getXML('WAN, Routing and Switching27867 m.metwallyNov 17, 2009, 9:31am PSTdear all,<br />i have Catalyst 2960 switch and 3560 PoE switch are connected together through a 1M leased line via trunk ports.<br />I cannot ping from any side to the other with a packet of size 1500 or more, also RDP connection is very slow and usually times out<br />trunk port of the 2960 is 10/100 and that of the 3560 is Gig.<br /><br />any advise? mmaturoNov 16, 2009, 12:17pm PSTI have a router that is receiving a prefix via redistributed eigrp and bgp. It installs the first in its routing table. The administrative distance are by default.<br />I don´t know that is happening.<br />Thanks.<br /><br />Marcelo<br /><br /> 30 paluchpeterNov 16, 2009, 12:32pm PSTMarcelo,<br /><br />You have not explained in sufficient detail what is the problem you are trying to solve.<br /><br />Nevertheless, at least some hints: if a route is redistributed into EIGRP and received by your router from another EIGRP neighbor, it is considered external and its administrative distance will be 170. If the route is advertised using the BGP then it depends on whether the network has been received from an internal or an external BGP peer. For internal BGP peers, the administrative distance is 200, on the other hand, for external BGP peers (from other autonomous systems), the administrative distance will be only 20.<br /><br />Does that explain what is happening in your routing table?<br /><br />Best regards,<br />Peter<br /> mmaturoNov 16, 2009, 12:49pm PSTThe bgp is an external peer. This is the configuration:<br /><br />router eigrp 300<br /> redistribute bgp 65200 metric 20880 100 255 1 1500<br /> network 10.40.4.0 0.0.0.255<br /> network 10.40.6.0 0.0.0.255<br /> distribute-list 21 out GigabitEthernet0/1<br /> distribute-list 20 in GigabitEthernet0/1<br /> distribute-list 23 in GigabitEthernet0/3<br /> no auto-summary<br /> no eigrp log-neighbor-changes<br />!<br />router bgp 65200<br /> no synchronization<br /> bgp log-neighbor-changes<br /> network 10.40.4.0 mask 255.255.255.0<br /> redistribute static<br /> redistribute eigrp 300<br /> neighbor 172.16.255.13 remote-as 10888<br /> neighbor 172.16.255.13 ebgp-multihop 2<br /> neighbor 172.16.255.13 allowas-in<br /> neighbor 172.16.255.13 soft-reconfiguration inbound<br /> neighbor 172.16.255.13 prefix-list in in<br /> neighbor 172.16.255.13 prefix-list out out<br /> neighbor 172.16.255.13 route-ap sec_bgp out<br /> no auto-summary<br /> paluchpeterNov 17, 2009, 12:21am PSTHello Marcelo,<br /><br />Let's go over a few questions and comments.<br /><br />1.) What is exactly the problem you are trying to solve? Do you have a network that is present in your table from a particular routing protocol and you expect that is should be present there by a different routing protocol? Please, explain in detail what you see on your router that you consider to be incorrect. Include the related <b>show</b> outputs to demonstrate it.<br /><br />2.) You have soft-reconfiguration inbound configured for the neighbor 172.16.255.13. This is an obsolete workaround and is very memory-inefficient. All recent BGP implementations support the Route Refresh capability as per RFC 2918 that is activated automatically if both peers support it. If the command<br /><br /><b>show ip bgp nei 172.16.255.13 | i refresh</b><br /><br />shows the following output:<br /><br /><b>Route refresh: advertised and received(old & new)</b><br /><br />then you may safely remove the soft-reconfiguration command for that peer.<br /><br />Best regards,<br />Peter<br /> mmaturoNov 17, 2009, 3:22am PSTThanks Peter for your recomendation. The problem is that I need that the network will be present in my router from bgp ( it is the main link) and not by the eigrp ( it is from the secundary link: another bgp redistributed from other location).<br />This is the show commands:<br />sh ip route 74.5.124.2<br />Routing entry for 74.5.124.2/32<br /> Known via "eigrp 300", distance 170, metric 2585856<br /> Tag 10888, type external<br /> Redistributing via eigrp 500, bgp 65200<br /> Advertised by bgp 65200<br /> Last update from 10.40.6.1 on GigabitEthernet0/3, 02:35:39 ago<br /> Routing Descriptor Blocks:<br /> * 10.40.6.1, from 10.40.6.1, 02:35:39 ago, via GigabitEthernet0/3<br /> Route metric is 2585856, traffic share count is 1<br /> Total delay is 1010 microseconds, minimum bandwidth is 1000 Kbit<br /> Reliability 255/255, minimum MTU 1500 bytes<br /> Loading 1/255, Hops 1<br /> Route tag 10888<br /><br />And the route is received by bgp:<br /><br />sh ip bgp neighbors 172.16.255.13 received-routes | i 74.5.124.2<br />* 74.5.124.2/32 172.16.255.13 0 10888 10888 i<br /><br />And then why the router prefer eirp redistributed to bgp?<br /><br />Thanks.<br /><br />Marcelo<br /> paluchpeterNov 17, 2009, 5:51am PSTMarcelo,<br /><br />It seems that for some reason the router does not consider the route 74.5.124.2/32 via BGP neighbor as valid. There can be more causes for this but in any case, have a look into this output:<br /><br /><b>show ip bgp 74.5.124.2 255.255.255.255</b><br /><br />Look for any clues that might force the router to believe that this route is unusable for some reason. You can also paste the output of that command here - it will be very helpful.<br /><br />Best regards,<br />Peter<br /> mmaturoNov 17, 2009, 8:39am PSTThis is the show for another addres in the same situation:<br /><br />sh ip route 75.2.64.5<br />Routing entry for 75.2.64.5/32<br /> Known via "eigrp 500", distance 170, metric 2585856<br /> Tag 10888, type external<br /> Redistributing via eigrp 500, bgp 65200<br /> Advertised by bgp 65200<br /> Last update from 10.40.6.1 on GigabitEthernet0/3, 1d03h ago<br /> Routing Descriptor Blocks:<br /> * 10.40.6.1, from 10.40.6.1, 1d03h ago, via GigabitEthernet0/3<br /> Route metric is 2585856, traffic share count is 1<br /> Total delay is 1010 microseconds, minimum bandwidth is 1000 Kbit<br /> Reliability 255/255, minimum MTU 1500 bytes<br /> Loading 118/255, Hops 1<br /> Route tag 10888<br />---------------------------------------------------------------------------------<br /><br />sh ip bgp 75.2.64.5 255.255.255.255<br />BGP routing table entry for 75.2.64.5/32, version 234499<br />Paths: (2 available, best #2, table Default-IP-Routing-Table)<br /> Not advertised to any peer<br /> 10888 10888, (received & used)<br /> 172.16.255.13 from 172.16.255.13 (200.26.76.83)<br /> Origin IGP, localpref 100, valid, external<br /> Local<br /> 10.40.6.1 from 0.0.0.0 (77.252.1.10)<br /> Origin incomplete, metric 2585856, localpref 100, weight 32768, valid, so paluchpeterNov 17, 2009, 8:59am PSTHello Marcelo,<br /><br />Well, now it's clear.<br /><br />Have a look at this document describing the BGP Best Path selection algorithm:<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml')">http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml</A><br /><br />Specifically, have a look at the step 3: <b>Prefer the path that was locally originated via a network or aggregate BGP subcommand or through redistribution from an IGP.</b><br /><br />In your case, you have a network in your routing table that comes from EIGRP. This network is subsequently redistributed into BGP database. Now, the BGP goes over entries in its database and for each prefix, it tries to locate the best path. As the locally originated (injected) entries are preferred to entries coming from other BGP peers, the BGP considers these entries to be the best, and does not replace the routing table contents with the prefix information from external BGP peers. That is why the path to those prefixes through the BGP peer is not installed into your routing table because according to the BGP best path selection algorithm, it is currently not considered as the best path.<br /><br />The question is whether you need to redistribute these networks from EIGRP back into BGP. If not then you should simply filter them out in the redistribution command using a suitable prefix-list or a route-map. In such case, the BGP will not consider these networks as locally injected, and will instead consider the best path to be the path through the BGP neighbor which will subsequently have a better administrative distance than the EIGRP.<br /><br />Are you sure you need to redistribute those networks into BGP?<br /><br />Best regards,<br />Peter<br />kschleppenbachNov 17, 2009, 9:25am PSTThanks Peter, Great explanation! I was investigating this exact same issue when I came across this post. I had seen the issue years back also and thought I resolved it by adjusting the admin distance on one or the other protocols but it doesn't sound like that will work here. dpatkinsNov 12, 2009, 11:51am PSTWe have multiple EIGRP remote connections that come into two Cisco devices. One is a Cisco 3750 and the other is a Cisco 7206. The 7206 is the primary router and the Vlan interface on teh 3750 has a delay of 200 on it. All 10.10.0.0/16 traffic is destined for the Cisco 7206 route but the 10.10.1.0/24 address space. We cannot figure out why if you do a show IP route 10.10.1.75 that it always goes to the 3750. We want it to go the 7206 which has the lower metric. <br /><br />I hope this makes sense.<br /><br />Thank you<br /><br />Dwane 30 asingh2Nov 12, 2009, 11:54am PSTWould you able to paste the network diagram and the device configs please.<br /> dpatkinsNov 12, 2009, 12:16pm PSTI have included the attachments. Vlan 244 is our connection the remote areas using EIGRP and Vlan 11 is our connection to our internal network. <br /><br />Thank you<br /><br /><b>Attachment Keywords : </b> <br />1) C3750config<br />2) 7206router<br />C3750config123515application/octet-streamexe761511/12/2014no7206router123516application/octet-streamexe1909711/12/2014no giuslarNov 13, 2009, 8:12am PSTHello Dwane,<br />post a sh ip route of involved subnets<br /><br />sh ip eigrp topology can also be of help<br /><br />however, if you want to prefer the c7206 it may be wise on C3750 to put an higher delay value<br /><br />C3750<br /><br />interface Vlan244<br />delay 20000<br /><br />for example may help<br /><br />you need to compare with delay as appears on 7206 interface<br /><br />that is gi0/3.144.<br /><br />you should manipulate delay on link to remote site that is on path not on interface to other router.<br /><br />so if this vlan144 is a backbone vlan your changes on C3750 may be not effective because C3750 reports cumulative delay and lowest BW on path to destination IP subnet in vlan144 without taking in account settings on vlan144 itself.<br /><br />router receiving EIGRP updates will use its own delay and BW to calculater metric from its own point of view<br /><br />Hope to help<br />Giuseppe<br /> dpatkinsNov 17, 2009, 8:20am PSTAll, thanks for the help. We have the EIGRP issue working, but the incoming traffic is not hitting the route-map. The route-map is configured on the gig0/3.244 sub-interface, but all 10.120.1.x traffic is not going to 10.111.87.251 per the route-map next hop.<br /><br />Any ideas or is there something special one needs to do to get a route-map to work with EIGRP?<br /><br />Thank you,<br /><br />Dwane dpatkinsNov 17, 2009, 9:13am PSTI think we have found the issue. It was in our match ip ACL. We had 10.120.x.x/24 and used a standard access-list instead of an extended ACL. Thanks for your help.<br /><br />DWaneocporbustNov 16, 2009, 3:38pm PSTsince I reconfiguring frame realy switch .. <br /><br /><br />R1 can ping r2 and r3<br />R2 can ping r1<br />r3 can ping r1<br /><br />r2 can not ping r3<br />r3 can not ping r2<br /><br />frame-switch#sho frame-relay route<br />Input Intf Input Dlci Output Intf Output Dlci Status<br />Serial1/1 122 Serial1/2 221 active<br />Serial1/1 123 Serial1/3 321 active<br />Serial1/2 221 Serial1/1 122 active<br />Serial1/3 321 Serial1/1 123 active<br /><br />===================================<br />interface Serial1/1<br /> no ip address<br /> encapsulation frame-relay<br /> logging event subif-link-status<br /> logging event dlci-status-change<br /> clock rate 56000<br /> no frame-relay inverse-arp<br /> frame-relay intf-type dce<br /> frame-relay route 122 interface Serial1/2 221<br /> frame-relay route 123 interface Serial1/3 321<br />!<br />interface Serial1/2<br /> no ip address<br /> encapsulation frame-relay<br /> logging event subif-link-status<br /> logging event dlci-status-change<br /> clock rate 56000<br /> no frame-relay inverse-arp<br /> frame-relay intf-type dce<br /> frame-relay route 221 interface Serial1/1 122<br />!<br />interface Serial1/3<br /> no ip address<br /> encapsulation frame-relay<br /> logging event subif-link-status<br /> logging event dlci-status-change<br /> clock rate 56000<br /> no frame-relay inverse-arp<br /> frame-relay intf-type dce<br /> frame-relay route 321 interface Serial1/1 123<br /><br /><br />====================================<br /> 30sharifimrNov 16, 2009, 4:03pm PSTIs r1 the hub and r2 and r3 are the spokes? If yes, are you running any dynamic routing protocols? If no, you need a static route from r2 poining to r1 and also static route from r3 pointing to r1.<br /><br />HTH<br />RezaocporbustNov 16, 2009, 4:27pm PSTReza,<br /><br />That is correct R1 is Hub r2 and r3 are the spokes.. no dynamic routing protocols .. <br /><br />R2(config)#ip route 172.12.123.2 255.255.255.0 172.12.123.1<br />%Inconsistent address and mask<br /><br /><br />R3(config)#ip route 172.12.123.3 255.255.255.0 172.12.123.1<br />%Inconsistent address and mask<br /><br /><br />I tried that and I get and error<br /><br />Thanks ResasharifimrNov 16, 2009, 6:43pm PSTYou need to point to the network no to the hose like:<br />ip route 172.12.123.0 255.255.255.0 172.12.123.1<br /><br />I attached an example for your routers<br /><br />HTH<br />Reza<br /><br /><b>Attachment Keywords : </b> <br />1) New Microsoft PowerPoint Presentation.ppt<br />New Microsoft PowerPoint Presentation.ppt123658application/vnd.ms-powerpointpowerpoint2713611/16/2014nosharifimrNov 16, 2009, 6:46pm PSTcorrection<br /><br />You need to point to the network not to the host<br />ocporbustNov 17, 2009, 9:09am PSTstill not working RESA, <br /><br />here is my topology, i went to r2 and added <br />ip route 172.12.123.0 255.255.255.0 172.12.123.1<br /><br />and on r3<br />ip route 172.12.123.0 255.255.255.0 172.12.123.1<br /><br />am I doing something wrong . is my frame relay config correct... <br /><br />Thanks <br /><br /><br /><br /><br /><b>Attachment Keywords : </b> <br />1) frame relay .doc<br />frame relay .doc123682application/octet-streamexe2508811/17/2014no kevin.huNov 17, 2009, 8:23am PSTHi,<br /><br />I figure out how to use the pipe symbol to form "AND" operator, such as show cdp nei | ex Gig|VMware (exclude BOTH Gig AND VMware keywords).<br /><br />However, does anyone know how to use the pipe or other symbol to form "OR" and "NOT" operators?<br /><br />Thanks. systemsadminasNov 17, 2009, 8:16am PSTNeed some help figuring out what my problem is here with NAT not being performed on our data connections using Ability File Server 1.20 (Code-crafters.com) along with the Linksys/Cisco RV042 router.<br /><br />The server sees and accepts client connections on port 21 fine but can’t get an active data connection using PASV or active port assignments. I can log in fine using command-line FTP (and see this in the login window on the server), but actions initiating data-related commands fail with a 425 'Can't open data connection'. Trying to connect to FTP using a browser or My Network places fails outright (probably for the 425)<br /><br />We’re using PASV mode with ports 4990 through 4997, with our gateway being 192.168.1.1. Connections are accepted on port 21,which is forwarded (along with PASV ports) from this gateway to 192.168.1.8, which is the local IP for the server. With the appropriate Internet Options for view in Win Explorer and PASV on, I can’t get XP or Win 7 clients to connect either in a browser or as an FTP network place. Same behavior with or without encryption.<br /><br />From the command prompt, however, I can get a connection fine with or without encryption, but the 425 data connection failure always occurs.<br /><br />Looking at the AFS log, it is only seeing the gateway's LAN address for the client connections, though on the client side they are being assigned the proper internet IP of our gateway (64.xx.xx.34), and the proper PASV port. It seems that though port 21 is forwarding properly to the FTP server, they are not for the PASV ports, and NAT is not being performed for the data connection such that AFS cannot see the client's IP.<br /><br />Any idea how I can resolve this? bapatsubodhNov 17, 2009, 6:46am PSThi,<br />Most of the times we are struck in the problem that we are not able to ping the device but in this weird case I am getting ping responce which is not expected. In our network of L2 switches and only one L3 switch which acts as default gateway for all VLAN. We have one device (not PC or any network device) where we have configured only the ip addres but there is no way to configure subnet mask or default gateway. I was expecting that it will not be able to communicate with devices from any other VLAN as there is no DG to this device. But to my surprise I was aple to ping to this device from other VLANS also. This remains a mystery to me. Some L2 or L3 swicth is forwarding the frames and the some how it is getting a ping responce. <br />Please share the experience.<br />Any link on cisco.com is highly appreciable.<br />Thanks in advance.<br />Subodh 30 paluchpeterNov 17, 2009, 7:47am PSTSubodh,<br /><br />You are probably experiencing the ProxyARP in action. The device will ask for MAC address of every IP it talks to using ARP. The L3 switch does not own the IP address in question, however, according to its routing table, it known the route to it, therefore it responds using its own MAC address. As a result, the device sends its IP packet to the L3 switch, exactly as if the default gateway was correctly configured.<br /><br />There are various disadvantages to the ProxyARP, notably a big ARP traffic and a large ARP cache on the device that relies on the ProxyARP function, and usually, it is better turned off. However, in your case, it is probably the only way to ensure that your device is able to talk to other networks.<br /><br />Read here for further information:<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml')">http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml</A><br /><br />Best regards,<br />Peter<br />cm@benau.comNov 17, 2009, 7:11am PSTHi Guys a quick one, I have a problem with my router which is not saving configuration after I switch off. Where do I go ? Any clues<br /> 30sharifimrNov 17, 2009, 7:24am PSTChris,<br /><br />Can you post sh ver?<br /><br />RezalaposilaszloNov 17, 2009, 6:55am PSThello,<br />Is it possible to bridge the same subnet across a VPN.(i need to connect two audio devices that need to be in the same subnet)<br />(it doesen't have to be secure.(no ipsec) it can be a gre tunnel))<br />thank you,<br />laszlo<br /> 30 giuslarNov 17, 2009, 7:06am PSTHello Laslo,<br /><br />you can use L2TPv3 if supported on your devices<br /><br />see<br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html')">http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html</A><br /><br />Hope to help<br />Giuseppe<br /><br /> p.bevilacquaNov 17, 2009, 7:08am PSTNo true IP device never requires to be in the same subnet.<br /><br />If you read the specs for your device, you will find how to configure for routing.<br />reginaldjohnsonNov 16, 2009, 2:09pm PSTi have a Cisco 2811 router and when I turn of the router the running config is lost. I have to the following to get the router running of the start-up config settings.<br />router#copy start-up running-config <br />What is the problem. Note:The rotuer does have a flash card 30jon.marshallNov 16, 2009, 2:10pm PSTReginald<br /><br />It could well be your config register. Can you post output of "sh run" from router.<br /><br />JonreginaldjohnsonNov 17, 2009, 6:20am PSTTR2800#sh ver<br />Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(15)T9,<br /> RELEASE SOFTWARE (fc5)<br />Technical Support: <A HREF="javascript:newWin('http://www.cisco.com/techsupport')">http://www.cisco.com/techsupport</A><br />Copyright (c) 1986-2009 by Cisco Systems, Inc.<br />Compiled Tue 28-Apr-09 13:10 by prod_rel_team<br /><br />ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)<br /><br />RTR2800 uptime is 20 hours, 41 minutes<br />System returned to ROM by reload at 22:39:09 UTC Mon Nov 16 2009<br />System image file is "flash:c2800nm-advsecurityk9-mz.124-15.T9.bin"<br /><br /><br />This product contains cryptographic features and is subject to United<br />States and local country laws governing import, export, transfer and<br />use. Delivery of Cisco cryptographic products does not imply<br />third-party authority to import, export, distribute or use encryption.<br />Importers, exporters, distributors and users are responsible for<br />compliance with U.S. and local country laws. By using this product you<br />agree to comply with applicable laws and regulations. If you are unable<br />to comply with U.S. and local laws, return this product immediately.<br /><br />A summary of U.S. laws governing Cisco cryptographic products may be found at:<br /><A HREF="javascript:newWin('http://www.cisco.com/wwl/export/crypto/tool/stqrg.html')">http://www.cisco.com/wwl/export/crypto/tool/stqrg.html</A><br /><br />If you require further assistance please contact us by sending email to<br /><A HREF="mailto:export@cisco.com">export@cisco.com</A>.<br /><br />Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.<br />Processor board ID FTX1048A03Q<br />2 FastEthernet interfaces<br />1 Channelized T1/PRI port<br />1 Virtual Private Network (VPN) Module<br />DRAM configuration is 64 bits wide with parity enabled.<br />239K bytes of non-volatile configuration memory.<br />62720K bytes of ATA CompactFlash (Read/Write)<br /><br />Configuration register is 0x2142<br />jon.marshallNov 17, 2009, 6:31am PSTReginald<br /><br />Your configuration register is set to 0x2142 which tells the router to ignore the running config at boot up. <br /><br />Change the config register on your router ie. <br /><br />2811(config)# config-register 0x2102<br />2811# wr mem <br /><br />and then reload<br /><br />JonreginaldjohnsonNov 17, 2009, 6:57am PSTGood to go. Thank Youcsawest.dcNov 17, 2009, 6:44am PSTDear Members,<br /><br />Please help me regarding which router I hav prefer when Two ISP bandwidth comes in single router.<br /><br />1- 2801 , 2- 2811, 3-2821, 4-3825, 5-3845<br /><br />in which one i have to prefer for two ISP bandwith in single.<br /><br />ISP-1 Bandwidth 45 MB<br />ISP-2 Bandwidth 30 MB<br /><br />and one more help please give me BGP templets of below mention Scenerio <br /><br />My BGP ASN 131215 (4 byte) 2.143<br />My network 111.235.72.0/22<br /><br />ISP-1 ASN 18101<br />neighbor 220.225.63.150<br /><br />ISP-2 ASN 4755<br />Neighbor 97.24.123.151<br /><br />So what is the configuration i have to paste in my router for load balance when any one ISP Bandwidth full utilised then autometic use 2nd ISP bandwith and and also when any one ISP bandwidth goes down then autometic work all loads in my router on any working ISP bandwith.<br /><br />Thanks in ADV,<br /><br />Vaib...<br /> csawest.dcNov 15, 2009, 2:40am PSTPlease find herewith running-cong of my 1841 router.<br />There is in my ISP currently working 45 MB bandwidth from Reliance.<br />In 1841 router right now only two Fastethernet Card Fe0/1 from Reliance and fe0/0 to my network,<br />4 byte bgp routing working fine in 1841 router with 45 MB bandwidth, now we need to requried anather<br />45 MB bandwidth from Airtel.<br />We need when reliance 45 MB used full load then it's start to use Airtel bandwidht and also when any<br />one ISP bandwitdh goes down it's autometic full load up on anather ISP bandwidth.<br />can it is possible in 1841 router ?<br />how many FAstEthernet we have to need when 2 ISP bandwith in 1841 router at present only 2 FastEthernet in my 1841.<br /><br />Please help me what is the configuration of BGP when 2 ISP bandwith in 1841 router.<br />Reliance ASN-- 18101<br />Neignbor IP -- 220.225.63.150<br />Airtel ASN--4755<br />Neighbour-- 97.101.144.129<br />My IP Netwrok from APNIc 111.235.72.1 255.255.252.0<br />My ASN--131215 ( 4 byte ASN) convert to ASDOT for BGP in 1841 2.143<br /><br />One more think I have four 3750G-12S-S (12 SFP port Switch), can 4 byte BGP support in 3750g Swtich ? if yes so which IOS i hv to need.<br /> <br />Please help me it's very URGENT for me.<br />Thanks in ADV,<br />Vaibhav. <br /><br /><br /><br /><b>Attachment Keywords : </b> <br />1) Running-config-ISP.txt<br /> Running-config-ISP.txt123590text/plaintext695411/15/2014no30 giuslarNov 15, 2009, 3:29am PSTHello Vaibhav,<br />a C1841 is accredited of 75000 packet per second pps with no feature.<br />This is equivalent to 38 Mbps.<br /><br />It cannot handle 45 Mbps on a link and an additional link.<br /><br />also there is no easy mechanism to trigger usage of second ISP when first link is full.<br /><br />about 3750G I don't think it is able to support 4 byte ASN in current IOS versions<br /><br />see<br />feature navigator<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/go/fn')">www.cisco.com/go/fn</A><br /><br />Hope to help<br />Giuseppe<br />csawest.dcNov 15, 2009, 6:42am PSTDear Giuseppe,<br /><br />Thansk for quick support, one more help pl, what it the configuration for two ISP Bandwith with BGP routing i need to config in my router.<br /><br />My ASN 131215 ( 2.143)<br />my Network 111.235.72.0/22<br /><br />1 ISP ASN- 18101<br />their Neighbor IP 220.225.63.150<br /><br />2 ISP ASN- 4755<br />their neighbor 97.123.49.152<br /><br />can i need to config Route-map ?? or what i have to do when two ISP bandwith in single router with BGP routing ??<br /><br />Thanks in ADV,<br /><br />Vaib...<br /> giuslarNov 16, 2009, 9:40am PSTHello Vaibhav,<br /><br />see following example of eBGP multihoming<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml')">http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml</A><br /><br />you may want to be sure to be not a transit point between ISPs<br /><br />ip as-path access-list 11 permit ^$<br /><br />you then add<br /><br />neigh isp1 filter-list 11 out<br />neigh isp 2 filter-list 11 out<br /><br />Hope to help<br />Giuseppe<br />csawest.dcNov 17, 2009, 5:57am PSTDear Sir,<br /><br />Thank you very much for your gr8 support.<br /><br />now i hv one quirry can Cisco WS-3750G-12S-S switch support 4 Byte BGP ? if yes so which IOS i need to upgrade.<br /><br />Thanks in ADV,<br />Vaib...<br />Rik19972000Nov 16, 2009, 1:55pm PSTI'm struggling with the documentation.More exactly with layer 1.<br /><br />Material: c1841 with HWIC-4HSDSL.<br /><br />A cable is delivered from RJ45 to 2x RJ11<br /><br />In the documentation I find for the cabling:<br /><br />2wire, 4 wire and 8 wire + some cabling schemes. Eg<br /><br />(<A HREF="javascript:newWin('http://ciscosystems.com/en/US/prod/collateral/modules/ps5949/ps7175/prod_qas0900aecd80591ff1.pdf')">http://ciscosystems.com/en/US/prod/collateral/modules/ps5949/ps7175/prod_qas0900aecd80591ff1.pdf</A>)<br /><br />I think the delivered cable is a RJ-45 Connector to Four Standard RJ-11 Connector. But why do I have 2 RJ11 connectors? <br /><br />So how do I start?<br /><br />1) check the number of wires on the phone cable?<br />2)then?..<br /><br />I found also that for this HWIC you've two possibilities:<br />Standard RJ-45 Connector to Four Standard RJ-11 Connectors or Standard RJ-45 Connector to Two Standard RJ-11 Connectors .<br /><br />I know... I'm confused.<br /><br />configuration:<br />controller SHDSL 0/0/0<br /> termination cpe <br /> dsl-group 0 pairs 0, 1 (! what about the layer1 for choosing a combination of 0,1,2,3)<br /> shdsl 4-wire mode enhanced<br /> shdsl annex F-G coding 32-TCPAM<br /> shdsl rate 1536<br /><br />-> configuration for a 4 wire connector I suppose as you've two pairs.<br /><br />interface ATM0/0/1<br /> no ip address<br /> no atm ilmi-keepalive<br />!<br />interface ATM0/0/1.1 point-to-point<br /> ip add x.x.x.x x.x.x.x<br /> logging event subif-link-status<br /> atm route-bridged ip<br /> pvc 0/32 <br /> !<br />So I want first to start with the layer 1 gaps.<br /><br />Then I also want to use bridging if possible.<br /><br />Thanks in advance 30 p.bevilacquaNov 16, 2009, 1:58pm PSTWires... adjust as you like. It doesn't make a difference as long you respect pairing.<br /><br />Recommend do not use bridging for best performance, scalability and troubleshooting.<br /><br />Rik19972000Nov 16, 2009, 2:26pm PSTWhy 2 RJ11 connectors?<br /><br />So first I've to check how many wires my phone cable has?<br /><br />If for example my phone cable has 4 wires. <br /><br />dsl-group 0 pairs 0, 1<br />or<br />dsl-group 0 pairs 2,3<br /><br />If you have a clean installation then you can chose as long you use same pairs 0,1 or 2,3 on both sides? That probably the reason that there are 2x RJ11 cables?<br /><br />Like this:<br /><br />Why should you work like this:<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/i/100001-200000/150001-160000/155001-156000/155563.jpg')">http://www.cisco.com/en/US/i/100001-200000/150001-160000/155001-156000/155563.jpg</A><br /><br />Am I right that with this one you can configure 1 router as CO and 4 routers as CPE via a 2 wire connection? <br /><br />or this:<br />Standard RJ-45 Connector to Two Standard RJ-11 Connectors <br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/i/100001-200000/150001-160000/155001-156000/155564.jpg')">http://www.cisco.com/en/US/i/100001-200000/150001-160000/155001-156000/155564.jpg</A><br /><br />I think this will be the cable that's delivered with the HWIC? p.bevilacquaNov 16, 2009, 2:30pm PSTWhy? Because Cisco thought that would help someone. If it doesn't help you, crimp your own cable.<br /><br />As mentioned above, you can arrange physical wiring as you like, only respect pairing.<br /><br />Everything indicated in manuals and diagrams is correct until proven wrong.<br /><br />Rik19972000Nov 16, 2009, 11:34pm PSTSo on one side I can use for examples pairs 0,1 and on the other side 2,3?<br /><br />What about 2,4,8 wires?<br /><br />For example 8 wires, in a phone cable? 2xRJ11 coupled? p.bevilacquaNov 17, 2009, 5:27am PSTNo, as said above you must respect pairing.<br /><br />Then you can use any cable as you like as long (again) pairing is respected. brennan.kNov 16, 2009, 5:16am PSTHi All,<br /><br />I'm looking for a sizing guide for the ISR's that would indicate what the overhead of L2TPv3 would be.<br /><br />I'm familar with the router performance guide with the PPS figures, but I have never seen a guide that quotes what the services overhead would be.<br /><br />My requirements are something that will provide at least 20Mb full duplex of L2TPv3 throughput. There will be no other services running. The two routers will be connected by a 100Mb L3 service.<br /><br />I'm hoping that the 2811, or maybe even the 2801 might be up to the task.<br /><br />Any info anyone could provide would be great.<br /><br />Thanks<br /><br />Kevin 30 giuslarNov 17, 2009, 5:12am PSTHello Kevin,<br />only performing tests over some hours can tell you if the device fits your needs.<br /><br />Hope to help<br />Giuseppe<br /> brennan.kNov 17, 2009, 5:18am PSTHi Giuseppe,<br /><br />I was afraid that would be the answer. <br /><br />I'm working in a small enough company, so we dont have the resources to buy kit just to test it.<br /><br />Do you know if Cisco VAR's will setup a test lab for customers?<br /><br />Thanks<br /><br />Kevinadamgibs7Nov 17, 2009, 4:57am PST WEB Servers<br /> |<br /> Firewall (Customer Z VRF)<br />10.20.20.1 | | 10.10.10.1<br /> | |<br /> Switch<br /> / \\<br /> / \\<br />(20.2) A B (10.2)<br /> | \\ / |<br /> | / \\ |<br />RR-1---Core-2 Core-1----RR-2<br /> | |<br /> ISP-1 ISP-1<br /><br />There are two redundant links from Dist-A and Dist B,to firewall,and<br />redundant links from Dist-A and Dist-B to Core-1 and Core-2, firewall want<br />to prefer Dist-A rather than Dist-B pointing static route with high AD to<br />B to remote sites located on other end of ISP.Am receiving routes from<br />another end (behind ISP) from active Core 1 and core-1 is passing routes to<br />Dist-A and Dist-B,<br /><br />Customer Z VRF Firewall want the traffic to be from the interface 10.20.20.1<br />for webservers,when applying static routes for webservers on Dist-A and<br /> Dist-B the static route on B pointing to 10.20.20.1 will it work or traffic<br />will be blackholed??? give me alternate solution or any link with example<br />configuration that link between Dist-A and firewall shld be active and the link between Dist-B shld be standby.<br /><br />Dist-A<br />ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1<br />ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2<br /><br />Dist-B<br /><br /> ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1<br />ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2 kevin.huNov 6, 2009, 9:27am PSTAfter reading thru Cisco's data center interconnect, it is interesting. However, how do you use it in the real world scenario and why would you do it? The idea is to extend layer 2 VLAN from one data center to another; basically creating a giant virtual data center. If a data center is down, another data center will pick up the transaction.<br />Can't you do the same with Global Server Load Balancing? I would think two MPLS connections to each data center is more than enough. Has anyone implement this data center interconnect using VPLS, EoMPLS, etc?<br /><br />Thanks 30 ediortizNov 6, 2009, 1:53pm PST<i>Can't you do the same with Global Server Load Balancing?</i><br /><br />The answer depends on the application. If you are running an application that needs to have other servers in the same LAN and you want to have servers in different locations, you are forced to extend your L2 domain. DCI is the perfect solution.<br /><br />If the application can interact with other servers running the same application and the communication can be routed, the GSLB would be the right solution.<br /><br /><i>Has anyone implement this data center interconnect using VPLS, EoMPLS, etc? </i><br /><br />EoMPLS.<br /><br />Regards<br /><br />Edison.<br /><br /> kevin.huNov 9, 2009, 9:32am PSTThanks Ed.<br /><br />Just wondering, from your experience, what specific apps require servers to be in the same LAN at different locations?<br /><br /> mklemovitchNov 9, 2009, 10:42am PSTI have seen various vendors' (Sun, Oracle) clustering solutions require layer 2 connectivity between hosts in a given cluster.<br /><br />Some have moved away from that with current product releases, but we often have to work with an installed base that continues to have the old required host connectivity characteristics. ediortizNov 9, 2009, 11:22am PSTSimilar to the ones mentioned by Marvin - you can add Microsoft's LB to the list...<br /><br />Regards<br /><br />Edison. jeyeNov 9, 2009, 11:31am PSTVMWare vmotion, storage motion; FCoE, etc.<br /><br />Regards,<br />jerry vijayaramNov 17, 2009, 4:44am PSTLooking at the DCI podcast (by Amit Singh) on TechWiseTV, there are pair of 6500-VSS switches at each data center specifically to extend layer-2. <br />Can't this be managed using DC aggregation switches (6500-VSS) in both data centers and having dark fiber between them? <br />I think it would be hard to justify 4 nos of 6500-VSS for layer2-extension alone.<br /><br />One of the other concern is about the split-subnet scenario; does the DCI design completely avoids split-subnet? How is spanning-tree root bridge assignment done if both DCs are in high-available mode?<br /><br />I've narrowed down on the DCI using 6500-VSS using dark fiber option for interconnecting our data-centers, but need to study more (along with the server teams) on the implications at both layer-2 and layer-3.<br /><br />Can anyone point me to right resource (technical documents, design guides,case study) for this requirement? <br />Thanks.<br />Rgds, VJengr.J.K.VasvaniNov 16, 2009, 11:31pm PSTDear Experts,<br /><br />Could you please explain what exactly the mis-matched refrence-bandwidth and Incremental SPF (commands) on different routers could affect? ( I mean few are having defaults and others having non-default)<br /><br />Do these parameters affect on convergence in ospf domain?<br /><br /><br />I'd appreciate yours earliest replies.<br />ThankYou 30 giuslarNov 16, 2009, 11:36pm PSTHello Jagdesh,<br /><br />having different autocost reference bandwidth is not recommended it can lead to suboptimal routing :<br />two different routers can make opposite choices and this can create loops in some cases.<br />It is more a question of consistency then a problem of convergence.<br /><br />incremental SPF timers can be different in your routers but this clearly means that overall convergence is that of bigger timers.<br /><br />Hope to help<br />Giuseppe<br /> josephdohertyNov 17, 2009, 4:31am PST"<i>two different routers can make opposite choices and this can create loops in some cases. </i>"<br /><br />I can see that as possible during convergence, but could you provide an example after convergence (i.e. a loop)? josephdohertyNov 17, 2009, 4:27am PST"<i>Could you please explain what exactly the mis-matched refrence-bandwidth and Incremental SPF (commands) on different routers could affect? ( I mean few are having defaults and others having non-default)</i>"<br /><br />Mismatched reference bandwidths will will impact the link costs used by routers in their SPF calculation (and route path selection). For example, say you have two peer routers, both with 100 Mbps Ethernet interfaces. Default OSPF reference cost would assign such links as 1. However, changing reference bandwidth on one would change it's cost for the same interface bandwidths. Perhaps its 100 Mbps links now cost 10 (i.e. gig ref). Both routers would treat one router's 100 Mbps links like the other's 10 Mbps links.<br /><br />Incremental SPF is a method to attempt to "short circuit" doing SPF for the whole topology. End result should be identical, however router with Incremental SPF CPU enabled might use less CPU for SPF calculations and finish such calculations faster. Further information on this feature can be found here: <A HREF="javascript:newWin('https://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospfispf.html')">https://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospfispf.html</A><br /><br />"<i>Do these parameters affect on convergence in ospf domain? </i>"<br /><br />Yes, with "correctness" for reference-bandwidth and CPU resouce usage and perhaps time to converge for the latter.lmanavalanNov 16, 2009, 4:47pm PSTHi,<br />i am trying to Establish IPSec VPN Tunnel between to ASA 5505. I assigned the IP address, enabled NAT, Configured the IPsec and IKE and other basic configuration. <br />When i tried to Ping the inside address of the other end from inside network of this end i am seeing this error message on the ASDM home screen (Deny inbound icmp scr inside: <private ip address> dst inside: <private IP addr> (Type 8, Code 0)) <br /><br />What is the possible Reason for this error message. i have allowed the icmp echo and icmp echo-reply on the outside interface of both the ASA.<br />Can some help me on this<br /><br />Thanks<br />Logesh 30 chiorean.calinNov 17, 2009, 4:01am PSTHi!<br /><br />On the inside interfaces, do you have any ACL? You said that you allowed ICMP on the outside ones, but nothing about inside.<br />Second, where do you see the error message? On the source ASA or on the destination?pshah.1979Nov 15, 2009, 12:41pm PSTHi Netpro<br />Need comparision between DMVPN Vs GRE IPSEC. Looking for Real Life pros&cons between them?<br /><br /> 30 giuslarNov 15, 2009, 2:39pm PSTHello Pratik,<br /><br />DMVPN = point-to-multipoint GRE + IPSec<br />GRE+ IPSec = point-to-point GRE + IPSec<br /><br />DMVPN requires to deploy a certification authority server, using a single shared key is not secure enough.<br /><br />We can say that DMVPN is more hard to deploy but it is far easier to mantain and should be a winning choice if number of remote sites increases over time.<br /><br />Hub router configuration doesn't need to be changed when a new remote site has to be added this helps also on scalability.<br /><br />DMVPN disadvantage: it is Cisco proprietary.<br /><br />point-to-point GRE and IPsec is easier to setup but harder to mantain: adding a new remote site requires configuration on hub and new remote.<br />Also when doing changes there are some errors that can impact multiple remote sites: if for example in a crypto map block a non-existing ACL is invoked this is seen as a permit ip any any and causes that connectivity to all remote sites configured in following crypto map blocks is broken.<br />it is enough to delete an ACL to do this.<br /><br />a possible advantage is that it is possible to accomodate a remote peer that has different authentication and encryption capabilities and non cisco devices. <br /><br />Hope to help<br />Giuseppe<br />pshah.1979Nov 15, 2009, 11:36pm PSTGiuseppe,<br />in DMVPN can we now the traffic utilization from Hub to single spoke or multiple spoke. giuslarNov 16, 2009, 4:49am PSTHello Pratik,<br /><br />>> in DMVPN can we now the traffic utilization from Hub to single spoke or multiple spoke.<br /><br />not totally clear to me.<br /><br />in DMVPN you can decide if you want to allow dynamic spoke to spoke communications (DMVPN phase2 and later) or you can decide to block this and to have only spokes to hubs communication.<br /><br />in this case spoke to hub to spoke is required.<br /><br />if you mean how you can monitor traffic volume to specific remote sites that is a different matter.<br /><br />Hope to help<br />Giuseppe<br /> paluchpeterNov 16, 2009, 2:03am PSTHello Giuseppe,<br /><br />A very fine answer indeed. There is one thing I wanted to point out, though - the DMVPN does not have to be implemented using IPsec. While of course every reasonable implementation of DMVPN uses IPsec for data confidentiality and integrity purposes, the IPsec itself is just an add-on on top of the real DMVPN provided by NHRP and multipoint GRE tunnels.<br /><br />Regarding the proprietarity - actually, all protocols used in DMVPN are open and described in RFCs. A different thing, though, is that I haven't seen any other vendor implementing them.<br /><br />Best regards,<br />Peter<br /> giuslarNov 16, 2009, 4:46am PSTHello Peter,<br />to be honest I've reported what I've read in the forums.<br />I don't remember who noted this but DMVPN is considered proprietary.<br /><br />other vendors have probably similar frameworks.<br /><br />Hope to help<br />Giuseppe<br />pshah.1979Nov 16, 2009, 11:51am PSTGiuslar,<br /><br />One of the consideration before moving to DMVPN would be to understand if its possible to know tunnel traffic between Hub and different spoke.<br /><br />In a simple IPSEC over GRE Tunnel or more tunnels its easy to identify traffic size or bandwidth consumed<br />In DMVPN can we get the same. giuslarNov 17, 2009, 2:59am PSTHello Pratik,<br />I think that modular QoS may help on this by providing a way to "count" traffic towards each remote site.<br /><br />see<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html')">http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_2_Phase2.html</A><br /><br />and qos for the enterprise<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html#wp60933')">http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html#wp60933</A><br /><br />Hope to help<br />Giuseppe<br /> hitchijNov 17, 2009, 2:56am PSTWe have encountered a couple of problems ASR1004 routers being deployed.<br /><br />1/ When a bridge group is configured on a Fastethernet port the ASR outputs error:<br /><br />*Nov 17 10:12:45.802: %TBRIDGE-4-INVALIDMEDIA: IEEE_STP received on FastEthernet 0/0/3 - invalid media for transparent bridging <br /><br />This has been recreated in the lab using both the first extended IOS XE image 02.04.01 and also the first extended update 02.04.02<br /><br />2/ On image version 02.04.01 it has also been noticed that a routing protocol distribute-list for a RIP interface does not work until the router is rebooted; same for a change to the vty exec command<br /><br />Has anyone else experienced similar with these IOS XE images and raised a TAC case for a resolution? Thanks in advance. marwanshawiNov 16, 2009, 2:52am PSThi guys<br />i have a strange issue <br />when i confugre to bgp hops like bellow <br /><br />lo0--R1--OSPF--R2--OSPF--R3--lo0<br />R1-----------EBGP--------R3<br /><br />i used the command ttl-security hops 3 on both sides<br />the bgp session is and established<br />the loopbacks advertised in bgp apear in the BGP routing table<br />BUT<br />dose not apear in the routing table <br />in bgp routing table it says that next hope inaceesable<br />however the next is accessable <br />becuase i can ping, sse it inospf routing<br />and the peering is up as well <br />same case with ebgp multihops works<br /><br />by the way the peering between the EBGP peers through tier loopbacks address<br /><br />any idea !! 30msobier123Nov 16, 2009, 3:05am PSTHi,<br /><br />I dont understand.. <br /><br />whats the real problem here? The BGP nexthop or some thing else? If the Nexthop is not in the routing table, then it would be inaccessible in the BGP table (Normal)<br /><br />The TTL of 3 shouldnt affect your BGP neighbor relationship establishment.<br /><br /><br />HTH<br />Mohamed marwanshawiNov 16, 2009, 4:24am PSThi Mohamed<br />the lo0 of both bgp peers advertised thorugh ospf<br />and reachable through the IGP<br />but there are som other lo interfaces advertised thorugh bgp <br />its shown in the bgp table but as not advertised<br />and showing the next hope ( the other peer lo0) as inaccessable<br /><br />i would say without ttl 3 no peer will be established as t is not directlyu connected EBGP peers<br />as i mentioned this topolog works fine if i use ebgp-multihope command instead of ttl security<br /><br />is it more clear now <br />i found it strange giuslarNov 16, 2009, 7:01am PSTHello Marwan,<br />the TTL security mechanism should tell what is the expected TTL on received BGP packet from peer to consider it valid.<br /><br />see<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bgp_neighor_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054684')">http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bgp_neighor_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054684</A><br /><br />I think you should use both commands if these are eBGP sessions<br /><br />Hope to help<br />Giuseppe<br /><br /><br /><br /><br /><br /> marwanshawiNov 16, 2009, 2:38pm PSThi Gusseppe<br />according to this linke which i seen it before <br />The neighbor ebgp-multihop command is not needed when this feature is configured for a multihop neighbor session and should be disabled before configuring this feature<br /><br />so we can NOT use both of them <br />try it <br />when you have ebgp-multi<br />and you enter the ttl command it will give error messege tell you you can't have both of them !!!<br /><br />thats why i found it strange becuase in term of TTL in and out all good thats why i got my peering seesion up <br />but why it tells next hop in accessable <br />i still wonderring <br /><br />anyway thank you for your time giuslarNov 16, 2009, 11:50pm PSTHello Marwan,<br />I've realized later I had suggested a wrong idea.<br /><br />you should verify if:<br />the BGP next-hop of routes is known in routing table.<br />this is the standard check and this has to be there.<br /><br />I wonder what additional checks can be done enabling ttl-security on BGP next-hop.<br /><br />looking for the number of route-hops to next-hop would require a traceroute and it is unlikely.<br /><br />Hope to help<br />Giuseppe<br /> vasuramnetNov 16, 2009, 10:49pm PSTDear sir,<br /><br />Ihave cisco 2960 l2 switch in that out of 24 port iwant to use two ports are HUB ports .Is it possible.<br />plz give me config example<br /><br />srini 30 giuslarNov 16, 2009, 11:39pm PSTHello Srini,<br />if you want to connect two hubs on two ports of C2960 this is possible.<br /><br />just verify that you haven't port security enabled on the ports.<br /><br />default configuration should be enough.<br /><br />you may want to set speed and duplex to half.<br />be aware that hubs work only in half-duplex mode.<br /><br />I recommend to enable spanning-tree bpduguard<br /><br />int f0/5<br />switchport<br />switchport mode access<br />switchport access vlan 5<br />spanning-tree bdpuguard enable<br /><br />this should be fine<br /><br />Hope to help<br />Giuseppe<br /> syjeonNov 16, 2009, 2:48pm PSTNetwork is connected both AS 100 and AS 200.<br /><br />When the traffic arrive AS 6500 router, we would like to load balancing the<br />Traffic both AS 100, and as 200, (remark : it’s different AS)<br /><br />I searched the solution, and I found the ‘bgp multipath’<br /><br />bgp multipath n<br />bgp multipath ibgp n<br />bgp multipath eibgp n<br /><br />What command is needed if we implement the BGP load-sharing on different?<br />In my thought, the bgp multipath n is solution, because of different as in AS<br />65500 manner.<br /><br />But I read the like following.<br />‘ if you implement the EBGP load sharing with bgp multipath, you should your<br />router is connected with dual-home.’<br /><br />But we are not dual home as you seen the topology.<br /><br /><br /><b>Attachment Keywords : </b> <br />1) bgpmultipath.pptx<br /> bgpmultipath.pptx123648application/vnd.openxmlformats-officedocument.presentationml.presentationunknown6474311/16/2014no30 giuslarNov 16, 2009, 11:33pm PSTHello Sung,<br />bgp multipath n is part of the solution but it is not enough.<br /><br />an additional hidden command is needed to make the router install routes from the two different ISPs with a different peer ASN.<br /><br />try to search bgp bestpath as-path multipath-relax in the forums<br /><br />bgp bestpath as-path multipath-relax <br /><br />see<br /><br /><A HREF="javascript:newWin('http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40')">http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40</A>^1%40%40.2cd4cb03/0#selected_message<br /><br />Hope to help<br />Giuseppe<br /><br /><br /> rechard_davidNov 16, 2009, 6:27pm PSTDear All,<br /><br />now i would like to implement VPN from HQ to many branch. at HQ i have Cisco router 2821 and branches i have router 1841. the connection from HQ to branch i used fiber optic. after i configure VPN from HQ to branch, the connection from HQ to branch it up only one tunnel and other branch it not up.<br />please kindly see in the attach file.<br />Do you have some configuration or any advice?<br /><br />Best Regards,<br />RE<br /><br /><b>Attachment Keywords : </b> <br />1) Drawing1.jpg<br /> Drawing1.jpg123670image/jpegimage2966311/16/2014no30sharifimrNov 16, 2009, 6:49pm PSTRechard,<br /><br />Can you post your configs?<br /><br />Reza rechard_davidNov 16, 2009, 7:24pm PSTDear Sharifimr,<br /><br />Please kindly see in the attach file.<br /><br />Best Regards,<br />rechard<br /><br /><b>Attachment Keywords : </b> <br />1) HQ.txt - Branch01.txt<br />2) Branch01.txt<br />3) Branch02.txt<br />HQ.txt123671text/plaintext177511/16/2014noBranch01.txt123672text/plaintext154311/16/2014noBranch02.txt123673text/plaintext154211/16/2014nosharifimrNov 16, 2009, 8:03pm PSTwhat happens if you use the same password for all the sites?<br /><br />Reza rechard_davidNov 16, 2009, 8:15pm PSTDear Sharifimr,<br /><br />it up only one branch. and other branch the tunnel is not up.<br />but i tried to change pre-share-key already it still the problem.<br />i would like to ask that , the confige that i did is correct or not?<br />i mean it right standard or not?<br /><br />best Regrds,<br />Rechardross_rulzNov 16, 2009, 8:55pm PSTHi Richard,<br /><br />I have had a quick look at your configs and they look ok. Can you post show crypto isakmp sa?<br /><br />Thanks,<br />Ross. rechard_davidNov 16, 2009, 11:04pm PSTDear Ross and all,<br /><br />IPv4 Crypto ISAKMP SA<br />dst src state conn-id slot status<br />10.10.10.2 10.10.10.1 MM_KEY_EXCH 4002 0 ACTIVE<br />10.10.10.3 10.10.10.1 QM_IDLE 4003 0 ACTIVE<br /><br />i tried to change the pre-share key already but it still show like this......<br /><br />Best Regards,<br />Rechardross_rulzNov 16, 2009, 11:30pm PSTThere looks like a problem with your keys not exchanging at phase 1. Try the command debug crypto isakmp to get more details on the phase 1. Just be careful when using debug commands on production networks you dont want to do it during peeks hours.<br /><br />Ross. wuh@si.eduNov 16, 2009, 1:59pm PSThi,<br />I was reading CCIE R&S by Wendoll Odom about BGP Nexthop, see the diagram. It first gives a problem in this scenario, "R4's route to 30.0.0.0/8 through R2 lists R1 IP(1.1.1.1)....Unfortunately, R4 doesn't have a route for 1.1.1.1 on R1, so that route cannot be consider best by BGP."<br /><br />I think R3 SHOULD HAVE a route to 1.1.1.1. why not?<br /><br />thanks,<br />Han<br /><br /><br /><b>Attachment Keywords : </b> <br />1) BGP1..jpg<br /> BGP1..jpg123657image/pjpegimage4683311/16/2014no30 giuslarNov 16, 2009, 2:05pm PSTHello Han,<br />if IP subnet 1.1.1.0/30 is not advertised in iBGP or in an IGP R3 doesn't know about it.<br />R2 would pass the eBGP route with BGP next-hop = 1.1.1.1 unchanged.<br /><br />possible solutions are:<br />advertising ip subnet 1.1.1.0/30 in iBGP with a network command on R2;<br />advertising ip subnet 1.1.1.0/30 in IGP with a network command on R2;<br /><br />use of next-hop-self on R2 on session towards R3<br /><br />Hope to help<br />Giuseppe<br /> wuh@si.eduNov 16, 2009, 2:25pm PSTGiuseppe <br />thanks first.<br /><br />My understanding is that:<br />as long as R1 advertizes 1.1.1.0/30 to R2. R2 would pass it to all routers in its AS, right?<br /><br />So, I'd think your condition wouldnt exist. "if IP subnet 1.1.1.0/30 is not advertised in iBGP or in an IGP R3 doesn't know about it. " <br /><br />the subnet should always be advertised. unless R1 intetinally not to do it by disabling "network" command.<br /><br />Correct me if I am wrong.<br /><br />thanks,<br />Han<br /><br /> giuslarNov 16, 2009, 11:26pm PSTHello Han,<br />the question is arised for all other prefixes that R1 can advertise to R2 on the eBGP session.<br />R1 would advertise ip subnet 1.1.1.0/30 with a BGP next-hop of 1.1.1.1, that cannot be installed in other routers in same AS of R2 because BGP next-hop is unknown.<br />it is a sort of dead lock: prefix 1.1.1.0/30 should be known to accept BGP next-hop 1.1.1.1.<br />R1 can eventually advertise 1.1.1.0/30 as you noted but BGP next-hop attribute will be 1.1.1.1.<br />This is not accepted as valid by R2 iBGP peers.<br />things are different if it is R2 to advertise 1.1.1.0/30.<br />R2 is not allowed to modify the BGP next-hop over the iBGP sessions unless next-hop-self is used.<br /><br />I can tell you that this is one of the first problems I had when I started to work on BGP more then 10 years ago.<br />This is a real problem and not a theorical issue.<br /><br />Hope to help<br />Giuseppe<br /> WEERAKOO69BANov 16, 2009, 2:28am PST6509 switch's alert light is on.Could you pls give me a guide where to look exactly.<br />thx 30 giuslarNov 16, 2009, 4:52am PSTHello Senarath,<br /><br />from telnet/ssh session do<br /><br />sh env alarm<br /><br />in my case<br /><br />sh env alarm<br />environmental alarms:<br /> no alarms<br /><br />this can tell what is happening<br /><br />also look at logging buffer<br /><br />use sh log<br /><br />Hope to help<br />Giuseppe<br /> WEERAKOO69BANov 16, 2009, 11:09pm PSTthx a lot Giuseppe.have a good daysberman12Nov 16, 2009, 3:30am PSTHi All,<br /><br />My question is where would i place my wireless controller within my LAN.<br /><br />I've been advised to place one within my network to better manage APs' <br /><br />How our office is configured.<br /><br />6 Large Floors, On each floor 4 APs> 2960 Switch > 3750 Switch [ Two of these for redundency purposes]> Router.<br /><br />So in total 24 APs<br />6 2960 Switch<br />2 3750 Switches<br />1 Router<br /><br />Where would i place the wireless Controller in this network?<br /><br />Many Thanks,<br />Sam 30 giuslarNov 16, 2009, 4:56am PSTHello Sam,<br />I think you should connect them with two links one link to C3750_1 and one link to C3750_2.<br /><br />you may need to propagate the appropriate vlans to manage the APs on all switches and to represent clients vlans this is needed on links to wireless controllers.<br /><br />with LWAPP APs can tunnel user frames within IP packets to the wireless controller.<br />So it is possible that this requires a change on routing of client IP subnets.<br /><br />Hope to help<br />Giuseppe<br /><br /> leolaohooNov 16, 2009, 1:47pm PSTI hope your WLC is either the 4400 or the 5508. The reason why I'm asking because in the advent of 802.11n it would be efficient if your WLC is connected to Gig ports instead of the 10/100Base of the 2000/2100 WLC. sberman12Nov 16, 2009, 11:03pm PSTThank you for your response. My WLC is a 5508. 1xRouter > 2x5750 Switches > (no.?)WLC> 6x2960 Switches( One on each floor) > 24xAPS (4 on each floor)[6 floors in total}. Does that sound about right to you?<br /><br />One issue i found is the few number of ports offered on each WLC. As i have 6 switches in total i presume i'll need more than one WLC to create redundency. Is this correct? <br /><br />How would you configure the layout given my example above. Preferably i'd want dual uplinks to all the switches but given the few number of ports this doesnt seem possible. <br /><br />Thanks,<br />Sam<br /><br />netbeginnerNov 16, 2009, 7:56am PSTHi, <br /><br /> How to do load balancing on two different service provider connectivities using EIGRP. Please share the configs.<br /><br />Is the same is possible on OSPF, requesting to share the configs for this also. 30 b.rockburnNov 16, 2009, 8:38am PSTIf you're using two different ISP's then depending on the EQ on your edge you should be looking at BGP. giuslarNov 16, 2009, 9:04am PSTHello Sam,<br />as Brent suggests you should look at eBGP.<br /><br />the limit of IGP protocols like OSPF or EIGRP is that the two providers cannot accept to exchange routes via your router.<br /><br />using different OSPF processes or different EIGRP processes doesn't produce a load balancing effect:<br />EIGRP with lower AS number wins<br /><br />for OSPF the first process to propose a prefix to IP routing table mantainer wins (ships in the night)<br />also OSPF route types are not considered.<br /><br />for BGP multihoming example see<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml')">http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml</A><br /><br /><br />Hope to help<br />Giuseppe<br /><br /> netbeginnerNov 16, 2009, 9:17pm PSTHii Brent / Giuseppe, <br /><br />Actually this was a question with me by interviewer. and i was bit confused about the same. :).<br /><br />Please share the way to achieve the desired using EIGRP and then by OSPF. rajibchicagoNov 16, 2009, 8:46pm PSTWe had one VPN concentrator (3000 ip 170.48.29.xx) in our main datacenter, currently we are establishing a second data center in another city, we will have an ASA (ip 69.87.39.xx) as VPN concentrator for the 2nd data center. All our users (S2s, vpn client) now connect to the main VPN concentrator (ip 170.48.29.6), if possible I would like to use the ASA as the failover VPN concentrator, if the primary one fails, it will take over as the primary without any user (end point) configuration change. Is this possible?<br /><br />Thanks for your help. abbas.aliNov 16, 2009, 2:36pm PSTIn a lab MPLS configuration, I have a PE1 router connected to External BGP, PE1 then connected to P Router and P Router connects to PE2 Router. PE2 connects to other external BGP Router. For Discussion, PE1, P and PE2 routers reflect MPLS Cloud where PE1 and PE2 connects to their respective Customers.<br /><br />In order to configure full IBGP in an MPLS Cloud, I have configured P as a router reflector and PE1 and PE2 its clients. If PE1 receive an update from its customer will it be able to propogate that update to its Route Reflector P and will P router be able to propagate that to its other client PE2, and PE2 to its customer.<br /><br /> 30sharifimrNov 16, 2009, 7:05pm PSTHi Abbas,<br />Yes, the PEs will propogate the routes to the RR, here is how:<br /><br />iBGP routers are divided into Route Reflectors, Route Reflector clients and non-client Peers. <br />Routes received from a Route-Reflector-client is reflected to other clients and non-client neighbors. <br />Routes received from non-client neighbors are reflected to Route-Reflector-client neighbors only. <br /><br />Also, if you only have 3 routers, you can logically fully mesh them together and not worry about RR.<br /><br />HTH<br />Reza<br />')