Question:
Short version:Cisco 3925E Has anyone ever seen the installation of a WIC card in an 1841 render the router inoperable? (No SYS PWR led or fan?)
Long version:
Our company recently decided to upgrade our existing T1 connections to remote offices by upgrading to dual T1 links using PPP multilink.
I had tested a setup in my office with a pair of 1841s, and got it working with a pair of VWIC2-2MFT-T1/E1 cards. Sweet!
The routers currently have a single 1DSU-T1 V2 WIC card. Our plan is to install the new VWIC2 cards alongside the existing T1 serial card so I can configure everything from the home office, then cut over everything in one day by simply moving cables over to the new VWIC2 card.
We sent out the new VWIC2 card to our most remote office and sent instructions for how to remove the blank faceplate and install the second WIC module. The next day our man onsite powers down the router, installs the card, and powers up the router, but no connection is made. I drive out there and see that the router is completely dead. No 'SYS PWR' led, or fan. Even after removing the offending WIC and all WIC cards. Hmmm. Let's just set this aside for now.
I brought a back up 1841 configured for the site, so I plug it in and get the network back up. I'm able to ping the central office, and get a nagios confirmation that our site is back up. Yay!
Now the whole point of this exercise was to install the VWIC2 card for the upgrade, so I power down the router, install the VWIC2 card, and flip the power switch back on. NOTHING! No 'SYS PWR' led or fan. Just like the first router that died. I didn't think to bring a second known good router with me, so I get to do the whole drive again. The next day I bring one of the routers I tested in my office with the VWIC2 already installed, and it works perfectly.
The day after I swapped out the power supply in the broken routers with a known good power supply and both routers were still completely dead. I imagine it must be something on the motherboard that is fried.
Has anyone ever seen anything like this before?
Answer:
I wouldn't put it into another router See if you can get a different one. This isn't a normal occurence... Cisco3925E
For more info, http://site4807539.edit.build.angelfire.lycos.com/index/
2013年8月30日星期五
2013年8月29日星期四
EIGRP issue using VRF on 3750
Question:
I am in the WS-C3750X-24P-S Lab playing with VRF, got it to work when the switchport itself is a no switchport with IP address, however if I stick the Wan connecting interface into a vlan EIGRP wont create a Neighborship though I can ping it under that VRF.
interface FastEthernet1/0/1
description WAN interconnection
switchport access vlan 5
router eigrp 90
address-family ipv4 vrf NHSS
network 10.202.128.0 0.0.31.255
passive-interface default
no passive-interface FastEthernet1/0/1
autonomous-system 90
exit-address-family
interface Vlan5
ip vrf forwarding NHSS
ip address 10.202.128.200 255.255.255.0
switch-x#ping vrf NHSS 10.202.128.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.202.128.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
switch-x#
switch-x#sh ip eigrp vrf NHSS ne
EIGRP-IPv4 Neighbors for AS(90) VRF(NHSS)
switch-x#
So does anyone know why I cant neighbour 10.202.128.12 now that f1/0/1 is a switchport and in a vlan?
Config:-
!
!
interface GigabitEthernet0/25
description LARGE_GLOBAL_CARRIER_CIRCUIT_NAME_HERE
no switchport
ip address 172.21.67.18 255.255.255.252 secondary
ip address PUBLIC_IP 255.255.255.252
load-interval 30
end
!
!
router ospf 1
router-id 172.21.67.1
log-adjacency-changes
passive-interface default
no passive-interface Vlan200
network xxx.xxx.xxx.xxx 0.0.0.255 area 0
network xxx.xxx.xxx.xxx 0.0.0.255 area 0
network xxx.xxx.xxx.xxx 0.0.0.255 area 0
network 172.21.67.16 0.0.0.3 area 0
!
Any ideas?
Many thanks in advance,
Answer:
This starts to look like an IOS bug. Can you perhaps try to totally remove the entire EIGRP configuration and configure it completely anew? Avoid configuring the passive interfaces at this point. In addition, can you assign the "global" EIGRP process a different AS number than the ASN 90 for the NHSS VRF EIGRP?
I assume that interface Vlan5 reports as "up, line protocol up" - a silly question considering the fact that you can ping the other party but nevertheless - let's check it. WS-C3750V2-24PS-S
For more info, http://lilirouter.angelfire.com/
I am in the WS-C3750X-24P-S Lab playing with VRF, got it to work when the switchport itself is a no switchport with IP address, however if I stick the Wan connecting interface into a vlan EIGRP wont create a Neighborship though I can ping it under that VRF.
interface FastEthernet1/0/1
description WAN interconnection
switchport access vlan 5
router eigrp 90
address-family ipv4 vrf NHSS
network 10.202.128.0 0.0.31.255
passive-interface default
no passive-interface FastEthernet1/0/1
autonomous-system 90
exit-address-family
interface Vlan5
ip vrf forwarding NHSS
ip address 10.202.128.200 255.255.255.0
switch-x#ping vrf NHSS 10.202.128.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.202.128.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
switch-x#
switch-x#sh ip eigrp vrf NHSS ne
EIGRP-IPv4 Neighbors for AS(90) VRF(NHSS)
switch-x#
So does anyone know why I cant neighbour 10.202.128.12 now that f1/0/1 is a switchport and in a vlan?
Config:-
!
!
interface GigabitEthernet0/25
description LARGE_GLOBAL_CARRIER_CIRCUIT_NAME_HERE
no switchport
ip address 172.21.67.18 255.255.255.252 secondary
ip address PUBLIC_IP 255.255.255.252
load-interval 30
end
!
!
router ospf 1
router-id 172.21.67.1
log-adjacency-changes
passive-interface default
no passive-interface Vlan200
network xxx.xxx.xxx.xxx 0.0.0.255 area 0
network xxx.xxx.xxx.xxx 0.0.0.255 area 0
network xxx.xxx.xxx.xxx 0.0.0.255 area 0
network 172.21.67.16 0.0.0.3 area 0
!
Any ideas?
Many thanks in advance,
Answer:
This starts to look like an IOS bug. Can you perhaps try to totally remove the entire EIGRP configuration and configure it completely anew? Avoid configuring the passive interfaces at this point. In addition, can you assign the "global" EIGRP process a different AS number than the ASN 90 for the NHSS VRF EIGRP?
I assume that interface Vlan5 reports as "up, line protocol up" - a silly question considering the fact that you can ping the other party but nevertheless - let's check it. WS-C3750V2-24PS-S
For more info, http://lilirouter.angelfire.com/
2013年8月28日星期三
Inconsistent Address & Mask P2P T1
Question:
I have a P2P T1 between WS-C3560V2-24PS-S locations, each router have two ethernet interfaces, one interface is configured for communitcations between locations for our phone system. What I am trying to achive here is to use the second interface on each router for data traffic. I have for the phones interface configured with IP's 10.x.x.x with static routes set which works without issue, now when I configure the second interface with IP's 172.x.x.x and attempt to create a static route from one side to the other i receive the following error "inconsistent address & mask" I have even attempted to change the subnet mask to another value without success.
Answer:
This looks like a typo in your ip route command. What exact network address and netmask are WS-C3560V2-48PS-S Price you using?
I have a P2P T1 between WS-C3560V2-24PS-S locations, each router have two ethernet interfaces, one interface is configured for communitcations between locations for our phone system. What I am trying to achive here is to use the second interface on each router for data traffic. I have for the phones interface configured with IP's 10.x.x.x with static routes set which works without issue, now when I configure the second interface with IP's 172.x.x.x and attempt to create a static route from one side to the other i receive the following error "inconsistent address & mask" I have even attempted to change the subnet mask to another value without success.
Answer:
This looks like a typo in your ip route command. What exact network address and netmask are WS-C3560V2-48PS-S Price you using?
2013年8月15日星期四
c3560 switch is not allowing telnet or SSH
Question:
I have got my WS-C3750X-24S-S ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
Please could someone help me with the correct set up procedure.
Answer:
Are you connecting your computer directly to this switch and trying to telnet? The problem I believe is that all of your switchports (at least from what I see) are configured for vlan 10. There isn't a vlan 10 interface to route between vlan 10 and vlan 1.
Try this:
On one port that you'll connect your PC to, make that an access port to vlan 1. Then change your address on your pc to 192.168.1.10 255.255.255.0 Gateway 192.168.1.7.
Then see if you can ping and telnet into the switch. If so, and you're wanting your pc to be on vlan 10, you'll need to create a L3 svi for it:
int vlan 10
ip address x.x.x.x 255.255.255.0
Then you should be able to route between everything. WS-C3750X-48P-L Price
For more info, please refer to http://www.pereza.info/es/blog/named-extended-access-list-7200
I have got my WS-C3750X-24S-S ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
Please could someone help me with the correct set up procedure.
Answer:
Are you connecting your computer directly to this switch and trying to telnet? The problem I believe is that all of your switchports (at least from what I see) are configured for vlan 10. There isn't a vlan 10 interface to route between vlan 10 and vlan 1.
Try this:
On one port that you'll connect your PC to, make that an access port to vlan 1. Then change your address on your pc to 192.168.1.10 255.255.255.0 Gateway 192.168.1.7.
Then see if you can ping and telnet into the switch. If so, and you're wanting your pc to be on vlan 10, you'll need to create a L3 svi for it:
int vlan 10
ip address x.x.x.x 255.255.255.0
Then you should be able to route between everything. WS-C3750X-48P-L Price
For more info, please refer to http://www.pereza.info/es/blog/named-extended-access-list-7200
2013年8月14日星期三
Cisco 2911 + HWIC-3G-HSPA
Question:
I'm trying to C2911-VSEC configure this module first
time in my life, and ran into an issue.
When I do, 'show cellular x/x/x security'
it keeps reporting my SIM status as removed. I've reseated it few times now,
and now i'm starting to think that micro SIM may not be supported by this
module.
Does anyone know about this? It's hard to
find it on google, spent last few hour researching it. I could only find this
from Cisco document:
SIM card socket; compliant with ISO-7816-2
(SIM mechanical)
And some sample configuration would be much
appreciated.
Thanks in advance,
Answer:
Are you using a proper micro-sim adapter ? For futher information, please refer to http://www.3anetwork.com/cisco-c2901-vsec/k9-price_p249.html
BGP Load Balancing Scenario
Question:
I am looking WS-C3560X-48PF-L for some guidance with the
following. I have a feeling I am missing something or that there is a better
way
I have the following setup, eBGP to the
same ISP, iBGP inside the AS between the routers and 6509s
I would like to do the following, lets say
I have 1.1.1 .0.... 1.1.6.0
These are advertised by my 6509s through
BGP. I would like to balance the traffic across both of the links, so
inbound/outbound traffic would be
I was thinking I should be able to do this
using route maps
on the 3925
access-list 1 permit 1.1.1 .0
access-list 1 permit 1.1.3 .0
access-list 1 permit 1.1.5 .0
access-list 2 permit 1.1.2 .0
access-list 2 permit 1.1.4 .0
access-list 2 permit 1.1.6 .0
route-map subnet permit 10
match ip address 1
set as-path prepend 65401 65401
route-map subnet permit 20
match ip address 2
router bgp x.x.x.x
neighbor <core1> route-map subnet in
neighbor <core2> route-map subnet in
3825
access-list 1 permit 1.1.1 .0
access-list 1 permit 1.1.3 .0
access-list 1 permit 1.1.5 .0
access-list 2 permit 1.1.2 .0
access-list 2 permit 1.1.4 .0
access-list 2 permit 1.1.6 .0
route-map subnet permit 10
match ip address 2
set as-path prepend 65401 65401
route-map subnet permit 20
match ip address 1
router bgp x.x.x.x
neighbor <core1> route-map subnet in
neighbor <core2> route-map subnet in
Any help would be much appreciated
Answer:
if you are doing eBGP to the same AS ISP
you can use MED outbound to influence how traffic is routed to your network and
so setting a lower or higher metric is enough.
In any case the route-map should be applied
outbound to the eBGP neighbor and not inbound to the iBGP sessions.
This is the usual practice.
route-map toISP-NA permit 10
match ip address 1
set metric 1000
route-map toISP-NA permit 20
match ip address 2
set metric 500
router bgp x.x.x.x
neigh <e-bgp-neigh> route-map
toISP-NA out
on second border router
route-map toISP-NB permit 10
match ip address 1
set metric 500
route-map toISP-NB permit 20
match ip address 2
set metric 1000
router bgp x.x.x.x
neigh <e-bgp-neigh> route-map
toISP-NB out
For futher information, please refer to http://www.3anetwork.com/cisco-ws-c3560x-48pf-s-price_p61.html
2013年8月11日星期日
BGP maximum paths
Question:
I am hoping one WS-C3560V2-24TS-S of you can help me with a
problem I am having relating to BGP and load balancing. I have a network configured as
per the diagram with maximum-paths ibgp 2
configured on each of my core switches all routes are learned via R3 and R4 and
have
no manipulation from our routers. All routers and switches are connected and
established via IBGP.
The problem is that I should have two
routes to each destination in the core switches yet I only have a single route,
and from
what I can see this is because our telco is
injecting a metric into our AS, however, I only see this metric on the core
switches
not on the routers and I would have thought
I would see it on the router?
Show IP BGP and show IP routes
R3>sh ip bgp 29.12.0.0
BGP routing table entry for 29.12.0.0/21,
version 859691
Paths: (4 available, best #3, table
Default-IP-Routing-Table)
Advertised to peer-groups:
peer1
2856 2856 2856 34140, (aggregated by 34140 29.12.7.68)
Origin IGP, localpref 100, valid, external, atomic-aggregate
Community: 34140:222
2856 34140, (aggregated by 34140 29.12.7.68), (received-only)
Origin IGP, localpref 100, valid, external, atomic-aggregate
Community: 34140:222
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
Community: 34140:111
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
161.163.164.249 (metric 156416) from 161.163.164.249 (161.163.164.249)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Community: 34140:111
Core-1>sh ip bgp 29.12.0.0
BGP routing table entry for 29.12.0.0/21,
version 396742
Paths: (2 available, best #1, table
Default-IP-Routing-Table)
Multipath: iBGP
Advertised to update-groups:
1
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
161.163.164.247 (metric 153856) from 161.163.164.247 (161.163.164.247)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate,
best
Community: 2237399151
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
161.163.164.249 (metric 154112) from 161.163.164.249 (161.163.164.249)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Community: 2237399151
Core-1>sh ip ro 29.12.0.0
Routing entry for 29.12.0.0/21
Known via "bgp 65356", distance 200, metric 0
Tag
2856, type internal
Last update from 161.163.164.247 7w0d ago
Routing Descriptor Blocks:
*
161.163.164.247, from 161.163.164.247, 7w0d ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2856
======================
Core 2
R4#sh ip bgp 29.12.0.0
BGP routing table entry for 29.12.0.0/21,
version 422102
Paths: (4 available, best #4, table
Default-IP-Routing-Table)
Advertised to peer-groups:
peer1
2856 2856 2856 34140, (aggregated by 34140 29.12.7.68)
Origin IGP, localpref 100, valid, external, atomic-aggregate
Community: 34140:222
2856 34140, (aggregated by 34140 29.12.7.68), (received-only)
Origin IGP, localpref 100, valid, external, atomic-aggregate
Community: 34140:222
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
161.163.164.247 (metric 156416) from 161.163.164.247 (161.163.164.247)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Community: 34140:111
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
Community: 34140:111
Core-2>sh ip bgp 29.12.0.0
BGP routing table entry for 29.12.0.0/21,
version 180821
Paths: (2 available, best #2, table
Default-IP-Routing-Table)
Multipath: iBGP
Advertised to update-groups:
2
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
161.163.164.247 (metric 154112) from 161.163.164.247 (161.163.164.247)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Community: 2237399151
2856 34140, (aggregated by 34140 29.12.7.67), (received & used)
161.163.164.249 (metric 153856) from 161.163.164.249 (161.163.164.249)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate,
best
Community: 2237399151
Core-2>sh ip ro 29.12.0.0
Routing entry for 29.12.0.0/21
Known via "bgp 65356", distance 200, metric 0
Tag
2856, type internal
Last update from 161.163.164.249 7w0d ago
Routing Descriptor Blocks:
*
161.163.164.249, from 161.163.164.249, 7w0d ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2856
Answer:
2856 34140, (aggregated by 34140
29.12.7.67), (received & used)
161.163.164.249 (metric 153856) from
161.163.164.249 (161.163.164.249)
Origin IGP, metric 0, localpref 100, valid,
internal, atomic-aggregate, best
I believe MED=0 here, metric 153856 is WS-C3560V2-48TS-S Price the
IGP metric to the BGP next-hop router?
2013年8月8日星期四
COMPARISON BETWEEN CISCO CATALYST 3560 V2 SERIES SWITCHES MODELS
The Cisco Catalyst 3560 v2 WS-C3750X-48PF-L Series are next-generation, energy-efficient, Layer 3 Fast Ethernet switches. These new switches support Cisco EnergyWise technology, which helps companies manage power consumption of the network infrastructure and network-attached devices, thereby reducing their energy costs and their carbon footprint.
Let’s take a look at the comparison table between cisco catalyst 3560 v2 series switches models.
For more information, WS-C3750X-48PF-S Price please refer to www.cisco.com.
2013年8月7日星期三
Routing Over a VPN Tunnel
Question:
I'm running into a WS-C3560V2-24TS-S problem with a route
over a VPN tunnel. We have 5 sites
connected on a MPLS network. We have a
6th site that is connected by a site-to-site VPN tunnel that terminates on one
of the routers on the MPLS network.
This setup was working just fine for
us. Any of the 5 sites were able to
connect to the 6th site by routing traffic first over the MPLS network and then
over the VPN tunnel.
Now we ran into a problem when moving to a
new WAN circuit on the rotuer that hosts the VPN. We're moving our WAN circuit from a Serial
interface to a Gigabit interface. All
the configuration has been done: the new circuit is up, the old circuit is
down, and the VPN tunnel to the 6th site is up and terminated on the Gigabit
interface.
But, now we have a problem routing traffic
over this VPN tunnel. Let's say the
subnet at the 6th site is 1.1.1 .0/24. With the old circuit we had a route of 'ip
route 1.1.1.0 255.255.255.0 Serial0/0/0:0.100' and this was working for
us. I updated this to use the Gigabit
interface instead of the Serial, but it's not working. I can ping over the VPN tunnel from the
router, but no where else.
If I remove the route command alltogether I
can ping from the local LAN of the router, but not from any of the remote sites
(the 1.1.1 .0/24 is no longer advertised by BGP
and the traffic from the remote sites isn't routed properly anymore).
So, it seems like I'm just missing
something simple here...or I hope I am anyway.
Everything should fine with the VPN configuration; that has remanied
unchanged. The crypto map was just moved
from the Serial interface to the Gig interface.
The VPN certainly works just fine from the local router LAN when the
route command is removed. If anyone has
any idea why the router doesn't send traffic over the VPN when the route
command is in place I'd love to hear from you.
Answer:
Without the static route then the network
is not in the routing table and if the network is not in the routing table then
BGP can not advertise it. And if BGP does not advertise it then the remote
sites do not know how to reach it. So the problem does center on the static
route. The essence of the problem is in the way that you have expressed the
static route. Using the interface to identify the exit point for the static
route works fine when the exit is a point to point serial interface. But using
the interface as the identifier is problematic when the interface is Ethernet.
When you do a static route and specify an Ethernet as the exit then the router
must ARP for every remote address. This can work if the next hop router has
enabled proxy arp. But many providers do not. The best solution is to put the
static route back into the config but to specify the next hop address as the
exit rather than the interface.
For more WS-C3560V2-48TS-S Price news about Price ans Specification, you can click here.http://www.3anetwork.com/cisco-ws-c3560v2-48ts-s-price_p49.html
2013年8月6日星期二
BGP Soft Configuration
Question:
I understand WS-C3750X-48PF-L the purpose behind this idea
perfectly fine, but I just have a few questions on the use the command.
If I recall ( < IOS 12.0) you had to
manually include the 'neighbor x.x.x.x soft-reconfiguration in' command to
enable soft reconfiguration,
for inbound BGP updates. Then if let's say
you changed a prefix-list, route-map, distribute-list, you would need to do
'clear ip bgp soft neighbor-id'.
Obviously once you enable
soft-reconfiguration, it will store a copy of the updates, from which it will
modify.
But if you have > IOS 12.0, I know all
you have to do is, 'clear ip bgp soft neighbor-id or * for all BGP sessions on
the router from which it is configured'.
I was wondering if the above commands and
IOS version requirements were correct?
Also, when you change a prefix-list,
route-map, distribute-list, and it's for outbound BGP updates, do you have to
do the soft option as well?
Answer:
You have to distinguish between Soft
Reconfiguration and Route Refresh. The Soft Reconfiguration is what you
describe - keeping the set of all received routes - and up to this day and the
most recent IOSes, if you want to use it, you must configure the neighbor using
the neighbor soft-reconfiguration in commmand.
The Route Refresh is an optional
enhancement to BGP (albeit almost universally supported) that is negotiated
during BGP peering establishment in the OPEN messages. The Route Refresh
feature introduces a new, 5th message to BGP, the ROUTE REFRESH. Using this
message, a BGP speaker can ask its neighbor to resend all routes of a
particular address type. The Route Refresh capability is negotiated dynamically
and you do not configure it.
I am not sure what was the first IOS
version that implemented the Route Refresh capability, but the RFC 2918 is from
September 2000, and Cisco must have had this feature implemented before that
because they used a different capability code before the Route Refresh
capability code was defined by IANA:
https://supportforums.cisco.com/thread/2123459
In any case, if the neighbor supports some
kind of soft refresh, be it either Soft Reconfig or Route Refresh, you do not
specifically need to write the soft keyword in the clear ip bgp command.
I am not sure if this covers your WS-C3750X-48PF-S Price question
- please feel welcome to ask further.
2013年8月5日星期一
2610XM Router, Rommon Issue
Question:
Im trying to get into Rommon,WS-C3560V2-24TS-S Im reading
thats the BREAK button, which im assuming obviously its the pause/break button
on my keyboard, im pressing it till my finger turns blue a billion times and
still no ramon noodles for me lol Can someone help me please.
Answer:
Standard Break Key Sequence Combinations WS-C3560V2-48TS-S Price During Password Recovery
For more WS-C3560V2-24TS-S news about Price ans Specification, you can click
here.
BGP and Load Distribution
Question:
I opened a discussion a while WS-C3750X-48PF-L ago and had
some great feedback but I am still racking my brains to figure this out
I have 2 routers each with a dedicated
connection to the same ISP. I am using MED to influence my advertisements to
the provider
I have 2 core switches (6509) with multiple
vlans, each vlan has an HSRP address of .10 shared by the switches
My routers and switches are using iBGP to
communicate. Both routers connect to vlan 1 on the core switches
I want to influence my traffic from the
vlans to go to specific routers, so that I utilize both routes at all times
(when possible), ensuring symmetric routing at the same time.
I think I have the following options
- PBR, I'd set this on the routers
fastethernet interfaces and match based an two different ACLs
set
the next hop as the ISP router 1 when matching ACL 1
set
the next hop as the ISP router 2 when matching ACL 2
My
concern is if I lose a link (say to ISP router 1), all traffic matched by ACL 1
is blackholed
- HSRP was suggested to me.
configure 2 standby groups on the routers with different priorities
allocate different HSRP addresses matching each vlan (to act as a core
switch default gateway)
My
concern here is I'd need the routers HSRP virtual IP addresses as the BGP
neighbors on the core switches?
Answer:
IMHO, you could configure following:
Make each of your core switches to prefer
routing out to one of your BGP routers. This can be easily done by configuring
an incoming route-map increasing weight or local preference BGP attribute for
prefixes received from the proper BGP router.
I suppose each of your BGP routers prefers
prefixes recieved from "his" ISP router, so outgoing routing should
be OK, too.
You would also need to configure HSRP in
each VLAN to prefer one or second of your core switches.
And configure MED on your BGP routers to
make proper subnets preferred for the returning traffic.
To make it clearer, let's make a simple
example:
Let's say you've got two VLANs only in your
LAN: VLAN1 with subnet 1.1.1 .1/24 and
VLAN2 with subnet 2.2.2.2/24.
So you configure HSRP on your core switches
to make Switch1 preferred in VLAN1 nad Switch2 preferred in VLAN2.
You configure BGP on Switch1 to prefer WAN
prefixes received from your BGP Router1 (increase weight combined with as-path
match possibly) and Switch2 to prefer
WAN prefixes received from your BGP Router2.
You aslo configure your BGP Router1 to
advertise the 1.1.1 .1/24 prefix with better MED than Router2 to the ISP (and
Router2 to advertise 2.2.2.2/24 with better MED than Router1) - to make the
returning traffic use the same path.
You can also configure similar BGP
route-map on your Router1 to prefer 1.1.1 .1/24
received from Switch1 over the same prefix received from Switch2.
And that's it!
The PCs in VLAN1 will take the Switch1 as
their default GW (active in HSRP for VLAN1).
Siwtch1 will route the outgoing traffic to
your Router2 and it will forward it to ISP router1.
The returning traffic will come to your
Router1.
And will be forwarded to Switch1.
The same is valid for VLAN2 but usining
Switch2 and Router2.
As there are the same prefixes received
from the second router/swicth with worse preference all the time, a backup path
would be available in a case of one connection failure.
This solution is a load sharing per subnet,
of course. So if traffic from/to one of your subnets will be much higher than
from/to the second subnet, one of your lines will also be load much higher.
It will also work only for VLANs connected
directly to your core switches.
In a case of any cascaded subnets connected
by another L3 device(s) in your LAN you would need to configure your IGP
routing to prefer one of your core switches while keeping the second as less
preferred.
And to make similar configurations on your
BGP routers for them.
2013年8月2日星期五
Please explain show policy-map interface for police command
Question:
Could anyone please WS-C3560X-24P-S explain the red bold
fonts below :
R1# show run
< omitted >
policy-map QoS_Link
class Police_1
police cir 20000 bc 2500 be 2500
conform-action transmit
exceed-action drop
class class-default
fair-queue
< omitted >
R1# show policy-map interface s0/0.1
< omitted >
Class-map: Police_1 (match-any)
153717 packets, 29016250 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name EPP
153717 packets, 29016250 bytes
30 second rate 0 bps
police:
cir 20000 bps, bc 2500 bytes
conformed 145527 packets, 20736043 bytes; actions:
transmit
exceeded 8190 packets, 8280207 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
< omitted >
What do the red bold fonts mean?
Answer:
You can see it here:
exceeded 8190 packets, 8280207 bytes;
actions:
2013年8月1日星期四
Need help with DHCP and intervlan on cisco switch 3550
Question:
I am trying to WS-C3560X-48P-S setup my 3550 layer 3 switch
to do hand out dhcp addresses for different vlans. It is connected to my router address
192.168.1.1. I setup a new vlan 3 and
the dhcp pool.. The client gets a 192.168.3.2 address but am not able to ping
the router and other clients and get out to the internet. What am I doing wrong? I will appreciate any help or advice. Here is the config that I have. I deleted the other ports because I am not
using them. The vlan 3 client is on port
fast Ethernet 0/17 and the router is connected to the fastethernet 0/1. Thanks in advance.
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW3
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
!
ip dhcp pool VOICE_VLAN
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.1.1
option 150 ip 192.168.3.1
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
!
interface FastEthernet0/17
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.223 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0 .0
0.0.0.0 192.168.1.1
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
no login
line vty 5 15
no login
!
end
Answer:
YFor VLAN 1 - default gateway is
192.168.1.1 (Router)
For VLAN 3 - default gateway is 192.168.3.1
(SW)
so when VLAN 3 users try to talk to Router
IP 192.168.1.1, then the traffic goes to the Router (via the SW which is the
default gateway for users in VLAN 3)
But as you specified that there is no back
route for 192.168.3.0/24 on router - the traffic destined to this subnet on
Router will go the default route and the pings are never going to work between
these 2 VLAN's.
So to avoid this, you will need to have the
default gateway for both the VLAN's on the SW (as the router is not managed)
For more Cisco WS-C3560V2-24PS-S Price news about Price ans Specification, you can click here http://www.3anetwork.com/cisco-ws-c3560v2-24ps-s-price_p54.html .
订阅:
博文 (Atom)