Cisco Switching / Routing :: 6500 / VSS - Share / Leak Routes Between VRF And GRT
Dec 13, 2012
I have a scenario which is fairly common - certain servers are accessed from the internet via a Load Balancer, and since seeing true client IP is a requirement, the return traffic path must go back through the load balancer. However, I do not want to route all traffic via the load balancer for obvious performance reasons. Internal traffic should be routed directly by the Layer 3 switch, which has a default route of a Firewall.
My plan is to use a VRF for the load balancer and any applicable servers, which works fine. But now I need to join the VRF's routing table with the switch's GRT (global routing table) so that internal traffic works. What is the best way to do this? For scalability reasons I'd like to avoid static routes and I see many examples using BGP, but in this case it seems overkill since everything is on a single logical switch. Can I use OSPF instead? Or a different method? The Supervisors will be 2Ts, so IOS 15.0 will likely be running.
View 2 Replies
ADVERTISEMENT
Oct 15, 2012
6500 - version (s72033_rp-ENTSERVICESK9_WAN-M), Version 12.2(18)SXF17a.I have two ISP's. I have created two defaults as follow & secondary route does not work. [code] After disabling the interface to ISP1, backup routes does not work. [code]
View 2 Replies
View Related
Oct 7, 2012
I am observing some strange behaviour related to the routing table, almost all external routes and some inter-area routes are getting refreshed every 10 seconds.
I am getting more than 1000 entries after running 'sh ip route | i 00:00:0', these external routes are being advertised by a neighbor 6500 which redistributing these static routes.
Platform is 6500 with SUP-720
View 3 Replies
View Related
Mar 26, 2012
Is it possible to issue eigrp leaking routes on catalyst 6500 running IOS 12.2-33SXI9 on gigabitethernet interfaces? or is there another way to acomplish this?
View 10 Replies
View Related
Dec 3, 2011
On my 2691 Router i see the buffer leak due to syslog
2691Router# sh buffers leak
Header DataArea Pool Size Link Enc Flags Input Output User
650743C4 F200084 Small 0 0 0 0 None None Init
[Code].....
View 17 Replies
View Related
May 6, 2013
after upgrading about 35 Catalyst 2960 and Catalyst 2960S to IOS 15.0(2)SE2, we experience a memory leak on several switches. After some days / weeks the switches are not accessible via Console/Telnet/SSH/Web any more. Only SNMP seems to work properly.Attached users do not experience any decrease in service.
Trying to connect to the console, we get following error message:
"% Low on memory; try again later"
The only (temporary) solution is to reboot the switch. The behavior is similar to Bug CSCts52797.With regards to the Bug notes this bug should only affect Catalyst 2960 with 64MB of RAM and should already be solved with IOS 15.0(2)SE2.
We experience the erroneous behavior with
-WS-C2960-48TC-S running IOS 15.0(2)SE2
-WS-C2960S-48LPS-L running IOS 15.0(2)SE2
View 7 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Aug 31, 2010
=>Routing Protocol in Question EIGRP.
=>Two equal metric routes for destination A(through R1 and R2-SVIs on two upstream 6500s)
Traceroute Output, is the output that alternates between 1.1=>10.1=>1.1 normal granted the two routes are "equal metric routes for the same routing procotol in use" or is that "round robin behavior" indicative of a routing problem?
View 11 Replies
View Related
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Apr 29, 2013
I have a pair of N5K's, down stream from them are from Fabric Interconnects and a UCS chassis. Upstream is a stack of 3750's then ASA5510's.
I am trying to backup the config to our TFTP server and I am getting 'no route to host'.. I tried to add a route, and found that N5K uses VRF's for routing?? .. After some looking I see there are two base VRF's 'management' and 'default'.. the management VRF has a default gateway entry and a single interface member (mgmt0).. when I look at the default VRF .. there are no interface members or routing entries.. Ok, I can handle that just add some interfaces and add a default gateway. Then I get lost:
I'm able to access the UCS manager..... so how the heck is that even possible if there's no gateway defined anywhere (or maybe I'm missing something?). My theory was: add all other ports but mgmt0 to the default VRF, and have the default gateway point out of the uplinks (a vPC).. but wasn't sure how that would affect anything and mainly just wanted to know how I was able to access the UCS manager in light of the fact that there is no default gateway anywhere that I could see...
View 7 Replies
View Related
Jul 2, 2012
We have a need to track specifc subnets on our two 6509s, running IOS version 12.2(18)SXF16. Basically, we want to do this:
track 1 192.168.0.0 255.255.255.252 reachability
track 2 192.168.1.0 255.255.255.252 reachability
However, the 6509 IOS only provides the option to track an interface. Is this a feature that's available in later IOS versions?
Is there another way to track these routes? The subnets are used for WAN links at a HQ and DR site and we are doing a specific PBR (sending all http/https traffic) using these subnets. If that WAN link goes down, we want to be able to utilize a backup WAN link to support that traffic.
View 2 Replies
View Related
Apr 9, 2012
I would like to configure few routings on my Cisco router 871 in order to allow my employees to have access only to specific websites.However, since some websites have dynamic IPs propably the route that I will create will not work.
My question is, can I configure a route or is there any other way to configure this permission based on the hostname/domain? For example, if I want to permit access to this website www.surveymonkey.com (75.98.93.51) instead of configuring:
ip route 75.98.93.51 255.255.255.255 192.168.10.250
is there any way to configure based on the url.. in order to be able to recognise this host correctly??
View 2 Replies
View Related
Jan 23, 2012
Im new to cisco routes, Im traing to configure a 1711 routes with a dsl 2wire routes, my problem is that Im able to ping anywhere in the routes, but when Im on my computer I can only ping the interfaces on the router but no the 2wire route that gives me access to the internet.
Cisco 1711 2wire
f0 192.168.200.1(Inside NAT) e0 192.168.1.76( 2wire Nat) 192.168.1.254 (Internet)
My computer is getting ip addres 192.168.200.100 when I ping th 192.168.1.76 is fine, but when I try to ping the 192.168.1.254 does not work, Im assuming the cisco has activated a dinamic route from .76 to .254, but it is not working, why?
Here is the router configuration
Router#show runBuilding configuration...
Current configuration : 1183 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!no aaa new-model!resource policy!memory-size iomem 25ip subnet-zero!!no ip dhcp [Code]....
View 2 Replies
View Related
Aug 3, 2012
Is there a way to set static routes per VLAN?Example VLAN 100 sends all traffic to 192.168.1.1 and VLAN 200 sends all traffic to 10.1.1.1. (2800 Series RTR)I have 5 networks that have their own gateway to the Internet via satellite link. Those networks run over the same infrastructure on separate VLANs. They frequently send traffic to each other, which gets sent over a slow SAT link. I introduced a router to the network and would like to set all my hosts default gateway to the local routers sub-interface then have a static route that send all traffic that is not on one of my 5 networks back to that VLANs respective SAT modem to get routed out over the Internet.
View 4 Replies
View Related
Feb 11, 2013
How filter inbound routes in Cisco ASA OSPF? Because Cisco ASA has no "distibute-list" command for OSFP process configuration, I try to use "filter-list" command in area definition. So, I try to use next configuration:
R1 (Cisco 3660):
skip
!
router ospf 1
[Code].....
View 2 Replies
View Related
Jan 1, 2013
we have a 2800 series router functioning as our internet router and it will only forward packets to addresses with host entries in the routing table even if the network is directly connected.
View 18 Replies
View Related
Nov 15, 2011
On a 4507 v12.2(20)EW, the connected subnets which are declared in the ospf instance are not propagated to the MPLS carrier router.Only the static routes which are redistributed in the ospf instance are propagated to the MPLS carrier router.
View 1 Replies
View Related
May 14, 2013
I have a Routing issue with one of my SG300-28P units. It has several Trunked VLANs. I think I habe Narrowed it down to a Default Route on the offending SG300 though I cannot see to change or delete any of the Static Routes on the unit. I can Add Routes with no issues, but once Added I cannot Edit or delete them.
View 1 Replies
View Related
Apr 2, 2013
I'm a bit perplexed atm with trying to set up multiple failover routes on a 2821 router. Let me say that I have more experieince in a switched network as routing is seldom required where I work atm. Here's my problem. I have a routing table set up as follows but only the primary routes work. The failover routes will not kick in once the primary route is not there.
ip route 10.32.11.0 255.255.255.0 128.32.8.11
ip route 10.32.11.0 255.255.255.0 128.32.24.11 100
ip route 10.32.12.0 255.255.255.0 128.32.8.12
ip route 10.32.12.0 255.255.255.0 128.32.24.12 100
ip route 10.32.14.0 255.255.255.0 128.32.8.14
ip route 10.32.14.0 255.255.255.0 128.32.24.14 100
Ip addresses are not exact but it gets the point across.
Why the failover routes are not failing over? The failover routes work if I remove the primary route from the config.
View 9 Replies
View Related
Feb 13, 2013
I have a 3560 with IP base that is acting as a true EIGRP stub router today. It advertises local routes to the upstream service provider router and receives a default route.
Now I want to connect a 3900 ISR as a voice gateway. The 3560 does not seem to be advertising any routes to the 3900. Ok the EIGRP stub doc says this:
Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router.
# Any neighbor that receives a packet informing it of the stub status will not query the stub router for any routes, and a router that has a stub peer will not query that peer. The stub router will depend on the distribution router to send the proper updates to all peers.
I guess I don't understand why the stub advertises local routes to the upstream ISP router but does not seem to advertise routes to the 3900. Does the stub identify the ISP router as the distribution router somehow, thus differentiating it from the 3900? If so, how is this done?
show ip eigrp neighbor detail on the 3900:
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
[Code].....
View 4 Replies
View Related
Nov 1, 2012
I have a WS-C3750G-24T-S layer 3 switch and I need to configure independent routes for a specific network, I'm trying to use VRF but it is not working for me. I tried using route-map but it seems the switch doesn't support that, so I'm stuck with VRF, but I think I'm not doing it right. The topology is as follows:
I have a network directly connected to a vlan and I need to forward all the traffic I get on this VLAN using a tunnel to a router. I think the problem is that in order to use the tunnel I need to utilize another VLAN which isn't part of that VRF. I attach the configuration I'm using to better understand what I'm trying to do:
layer-3 switch:
ip vrf TEST
rd 1:1
interface Tunnel1
ip vrf forwarding TEST
ip address 172.17.0.1 255.255.255.252
tunnel source 10.245.0.9
tunnel destination 10.250.4.31
[Code]....
And this is how my routing table looks on this router:
172.17.0.0/30 is subnetted, 1 subnets
C 172.17.0.0 is directly connected, Tunnel4
C 10.250.4.0/24 is directly connected, Vlan404
S 10.245.0.8/29 [1/0] via 10.250.4.1
S* 0.0.0.0/0 [1/0] via 10.1.60.15
View 2 Replies
View Related
Mar 5, 2013
We have a 6509 series of core switches and 3750 series of L2 switches, There is no default gateway or any static routes to any IP.VLAN 1 is made admin down and another vlan is used for all communication here in this environment
Attached is configuration for reference But still I am able to take telnet or SSH. I want to know how telnet or SSH or tacacs authentication happens without any static or default route.
View 4 Replies
View Related
Mar 17, 2013
If a router receives EIGRP (AD90) routes, and is configured to redistribute thoes routes into BGP(AD20), why does the RIB show only the incoming EIGRP routes and not the redistributed bgp routes? Are redistributed routes considered for RIB entry in the router that is doing the redistribution
View 2 Replies
View Related
Nov 11, 2011
I was trying to find if it's possible to add the option for static routes for DHCP clients on Cisco IOS DHCP config mode. I'm looking to add a settings as defined on RFC 3442, like this one, set on ISC DHCPd server:
Global settings:
option rfc3442-classless-static-routes code 121 = array of integer 8;
option ms-classless-static-routes code 249 = array of integer 8;
And for the subnet declaration:
option rfc3442-classless-static-routes 24, 192, 168, 30, 192, 168, 10, 1;
option ms-classless-static-routes 24, 192, 168, 30, 92, 168, 10, 1;
View 5 Replies
View Related
Jun 10, 2013
Is there any way to have my Cisco 877W Router alter from using one static route to another static route when another router on the network is reporting destination host unreachable?
Router 1 (192.168.2.253)
Dialer0 -> ppoe to internet
Vlan1 -> local 192.168.2.0/24
Router 2 (192.168.2.254)
Dialer0 -> ppoe to managed VPN (172.16.28.1)
Vlan1 -> local 192.168.2.0/24
Router 2 is connected to another network through a managed VPN and that network also has internet access. I want to be able to have two routes to the internet on Router 2. And when Router 1 internet goes down packets get routed through the VPN instead.
I currently have on Router 2
ip route 0.0.0.0 0.0.0.0 192.168.2.253
ip route 10.0.0.0 255.255.255.0 Dialer0
ip route 0.0.0.0 0.0.0.0 172.16.28.5 250
Which does nothing when Router 1 has its Dialer0 interface shutdown, or goes offline completely.I suspect I could reverse the setup and have everything routed through the VPN by default and then if / when Dialer0 interface goes down it would switch to using Router 2, but if the problem is in the remote network and interface Dialer0 stays up, it would probably do the same thing... nothing.All devices mentioned are Cisco 877W routers with ADSL and a bunch of fast ethernet interfaces.
View 2 Replies
View Related
Apr 8, 2011
Is there a way in EIGRP to prefer external routes versus internal routes. EIGRP always picks up internal routes as long as they are available, no matter if external routes have better metric. Our Scenario is that we have DMVPN hub and spoke topology running EIGRP 101. The Core routers also on EIGRP 101 prefer EIGRP 101 routes. We have the new MPLS network running BGP and redistributing these BGP routes into EIGRP 101. The core routers prefer EIGRP 101 routes (internal) to redistributed BGP (external) routes.
View 9 Replies
View Related
Jul 1, 2012
I want to leak default internet route to CE VRF as common service.Since we having two ASBR, can I point next hop to PE itself instead of either of the ASBR?I tried to point NH to loopback of the PE itself but it failed.
View 6 Replies
View Related
Jan 21, 2012
As per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Jan 24, 2013
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
View 1 Replies
View Related
May 9, 2013
I'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
View 3 Replies
View Related
Jun 2, 2012
I used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
swsur(config)#ip routing
[Code]....
View 3 Replies
View Related
Oct 30, 2011
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
View 2 Replies
View Related
