I'd like to use IP SLAs and object tracking to define static routes for specific source/destination traffic across some WAN links we have. I've done this in IOS and it's worked fantastically, but I've not found where/how to do this on the Nexus 7010 platform (or any Nexus platform) as of yet. I could have sworn that this was going to be introduced in the 6.x code? Below is an example of how we do this in the IOS world:
track 11 ip sla 1 reachability delay down 15 up 15 ip sla 1
[Code]....
Esentially this gives us the option of using a "failover" default route. I've attached a basic diagram to explain what we are trying to do with IP SLAs and object checking. The tracking should be configured against an SLA that uses icmp and the static routes should be configured against the tracking.
I was configuring route tracking at a client with several sites to route across GRE tunnels and being able to detect a failure of the main site. To my surprise when configuring a 2800 series router (after sucessfully configuring a 1800 series on the same infrastructure), a 2821 with IOS 12.4(24)T2 IPbase, the commands for ip sla object tracking don't show up.The feature navigator says the router supports this, but it just won't take the commands (also tried older versions of the commands such as "ip sla monitor.." and "rtr .." to no avail).
I am using a bunch of Cisco 1721 routers for my T1 lines. We recently purchased Digi cell modems as a backup for the T1. On configuring vrrp to work on both devices I discovered that IOS 12.3(6c) does not support the "vrrp track" feature. After reviewing the Cisco Feature Navigator I could not see an IOS that will support the vrrp object tracking. Is that correct? The routers have T1 WIC's installed. If it does work what is the latest IOS that will work on this end of life product?
I am trying to upgrade IOS on my Nexus7018 from version 5.12 to 5.13. I have managed on all my three out of four Nexus succesfully but one of them is keep coming with this error,
""""N1K-7018-1# install all kickstart bootflash:n7000-s1-kickstart.5.1.3.bin system bootflash:n7000-s1-kickstart.5.1.3.bin
Another install procedure may be in progress. Please try later.
how to find out which other install is running or stop any install procedure.?
I am running ping between two Nexus 7018 over WAN link ,and I can see some set pattern of packet drop(7.40 % drop) with MTU size 1500.When I ping between my 6500 VSS pair and same Nexus 7018 over different SP WAN link on diffrent location , I am still getting same kind of packet drop (8% drop) with MTU 1500. Has any one else come across this issue with Nexus?
I have a serious problem with nexus 7018, there're unicast flooding on one n7k, named n7k-1, which is the member of vPC domain combined with 2 N7Ks. [code]I had clean the mac-address-table, and all mac-address-tables had been synced fine, and the unicast flooding went away.
How could I fix the mac-address sync function between the modules ?
I've got this syslog alarm from nexus 7018. I am wondering what the slot 19 is here.
2013 Jan 15 23:59:22 r1 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 19 has changed, Top Ejector is OPEN, Bottom Ejector is CLOSE 2013 Jan 15 23:59:24 r2 %PLATFORM-3-EJECTOR_STAT_CHANGED: Ejectors' status in slot 19 has changed, Top Ejector is CLOSE, Bottom Ejector is CLOSE
I am trying to determine why hosts off our Nexus 7010s are being picked up in UT. Since LMS 4.0.1, UT should be supported on these devices.When adding the Nexus devices to DCR, provide the netadmin SNMP RO credential.When other SNMP RO credential is provided, user tracking will not collect end host data.I think I have this setup correctly as the device center test passes when cehcking snmp ro credentials.Our 7010s are running NX-OS 5.0(3) - earlier than the recommended version - might that cause issues? We are not using VRFs other than the default and management.
Here is my snmp section:
sh run | sec snmp ip access-list copp-system-acl-snmp 10 permit udp any any eq snmp 10 permit udp any any eq snmp 20 permit udp any any eq snmptrap
3750 Stack (Voice gateway for phones configured on the 3750 and has a VPC nexus) + + + + + + (Nexus5596) ++++++++++ (Nexus5596) (Gateway for all other vlan like PC / servers / etc) + + + + + + 3750x access layer (VPC to Nexus) [CODE].....
we observe that the process platform causes about 50% cpu load of our Nexus 7010.Could not find any information for what this process is responsible to find out the root cause of the high cpu load.
Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':
object-group network test network-object 192.168.0.0 192.168.63.255 ? network-object-group mode commands/options: A.B.C.D Enter an IPv4 network mask sh run ob id test object-group network test network-object 192.168.0.0 192.168.63.255
I found that in the documentation it requires a netmask as oppose to a range. Is this a bug in the code? I am running code version 8.0(5)23 on a 5520. If this is not a bug how does the ASA treat this type of configuration when applied to an access list? When I ran a quick packet trace and denied access from that range it looks like the ASA doesn't read that configuration properly.
We have pair of Cisco Nexus 7018 with four eight port 10gig modules.I have created two VDC's with mixing 10gig ports from diffrent modules.Now we requied some one gig SFP ports and we are planning to buy 48 port 1gig sfp+ card.My question is can
1- Can I still mix and match 1gig and 10 gig ports in two different VDC's? (1-24 for VDC1 and 25-48 for VDC2)
2- All 48 port module hve to allocate to one VDC which alreday have all 10gig ports.
I have a situation where my Internet edge routers learn 0.0 from ATT (AS 7018) my provider. I then wish to advertise these learned routes via WAN. However my WAN MPLS provider is also ATT and they use AS 7018 for that as well. When I try to push 0.0 to my other WAN sites 0.0 is suppressed to avoid loops.What's the best way to tell the WAN routers to advertise 0.0 back to the same AS originally learned from?
I need to enable vPC "peer-switch" command on a pair of Nexus 7018s which are currently vPC peers (primary and secondary). The STP root and Secondary root are currently configured across these switches.Can I enable the peer-switch command in this configuration without impacting services, and then modify both switches to have the same bridge priority without impacting services ? We have a few downstream 5ks which are not dual homed to both vPC peers (work in progress) so need to understand if the peer-switch command will in any way break this connectivity for now.
Just planning my move to 8.4(2) and I'm looking for some input. In the past, I have a text file with name commands for every host on my network that I know about. I would then deploy this list to all ASAs so that I could create ACLs on any firewall using a name, which would correlate to the same IP on any firewall.Now, the names from the name command no longer work as a host entry in ACLs, therefore I'm required to switch all of my active name command entries over to objects.My question is, have any of you found an easy way to change all name commands to objects? Since the name command doesn't specify the mask of the entry, I think this may not be possible without manually updating thousands of records. I know that once I migrate, there will be some objects auto-created, but those will only be host and or networks which have NATs associated with them.
We are looking to deploy ISE supporting 5000 devices and would like to use the Cisco UCS platform to host this. Looking at the spec required a C22 M3 would be sufficient; however we would also like to host some UC applications on the same server if resources allow.
Therefore we would like to deploy ISE on a C220 M3 server and connect the associated NIC to a DMZ. We would then like to deploy UC applications such as CUCM and CUPS on the same UCS server with a NIC attached to the internal network.
Also while the UC application would require a UC Foundation License (R-VMW-UC-FND5-K9) whould this also meet the requirements for ISE?
Is it possible somehow to define externally administred DNS namese in ASA 8.4 in within object groups?i know that we can use name XXX, but some idea popped up using this kind of configuration.
Environment: Solaris 10(Sparc) LMS 3.2 RME 4.3.1 CS 3.3.0 CM 5.2
I need to delete a device from CiscoWorks but I cannot find it in the Common Services->Device Management search. I can find it by IP address using the Network->Object Finder . It has an IP address, hostname, display name, and "managed by" information in the search results. Supposedly its managed by: RME IPM DFM(listed twice) However, when I click on the device link , it has almost no tools available (limited to ping) and no device information. I'm hard pressed on how to delete the item withouth having it in Common Services so that I can select it and then click on "delete" . how I can purge this device?
We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
allows hairpinning to successully work from the same machine. Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip. Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.
There is something wrong with the ordering of our NAT-rules.We are running ASA Version 8.4(2)8 and the nat config is pasted below.
I want outgoing smtp-traffic to be translated to xxx.yyy.zzz.18, but instead it's translated to xxx.yyy.zzz.20 (the outside-interface address).The same goes for ftp-traffic, according to packettracer this is also translated to the xxx.yyy.zzz.20.
Ciscos manual states that static nat rules takes precedence over dynamic nat but that doesn't seem to work for us. [code]
I'm trying to determine who's throttling our 'Outside' interface because it's being hogged.Is there an easy way to see what data is assigned to what object on our ASA5510
I am doing a school research project in which I am setting up an OC-192 ring for a company (contract work through AT&T). I have chosen to use the Cisco ONS 15454 SONET MSPP as my platform. The company currently has locations in Chicago and Philadelphia and connects them through an OC-12C ATM connection and they are looking to add 2 gigabit ethernet connections.My question is what cards and parts will I need for the Cisco ONS 15454 SONET MSPP, and how much will everything cost? I have been searching the internet for components and prices and I have found it extremely difficult to find any information.
I currently have a 50Mbps Internet Connection provided by an ethernet handoff for hosting some webservers. We are looking at adding an additional 10Mbps Internetn connection and route BGP between the two. For the 50Mbps connection, i'm using a Cisco 2951 router. I also have another 2951 router to terminate the 10Mbps connection. Does these router have enough horsepower to fully route BGP?
I want to select catalyst 3560G for my network. But IOS SLB need to be implemented in my network. I only know catalyst 6500 series can support this feature and i am not sure whether 3560G can support this feature. what platform and IOS version i need to implement IOS SLB?
A make one BOM and i just ask my self can we order on the one platform ( for example 5510-SEC-BUN-K9 ) SSL Essentials license ( this license is on the platform by default we buy 250 users ) and i need 50 Users license from them to be Premium.
Can i buy those two license on the same platform and is this will work ?
During WAN troubleshooting, I did a "clear interface ser0/0/0" on a branch router. It has two WAN links. I lost ssh/telnet connectivity but both WAN links were still replying to pings. We did a manual power off of the router to regain connectivity.Is there a known issue with this command on this IOS version? We're using Cisco 2911 platform with IOS 15.1-1.T2 version.
On one of my computer i'm having multiple issues. when I am on most websites it pops up " TypeError: object unexpected" or just "object unexpected" and I have to refresh the page for them to go away, but if I hit the back button or go to another section of the web page they pop back up. The same computer is now having connection issues and only has "unidentified network no internet access" as the only option, and after everything I have tried it will not budge on the wifi.
Any way of doing named objects or object groups for ACLs on the ASRs? (1000 series in this case.) I'm setting up an ASR with a zone-based firewall and writing out all the addresses, ports and protocols for the ACLs associated with the various zones is creating huge, unwieldy ACLs in the config.
