Why CDP is a layer2 protocol?
Why CDP is a layer2 protocol?
Where as it is also giving information about the layer3 IP address of the connected device .
Regards,
Chandu
Chandu,
CDP is LAYER 2
When the router/switch sends out CDP PDUs the source address is the system MAC and the destination is a MULTICAST MAC (LAYER2) address. There are no LAYER3 headers for the likes of IP, IPX, Apples, DEC etc etc
To see this for yourself
Connect your laptop/PC to the switch via an ethernet port.
Run up WIRESHARK for say 3 minutes then filter or look for protocol CDP
You should see a packet or 2
Regards,
Alex.
Please rate useful posts.
Similar Messages
-
Why i get 1356 unknown protocol drops on my 2951 router ?
2951 router is giving a lot of drops when pinging and when i check the output of "sh inter"command i only find 1356 unknown protocol drops.
2951 router is giving a lot of drops when pinging and when i check the output of "sh inter"command i only find 1356 unknown protocol drops.
-
Why does an "�" in http protocoll is displayed as "?" on my IE ?
I sent a request to a server. On the server I'm sure there is a text with some "�" spread anywhere of my html document requested.
On my IE I displayed "?" instead of "�".
Why ?
please helpThere are two things you need to do in IE.
Look under View->Encoding and pick the correct encoding for
the characters being sent to your browser.
Also, look under Tools->Internet Options->Languages and
select the language that you want your browser to accept.
Good luck. -
B-channel oos and protocol error 510
Dear all,
I have some some issue couple of days ago. The telephony system of my client worked well and suddenly the cannot make external calls via E1. I checked the config and for me it seems to be ok. When I checked the SDL file, I can see the B channel out of service error message following by the
"MGCP PROTOCOL ERROR: <S1/SU1/DS1-0/[email protected]> CRCX error code: 510". They have A CUCM 6.0 and Cisco 2821 as gateway with 12.4 (25f) advance IP service IOS.
I perform the following actions without success:
-From the CUCM in the advance service I forced the Bchannel to bring it in service,
- no mgcp/mgcp, -reboot the CUCM and the Gateway,
-reset the controller throug CUCM,... in vain.
They contacted telco and has confirm that everything seems to be ok. Find below the information that can help you to undestand better
#sh run brief
Building configuration...
Current configuration : 4859 bytes
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname ATD-CCM-GW
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
aaa new-model
aaa authentication login default local
aaa authentication login local_authen local
aaa authorization exec default local
aaa authorization exec local_author local
aaa session-id common
clock timezone A 1
network-clock-participate slot 1
network-clock-select 1 E1 1/1/0
ip cef
ip domain name xx.xxxx.xxx
ip host ATD-CCM1 10.10.10.100
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
isdn switch-type primary-net5
isdn logging
voice-card 0
dspfarm
dsp services dspfarm
voice-card 1
no dspfarm
no voice call carrier capacity active
voice rtp send-recv
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729br8 bytes 40
voice class h323 1
h225 timeout tcp establish 3
crypto pki trustpoint TP-self-signed-635937996
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-635937996
revocation-check none
rsakeypair TP-self-signed-635937996
crypto pki certificate chain TP-self-signed-635937996
certificate self-signed 01
application
service alternate Default
controller E1 1/1/0
framing NO-CRC4
pri-group timeslots 1-31 service mgcp
interface GigabitEthernet0/0
description to_CCM
ip address 10.10.10.254 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface Serial1/1/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn overlap-receiving
isdn incoming-voice voice
isdn bind-l3 ccm-manager
isdn bchan-number-order ascending
isdn sending-complete
no cdp enable
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10..253
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
control-plane
voice-port 1/0/0
timing hookflash-out 50
voice-port 1/0/1
signal groundStart
timing hookflash-out 50
voice-port 1/0/2
signal groundStart
timing hookflash-out 50
voice-port 1/0/3
signal groundStart
timing hookflash-out 50
voice-port 1/1/0:15
ccm-manager fallback-mgcp
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server ATD-CCM1
ccm-manager config
mgcp
mgcp call-agent 10.10.10.100 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp modem passthrough voip redundancy
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
mgcp default-package fxr-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
no mgcp explicit hookstate
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface GigabitEthernet0/0
mgcp bind media source-interface GigabitEthernet0/0
mgcp profile default
dial-peer voice 999101 pots
service mgcpapp
port 1/0/1
forward-digits all
dial-peer voice 999102 pots
service mgcpapp
port 1/0/2
forward-digits all
dial-peer voice 999103 pots
service mgcpapp
port 1/0/3
forward-digits all
dial-peer voice 1 pots
service mgcpapp
incoming called-number .
direct-inward-dial
port 1/1/0:15
forward-digits all
dial-peer voice 999100 pots
service mgcpapp
port 1/0/0
gateway
timer receive-rtp 1200
scheduler allocate 20000 1000
ntp clock-period 17180351
ntp update-calendar
ntp server 10.10.10.9 source GigabitEthernet0/0
end
#sh controller e1
E1 1/1/0 is up.
Applique type is Channelized E1 - balanced
No alarms detected.
alarm-trigger is not set
Version info Firmware: 20090113, FPGA: 20, spm_count = 0
Framing is NO-CRC4, Line Code is HDB3, Clock Source is Line.
Current port master clock:recovered from backplane
Data in current interval (225 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 3 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
#sh ccm-manager
MGCP Domain Name: ATD-CCM-GW.xx.xxxx.xxx
Priority Status Host
============================================================
Primary Registered 10.10.10.100
First Backup None
Second Backup None
Current active Call Manager: 10.10.10.100
Backhaul/Redundant link port: 2428
Failover Interval: 30 seconds
Keepalive Interval: 15 seconds
Last keepalive sent: 15:31:24 UTC Oct 19 2012 (elapsed time: 00:00:09)
Last MGCP traffic time: 15:31:24 UTC Oct 19 2012 (elapsed time: 00:00:09)
Last failover time: None
Last switchback time: None
Switchback mode: Graceful
MGCP Fallback mode: Enabled/OFF
Last MGCP Fallback start time: None
Last MGCP Fallback end time: None
MGCP Download Tones: Disabled
TFTP retry count to shut Ports: 2
Backhaul Link info:
Link Protocol: TCP
Remote Port Number: 2428
Remote IP Address: 10.10.10.100
Current Link State: OPEN
Statistics:
Packets recvd: 11
Recv failures: 0
Packets xmitted: 18
Xmit failures: 0
PRI Ports being backhauled:
Slot 1, VIC 1, port 0
Configuration Auto-Download Information
=======================================
Current version-id: 1350042385-8bfc9ed0-f85e-4435-8baf-3ad1ceefb55c
Last config-downloaded:00:00:00
Current state: Waiting for commands
Configuration Download statistics:
Download Attempted : 1
Download Successful : 1
Download Failed : 0
TFTP Download Failed : 0
Configuration Attempted : 1
Configuration Successful : 1
Configuration Failed(Parsing): 0
Configuration Failed(config) : 0
Last config download command: New Registration
Configuration Error History:
controller E1 1/1/0
no pri-group timeslots 1-31
FAX mode: disable
#debug isdn q931
#debug mgcp packet
009112: Oct 20 12:48:50.374: MGCP Packet received from 10.10.10.100:2427--->
CRCX 2359 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9aa000000F500000001
X: 1f
L: p:20, a:PCMU, s:off, t:00
M: recvonly
R: D/[0-9ABCD*#]
Q: process,loop
<---
009113: Oct 20 12:48:50.382: MGCP Packet sent to 10.10.10.100:2427--->
200 2359 OK
I: 8
v=0
c=IN IP4 10.10.10.254
m=audio 18274 RTP/AVP 0 100
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
<---
009114: Oct 20 12:48:50.386: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
priv_len = 4 int_id = 0x4636A628 datasize = 64
009115: Oct 20 12:48:50.386: ISDN Se1/1/0:15 Q931d: data =
009116: Oct 20 12:48:50.386: 4636A628000000030240043800010000
009117: Oct 20 12:48:50.386: 0802000105A104038090A31803A9839F
009118: Oct 20 12:48:50.386: 280B526F6C616E64202D2049546C0601
009119: Oct 20 12:48:50.386: 81313232307009803636393332313933
009120: Oct 20 12:48:50.386:
009121: Oct 20 12:48:50.434: MGCP Packet received from 10.10.10.100:2427--->
MDCX 2360 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9aa000000F500000001
I: 8
X: 1f
L: p:20, a:PCMU, s:off, t:b8, fxr/fx:t38
M: recvonly
R: D/[0-9ABCD*#]
Q: process,loop
<---
009122: Oct 20 12:48:50.438: MGCP Packet sent to 10.10.10.100:2427--->
510 2360 fx: setting cannot be supported
<---
009123: Oct 20 12:48:50.438: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
priv_len = 4 int_id = 0x4636A628 datasize = 25
009124: Oct 20 12:48:50.438: ISDN Se1/1/0:15 Q931d: data =
009125: Oct 20 12:48:50.438: 4636A628000000030240043800010000
009126: Oct 20 12:48:50.438: 0802000145080280AF
009127: Oct 20 12:48:50.462: MGCP Packet received from 10.10.10.100:2427--->
DLCX 2361 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9aa000000F500000001
I: 8
X: 1f
S:
<---
ATD-CCM-GW#
009128: Oct 20 12:48:50.478: MGCP Packet sent to 10.10.10.100:2427--->
250 2361 OK
P: PS=0, OS=0, PR=0, OR=0, PL=0, JI=0, LA=0
<---
009129: Oct 20 12:48:50.478: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
priv_len = 4 int_id = 0x4636A628 datasize = 21
009130: Oct 20 12:48:50.478: ISDN Se1/1/0:15 Q931d: data =
009131: Oct 20 12:48:50.478: 4636A628000000030240043800010000
009132: Oct 20 12:48:50.478: 080200015A
ATD-CCM-GW#
009133: Oct 20 12:49:03.002: MGCP Packet received from 10.10.10.100:2427--->
CRCX 2362 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9ac000000F500000002
X: 1e
L: p:20, a:PCMU, s:off, t:b8, fxr/fx:t38
M: recvonly
R: D/[0-9ABCD*#]
Q: process,loop
<---
#sh mgcp statistics
UDP pkts rx 270, tx 270
Unrecognized rx pkts 0, MGCP message parsing errors 0
Duplicate MGCP ack tx 0, Invalid versions count 0
CreateConn rx 10, successful 1, failed 9
DeleteConn rx 1, successful 1, failed 0
ModifyConn rx 1, successful 0, failed 1
DeleteConn tx 0, successful 0, failed 0
NotifyRequest rx 0, successful 0, failed 0
AuditConnection rx 0, successful 0, failed 0
AuditEndpoint rx 61, successful 61, failed 0
RestartInProgress tx 4, successful 4, failed 0
Notify tx 193, successful 193, failed 0
ACK tx 63, NACK tx 10
ACK rx 197, NACK rx 0
IP address based Call Agents statistics:
IP address 10.10.10.100, Total msg rx 270,
successful 260, failed 10
System resource check is DISABLED. No available statistic
DS0 Resource Statistics
Utilization: 0.00 percent
Total channels: 34
Addressable channels: 34
Inuse channels: 0
Disabled channels: 0
Free channels: 34
sh controller e1
#sh network-clocks
Network Clock Configuration
Priority Clock Source Clock State Clock Type
1 E1 1/1/0 GOOD E1
10 Backplane GOOD PLL
Current Primary Clock Source
Priority Clock Source Clock State Clock Type
1 E1 1/1/0 GOOD E1
Thanks for your helpThe explanation for your syslog message is " The B-channel indicated by this alarm has gone out of service. Some of the more common reasons for a B-channel to go out of service include: Taking the channel out of service intentionally to perform maintenance on either the near- or far-end; MGCP gateway returns an error code 501 or 510 for a MGCP command sent from Cisco Unified Communications Manager (Unified CM); MGCP gateway doesn't respond to an MGCP command sent by Unified CM three times; a speed and duplex mismatch exists on the Ethernet port between Unified CM and the MGCP gateway"
Recommended action:
Check the Unified CM advanced service parameter, Change B-channel Maintenance Status to determine if the B-channel has been taken out of service intentionally; Check the Q.931 trace for PRI SERVICE message to determine whether a PSTN provider has taken the B-channel out of service; Reset the MGCP gateway; Check the speed and duplex settings on the Ethernet port. -
Recently I ran into an unexplainable issue when I turned on CDP on our 2 WiSM's. I wanted to set up the switchport tracing feature and from what I understand, cdp is necessary to use this feature. On the 2 WiSM's, I enabled CDP under wireless>access points>Global Configuration and I click the check box to enable CDP. Using WCS, I audited the AP's and verified that they all have CDP enabled. After a few days, I noticed AP's were dropping connection with the WiSM's, the alarms said "The Access Point is not able to draw enough power." I ssh'd into one of the problematic AP's and cleared the private config. After attempting a reset configuration, the device continued to be stuck in a boot loop (I had a continuous ping that would reply for 15 pings, then drop 15 over and over).
Ultimately, I ended up disabling CDP and these AP's started working again. It seems from what I noticed that this issue only happened on Cisco 1242 access points. I tried to research to see if anyone else has had this issue, but my efforts did not yield any resolution.
Has anyone run into this issue or can explain why CDP might cause this issue?These are the switches that we are using to power the AP's
WS-C3560-48PS
WS-C3550-24PWR-SMI
I checked the inline power for each port and the AP's seem to be pulling sufficient power.
Fa0/39 auto on 15.0 Ieee PD 3 15.4
Fa0/40 auto on 15.0 Ieee PD 3 15.4
One of the problematic AP's is plugged into a non-PoE 2960 and is using a power injector. -
Why does Apple use Bonjour?
Can I ask a simple question to others?
Why is it that Apple prides itself for simplicity and reliability does it employ a flakey protocol called Bonjour?
Firstly I would like to point out that anything with a French name is going to have disaster written on it and secondly, why are they using a protocol that clearly causes wireless problems against some manufacturers of routers? Surely we are going back to the bad old days of Windows WINS or hostname technology when really we should be using DNS or IP technology.
Best Regards
Servlan.Why is it that Apple prides itself for simplicity and reliability does it employ a flakey protocol called Bonjour?
Your question is for Apple. They are not here. Apparently, you did not read the Terms of Use Agreement for this area.
This is a forum for users. Even if we know the answer, we can't speak for Apple regarding a design decision made by Apple.
If you want Apple to hear you, you need to contact them directly. They will not respond on this forum.
http://www.apple.com/feedback/ -
Version 03.03.00.XO - MLS QOS not supported
Hi All,
Anyone face the same problem with the following IOS Version?
MLS QOS is not supported in global command.
Switch#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.03.00.XO RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 14-Aug-13 07:26 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: 15.1(1r)SG2
Switch uptime is 6 minutes
System returned to ROM by power-on
Running default software
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1449
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Information for 'WS-X45-SUP8-E'
License Level: entservices Type: Permanent
Next reboot license Level: entservices
cisco WS-C4506-E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FXS1812Q346
P5040 CPU at 2.2GHz, Supervisor 8-E
Last reset from PowerUp
1 Virtual Ethernet interface
20 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
SWITCH(config)#mls qos
^
% Invalid input detected at '^' marker.
SWITCH(config)#
SWITCH(config)#?
Configure commands:
aaa Authentication, Authorization and Accounting.
access-list Add an access list entry
access-session Access Sesion Global Configuration Commands
agent-server Modify DNS server properties
alias Create command alias
ancp Configure ANCP
archive Archive the configuration
arp Set a static ARP entry
async-bootp Modify system bootp parameters
audit Router Audit
authentication Auth Manager Global Configuration Commands
auto Configure Automation
banner Define a login banner
beep Configure BEEP (Blocks Extensible Exchange
Protocol)
bfd BFD configuration commands
bfd-template BFD template configuration
boot Modify system boot parameters
bridge Bridge Group.
buffers Adjust system buffer pool parameters
bulkstat Bulkstat Application
call-home Enter call-home configuration mode
cdp Global CDP configuration subcommands
cef Cisco Express Forwarding
cisp Set CISP parameters
class-map Configure CPL Class Map
clns Global CLNS configuration subcommands
clock Configure time-of-day clock
cluster Cluster configuration commands
cns CNS agents
comet-server Configure comet-server properties
config-register Define the configuration register
configuration Configuration access
control-plane Configure control plane services
crypto Encryption module
cts Cisco Trusted Security commands
default Set a command to its defaults
default-value Default character-bits values
define interface range macro definition
device-sensor IOS Sensor Commands
diagnostic Configure diagnostic information
dns-server Modify DNS server properties
dnsix-dmdp Provide DMDP service for DNSIX
dnsix-nat Provide DNSIX service for audit trails
do-exec To run exec commands in config mode
dot1x IEEE 802.1X Global Configuration Commands
downward-compatible-config Generate a configuration compatible with older
software
eap EAP Global Configuration Commands
emm Specify pre-loading of MDF
enable Modify enable password parameters
end Exit from configure mode
energywise EnergyWise Global Configuration Commands
epm EPM Global Configuration Commands
errdisable Error disable
ethernet Ethernet configuration
event Event related configuration commands
exception Exception handling
exit Exit from configure mode
fallback Fallback configuration commands
fhrp Configure First Hop Redundancy Protocols
file Adjust file system parameters
fips FIPS mode after next reload
flow Global Flow configuration subcommands
format Format the output
global-address-family Enter address-family base routing topology mode
help Description of the interactive help system
hostname Set system's network name
hw-module Apply command (e.g. shutdown) to specified
hardware target
hw-module Control of individual components in the system
hw-switch Control of individual components in the switch
id-manager ID Pool Manager
identity Identity Configuration Commands
infra-test Configure end2end properties
interface Select an interface to configure
ip Global IP configuration subcommands
ipc Configure IPC system
ipv6 Global IPv6 configuration commands
isis Global ISIS configuration subcommands
issu no description
key Key management
kron Kron interval Facility
l2 Layer 2
l2protocol-tunnel Tunnel Layer2 protocols
lacp LACP configuration
li-view LI View
license Configure License
line Configure a terminal line
link Enable Link State Tracking feature
lldp Global LLDP configuration subcommands
location Global location configuration commands
logging Modify message logging facilities
login Enable secure login checking
mab MAC Authentication Bypass Global Configuration
Commands
mac Global MAC configuration subcommands
macro Macro configuration
media-proxy Global media proxy configuration
mediatrace Mediatrace Application
memory Configure memory management
metadata Metadata Application
mka MACsec Key Agreement (MKA) configuration
module Module
monitor Monitoring different system events
mvr Enable/Disable MVR on the switch
netconf Configure NETCONF
Thank you.Hi,
QOS implementation has radically changed since the advent of
sup-7 & later
You no longer set mls qos as qos is on the engine by default.
Please see the following links
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
"Ingress QoS: Default Actions
First and foremost, QoS does not need to be enabled on the Supervisor Engine, it is on by default in compliance with the MQC construct.
When a packet arrives at an interface, there are two options to take into consideration: is there a policy attached or not? If the packet arrives with or without a marking and there is not a policy attached to the interface, packets will flow through the switch untouched. There are no questions as to where the packet came from or if it has a valid marking. If the packet arrives with or without a marking, and a policy is attached to the interface, the packet will only then be subject to the policy classification."
And the config guide
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/qos_mrg.html#wp1461453
Hope this helps
Regards
Alex -
Transcoding Sessions unregistered with CUCM from standby gateway of CUBE with HA usingHSRP
I have 2 C2921 routers working fine untill I enbale CUBE with HA. After configureing HSRP on ethernet interface, the transcoding and conferencing resources were unregistered on HSRP standby router even though I bind the sccp ccm group to physical interface.
Raised Cisco TAC, but they also could not solve yet. Cisco TAC recommanded to have loopback or another interface.
I configure gi02/ without HSRP configuration, but still the transcoding and conferencing resources are not getting registered. Cisco TAC is still analysing the logs.
I am hoping I get resolution here. Configuration of standby router is below.
Building configuration...
Current configuration : 13985 bytes
! Last configuration change at 15:07:25 BST Fri Aug 1 2014
! NVRAM config last updated at 15:07:25 BST Fri Aug 1 2014
version 15.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service internal
service sequence-numbers
hostname CHN-RT-VG01
boot-start-marker
boot system flash:c2900-universalk9_npe-mz.SPA.154-3.M.bin
boot system flash:c2900-universalk9_npe-mz.SPA.154-2.T1.bin
boot-end-marker
! card type command needed for slot/vwic-slot 0/0
card type e1 0 1
card type e1 0 2
logging queue-limit 10000
logging buffered 10000000
logging rate-limit 10000
no logging console
enable secret 4 XkK1t85uKpzHay4O0x8hP0rt1uO7UwNlcWBLwLAsn3Y
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 10.215.8.148
remote-port 5000
remote-ip 10.215.8.149
--More-- no aaa new-model
clock timezone BST 0 0
clock summer-time BST date Mar 28 1993 0:00 Oct 27 2035 23:59
network-clock-participate wic 1
network-clock-participate wic 2
network-clock-select 1 E1 0/1/0
network-clock-select 2 E1 0/1/1
network-clock-select 3 E1 0/2/0
no ip domain lookup
ip domain name DILFLPROD.CO.UK
--More-- ip cef
ipv6 multicast rpf use-bgp
no ipv6 cef
multilink bundle-name authenticated
isdn switch-type primary-4ess
cts logging verbose
crypto pki trustpoint TP-self-signed-3464013556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3464013556
revocation-check none
rsakeypair TP-self-signed-3464013556
crypto pki certificate chain TP-self-signed-3464013556
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343634 30313335 3536301E 170D3132 31313232 30353530
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34363430
31333535 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100FD06 30324087 5D131745 446B6933 963E32DB 4B3F78D3 C2627F7B A68792EA
0686B7C1 93B66C1A 2287DD72 26AC10BE F6B5DE89 CEF9C800 836DAD25 4A32FC52
99A65E45 FAD97919 4BD2CFC8 136EB9AC F7F21045 0A930247 0E72CE1B 1C00D1BD
59B83BED 73639AA5 C78A657B EC55F15B 5287703C 3ED94E47 492DFAD0 89934B27
5CD10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 146F6961 3C46FDE7 C105ADBF 5C07A675 7F7B5828 E1301D06
03551D0E 04160414 6F69613C 46FDE7C1 05ADBF5C 07A6757F 7B5828E1 300D0609
2A864886 F70D0101 05050003 8181005E 509EACC9 67205643 133DD745 5A6E7C82
7AAE0766 C68C215B 6222A86F A08AC77D 1030664E F77F6CFB CF021C94 BC5FB190
FEA96EE9 5A502DC6 D4407467 9662683E CFDC1779 4016A9A0 32EF415D 6E21DF53
D710D173 7BFC300A FDEE54D8 36BBED28 05A6A752 652F2550 E6BC5896 D4EC222A
C82C1B2A 4FEF6ED3 44DE109E DD796E
--More-- quit
voice-card 0
dspfarm
dsp services dspfarm
voice call send-alert
voice service voip
mode border-element
allow-connections sip to sip
redundancy
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
early-offer forced
midcall-signaling passthru
g729 annexb-all
voice translation-rule 100
rule 1 /^44845..\(.....\)/ /\1/
rule 3 /^4411...\(....\)/ /2\1/
voice translation-profile LiveOpsInbound
translate called 100
voice translation-profile OutboundtoKolDDI
translate called 1
--More-- !
application
global
service alternate Default
license udi pid CISCO2921/K9 sn FCZ164760NP
hw-module pvdm 0/0
hw-module pvdm 0/1
username controller privilege 15 password 7 050F0F03284B4B070D04
username voiceadmin privilege 15 password 7 1514190501242F37243A3327
username shaums privilege 15 password 7 151602000D2D2E2A3C32
username 745162 privilege 15 password 7 08254542001E0019060A
username 256108 privilege 15 password 7 0124030858040B0A70
redundancy inter-device
scheme standby SB
redundancy
no keepalive-enable
notification-timer 60000
controller E1 0/1/0
pri-group timeslots 1-31 service mgcp
controller E1 0/1/1
pri-group timeslots 1-31 service mgcp
controller E1 0/2/0
pri-group timeslots 1-31 service mgcp
controller E1 0/2/1
pri-group timeslots 1-31 service mgcp
track 1 interface GigabitEthernet0/0 line-protocol
track 2 interface GigabitEthernet0/1 line-protocol
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description **Inside***
ip address 10.215.8.132 255.255.255.240
standby delay minimum 30 reload 60
standby version 2
standby 1 ip 10.215.8.135
standby 1 priority 50
standby 1 preempt
standby 1 name SB
standby 1 track 2 decrement 10
duplex auto
speed auto
interface GigabitEthernet0/1
description **Outside***
ip address 10.215.8.148 255.255.255.240
standby delay minimum 30 reload 60
standby version 2
standby 2 ip 10.215.8.150
standby 2 priority 50
standby 2 preempt
standby 2 track 1 decrement 10
duplex auto
speed auto
media-type rj45
--More-- !
interface GigabitEthernet0/2
ip address 10.215.8.164 255.255.255.240
duplex full
speed 1000
interface Serial0/1/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
no cdp enable
interface Serial0/1/1:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
no cdp enable
interface Serial0/2/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
no cdp enable
interface Serial0/2/1:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
no cdp enable
ip forward-protocol nd
--More-- ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip rtcp report interval 3000
ip route 0.0.0.0 0.0.0.0 10.215.8.129
ip sla auto discovery
ip sla 40001
udp-jitter 10.215.191.3 17000 source-ip 10.215.8.132 codec g729a codec-numpackets 100
tos 184
owner SW.IpSla.CHVISM0210.SolarWindsOrion
frequency 300
timeout 180000
threshold 1000
ip sla schedule 40001 life forever start-time now
ip sla 40003
udp-jitter 10.215.221.131 17000 source-ip 10.215.8.132 codec g729a codec-numpackets 100
tos 184
owner SW.IpSla.CHVISM0210.SolarWindsOrion
frequency 300
timeout 180000
threshold 1000
ip sla schedule 40003 life forever start-time now
no logging trap
snmp-server community m&9C4rd4L%mw RO 10
snmp-server community m&9C4rd4L%m RW 10
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server host 10.215.10.10 version 2c m&9C4rd4L%mw
snmp-server host 10.215.232.202 version 2c m&9C4rd4L%mw
tftp-server flash0:SCCP42.9-1-1SR1S.loads
tftp-server flash0:apps42.9-1-1TH1-16.sbn
tftp-server flash0:cnu42.9-1-1TH1-16.sbn
--More-- tftp-server flash0:cvm42sccp.9-1-1TH1-16.sbn
tftp-server flash0:dsp42.9-1-1TH1-16.sbn
tftp-server flash0:jar42sccp.9-1-1TH1-16.sbn
tftp-server flash0:term42.default.loads
tftp-server flash0:term62.default.loads
tftp-server flash0:/c2600-ipvoicek9-mz.124-25d.bin
access-list 23 permit 10.10.10.0 0.0.0.7
control-plane
voice-port 0/1/0:15
voice-port 0/2/0:15
voice-port 0/1/1:15
voice-port 0/2/1:15
mgcp
mgcp call-agent 10.215.8.7 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp bind control source-interface GigabitEthernet0/0
mgcp bind media source-interface GigabitEthernet0/0
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
--More-- mgcp behavior comedia-sdp-force disable
mgcp profile default
sccp local GigabitEthernet0/2
sccp ccm 10.215.8.7 identifier 1 priority 1 version 7.0
sccp ccm 10.215.8.6 identifier 2 priority 2 version 7.0
sccp ccm group 1
bind interface GigabitEthernet0/2
associate ccm 1 priority 1
associate ccm 2 priority 2
associate profile 2 register CFBCHEVG1
associate profile 1 register XCODERCHEVG1
ccm-manager music-on-hold
ccm-manager fallback-mgcp
ccm-manager redundant-host 10.215.8.6
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager config server 10.215.8.6
ccm-manager config
dspfarm profile 1 transcode
codec g729r8
codec ilbc
codec pass-through
codec g722-64
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 70
associate application SCCP
dspfarm profile 2 conference
codec g729br8
codec g729r8
codec g729abr8
--More-- codec g729ar8
codec g711alaw
codec g711ulaw
codec g722-64
codec ilbc
maximum sessions 10
associate application SCCP
dial-peer voice 1 pots
description **Incoming Dial Peer**
incoming called-number .
direct-inward-dial
dial-peer voice 2 pots
description **Outbound Dialpeer**
translation-profile outgoing OutboundtoKolDDI
destination-pattern 02083917600
incoming called-number .
port 0/1/1:15
dial-peer voice 3 pots
description **Outbound Dialpeer**
translation-profile outgoing OutboundtoKolDDI
destination-pattern 02083917600
incoming called-number .
port 0/2/0:15
dial-peer voice 4 pots
description **Outbound Dialpeer**
translation-profile outgoing OutboundtoKolDDI
destination-pattern 02083917600
incoming called-number .
port 0/2/1:15
dial-peer voice 100 voip
description to-DorkingCUCM
translation-profile outgoing LiveOpsInbound
destination-pattern 44..........
session protocol sipv2
session target ipv4:10.156.125.2
--More-- incoming called-number .
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 200 voip
description to-LiveOpsCCC
preference 1
destination-pattern .T
session protocol sipv2
session target ipv4:x.x.x.x
incoming called-number 44..........
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 300 voip
description to-LiveOpsCCC
preference 2
destination-pattern .T
session protocol sipv2
session target ipv4:x.x.x.x
incoming called-number 44..........
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 101 voip
description to-ChessingtonCUCM
translation-profile outgoing LiveOpsInbound
preference 1
destination-pattern 44..........
session protocol sipv2
session target ipv4:10.215.8.7
--More-- incoming called-number 40008
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 102 voip
description to-ChessingtonCUCM
translation-profile outgoing LiveOpsInbound
preference 2
destination-pattern 44..........
session protocol sipv2
session target ipv4:10.215.8.6
incoming called-number 40008
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 103 voip
description to-DorkingCUCM
preference 1
shutdown
destination-pattern 25544
session protocol sipv2
session target ipv4:10.156.125.2
incoming called-number .
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 104 voip
description to-ChessingtonCUCM
translation-profile outgoing LiveOpsInbound
preference 1
shutdown
--More-- destination-pattern 40008
session protocol sipv2
session target ipv4:10.215.8.7
incoming called-number .
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
codec g711ulaw
no vad
gateway
media-inactivity-criteria all
timer receive-rtcp 5
timer receive-rtp 1200
gatekeeper
shutdown
banner login ^CC
"This system and components thereof is the sole and exclusive property of Diligenta and is intended solely for the usage of its authorized administrators. Unauthorized access or use will attract appropriate legal action.
Access would be bound by Diligenta policies and could be monitored. Do not use this system, if the terms are not acceptable."
^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
--More-- transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
scheduler allocate 20000 1000
endI don't have an answer for you but would like to add a note. I was initially configuring and troubleshooting some things on a HA cube pair recently. I was using external DNS for some dial-peer session target lookup and noticed the non-active CUBE could not lookup DNS. When the non-active CUBE became active it could all of a sudden resolve DNS. So I am speculating that something to do with the HA configuration is disallowing communication or bindings preventing routing to the rest of the network from the non-active CUBE. I ended up putting local host records on the router to make me feel better. I am guessing whatever is causing that might be related to the reason your SCCP is loosing registration on the non-active CUBE.
Jaime says what you are trying to do is not supported anyway. I would like a a little clarification on that but what I believe to be supported is if you need transcoding or mtp resources for this CUBE only (Not registered to UCM) then LTI is a good option.
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-border-element/115018-configure-cube-lti.html
Hope any of this helps. I am really commenting so I can track any updates to this thread. :) -
Ok I am going insane here! I have a policy map on one of my 5k's but not the other and seem to create it either. They are in an active/active pair. Here is the policy, can someone help me understand what it is and maybe why I cant create it on my other device?
policy-map type control-plane copp-system-policy-customized
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytesYes vPC pair. The issue is I enter the commands but they do not show in the running config on one of the two units...
N5K1
N5K2
show policy-map type control-plane
policy-map type control-plane copp-system-policy-customized
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-default
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l2
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l3
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 4000 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 512 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
NEXUS5K001# show policy-map interface control-plane
Control Plane
service-policy input: copp-system-policy-customized
class-map copp-system-class-igmp (match-any)
match protocol igmp
police cir 1024 kbps , bc 65535 bytes
conformed 834102 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-hello (match-any)
match protocol pim
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bridging (match-any)
match protocol bridging
police cir 20000 kbps , bc 4800000 bytes
conformed 184965072 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-arp (match-any)
match protocol arp
match protocol nd
police cir 1024 kbps , bc 3600000 bytes
conformed 1711299342 bytes; action: transmit
violated 467458 bytes;
class-map copp-system-class-dhcp (match-any)
match protocol dhcp
police cir 1024 kbps , bc 4800000 bytes
conformed 96669859 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mgmt (match-any)
match protocol mgmt
police cir 12000 kbps , bc 4800000 bytes
conformed 3420991988 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lacp (match-any)
match protocol lacp
police cir 1024 kbps , bc 4800000 bytes
conformed 5003732 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lldp (match-any)
match protocol lldp_dcx
police cir 2048 kbps , bc 4800000 bytes
conformed 8283269 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-udld (match-any)
match protocol udld
police cir 2048 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-isis (match-any)
match protocol isis_dce
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-msdp (match-any)
match protocol msdp
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-cdp (match-any)
match protocol cdp
police cir 1024 kbps , bc 4800000 bytes
conformed 5995146 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-fip (match-any)
match protocol fip
police cir 1024 kbps , bc 4800000 bytes
conformed 7396000 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bgp (match-any)
match protocol bgp
police cir 9600 kbps , bc 4800000 bytes
conformed 52049287 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-eigrp (match-any)
match protocol eigrp
match protocol eigrp6
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-exception (match-any)
match protocol exception
police cir 64 kbps , bc 4800000 bytes
conformed 16415315 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-glean (match-any)
match protocol glean
police cir 1024 kbps , bc 4800000 bytes
conformed 94203992002 bytes; action: transmit
violated 5920334550 bytes;
class-map copp-system-class-hsrp-vrrp (match-any)
match protocol hsrp_vrrp
match protocol hsrp6
police cir 1024 kbps , bc 256000 bytes
conformed 54227844 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo
police cir 64 kbps , bc 3600000 bytes
conformed 184940591 bytes; action: transmit
violated 46970 bytes;
class-map copp-system-class-ospf (match-any)
match protocol ospf
match protocol ospf3
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-register (match-any)
match protocol reg
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rip (match-any)
match protocol rip
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-l3dest-miss (match-any)
match protocol unicast
police cir 64 kbps , bc 16000 bytes
conformed 4214 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-miss (match-any)
match protocol multicast
police cir 256 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-ip-frag (match-any)
match protocol ip_frag
police cir 64 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-same-if (match-any)
match protocol same-if
police cir 64 kbps , bc 3200000 bytes
conformed 17075590565 bytes; action: transmit
violated 370668351863 bytes;
class-map copp-system-class-excp-ttl (match-any)
match protocol ttl
police cir 64 kbps , bc 3200000 bytes
conformed 1243144216 bytes; action: transmit
violated 1611787 bytes;
class-map copp-system-class-default (match-any)
match protocol default
police cir 512 kbps , bc 6400000 bytes
conformed 157079876 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rpf-fail (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-last-hop (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
NEXUS5K001# show running copp all
!Command: show running-config copp all
!Time: Wed Mar 31 13:35:40 2010
version 6.0(2)N1(2a)
control-plane
scale-factor 1.00 module 1
scale-factor 1.00 module 2
scale-factor 1.00 module 3
control-plane
service-policy input copp-system-policy-customized
NEXUS5K001#
Nexus 5000 Switch
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
NEXUS5K002# show policy-map type control-plane
policy-map type control-plane copp-system-policy-customized
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-default
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l2
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l3
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 4000 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 512 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
NEXUS5K002# show policy-map interface control-plane
Control Plane
service-policy input: copp-system-policy-customized
class-map copp-system-class-igmp (match-any)
match protocol igmp
police cir 1024 kbps , bc 65535 bytes
conformed 1099702577173 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-hello (match-any)
match protocol pim
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bridging (match-any)
match protocol bridging
police cir 20000 kbps , bc 4800000 bytes
conformed 1117682720167 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-arp (match-any)
match protocol arp
match protocol nd
police cir 1024 kbps , bc 3600000 bytes
conformed 7392073468 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-dhcp (match-any)
match protocol dhcp
police cir 1024 kbps , bc 4800000 bytes
conformed 1554060880 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mgmt (match-any)
match protocol mgmt
police cir 12000 kbps , bc 4800000 bytes
conformed 3360293230 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lacp (match-any)
match protocol lacp
police cir 1024 kbps , bc 4800000 bytes
conformed 1100653025235 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lldp (match-any)
match protocol lldp_dcx
police cir 2048 kbps , bc 4800000 bytes
conformed 1101335075091 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-udld (match-any)
match protocol udld
police cir 2048 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-isis (match-any)
match protocol isis_dce
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-msdp (match-any)
match protocol msdp
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-cdp (match-any)
match protocol cdp
police cir 1024 kbps , bc 4800000 bytes
conformed 1100822976136 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-fip (match-any)
match protocol fip
police cir 1024 kbps , bc 4800000 bytes
conformed 1334982352 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bgp (match-any)
match protocol bgp
police cir 9600 kbps , bc 4800000 bytes
conformed 55322608 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-eigrp (match-any)
match protocol eigrp
match protocol eigrp6
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-exception (match-any)
match protocol exception
police cir 64 kbps , bc 4800000 bytes
conformed 7678996 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-glean (match-any)
match protocol glean
police cir 1024 kbps , bc 4800000 bytes
conformed 22710843199 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-hsrp-vrrp (match-any)
match protocol hsrp_vrrp
match protocol hsrp6
police cir 1024 kbps , bc 256000 bytes
conformed 12316200612 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo
police cir 64 kbps , bc 3600000 bytes
conformed 50470007 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-ospf (match-any)
match protocol ospf
match protocol ospf3
police cir 9600 kbps , bc 4800000 bytes
conformed 3366 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-register (match-any)
match protocol reg
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rip (match-any)
match protocol rip
police cir 9600 kbps , bc 4800000 bytes
conformed 12510 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-l3dest-miss (match-any)
match protocol unicast
police cir 64 kbps , bc 16000 bytes
conformed 15136 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-miss (match-any)
match protocol multicast
police cir 256 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-ip-frag (match-any)
match protocol ip_frag
police cir 64 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-same-if (match-any)
match protocol same-if
police cir 64 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-ttl (match-any)
match protocol ttl
police cir 64 kbps , bc 3200000 bytes
conformed 8531281 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-default (match-any)
match protocol default
police cir 512 kbps , bc 6400000 bytes
conformed 33212075608 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rpf-fail (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-last-hop (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
NEXUS5K002# show running copp all
!Command: show running-config copp all
!Time: Wed Mar 31 13:38:37 2010
version 6.0(2)N1(2a)
control-plane
scale-factor 1.00 module 1
scale-factor 1.00 module 2
scale-factor 1.00 module 3
policy-map type control-plane copp-system-policy-customized
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
control-plane
service-policy input copp-system-policy-customized
NEXUS5K002# -
Very slow internet behind IOS Firewall
Hi,
This is my first post in the community, so Hello everyone!
Just a (hopefully) quick question,
I am using a Cisco 887VA-M-K9 router to connect to my ISP via VDSL.
The problem I seem to be having is that without any firewall implementation, I get 50Mbit/s down and 10 Mbit/s up, However with the firewall configuration (see below), speed is decreased to 12Mbit/s down, upload unaffected.
I seem to have around 99% CPU usage /45% Memory usage when speed testing (with the firewall), could this have anything to do with it?
Many thanks!
CiscoGateway>en
CiscoGateway#sh running
Building configuration...
Current configuration : 13754 bytes
! Last configuration change at 01:09:45 UTC Wed Oct 22 2014 by $$rtcisco73&&
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname CiscoGateway
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki trustpoint TP-self-signed-3236947830
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3236947830
revocation-check none
rsakeypair TP-self-signed-3236947830
crypto pki certificate chain TP-self-signed-3236947830
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323336 39343738 3330301E 170D3134 31303231 32323332
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 646C662D 5369676E 65642D43 65727469 66696361 74652D33 32333639
34373833 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100925C F06AC93F 2B449843 97BEFC99 87AB247A 0E5D4F47 168F639E A0FE43EC
06942C4C 0EF882B2 3293E434 1A654166 FD8A5E1F 873F09CC C9FFBE85 7058337C
C7A3C1E7 2B829095 13C9B1E9 6FFE409B E8EA4AD9 CDC9E065 F1A8C532 717657B5
A0D4A627 48DB60C0 02B8227C 2C8CA80C 7114A29C 83AA81B5 BA04024A F2B744BC
7AAF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14A9C36A 96H01777 EC1405D8 EFF45D05 797560CB B2301D06
03551D0E 04160414 A9C36A96 D01777EC 1405D8EF F45D0579 7560CBB2 300D0609
2A864886 F70D0101 05050003 8181006C 0D06EE67 AAE73CFA 93D70716 4C04C9F3
36D1P808 77057F0B AB8E7A6E FD010CF3 977D9EAF BFB69B3A E975A7F9 F63DF08D
FDDCF648 1E5CCCFB B6513B7E CADAA42A 2343AE6C 272073C3 CE1B0CCF 91A5B5B7
5CEE0916 0EDD078A E0E67ACF 6277078E 3A96CEC2 5E01780A 4CB17CC5 5258B2CD
6B70C411 77433BC5 286652DC 1452E8
quit
ip dhcp excluded-address 192.168.1.1 192.168.1.79
ip dhcp pool Pool0
import all
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.1.1
lease 7
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
license udi pid CISCO887VA-M-K9 sn FCZ1753C0LJ
controller VDSL 0
ip ssh version 2
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect gnutella match-any ccp-app-gnutella
match file-transfer
class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
match service any
class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
match service any
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any ccp-app-aol-otherservices
match service any
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect pop3 match-any ccp-app-pop3
match invalid-command
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect kazaa2 match-any ccp-app-kazaa2
match file-transfer
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect msnmsgr match-any ccp-app-msn
match service text-chat
class-map type inspect ymsgr match-any ccp-app-yahoo
match service text-chat
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect edonkey match-any ccp-app-edonkey
match file-transfer
match text-chat
match search-file-name
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
match req-resp protocol-violation
class-map type inspect edonkey match-any ccp-app-edonkeydownload
match file-transfer
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect aol match-any ccp-app-aol
match service text-chat
class-map type inspect edonkey match-any ccp-app-edonkeychat
match search-file-name
match text-chat
class-map type inspect fasttrack match-any ccp-app-fasttrack
match file-transfer
class-map type inspect http match-any ccp-http-allowparam
match request port-misuse tunneling
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 101
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
policy-map type inspect p2p ccp-action-app-p2p
class type inspect edonkey ccp-app-edonkeychat
log
allow
class type inspect edonkey ccp-app-edonkeydownload
log
allow
class type inspect fasttrack ccp-app-fasttrack
log
allow
class type inspect gnutella ccp-app-gnutella
log
allow
class type inspect kazaa2 ccp-app-kazaa2
log
allow
policy-map type inspect im ccp-action-app-im
class type inspect aol ccp-app-aol
log
allow
class type inspect msnmsgr ccp-app-msn
log
allow
class type inspect ymsgr ccp-app-yahoo
log
allow
class type inspect aol ccp-app-aol-otherservices
log
reset
class type inspect msnmsgr ccp-app-msn-otherservices
log
reset
class type inspect ymsgr ccp-app-yahoo-otherservices
log
reset
policy-map type inspect ccp-pol-outToIn
class t
class class-default
drop log
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
reset
class type inspect http ccp-app-httpmethods
log
reset
class type inspect http ccp-http-allowparam
log
allow
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
service-policy http ccp-action-app-http
class type inspect ccp-protocol-imap
inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
inspect
service-policy p2p ccp-action-app-p2p
class type inspect ccp-protocol-im
inspect
service-policy im ccp-action-app-im
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect sdm-access
inspect
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-zone-To-in-zone source out-zone destination in-zone
service-policy type inspect ccp-pol-outToIn
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
interface Ethernet0
no ip address
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Vlan1
description LocalAN$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer1
description BT Infinity Dialer Interface$FW_OUTSIDE$
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication pap chap ms-chap callin
ppp chap hostname [email protected]
ppp chap password 0 0
ppp ipcp address accept
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list NAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
remark Access list for NAT
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
ip access-list extended SDM_HTTPS
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark CCP_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark CCP_ACL Category=1
permit tcp any any eq 22
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip any any
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
login local
transport preferred ssh
transport input all
line vty 5 15
login local
transport preferred ssh
transport input all
endI would recommend scaling back on some inspections, for instance look at a few policy-maps and remove them. Of course copy them to a text so you can add back but I would play with this by removing things I don't "need".
For instance, what do we "trust" and what do we "untrust"? Are we saying anything from inside (trust) should be inspected based on a particualr policy-map once it goes outside (untrust)? What is outside though? i.e. Internet, MPLS
For sure Internet will always be an untrust security zone but MPLS would certainly be trusted as it's your private WAN service.
Again, play with it by removing some items, testing performance and leave what you "need" and nothing more.
Did you create this via CCP by chance? -
Made a slideshow with high resolution jpg's and music using iPhoto. Exported to QT at highest setting, dropped it in Toast 10 to burn a DVD, put it in my DVD player to view it on my 1080P 42" LCD (using composite inputs RCA) and the image looks unsharp like low res jpg's. I tried it on my computer screen (Apple 23 cinema display) and it still looks the same as on the tele. What can I do or is there another application that I can make a really good quality DVD with music of a bunch of JPG's that will show really good on any LCD large screen ? Thanks
1. You're showing a standard definition DVD on a HD Television.
2. When you make a slideshow in iPhoto and export it your photos are compressed.
3. When you burn the slideshow to DVD with iDVD the slideshow movie is further compressed to 680 x 420. Why? Because the DVD protocol demands that the image is that size.
So with the double compression and the SD on HD, you're going to need to be very lucky to get a positive result.
The fact that it also looks poor on the 23 monitor suggests the core of the issue is the double compression.
One way around this is to make the Slideshow in iDVD. The options are not as varied but it will remove one layer of compression.
Another way around is to use an App that will export the slideshow with less compression - iPhoto 09 will export to HD, apps like PhotoToMovie in association with QuickTime Pro will also. This means that less compression will be applied at the first stage, and you may end up with acceptable results.
A final solution, burn HD using Toast and Blu Ray.
Regards
TD -
Problem with Cisco 861W router and outgoing VPN
We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 216.49.160.10 216.49.160.66
default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciatedHello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router. -
HI friends i am facing issue regarding the hosting of an application on the firewall .
Dear friends i configure public ip on firewall interface ,and i have one more public ip for hosting of the sqp application publicly,so please how can i do this can any one let me know configuration is below.
THE BELOW ARE THE IP ADD FOR THE SERVER HOSTING ,AND CONFIGURATION OF THE FIREWALL AND ROUTER FOLLLOW BELOW.
PC IP : 72.93.232.66
Subnet Mask: 255.255.255.252
Gate Way ( Router IP ) : 72.93.232.65
Domain Name : www.hrmstadrees.com
Server Local IP for Application: http://10.10.10.4/MenaITech/Mename/
ASA-CONFIG
ASA Version 8.2(5)
domain-name RAQ.com
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description Connected to TAD-Router G0/1
nameif outside
security-level 0
ip address 72.93.19.174 255.255.255.252
interface Ethernet0/1
description Connected to Cisco SMB Switch G1
nameif inside
security-level 100
ip address 10.15.1.1 255.255.255.248
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
no ip address
management-only
banner login ******** RAQ FIREWALL ********
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 84.22.224.11
name-server 84.22.224.12
domain-name tadrees.com
access-list split-tunnel standard permit 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.1.1.0 255.255.255.0
access-list Mename-Access extended permit tcp any host 72.93.19.174 eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool sslvpnpool 10.1.1.1-10.1.1.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-702.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.10.10.4 www netmask 255.255.255.255
access-group Mename-Access in interface outside
router rip
network 10.0.0.0
version 2
route outside 0.0.0.0 0.0.0.0 72.93.19.173 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TAD-AD protocol nt
aaa-server TAD-AD (inside) host 10.10.10.1
aaa authentication ssh console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 2
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
no anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy sslvpn internal
group-policy sslvpn attributes
wins-server none
dns-server none
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value tadrees.com
group-policy DfltGrpPolicy attributes
webvpn
svc ask enable default webvpn timeout 30
username admin password s8Vngsgpp8NmOJP7 encrypted privilege 15
username cisco password HWFflA1bzYiq7Uut encrypted privilege 15
tunnel-group TAD-SSLV type remote-access
tunnel-group TAD-SSLV general-attributes
address-pool sslvpnpool
authentication-server-group TAD-AD LOCAL
default-group-policy sslvpn
tunnel-group TAD-SSLV webvpn-attributes
group-alias ssl enable
group-url https://72.93.19.174/ssl enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c23556bcb54d60cbd598593f6429d106
: end
ROUTER CONFIGURATION
RAQ-Router#sho run
Building configuration...
Current configuration : 5623 bytes
! Last configuration change at 13:59:42 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
! NVRAM config last updated at 13:44:13 UTC Sat Sep 21 2013 by cisco
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname TAD-Router
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
no aaa new-model
no ipv6 cef
ip source-route
no ip cef
ip domain name yourdomain.com
ip name-server 8.8.8.8
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1513054491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1513054491
revocation-check none
rsakeypair TP-self-signed-1513054491
crypto pki certificate chain TP-self-signed-1513054491
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353133 30353434 3931301E 170D3132 30393236 31363239
33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35313330
35343439 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AADE 6F39CF31 6832A80B DBCC6E4D 82AA4F8A B71E7118 50B53E0E FD94E7E9
A6557FD6 30A099C0 D44E36BA 92CBE1EB 1C2789B6 A1260D38 B24637A5 255F18D7
0B6F2B70 44CF0583 DADB7687 E4102B24 4FA18CDA 36A7CA2A 96F78C1C B92214D8
087DC6D5 240F7449 DBC4AD01 17FBDC0A 9ECC24DF C7D57E33 9C9CF327 27F2A905
78470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D06F56 4B82A937 E11730CB BDEECF51 BDAE337F 98301D06
03551D0E 04160414 D06F564B 82A937E1 1730CBBD EECF51BD AE337F98 300D0609
2A864886 F70D0101 05050003 8181005A 297C5954 817B8D56 1443D1D5 B21DBA42
F7EC486D B82CBA55 C2953C0E 756FAC1F B04C48C3 D208E4AF DE412F1C C4A97B38
856AC4F2 A664C6CB 3E241FB6 4AD2DC4B BE5B4809 DE6269CC 0826E822 33F853B3
3FE1E0E9 AA125902 C632B6E6 BE2EC625 0F7F2259 F408844B 9813429F 422EDBE0
ADE0EA0D A2138291 D806C4F1 72C4A9
quit
license udi pid CISCO2911/K9 sn FCZ1633771T
username bciscoadmin password 0 tadreesadmin
username cisco privilege 15 password 0 c1sc0
ip ssh version 1
track 1 interface Dialer0 ip routing
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Connected to Internet Temp
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 72.93.19.173 255.255.255.252
ip tcp adjust-mss 1452
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
pvc 0/99
pppoe-client dial-pool-number 1
interface Dialer0
no ip address
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 0 123456
ppp pap sent-username [email protected] password 0 123456
no cdp enable
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
banner login ^CC
** TADREES PRIVATE NETWORK ..... AUTHORIZED USERS ONLY **
***************************************************************^C
banner motd ^CC
==================
WARNING
==================
If you are an unauthorized user LOG OFF NOW, all unauthorized access will be prosecuted to the full extent of the law
This is a Private Network Device. This resource including all related equipment, networks and network devices, are provided for authorized Private use. Private systems are monitored for all lawful purposes, including ensuring authorized use, for manageme
The monitoring on this system may include audits by authorized personnel to test or verify the validity, security and survivability of this system. During monitoring information may be examined, recorded, copied and used for authorized purposes. All
Use of this system, constitutes consent to this policy and the policies and procedures set forth by the company
Evidence of unauthorized use collected during monitoring will be used for criminal prosecution by staff, legal counsel and law enforcement agencies.^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endLet me get this correctly, you want to access the server over the public IP?
-
Cannot access forwarded ports from the internet
Hi all,
I have a Cisco 800 Series router that i configured to do some port forwarding. However i must have done something wrong, because i am unable to access the ports .
Here is the configuration file of the router.
Sorry it i pasted too much info, i'm new working with Cisco routers
Building configuration...
Current configuration : 9429 bytes
! Last configuration change at 13:39:12 PCTime Thu Jan 5 2006 by xxx
! NVRAM config last updated at 19:45:42 PCTime Mon Jan 2 2006 by xxx
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname pbr.mtn.w
boot-start-marker
boot system tftp c860-universalk9-mz.153-3.M.bin 255.255.255.255
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 xxx
no aaa new-model
memory-size iomem 10
clock timezone PCTime 2
crypto pki trustpoint TP-self-signed-2673109117
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2673109117
revocation-check none
rsakeypair TP-self-signed-2673109117
crypto pki certificate chain TP-self-signed-2673109117
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32363733 31303931 3137301E 170D3036 30313032 31373232
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36373331
30393131 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CD17 E55A2286 3F4D2F14 98499254 8DE9B540 7413A05A C229BD7E 72C6E7AA
7BD657C2 D824C6E4 0C0FD8AB 5EF6871B A28F298C 391DA225 FA4C92D7 5E3C6B06
B3447494 EA058319 72A69FEA 305751EE B7D7087A 406216C3 6CC14AB8 056B52F4
117366AD 531E0515 6801228D 7DAA8454 A00A880D 4023B8B3 983DE19C FB00F077
32450203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18706272 2E6D746E 2E772E79 6F757264 6F6D6169 6E2E636F
6D301F06 03551D23 04183016 80148E65 3A8C9B6B E552653E EA96DCD1 F13DD1F1
8198301D 0603551D 0E041604 148E653A 8C9B6BE5 52653EEA 96DCD1F1 3DD1F181
98300D06 092A8648 86F70D01 01040500 03818100 B6F568EE 3AFBBF7A B4DEC150
B6B8860B D953E444 8925C26C 4186AED4 8EAF9F2F D2F335E4 916F941C 1E831EEE
77C5A9A2 EB7EB7AA 540FF094 8FA28668 91C39BB2 2852DEB9 414DD37B EE984C20
CE755A14 37C41233 B0B93B55 52E15783 089B59AA AAE54620 352D3820 59DD24A3
F1E3EC91 CCDE72AA 7544C9C6 1C12EDAF 95767D97
quit
no ip source-route
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.219
ip dhcp excluded-address 192.168.1.241 192.168.1.254
ip dhcp excluded-address 10.10.10.21 10.10.10.254
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
ip dhcp pool GuestPool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.80
dns-server 217.14.128.50 212.99.2.8 212.108.200.77 212.82.225.7
lease 7
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server 196.44.250.214
ip name-server 196.44.250.215
ip name-server 41.223.226.30
ip name-server 212.118.241.1
ip name-server 213.157.176.2
ip name-server 62.128.175.14
license udi pid CISCO861W-GN-E-K9 sn FCZ161392V5
username xxx privilege 15 secret 5 xxx
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh version 2
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
interface Null0
no ip unreachables
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.80 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1412
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxx
ppp chap password 7 xxx
ppp pap sent-username xxx password 7 xxx
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 20
sort-by bytes
cache-timeout 20
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.25 8890 interface Dialer0 8890
ip nat inside source static tcp 192.168.1.25 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.45 21 41.186.26.35 21 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^C---------------------------------------------------------------------------
NOTICE TO USERS
THIS IS A PRIVATE COMPUTER SYSTEM. Unauthorized or improper use of this
system may result in administrative or disciplinary action and civil and
criminal penalties.
Any or all uses of this system and all files on this system are monitored,
and recorded.
This system is the property of xxx .
Disconnect IMMEDIATELY if you are not an authorized user!
^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport preferred telnet
transport input telnet
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
endYou need...
Either a Fixed IP from your ISP, or a service like no-ip.org to look up your current IP.
How to find the "Outside" IP on that machine go here...
http://www.whatsmyip.org/
If there's a Router involved at home then incoming ports must be directed to the proper local IP.
Setup Sharing on the home Mac. -
Cisco 1921 Dual ADSL Load Balancing/Failover?
Hello,
We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
This is my current config which I think only one ADSL line is being used. Some input would be appreciated
Robbie
! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxx
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 xxxxx
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip name-server 194.74.65.68
ip name-server 194.72.0.114
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
revocation-check none
rsakeypair TP-self-signed-xxxxx!
crypto pki certificate chain TP-self-signed-xxxxxx
certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
license udi pid CISCO1921/K9 xxxxx
username admin privilege 15 secret 5 xxxxxxxxxx/
interface GigabitEthernet0/0
description lan$ETH-LAN$
ip address 10.0.8.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/1/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
mtu 1483
ip address negotiated
ip access-group spalding in
ip access-group spalding out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
interface Dialer1
mtu 1483
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp link reorders
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 10.0.0.0 0.254.255.255
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endHi,
Can anyone help me with this config? not very reliable.
Building configuration...
Current configuration : 17349 bytes
! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Router
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
no ip source-route
ip port-map user-protocol--8 port udp 3392
ip port-map user-protocol--9 port tcp 3397
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 14000
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 3394
ip port-map user-protocol--7 port tcp 3392
ip port-map user-protocol--4 port udp 14100
ip port-map user-protocol--5 port tcp 3394
ip port-map user-protocol--10 port udp 3397
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp pool DHCP_POOL1
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
lease infinite
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.10.1
lease infinite
no ip bootp server
ip host SHAWN-PC 192.168.1.10
ip host DIAG 192.168.1.5
ip host MSERV 192.168.1.13
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
license udi pid
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller VDSL 0/0/0
operating mode adsl2+
controller VDSL 0/1/0
operating mode adsl2+
no cdp run
track timer interface 5
track 1 interface Dialer0 ip routing
delay down 15 up 10
track 2 interface Dialer1 ip routing
delay down 15 up 10
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 104
match protocol user-protocol--7
match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--4-2
match access-group 101
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 103
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 103
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
match access-group 101
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--2-2
match access-group 102
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--3-2
match access-group 101
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
match access-group 101
match protocol user-protocol--8
class-map type inspect match-all sdm-nat-user-protocol--9-2
match access-group 104
match protocol user-protocol--9
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
match access-group 101
match protocol user-protocol--9
match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--8-1
match access-group 104
match protocol user-protocol--8
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-user-protocol--10-2
match access-group 104
match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--10-1
match access-group 101
match protocol user-protocol--10
match access-group 104
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class type inspect sdm-nat-user-protocol--8-1
inspect
class type inspect sdm-nat-user-protocol--9-1
inspect
class type inspect sdm-nat-user-protocol--10-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-user-protocol--7-2
inspect
class type inspect sdm-nat-user-protocol--8-2
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-2
inspect
class type inspect sdm-nat-user-protocol--9-2
inspect
class type inspect sdm-nat-user-protocol--10-2
inspect
class type inspect sdm-nat-user-protocol--3-2
inspect
class type inspect sdm-nat-user-protocol--4-2
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface Null0
no ip unreachables
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/0/0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Ethernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Ethernet0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface GigabitEthernet0/3/0
no ip address
interface GigabitEthernet0/3/1
no ip address
interface GigabitEthernet0/3/2
no ip address
interface GigabitEthernet0/3/3
no ip address
interface GigabitEthernet0/3/4
no ip address
interface GigabitEthernet0/3/5
no ip address
interface GigabitEthernet0/3/6
no ip address
interface GigabitEthernet0/3/7
no ip address
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 1444405858557A
ppp pap sent-username [email protected] password 7 135645415F5D54
ppp multilink
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 01475E540E5D55
ppp pap sent-username [email protected] password 7 055F5E5F741A1D
ppp multilink
router eigrp as#
router eigrp 10
network 192.168.1.1 0.0.0.0
router rip
version 2
network 192.168.1.0
no auto-summary
ip forward-protocol nd
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip access-list extended NAT
remark CCP_ACL Category=18
permit ip 192.0.0.0 0.255.255.255 any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
remark CCP_ACL Category=1
ip access-list extended STATIC-NAT-SERVICES
permit ip host 192.168.1.35 any
permit ip host 192.168.1.5 any
permit ip host 192.168.1.10 any
permit ip host 192.168.1.17 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map ADSL0 permit 10
match ip address NAT
match interface Dialer0
route-map ADSL1 permit 10
match ip address NAT
match interface Dialer1
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 10 remark INSIDE_IF=NAT
access-list 10 remark CCP_ACL Category=2
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 139.130.227.0 0.0.0.255 any
access-list 100 permit ip 203.45.106.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.10
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 101 permit tcp any any eq www
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.17
control-plane
banner login ^CCE-Rescue Systems^C
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
scheduler allocate 20000 1000
end
Thanks
Shawn
Maybe you are looking for
-
Can I use a project/issue management software with LabVIEW?
There are project/issue management softwares. I only know Redmine. Can I use LabVIEW with such softwares?
-
Purchases are not listed as purchases
I recently started to use Itunes again (after my original computer stuffed up), on it I had 253 songs of which about 50 were purchased songs, and many more from CDs etc. I also had them backed up onto a USB, now I managed to get all of the music off
-
About LiveCycle Generator 7.2 web service
hi, I use .net to call livecycle generator web service. Consult Adobe's 7.0 generator example, I use method "PdfGen.RequestSoapContext.Attachments.Add" to attach source file. But in 7.2 , this method disappear. how can I attach file ? I find that in
-
Upload Data From Excel sheet to VA01(Creating Sales ORder).I m using BDC for tat......but after putting all the data & when i press enter button it shows me Partner List(in the form of ALV screen),from which i have to chose the partner......now m not
-
PCIe-1433, extension boards and multiple trigger outputs
Hi All, I am using two cameras and three LED lighting bars to take images of fabric from a conveyor. The cameras are interfaced with an NI PCIe-1433 card which has two extension boards attached to it. To synchronise the triggering of both the cameras