Cisco :: NAT / Unicast To Multicast Conversion?
Feb 8, 2013
I am planning to get the unicast streams from different 2-3 sources over internet, and I am doing NAT for port-forwarding all those unicast streams to a one private IP. Attached is the setup for your understanding.Setup: - Both unicast streams will be hitting to One Public IP (3.3.3.2) on UDP/TCP Port 1234, 1236 & 1238 only & the same ports need to be forwarded to natted One Private IP (10.10.10.4)
1)NATTING these 2 unicast streams into one private IP(10.10.10.4) by checking Source & Destination based IPs and ports, but in below configuration I cannot achieve on checking Source & Destination based IPs and ports
Router configuration:-
interface GigabitEthernet0/0
description ***Connected to Internet ***
ip address 3.3.3.2 255.255.255.252
no ip redirects
no ip unreachables
[code]...
View 5 Replies
ADVERTISEMENT
Apr 15, 2013
We recently acquire a cisco 2921/K9 router to interface 2 networks
Network 1 : 169.254.XXX.XXX/16 on GigabitEthernet0/0 interface
Network 2 : 192.168.1.XXX/24 on GigabitEthernet0/1 interface
On the network 1 side there is a multicast source (169.254.200.200 destination : 225.0.0.1) on the network 2 side there is 1 receiver which is not multicast capable(old) but i want it to receive the multicast stream for the moment we configure the ip multicast-routing and each interface each interface with ip pim sparse-dense-mode then configure the GigabitEthernet0/1 in order to join the multicast group (using ip igmp static-group 225.0.0.1) and wireshark confirm that the multicast stream on the network 2 side from 169.254.200.200 -> 225.0.0.1 of course the receiver don't the stream, but if i force a "multicast to unicast" process inside the router it shall be ok.. after many hour of internet browsing i found 2 solution :
- NAT, [URL]
- multicast service reflection (Cisco documentation)
The NAT example don't work ,what is the best way to do this task.
View 8 Replies
View Related
May 26, 2013
Is it possible to convert multicast streams (224.0.0.1:1234) to unicast (Receiver 10.0.0.1:1234) at the router level.
View 4 Replies
View Related
Apr 18, 2012
Why do we need MP-BGP (and not BGP) to exchange multicast prefixes between multicast domains?
View 2 Replies
View Related
Feb 19, 2013
I try to pass multicast traffic between two vrf on the same 3750 switch. I have IP services IOS and sdm template routing.
here is my config:
ip routing
!
ip vrf vpn2
rd 1:1
mdt default 232.1.1.1
route-target export 1:1
route-target import 1:1
[code]....
Now I'm stuck - I don't know what to do to pass multicast traffic. Do I have any chance to run this config on 3750 chassis?Perhaps "Configuring Multicast VPN Extranet Support" document will be useful, but it concerns Catalyst 6500? [URL]
View 0 Replies
View Related
Apr 17, 2012
I've been looking for a way to detect the level of traffic caused by unknown unicast traffic on a Catalyst 6509.I have found mechanisms to mitigate it but nothing to actually detect/measure what the levels might be.
View 3 Replies
View Related
Apr 8, 2013
We have a problem with NLB on a SG500-28P which is a major issue for us.
I am investigating a problem together with Microsoft Support about a download/upload performance issue with a Microsoft Forefront TMG array which is connected to a single SG300-28P. Àpparently this issue exist on every NLB array we implement. I am now at the point we asume the SG500-28P does not handle NLB in unicast mode very well.
We have a network topology as shown below:Please note the actual public IP Addresses are hidden and the internal IP Addresses are diffrent, for security reasons.
Our SG500-28P is configure in L3 mode. It hosts three subnets you see above. The two TMG servers are configured with NLB (in unicast mode) on the Internal Network and External Network interface. It is connected to the internet and our internal network. These TMG Servers are in fact Edge Servers. Our other servers and client are in a different VLAN. The default gateway flows through this NLB Cluster [10.250.0.254].
Problem: When a client uses its default to connect to the internet the performance is very and very slow. With an internet connection of 10/10 we get 10/2. With an internet connection 100/100 we only get 7/1!.
Now we have tried everyting we can imagine. I can't write down all, because that would be a lot. One thing is worth notice; When we move the client to the same VLAN as the NLB Cluster and the client uses 10.250.0.1 as its default gateway, the problem still exists. But... when the client uses 10.250.0.254 as its default gateway the performance is outstanding 95/95! Apparently if traffic for the NLB Cluster is routed through the SG300-28P the performance drops like a rock.
I have never seen this before with SG300 series switches, although this environment is different. Normally I would configure NLB in multicast mode. But the switch does not allow to add static ARP entries for multicast MAC Addresses.I know NLB in unicast mode introduces switch flooding and such. But why does the SG500 not handle this right? Is there anything I can do about it?
View 7 Replies
View Related
Feb 3, 2011
I was wondering if the following scenario would work:
2 Microsoft TMG servers (could be any W2K8 R2 based server, e.g. UAG, Exchange etc.) configured for Unicast NLB. The servers are connected to separate L2 switches which are connected to a highly available central L3 switch (see attached drawing).
Unicast NLB works in such a way that it uses a shared virtual IP and a virtual MAC addres which is not used as Source MAC address when the TMG servers are respondign to requests.Basically it relies onto the fact that the switch does not learn the virtual MAC address and floods all packets destined to the virtual MAC on all ports. The L3 switch would learn the MAC through ARP. The question now is, what the L3 switch would do, if it receives a packet destined for the NLB VIP. It should do an ARP request in order to receive the virtual MAC. How would he decide on which port(s) to forward the packet as he does not know on which port the MAC is found. Can he make a decision based on Layer 3 (IP/VLAN based) therefore he knows that the VLAN for the TMGs is connected on those two uplink ports?
View 7 Replies
View Related
Feb 6, 2013
We have problems with 3 switches in our network.
Users continues receive adresse via DHCP, but no traffic was forwarded. After reboot switch works fine about one week and problem arrives.
I telnet to one problem switch and try to found reason by reaply acl and source guard and saw some strange message:
nov-20(config)#int r gi1-48
nov-20(config-if-range)#no service-acl input
nov-20(config-if-range)#service-acl input 2
Exceeded the maximum ACE allowed in the system. -repeated 48 times
Configuration and log int attachment (show tech-support)
port 52 - uplink, 1-47 - users, 49-51 - downlink switches (SPS224g4) with aprox 200 pc connected. 48-ups
View 11 Replies
View Related
Apr 27, 2013
i recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
[URL]
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).
View 5 Replies
View Related
Nov 28, 2011
I have a serious problem with nexus 7018, there're unicast flooding on one n7k, named n7k-1, which is the member of vPC domain combined with 2 N7Ks. [code]I had clean the mac-address-table, and all mac-address-tables had been synced fine, and the unicast flooding went away.
How could I fix the mac-address sync function between the modules ?
View 6 Replies
View Related
Jan 9, 2011
I'm having an issue with my network, where we're are experiencing random and brief network outages. They happen a couple times a day and last 5-10 seconds. when I check my two backbone switches (4506 : Supervisor: WS-X4516-10GE ,IOS : cat4500-ipbase-mz.122-31.SGA8.bin), STP remains normal and no topology change occurs.
View 16 Replies
View Related
Feb 27, 2013
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
View 11 Replies
View Related
Nov 1, 2011
I have a core switch Cisco3750G with 4 SFP slot populated with GLC-SX-MM module.Now in these 4 fiber GLC-SX-MM modules 3 are connected to 3 floor switches which are having the same GLC-SX-MM.Each link is configured as a TRUNK and allowed only that floor VLAN and working fine.Now the 4th GLC-SX-MM module has to be connected to a single desk top PC using a FIBER to UTP convereter,which is SC to UTP .Now patch pannel is LC ,I used a LC to SC fiber patch cord,but link is not coming up,in this situation if I used both side SC convereter then link is up.
All 4th GLC-SX-MM modules are checked and it is working fine.Only the forth floor link is not coming up,if I use the UTP to Fiber SC type connector in the CORE switch for teh 4th Floor then it is working.How to resolve this issue,Whether I need to use the UTP to Fiber LC type convereter in the fourth floor instead of SC type converter,logically when I use the LC-SC type patch cord and connecting to SC type converter it should work.
View 2 Replies
View Related
Jun 13, 2011
I have 8.2 configuration that works:
global (inside) 1 192.168.1.1
nat (outside) 1 access-list Servers outside
static (inside,outside) 10.16.0.0 10.1.0.0 netmask 255.255.0.0
[Code]....
It is remote monitoring ASA, so I need to nat user networks (10.1.x.y, 10.2.x.y) to something that I can use (10.16.x.y, 10.17.x.y...)
Also, since it my device, I have them configure snmp and syslog server on client's network to use 192.168.1.1, so I have dynamic NAT for two SNMP servers and static NAT for one of them (which is syslog server).
create 8.4 version, so I can apply it? I tried few things, packet tracer shows that they are NATed, but I have only Denc packets, because hosts see request coming from my public IP...
View 5 Replies
View Related
Sep 24, 2012
We are about ready to embark on moving all L2L and network extensions (Cisco ASA 5505s) from the Cisco VPN 3060 Concentrator to a Cisco ASA 5520. We would like to know if there is a simple method to doing this such as a converter? Also, are there any lessons learned? We are running 8.4.3 so we know that NAT configuration has differed. Can the configuration from the 3060 be modified in anyway in configuring the ASA?
View 4 Replies
View Related
Dec 28, 2011
I am in the process of migrating a production firewall from PIX 6.3 to ASA 8.4(2). This is going to be a complete firewall rebuild and I will not be upgrading the configs because they have become out of date and very bloated. I am in the process of converting the NAT commands.[code] I am hoping these commands would be enough to replicate the previous functionality. I removed all the static identity NATs because NAT control is no longer in place so those rules are not required. Additionally I didn't re-create the rules that had NAT ID 0 or 1 because it didn't look like they were doing anything. correct way to do the static NAT commands at the bottom.
View 3 Replies
View Related
May 17, 2012
As previous posters may have noticed i have been given the task of moving the ACS from 4.0 to 5.3 which turns out to be considerably different. Sadly i have nothing to test with at the moment so am trying to work it out as best i can before the abbreviated period of cutover begins.
I have a Service Desk group setting in 4.0
Under groups i have the group settings and down the bottom i have the following -
(ticked ) Wireless-WCS HTTP
(ticked ) Custom Attributes
Then in the box -
virtual-domain0=CRUK
[Code]....
Access Policies/default device admin/Authorisation Create a new Rule Add the correct AD group in compound condition AD-AD1 attribute ExternalGroups value static in NDG:Device Type - reference the WLC (previously created as device type with ip address) Then in Results reference the above shell profile - Service Desk.
View 2 Replies
View Related
Oct 22, 2012
Customer of mine has 20 AP AIR-BR1310G-E-K9. No controller installed. He use them as Autonomous AP.
Right now ##he wants indroduce a WLC. Due to that every single AP must be converted in LAP AP.
is this action free of charge ? Nedd I SMARTENT COVERAGE ?
View 3 Replies
View Related
Jun 6, 2013
I know that configuration in 8.2.x and 8.4.x is different in terms of NAT and object groups.
I just want to know is it possible to do a direct upgrade from 8.2.3 to 8.4.x ?Secondly, will ASA automatically convert all the configuration from 8.2 to 8.4 format during the reboot after the upgrade?
View 2 Replies
View Related
May 1, 2011
I just started a new Position and they have CATos still runing on some of there 4506 and 6509 switches. I amy trying to come up with a plan to upgrade the switches to IOS but I dont know if they will take it or not. I know I need to get flash Cards to hold the IOS but i need to make sure that I get the right IOS for the Switches.
View 1 Replies
View Related
Nov 16, 2012
I used speed test and got 50 mega bits per second. I tried re downloading tf2 and i was getting 80 kilo bytes, and I am using windows 7. Doesn't 8 mega bits equal 1 mega byte?
View 2 Replies
View Related
Jul 16, 2012
I need to get a connection through a 3 storie structure.
On each floor, I have a cluster of servers set up. Conventionally, I would thread cat6 cables through the building but due to various reasons I cannot do that.
On the ground floor there are 2 ground lines which project a wireless signal.
I'm wondering, is there some way I can convert the wireless signal into an ethernet line? Perhaps through some kind of interfaced adapter. I've thought of buying a throwaway laptop and bridging the connections manually but I'd prefer to avoid that option if there are feasiable alternatives.
View 1 Replies
View Related
Aug 22, 2012
I have a 3602i access point and have been looking to see if it was possible to load a Mesh AP image on the AP?
View 4 Replies
View Related
Dec 11, 2012
I have some remote 1142s that I converted to LAP last night. They are not joing a WLC, but I they are online and I can ping them. Telnet or SSH is disabled by default (WHY???). What can I do to figure out why these access points are not joining the controller?
View 17 Replies
View Related
Nov 29, 2012
We have three Cisco ASA 5520 with 8.2 code in each tower. There are many configuration on the device hence we are using ip to Name to identify the naming conversion. Out of three one firewall naming conversion is not working, I mean after adding name for a IP it is not reflecting vpn tunnels or access lists or Nat config.
View 1 Replies
View Related
Mar 24, 2013
Is AP 1220B (b-only radio) supported for registration to WLC (7.0.x) with Lightweight software? I've managed to convert the AP to Lightweight mode, but I could not get it to register with WLC 2504 (software version 7.0). Is it possible that this AP is only supported if changing the in-built radio module?
In the compatibility matrix [URL] there is an information that this AP is supported on WLC up to version 7.0.x. On the other hand it is not supported by Autonomous to Lightweight Mode Upgrade Tool [URL] Since these APs does not have pre-installed MIC, it is mandatory for them to create Self-Signed Certificate (SSC). Upgrade tool could do this job (along with adding the created SSC hash to the authorized list on WLC), but it does not support this particular AP/radio. If I do the conversion manually (archive download-sw ...), the AP does not have the SSC needed for communication with WLC. I've tried making the SSC manually (instructions found on this site [URL] while AP is autonomous mode, and then converting it to Lightweight, but the AP still could not register to WLC.
In the debugs (on WLC/AP), I am receiving an error that is described in some Cisco troubleshooting documents as something related to WLC not having an SSC hash in the auth list. Problem is that the AP is not even sending standard CAPWAP messages and there is nothing to be seen in "debug pm pki enable" on WLC...
View 6 Replies
View Related
Sep 27, 2010
We are replacing CSM modules with 4710 appliances. Is there a config conversion tool? Have not seen it in any Cisco documents.
View 3 Replies
View Related
Mar 4, 2011
I have a HP OfficeJet 6000 Wireless that I used so far through the Ethernet network. What do I need to do to convert it over to wireless? Can I do this without installing the heavy duty HP SW on each client?
View 4 Replies
View Related
May 21, 2012
is there any issue in buying air-ap1142n-ek9 802.11A/G/N FIXED AUTO AP INT ANT and later on converting it into lightweight under the control of air-ct2504-15k9 2504 WIRELESS CONTROLLER WITH 15 AP LICENSES ?Are there any requirements on the SW of the WLC and the IOS of the AP? The reason of the choice is budget.
View 1 Replies
View Related
Dec 2, 2011
I am having one Cisco ME 3400G-12CS switch with 4 NNI port & 12 UNI port.I want to convert all UNI port to NNI to as meet my client requirements.which Metro IP Access Image IOS version is required to convert those UNI port to NNI.
View 1 Replies
View Related
Apr 4, 2011
I would like to convert some 1142N LAP to Autonomous. Is there a way to do ?
I have noticed a new image : c1140-k9w7-tar.124-25d.JA.tar
I don't see a way to replace the image in flash ?
View 1 Replies
View Related
Nov 4, 2012
We are in the process of migrating to the ASA service modules on both our 6509E switches from our current FWSM. We have used the Cisco conversion tool and applied that to the service module. When viewing the context in ASDM we are unable to view the object names in the right hand pane.
On the FWSM I would see the following under Network Objects:
Network Objects
- JQ-Test
- JQ-Test2
- JQ-Test3
Network Object Group
+ JQ Group
- JQ-Test
- JQ-Test2
- JQ-Test3
Now I have run the conversion tool and applied that to the ASA's I now get the following results.
Network Objects
- 10.1.1.1
- 10.2.2.2
- 10.3.3.3
Network Object Group
+ JQ Group
- 10.1.1.1
- 10.2.2.2
- 10.3.3.3
I am aware that the naming convention on the ASA's are different to the FWSM as you can no longer use the "name 1.1.1.1 JQ-Test1" format but I was hoping that the conversion tool would do this for me.
Is there any way I can get the names of the object back without having to script something that takes the old FWSM format and convert it into an ASA format?
View 1 Replies
View Related
