and the city and state. This creates an out of place space like so: 12345 fake street Baltimore MD When
-
How to set the value of a variable in a cluster in LabVIEW from C#?
Hi guys, I'm working on a small c# program, which using the interface provided by LabVIEW. And I know that, using lv.SetControlValue(name, value) can set a variable just on the front panel. But in my case, there're several clusters on the front pane
-
I have an iphone 4 that keeps deleting my notes. How can I stop this from happening?
I have an iphone 4 that keeps deleting my notes. How can I stop this from happening? I've had my phone over 2 years and only in the past 2 months has it started deleting notes. Now they are all deleted, but thankfully still in my email, but only on a
-
Why can't you provide specific instructions here in HT203909 (Boot Camp: Creating an ISO image from a Windows installation DVD) about how to make the USB drive bootable? The article referenced for partitioning the drive is not dedicated to Bootcamp-
-
Table in PAGES on iPad only half visible, disappears at end of page...
Hi all, As you can probably tell I'm quite a novice at this... I really have tried looking my answer up but then hit a whole of mac jargon that I just can't get my head around! I'm using Pages on my iPad in ios7. I have written a paragraph of text an