INE Solution:
R5:
router ospf 1
area 3 nssa default-information-originate
area 3 default-cost 500
Alternate config:
R5:
router ospf 1
area 3 nssa default-information-originate metric 500
INE Solution:
R5:
router ospf 1
area 3 nssa default-information-originate
area 3 default-cost 500
Alternate config:
R5:
router ospf 1
area 3 nssa default-information-originate metric 500
dear all
i have problem with port forward i make port forward on router to server put in default getway on server i add gatway load balance for distributed switch i can not acccess this server
Hi,
I passed my CCIE and I have a lot of rack tokens that i do not need any more if anyone is interested just pm me
i have 3000 tokens, 1000 tokens for 600 USD
Regards
/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}I will be out of the office beginning 4/20/15 returning on 4/21/15. During this time I will not have phone or email access. Please utilize the CNOS project DL (Agency-DL-CSO-NICS-Projects-CNOS) for any CNOS required support. In addition, please contact the Tony Stewart (CNOC) at 256-544-4400 for any CNOC LAN (Wireless, Wired or VPN) support questions/concerns.
Can anyone help with why wrapper-linux does not work? I cant work it out :o(
I can run the IOU image, it works fine, but wrapper doesnt...
user@debian32:~$ ./wrapper-linux -m i86bi-linux-l3-adventerprisek9-15.2.2.15T.bin -p 2222
Waiting on port 2222 ...
Process Id for child is 3209, parent is 3208
Unable to run router: No such file or directory
IOU 3209 exit
Hello guys
Do you know any option to save configurations on CCIE collaboration rack?, when i say saving configurations, I mean saving the current status of all Unified Servers to use it later without starting from scratch every rack session. Anybody knows a solution?
Thanks in advance
Hector
I'm working on ASA NAT. I have ASA connected to 3 different devices by internal, dmz and outside interfaces. I want to configure ASA so if a router resides in the outside connects to ASA's external port with destination port 4444, ASA forwards it to internal router with destination port 23. my config is as follows:
nat (dmz,outside) source static R4_ETHERNET interface service R4_TELNET_23 TELNET_R4_PUBLIC
!
object network R4_ETHERNET
host 14.14.14.4
object network R1_ETHERNET
host 1.1.1.11 ------> IP address of R1
object service R4_TELNET_23
service tcp source eq telnet
object service TELNET_R4_PUBLIC
service tcp source eq 4444
ciscoasa(config)# sh inter ip br
Interface IP-Address
GigabitEthernet0 1.1.1.254
GigabitEthernet1 12.12.12.254
GigabitEthernet2 14.14.14.254
but there is no hit on the NAT rule. any idea?
I had being trying to connect my physical switches (4x3560 catalysts) using a break-out switch (4948) to the CSR 1000v instances on vmware without any success.
I had successfully on previous occasions connected GNS3 running on CentOS to physical switches via a breakout switch.
FOllowing is my setup:
on break_out switch: connecting to the VM_Host
interface GigabitEthernet1/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 101-104
switchport mode trunk
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
break_sw (g1/1) connected to physical SW_1 (fa0/1)
interface GigabitEthernet1/1
description R1 > SW1
switchport access vlan 101
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree portfast
end
Port g1/24 of break_SW is connected to eth0 of VM_Host, i create a virtual port group on the vmhost, set vlan_id as 101, assign this vm_net to the csr_1000v(R1) g3
create a dot1q interface on the router:
int g3.300
encap dot1q 300
ip addr 100.0.0.1 255.255.255.0
go to physical switch SW1
create vlan 300
enable trunking on fa0/1
int fa0/1
sw trunk encap dot
sw mode trunk
sw trunk allowed vlan 300
int vlan 300
ip addr 100.0.0.11 255.255.255.0
Did all these steps, i go to CSR1000v (R1) and tried to ping vlan300 interface of physical switch (SW1) with no luck, I do not see any arp on router no mac addr on vlan 300 on the physical switch.
But i can see cdp from both devices (R1) and SW1.
Am i missing a step? I suppose the issue lies on VM host? Is it even possible to use VMhost this way to connect to a break switch and tunnel vlans?
appreciate any help on this.
thanks
Ahmed.
Hi everyone I'm trying to understand how Cisco plans the CCIE security questions.
I mean if we are working with static object nat for example and we have a dmvpn hub behind that nat what's would be the right answer? to change the spokes server ip to the one we nat? or to create a twice nat so we can bypass that nat rule only for the hub?
both are valid configurations and the solution will work right? (this apply only if we don't have an output image or something that points to the right solution)
how can we be sure that the solution is the answer expected?
I can give a couple of examples about it if this one is not clear.
any ideas?
regards.
Conesh.
Hello all,
Per Cisco:
The sum of all bandwidth allocation on an interface cannot exceed 75 percent of the total available interface bandwidth. The remaining 25 percent is used for other overhead, including Layer 2 overhead, routing traffic, and best-effort traffic. Bandwidth for the CBWFQ class-default class, for instance, is taken from the remaining 25 percent. However, under aggressive circumstances in which you want to configure more than 75 percent of the interface bandwidth to classes, you can override the 75 percent maximum sum allocated to all classes or flows. If you want to override the default 75 percent, exercise caution and ensure that you allow enough remaining bandwidth to support best-effort and control traffic, and Layer 2 overhead.
So if I understand this correctly what they are saying is that the class-default class map handles any other traffic that you do not specifically put in your custom class maps (besides control traffic and L2 overhead). My questions:
Can someone please tell me if I misunderstood Cisco's statement above? I personally see an issue with this architecture and honestly I always thought the 25% of reserved bandwidth was for control traffic only but under some unconfigurable class map and that the class-default class map used bandwidth from the remaining 75% just like all other custom class maps.
Thanks in advance
Hello Team,
Sometimes I get lost with the way UCS permits the creation of Port Channels.
This is related with UCS Manager version 2.1(3e).
In the LAN Tab, we can create Ethernet Port-Channels.
In the LAN Uplinks Manager, we can create Ethernet Port-Channels.
So far, so good.
In the SAN Tab, we can create FC Port-Channels and FCoE Port-Channels.
But in the SAN Uplinks Manager, I’m only able to create FC Port-Channels. Am I missing something here ?
Another question:
Is it possible to aggregate two or more Unified Ports ? It’s seems we can either do Ethernet Port-Channeling or FCoE Port-Channeling. I don’t understand why this is not available. This kind of interfaces appear as both Ethernet Uplinks in the LAN Tab and FCoE Uplinks in the SAN Tab.
Some pointers would be great.
Thanks.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
amsoares@netcabo.pt
Dears,
I am trying to configure a very basic example on EzVPN remote using R1 as EzVPN Server and R2 as EzVPN remote but using DVTI interface on both.
My issue is that both pings from e0/0 and lo0 from R2 to 150.1.1.1 are using the VPN received IP address.
Here is my setup:
[Lo0]R1[E0/0]----[E0/0]R2[Lo0]
External subnet is 192.168.1.0/24 where 1.1 and 1.2 are IP addresses on R1 and R2 respectively. Moreover, loopback interfaces are 150.1.1.1/24 and 150.1.2.2 on R1 and R2 respectively.
Here are my configs:
R1:
aaa new-model
!
aaa authentication login default none
aaa authentication login authc local
aaa authorization network authz local
!
ip local pool pool 192.1.1.1 192.1.1.10
access-list 101 permit ip host 150.1.1.1 host 150.1.2.2
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group ezvpn
key cisco
pool pool
acl 101
save-password
crypto isakmp profile myprof
match identity group ezvpn
client authentication list authc
isakmp authorization list authz
client configuration address respond
client configuration group ezvpn
virtual-template 1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
crypto ipsec profile myprof
set transform-set myset
set isakmp-profile myprof
!
int e0/0
ip address 192.168.1.1 255.255.255.0
int lo0
ip add 150.1.1.1 255.255.255.0
interface Virtual-Template1 type tunnel
ip unnumbered Ethernet0/0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile myprof
ip route 0.0.0.0 0.0.0.0 192.168.1.2
R2:
crypto ipsec client ezvpn ezvpn
connect auto
group ezvpn key cisco
mode client
peer 192.168.1.1
virtual-interface 2
username cisco password cisco
xauth userid mode local
int lo0
ip address 150.1.2.2 255.255.255.0
crypto ipsec client ezvpn ezvpn inside
int e0/0
ip address 192.168.1.2 255.255.255.0
crypto ipsec client ezvpn ezvpn
interface Virtual-Template2 type tunnel
ip unnumbered Loopback0
ip route 0.0.0.0 0.0.0.0 192.168.1.1
My issue is that with the above config when i ping 150.1.1.1 from R2 e0/0 and lo0, i can see that it is using the IP address received by the vpn. However, if i remove the command virtual-interface 2 from my crypto ipsec client ezvpn ezvpn config, only ping from R2's lo0 will be using the vpn received address.
R2(config-if)#do ping 150.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms
R2(config-if)#
R1(config)#
*Apr 21 22:46:19.211: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.216: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.221: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.225: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
*Apr 21 22:46:19.230: ICMP: echo reply sent, src 150.1.1.1, dst 192.1.1.7, topology BASE, dscp 0 topoid 0
R1(config)#
Can someone assist me in the above issue?
Anyone have an opinion on whether the new VCP Network Virtualization would help build a foundation for the CCIE DC? I know it doesn't directly relate but it would be interesting to have the knowledge going in on how VMWare treats things like VXLAN.
Until the end of February, you can take the exam and earn the certification without taking a class as long as you have your CCNA or CCNP in RS or DC.
May I know/have link to learn "How to Upgrade FCoE License on 5548UP"
thanks buddies..
I saw that Ospf, when we issue the prefix-suppression command within an NSSA area where an external prefix has been redistributed, in addition to hide the FA address, it clears the P-bit disallowing the translation of the type 7 Lsa.
This means that even though we try to issue on the ABR the "area xyz nssa translate type 7 suppress-fa" command or nssa translate always, we cannot recurse anyway to the ABR since the translation is blocked because of the P-bit clearing.
For me this mechanism is a little bit inefficient from a path preservation point of view because the ABR knows every detail of the NSSA area and it can reach the ASBR that is originating the prefix. It just cannot translate it.
So im wondering why this is needed ? There should be maybe some particular caveat behind this design choice?
This class marks the kickoff of INE’s CCIE SPv4 product line for the New CCIE Service Provider Version 4 Blueprint, which goes live May 22nd 2015! In this class we’ll cover the v3 to v4 changes, including exam format changes and topic adds and removes, recommended readings and resources, INE’s new CCIE SPv4 hardware specification and CCIE SPv4 Workbook, and the schedule for INE’s upcoming CCIE Service Provider Version 4 Advanced Technologies Class. Class runs tomorrow, Tuesday April 14th at 09:00 PDT (16:00 UTC), and is free to attend. Simply sign up for an INE Members account or visit this direct link for the class.
Hi Forum.
My Toplogy:
<---------------(EIGRP AS202)---------------->
SPOKE1 -> 130.1.51.0 /24 -> SPOKE2 -> HUB1
I created 100.100.100.0/24 for my tunnel interfaces. So traffic to and from this network will get encrypted.I want to encrypt the 130.1.51.0 /24 network as well (learned via EIGRP process). It dosent work if I make a static route on the HUB1 that points the network to go throug tunnel interface. How can I solve this one?
My Config:
HUB:
!
crypto isakmp policy 1
authentication pre-share
hash md5
group 2
encryption 3des
!
crypto isakmp key CISCO address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
interface Tunnel0
ip address 100.100.100.1 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
tunnel source fa0/0.17
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
!
Spoke:
!
crypto isakmp policy 1
authentication pre-share
hash md5
group 2
encryption 3des
!
crypto isakmp key CISCO address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
interface Tunnel0
ip address 100.100.100.2 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map 100.100.100.1 130.1.76.7
ip nhrp map multicast 130.1.76.7
ip nhrp network-id 99
ip nhrp nhs 100.100.100.1
tunnel source Gi0/0.17
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
!
Spoke:
crypto isakmp policy 1
authentication pre-share
hash md5
group 2
encryption 3des
!
crypto isakmp key CISCO address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
interface Tunnel0
ip address 100.100.100.3 255.255.255.0
ip nhrp authentication CISCO
ip nhrp map 100.100.100.1 130.1.76.7
ip nhrp map multicast 130.1.76.7
ip nhrp network-id 99
ip nhrp nhs 100.100.100.1
tunnel source Gi0/0.17
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
!
Hi,
i have 1496 INE rack tokens that i need no longer.
If anyone is interested (all of them or just some) please let me know and we´d arrange a price.
I have question about test environment:
a. Is there puttyConnection manager ?
b. Is the PC running Win7 or Win XP ?
Prefer Win7 since it has "highlight" feature which will compansate lack of puttyConnection Manager.
c. Do we get few regular papers or 1 whiteboard paper ?
Andi