Cisco WAN :: C1921 One Way Multicast And Wrong Interface Info In Show Ip
Nov 5, 2012
C1921, running version 15.1(4)M2, with licence for "IP base" feature set only.Trying to pass multicast via a PPTP VPN from a Windows XP machine to work around a non multicast-aware WAN link
1. With the IP Base feature set I am able to create a plain PPTP VPN without any encryption; the Windows XP machine can bring it up and unicast data passes through it OK in both directions.
2. But when trying to send multicast, only one-way traffic is observed:i. Windows XP host on far end of PPTP VPN and a local PC both running old Microsoft tool "MPING.EXE", sending and listening for traffic on the groiup 225.100.101.102i. The distant host receives and echoes back the packets received from the local machine + sending its own (confirmed with Wireshark running at the far end)ii. But the local machine directly connected to the C1921 router does not hear any packets from the far end; Wireshark shows only the ones it is sending.
3. Group status ("show ip igmp membership") as far as the C1921 is concerned shows both ends (192.168.50.10 (local end) and 192.168.50.201 (distant end via the PPTP VPN)) joined to the group [code]
4. But "show ip mroute" for that group shows an error; for the source on the far end of the PPTP VPN (having the IP address 192.168.50.201), the source interface is incorrectly shown as GigabitEthernet0/0 (should be Virtual-Access2.1 for that PPTP VPN) and the outgoing interface is shown as Virtual-Access2.1 [code]
5. I have tried adding static mroutes and messing about with parameters for the virtual-template interface for the PPTP VPN, but the problem remains. And if I put another local PC onto a different Ethernet port of the router, the multicast traffic does flow both ways - so the issue is solely with the PPTP VPN.After a week of head-scratching I am getting more and more convinced that it's a bug... but wonder if it is already-known, has a workaround, or a fix in newer firmware?
We have a number of 4507s. Most are managed via VLAN 1 address. All have multiple VLANS for traffic control. When I do a show ARP or show IP ARP the command only shows VLAN 1 info. No entries for any of the other VLANS on the switch.
I have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
I purchased a new BelkinN750 DB router on 2/12/2013. It seems to think the date is Jan. 1 1970. How can i fix this problem or should I just return it and buy another brand?
I am trying to allow clients coming in from my "DMZ6" interface with source IPs from the subnet 192.168.2.0 /24 to ping and access hosts on my "DMZ1" interface with destination IPs in the subnet 10.5.11.0 /24. I think I have the associated static NATs and the ACLs set up to allow this to happen. What I have noticed from syslog messages is that the PIX is trying to build the TCP connection to the "Inside" interface, rather than to DMZ1. Even though the destination host (10.5.11.12) is directly connected on DMZ1, the PIX is still trying to send the traffic to the "Inside" instead. I tried adding a host route to force 10.5.11.12 /32 pointing to DMZ1 and the PIX still tries to send the packets Inside. This only seems to happen when I try to go from DMZ6 to DMZ1. If I try to access hosts located in DMZ3 for example, which is also a directly connected interface on the PIX, it appropriately builds the connection to DMZ3. Here are the pertinent rules. Why would the PIX want to build the connection to the Inside, even though it knows that the destination host IP is directly connected to DMZ1?
ip address DMZ1 10.5.11.1 255.255.255.0 ip address DMZ6 10.5.16.1 255.255.255.0 ip address inside 10.5.18.17 255.255.255.240
What are the possible effects of assigning an invalid address like 172.22.0.0 255.255.255.252 to a router interface. The 1841 router accepted the address?
We have an ASA5520 running ver 7.0(8), nat-control is disabled. On the "outside" interface we have a closed network which is publicly addressed i.e. no access to Internet. We also have two Vlan interfaces on a trunk connection i.e. "inside" interface (Vlan7) and "dmz" interface (Vlan802). Traffic from the "outside" to "inside" is statically NAT'd such that the public IP is translated to a private IP when accessing the "inside" interface. However, our OSS servers on the "dmz" interface need to be able to receive packets from the public IP addresses on the "outside" . All is okay with the outside to inside traffic and traffic initiated from the OSS servers on the "dmz" to the outside works okay (snmp gets etc) i.e. the servers receive reply packets from the public addresses of the outside devices.
However, traffic that originates on the "outside" interface (snmp traps etc) which is destined for the "dmz" is actually being routed to the "inside" interface and therefore the public source address is being NAT'd by the static NAT command. The access-list "in_on_outside" has relevant entries to allow connectivity from outside to dmz, we have tried a static nat command (outside, dmz) to maintain the public addressing but this made no difference and also a nat exempt. With ########nat-control disabled - do I still need a translation or NAT exempt for the "outside" <> "dmz" traffic flow, if so how should this look ?
I am trying to do a Multicast lab in gns3 with a tap interface in os x and a linux vm in virtualbox. The os x box is broadcasting to 224.1.1.1. I have verified IP connectivity. I am using PIM dense mode. When I perform a packet capture on the tap interface I see no traffic to 224.1.1.1. However when I ping 224.1.1.1 from os x I see the traffic. Attached is my topology
I have configured multicast (ip pim dense-mode) on two 2911 routers that are connected by a Multilink (3Mbps) Wan connection.The configuration work fine for awhile and sometimes all day but at some point one of the Multilink interfaces stop passing multicast traffic.I perform a sh multilink 1 on the interfaces and one interfaces show the multicast packets incrementing and the other does not, it just stops.The only fix for this is to hard reboot both routers and the multicast traffic begins to flow once again.
I have two Cisco 3845 routers which receive a multicast stram via a tunnel interface, i.e Tunnel163 (PIM Dense mode is enabled). These routers are both connected to a LAN segment (FastEthernet0/1/0) where receivers are. [code] Router1 is the assert winner (highest IP address), it sees igmp joins request, but it's pruning the interface. It happens sometimes and it lasts until I manually issue clear ip mroute.Unfortunately I cannot migrate to Sparse Mode.
Using a small network (WAN) with three 1921 routers (IOS 15.1(T)) connected via E1 links. One host (industrial PC - core 2 due running Win XP Pro) connected to each router. The spare Gigabit Ethernet port on each router is bridged with the active one (so a portable management PC (laptop) can be plugged in there and communicate with the router and the industriual PC.
Multicast routing strategy between the routers is as per "Anycast - Static RP", with PIM sparse-mode enabled on all interfaces and sink RP defined on all three routers.
Problem occurs when a (IPV4) multicast application on one PC communicates with the others:
(a) IGMP V2 membersip reports etc. work correctly at the sender and at the other two PCs receiving the multicast stream
(b) Multicast routing on the WAN is working correctly; running Wireshark on the receiving PCs shows that multicast data is received on the expected group.
(c) But, there is an error in the Ethernet packets
i. The first packet's Ethernet header contains the correct destination MAC address 01:00:5E:aa:bb:cc where aa:bb:cc match with the last three octets of the mulicast group's address, and that packet is received OK by the listening multicast application
ii. However, subsequent packets' Ethernet headers have the wrong MAC address 01:00:5E:00:00:00 (the last three octets are all zeroes and these packets are discarded by Windows on the receiving PC and not seen by the multicast application.
Problem is related to the presence of integrated routing & bridging; if I delete the bridge virtual interface,disable bridging and give the two Gigabit Ethernet ports their own IP addresses, the multicast reception works correctly; all received multicast packets have te expected value on the destination MAC address (matching the group address)I have used the same integrated routing/bridging configuration successfully on Cisco 2611 and 2811 routers and there was no such issue with the multicast packets.Have I overlooked some subtle aspect of configuration in the 1921 router or have I uncovered a bug...?
For reference - snippets from router configuration scripts : In the non-working configuration (with Integrated Routing & Bridging) interface GigabitEthernet0/0 no ip address duplex auto speed auto
[code]....
In the working configuration all the bridging is gone and the two Gigabit Ethernet interfaces have a very plain & simple configuration in different subnets
interface GigabitEthernet0/0 ip address 192.168.212.1 255.255.255.128 no ip directed-broadcast ip pim sparse-mode duplex auto
i've got a Cisco 877 router connected to an ADSL link. i'm using the show dsl interface atm just to have a look on its performance. i've tried to search on Cisco website on how to interpret the output but a blog gave me more info [URL]. My question now is, what readings do i consider? is it on the left (ATU-R) or on the right (ATU-C)?
i have an Issue with my cisco 2801.in the logs shown me the interface FE0/0 cames up some times but never show the down state, I receive my internet service on this interface but never lost the conection, just this logs information
Oct 7 18:39:32.412: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Oct 7 18:39:41.448: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Oct 7 21:57:20.775: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Oct 8 02:29:31.350: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Oct 8 02:55:12.362: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
I'm trying to troubleshoot one of our site today and can't seem to issue the show dsl interface command on a 1841 router. Does the same command is used for SHDSL or am I running with an IOS bug?
#sh dsl? % Unrecognized command
#sh ver Cisco IOS Software, 1841 Software (C1841-BROADBAND-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3) Technical Support: {URL} Compiled Wed 13-Aug-08 15:42 by prod_rel_team
I'm troubleshooting a 3750 switch stack problem where computers are showing input and CRC errors. I'd like to be able to execute a "show interface" command that will show me only the line showing the switch port and the line showing the input errors, but so far I can't figure out a way of combining those two parameters.
If I do "show interface | include Ethernet[0-9]�" I get all the lines showing the port numbers:
GigabitEthernet1/0/1 is up, line protocol is up (connected) GigabitEthernet1/0/2 is up, line protocol is up (connected) GigabitEthernet1/0/3 is up, line protocol is up (connected)
I have a brand new C1921 with EHWIC-4G-LTE-G using Vodafone to build an internet connection. First I did the setup like shown in the config guides and got the internet connection, but it was unstable.
Then I found some issues with the old LTE- card firmware in the support forum. Following that hint, I did an IOS upgrade to 15.2(4)M3 and the LTE- card update to Modem Firmware Version = SWI9200X_03.05.19.04. Post-checks after the update were all fine.
After that, I reconfigured the router again meeting the config guides. Establishing the internet connection, I get an IP address on the cellular profile, but it's not bound to the cellular interface.
sh cellular 0/0/0 profile Profile password Encryption level: 7
Profile 1 = ACTIVE*--------PDP Type = IPv4PDP address = 10.25.124.59Access Point Name (APN) =Authentication = None Username:Password: 05 Primary DNS address = 139.7.30.125 Secondary DNS address = 139.7.30.126 [code]......
Before the upgrade the IP- address was bound to the cellular0/0/0 interface and I was able to reach the internet.
I'm dealing with a 4506 switch that whn I try to apply "sh auth sess int xx" I get "Invalid Input Detected" ... Is there any way that I can get the authenticated session over a port even if I can't apply "sh auth sess int"?
I have a requirement to provide stats on a per-department, per-destination basis between sites. If I take Voice as an example I have 5 child classes referring to the 5 departments each matching EF and a particular access-list that matches the department's subnet. I tie these 5 child classes into a parent Voice class-map.
Now when I issue a "show policy-map interface" command I see stats for the parent class-map only whereas I would expect to see a breakdown for each of the child classes which is what is required.
I have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
Traffic Generator TG connected to R1 via switch SW . One end of the R1 is LAN1 interface and other end is WAN1. LAN1 is connected to switch SW. WAN1 is connected to R2 WAN0 interface..
Wen I pass traffic say 5000 from TG, I'm to recieve 5000 at R1 lan1 interface but I'm not to recieve at R2 WAN1 interface and hence not to R2 WAN0 interface.
Config at TG:' ----------------- Destination IP : R2 WAN interfavce IP Destination MAC : R1 LAN mac
I'm currently trying to set up a new infrasturcture with PEAP.
So, i've got redundant CA routers (c1921), an ACS server and 1262 AP's. Everything is working fine and as i want it to.Certificates are autoenrolled and so on, but if the CA root certificate expires, how to tell the AP to get the new root CA cert.
The root-certs are made by auto-rollover, and rolled on the CA router, but I got no change to get this root-cert on the AP.Is there a way to get them in an automated way, like rollover or enrollment?
I have a question about SNMP OIDs for the command "show counters interface intx/y delta" on Catalyst6500. The customer wants to create graphs for the following values:Overruns, qos0Outlost, InErrors, OutErrors, InDiscards, OutDiscards etc..Is possible to get these values using SNMP?
I observed that when I was trying to troubleshoot a field issue using two routers I had in the lab, that one of them (an ancient C3620) did not like the PIMv2 Hello messages sent to it by the newer one (C1921).
The symptom observed with multicast routing is that when a source connected to the C1921 tries to register with an RP running on the C3620, the multicast route stays in the "registering" state forever. But going "the other way" - with the source connected to the C3620 and the RP running on the C1921 worked fine.
what I see in the C1921 when it tried to register a connection to the group 224.0.0.39 (for Auto-RP). Note: The two routers are connected via a GRE tunnel. [code] PIM debugging on the C3620 showed the following when the two exchanged. [code]
I believe that the issue is down to the firmware in the C3620 simply being too old and not understanding the PIM options defined in RFC3973 or the Cisco private PIM option 65004 being sent by the C1921 (though the PIM debug does not make it clear whether it is just the unknown options that are ignored or the whole Hello message)
Is there any global or interface-specific PIM option I can use in the C1921 to "dumb down" the Hello message so that the old C3620 accepts it?
I am running two ADSL lines into one C1921 router with 2 ADSLoPOTS cards installed.If I copy the firmware flash file on to the router (adsl_alc_20190.bin) and reboot, only one card shows the new firmware (slot 0).So sh dsl int atm 0/0/0 shows new firmware but sh dsl int atm 0/1/0 shows no change.How do I upgrade them both?
I try to pass multicast traffic between two vrf on the same 3750 switch. I have IP services IOS and sdm template routing.
here is my config:
ip routing ! ip vrf vpn2 rd 1:1 mdt default 232.1.1.1 route-target export 1:1 route-target import 1:1
[code]....
Now I'm stuck - I don't know what to do to pass multicast traffic. Do I have any chance to run this config on 3750 chassis?Perhaps "Configuring Multicast VPN Extranet Support" document will be useful, but it concerns Catalyst 6500? [URL]
Facing issue with 2960G switch , where its do not display "logging trap informational " in show running and show startup .where its showing all other levels from 0 to 5 and 7 after configuration and save commands. [code] after config getting saved , it do not shows in show runn or in show startup while for all other levels it do show the config lines .I tried the same on 12.55.SE release also but its same results . Is this a limitaion of this platform, is there any doc explaining the same for reference. [code]
