date:20080804

[j-nsp] SSG XAUTH

2008-08-04 Thread Sven Juergensen (KielNET)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dear list,

is it possible to seperate the
auth and settings done through
XAUTH? I'm trying to authenticate
against an LDAP-Server but want
to assign the IP-settings for the
client from local definitions.

Thanks and regards,

Mit freundlichen Gruessen

i. A. Sven Juergensen

- --
Fachbereich
Netze/Projekte

KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel

Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail  : [EMAIL PROTECTED]
Internet: http://www.kielnet.de

Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiWrsQACgkQnEU7erAt4TKuTwCgv80KMZPjNrjE9Vdeee5rV//V
DrEAoKrA+KJ5kvWEIFXcJziuApt6juE9
=VtSw
-END PGP SIGNATURE-
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VPLS LM Status?

2008-08-04 Thread Marlon Duksa

ok. Thanks a bunch. This makes sense. I'll test it today.


On Mon, Aug 4, 2008 at 1:30 AM, Krasimir Avramski [EMAIL PROTECTED] wrote:

 Hello,

 Only one pseudowire is setup between PEs of a VPLS domain.

 There are already pseudowires 1-2 and 1-3, so site ID 1 is minimum
 designated in PE for this VPLS domain. At the forwarding plain you should
 not have any problems in communication between interfaces in site 4 to
 local
 interfaces in site 1 and remote site IDs 2 and 3.
 LM, RM states are not considered errors, that is more information for the
 pseudowire selection.

 Think of a site (VE) as a selection of PE-CE interfaces (local
 mesh-group)
 for a vpls domain.

 Also when configuring multihoming specify the site preferences in order PEs
 to solve collisions and choose single forwarder.


 Regards,
 Krasi

  -Original Message-
  From: [EMAIL PROTECTED] [mailto:juniper-nsp-
  [EMAIL PROTECTED] On Behalf Of Marlon Duksa
  Sent: Monday, August 04, 2008 1:16 AM
  To: juniper-nsp@puck.nether.net
  Subject: [j-nsp] VPLS LM Status?
 
  Does anyone know why would I get the LM status (local site ID not minimum
  designated) on my VPLS connection.
  I have two sites configured on a single PE in the same VPLS.
  One site is coming up just fine, but the other is not.
 
  The remote side for the 'not up' connection is complaining with the RM
  status (remote site ID not minimum designated).
 
  What does this 'ID not minimun designated' mean?
  My sites ID are unique withing the VPLS and within the range that is
  defined
  for the site-range.
 
  This is the config on my local router:
 
  [EMAIL PROTECTED] show routing-instances
  vpls {
  instance-type vpls;
  interface ge-0/1/1.0;
  interface ge-8/2/0.0;
  interface ge-5/3/4.0;
  route-distinguisher 100:100;
  vrf-target target:200:200;
  protocols {
  vpls {
  site-range 10;
  no-tunnel-services;
  site green {
  site-identifier 1;
  interface ge-0/1/1.0;
  interface ge-8/2/0.0;
  }
  site multi {
  site-identifier 4;
  interface ge-5/3/4.0;
  }
  }
  }
  }
 
 
 
 
  And this is the status:
 
  [EMAIL PROTECTED] run show vpls connections
  Layer-2 VPN connections:
 
  Legend for connection status (St)
  EI -- encapsulation invalid  NC -- interface encapsulation not
  CCC/TCC/VPLS
  EM -- encapsulation mismatch WE -- interface and instance encaps not
  same
  VC-Dn -- Virtual circuit downNP -- interface hardware not present
  CM -- control-word mismatch  - -- only outbound connection is up
  CN -- circuit not provisioned- -- only inbound connection is up
  OR -- out of range   Up -- operational
  OL -- no outgoing label  Dn -- down
  LD -- local site signaled down   CF -- call admission control failure
  RD -- remote site signaled down  SC -- local and remote site ID collision
  LN -- local site not designated  LM -- local site ID not minimum
  designated
  RN -- remote site not designated RM -- remote site ID not minimum
  designated
  XX -- unknown connection status  IL -- no incoming label
  MM -- MTU mismatch   MI -- Mesh-Group ID not availble
 
  Legend for interface status
  Up -- operational
  Dn -- down
 
  Instance: vpls
Local site: green (1)
  connection-site   Type  St Time last up  # Up
  trans
  2 rmt   Up Aug  3 22:02:16 2008
  1
Local interface: lsi.1048578, Status: Up, Encapsulation: VPLS
  Description: Intf - vpls vpls local site 1 remote site 2
Remote PE: 2.2.2.2, Negotiated control-word: No
Incoming label: 262154, Outgoing label: 800032
  3 rmt   Up Aug  3 22:02:16 2008
  1
Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
  Description: Intf - vpls vpls local site 1 remote site 3
Remote PE: 3.3.3.3, Negotiated control-word: No
Incoming label: 262155, Outgoing label: 800024
Local site: multi (4)
  connection-site   Type  St Time last up  # Up
  trans
  2 rmt   LM
  3 rmt   LM
 
 
  Thanks,
  Marlon
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Debugging SONET (OC-3) errors

2008-08-04 Thread Chris Adams

I have an OC-3 (POS running PPP) between two POPs (an M10i at each end)
getting errors, and this is the first time I've had to debug errors on a
SONET link.

I am seeing BIP-B3 and REI-P incrementing in spurts on the Z end (e.g.
99 BIP-B3 and 45 REI-P, both showing 2 seconds), as well as ES-P and
ES-PFE matching the seconds (2 in since I cleared the counters).  No
other error counters are incrementing (no section or line errors at
all).  I have seen some errors at the A end as well, but not as many or
as often.

When I get a spurt of errors, both ends will show an interface flap (at
least most of the time; I'm not sure this is 100% of the time or not).

Reading various docs, this means there is a problem somewhere between
telco devices with the transmission from the Z end to the A end.  Is
that correct?

I opened a telco ticket, but they pretty much blew it off.  I know
little about SONET so I am having trouble telling them what to check.
I'd like to avoid intrusive testing if possible (since this is a major
circuit for us).

Part of the problem is that this circuit goes through 7 (yes 7!)
different carriers, and I am not sure that the telco that owns the whole
thing is looking at anything other than the loop on the Z end (the only
piece they actually own).

Any suggestions?
-- 
Chris Adams [EMAIL PROTECTED]
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] VPLS LM Status?

2008-08-04 Thread Marlon Duksa

It works. Thanks.
Can you please elaborate a bit more  what do you mean by local mesh-groups?
I tried to forward learned traffic as well as flooded from interfaces
between local sites and interfaces within local sites...traffic was flowing
in any case.
Are those mesh groups supposed to supress some traffic? Not quite sure what
is the purpose of multiple local sites? If I have many interfaces in a
single site, wouldn't that work as well?
Thanks,
marlon


On Mon, Aug 4, 2008 at 1:30 AM, Krasimir Avramski [EMAIL PROTECTED] wrote:

 Hello,

 Only one pseudowire is setup between PEs of a VPLS domain.

 There are already pseudowires 1-2 and 1-3, so site ID 1 is minimum
 designated in PE for this VPLS domain. At the forwarding plain you should
 not have any problems in communication between interfaces in site 4 to
 local
 interfaces in site 1 and remote site IDs 2 and 3.
 LM, RM states are not considered errors, that is more information for the
 pseudowire selection.

 Think of a site (VE) as a selection of PE-CE interfaces (local
 mesh-group)
 for a vpls domain.

 Also when configuring multihoming specify the site preferences in order PEs
 to solve collisions and choose single forwarder.


 Regards,
 Krasi

  -Original Message-
  From: [EMAIL PROTECTED] [mailto:juniper-nsp-
  [EMAIL PROTECTED] On Behalf Of Marlon Duksa
  Sent: Monday, August 04, 2008 1:16 AM
  To: juniper-nsp@puck.nether.net
  Subject: [j-nsp] VPLS LM Status?
 
  Does anyone know why would I get the LM status (local site ID not minimum
  designated) on my VPLS connection.
  I have two sites configured on a single PE in the same VPLS.
  One site is coming up just fine, but the other is not.
 
  The remote side for the 'not up' connection is complaining with the RM
  status (remote site ID not minimum designated).
 
  What does this 'ID not minimun designated' mean?
  My sites ID are unique withing the VPLS and within the range that is
  defined
  for the site-range.
 
  This is the config on my local router:
 
  [EMAIL PROTECTED] show routing-instances
  vpls {
  instance-type vpls;
  interface ge-0/1/1.0;
  interface ge-8/2/0.0;
  interface ge-5/3/4.0;
  route-distinguisher 100:100;
  vrf-target target:200:200;
  protocols {
  vpls {
  site-range 10;
  no-tunnel-services;
  site green {
  site-identifier 1;
  interface ge-0/1/1.0;
  interface ge-8/2/0.0;
  }
  site multi {
  site-identifier 4;
  interface ge-5/3/4.0;
  }
  }
  }
  }
 
 
 
 
  And this is the status:
 
  [EMAIL PROTECTED] run show vpls connections
  Layer-2 VPN connections:
 
  Legend for connection status (St)
  EI -- encapsulation invalid  NC -- interface encapsulation not
  CCC/TCC/VPLS
  EM -- encapsulation mismatch WE -- interface and instance encaps not
  same
  VC-Dn -- Virtual circuit downNP -- interface hardware not present
  CM -- control-word mismatch  - -- only outbound connection is up
  CN -- circuit not provisioned- -- only inbound connection is up
  OR -- out of range   Up -- operational
  OL -- no outgoing label  Dn -- down
  LD -- local site signaled down   CF -- call admission control failure
  RD -- remote site signaled down  SC -- local and remote site ID collision
  LN -- local site not designated  LM -- local site ID not minimum
  designated
  RN -- remote site not designated RM -- remote site ID not minimum
  designated
  XX -- unknown connection status  IL -- no incoming label
  MM -- MTU mismatch   MI -- Mesh-Group ID not availble
 
  Legend for interface status
  Up -- operational
  Dn -- down
 
  Instance: vpls
Local site: green (1)
  connection-site   Type  St Time last up  # Up
  trans
  2 rmt   Up Aug  3 22:02:16 2008
  1
Local interface: lsi.1048578, Status: Up, Encapsulation: VPLS
  Description: Intf - vpls vpls local site 1 remote site 2
Remote PE: 2.2.2.2, Negotiated control-word: No
Incoming label: 262154, Outgoing label: 800032
  3 rmt   Up Aug  3 22:02:16 2008
  1
Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
  Description: Intf - vpls vpls local site 1 remote site 3
Remote PE: 3.3.3.3, Negotiated control-word: No
Incoming label: 262155, Outgoing label: 800024
Local site: multi (4)
  connection-site   Type  St Time last up  # Up
  trans
  2 rmt   LM
  3 rmt   LM
 
 
  Thanks,
  Marlon
  ___
  juniper-nsp mailing list juniper-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/juniper-nsp


___
juniper-nsp mailing list

[j-nsp] SSG XAUTH

Re: [j-nsp] VPLS LM Status?

[j-nsp] Debugging SONET (OC-3) errors

Re: [j-nsp] VPLS LM Status?

4 matches

Site Navigation

Mail list logo

Footer information