I am observing some strange behaviour related to the routing table, almost all external routes and some inter-area routes are getting refreshed every 10 seconds.
I am getting more than 1000 entries after running 'sh ip route | i 00:00:0', these external routes are being advertised by a neighbor 6500 which redistributing these static routes.
Platform is 6500 with SUP-720
How filter inbound routes in Cisco ASA OSPF? Because Cisco ASA has no "distibute-list" command for OSFP process configuration, I try to use "filter-list" command in area definition. So, I try to use next configuration:
R1 (Cisco 3660):
skip
!
router ospf 1
[Code].....
On a 4507 v12.2(20)EW, the connected subnets which are declared in the ospf instance are not propagated to the MPLS carrier router.Only the static routes which are redistributed in the ospf instance are propagated to the MPLS carrier router.
View 1 Replies View Related6500 - version (s72033_rp-ENTSERVICESK9_WAN-M), Version 12.2(18)SXF17a.I have two ISP's. I have created two defaults as follow & secondary route does not work. [code] After disabling the interface to ISP1, backup routes does not work. [code]
View 2 Replies View RelatedI have a scenario which is fairly common - certain servers are accessed from the internet via a Load Balancer, and since seeing true client IP is a requirement, the return traffic path must go back through the load balancer. However, I do not want to route all traffic via the load balancer for obvious performance reasons. Internal traffic should be routed directly by the Layer 3 switch, which has a default route of a Firewall.
My plan is to use a VRF for the load balancer and any applicable servers, which works fine. But now I need to join the VRF's routing table with the switch's GRT (global routing table) so that internal traffic works. What is the best way to do this? For scalability reasons I'd like to avoid static routes and I see many examples using BGP, but in this case it seems overkill since everything is on a single logical switch. Can I use OSPF instead? Or a different method? The Supervisors will be 2Ts, so IOS 15.0 will likely be running.
We have an existing network with a core 6500 as a VSS connecting 4 buildings with 4500 chassis under which number of L2 switches are connected. Currunlty we are using RSTP in ring for redundancy but we want to use OSPF in LAN for faster conversion.All the VLAN's are created on 6500.
View 4 Replies View RelatedI manage a small/medium sized campus network consisting of 4 Cisco 6500 series chassis (each with SUP720's) and a couple hundred Cisco 3550/3560/2960 edge switches. We recently completed a new leg of fiber that will make a completed loop between all of the 6500's .... before I make the pyhsical connection I need to figure out my OSPF entries on each 6500 switch.
View 4 Replies View RelatedIs it possible to issue eigrp leaking routes on catalyst 6500 running IOS 12.2-33SXI9 on gigabitethernet interfaces? or is there another way to acomplish this?
View 10 Replies View RelatedWe are cutting over from 6500 IOS to Nexus 7000 and have hit "Maximum ospf feature instance limit reached." as we configured up the 7 existing ospf processes - the limit is 4. These existing processes are for various vrf contexts we have. I see you can run multiple vrf contexts under one process - but how does that work in a mixed environment where the ospf neighbours are still ios 6500s? They still expect to see different ospf process id per vrf.
View 2 Replies View RelatedWe have an OSPF network with four 6500 Distribution Switches. They are fully meshed and see each other as peers and are sharing routes. Off of one pair (Border) there is a setup of 3750G siwtches that go off to another network and they do not run OSPF. Between the Border Dist and the 3750G Switches we run HSRP. The 3750G side uses HSRP GP 192 and the Dist Side uses HSRP 192.There are static routes on the 3750G pointing to the Dist HSRP address to get back to network.Pings fail from the OSPF side to the HSRP address on the 3750G side.If I do a trace from the OSPF side to the HSRP address it hits one border dist switch then the other and fails.If I have static routes on both border dist switches pointing to the HSRP on the 3750side, do we need to change the metric on one dist so that it is preferred over the other or should the router Id take care of that?
View 1 Replies View RelatedHow can I make sure R11 is able to get the OSPF routes of all the areas. Make sure area-278 does not receive any ospf routes from other areas as well as from ASBR routes from other areas. At the same tim, area-278 should be able send successfully RIP routes that we receive from R2 to backbone area.
View 1 Replies View RelatedIs there a way in EIGRP to prefer external routes versus internal routes. EIGRP always picks up internal routes as long as they are available, no matter if external routes have better metric. Our Scenario is that we have DMVPN hub and spoke topology running EIGRP 101. The Core routers also on EIGRP 101 prefer EIGRP 101 routes. We have the new MPLS network running BGP and redistributing these BGP routes into EIGRP 101. The core routers prefer EIGRP 101 routes (internal) to redistributed BGP (external) routes.
View 9 Replies View RelatedI am facing two issues in BGP both the topology and Config files.Because the link between Vail and Telluride runs iBGP, both routers will learn about the networks in AS 300 and AS 400 through native BGP only and both AS's do reach each other. Both routers are also running OSPF with Aspen and BGP routes are redistributed into OSPF domain. Now, Aspen knows about the networks in AS 300 and AS 400. Now suppose the link between Vail and Telluride fails, both AS 300 and AS 400 can't reach each other anymore. The only solution to this is to redistribute OSPF routes to BGP on Vail and Telluride. But when i did this, only routes with "O" learned by Tahoe and Alta. In other words, Tahoe sees only 192.168.1.220, 192.168.1.196 and Alta sees only the same routes. Why the redistribution from OSPF to BGP didn't advertise the O E2 routes?
This actually was discussed before but i still can't get it. It is not an actual issue.It is about "Syncronization". I know that we've said many times to turn on Sync. when we do redistribution from BGP to an IGP to make sure that the routes are installed correctly in the IGP routing table. However, as you notice in the configuration, i didn't enable Sync. on Vail and Telluride for a long time and redistribution still works fine.
I just want to know how many ospf routes a catalyst 3740 support ?The cisco doc or datasheets doesn't answer this clearly. Because there is only a statement "unicast routes"!? Does this means all unicast routes (eigrp, ospf....static)If so, there is a statement for about 10k routes ?
View 3 Replies View RelatedI have a Cisco 2620XM Router, running ver. 12.2 (7r). I have OSPF connected, however the OSPF routes are not populating in the sh ip route display. The neighbor relationship is established. The sh ip ospf database does display the other routers running ospf, however only connected (C) and static (S) routes appear.
View 3 Replies View RelatedWe are redistributing routes from BGP to OSPF and we want to filter out some of this routes from the OSPF proccess to be announced to neightbours.We want to announce some networks from ASR#1 to Catalyst. We are redistributing them from BGP to OSPF Area 0. Then, to prevent loops in the topology, these routes have to be filtered out from been redistributed from Area 0 to Area 1 in the Catalyst, so Enterasys appliances don't install those routes through OSPF but to point them out through default route to ASR#2.Is it possible with only one OSPF proccess or we have to separate OSPF in two proccess to redistribute between them?
View 8 Replies View RelatedWe have multiple sites that are linked via MPLS (L3) circuits. We have good size circuits for Internet at two main sites (HQ and QC) and smaller sites come to HQ site to go to internet. We are running ospf (Cisco L3 switches) with service provider (ME3400) at these two main sites and service provider then redistributes routes back into MPLS via BGP and then smaller sites ME3400 learn these routes. i am injecting default routes from HQ and QC, but Telco is only redistributing default from HQ. So large pipe Internet at QC is not being used effeciently. Also if MPLS at HQ fails, then we are told, we need to call Telco and they will make change in their network to now start distributing default from QC.it was my understanding that telco can use BGP communities and advertize one default as prefered and second with higher cost, so that failover can occur automatically. And that they can also set up so that west cost sites use HQ and east cost sites can use QC for going to internet, but they say it is not possible.it the least, can I do something like this at my end for failover for internet, in case MPLS at HQ goes down (soon we will be setting up a point to point VPN tunnel between HQ and QC so that MPLS failure at HQ will trigger advertisement of HQ routes over tunnel via QC into MPLS, so other sites can then come to HQ thru QC over this tunnel. At QC Cisco router (to detect loss of default route from HQ and then start advertizing default from QC)
router ospf 1
default-information originate always route-map From_HQ
exit
ip access-list standard From_HQ
[code]....
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View Related=>Routing Protocol in Question EIGRP.
=>Two equal metric routes for destination A(through R1 and R2-SVIs on two upstream 6500s)
Traceroute Output, is the output that alternates between 1.1=>10.1=>1.1 normal granted the two routes are "equal metric routes for the same routing procotol in use" or is that "round robin behavior" indicative of a routing problem?
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
Core: DC : 2- 6500 (PO Trunked) Configured L3 vlan interfaces with HSRP.
Vlans:
Servers - 192.168.5.0/24
PCs: 192.168.10.0/24
Phones : 192.168.20.0/24
Replica-exchange: 192.168.30.0/24
DR- One Core SW:
Vlans:
Servers vlan - 10.10.5.0/24
PCs: 10.10.10.0/24
Phones : 10.10.20.0/24
Replica-exchange: 10.10.30.0/24
OSPF is the routing protocol. Everything works fine.New requirement (exchange 2010 MAPI & DAG subnets)
192.168.5.0 <--> 192.168.30.0 & 10.10.30.0 : Communication should fail
10.10.5.0/24<--> 192.168.30.0 & 10.10.30.0 : Fail
Replica@DC <--> Replica@DC: work
Replicas --> Rest of the nw- not that of an issue.
Iam thinking of adding a Extended ACLs on Replica-Exchange (DC & DR) and servers Vlan interfaces to block bidirectional communication.
CORE1 &2:
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.30.0 0.0.0.255access-list 101 deny ip 10.10.5.0 0.0.0.255 192.168.30.0 0.0.0.255access-list 101 permit ip any any
!access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.5.0 0.0.0.255
[code]....
Similar to the same on DR as well. I wanted to see if ACL is the way to go or any other suggested methods with OSPF being the routing protocol.
I have a pair of N5K's, down stream from them are from Fabric Interconnects and a UCS chassis. Upstream is a stack of 3750's then ASA5510's.
I am trying to backup the config to our TFTP server and I am getting 'no route to host'.. I tried to add a route, and found that N5K uses VRF's for routing?? .. After some looking I see there are two base VRF's 'management' and 'default'.. the management VRF has a default gateway entry and a single interface member (mgmt0).. when I look at the default VRF .. there are no interface members or routing entries.. Ok, I can handle that just add some interfaces and add a default gateway. Then I get lost:
I'm able to access the UCS manager..... so how the heck is that even possible if there's no gateway defined anywhere (or maybe I'm missing something?). My theory was: add all other ports but mgmt0 to the default VRF, and have the default gateway point out of the uplinks (a vPC).. but wasn't sure how that would affect anything and mainly just wanted to know how I was able to access the UCS manager in light of the fact that there is no default gateway anywhere that I could see...
We have a need to track specifc subnets on our two 6509s, running IOS version 12.2(18)SXF16. Basically, we want to do this:
track 1 192.168.0.0 255.255.255.252 reachability
track 2 192.168.1.0 255.255.255.252 reachability
However, the 6509 IOS only provides the option to track an interface. Is this a feature that's available in later IOS versions?
Is there another way to track these routes? The subnets are used for WAN links at a HQ and DR site and we are doing a specific PBR (sending all http/https traffic) using these subnets. If that WAN link goes down, we want to be able to utilize a backup WAN link to support that traffic.
I would like to configure few routings on my Cisco router 871 in order to allow my employees to have access only to specific websites.However, since some websites have dynamic IPs propably the route that I will create will not work.
My question is, can I configure a route or is there any other way to configure this permission based on the hostname/domain? For example, if I want to permit access to this website www.surveymonkey.com (75.98.93.51) instead of configuring:
ip route 75.98.93.51 255.255.255.255 192.168.10.250
is there any way to configure based on the url.. in order to be able to recognise this host correctly??
Im new to cisco routes, Im traing to configure a 1711 routes with a dsl 2wire routes, my problem is that Im able to ping anywhere in the routes, but when Im on my computer I can only ping the interfaces on the router but no the 2wire route that gives me access to the internet.
Cisco 1711 2wire
f0 192.168.200.1(Inside NAT) e0 192.168.1.76( 2wire Nat) 192.168.1.254 (Internet)
My computer is getting ip addres 192.168.200.100 when I ping th 192.168.1.76 is fine, but when I try to ping the 192.168.1.254 does not work, Im assuming the cisco has activated a dinamic route from .76 to .254, but it is not working, why?
Here is the router configuration
Router#show runBuilding configuration...
Current configuration : 1183 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!no aaa new-model!resource policy!memory-size iomem 25ip subnet-zero!!no ip dhcp [Code]....
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET
LAB IP Range = 172.16.300.0 /24
GW = 172.16.300.1 (On FW int)
Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
We have 2 sites, each with 2 x 4506 switches which will be connected togther using an etherchannel. The switches will provide access ports for client devices and will be configured with HSRP to provide gateway redundancy. SW1 will be HSRP active.2 metro ethernet links will be installed in each site which will connect back to our HQ sites. OSPF will be used over the backbone to provide resiliency and to allow shortest path routing to each HQ and to prevent traffic over the HQ to HQ link.
The 4506 will be trunked togther with an SVI for providing OSFP adjacency.For the traffic flow from SW2 to HQ2, traffic will hit SW1 and then route back to SW2 and then to HQ2. Is this the best way to do this? Should a second link be connected between switches just for routing or should something like GLBP be used?
I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists. However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.
Here is the config on the ABR:
prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32
!
!
router ospf 1
network 10.0.0.0 255.255.255.0 area 0
network 10.150.10.0 255.255.255.0 area 10
network 10.150.252.0 255.255.255.224 area 10
[code]....
The 206.253.180.137 host is actually coming from Area '3'. Am I doing something that is removing all type-3 LSA's?
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
Does 800 series routers support OSPF or EIGRP? Command for EIGRP is available but when you try to run it, you get that "protocol is not available in the image". Is there a specific image that I can get that will support either of these two on a Cisco 851 or 861?
View 4 Replies View RelatedIs there a way to set static routes per VLAN?Example VLAN 100 sends all traffic to 192.168.1.1 and VLAN 200 sends all traffic to 10.1.1.1. (2800 Series RTR)I have 5 networks that have their own gateway to the Internet via satellite link. Those networks run over the same infrastructure on separate VLANs. They frequently send traffic to each other, which gets sent over a slow SAT link. I introduced a router to the network and would like to set all my hosts default gateway to the local routers sub-interface then have a static route that send all traffic that is not on one of my 5 networks back to that VLANs respective SAT modem to get routed out over the Internet.
View 4 Replies View Relatedwe have a 2800 series router functioning as our internet router and it will only forward packets to addresses with host entries in the routing table even if the network is directly connected.
View 18 Replies View RelatedI have a Routing issue with one of my SG300-28P units. It has several Trunked VLANs. I think I habe Narrowed it down to a Default Route on the offending SG300 though I cannot see to change or delete any of the Static Routes on the unit. I can Add Routes with no issues, but once Added I cannot Edit or delete them.
View 1 Replies View Related