Cisco Switching/Routing :: Deploy OTV Using ASR 1001 Between 2 Data-centers?
Apr 9, 2013
deploy OTV using ASR 1001 between 2 data-centers? We want to acquire HSRP localization there, but at this moment I can only see lots docs are saying how to do this on N7K, not ASR. I saw it has a FHRP filtering enabled by default when the OTV configuration is done, and also see there is a access-list created by default call otv_filter_fhrp, Im just wondering besides this IP ACL there should be MAC ACL applied?
View 3 Replies
ADVERTISEMENT
Jan 28, 2012
Multicast is not working between our two datacenter, we have catalyst 2960S (two stacked) as the internal lan switch, and catalyst 3560E as the external switch, same configuration for both datacenters.The two sites are connected using metro, the external switch (3560) is doing qinq and encapsulate the data from the internal switch with the metro vlan (611).
IGMP snooping is disabled for all switches, although we prefer to enable it for the internal switches.For each datacenter there is a different firewall which also act as the router, we are using fortigate as the firewall.Following is the important configuration section:
Port 43 in the internal switch is connected to the external switch (both sites):
interface GigabitEthernet1/0/43
switchport mode trunk
load-interval 30
Port 3 in the external switch connected to the internal switch (both sites):
interface GigabitEthernet0/3
switchport access vlan 611
switchport mode dot1q-tunnel
no cdp enable
no cdp tlv server-location
no cdp tlv app
Port 8 on the external switch connected to the metro link (both sites) vlan 350 is the internet and 611 is the metro:
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 350,611
switchport mode trunk
vlan 611 on external switch:
interface Vlan611
ip address 192.168.168.2 255.255.255.0
no ip route-cache
no ip mroute-cache
View 6 Replies
View Related
Apr 7, 2013
im currenly configuring a 4500X with 16 port. All sfp are 1Gig, but when I input show ip int brief, it shows that the interfaces are on 10 Gig. Does Catalyst 4500X already support the 1Gig SFP without inputting a command or do I have to configure it to activate the 1Gig interface?
View 6 Replies
View Related
Jan 31, 2013
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter :
sh policy-map interface gigabitEthernet 0/0/0 service instance 1
GigabitEthernet0/0/0: EFP 1
Service-policy input: MARKING-OTV
Class-map: Platforme_DC (match-any)
[code].....
View 9 Replies
View Related
Mar 24, 2013
when i make a trace route on an ASR 1001 router to 172.23.30.7 I get the following output:
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.99.192 0 msec
192.168.99.191 1 msec
192.168.99.192 0 msec
2 172.23.30.243 1 msec 1 msec 1 msec
3 172.23.30.7 1 msec 1 msec 1 msec
Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
View 2 Replies
View Related
Dec 11, 2012
I am migration an IPsec site to site VPN config to a new ASR1001 router «facing» a Linux box (ipsec-tools + racoon). As the Debian Linux does not offer VTI, I am using a crypto map.
The working config is given below with the corresponding logs on the Linux side.
When I try to apply this previously working config to the ASR1001, I get the following error :
000855: *Dec 12 18:28:21.859 UTC: %ACE-3-TRANSERR: IOSXE-ESP(14): IKEA trans 0x1350; opcode 0x60; param 0x2EE; error 0x5; retry cnt 0
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: initiate new phase 1 negotiation: 194.214.196.2[500]<=>130.120.124.8[500]
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: begin Identity Protection mode.
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: DPD
Dec 12 18:50:19 FAKE-AUCH-GW racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt(code)
View 8 Replies
View Related
Dec 18, 2011
I have a few new ASR 1001s throwing false environmental alerts.According to the logs, the inlet temp is in excess of 100 degrees C.When I telnet to the routers, they're well within tolerance (30-32C),Running 15.1(1)S and bug toolkit shows no related issues or caveats.
View 1 Replies
View Related
Dec 23, 2012
I was wondering if I am able to add a redundant power supply to an asr 1001 router that is in production without losing connectivity or causing any diruption to the Users - is it hotswappable?
View 1 Replies
View Related
Oct 30, 2012
I'm configuring CoPP for an ASR 1001 router with consolidated IOS XE Version: 03.07.01.S. And I'm trying to use 'DROP' command under policy map to drop.un wanted traffic. But the drop command is not listed.
[code]...
View 6 Replies
View Related
Aug 8, 2012
We've got a doubt about the uplink ports of this supervisor. I've read that you have to use the four ports in 10G mode or in 1G mode, but not use for example 1 port in 10G mode and 1 port in 1G mode:
But, you can read in another sentence: " Beginning with Cisco IOS Release 12.2(25)SG, you could simultaneously deploy the dual 10-Gigabit.Ethernet ports and the four Gigabit Ethernet SFP ports on the Catalyst 4503, Catalyst 4506, and Catalyst 4507R chassis." Is it posible deploy simultaneously both type of ports?
View 2 Replies
View Related
Oct 26, 2011
what license do I need to create a IPSEC tunnel? I have an ASR 1001, running? [code]
View 2 Replies
View Related
Oct 8, 2012
Lucien is a customer support engineer at the Cisco Technical Assistance Center. He currently works in the data center switching team supporting customers on the Cisco Nexus 5000 and 2000. He was previously a technical leader within the network management team. Lucien holds a bachelor's degree in general engineering and a master's degree in computer science from Ecole des Mines d'Ales. He also holds the following certifications: CCIE #19945 in Routing and Switching, CCDP, DCNIS, and VCP #66183
View 1 Replies
View Related
Feb 21, 2013
I have a problem to solve in our data center, see attached drawing. HW: Our core switches consists of two stacked C3750 with ip routing. What I want to do is probably simple but I haven't been able to figure out the best method.
VLAN10 and VLAN20 should not be able to communicate with each other. (ACLs?)VLAN10 will have it's own default route/firewall. Both VLAN10 and VLAN20 should be able to send server backups to server in VLAN30. All 3 V LANs come in on a trunk from a pair of stacked C2960-S. I need it to be able to scale if we have 50 VLANs for instance, hopefully without long complicated ACLs. I've been considering VRF's, PBR but can't decide what's the simplest solution to this problem. I have never done this before so I would prefer to start off on the right foot.
View 1 Replies
View Related
Feb 18, 2012
I just managed to get my hands on a CISCO 871 router but when I turn it on I have some errors:
*** Data Access Exception ***
PC = 0xfff3026c, Vector = 0x300, SP = 0x8000498c
The first time I powered on the router it booted, then I turn it off and since then I have this errors every time it boots up. If someone can give some info about the errors so I can try to remediate.
[Code]....
View 1 Replies
View Related
Nov 18, 2012
For the past few days I've been attempting to configure a data T1 on a Cisco 1760, but I'm stuck at:
Serial0/0 <our ip address> YES NVRAM up down
To provide a bit of background. This router used to be configured with a T1 via Frame-Relay; which worked fine. Now we recently change offices and providers, and the provider did not offer any information as to which encapsulation type to use, and if Frame-Relay which DLCI to use, etc.
Now I've been trying to setup the T1 connection and testing various settings such as encapsulation HDLC and PPP, but no luck. I also played around with the line codes and framing; which resulted in the following framing sf int down, line prot down, framing esf int up, line prot down. Regardless no luck.
Now I've been following several guides and examples mainly the following: [URL] In this guide they make mention of a WIC-1DSU-T1-V2, but as you can see in the show diag snippet at the bottom; we have a WIC-1DSU-T1 version 1.5. I dont' know if this poses a problem for us.
Throughout the entire process I've seen a few irregularities for example:
1. Router(config-if)#service-module t1 cablelength short 110ft
^
% Invalid input detected at '^' marker.
The IOS doesn't recognize any command with service module t1 ca , and the only recognized command with C is clock.
2. If I enter the following list of commands under the serial interface:
!
interface Serial0/0
ip address 10.0.0.51 255.0.0.0
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 timeslots 1-12 speed 64
[code]...
And I do a sh run all I get is the following:
!
interface Serial0/0
ip address 10.0.0.51 255.0.0.0
load-interval 30
!
Although i can do a show service-module s0/0 I can see all of the configured parameters (see below)
Module type is T1/fractional
Hardware revision is 0.128, Software revision is 0.2,
Image checksum is 0x73D70058, Protocol revision is 0.1
Receiver has no alarms.
Framing is ESF, Line Code is B8ZS, Current clock source is line,
Fraction has 24 timeslots (64 Kbits/sec each), Net bandwidth is 1536 Kbits/sec.
Last module self-test (done at startup): Passed
[code]...
View 19 Replies
View Related
Feb 7, 2011
I am trying to connect a cisco catalyst 3750g-48ts with our exsiting 3com corebuilder 9000 using the SFP ports, I have established a link and the interface is up.
The issue is that no data is passing through between the two, everything looks like it's up and enabled, spanning tree has detected the uplink port and has automatically set it to forward, both devices suggest the link is in place and the lights are on .
View 12 Replies
View Related
Jan 12, 2013
I am really new to Cisco and having a hard time with my Cisco 2800 series.
I have two sites connected with each other Site A and Site B (Using the same Cisco 2800). Now site A can connect to site B on the Cisco and the internal network, but site B can only see the Cisco and not the internal network of site A. So all the traffic is coming in to site B but can't break out of site B. I have tried everything I can think of but again my knowledge of Cisco is not good at all.
View 11 Replies
View Related
Nov 26, 2012
We recently purchased two 3750-X 48-port switches. We are in the process of connecting the Data Stack and StackPower cables. The question we have is what is the recommended Data Stack and Power Stack cable configuration if you only have two switches? All of the documentation that we have seen is for three or more switches.
Data Stack: Our assumption is that we will go from Stack 1 on the top switch to Stack 2 on the bottom switch. Do we need to then connect another cable from Stack 2 on the top switch to Stack 1 on the bottom switch? We would think not, but figure we should check. We plan on adding another three in the next budget year, which starts in May.
StackPower: Our assumption is that we will go from S-PWR on the top switch to S-PWR XPS on the bottom switch. Do we need to then connect another cable from S-PWR XPS on the top switch to S-PWR on the bottom switch? We would think not, but figure we should check.
View 1 Replies
View Related
Apr 23, 2012
We are currently experiencing random multicast data dropouts on ports that are connected to a 3750X in VLAN ports. A test PC was connected to a routed port and we do not have any dropouts of the multicast data.We also took a 2960G and plugged it into VLAN ports on the 3750X. Any test PC that is on the 2960G does not lose traffic. The traffic only drops on PCs that are connected to a port on the 3750X that is in a VLAN. The data drops are random and last approximatly 55-59 seconds before we start receiving multicast traffic again.
I do not see any input/output errors on the interfacessh platform port-asic stat drop also show no drops
CPU runs at about 50% on the 3750X
Below is the configuration of the 3750X
Building configuration...
Current configuration : 8454!!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-
[Code]......
View 2 Replies
View Related
Feb 22, 2012
Cisco c4948e switch log is showing :
COMPACTFLASHNOTREADY: Compact flash is not ready
Feb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
COMPACTFLASHNOTREADY: Compact flash is not readyFeb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
Checked the data sheet and is not supported. Why we get this log from the switch? is it cosmetic?
AME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 10GE (SFP+) Supervisor with 48 10/100/1000BASET ports and 4 10GE SFP+ port"PID: WS-C4948E , VID: V01 , SN: CAT1425S0NZ
NAME: "TenGigabitEthernet1/49", DESCR: "SFP-10Gbase-SR"PID: SFP-10G-SR , VID: V02 , SN: AGD132134ER
NAME: "TenGigabitEthernet1/50", DESCR: "1000BaseLH"PID: Unspecified , VID: , SN: FNS141203YF
[code]...
View 3 Replies
View Related
Sep 26, 2012
How can i add two data vlans on cisco 2960 on one interfase? i have 3 mac adresses on one interfase: one PC, one ipphone and one XP virtual machine(VM). PC and VM are in one data vlan and phone is in voice vlan. i need to place the VM in another data vlan is it possible? if so could you give me a link or place information here.
View 2 Replies
View Related
Mar 25, 2012
How can I collect the data about the traffic on my Cisco 2960S? Have I use only the snmp? Any workaround for simulate a netflow? The IOS c2960s-universalk9-mz.150-1.SE2.bin.
View 2 Replies
View Related
Jan 11, 2012
Any recommendations for top of rack switch for within our data centre.Dual power is a requirement, but bandwidth and through put will not be huge as such I have been looking atthe WS-C3560X-48T-L and the Nexus 3048.
View 1 Replies
View Related
Jun 9, 2013
I'm setting up a montitor session on a NEXUS 7K as below.we are receiving in 150M of data and 0 data going out port 9/25.but port 4/24 shows 300M to the span port?
View 1 Replies
View Related
Jun 4, 2013
If we configure a Voice and Data VLAn on a switch. And connect EX90 on voice VLAN and PCwith EX90 terminals. Than can we able to share a presentation or data with EX90 or not?
View 3 Replies
View Related
Feb 5, 2013
I am trying to connect a Control network that can not have access to the Internet, or any other network for that matter, to my Admin network so that I can retrieve trend data about the plant that goes into a database. Right now the process is print information, hand jam into excel spreadsheet, print again, and hand jam into another excel spreadsheet on the other network. Reports are printed automatically once a day, but would like a simplified way of getting data from one network to the other without having to re-enter data several times. Current policies stipulate no USB drives connected to Control systems. Even if we could loosen that, personnel needed to transfer data is not available and going to each individual machine would take more time than current system.Now that background is laid, I have two 2911 ISR routers with EIGRP configured, each with a 4 port EHWIC card. The 3 L3 ports on the router are setup as follows: interface G0/1 to the internet, interface G0/2 to a wireless back haul, and interface G0/0 for IT network. I then have 3 VLANs setup on the EHWICs for our Admin network. We will move the IT network to a VLAN on the remaining EHWIC port and connect the two 2911's through the G0/0 interface. I am going to have one computer on my Administration network dedicated to receiving the information and have a program that will take that data and import it to a database. I need to allow only that computer to receive traffic from the Control network and I need no traffic to flow back into the Control network. In other words I will transmit data from the control network to the admin computer using one protocol (TFTP more than likely) and block any other traffic coming out of and going into the Control network.
View 1 Replies
View Related
Apr 9, 2013
I have a Cisco 6500 which has two VLANs defined
VLAN 30 for Data VLAN
VLAN 31 for Voice VLAN
I have two Cisco 3750 switches.both switches are connected to IP Phones.the configuration of Cisco 6500 Trunk Port to Cisco 3750 is [code] On Cisco 3750, the trunk port to 6500 has the configuration [code].The IP Phones connected to the Cisco 3750 are 7911,7979, 7940, 7961.
All phone are working fine, the phones get their ip address from voice vlan, and systems connected to phones get from data vlan, except 7940/7960.
These two models of IP Phones remain on Configuring IP, and when you check the IP Settings, it gives Data VLAN IP, which does not have a TFTP.once you manually enter TFTP address in the field, it registers instantly, due to ip routing in the network.
these phones were working fine before, but suddenly few days back they went out of the network, and still are in Configuring IP state.I also tried to convert these ports connected to 7940/7960 to access ports [code] but still the IP is taken from the Access Vlan (30). Even If you configure a single VLAN on these ports, the IP phones then never get the IP.
View 6 Replies
View Related
Nov 5, 2012
have multicast data across OTV extensions? We run OTV between two pairs of Nexus 7000 in different datacenters with mcast underlying encapsulation. We stretch 10 or so vlans between the sites. We have encountered multiple bugs over the last two years and had to upgrade code and have rarely been clear for any period of time.
We've had an ongoing Tac case where IGMP requests are not getting across the OTV VLAN extension to the PIM forwarder on another site. You can see OTV IGMP snooping on the AED VDC is picking up the request on the local site but it does not get to the remote site that is the PIM forwarder so no multicast gets onto the VLAN. For a while we had a hack where we would get a local server to the PIM forwarder router to request the same groups and then this would somehow get across to the other site. Since clearing the overlay interfaces to try and fix the original problem the hack no longer works and I can't get multicast to the receiver at all.
View 1 Replies
View Related
Jun 6, 2012
Customer production environment is nexus 5000 use 1 G interface * 4 and config Port-channel ( LACP ) uplink to C3560 , The port channel link is 802.1q trunk , but Data transfer is low , the sh int display as follow :
Why transfer performance pool and how to fix
N-5548UP# sh int ethernet 1/30Ethernet1/30 is up Hardware: 1000/10000 Ethernet, address: 547f.ee14.ed25 (bia 547f.ee14.ed25) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is trunk full-duplex, 1000 Mb/s, media type is 10G Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 Last link flapped 9week(s) 6day(s) Last clearing of "show interface" counters 20w2d 30 seconds input rate 152 bits/sec, 19 bytes/sec, 0 packets/sec 30 [Code]...
View 1 Replies
View Related
Dec 11, 2012
I wanted to know about EHWIC 8-Port configuration? We create Data and Voice VLANs and assign 8 ports to the VLANs. So how do VLANS communicate with each other? We cannot make Gi0/1 as sub interfaces and assign the same subnet IP’s as of VLAN IP’s , it wont accept. On 1921 router Assume Gi0/0 we connect to MPLS WAN. What happens to Gi0/1 where do we connect this?
View 1 Replies
View Related
May 16, 2013
im working in a new enviroment and want to makes some design changes to the environment. I wanted to bounce my ideas some of you folks to see if my thinking is on the right path or maybe i could do things better.
Setup:
Currently the setup that i manage includes and Sonic Wall (also dishes out dhcp), HP 1810 "Core Switch" and 3 SG 300-28P cisco managed switches. (all cisco switches tie back into the HP) The router is managed by the isp. There is only one vlan with all traffic going across it.
Obviously the glaring issue here is that voice and data all reside on the same vlan. Correct me if i am thinking incorrectly but the first step would be to create a separate vlan for the phones with its own IP scheme. currently phones are issued addresses from the 150-200 range and everything else is left for pc's, printers etc. To my knowledge the HP switch does layer 3 but i do not know much about it. There are vpn tunnels to remote offices that are used for sharepoint, email and to access other services. Trying to wrap my mind around the environment as a whole so i may be missing something obvious i could do design wise to improve.
View 2 Replies
View Related
May 5, 2013
I have a RSPAN session configured between a Cisco 3750 and Cisco 2950 switches and I dont see the traffic I am expecting to see on the destination port. I only see broadcast traffic .. HRSP hellos etc. Below is what I have configured on both switches.
3750 (gi1/0/33)----TRUNK------(fa0/47)2950(fa0/4)-----windows server
3750
---------
monitor session 1 source interface gi1/0/18
monitor session 1 destination remote vlan 901
[code].....
View 3 Replies
View Related
Sep 4, 2012
I have a problem, here are the situation
- 1 Catalyst 3750
- 1 Catalyst 2960
- 4 Finger Print
- 1 HUB
Configuration
- Catalyst 3750
Interface VLAN182
IP Address 10.62.182.254 255.255.255.0
Interface G0/2
Description Finger Print Server
Switchport mode access
[code]....
Here are the problem,If i connect Finger Print Device to port catalyst 2960, some device not sending data to server, but if i connect all Finger Print to HUB and from HUB connect to Catalyst 2960 at port F0/5, All Device(Finger Print) can send data to server...Is there any special configuration in catalyst so all device can direct connect to port catalyst 2960 without HUB?
View 3 Replies
View Related
