Hi Bob Thanks for replying, raised a call with Verizon and it turns out a problem with them ceasing the circuit when we're paying for it, great eh?
We have hsrp configured for the vpns on lan interfaces between two routers anyway as you would I guess..... What's strange is int fa0/0/0 was up/up but no arp, we're using dot1q encapsulation then bgp peering across 5 sub interfaces all separate vrfs, core is mpls vpns Syslog suggested md5 bad auths before the down notifications on all the peerings the 2951 is connected to a Verizon NTE hence why it was up/up I guess? PS I guess physical would be up and subs were down expected behaviour sorry to bore you guys! -- BR Tony Sent from my iPad On 7 Jun 2012, at 19:05, Bob McCouch <[email protected]> wrote: > Assuming it's truly Ethernet between the routers and you're peering to the > connected interface, you should see ARP. If the TCP option for MD5 (Option > 19) is rejected, that means you're getting a message back from the other end > which means a L2 frame, which means ARP should be populated. > > Or you should be able to ping the IP of the other end of the link. Even if > it's filtering ICMP, it *must* respond to the ARP request (unless you're in a > CCIE lab and you're using a VACL to block ARP or something ridiculous like > that). > > If you're not getting ARP over an Ethernet interface for the connected peer, > you have a layer 2 problem. > > On Thu, Jun 7, 2012 at 8:22 AM, Tony Singh <[email protected]> wrote: > Guys > > PE>CE > > Just a question but got a scenario here at work where bgp peerings have > failed right after loads of md5 bad auth messages in syslog, do we expect > any arp entries on that interface if this happens, or is the security on > the tcp session terminated if we have set password either end and it's not > matching on one end, hence arp will not show anything. > > Sorry cannot cut and paste and configs, in fear of losing my job ;) > > debug shows open failed: Connection timed out; remote host not responding > on CE > > > Im raising a ticket with the ISP anyway but need to understand about the > arp/tcp md5 bit > > thanks in advance > > Tony > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
