Cisco VPN :: Using MGRE And P2p GRE Tunnel With SPA On 6500
Jul 20, 2009
Have a 6500 using the vpn spa with ipsec tunnels. The plan is to migrate all tunnels over to DMVPN. When we configured the mGRE tunnel and bring it up, all the other tunnels slowly drop. As soon as we shutdown the mGRE tunnel, all other tunnels come up. We have a tunnel key set for the mGRE tunnel. The only limitations I could find were that we only source 1 mGRE tunnel from an interface, I could not find anything about sharing and interface with p3p tunnels. Is it possible to source an mGRE tunnel and p3p tunnel from the same interface?
View 4 Replies
ADVERTISEMENT
Aug 5, 2012
A multipoint GRE (mGRE) and IPSec tunnel is built between two routers. The topology of the device is briefied below:Configuration in End Router: This is a cisco 2811 router. Amoung 2 ethernet interface ,one is using for LAN and one is for WAN. In WAN part , we have configured mGRE (Tunnel1 and Tunnel 2)by creating sub-interface of the router. From the interface ,we terminating the link to MPLS cloud from there its pointing towards our core router.From End router we are advertising the path through EIGRP and from the cloud BGP advertisied to the core router.[code]
View 1 Replies
View Related
Apr 26, 2011
Cisco 6500 Sup720-3B SPA IOS SXI - GRE tunnel will not come up.It worked fine on SXF code, but the crypto map can not be applied on tunnel interface.The iskmp is up with the OM_IDLE The crypto give it a Cryto UP, the the Tunnel does not come up. It is UP down.Does some one have a working config with a 6500 IOS SXI Train with GRE IPSEC Tunnel?
View 1 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Jan 9, 2011
i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?
View 1 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Jul 24, 2012
Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies
View Related
Jan 23, 2012
There are a few situations were I'd like to be able to use the locally configured account on a device but still have ACS in place.I want to complete this WITHOUT adding the locally configured account into ACS.I have tried setting the advanced option under Identity for if an account is not found to "Continue" however this causes the account to be allowed as long as a password is typed (any password, as long as its not blank).
View 2 Replies
View Related
Mar 29, 2011
I'm receiving about 99%CPU on 6500 .Butwhen i go show cpu sorted ,i can't see any process taking more than 2% load .My IOS is s72033-ipservicesk9_wan-mz.122-18.SXF13.bin
6500#sh processes cpu sorted | exclude 0.00CPU utilization for five seconds: 99%/97%; one minute: 99%; five minutes: 99% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 114 11136 1772 6284 0.79% 0.13% 0.30% 1 Virtual Exec 6 84386920 6320367 13351 0.71% 0.27% 0.23% 0 Check heaps 123 94861244 849807118 111 0.31% 0.38% 0.39% 0 IP Input 180 10647916 52152600 204 0.07% 0.03% 0.02% 0 CEF process 316 12053884 68553405 175 0.07% 0.21% 0.08% 0 OSPF Router 1 281 31925228 239981938 133 0.07% 0.04% 0.05% 0 Port manager per 213 61331112 213008378 287 0.07% 0.08% 0.09% 0 SNMP ENGINE 37 5577644 36376566 153 0.07% 0.05% 0.02% 0 Per-Second Jobs
View 7 Replies
View Related
Apr 9, 2013
I want to add module of WS-X6716-10GE(-3C). The type of 6500 isCisco WS-c6509-e (r7000) processor (revision 1.2).Can I add this module to this type of 6500?Do I need to reset the 6500 in order to the 6500 receive the module?
View 2 Replies
View Related
Jun 21, 2011
We have got a big problem with our NAM (WS-SVC-NAM-1) - it does not boot. We have got a second one and in an other chassis. I changed the chassis, and RAM and Flash from the other one. RAM and Flash are ok.
We checked the disc (hardware) with an Ontrack-tool -it is OK.
environment: 6500 VSS
sh logging:
Jun 17 13:18:24: SW1_SP: Switch 1 Physical Slot 7 - Module Type LINE_CARD inserted
sm(cygnus_oir_bay slot7), running yes, state wait_til_online
Last transition recorded: (offline)-> empty (remove)-> empty_clr_persist (remove)-> empty (insert)-> may_be_occupied (timer)-> occupied (known)-> can_power_on (yes_power)-> powered_on (real_power_on)-> check_power_on (timer)-> check_power_on (power_on_ok)-> wait_til_online
View 2 Replies
View Related
Mar 17, 2011
what is the Equivalent for OTV for 6500 VSS,curently we r connected over L3 MPLS.
View 5 Replies
View Related
Jul 26, 2012
I have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
View 3 Replies
View Related
Jun 1, 2013
I've been studying the PFC and MSFC features on the Cisco 6500 and came across a very interesting fact that on a Cisco 6500 switch ACL entries that are processed in hardware do not show any matches when we use the show access-list "acl name: command. From what I've read so far I've come accorss the command to check the ACL hit counters fro entries that are processed in hardware.
Below is the ACL counter from Hardware and the Software and I have also attached the entire ACL.
Output 1 (Hardware Matches)
mumbkc02ecc10#sh tcam interface vlan 533 acl in ip allDisplaying interface ACL TCAM entries for module 5----------------------------------------------------
* Global Defaults not shared
[Code]....
View 2 Replies
View Related
Jan 14, 2013
Just like to ask first your inputs about the MTUs needed on our proposed setup. We currently have a large internal network composed of several metro ethernet links. We have different carriers and we all know that they do not always provide L1 connectivity. They sometimes do Q-in-Q or EoMPLS or other technologies that would hide their internal network and appear as a point-to-point ME circuit to customers.
We are planning to create our own MPLS network for our clients so we don't have to leak their networks inside ours and we are trying to avoid the overhead of GRE/IPSEC since we'll be adding a lot of client networks and the overhead is not reasonable. So we just thought of MPLS-VPN to at least reduce the overhead and we don't have to purchase a lot of network devices.
With that said, what is the safest thing to ask the carriers and what settings should i put in our network devices. I am still confused with the differences of MTU, IP MTU, and MPLS MTU.
We also have one circuit running 802.1q instead of using routed-port on the switch. Is 802.1q supported in LDP?
Our internal network is comprised of 6500 switches with Sup720 and Gigabit linecards and we are planning to use 3900 routers as PEs. We all hooked up our ME circuits across the 6500 switches.
View 1 Replies
View Related
Jul 13, 2012
I will be configuring all the MEC links on my 6500 VSS chassis tomorrow morning and one thing I am a bit confused about.According to the best practices guide they suggest you configure all etherchannels trunks to be in desirable mode. All the trunks are using LACP active - active right now but that's only to one chassis.Should I change all my MEC etherchannel trunks to desirable mode or just leave them active-active?
View 6 Replies
View Related
Apr 26, 2013
We have a non-cisco device peering with Cisco 6500 for bgp. The routing table is fully populated and connection is good.But after some time we see bgp hold timer error on the non-cisco device. This device by default has a hold timer of 90 seconds which is different from default cisco hold timer. Will this cause any disruptions to the network? If we change the hold timer on one device to match on both sides, will it reset the bgp session?
View 10 Replies
View Related
Oct 29, 2012
I have 2x6500s series catalyst core switch. i configurated vss. all them are working normal. but i have one problem. some of my servers link is down sometimes. I configurated server links as etherchannel.at etherchannel not both of links down only one link down.this modules i used to connect servers to core switch. modules 3 and 7 slot.
View 7 Replies
View Related
May 14, 2012
We currently have the following configuration:
STB_6509#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9
2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
View 1 Replies
View Related
May 13, 2012
We need to get the MIB /OID information for 6500 series switches. Especially we need to monitor the Gig interface “input & output” traffic rate for every second.Switch model: WS-C6509-E / SUP 720 We tried the below value but not getting proper output. MIB:- 1.3.6.1.2.1.2.2.1.10.2 Also we would like to know whether there would be any impact on running the below global command “snmp-server hc poll <in msec>” in 6500 series switch.
View 4 Replies
View Related
Apr 22, 2013
I see these errors on my 6500 router which acts as my server farm and has hundreds of servers connecting to it. I have just taken over these routers from another guy and think the errors may have been there for quiet awhile. I have another router which doen't seem to have these errors. Can you tell me how to turn off netflow? Will it cause any problems to my server farm? Is there a risk to the router if I disable something?
I ask this cause the server guys are having problems with certain servers. I am not sure if they are because of this or not. I really would like to clear the logs. [code]
View 4 Replies
View Related
Jun 9, 2013
Come across a problem with bgp logging on 6509-e with 12.2(17r)SX5 ?
View 1 Replies
View Related
Jan 13, 2012
We have a network between two locations. WAN is 100 Mbps MPLS provided by service provider. There is a FWSM module on core switches. Problem we are facing is FTP file transfer between two servers across WAN link never crosses 20 Mbps. Link is 100 Mbps. However if we do parallel file tranfers each transfer is 20 Mbps . But we dont get transfer rate above 20 Mbps in a single FTP session. Is there any bottle neck where traffic is getting restricted.Traffic between two mservers passes through 100Mbps MPLS WAn link, 6500 core switch and FWSM module in switch.
View 7 Replies
View Related
Dec 5, 2011
We have an issue with our 6500 catalysts.
We are regularly seeing the error above on our cat6500 devices when executing a 'sh run ' command:
We've seen this error for quite some time but the frequency seems to be increasing up to the point where it becomes problematic now because backups and other automated actions are failing regularly.
We don't see multiple processes with the commando "sh config lock" at that time. But when we do a "sh users", we can see sometimes multiple users.
I supose it is possible for multiple users to do a logon at the same time, but not make changes at the same time.
We are using IOS s72033-ipservicesk9_wan-mz.122-33.SXI7.bin. It seems that all switches with these IOSses seem to have the problem. But in the bug toolkit I can't find any reference to a bug...
View 3 Replies
View Related
May 4, 2011
Two days ago, a brilliant guy inserted a different ios in a Cisco Catalyst 6500 and erased the original ios. I have twice downloaded the original ios by xmodem (too much time!) and both of them, when I reload the 6500, it doesn't work: I have the following message:
loadprog: bad file magic number: 0x0 boot:cannot load "bootdisk:s72033-ipservicesk9_wan-mz.122-18.SXF11.bin"
Second time, when the ios uploaded, I checked the sup-bootdisk: and the flashboot: and both have the wrong ios listed, but it wasn't there: I've tried to delete it and squeeze it, but had a message saying "can't delete because the ios is not there" or something like this. I finished formatting both (flashboot: and sup-bootdisk:), tftp the ios, double-checked the bootloader, compared with other identical 6500 and reloaded again, just to find the same message I've written before.
Supervisor 720 PFC3B. Slots for disk0 and disk1 are broken or I can't read them from the rommon.
View 10 Replies
View Related
Apr 27, 2013
I've ISE v1.1.2.145 and Cat 6500 IOS ADVENTERPRISEK9-M, Version 15.0(1)SY2
I'm trying to add 6500 in the trustsec group with ISE and followed the trustsec 2.1 documentation. After configuring it keeps on giving me error in the ISE logs below with the subject #CTSREQUEST#
11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
Below are the steps:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15012 Selected Access Service - NDAC_SGT_Service
11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
Also after i configure cts credentials and radius-server pac command in 6500, it starts giving me log messages that radius is down and the next moment it comes up again. It is continously doing that.
View 2 Replies
View Related
Jun 21, 2012
We are facing an issue with the NAM3.Version: 5.1(2-patch4)
we can not login using the GUI. when we try to login we are getting the following warning:
Initializing database. Please wait until initialization process finishes.(see attachment)
we have rebooted the NAM3 module but the issue is not solved. the NAM3 module is running on 6500 Series Switch.(Cisco Catalyst 6500 Series Network Analysis Module (NAM-3)
View 5 Replies
View Related
Jun 19, 2011
6504 Sup720 ----Dot1q Trunk ----6504 Sup270VPN SPA VLAN 20,30 VPN SPA VLAN 20,30Normal VLAN 10,40 Normal VLAN 10,40,Every 18-24 hours the 6500's- the 6500 go to 100 % CPU - the work around is to reboot one of the switches. Then they will run 18-24 hours.The fix was to only trunk VLAN 10,40 (Networks that needed to see each other) between the switches. If the vlans that the VPN SPA was trunked you would Every 18-24 hours the 6500's- the 6500 go to 100 % CPU.Simple design GRE IPSEC tunnels that work fine and the latest SXI code. It appears that if you trunk the VPN SPA trunks and they are the same VLAN that it going into some kind bridging loop. No errors. Just unresponsive.
View 2 Replies
View Related
Apr 10, 2012
I have the next config of radius authentication:
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa session-id common
ip radius source-interface Vlan31 vrf LEGACY
[Code] .....
View 3 Replies
View Related
Jul 2, 2012
I have Cisco Catalyst 6500 with IOS Version 12.2(17r)SX5I need real-time monitornig of failed interface, to shut it administratively down and after 5 minutes "no shutdown" it.I think is good idea to use Cisco EEM for this task.My algorithm is below:
1. EEM script is looking for event about failed interface.
2. EEM script is shutting interface down.
3. EEM script is waiting 5 minutes.
4. EEM script is enabling interface.
I know how to configure EEM for steps 1, 2 and 4, but step 3 I do not.
View 2 Replies
View Related
May 9, 2012
We have cisco ace 30 modules installed in cisco 6500 switches. For application availability purpose from the internet, we need to have some global site selector/3rd party devices with similar feature set that of cisco gss.
whether cisco ace is compatible to ge tintegrated with other 3rd party devices like F5 GTM?
View 1 Replies
View Related
Feb 19, 2013
My comany is planning get full bgp table from our providers we have mutliple egress providers in order to load balance we are looking for a full table from all of them what would be minumu requiremts we have all edges as 6500 with sup 720 ,is there any memory requrements that need to be upgraded ??
View 4 Replies
View Related
