Re: [c-nsp] ospf mtr

2014-12-13 Thread Mohammad Khalil 
Hi all
I was trying to test the MTR on OSPF topology , I made the configurations (the 
commands are in place) , but when configuring the policy-map type class-routing 
ipv4 unicast TOPOLOGY_POLICY command i got the error % can't provision policies 
of type 2 , I guess it's not supported on 7200 but I was wondering why the 
command is there while it's not supported

BR,
Mohammad

> Subject: Re: [c-nsp] ospf mtr
> From: luk...@bromirski.net
> Date: Fri, 12 Dec 2014 22:21:57 +0100
> CC: cisco-nsp@puck.nether.net
> To: eng_m...@hotmail.com
> 
> 
> > On 12 Dec 2014, at 21:56, Mohammad Khalil  wrote:
> > 
> > Hi all i am trying to configure osp mtr (multi-topology routing) 
> > When configuring the policy-map i get the error cant provision policies of 
> > type 2 any ideas
> 
> What's the exact thing you're trying to achieve and what's
> the exact error message you're getting?
> 
> For QoS with MTR enabled take a look here:
> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mtr/configuration/15-s/mtr-15-s-book/qos-mqc-support-mtr.html
> 
> -- 
> "There's no sense in being precise when |   Ɓukasz Bromirski
>  you don't know what you're talking |  jid:lbromir...@jabber.org
>  about."   John von Neumann |http://lukasz.bromirski.net
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Learning routes in global , but installing them into a VRF

2014-12-13 Thread Pavel Stefanov 
On IOS, you can use the "import ipv4 unicast map" under the VRF AFI 
definition to accomplishthis and on IOS XR it is "import from 
default-vrf route-policy".


On 13/12/2014 18:55, f287c...@opayq.com wrote:

Hello
Is it possible to learn routes via BGP in the global route table, but actually 
install them into another VRF?I can identify these routes with a community, but 
the 'set vrf' route-map is not supported as an in-bound route-map with BGP
What I'm really trying to do is harden some Cisco DMVPN branch routers.These 
routers have an I-BGP session up for Enterprise routes in the global route 
tableHowever, their Internet facing interface is in a separate 'Front Door' 
VRF.This isolates the Enterprise and Internet from each other.
For extra security, I'd like to send bogon and known 'bad' routes to the router 
over it's existing BGP connection But I want to install those routes into the 
Internet VRF.
Thanks in advanc
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Learning routes in global , but installing them into a VRF

2014-12-13 Thread f287cd76 

Hello
Is it possible to learn routes via BGP in the global route table, but actually 
install them into another VRF?I can identify these routes with a community, but 
the 'set vrf' route-map is not supported as an in-bound route-map with BGP
What I'm really trying to do is harden some Cisco DMVPN branch routers.These 
routers have an I-BGP session up for Enterprise routes in the global route 
tableHowever, their Internet facing interface is in a separate 'Front Door' 
VRF.This isolates the Enterprise and Internet from each other.
For extra security, I'd like to send bogon and known 'bad' routes to the router 
over it's existing BGP connection But I want to install those routes into the 
Internet VRF.
Thanks in advanc  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Weird ADSL bridging issue

2014-12-13 Thread chris 
Just an update for the archives. Karsten nailed it with the default route
pointing to the bvi. 20 hours later and no more weird mac addrs in arp.
Thanks everyone who replied

chris

On Fri, Dec 12, 2014 at 1:51 PM, Karsten Thomann 
wrote:
>
>  no proxy arp on your router has nothing to do with it, the proxy arp is
> done by the redback, you have to make sure that your route is not pointing
> to the bvi without next hop, and that there is a right default route from
> dhcp.
>
>
>
> Is there any configured static route in the configuration like "ip route
> 0.0.0.0 0.0.0.0 bvi1"?
>
>
>
> I don't have the exact command in mind, but there is a command at "show ip
> dhcp" or "show dhcp" where you can see what settings you got from the
> provider dhcp server.
>
>
>
> Am Freitag, 12. Dezember 2014, 13:34:00 schrieb chris:
>
> I added "no ip proxy-arp" under BVI1 and rebooted the router to clear all
> the entries in the arp table and right away as soon as the circuit came up
> and i logged in I'm still seeing the same random MAC's and alot of them
> even though its only up a few minutes.
>
>
> To keep email from getting too long I've posted debug info here:
> http://pastebin.com/AxMB3mw8
>
>
>
>
> On Fri, Dec 12, 2014 at 11:29 AM, Karsten Thomann <
> karsten_thom...@linfre.de> wrote:
>
> Hi Chris
>
> Is there any configured default route on the router?
> Is it possible to post output of sh ip route?
> This looks like a default route without next hop ip and proxy arp at the
> provider...
>
> Kind regards
> Karsten
>
> Gesendet von meinem BlackBerry
>   Originalnachricht
> Von: chris
> Gesendet: Freitag, 12. Dezember 2014 17:21
> An: cisco-nsp@pu ck.nether.net
> Betreff: [c-nsp] Weird ADSL bridging issue
>
> Hello,
>
> We have a small site we inherited that is still on ADSL on legacy sprint in
> the northeast.
> The ILEC is using aal5snap and we have a WIC-1ADSL with a physical ATM
> interface thats bridged to BVI1, and we get a dynamic WAN ip from the ILEC
> via DHCP on BVI1.
>
> the ADSL part of our config looks like this:
>
> *bridge irb*
> *!*
>
> *interface ATM0/0*
> * description DSL Layer2*
> * no ip address*
> * atm restart timer 300*
> * no atm ilmi-keepalive*
> * dsl operating-mode auto *
> * clock rate aal5 700*
> * clock rate aal2 700*
> * bridge-group 1*
> * bridge-group 1 spanning-disabled*
> * hold-queue 224 in*
> * pvc 8/35 *
> * encapsulation aal5snap*
> * !*
> *!*
>
> *interface BVI1*
> * ip address dhcp*
> * ip nat outside*
>
> I was looking internet into a report of weird internet issues and I found
> the arp table for BVI1 is full (several pages) of lots of random internet
> IP's with the same MAC address which isnt local to the router:
>
> *Protocol Address Age (min) Hardware Addr Type Interface*
> *Internet 17.110.228.155 26 0030.881b.f475 ARPA BVI1*
> *Internet 8.8.8.8 162 0030.881b.f475 ARPA BVI1*
> *Internet 23.3.13.24 25 0030.881b.f475 ARPA BVI1*
> *Internet 17.110.228.154 84 0030.881b.f475 ARPA BVI1*
> *Internet 74.209.254.102 24 0030.881b.f475 ARPA BVI1*
> *Internet 74.125.228.215 29 0030.881b.f475 ARPA BVI1*
> *Internet 173.194.121.18 29 0030.881b.f475 ARPA BVI1*
> *Internet 17.110.228.159 84 0030.881b.f475 ARPA BVI1*
> *Internet 69.172.216.55 24 0030.881b.f475 ARPA BVI1*
> *Internet 4.2.2.2 162 0030.881b.f475 ARPA BVI1*
> *Internet 31.13.69.80 25 0030.881b.f475 ARPA BVI1*
> *Internet 173.194.121.17 26 0030.881b.f475 ARPA BVI1*
> *Internet 17.110.224.152 36 0030.881b.f475 ARPA BVI1*
> *Internet 66.196.81.223 2 0030.881b.f475 ARPA BVI1*
> *Internet 74.125.228.219 21 0030.881b.f475 ARPA BVI1*
> *Internet 17.167.146.44 22 0030.881b.f475 ARPA BVI1*
> *Internet 173.194.121.30 26 0030.881b.f475 ARPA BVI1*
> *Internet 17.172.239.90 35 0030.881b.f475 ARPA BVI1*
> *Internet 74.122.189.133 97 0030.881b.f475 ARPA BVI1*
> *Internet 173.252.79.23 49 0030.881b.f475 ARPA BVI1*
> *Internet 17.173.255.74 144 0030.881b.f475 ARPA BVI1*
>
> Interestingly enough when I look up the OUI of that MAC I see Sierra
> Systems aka Redback which I happen to know is the DSLAM that the ILEC is
> using.
>
> Anyone seen anything like this? I am trying to figure out if its an issue
> with the bridging on the local router or telco misconfiguration.
>
> I rarely touch any ATM anymore so I'm scratching my head here but hoping
> something obvious might stand out to someone.
>
> TIA,
> chris
>
> ___
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Unable to create BFD session on C6500

2014-12-13 Thread Marco Marzetti 

On 12/12/2014 18:00, Murat Kaipov wrote:

Hello Marco.
Now I don't have any idea. But in my opinion there is issue on me3600. I 
haven't any proof, but it is just my experience with ME series switches. If you 
can, check this theory. Connect gi2/7 on cat6500 to another box and try setup 
ospf with bfd in some another ospf process. You can do it for me3600 too.
Thank you. I really have no other idea.
Murat



Hello,

Thanks to Andrew Koch, I've finally managed to bring the session up.

On C6500_1 there was an overlapping subnet configured on an interface 
that has been shut down months ago.t


Gi2/71 0   192.0.2.174/30 10P2P   1/1
Gi3/11   1 0   192.0.2.173/30 10DOWN  0/0

That was enough to break the BFD stack.

Thank you for your help.

Marco
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/