Question:
We want a solution for Cisco 3925 price routing between N5K and VSS with aggregated WAN links. Here is the scenario.
DC1: It has 2 cisco 6509 with VSS. There are 4 server farm cisco4948 switches connected with VSS with redundant uplink via MEC. Server gateway is the VSS. VSS is running Eigrp routing.
DC2: This is a new datacenter we are going to establish soon. We are planning 2 N5K at core layer with L3 daughter card and 4 N2K as server farm switch. 2 N5K will have vPC peer between them. Each 4 N2K will connect with redundant uplink via vPC with this N5K. N5K will run Eigrp routing and will be the gateway of this new DC server.
WAN between DC1 & DC2: DC1 VSS will connect with DC 2XN5K with 2X10G links. we want to do MEC at VSS side and L3 vPC at DC2 side.
If we have VSS at both end it might not be a problem. Both the link will work together as 20G aggregated link. But as we are using N5K at one end, so it creates a confusion whether it will work properly is this scenerio or not. This is my 1st question.
Also I would like to know,
1) In VSS I have configured 1 VLAN interface for server gateway. But in N5K do I have to configure at 2 switch seperately?
2) In WAN routing VSS shows as 1 device. Does this 2 N5K will show as 2 seperate hops or L3 vPC will allow them to act as a single device while traceroute from one end to another end.
I am not sure if my questiones are so elementary level or not. As I am very new to this technology I would like you all to get me some suggestions or documention or links regarding this design. I am also attaching the diagram.
Answer:
You solution in step 1-3 are fine. I will use the same solution based on the following:
1. VSS is a logical switch, in the N5K's perspective, it is 1 switch. You are acutally ECMP upstream, which is good. Just let routing protocol to take care the job.
2. The cross /30 link between N5K-1 and N5K-2 is used only if one uplink failed. Please note that the L3 /30 cross link is not part of vPC peer-link. It is a dedicated interface. Please see the below diagram.
In term of HSRP, you have to understand one thing first. In vPC, HSRP behavior has modified, both switch will forward traffic (different from C6K where only one is active). Please see the below link on how HSRP works under vPC (somehow this link is broken right now, let me see if I can get someone to fix it):
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html
To answer your question:
1. When N5K-1 goes down, N5K-2 will forward traffic out, and vise versa.
2. When vPC peer-link goes down. vPC secondary will shut down all vPC related interfaces and SVI. If SVI is down,Cisco 3945 routing protocol will stop the advertisement. Original comes from
http://www.kerchoonz.com/account/submit/add-blog/added_309996/
2013年8月29日星期四
IOS upload
Question:
We have a router WS-C3560X-48PF-S Price in which we dont have much memeory to keep the existing IOS and
upload the new IOS.
i have to delet the old ios and upload the new.
my question? how much time it will take to upload the new ios using the console
connection.
please help, any suggestion would be highly appreciated. Thanks in advance.
Answer:
No the telnet session would not disconnect just because you deleted the old IOS.
Perhaps it would help to be clear that flash is where the code is stored that is
loaded and executed at boot time. After the code is loaded then the router will
continue to run the code no matter what happens in flash. so you can easily delete
the image in flash and load another image and that will not impact the running of the
router.
However you should be aware that there is some risk in doing this. If there is any
problem in loading the code over the network there could be a problem. And if the
router should reload (power cycle or whatever) before the new code is loaded then the
router would not be able to load code and run - and recovery over the network is more
challenging. So you should be aware of these risks as you make the decision to erase
the image from flash and then to load a new image over the network.
I do not want to be alarmist or to give too negative an impression. I frequently do
erase images and load code over the network. And you can do this also. But I just
want to be sure that you understand the possible problems as you make your decision. WS-C3560X-48PF-L
Original comes from http://lilirouter.livejournal.com/
We have a router WS-C3560X-48PF-S Price in which we dont have much memeory to keep the existing IOS and
upload the new IOS.
i have to delet the old ios and upload the new.
my question? how much time it will take to upload the new ios using the console
connection.
please help, any suggestion would be highly appreciated. Thanks in advance.
Answer:
No the telnet session would not disconnect just because you deleted the old IOS.
Perhaps it would help to be clear that flash is where the code is stored that is
loaded and executed at boot time. After the code is loaded then the router will
continue to run the code no matter what happens in flash. so you can easily delete
the image in flash and load another image and that will not impact the running of the
router.
However you should be aware that there is some risk in doing this. If there is any
problem in loading the code over the network there could be a problem. And if the
router should reload (power cycle or whatever) before the new code is loaded then the
router would not be able to load code and run - and recovery over the network is more
challenging. So you should be aware of these risks as you make the decision to erase
the image from flash and then to load a new image over the network.
I do not want to be alarmist or to give too negative an impression. I frequently do
erase images and load code over the network. And you can do this also. But I just
want to be sure that you understand the possible problems as you make your decision. WS-C3560X-48PF-L
Original comes from http://lilirouter.livejournal.com/
2013年8月28日星期三
Show Policy-Map Interface X/X output question
Question:
I am troubleshooting a Cisco 2951-SEC situation with a customer where they are getting voice quality issues over their WAN. When I look at the policy-map applied to the WAN facing interface I see the following output:
Class-map: REALTIME (match-any)
5934775 packets, 547271148 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
1811301 packets, 128310242 bytes
5 minute rate 0 bps
Match: ip dscp af41 (34)
167441 packets, 28756344 bytes
5 minute rate 0 bps
Match: access-group name AVAYAVOIP
3956033 packets, 390204562 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 30 (%)
Bandwidth 926 (kbps) Burst 23150 (Bytes)
(pkts matched/bytes matched) 912864/77181333
(total drops/bytes drops) 856/1206256
Class-map: CRITICAL (match-any)
3837968 packets, 225767347 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: ip dscp af31 (26)
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip dscp cs6 (48)
3837968 packets, 225767347 bytes
5 minute rate 1000 bps
Queueing
Output Queue: Conversation 265
Bandwidth 20 (%)
Bandwidth 617 (kbps)
(pkts matched/bytes matched) 3105906/180974193
(depth/total drops/no-buffer drops) 0/0/0
exponential weight: 9
mean queue depth: 0
dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af11 0/0 0/0 0/0 32 40 1/10
af12 0/0 0/0 0/0 28 40 1/10
af13 0/0 0/0 0/0 24 40 1/10
af21 0/0 0/0 0/0 32 40 1/10
af22 0/0 0/0 0/0 28 40 1/10
af23 0/0 0/0 0/0 24 40 1/10
af31 0/0 0/0 0/0 32 40 1/10
af32 0/0 0/0 0/0 28 40 1/10
af33 0/0 0/0 0/0 24 40 1/10
af41 0/0 0/0 0/0 32 40 1/10
af42 0/0 0/0 0/0 28 40 1/10
af43 0/0 0/0 0/0 24 40 1/10
cs1 0/0 0/0 0/0 22 40 1/10
cs2 0/0 0/0 0/0 24 40 1/10
cs3 0/0 0/0 0/0 26 40 1/10
cs4 0/0 0/0 0/0 28 40 1/10
cs5 0/0 0/0 0/0 30 40 1/10
cs6 3837968/225767347 0/0 0/0 32 40 1/10
cs7 0/0 0/0 0/0 34 40 1/10
ef 0/0 0/0 0/0 36 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
default 0/0 0/0 0/0 20 40 1/10
It looks like the policy-map is matching on the EF needed for real-time traffic but what I do not know is why down toward the bottom of the output ,where everything is broken down by DSCP value , I am not seeing transmitted packets under ef but rather all going cs6. #I am unsure about this command and thought I would post here. I am assuming that it has something to do with the strict priority queue just sending all traffic immediately but it seems as though you could confirm that all traffic with an EF tag is actually being sent first. ,
Answer:
The service-policy counts packets that matches the different classes, but it doesn't kick in until there is conquestions on the outgoing interface.
For a service-policy to kick in, there must be conquestions on the output interface. That means that if there are enough room in the tx-buffers (hardware buffers), a packet will be put to the tx-queue imediatly. However if the tx-buffers fill up, the router starts to use software-buffers, and at this point the service-policy is kicked-in.
Breaking Your output down in small peaces.
Class-map REALTIME matches on EF (1811301 packets) it also matches on af41 (167441 packets) and access-group AVAYAVOIP (3956033 packets) that makes a total of 5934775 for the hole class-map REALTIME.
Most of the time there has been no conquestion, but at some point (it can be more than one) there has been conquestions and the policy-map kicks in. At this point there has been 912864 packets that have been put in the priorityqueue to be served first, but 856 of them have been dropped because the total bandwidth for the priorityqueue has been higher than 926kb at some point
For class-map CRITICAL wich matches dscp af31 (0 packets) and dscp cs6 (3837968 packets) 3105906 of them have been put in the softwarequeue under the time when there was conquestion, and none of them have been dropped.
All the dscp values at the bottom is just related to the class-map critical and has nothing to do with the class-map REALTIME
For Your last sentense, yes, the priority queue will be served first if there is conquestions, but it will at that moment also be policed to the configured rate (30%) in your case.
If there are no conquetions the priority traffic can be higher than 30%. Because the policy-map only kicks in if interface Cisco 2901-V is conquested.
For more info,
http://www.journalspace.com/index.php?do=/profile-1592/
I am troubleshooting a Cisco 2951-SEC situation with a customer where they are getting voice quality issues over their WAN. When I look at the policy-map applied to the WAN facing interface I see the following output:
Class-map: REALTIME (match-any)
5934775 packets, 547271148 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
1811301 packets, 128310242 bytes
5 minute rate 0 bps
Match: ip dscp af41 (34)
167441 packets, 28756344 bytes
5 minute rate 0 bps
Match: access-group name AVAYAVOIP
3956033 packets, 390204562 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 30 (%)
Bandwidth 926 (kbps) Burst 23150 (Bytes)
(pkts matched/bytes matched) 912864/77181333
(total drops/bytes drops) 856/1206256
Class-map: CRITICAL (match-any)
3837968 packets, 225767347 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: ip dscp af31 (26)
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip dscp cs6 (48)
3837968 packets, 225767347 bytes
5 minute rate 1000 bps
Queueing
Output Queue: Conversation 265
Bandwidth 20 (%)
Bandwidth 617 (kbps)
(pkts matched/bytes matched) 3105906/180974193
(depth/total drops/no-buffer drops) 0/0/0
exponential weight: 9
mean queue depth: 0
dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af11 0/0 0/0 0/0 32 40 1/10
af12 0/0 0/0 0/0 28 40 1/10
af13 0/0 0/0 0/0 24 40 1/10
af21 0/0 0/0 0/0 32 40 1/10
af22 0/0 0/0 0/0 28 40 1/10
af23 0/0 0/0 0/0 24 40 1/10
af31 0/0 0/0 0/0 32 40 1/10
af32 0/0 0/0 0/0 28 40 1/10
af33 0/0 0/0 0/0 24 40 1/10
af41 0/0 0/0 0/0 32 40 1/10
af42 0/0 0/0 0/0 28 40 1/10
af43 0/0 0/0 0/0 24 40 1/10
cs1 0/0 0/0 0/0 22 40 1/10
cs2 0/0 0/0 0/0 24 40 1/10
cs3 0/0 0/0 0/0 26 40 1/10
cs4 0/0 0/0 0/0 28 40 1/10
cs5 0/0 0/0 0/0 30 40 1/10
cs6 3837968/225767347 0/0 0/0 32 40 1/10
cs7 0/0 0/0 0/0 34 40 1/10
ef 0/0 0/0 0/0 36 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
default 0/0 0/0 0/0 20 40 1/10
It looks like the policy-map is matching on the EF needed for real-time traffic but what I do not know is why down toward the bottom of the output ,where everything is broken down by DSCP value , I am not seeing transmitted packets under ef but rather all going cs6. #I am unsure about this command and thought I would post here. I am assuming that it has something to do with the strict priority queue just sending all traffic immediately but it seems as though you could confirm that all traffic with an EF tag is actually being sent first. ,
Answer:
The service-policy counts packets that matches the different classes, but it doesn't kick in until there is conquestions on the outgoing interface.
For a service-policy to kick in, there must be conquestions on the output interface. That means that if there are enough room in the tx-buffers (hardware buffers), a packet will be put to the tx-queue imediatly. However if the tx-buffers fill up, the router starts to use software-buffers, and at this point the service-policy is kicked-in.
Breaking Your output down in small peaces.
Class-map REALTIME matches on EF (1811301 packets) it also matches on af41 (167441 packets) and access-group AVAYAVOIP (3956033 packets) that makes a total of 5934775 for the hole class-map REALTIME.
Most of the time there has been no conquestion, but at some point (it can be more than one) there has been conquestions and the policy-map kicks in. At this point there has been 912864 packets that have been put in the priorityqueue to be served first, but 856 of them have been dropped because the total bandwidth for the priorityqueue has been higher than 926kb at some point
For class-map CRITICAL wich matches dscp af31 (0 packets) and dscp cs6 (3837968 packets) 3105906 of them have been put in the softwarequeue under the time when there was conquestion, and none of them have been dropped.
All the dscp values at the bottom is just related to the class-map critical and has nothing to do with the class-map REALTIME
For Your last sentense, yes, the priority queue will be served first if there is conquestions, but it will at that moment also be policed to the configured rate (30%) in your case.
If there are no conquetions the priority traffic can be higher than 30%. Because the policy-map only kicks in if interface Cisco 2901-V is conquested.
For more info,
http://www.journalspace.com/index.php?do=/profile-1592/
2013年8月15日星期四
EHWIC-ESG-P on 2911 and 1921
Question:
Ok, WS-C3750V2-48PS-S I recently recieved the EHWIC so I can eliminate a cheap switch at our remote sites, and have POE as well so I can power the IP phone and camera. I have installed the card into the router and it has no problems recognizing the card, ports gig 0/0/0 - 0/0/3. I upgraded to Version 15.2(3)T2 on the router, but still having a couple problems.
1. I do not have any POE commands
2. For some reason I cannot get it configured properly
All I want to do is use it as a switch for the local lan, which is literally a computer, printer, ip phone and camera. The router has a T1 serial card for access to the network. No problems with the current config, gig 0/0 lan and serial 0/0/0 is the T1. How do I go about making all the ports on the EHWIC part of the LAN?
Answer:
It is an expected behavior that when there are no devices plugged into any switch ports that the switch ports will be down and that the Vlan will be down. So if you would be willing to do it, please plug your laptop back in and try the show ip interface brief and show arp again.
Also I wonder if you would check on and report some things to establish what is working and what is not working.
With the laptop connected to a switch port, and from the command line of the router:
- can you ping the laptop?
- can you ping the router gateway at 10.0.0.1?
- can you ping something in the network beyond 10.0.0.1?
then from the laptop:
- can you ping the router Vlan interface at 10.0.200.1?
- can you ping the router interface at 10.0.0.11?
- can you ping the router gateway at 10.0.0.1?
- can you ping anything in the network beyond 10.0.0.1?
And it occurs to me WS-C3750X-12S-S Price to ask whether the device at 10.0.0.1 has a route to 10.0.200.0?. For more info, please refer to http://www.pereza.info/es/blog/static-pat-ms-exchange-router
Ok, WS-C3750V2-48PS-S I recently recieved the EHWIC so I can eliminate a cheap switch at our remote sites, and have POE as well so I can power the IP phone and camera. I have installed the card into the router and it has no problems recognizing the card, ports gig 0/0/0 - 0/0/3. I upgraded to Version 15.2(3)T2 on the router, but still having a couple problems.
1. I do not have any POE commands
2. For some reason I cannot get it configured properly
All I want to do is use it as a switch for the local lan, which is literally a computer, printer, ip phone and camera. The router has a T1 serial card for access to the network. No problems with the current config, gig 0/0 lan and serial 0/0/0 is the T1. How do I go about making all the ports on the EHWIC part of the LAN?
Answer:
It is an expected behavior that when there are no devices plugged into any switch ports that the switch ports will be down and that the Vlan will be down. So if you would be willing to do it, please plug your laptop back in and try the show ip interface brief and show arp again.
Also I wonder if you would check on and report some things to establish what is working and what is not working.
With the laptop connected to a switch port, and from the command line of the router:
- can you ping the laptop?
- can you ping the router gateway at 10.0.0.1?
- can you ping something in the network beyond 10.0.0.1?
then from the laptop:
- can you ping the router Vlan interface at 10.0.200.1?
- can you ping the router interface at 10.0.0.11?
- can you ping the router gateway at 10.0.0.1?
- can you ping anything in the network beyond 10.0.0.1?
And it occurs to me WS-C3750X-12S-S Price to ask whether the device at 10.0.0.1 has a route to 10.0.200.0?. For more info, please refer to http://www.pereza.info/es/blog/static-pat-ms-exchange-router
2013年8月14日星期三
ios for bgp
Question:
does ip base Cisco 3925 router support bgp?
Answer:
From a traditional perspective Leo is
correct. Historically BGP was not available in IP BASE. But things change and IOS changes. And in
recent versions of IOS BGP is now available in IP BASE.
Here is a quote from the Release
Notes:"
BGP is available in the "IP base"
software package in Cisco IOS Release 12.4(11)T for Cisco 1841, Cisco 2800
family, and Cisco 3800 family routers."
For additional details see this link:
For futher information, please refer to http://www.3anetwork.com/cisco-cisco3925/k9-price_p284.html
Subnetting Issue
Question:
I have two Pc's connected WS-C3750X-24T-L together. PC1 i
configured 10.1.1 .1/8 address and PC2 with
10.1.1.10/16 address. I feel it should not ping between this two systems
because though the IP address may be same but the subnetmask is different. But
it pings how can this ping.
Answer:
of course.
1) IP addresses and netmasks are all 32
bits binary values so
255.0.0.0= 11111111000000000000000000000000
boolean AND is, T meaning True or 1 and F
meaning False or 0
T AND T= T
T AND F= F
F AND T=F
F AND F= F
so if we do the bitwise AND between the IP
address and the mask we get:
00001010000000000000000000000000 which is 10.0.0 .0
The same operation is done on the
destination address.
For futher information, please refer to http://www.3anetwork.com/cisco-ws-c3750x-24t-s-price_p102.html
2013年8月11日星期日
VPN behind NAT
Question:
I have estabilished a WS-C3560X-48T-L site-to-site VPN. The
config is as follows: 192.168.32.0/24 (SITE A) >--> 192.168.30.0/24 (SITE
B)
Site B has 192.168.30.1 as outside address
of the ASA firewall. On the other peer of the cable I have a Debian server
(192.168.31.2) that re-routes the packets from/to the internal network
(192.168.31.0/24). All the packets arriving to the ASA from the internal
network appear as 192.168.31.2 (the ip of the debian server).
When VPN is estabilished, from the Site A I
can ping the debian server installed on the Site B correctly.
If I try to ping any server on the site B
from the Debian server, the ping works correctly.
When I try to ping any host of the internal
network of the site B behind the debian from the site A, I get the following
message:
"Teardown ICMP connection for faddr
192.168.31.11/0 gaddr 192.168.32.10/1 laddr 192.168.32.10/1".
Any idea why this happens? I mapped both
the networks (192.168.30.0/24 and 192.168.31.24) when I created the VPNs tunnel
using the wizard.
Thanks,
Dario
SITEA Configuration:
object-group network DM_INLINE_NETWORK_1
network-object object SITE-B-DEBIAN-SUBNET
network-object object
SITE-B-INTERNAL-NETWORK
access-list outside_cryptomap extended
permit ip object SITE-A-INTERNAL-NETWORK object-group DM_INLINE_NETWORK_1
nat (inside,outside) source static
SITE-A-INTERNAL-NETWORK SITE-A-INTERNAL-NETWORK destination static
DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup
!
object network SITE-A-INTERNAL-NETWORK
nat (inside,outside) dynamic interface
object network obj_any
dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy GroupPolicy_XXXXXXXX internal
group-policy GroupPolicy_XXXXXXXX
attributes
vpn-tunnel-protocol ikev2
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX general-attributes
default-group-policy GroupPolicy_XXXXXXXX
tunnel-group XXXXXXXX ipsec-attributes
ikev2 remote-authentication pre-shared-key
*****
ikev2 local-authentication pre-shared-key
*****
!
class-map inspection_default
match default-inspection-traffic
!
===============
SITEB CONFIGURATION
object network SITE-B-INTERNAL-NETWORK
subnet 192.168.31.0 255.255.255.0
object network SITE-A-INTERNAL-NETWORK
subnet 192.168.32.0 255.255.255.0
object network SITE-B-DEBIAN-SUBNET
subnet 192.168.30.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object SITE-B-EXTERNAL-IP
network-object object SITE-B-VPN-SERVER
object-group network DM_INLINE_NETWORK_2
network-object object SITE-B-DEBIAN-SUBNET
network-object object
SITE-B-INTERNAL-NETWORK
access-list outside_cryptomap extended
permit ip object-group DM_INLINE_NETWORK_2 object SITE-A-INTERNAL-NETWORK
nat (inside,outside) source static
DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 destination static
SITE-A-INTERNAL-NETWORK SITE-A-INTERNAL-NETWORK no-proxy-arp route-lookup
!
route inside 192.168.31.0 255.255.255.0
192.168.30.2 1
group-policy GroupPolicy_YYYYYYYYYYYYYYYYY
internal
group-policy GroupPolicy_YYYYYYYYYYYYYYYYY
attributes
vpn-tunnel-protocol ikev2
tunnel-group YYYYYYYYYYYYYYYYY type
ipsec-l2l
tunnel-group YYYYYYYYYYYYYYYYY
general-attributes
default-group-policy
GroupPolicy_YYYYYYYYYYYYYYYYY
tunnel-group YYYYYYYYYYYYYYYYY
ipsec-attributes
ikev2 remote-authentication pre-shared-key
*****
ikev2 local-authentication pre-shared-key
*****
Answer:
In that case, you would need to remove all
the crypto map and disable isakmp configuration from the ASA.
That port is already reserved on the ASA
outside interface because you have those VPN tunnel configured earlier.
no crypto isakmp enable outside WS-C3560X-48T-S Price
2013年8月8日星期四
WAN Config Blank on 857w
Question:
My client has an 857w, WS-C3750X-24S-S but although the
site for the SDM express loads, the Internet WAN page always shows as
blank. We need access to this to alter
the ISP.
On IOS 12.4(6)T5
Telnet access appears to work and shows the
details.
Answer:
your WAN IP is learned dynamically with
PPP:
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
Just change the credentials, they should be
given by new ISP and also check this( ask ISP):
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
For SDM, what is your Java version, try to
downgrade it and see if it works.
For more info, WS-C3750X-48P-L Price http://www.3anetwork.com/cisco-ws-c3750x-48p-l-price_p118.html
2013年8月7日星期三
QoS (dscp-to-exp mutation) on Sup-2T/Cat6500
Question:
just
a quick question WS-C3560X-48T-L in regards to the crypto certificate keys. I notice on our
DMVPN routers, a large hexadecimal key shows up.
For example:
crypto pki certificate chain
TP-self-signed-708137789
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37303831 33373738 39301E17 0D313231 31313331 39323230
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3730 38313337
37383930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B6C79947 3412D002 025566ABF2C7A830 .................
Answer:
The self signed certificate may be
associated with DMVPN but it can also be associated with other things. For
example, if you configure ip http secure-server it will cause a self signed
certificate to be generated.
For more WS-C3560X-48T-S Price news about Price ans Specification, you can click here.http://www.3anetwork.com/cisco-ws-c3560x-48t-s-price_p47.html
2013年8月6日星期二
Reset a Router -- Start Over?
Question:
How do I reset WS-C3750X-24S-S a Cisco 876 ISR? I seem to
remember from class it was easier than the option to change a register value
that I've found through research. Can I just delete the startup.cfg and it will
then try to run me through the wizard the next time I boot?
I've got a problem where the Dialer
interface is hooked to a FastEthernet interface as it's WAN link. This was
because I misconfigured with the pppoe-client command. But now I don't know how
to back out of the problem I made for myself. Just negating the commands on the
Fa3 interface doesn't seem to work. I need to hook the dialer it to the ATM
interface instead.
Answer:
How do I reset a Cisco 876 ISR?
Check the back of the unit. There should be a "Reset" button.
1.
Power down the router;
2.
Hold down the "Reset" button;
3.
Power up the router WS-C3750X-48P-L Price
For more Cisco WS-C3750X-24S-S news about Price ans Specification, you can click here http://www.3anetwork.com/cisco-ws-c3750x-24s-s-price_p112.html
2013年8月5日星期一
serial inteface shows down/down
Question:
>>serial WS-C3560X-48T-L interface up/down
we have private line. serial inteface shows
down/down. private line terminates to csu/dsu and than goes to our router. what
could be the issue?
serial interface down/down
I checked status yesterday evening and it
was showing down/down. what could be the issue? would there be connectivity
issue between router and csu/dsu?
Answer:
The link layer is down. Here's a couple of
things to check. First replace the cable between the CSU/DSU and the router.
Check that the CSU/DSU is functional, try replacing it if you have a spare.
Check the smartjack from the carrier and check that there are no red or WS-C3560X-48T-S Price amber
lights. Let us know how that goes.
For more WS-C3560X-48T-L news about Price ans Specification, you can click here.
Tunnel MTU
Question:
I have a Router WS-C3750X-24S-S running 12.4
I have configured ip mtu 1300 but when I
show int it says 1500 ??
Anyone aware of any bugs?
Answer:
Can you check the output of sh ip int
tunnel x instead of sh int tunnel?
Does it shows correct or 1500??
If not showing correct, Can you post the
output of below:
Sh run int tunnel x
And sh run int for physical interface
sourcing the tunnel.
Also sh ip int tunnel x WS-C3750X-48P-L Price
2013年8月2日星期五
CCIE BGP PRACTICE LAB
Question:
I am preparing for my WS-C3560X-48P-S ccie certification
exam. and i am currently practicing bgp. I have a few questions regarding the
bgp lab ( http://www.ibrahimhasan.com/content/lab-32-0 ). On task#4, is there
any way that you could filter route advertisment outside of local AS without
using prefix-lists or any type of filters?
Secondly, in
http://ibrahim.drupalgardens.com/content/lab-31-0 task#3 is "network
150.1.1.0 mask 255.255.255.0 route-map SET-COMMUNITY" correct? or are
there any way you could send a community string without using a route-map?
Answer:
studying theory is needed to be able to
understand the requirements
A)
>> Ensure that these prefixes are
NEVER advertised out of AS 254
calls for BGP well known community
NO-EXPORT to be set on these routes
B)
your understanding is correct the use of a
route-map invoked in the network command looks like the only available option
given the constraints
>> you are NOT allowed to use
outbound or inbound route-maps when completing this task WS-C3560V2-24PS-S Price
2013年8月1日星期四
CCIE HELP
Question:
I am recently certified CCNP R &
S. WS-C3560V2-48PS-S My skills and experience lie in this
area... Switching, OSPF, EIGRP BGP etc
I would like to progress on to the CCIE R
& S but have had very little exposure to QOS and MPLS, VPN's Frame Relay,
ATM etc - basically anything not in the CCNP R & S Syllabus.
What would you advise is the best way for
me to proceed? Should I jump straight
into CCIE and try and cover these topics with reading / labs whilst going
through an INE log book or is there a better route for me to take? E.g Try and
do CCNP Service Provide studying first.
I have all my foundation CCNP R & S topics up to date and dont
really want to take a break from studying...
Any advice would be appreciated, I am
currently eployed as a 2nd line Cisco engineer.
Answer:
Gonna give my two cents:if you've got the
CCNP RS then no need to do CCNP SP before doing CCIE RS.
For more Cisco Switch news about Price ans Specification, you can click here.
http://www.discountroutercenter.com/wp-admin/
订阅:
博文 (Atom)