Re[2]: Frame-relay HSRP [7:72166]
Thanks Salvatore. As a resolution, is it only to change the configuration from main-interface to sub-interface p2p$B!)(B If it is only sub-interface p2p, when and how should I use main-interface frame-relay configuration ? Don't you usually use main-interface frame-relay configuration ? Is there any solution by using current(main-interface) configuration to resolve my problem ? If there's something good to see, please let me know the URL or book. Thanks. On Sat, 12 Jul 2003 02:58:51 GMT Salvatore De Luca wrote: nobody When you have a FR connection, you have a dedicated circuit to your provider nobody which then on taps into the frame cloud. So consider it alomost like a nobody point-to-point link to your local Carrier and then from there you connect nobody within the providers Frame Switch into their Frame Relay cloud. Now, when nobody you shutdown R1's Wan interface your HSRP failed over fine. The reason that nobody R3 was showing Up Up was that your circuit to your carrier from R3 did not nobody go down and it stil exhanges LMI with R3's Physical interface, your PVC nobody should have been showing INACTIVE at this point though. I would recommend nobody using point-to-point subinterfaces on your FR WAN connections. When you do nobody this and then shut down one end of the link the line protocol on the nobody sub-interface of R3 would go UP DOWN and if you then track the nobody SUB-Interface, you should have a successful failover for the Standby Track nobody command on R3. Currently, you have outboud traffic going out R2 ---R4 and nobody return traffic going to the Active HSRP router R3 then dropping packets nobody because your PVC is INACTIVE and you are in an UP UP state.. nobody nobody You have successfully achieved Asymetrical routing.. :( nobody nobody Until your Interface Line protocol Drops in an UP DOWN state on R3's WAN nobody interface.. then Standby Interface tracking wont do anything.. nobody nobody nobody Masaru Umetsu wrote: nobody nobody Dear all nobody nobody I have a question about frame-relay. Network Diagram is below. nobody nobody R1* * *R3 nobody | * FR * | nobody R2* * *R4 nobody nobody I configured a HSRP between R1 and R2, R3 and R4. nobody R1,R3 are Active router.(R2,R4 are Standby router) nobody And I configured standby track in a Wan side of R1,R3. nobody nobody When I disabled(shutdown the interface) the serial0/0 of R1 , nobody then R2 became Active router. It's ok. nobody But R3 didn't detect a down of Wan side,so serial0/0 of R3 is nobody up-up. nobody Therefore,I can't send a data between R2 and R4. nobody Regarding Frame-relay configuration, I configured frame-relay in nobody main-interface. Is it a mechanism of Frame-relay in nobody main-interface ? nobody I don't know in detail. Should I use sub-interface nobody point-2-point nobody definition in frame-relay to use HSRP standby track ? Please nobody explain me nobody about this problem. nobody nobody nobody nobody nobody nobody Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72171t=72166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame-relay HSRP [7:72166]
Dear all I have a question about frame-relay. Network Diagram is below. R1* * *R3 | * FR * | R2* * *R4 I configured a HSRP between R1 and R2, R3 and R4. R1,R3 are Active router.(R2,R4 are Standby router) And I configured standby track in a Wan side of R1,R3. When I disabled(shutdown the interface) the serial0/0 of R1 , then R2 became Active router. It's ok. But R3 didn't detect a down of Wan side,so serial0/0 of R3 is up-up. Therefore,I can't send a data between R2 and R4. Regarding Frame-relay configuration, I configured frame-relay in main-interface. Is it a mechanism of Frame-relay in main-interface ? I don't know in detail. Should I use sub-interface point-2-point definition in frame-relay to use HSRP standby track ? Please explain me about this problem. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72166t=72166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re[2]: NAT order of operation [7:64037]
Thanks. symon. Would anybody answer my question titled 'NAT definition' ? (I sent it to this ML in 25 Feb.) regards. On Sat, 1 Mar 2003 08:44:08 - Symon Thurlow wrote: I had a look at the link, and this is the flow for inside-outside: If IPSec then check input access list decryption - for CET (Cisco Encryption Technology) or IPSec check input access list check input rate limits input accounting policy routing routing redirect to web cache NAT inside to outside (local to global translation) crypto (check map and mark for encryption) check output access list inspect (Context-based Access Control (CBAC)) TCP intercept encryption It makes sense to me to route first and NAT later, because until the router has performed the routing function, it can't know what interface to send the packet out. Once it knows the interface to send the packet out, it will know if NAT is required or not, and no further routing decisions are required. For outside-inside, this is the flow: If IPSec then check input access list decryption - for CET or IPSec check input access list check input rate limits input accounting NAT outside to inside (global to local translation) policy routing routing redirect to web cache crypto (check map and mark for encryption) check output access list inspect CBAC TCP intercept Encryption The router must perform NAT first, so that it will know the real destination address, and then it can make a routing decision based on the real destination address. So a very simplified (some detail left out) example would be a simple NAT to the internet for internal traffic such as this: Internal_PC(192.168.1.100)--(192.168.1.1 int e0)Router(int e1 217.217.217.217)--Internet Lets say that the router is performing NAT on all outbound traffic so that it appears to come from IP address 217.217.217.217. Lets pretend the PC is sending an HTTP request to a website (and that it has already performed a DNS lookup etc). 1.The PC will send an HTTP request for the website address (1.2.3.4). 2.The HTTP packet will be received by the router on INT e0. 3.The router will look at the destination address of the packet, realise that it is not on the local subnet, so it will look in it's routing tables for where to send the packet. 4.In our example the router will only have one route, which is a default to the Internet. 5.The router will therefore send the packet out it's INT e1 interface, but it will change the source address to be 217.217.217.217. This is the route first then NAT behaviour in your original question. Lets say that things are good today so the HTTP request made it to the web server, and the reply is coming back. 1.The router will receive the packet on it's external interface (INT e1) with a destination address of 217.217.217.217. 2.The router will realise that this is return traffic for the request that came out, so will NAT the packet back, changing the destination address back to 182.168.1.100, then look in it's routing tables to see where to send the packet. 3.It will realise that 192.168.1.100 is directly connected, so it will transmit the packet out it's INT e0 interface. I know I have simplified the process a lot and left some detail out, but that should explain why the flows are different depending on which way the traffic is going. Cheers, Symon -Original Message- From: Masaru Umetsu [mailto:[EMAIL PROTECTED] Sent: 28 February 2003 01:16 To: [EMAIL PROTECTED] Subject: NAT order of operation [7:64037] Regading NAT order of operaion,I looked the URL below. http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a 0080133ddd.shtml routing $B-(B NAT inside to outside(local to global) NAT outside to inside(global to local) $B-(B routing I don't understand the flow of above. Please teach me the meaning of above easily by using example. :-) = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = -- Masaru Umetsu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64145t=64037 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT order of operation [7:64037]
Regading NAT order of operaion,I looked the URL below. http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml routing $B-(B NAT inside to outside(local to global) NAT outside to inside(global to local) $B-(B routing I don't understand the flow of above. Please teach me the meaning of above easily by using example. :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64037t=64037 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Recertification Exam [7:63932]
I have to take a exam of CCNP Recertification in this year. If you know the book to study for CCNP Recertification, please give me an advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63932t=63932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Workbook for CCIE Lab [7:63822]
Regarding a workbook(ex$B!'(BCertificationZone.com) for CCIE Lab, is it good for CCIE Lab? Is it valuable to buy ? If there is another to recommend to buy , please tell me ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63822t=63822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT definition [7:63624]
R1---WAN-R2 || PC1 PC2 PC1:10.1.1.1/24 PC2:152.1.1.1/24 ip nat inside source static 10.1.1.1 195.1.1.1 ! int e0 ip add 10.1.1.2 255.255.255.0 ip nat inside ! int s0 ip add 195.1.1.2 255.255.255.0 ip nat outside ! ip route 152.1.1.0 255.255.255.0 Serial0 int e0 ip add 152.1.1.254 255.255.255.0 ! int s0 ip add 195.1.1.3 255.255.255.0 ! ip route 10.1.1.0 255.255.255.0 Serial0 When I configured ip nat outside in e0 and ip nat inside in s0 above configuration, how should I configure the ip nat definition ? For example, I configured below. But it failed. ip nat outside source static 10.1.1.1 195.1.1.1 I don't understand how to configure 'ip nat inside' and 'ip nat outside','ip nat inside/ouside source static x.x.x.x y.y.y.y'. Please tell me easily ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63624t=63624 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GRE tunneling in multicast [7:63655]
Because I use multicast,I'm considering to use GRE tunneling. The equipments are all cisco. Network diagram is like below. Multicast-R1-passport--LL--passport-R2-LAN-R3--FR--R4--LL--R5--Client Server GRE tunneling LL:leased line Passport:Nortel Passport Do I have to need configuring GRE tunneling only between R1 and R2? Or should I configure GRE tunneling between R2 and R5 ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63655t=63655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VTP Domain Name
Please tell me how to clear the vtp domain name in Catalyst 2924! Vtp domain name isn't set anything first.Then I configured it to Cisco but, I want to back to the initial. I did 'write erase', but vtp domain name wasn't cleared. _/_/_/_/_/__/_/_/_/_/_/_/_/_/_/ Masaru Umetsu E-mail:[EMAIL PROTECTED] _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Where there's a will, there's a way. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]