Hi All, 

Just wondering if anyone has any experience with my situation..

I have bought both CCIE R&S v5.0 OCG Premium Edition eBook/Practice Test VOL 1 and 2 few months back.

These should come with Access Codes so I can activate the practice tests one the test engine.

But in my case, The access codes won't show up in the "My account -> Digital Products area". I tried to contact the "Cisco Press" using their "contact us" page.. but so far no one seems to care to reply.

 Has anyone here run in to the same issue ? Who did you contact to get the sorted in the end?

 I'm not sure whom to contact when the official "contact us" is not responding.

 Any insight would be much appreciated.

Topic: Reliable Policy Routing
PDF page: 256
The program simply does not work as expected.

The correction is as follows:

http://www.youtube.com/watch?v=jDTlylLu_S8

Time= 0:45 to 1:47

Hi Guys,

Can someone please help me understand what is the next step after i completed watching the Collaboration ATC videos?

I intend to use the INE's Rack rental but i am very confused about the study materials, i can't use the old CCIE voice workbooks since it has different topology.

Thanks!!!

Tom.

the SG has

interface GigabitEthernet1.67
 delay 25
!
interface GigabitEthernet1.146
 delay 131
!
router eigrp 100
 variance 5

This question's mathmatics baffles me.  I have not done algebra since 1997.

I understand what needs to be done - but I do not underderstand the maths.

The solution guide goes from here (relavtive to this topic - dont worry about equal cost on R1)

The total delay of this path is 40 microseconds, or 4 tens of microseconds. Scaled by 256, R1 would be advertising 1024. Because R3's Feasible Distance of 1024 is equal to R6’s Feasible Distance, this path cannot be considered a Feasible Successor.

is this a typo?

to here:

Because the minimum configurable delay value is 10 microseconds, which is already the default for all Ethernet links, and based on task requirements, we need to modify R6's delay values on its VLAN 67 and VLAN 146 interfaces, so that metric through R1 is five times bigger than metric through R7.

then the formuale - which I do not know how to solve.  - was the 250 arbitary?

5 * [Delay(Gi1.9) + Delay(Gi1.79) + Delay(Gi1.67)] = [Delay(Gi1.9) + Delay(Gi1.79) + Delay(Gi1.37) + Delay(Gi1.13) + Delay(Gi1.146)].
5 * [10 + 10 +Delay(Gi1.67)] = [10 + 10 + 10 + 10 + Delay(Gi1.146)]].

I understand that the second line is a simplification of the first - but then how do you get the actual values for the delay on the interface? - It then suggests 250 - but I do not see the algebra workings:

If, for example, we configure delay on R6's VLAN 67 interface to be 250, in simple math we need to configure a delay value of 1310 on R6's VLAN 146 interface. This also means that configuring a variance of 5 will be enough so that both routes for VLAN 9 are installed in the routing table of R6 with the requested load distribution.

 - was the 250 arbitary? - or does it have a direct correlation with the feasability condition - and if so how was it calculated? - I dont mean its obviously 25 x 10s of microseconds - I mean was this pulled out of a hat - could we have used. 500 and 2620 ?

250 + 20 = 270 * 5 which correlates to 1310 + 40 = 1350 

But how was this worked out using maths to satisfy both the feasability condition and the 5 X load balancing ? guess work - or real algebra?

Thanks !

Hi,

what is goining on with security racks? It is fully booked for next two weeks.

Regards,

Jakub

Edit: This thread is getting too long, and it is now closed.  Please post in a more detailed thread below instead:

• Building INE's RSv5 topology on CSR1000v
• Building INE's RSv5 topology on IOS on GNS3
• Building INE's RSv5 topology on IOU/IOL on GNS3
• Building INE's RSv5 topology with physical routers
• Building INE's RSv5 topology with physical switches

Use this thread for Q&A on how to build INE's new CCIE RSv5 topology, either in physical hardware or virtualization.  This thread will later be compiled into the new "How To Build A CCIE Rack" page.

Dear All,

My queries:

Why IP Address gets removed after configuring IP VRF Forwarding on an interface?

Is it an IOS limitation?

Is Cisco doing any enhancement to stop auto removal of ip address from the interface?

Merci Beacoup,

Ashish

While doing some labbing I made a typo which showed me a new command I did not know existed, just thought I would share as I have never seen this command in any of the INE videos or ciscopress textbooks.

R6#sh ip ospf route

            OSPF Router with ID (150.1.6.6) (Process ID 1)

                Base Topology (MTID 0)

    Area 1

    Intra-area Route List

*   155.1.146.0/24, Intra, cost 1, area 1, Connected

      via 155.1.146.6, GigabitEthernet1.146

*   150.1.6.6/32, Intra, cost 1, area 1, Connected

      via 150.1.6.6, Loopback0

    Inter-area Route List

*>  155.1.5.0/24, Inter, cost 1002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.7.0/24, Inter, cost 2003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.8.0/24, Inter, cost 1003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.9.0/24, Inter, cost 2004, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.10.0/24, Inter, cost 1004, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.13.0/24, Inter, cost 2, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.23.0/24, Inter, cost 2002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.37.0/24, Inter, cost 2002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.45.0/24, Inter, cost 1002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.58.0/24, Inter, cost 1002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.67.0/24, Inter, cost 2003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.79.0/24, Inter, cost 2003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.108.0/24, Inter, cost 1003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.1.1/32, Inter, cost 2, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.2.2/32, Inter, cost 2002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.3.3/32, Inter, cost 2002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.4.4/32, Inter, cost 1003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.5.5/32, Inter, cost 1002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.7.7/32, Inter, cost 2003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.8.8/32, Inter, cost 1003, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.9.9/32, Inter, cost 2004, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  150.1.10.10/32, Inter, cost 1004, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.0.1/32, Inter, cost 1, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.0.2/32, Inter, cost 2001, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.0.3/32, Inter, cost 2001, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.0.4/32, Inter, cost 1002, area 1

      via 155.1.146.1, GigabitEthernet1.146

*>  155.1.0.5/32, Inter, cost 1001, area 1

      via 155.1.146.1, GigabitEthernet1.146

    Intra-area Router Path List

i 150.1.1.1 [1] via 155.1.146.1, GigabitEthernet1.146, ABR/ASBR, Area 1, SPF 20

    Area 2

    First Hop Forwarding Gateway Tree

 155.1.146.1 on GigabitEthernet1.146, count 27

 155.1.146.6 on GigabitEthernet1.146, count 1

 150.1.6.6 on Loopback0, count 1

R6#

Hi Everyone,

I'm just looking for feedback as I think I'm missing something or doing something wrong.

I had 3 rack rentals Sat, Sunday and right now booked. Saturday was from 6-8:30 AM. When I tried to login I could get in. After opening tickets and waiting and waiting. I never was able to get in. INE was kind enough to refund my credits.

Sunday morning when I went to log in at 6 AM I kept getting a window saying my rack isn't ready. I opened a ticket and about ten minutes later the issue was resolved and I could login. Rental went find except for my RDP sessions to server 1 and 2. I couldn't type IP addresses. it was inserting underscores or the letter N depending if I used the period on the keyboard side or the Num lock side.

I now have session from 9 AM EST and I couldnt log in because it said the rack wasn't ready. I opened a ticket now a little over 20 minutes later its resolved.

Is this normal behavior? Do you have to wait for the racks to finish some automated process? Has anyone else seen the RDP issue.

Thanks
Jay 

Am I the only one totally bombing these?  I feel like any subject I give attention to in order to better myself at it, I end up regressing on one or two others.

Ex.  My DMVPN, IPSec, and Multicast are not where they need to be, so I focus on them for a solid week or two at least.  Then when I go back to something I'm competant at, it's like square one.  Anyone got any advice?  I try to re-visit subjects I haven't messed with in awhile each week (like QoS this week, DMVPN next week, then a brush up on QoS the next week etc) but get totally exposed during the full TS labs.

Thanks.

I'm running ESXi ver 5.1 on a Dell with 2 Xeon quadcore 5530 with 72Gb of RAM.

I'm running two CSR1000v versions from my CCO download to try to get them to work:

csr1000v-universalk9.03.12.00.S.154-2.S-std.ova

csr1000v-universalk9.03.14.00.S.155-1.S-std.ova

Both of them boot properly, I can telnet in with SecureCRT.  Now the problem I have is when I type "?", it sits there.  I have to hit ENTER, then it just gives about 22 commands (through "dir") and goes back to privilege exec mode.

Another weird thing is if I type a command then ENTER, hit the UP arrow to recall the command I get this:

^[[A

I don't know what is going on with this.  Any suggestions are appreciated.  Thanks.

I am going to build an UC home rack for Collaboration ccie.

Routers switch and ip phones are easy to buy it. But It seems that the Backbone configaration will be a big problem. There are a lot things at the Backbone. any suggestion will be very welcomed. thanks a lot.

Hi,

With the lab IPSec VPNs with Crypto Maps I run into a problem which I think it's a software bug. Phase 1 completes and it looks like phase 2 also completes, but it's not encap and decap packets. When I look on R8 (the receiving site) I see an error messages coming "IPSEC INSTALL FAILED". I was wondering if you guys already run into this problem?

This is config of R7:
crypto isakmp policy 10
  encr aes 256
  hash sha512
  authentication pre-share
  group 24
!
crypto isakmp key CISCO address 155.1.58.8    
crypto ipsec transform-set AES192-SHA384 esp-aes 192 esp-sha384-hmac
  mode tunnel
!
crypto map R7_TO_R8 local-address Loopback0
!
crypto map R7_TO_R8 10 ipsec-isakmp
 set peer 155.1.58.8
 set transform-set AES192-SHA384
 match address R9_TO_R10
!
ip access-list extended R9_TO_R10
  permit ip host 150.1.9.9 host 150.1.10.10
  permit ip host 150.1.9.9 155.1.10.0 0.0.0.255
  permit ip 155.1.9.0 0.0.0.255 host 150.1.10.10
  permit ip 155.1.9.0 0.0.0.255 155.1.10.0 0.0.0.255

The config of R8:
crypto isakmp policy 10
  encr aes 256
  hash sha512
  authentication pre-share
  group 24
!
crypto isakmp key CISCO address 150.1.7.7      
!
crypto ipsec transform-set AES192-SHA384 esp-aes 192 esp-sha384-hmac
  mode tunnel
!
crypto map R7_TO_R8 10 ipsec-isakmp
  set peer 150.1.7.7
  set transform-set AES192-SHA384
  match address R10_TO_R9
!
ip access-list extended R10_TO_R9
  permit ip host 150.1.10.10 host 150.1.9.9
  permit ip host 150.1.10.10 155.1.9.0 0.0.0.255
  permit ip 155.1.10.0 0.0.0.255 host 150.1.9.9
  permit ip 155.1.10.0 0.0.0.255 155.1.9.0 0.0.0.255

The debug at R7 of debug crypto iskamp and debug crypto ipsec:

IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 150.1.7.7:500, remote= 155.1.58.8:500,

    local_proxy= 150.1.9.9/255.255.255.255/256/0,

    remote_proxy= 150.1.10.10/255.255.255.255/256/0,

    protocol= ESP, transform= esp-aes 192 esp-sha384-hmac  (Tunnel), 

    lifedur= 3600s and 4608000kb, 

    spi= 0x0(0), conn_id= 0, keysize= 192, flags= 0x0

ISAKMP:(0): SA request profile is (NULL)

ISAKMP: Created a peer struct for 155.1.58.8, peer port 500

ISAKMP: New peer created peer = 0x7FE9CAC8A

R7#248 peer_handle = 0x80000002

ISAKMP: Locking peer struct 0x7FE9CAC8A248, refcount 1 for isakmp_initiator

ISAKMP: local port 500, remote port 500

ISAKMP: set new node 0 to QM_IDLE      

ISAKMP:(0):insert sa successfully sa = 7FE9CAC89518

ISAKMP:(0):Can not start Aggressive mode, trying Main mode.

ISAKMP:(0):found peer pre-shared key matching 155.1.58.8

ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

ISAKMP:(0): constructed NAT-T vendor-07 ID

ISAKMP:(0): constructed NAT-T vendor-03 ID

ISAKMP:(0): c

R7#onstructed NAT-T vendor-02 ID

ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1 

ISAKMP:(0): beginning Main Mode exchange

ISAKMP:(0): sending packet to 155.1.58.8 my_port 500 peer_port 500 (I) MM_NO_STATE

ISAKMP:(0):Sending an IKE IPv4 Packet.

ISAKMP (0): received packet from 155.1.58.8 dport 500 sport 500 Global (I) MM_NO_STATE

ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2 

R7#

ISAKMP:(0): processing SA payload. message ID = 0

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

ISAKMP (0): vendor ID is NAT-T RFC 3947

ISAKMP:(0):found peer pre-shared key matching 155.1.58.8

ISAKMP:(0): local preshared key found

ISAKMP : Scanning profiles for xauth ...

ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy

ISAKMP:      encryption AES-CBC

ISAKMP:      keylength of 256

ISAKMP:      hash SHA512

ISAKMP:      defau

R7#lt group 24

ISAKMP:      auth pre-share

ISAKMP:      life type in seconds

ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80 

ISAKMP:(0):atts are acceptable. Next payload is 0

ISAKMP:(0):Acceptable atts:actual life: 0

ISAKMP:(0):Acceptable atts:life: 0

ISAKMP:(0):Fill atts in sa vpi_length:4

ISAKMP:(0):Fill atts in sa life_in_seconds:86400

ISAKMP:(0):Returning Actual lifetime: 86400

ISAKMP:(0)::Started lifetime timer: 86400.

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID s

R7#eems Unity/DPD but major 69 mismatch

ISAKMP (0): vendor ID is NAT-T RFC 3947

ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2 

ISAKMP:(0): sending packet to 155.1.58.8 my_port 500 peer_port 500 (I) MM_SA_SETUP

ISAKMP:(0):Sending an IKE IPv4 Packet.

ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3 

ISAKMP (0): received packet from 155.1.58.8 dport 500 sport 500 Glo

R7#bal (I) MM_SA_SETUP

ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4 

ISAKMP:(0): processing KE payload. message ID = 0

ISAKMP:(0): processing NONCE payload. message ID = 0

ISAKMP:(0):found peer pre-shared key matching 155.1.58.8

ISAKMP:(1001): processing vendor id payload

ISAKMP:(1001): vendor ID is Unity

ISAKMP:(1001): processing vendor id payload

ISAKMP:(1001): vendor ID is DPD

ISAKMP:(1001): processing vendor id payload

ISAKMP:(1001

R7#): speaking to another IOS box!

ISAKMP:received payload type 20

ISAKMP (1001): His hash no match - this node outside NAT

ISAKMP:received payload type 20

ISAKMP (1001): No NAT Found for self or peer

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

ISAKMP:(1001):Old State = IKE_I_MM4  New State = IKE_I_MM4 

ISAKMP:(1001):Send initial contact

ISAKMP:(1001):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

ISAKMP (1001): ID payload 

        next-payload : 8

        type         

R7#: 1 

        address      : 150.1.7.7 

        protocol     : 17 

        port         : 500 

        length       : 12

ISAKMP:(1001):Total payload length: 12

ISAKMP:(1001): sending packet to 155.1.58.8 my_port 500 peer_port 500 (I) MM_KEY_EXCH

ISAKMP:(1001):Sending an IKE IPv4 Packet.

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

ISAKMP:(1001):Old State = IKE_I_MM4  New State = IKE_I_MM5 

ISAKMP (1001): received packet from 155.1.58.8 dport 500 sport 500 Global (I) MM_KEY_EXCH

ISAKMP:(1001): processing I

R7#D payload. message ID = 0

ISAKMP (1001): ID payload 

        next-payload : 8

        type         : 1 

        address      : 155.1.58.8 

        protocol     : 17 

        port         : 500 

        length       : 12

ISAKMP:(0):: peer matches *none* of the profiles

ISAKMP:(1001): processing HASH payload. message ID = 0

ISAKMP:(1001):SA authentication status:

        authenticated

ISAKMP:(1001):SA has been authenticated with 155.1.58.8

ISAKMP: Trying to insert a peer 150.1.7.7/155.1.58.8/500/,  and inserted successfully 7FE9CAC8A248.

ISAK

R7#MP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

ISAKMP:(1001):Old State = IKE_I_MM5  New State = IKE_I_MM6 

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

ISAKMP:(1001):Old State = IKE_I_MM6  New State = IKE_I_MM6 

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

ISAKMP:(1001):Old State = IKE_I_MM6  New State = IKE_P1_COMPLETE 

ISAKMP:(1001):beginning Quick Mode exchange, M-ID of 2153222787

ISAKMP:(1001):QM Initiator gets spi

ISAKMP:(1001): sending packet to 155

R7#.1.58.8 my_port 500 peer_port 500 (I) QM_IDLE      

ISAKMP:(1001):Sending an IKE IPv4 Packet.

ISAKMP:(1001):Node 2153222787, Input = IKE_MESG_INTERNAL, IKE_INIT_QM

ISAKMP:(1001):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

ISAKMP:(1001):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE 

ISAKMP (1001): received packet from 155.1.58.8 dport 500 sport 500 Global (I) QM_IDLE      

ISAKMP: set new node 1506800099 to QM_IDLE      

R7#

ISAKMP:(1001): processing HASH payload. message ID = 1506800099

ISAKMP:(1001): processing DELETE payload. message ID = 1506800099

ISAKMP:(1001):peer does not do paranoid keepalives.

ISAKMP:(1001):deleting node 1506800099 error FALSE reason "Informational (in) state 1"

IPSEC(key_engine): got a queue event with 1 KMI message(s)

IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

IPSEC: still in use sa: 0x0

IPSEC: sa null

ISAKMP:(1001): retransmitting phase 2 QM_IDLE       2153222787 ...

R7#

ISAKMP (1001): incrementing error counter on node, attempt 1 of 5: retransmit phase 2

ISAKMP (1001): incrementing error counter on sa, attempt 1 of 5: retransmit phase 2

ISAKMP:(1001): retransmitting phase 2 2153222787 QM_IDLE      

ISAKMP:(1001): sending packet to 155.1.58.8 my_port 500 peer_port 500 (I) QM_IDLE      

ISAKMP:(1001):Sending an IKE IPv4 Packet.

R7#

ISAKMP:(1001): retransmitting phase 2 QM_IDLE       2153222787 ...

ISAKMP (1001): incrementing error counter on node, attempt 2 of 5: retransmit phase 2

ISAKMP (1001): incrementing error counter on sa, attempt 2 of 5: retransmit phase 2

ISAKMP:(1001): retransmitting phase 2 2153222787 QM_IDLE      

ISAKMP:(1001): sending packet to 155.1.58.8 my_port 500 peer_port 500 (I) QM_IDLE      

ISAKMP:(1001):Sending an IKE IPv4 Packet.

The debug of R8 with debug crypto isakmp and debug crypto ipsec:

ISAKMP (0): received packet from 150.1.7.7 dport 500 sport 500 Global (N) NEW SA

ISAKMP: Created a peer struct for 150.1.7.7, peer port 500

ISAKMP: New peer created peer = 0x7FEA3210C608 peer_handle = 0x80000002

ISAKMP: Locking peer struct 0x7FEA3210C608, refcount 1 for crypto_isakmp_process_block

ISAKMP: local port 500, remote port 500

ISAKMP:(0):insert sa successfully sa = 7FEA3210B8D8

ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

ISAKMP:(0):Old State = IKE_READY  New State = IKE_R_MM1 

R8#ISAKMP:(0): processing SA payload. message ID = 0

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

ISAKMP (0): vendor ID is NAT-T RFC 3947

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch

ISAKMP (0): vendor ID is NAT-T v7

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

ISAKMP:(0): vendor ID is NAT-T v3

ISAKMP:(0): processing vendor id paylo

R8#ad

ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

ISAKMP:(0): vendor ID is NAT-T v2

ISAKMP:(0):found peer pre-shared key matching 150.1.7.7

ISAKMP:(0): local preshared key found

ISAKMP : Scanning profiles for xauth ...

ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy

ISAKMP:      encryption AES-CBC

ISAKMP:      keylength of 256

ISAKMP:      hash SHA512

ISAKMP:      default group 24

ISAKMP:      auth pre-share

ISAKMP:      life type in seconds

ISAKMP:      life du

R8#ration (VPI) of  0x0 0x1 0x51 0x80 

ISAKMP:(0):atts are acceptable. Next payload is 0

ISAKMP:(0):Acceptable atts:actual life: 0

ISAKMP:(0):Acceptable atts:life: 0

ISAKMP:(0):Fill atts in sa vpi_length:4

ISAKMP:(0):Fill atts in sa life_in_seconds:86400

ISAKMP:(0):Returning Actual lifetime: 86400

ISAKMP:(0)::Started lifetime timer: 86400.

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch

ISAKMP (0): vendor ID is NAT-T RFC 3947

ISAKMP:(0): proces

R8#sing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch

ISAKMP (0): vendor ID is NAT-T v7

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

ISAKMP:(0): vendor ID is NAT-T v3

ISAKMP:(0): processing vendor id payload

ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

ISAKMP:(0): vendor ID is NAT-T v2

ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R

R8#_MM1 

ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

ISAKMP:(0): sending packet to 150.1.7.7 my_port 500 peer_port 500 (R) MM_SA_SETUP

ISAKMP:(0):Sending an IKE IPv4 Packet.

ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

ISAKMP:(0):Old State = IKE_R_MM1  New State = IKE_R_MM2 

ISAKMP (0): received packet from 150.1.7.7 dport 500 sport 500 Global (R) MM_SA_SETUP

ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

ISAKMP:(0):Old State = IKE_R_MM2  New State = IKE_R_MM3 

ISAKMP:(0):

R8# processing KE payload. message ID = 0

ISAKMP:(0): processing NONCE payload. message ID = 0

ISAKMP:(0):found peer pre-shared key matching 150.1.7.7

ISAKMP:(1001): processing vendor id payload

ISAKMP:(1001): vendor ID is DPD

ISAKMP:(1001): processing vendor id payload

ISAKMP:(1001): speaking to another IOS box!

ISAKMP:(1001): processing vendor id payload

ISAKMP:(1001): vendor ID seems Unity/DPD but major 28 mismatch

ISAKMP:(1001): vendor ID is XAUTH

ISAKMP:received payload type 20

ISAKMP (1001): 

R8#His hash no match - this node outside NAT

ISAKMP:received payload type 20

ISAKMP (1001): No NAT Found for self or peer

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

ISAKMP:(1001):Old State = IKE_R_MM3  New State = IKE_R_MM3 

ISAKMP:(1001): sending packet to 150.1.7.7 my_port 500 peer_port 500 (R) MM_KEY_EXCH

ISAKMP:(1001):Sending an IKE IPv4 Packet.

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

ISAKMP:(1001):Old State = IKE_R_MM3  New State = IKE_R_MM4 

ISAKMP 

R8#(1001): received packet from 150.1.7.7 dport 500 sport 500 Global (R) MM_KEY_EXCH

ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

ISAKMP:(1001):Old State = IKE_R_MM4  New State = IKE_R_MM5 

ISAKMP:(1001): processing ID payload. message ID = 0

ISAKMP (1001): ID payload 

        next-payload : 8

        type         : 1 

        address      : 150.1.7.7 

        protocol     : 17 

        port         : 500 

        length       : 12

ISAKMP:(0):: peer matches *none* of the profiles

ISAKMP:(1001): processing HASH payload. message 

R8#ID = 0

ISAKMP:(1001): processing NOTIFY INITIAL_CONTACT protocol 1

        spi 0, message ID = 0, sa = 0x7FEA3210B8D8

ISAKMP:(1001):SA authentication status:

        authenticated

ISAKMP:(1001):SA has been authenticated with 150.1.7.7

ISAKMP:(1001):SA authentication status:

        authenticated

ISAKMP:(1001): Process initial contact,

bring down existing phase 1 and 2 SA's with local 155.1.58.8 remote 150.1.7.7 remote port 500

ISAKMP: Trying to insert a peer 155.1.58.8/150.1.7.7/500/,  and inserted successfully 7FEA3

R8#210C608.

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

ISAKMP:(1001):Old State = IKE_R_MM5  New State = IKE_R_MM5 

IPSEC(key_engine): got a queue event with 1 KMI message(s)

ISAKMP:(1001):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

ISAKMP (1001): ID payload 

        next-payload : 8

        type         : 1 

        address      : 155.1.58.8 

        protocol     : 17 

        port         : 500 

        length       : 12

ISAKMP:(1001):Total payload length: 12

ISAKMP:(1001): sending packet t

R8#o 150.1.7.7 my_port 500 peer_port 500 (R) MM_KEY_EXCH

ISAKMP:(1001):Sending an IKE IPv4 Packet.

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

ISAKMP:(1001):Old State = IKE_R_MM5  New State = IKE_P1_COMPLETE 

ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

ISAKMP:(1001):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE 

ISAKMP (1001): received packet from 150.1.7.7 dport 500 sport 500 Global (R) QM_IDLE      

ISAKMP: set new node 2153222787 to QM_IDLE      

IS

R8#AKMP:(1001): processing HASH payload. message ID = 2153222787

ISAKMP:(1001): processing SA payload. message ID = 2153222787

ISAKMP:(1001):Checking IPSec proposal 1

ISAKMP: transform 1, ESP_AES 

ISAKMP:   attributes in transform:

ISAKMP:      encaps is 1 (Tunnel)

ISAKMP:      SA life type in seconds

ISAKMP:      SA life duration (basic) of 3600

ISAKMP:      SA life type in kilobytes

ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0 

ISAKMP:      authenticator is HMAC-SHA384

ISAKMP:      k

R8#ey length is 192

ISAKMP:(1001):atts are acceptable.

IPSEC(validate_proposal_request): proposal part #1

IPSEC(validate_proposal_request): proposal part #1,

  (key eng. msg.) INBOUND local= 155.1.58.8:0, remote= 150.1.7.7:0,

    local_proxy= 150.1.10.10/255.255.255.255/256/0,

    remote_proxy= 150.1.9.9/255.255.255.255/256/0,

    protocol= ESP, transform= NONE  (Tunnel), 

    lifedur= 0s and 0kb, 

    spi= 0x0(0), conn_id= 0, keysize= 192, flags= 0x0

Crypto mapdb : proxy_match

        src addr     : 150.

R8#1.10.10

        dst addr     : 150.1.9.9

        protocol     : 0

        src port     : 0

        dst port     : 0

ISAKMP:(1001): processing NONCE payload. message ID = 2153222787

ISAKMP:(1001): processing ID payload. message ID = 2153222787

ISAKMP:(1001): processing ID payload. message ID = 2153222787

ISAKMP:(1001):QM Responder gets spi

ISAKMP:(1001):Node 2153222787, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

ISAKMP:(1001):Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE

ISAKMP:(1001):Node 2153222787, Input = IKE_MES

R8#G_INTERNAL, IKE_GOT_SPI

ISAKMP:(1001):Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_IPSEC_INSTALL_AWAIT

IPSEC(key_engine): got a queue event with 1 KMI message(s)

Crypto mapdb : proxy_match

        src addr     : 150.1.10.10

        dst addr     : 150.1.9.9

        protocol     : 256

        src port     : 0

        dst port     : 0

IPSEC(crypto_ipsec_create_ipsec_sas): Map found R7_TO_R8

IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 150.1.7.7

IPSEC(create_sa): sa created,

  (sa) sa_dest

R8#= 155.1.58.8, sa_proto= 50, 

    sa_spi= 0xD28A2492(3532268690), 

    sa_trans= esp-aes 192 esp-sha384-hmac , sa_conn_id= 1

    sa_lifetime(k/sec)= (4608000/3600)

IPSEC(create_sa): sa created,

  (sa) sa_dest= 150.1.7.7, sa_proto= 50, 

    sa_spi= 0xCA742492(3396609170), 

    sa_trans= esp-aes 192 esp-sha384-hmac , sa_conn_id= 2

    sa_lifetime(k/sec)= (4608000/3600)

 ISAKMP: Failed to find peer index node to update peer_info_list

IPSEC(send_delete_notify_kmi): Inbound/outbound installation failed

R8#, not sending DECR

IPSEC(update_current_outbound_sa): updated peer 150.1.7.7 current outbound sa to SPI 0

IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= 155.1.58.8, sa_proto= 50, 

    sa_spi= 0xD28A2492(3532268690), 

    sa_trans= esp-aes 192 esp-sha384-hmac , sa_conn_id= 1

    sa_lifetime(k/sec)= (4608000/3600),

  (identity) local= 155.1.58.8:0, remote= 150.1.7.7:0,

    local_proxy= 150.1.10.10/255.255.255.255/256/0,

    remote_proxy= 150.1.9.9/255.255.255.255/256/0

IPSEC(delete_sa): SA found sa

R8#ving DEL kmi

IPSEC(delete_sa): deleting SA,

  (sa) sa_dest= 150.1.7.7, sa_proto= 50, 

    sa_spi= 0xCA742492(3396609170), 

    sa_trans= esp-aes 192 esp-sha384-hmac , sa_conn_id= 2

    sa_lifetime(k/sec)= (4608000/3600),

  (identity) local= 155.1.58.8:0, remote= 150.1.7.7:0,

    local_proxy= 150.1.10.10/255.255.255.255/256/0,

    remote_proxy= 150.1.9.9/255.255.255.255/256/0

IPSEC(send_delete_notify_kmi): not sending KEY_ENG_NOTIFY_DECR_COUNT

IPSEC(ident_send_delete_notify_kmi): not in msg contex

R8#t Ident Delete SA msg: 0

ISAKMP:(1001):IPSec Installation failed...

ISAKMP:(1001):deleting node 2153222787 error TRUE reason "IPSEC install failed"

ISAKMP: set new node 1506800099 to QM_IDLE      

ISAKMP:(1001): sending packet to 150.1.7.7 my_port 500 peer_port 500 (R) QM_IDLE      

ISAKMP:(1001):Sending an IKE IPv4 Packet.

ISAKMP:(1001):purging node 1506800099

ISAKMP:(1001):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

ISAKMP:(1001):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE 

ISAKMP

R8# (1001): received packet from 150.1.7.7 dport 500 sport 500 Global (R) QM_IDLE      

ISAKMP:(1001): phase 2 packet is a duplicate of a previous packet.

ISAKMP:(1001): retransmitting due to retransmit phase 2

ISAKMP:(1001): ignoring retransmission,because phase2 node marked dead 2153222787

R8#

ISAKMP (1001): received packet from 150.1.7.7 dport 500 sport 500 Global (R) QM_IDLE      

ISAKMP:(1001): phase 2 packet is a duplicate of a previous packet.

ISAKMP:(1001): retransmitting due to retransmit phase 2

ISAKMP:(1001): ignoring retransmission,because phase2 node marked dead 2153222787 

What's the difference between WS-C3650-24PS-S and WS-C3650-48PS-S ? 

Cisco 3650 WS-C3650-48PS-S Switch :

Layer 3 routing features

48 * 10/100/1000 Ethernet POE+ ports with fixed 4 * 1G SFP uplinks

390W POE power budget with up to 30W per port

IP base image with update option to IP service (L-C3650-48-S-E)

Up to 40G wireless bandwidth per switch, up to 25 APs and 1000 Wireless clients for each switching entity

Up to 9 members stacking and up to 160Gbps of stack throughput

Cisco 3650 WS-C3650-24PS-S :

Layer 3 routing features

24 * 10/100/1000 Ethernet POE+ ports with fixed 4 * 1G SFP uplinks

390W POE power budget with up to 30W per port

IP base image with update option to IP service (L-C3650-24-S-E)

Up to 20G wireless bandwidth per switch, up to 25 APs and 1000 Wireless clients for each switching entity

Up to 9 members stacking and up to 160Gbps of stack throughput

I have an issue in the network below where R3 can't reach R1 (in that direction only). R1 can reach R3 (as verified with a debug for ICMP pings).

I have a 3 routers and a FW in this setup, and the dmvpn goes from r1 to r2 via the firewall (using NAT, and has a temporary policy to allow any any traffic in any direction to elimate any FW policy problems).  The DMVPN is is up and working, I can even telnet from R2 to R1 and visa versa.  However I cannot bidirectionally send traffic from R1 to R3.  The setup is drawn below

R1 ---- FW --(internet)---- R2 --------R3

I can ping between R1 and R2 on the tunnel interface (i.e. DMVPN is up and working).  ALSO, I used some ip icmp debugs on R3.  R1 can ping R3 one way (I see the ICMP hit R3 with a source IP of the tunnel interface on R1).  R3 sends an icmp echo  reply back, but it never makes it back to R1 (you will see this in the outputs below).  The traceroute shows that R3 reaches R2, but R2 doesn't forward the packet.  

R2 (dmvpn hub)

interface GigabitEthernet0/1

 description R2 - Outside Int.

 bandwidth 10000

 ip address 40.75.40.31 255.255.255.0

 ip flow ingress

 ip flow egress

 duplex full

 speed 1000

 no cdp enable

end

interface GigabitEthernet0/0

 description R2 - Inside Int towards R3

 ip address 172.24.209.2 255.255.255.252

 no ip split-horizon

 ip ospf network point-to-point

 duplex full

 speed 1000

interface Tunnel0

 bandwidth 10000

 ip address 172.24.210.1 255.255.255.0

 no ip redirects

 ip mtu 1400

 ip flow ingress

 ip flow egress

 ip nhrp authentication xxx

 ip nhrp map multicast dynamic

 ip nhrp network-id 1

 ip tcp adjust-mss 1360

 no ip split-horizon eigrp 90

 ip ospf network broadcast

 ip ospf cost 40

 ip ospf hello-interval 30

 ip ospf priority 150

 keepalive 10 3

 tunnel source GigabitEthernet0/1

 tunnel mode gre multipoint

 tunnel key 0

 tunnel path-mtu-discovery

 tunnel protection ipsec profile DMVPN

R1#sh dmvpn

Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete

        N - NATed, L - Local, X - No Socket

        # Ent --> Number of NHRP entries with same NBMA peer

        NHS Status: E --> Expecting Replies, R --> Responding

        UpDn Time --> Up or Down Time for a Tunnel

==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 172.24.210.1 RE

Type:Spoke, Total NBMA Peers (v4/v6): 1

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network

----- --------------- --------------- ----- -------- ----- -----------------

    1   40.75.40.31    172.24.210.1    UP 00:24:18    S    172.24.210.1/32

interface Tunnel0

 description Tunnel to R2

 ip address 172.24.210.28 255.255.255.0

 no ip redirects

 ip mtu 1400

 ip nhrp authentication xxx

 ip nhrp map 172.24.210.1 40.75.40.31

 ip nhrp map multicast 40.75.40.31

 ip nhrp network-id 1

 ip nhrp holdtime 600

 ip nhrp nhs 172.24.210.1

 ip tcp adjust-mss 1360

 ip ospf network broadcast

 ip ospf cost 100

 ip ospf hello-interval 30

 ip ospf priority 0

 load-interval 30

 keepalive 10 3

 tunnel source FastEthernet0/0.1

 tunnel mode gre multipoint

 tunnel key 0

 tunnel protection ipsec profile DMVPN shared

end

interface FastEthernet0/0.1

 encapsulation dot1Q 10 native

 ip address 172.26.156.1 255.255.255.0

 ip ospf network point-to-point

R1#ping 172.24.209.2 (ping to R2's inside interface)

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.24.209.2, timeout is 2 seconds:

!!!!!

//debug ip icmp output (on R2) when I ping from R1 to R2's inside interface

Jan 19 21:42:00.797: ICMP: echo reply sent, src 172.24.209.2, dst 172.24.210.28, topology BASE, dscp 0 topoid 0

Jan 19 21:42:00.833: ICMP: echo reply sent, src 172.24.209.2, dst 172.24.210.28, topology BASE, dscp 0 topoid 0

Jan 19 21:42:00.873: ICMP: echo reply sent, src 172.24.209.2, dst 172.24.210.28, topology BASE, dscp 0 topoid 0

Jan 19 21:42:00.909: ICMP: echo reply sent, src 172.24.209.2, dst 172.24.210.28, topology BASE, dscp 0 topoid 0

R1#ping 172.24.209.1 (to R3's interface that connects to R2, notice it's the same subnet as before)

//debug ip icmp output (on R3) when I ping from R1 to R3

1112349: Jan 19 21:42:03.597 GMT: ICMP: echo reply sent, src 172.24.209.1, dst 172.24.210.28

1112350: Jan 19 21:42:05.593 GMT: ICMP: echo reply sent, src 172.24.209.1, dst 172.24.210.28

1112351: Jan 19 21:42:07.593 GMT: ICMP: echo reply sent, src 172.24.209.1, dst 172.24.210.28

1112352: Jan 19 21:42:09.593 GMT: ICMP: echo reply sent, src 172.24.209.1, dst 172.24.210.28

06680r1#show ip route 172.24.209.2

Routing entry for 172.24.0.0/16

  Known via "ospf 100", distance 110, metric 140

  Tag 555, type extern 1

  Last update from 172.24.210.1 on Tunnel0, 00:00:16 ago

  Routing Descriptor Blocks:

  * 172.24.210.1, from 172.24.210.1, 00:00:16 ago, via Tunnel0

      Route metric is 140, traffic share count is 1

      Route tag 555

Please how do i enable history for configuration commands in cisco ios.

Thanks

I have a question on using eigrp metric as 1 1 1 1 1 in BGP to EIGRP redistribution. R6 has routes in the routing table via VPN BGP coming from R5 via R4 RR.

Rack1R6#sh bgp vpnv4 un vrf VPN_A
BGP table version is 48, local router ID is 150.1.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf VPN_A)
*>i150.1.55.55/32   150.1.5.5                0    100      0 i   <-   this route is a loopback on R5 and redistributed into BGP as connected on R5
*> 150.1.66.66/32   0.0.0.0                  0         32768 i
*> 155.1.7.0/24     155.1.67.7           28416         32768 ?
*>i155.1.8.0/24     150.1.5.5            28416    100      0 ?
*>i155.1.58.0/24    150.1.5.5              100    100      0 ?
*> 155.1.67.0/24    0.0.0.0                  0         32768 ?
*> 155.1.79.0/24    155.1.67.7           28416         32768 ?
*> 172.16.7.0/24    155.1.67.7          156160         32768 ?
*>i172.16.8.0/24    150.1.5.5           156160    100      0 ?  <- this route is a L102 on SW2 and redistributed into BGP as EIGRP from SW2
*  192.168.7.0      155.1.76.7               0         32768 ?
Rack1R6#

Rack1R6#sh bgp vpnv4 un vrf VPN_A 150.1.55.55
BGP routing table entry for 1:1:150.1.55.55/32, version 34
Paths: (1 available, best #1, table VPN_A)
  Not advertised to any peer
  Local, imported path from 3:3:150.1.55.55/32
    150.1.5.5 (metric 66) from 150.1.4.4 (150.1.4.4)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:200:1
      Originator: 150.1.5.5, Cluster list: 150.1.4.4
      mpls labels in/out nolabel/20
Rack1R6#

Rack1R6#sh bgp vpnv4 un vrf VPN_A 172.16.8.8
BGP routing table entry for 1:1:172.16.8.0/24, version 38
Paths: (1 available, best #1, table VPN_A)
  Not advertised to any peer
  Local, imported path from 3:3:172.16.8.0/24
    150.1.5.5 (metric 66) from 150.1.4.4 (150.1.4.4)
      Origin incomplete, metric 156160, localpref 100, valid, internal, best
      Extended Community: RT:200:1 Cost:pre-bestpath:128:156160
        0x8800:32768:0 0x8801:200:130560 0x8802:65281:25600 0x8803:65281:1500
      Originator: 150.1.5.5, Cluster list: 150.1.4.4
      mpls labels in/out nolabel/24
Rack1R6#

When I redistribute BGP routes into EIGRP on R6 using redistribute bgp 200 statement (no metric values) with intent to pass these routes to SW1, not all routes are making into eigrp process.

router eigrp 6500
 auto-summary
 !
 address-family ipv4 vrf VPN_A
  redistribute bgp 200              <- no metric defined
  network 155.1.0.0
  no auto-summary
  autonomous-system 200
 exit-address-family

Rack1R6#sh ip eigrp vrf VPN_A top
IP-EIGRP Topology Table for AS(200)/ID(150.1.66.66) Routing Table: VPN_A

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 155.1.8.0/24, 1 successors, FD is 28416
        via VPNv4 Sourced (28416/0)
P 155.1.7.0/24, 1 successors, FD is 28416
        via 155.1.67.7 (28416/2816), FastEthernet0/0.67
P 155.1.58.0/24, 1 successors, FD is 28160
        via VPNv4 Sourced (28160/0)
P 172.16.8.0/24, 1 successors, FD is 156160
        via VPNv4 Sourced (156160/0)
P 172.16.7.0/24, 1 successors, FD is 156160
        via 155.1.67.7 (156160/128256), FastEthernet0/0.67
P 155.1.79.0/24, 1 successors, FD is 28416
        via 155.1.67.7 (28416/2816), FastEthernet0/0.67
P 155.1.67.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0.67
Rack1R6#

150.1.55.55 R5 Loopback is not in EIGRP topology

When I use metric values as per solution

router eigrp 6500
 auto-summary
 !
 address-family ipv4 vrf VPN_A
  redistribute bgp 200 metric 1 1 1 1 1
  network 155.1.0.0
  no auto-summary
  autonomous-system 200
 exit-address-family

Rack1R6#sh ip eigrp vrf VPN_A top
IP-EIGRP Topology Table for AS(200)/ID(150.1.66.66) Routing Table: VPN_A

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 155.1.8.0/24, 1 successors, FD is 28416
        via VPNv4 Sourced (28416/0)
P 150.1.55.55/32, 1 successors, FD is 2560000256
        via Redistributed (2560000256/0)
P 150.1.66.66/32, 1 successors, FD is 2560000256
        via Redistributed (2560000256/0)
P 155.1.7.0/24, 1 successors, FD is 28416
        via 155.1.67.7 (28416/2816), FastEthernet0/0.67
P 155.1.58.0/24, 1 successors, FD is 28160
        via VPNv4 Sourced (28160/0)
P 172.16.8.0/24, 1 successors, FD is 156160
        via VPNv4 Sourced (156160/0)
P 172.16.7.0/24, 1 successors, FD is 156160
        via 155.1.67.7 (156160/128256), FastEthernet0/0.67
P 155.1.79.0/24, 1 successors, FD is 28416
        via 155.1.67.7 (28416/2816), FastEthernet0/0.67
P 155.1.67.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0.67

Route 150.1.55.55/32 gets redistributed into EIGRP and gets installed into the routing table.

Can someone explain why is this happening? I am guessing adding metric values (1 1 1 1 1) modifies the overall metric value and if anything, it should make it larger and closer to infinity.

Hi,

I have a 7k running 5.2(7) and I have a port on a M1 (08X2-12L) card configured as a L3 port. More, on this interface there are multiple subinterfaces connected to an ASR router. As this wouldn't have been enough, I'm trying to shape one of this interfaces to a given value. Apparently, you cannot apply a queuing policy-map type on a subinterface. 

Is anybody having any experience with how can this be achieved if at all? For the sake of argument let's consider that the ASR is beyond control and nothing can be configured to it.

Many thanks,

Gabriel

hi all

could you please tell me what command you use on the router to export traffic to wireshark ?

thanks,