[j-nsp] SSG XAUTH
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear list, is it possible to seperate the auth and settings done through XAUTH? I'm trying to authenticate against an LDAP-Server but want to assign the IP-settings for the client from local definitions. Thanks and regards, Mit freundlichen Gruessen i. A. Sven Juergensen - -- Fachbereich Netze/Projekte KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiWrsQACgkQnEU7erAt4TKuTwCgv80KMZPjNrjE9Vdeee5rV//V DrEAoKrA+KJ5kvWEIFXcJziuApt6juE9 =VtSw -END PGP SIGNATURE- ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS LM Status?
ok. Thanks a bunch. This makes sense. I'll test it today. On Mon, Aug 4, 2008 at 1:30 AM, Krasimir Avramski [EMAIL PROTECTED] wrote: Hello, Only one pseudowire is setup between PEs of a VPLS domain. There are already pseudowires 1-2 and 1-3, so site ID 1 is minimum designated in PE for this VPLS domain. At the forwarding plain you should not have any problems in communication between interfaces in site 4 to local interfaces in site 1 and remote site IDs 2 and 3. LM, RM states are not considered errors, that is more information for the pseudowire selection. Think of a site (VE) as a selection of PE-CE interfaces (local mesh-group) for a vpls domain. Also when configuring multihoming specify the site preferences in order PEs to solve collisions and choose single forwarder. Regards, Krasi -Original Message- From: [EMAIL PROTECTED] [mailto:juniper-nsp- [EMAIL PROTECTED] On Behalf Of Marlon Duksa Sent: Monday, August 04, 2008 1:16 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] VPLS LM Status? Does anyone know why would I get the LM status (local site ID not minimum designated) on my VPLS connection. I have two sites configured on a single PE in the same VPLS. One site is coming up just fine, but the other is not. The remote side for the 'not up' connection is complaining with the RM status (remote site ID not minimum designated). What does this 'ID not minimun designated' mean? My sites ID are unique withing the VPLS and within the range that is defined for the site-range. This is the config on my local router: [EMAIL PROTECTED] show routing-instances vpls { instance-type vpls; interface ge-0/1/1.0; interface ge-8/2/0.0; interface ge-5/3/4.0; route-distinguisher 100:100; vrf-target target:200:200; protocols { vpls { site-range 10; no-tunnel-services; site green { site-identifier 1; interface ge-0/1/1.0; interface ge-8/2/0.0; } site multi { site-identifier 4; interface ge-5/3/4.0; } } } } And this is the status: [EMAIL PROTECTED] run show vpls connections Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit downNP -- interface hardware not present CM -- control-word mismatch - -- only outbound connection is up CN -- circuit not provisioned- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not availble Legend for interface status Up -- operational Dn -- down Instance: vpls Local site: green (1) connection-site Type St Time last up # Up trans 2 rmt Up Aug 3 22:02:16 2008 1 Local interface: lsi.1048578, Status: Up, Encapsulation: VPLS Description: Intf - vpls vpls local site 1 remote site 2 Remote PE: 2.2.2.2, Negotiated control-word: No Incoming label: 262154, Outgoing label: 800032 3 rmt Up Aug 3 22:02:16 2008 1 Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS Description: Intf - vpls vpls local site 1 remote site 3 Remote PE: 3.3.3.3, Negotiated control-word: No Incoming label: 262155, Outgoing label: 800024 Local site: multi (4) connection-site Type St Time last up # Up trans 2 rmt LM 3 rmt LM Thanks, Marlon ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Debugging SONET (OC-3) errors
I have an OC-3 (POS running PPP) between two POPs (an M10i at each end) getting errors, and this is the first time I've had to debug errors on a SONET link. I am seeing BIP-B3 and REI-P incrementing in spurts on the Z end (e.g. 99 BIP-B3 and 45 REI-P, both showing 2 seconds), as well as ES-P and ES-PFE matching the seconds (2 in since I cleared the counters). No other error counters are incrementing (no section or line errors at all). I have seen some errors at the A end as well, but not as many or as often. When I get a spurt of errors, both ends will show an interface flap (at least most of the time; I'm not sure this is 100% of the time or not). Reading various docs, this means there is a problem somewhere between telco devices with the transmission from the Z end to the A end. Is that correct? I opened a telco ticket, but they pretty much blew it off. I know little about SONET so I am having trouble telling them what to check. I'd like to avoid intrusive testing if possible (since this is a major circuit for us). Part of the problem is that this circuit goes through 7 (yes 7!) different carriers, and I am not sure that the telco that owns the whole thing is looking at anything other than the loop on the Z end (the only piece they actually own). Any suggestions? -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS LM Status?
It works. Thanks. Can you please elaborate a bit more what do you mean by local mesh-groups? I tried to forward learned traffic as well as flooded from interfaces between local sites and interfaces within local sites...traffic was flowing in any case. Are those mesh groups supposed to supress some traffic? Not quite sure what is the purpose of multiple local sites? If I have many interfaces in a single site, wouldn't that work as well? Thanks, marlon On Mon, Aug 4, 2008 at 1:30 AM, Krasimir Avramski [EMAIL PROTECTED] wrote: Hello, Only one pseudowire is setup between PEs of a VPLS domain. There are already pseudowires 1-2 and 1-3, so site ID 1 is minimum designated in PE for this VPLS domain. At the forwarding plain you should not have any problems in communication between interfaces in site 4 to local interfaces in site 1 and remote site IDs 2 and 3. LM, RM states are not considered errors, that is more information for the pseudowire selection. Think of a site (VE) as a selection of PE-CE interfaces (local mesh-group) for a vpls domain. Also when configuring multihoming specify the site preferences in order PEs to solve collisions and choose single forwarder. Regards, Krasi -Original Message- From: [EMAIL PROTECTED] [mailto:juniper-nsp- [EMAIL PROTECTED] On Behalf Of Marlon Duksa Sent: Monday, August 04, 2008 1:16 AM To: juniper-nsp@puck.nether.net Subject: [j-nsp] VPLS LM Status? Does anyone know why would I get the LM status (local site ID not minimum designated) on my VPLS connection. I have two sites configured on a single PE in the same VPLS. One site is coming up just fine, but the other is not. The remote side for the 'not up' connection is complaining with the RM status (remote site ID not minimum designated). What does this 'ID not minimun designated' mean? My sites ID are unique withing the VPLS and within the range that is defined for the site-range. This is the config on my local router: [EMAIL PROTECTED] show routing-instances vpls { instance-type vpls; interface ge-0/1/1.0; interface ge-8/2/0.0; interface ge-5/3/4.0; route-distinguisher 100:100; vrf-target target:200:200; protocols { vpls { site-range 10; no-tunnel-services; site green { site-identifier 1; interface ge-0/1/1.0; interface ge-8/2/0.0; } site multi { site-identifier 4; interface ge-5/3/4.0; } } } } And this is the status: [EMAIL PROTECTED] run show vpls connections Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit downNP -- interface hardware not present CM -- control-word mismatch - -- only outbound connection is up CN -- circuit not provisioned- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not availble Legend for interface status Up -- operational Dn -- down Instance: vpls Local site: green (1) connection-site Type St Time last up # Up trans 2 rmt Up Aug 3 22:02:16 2008 1 Local interface: lsi.1048578, Status: Up, Encapsulation: VPLS Description: Intf - vpls vpls local site 1 remote site 2 Remote PE: 2.2.2.2, Negotiated control-word: No Incoming label: 262154, Outgoing label: 800032 3 rmt Up Aug 3 22:02:16 2008 1 Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS Description: Intf - vpls vpls local site 1 remote site 3 Remote PE: 3.3.3.3, Negotiated control-word: No Incoming label: 262155, Outgoing label: 800024 Local site: multi (4) connection-site Type St Time last up # Up trans 2 rmt LM 3 rmt LM Thanks, Marlon ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list