I have question regarding route reflector. In my MPLS core network ,we have two route reflectors. Two route reflectors and each PE routers are belonged to a peer group. Route reflectors are Cisco 7301. IOS 12.3. I have Hardware maintenace on one Routereflector. How can I do that without interupting the end customer trafic.
View 2 RepliesIf I have five iBGP routers in AS 64512 and one of the iBGP router has an eBGP peer to a different AS, which iBGP router (r1, r2, r4, r5, or r8) should I chose to be my route reflector and why? Also, what happens if the route reflector router fails? Do I designate a backup route reflector? I'm new to BGP.
View 4 Replies View RelatedWe are a service provider and we have presence across different data centres located across the country. Our core boxes are the mixture of Cisco VXR’s and 6513 switches which have MP-iBGP peering with the route reflectors. If a new client comes on board, a new VRF will be created to carry the client’s traffic and as a standard practice the VRF will be added to all the core devices across the network even if they don’t have a presence in a data centre.Now, I am designing a network for a client who has presence only at two fixed locations as shown in the attached diagram. We will be acting as a transit network between the client and another service provider. So, I have planned to use MP-eBGP between us and the other provider and default/static routes to the client’s network I don’t think will be an issue. Since the client has presence only at two locations, my design thoughts are to create a VRF and a Vlan and form an iBGP session only between the two routers and bypassing Route Reflectors. Created the VRF at BNE_R1 and formed MP-eBGP relation with the other provider and I can see some routes appearing via the peering which is normal and expected.
My problem is (not problem I don’t understand how this is happening), I created the VRF on Mel_R1 router and did not add any extra lines of configurations to BGP under that VRF instance and when I was checking some thing I accidentally found the same routes which appears on Bne_R1 is appearing in the VRF’s routing table via MP-iBGP session through route reflector. I can’t understand how this is happening, since I haven’t added any thing on the route reflector and some how its leaking traffic.
Is this normal??Is it’s a must / standard / Good Practise to add the newly created VRF across all the device which peers with the route reflector ??Is there a way to override the Route Reflector just for this client (VRF) and form a direct MP-iBGP peering directly with the devices involved.A network can be designed in much number of ways.
how many sessions a BGP Route Reflector can support? is it 10, 100 or 1000 BGP sessions? What degradation of performance may arise in the case of a BGP RR sessions overload? Consider that the RR I'm deal with has both the control plane and teh forwarding plane. Which command I may use for get the output about BGP sessions resurces used level?
The following are the data about the RR:
Cisco 7600
WS-SUP720-3BXL
Version 12.2(33)SRD5
cisco CISCO7609 (R7000) processor (revision 1.2) with 983008K/65536K
I'm trying to figure out if the multi-layer Route-Reflector topology would work for me. Let say we have 2 Route-reflectors RC-RR1 and RC-R2 and all other router are their reflect-clients. Now I'm getting a new router RC-.E001 and would like to set new level of Route-reflectors. I'd like that now the router RC-E001 is a route-reflector client of RC-E002 (new level of RR) and RC-RR1, e.g. it will be a client of route-reflectors from different levels.
View 3 Replies View RelatedI am attempting to access the service port from a client pc on another network.
Service port = 10.100.2.1/16
Client IP = 10.1.1.10/16
I know you cannot put a default gateway on the service port, but the documentation says you can add a static route for remote management. So I tried...
config route add 10.1.0.0 255.255.0.0 <gateway.ip>
It does not take the command and says something to the effect of. "ip address/netmask conflicts with the configured ip address of the service port"
Any example of how to configure an sm-es2-16-p service module to route over an Cisco 2911?
View 2 Replies View RelatedI need to configure cisco 7301 with list of hostnames/ip's. These need to be forwarded to internal ip's/ports (depending on the hostname)
In the current setup...
www.frog.com, ip 82.45.100.100 nat's to internal 10.0.0.1
go to www.frog.test, firewall allows and nat's to 10.0.0.1 - no problems
But now i have a need to make it so that different URL's go to different tcp ports on server
eg.URL
We have a Cisco 7301 concentrator, well two of them in HSRP configuration. We have multiple VPN's setup on that router (crypto map based). Recently we noticed the following:
- There is one IP address that has hundreds of static routes for some reason
- VPN for this customer is working, but I'm trying to find out why this is happening.
Here is how it looks like: S 0.0.0.0 0xF5FFFF2C [1/0] via "ip-address".There are hundreds of entries for a single IP there.
I would like to run some NetFlow monitoring on a few sub interfaces on a router. This is a 7301, with an NPE-G1.What I want to know is, does Cisco have a page anywhere (because I can't find one) that lists typical additional CPU and memory loads one can expect when enabling NetFlow on an (sub)-interface; perhaps for a given speed (Mbps) and/or number of flows?I don't want to enable NetFlow and then bring the device to a grinding halt, how can I know what sort of overhead to expect?
View 2 Replies View RelatedMy network connection keeps on disconnecting every few minutes and my downloads are always interrupted. I also checked out my Ipconfig and the Media State says Media Disconnected. I�m using windows XP by the way.
View 2 Replies View RelatedIs there any traffic interruption if turning on TE in a working MPLS core?
View 8 Replies View RelatedI'm trying to make a redundantish office/datacentre connection on the cheap. At the datacentre, we've got a 7301 (12.2(24)T5) and at the office we've got a Mikrotik RB1200 (5.12).The office router has two ADSL connections to two different ISPs, the datacentre router a single GigE to a colo provider. I'm trying to build an IPSec encrypted IPIP tunnel over each ADSL service to a separate loopback interface on the datacentre router, so I can run OSPF over the top for route exchange. I need to use two different loopbacks on the datacentre router so the office router can have a static route for each out each ISP ADSL. But I'm running into issues making encryption work on two different source addresses.Using the 'crypto map xxx local-address Loopback12' command, I can specify the outbound interface for one of the tunnels just fine, traffic moves as expected - while the other tunnel fails to encrypt. But is there a way of having two peers use two different local addresses, or applying two crypto maps to a single physical interface?
View 1 Replies View RelatedI have a new E4200v2 that I got from Amazon a few months ago and I haven't had any problems with it while it's up and running. My problem comes when the power to it is some how interrupted. When this happens, I can not connect to the internet. I can get to the router pages and the modem pages. I even changed out the the modem recently and the router still has the same problem.
I tried saving a working configuration file and restoring it after a fail, but that doesn't work. When I do a factory restore, I still can't connect until I use the stupid Cisco disk. In order to get back online I have to do a factory restore, use the Cisco setup disk, then reset my settings. All without removing power. My old router a WRT54GS v5 never had this problem. I need a router that works without having to set it up every time the power goes out.
i want to remove the sync-profile on each of two synchronized Nexus 5596UP without loosing the config stored in Switch-Profile. That means without connectivity interruption and re-configuration of interfaces in "conf t mode", for example. Since NX-OS Release 5.2(1)N1(1) there is a new command
switch(config-sync)# no switch-profile abc profile-onlyprofile-only—Deletes the switch profile without the local configuration.
[URL]
how to maintain my WIN2K3 server on good health?
I am handling a WIN2K3 server which has 11 clients connected to it and a back-up server, operating system of all clients are XP, and they are being used in a small office enviroment.
how to do maintenance work to keep my server running healthy
ADDITIONAL QUESTION:
1. Do i need to defrag the hard drive and network drives of the server?
2. How to verify if the connections if they are in healthy mode?
3. Is it advisable that when the office is close that i shutdown the servers so they can also rest?
4. Best way on how to schedule an automatic back-up or sync of hard drives on a separate hard drive that is only intended to be use for backing up of files.
Can open (url) in work computer but not at home - Message coming up at home that it will be closed for maintenance and that was last week and has since finished now as i can open site at work but not at home
View 1 Replies View RelatedIs there a security appliance available that provides anti-malware protection, firewall,r content filtering, etc, AND has no subscription or maintainance fee (or optional fees)?
View 1 Replies View RelatedI have few questions on FWSM software upgrade.
1) I could not find the availale maintenance software under software donwload section?
2) what is the maintenance software version required for fwsm 4.1.8 upgrade (this does not have on the release note) url...
3) what is the main difference when you upgrad fwsm using following two methods:
- Installing to the current application partition from the FWSM CLI
- Installing to any application partition from the maintenance partition
4) how can we verify the file integrity after copied from tftp/ftp server (because it does not support verify command as in IOS)
5) how can we see the copied files in the fwsm (it does not show with show flash or dir commands)
I am currently deciding which IOS to use for various catalyst 3560 models. Version 12.2(55)SE3 seems fitting for this case, but I cant find out when the 12.2SE reaches End of Software Maintenance. I have checked this link: urls...
Where do I get info on 12.2.SE?
What do I do if I cannot access the setup address IE 198.168.2.1?I use my N750DB as a network booster at home. It runs via ethernet cable from the main router. I used to be able to get on no problem and now, I just can't. I have spent 2 days trying to sort my internet problems.
View 4 Replies View RelatedI have two WLC version 7.3.101.0 with the standby unit having HA-SKU. I have tested the AP-SSO functionality without any problem in lab with direct connection on RP port between two WLC. Once I brought them into data centre in separate location (latency is less than 10ms between the two DC), the standby unity always went into maintenance mode. The booting process on standby unit went to maintenance mode as shown below:
Management Gateway and Peer Redundancy Management interface are not reachable.Entering maintenance mode.
I have checked on the core switches at 2 data centre that the two WLC RP ports are connected to same VLAN and it is spanned across MAN link (10GB and less than 10ms delay). The spanning tree on those ports are forwarding as well.I have rebooted the second unit but no luck.The interface between two DC is using MTU 9216 which I do not think would cause this issue.
I just did small office transfer all their existing computers and equipment over to a new office site. They had new voice and data cables run, as well as patch panel and telephone and cable modem equipment set up in new office The private telephone tech requested that I port forward port 8000 to the telephone equipments' IP address He also requested that I provide the Office Static IP address to him My question is--am I opening this office's network up to any security risks by forwarding port 8000 to his telephone equipment's internal system IP address and providing him the actual Static IP address of the office Internet connection?
View 9 Replies View Relatedcustommer of mine tried to configure HA AP-SSO with two 5508 controllers. After rebooting the primary controller changed into Maintanence Mode. [code]
View 15 Replies View RelatedWhen I create a service object or group and add the object to a new rule it never works.I mean the traffic match not the rule. I see not hits.I placed the rule on top of my access list to check if I do somethink wrong but it is not working. When I place only a service for example tcp/23 it is working.
my ip service object
object-group service g-as400 description access client 2 as400 machine service-object tcp-udp destination eq 397 service-object tcp destination eq 137 service-object tcp destination eq 2001 service-object tcp destination eq 3000 service-object tcp destination eq 445 service-object tcp destination range 446 447 service-object tcp destination eq 449 service-object tcp destination eq 5010 service-object tcp destination eq 5544 service-object tcp destination eq 5555 service-object tcp destination range 8470 8476 service-object tcp destination eq 8480 service-object tcp destination eq
[code]...
We have a situation where services are stopped on the real servers. The probes fail and we confirm the services are not running on the server. We cannot access the ports from the ACE directly. We can still however acces the VIP on the TCP port (L4 VIP class-map). So we can still telnet to the VIP on the port from thr Client side of the network.This is on ACE 20 Modules deployed in Routed mode. The version of software is A2(3.3).
Tried removing multi-match and loadbalance policies as well as class-map and re-applying then re-appyling the service policy to interface. Same behavior,This is a problem at another level as some services are being monitored by GSS via TCP keep-Alive and this obviuosly causes a problem as the service then never goes off-line.
I have a fresh installation of LMS 4.0 on windows server 2003, when i click to open topology i get error message : ANIServer service may be down or Host name isn't DNS resolvable
i tried pdshow -brief ANIServer ===> service UP
DNS is working using host file in driversetc i restarted the server
restared the crmdmgtd
unistall / install java plugin
pdterm ANIServer
pdexec ANIServer
NO change ..
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
View 1 Replies View RelatedI have recently updated one of our customer's MSE to version 7.0.105. Now for some reason the Aeroscout service will not run. I have tried starting it manually , however it stops after 10 - 15 secs.
here is partial getserverinfo output
-------------Context Aware Sub Services-------------
Sub Service Name: aeroscoutVersion: 3.2.0 - 4.0.14.14Description: AeroScout® Location Engine for RSSI and TDOA asset trackingRegistered: falseActive: false
The weird this is that I have updated our own MSE to 7.0.105 and didnt get this problem.
Can a PIX 501 6.3(4) establish a VPN to a provider such as [URL]? They claim to support PPTP and IPSEC/L2TP. If so, how would the PIX need to be configured?
View 3 Replies View Related"The service provider in your current location is restricting access to the InternetYou need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser."We are using an Internal IP....and the external, same resultI am the IT Admin and this was working last week till I upgraded to the newer anyconnect. Internet is just fine....I am at a loss.
View 7 Replies View RelatedI have multiple VPN endpoints setup on our Cisco 2821, an SSL VPN, a site-to-site VPN, and a Web VPN for windows users. For whatever reason, the web vpn service periodically fails. The only way I've been able to bring it back up is to reload the router. Is it possible to restart the service itself?
View 3 Replies View Related