The Cisco Short Questions Thread v12.4.9(WTF)

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›13 »

CrazyLittle: Sep 11, 2001; Clapping Larry

Just for giggles and learning, I'm trying to daisychain a bunch of 1720's together via T1 WIC cards, and one ADSL WIC. How would I go about writing the routes to make traffic pass through from point A -> B:

PC -> [fe0, 1720, t1 wic] -> [t1 wic, 1720, ADSL wic] -> internets

# ¿ Apr 23, 2007 23:47

Adbot: ADBOT LOVES YOU

# ¿ Apr 26, 2024 13:08

CrazyLittle: Sep 11, 2001; Clapping Larry

inignot posted:

Use 10.whatever on all your interfaces, then enable eigrp per below.

router eigrp 1
no auto-summary
network 10.0.0.0 255.0.0.0

Out of curiosity; do you have, or know how to make, a t1 crossover cable?

Thanks! I'll give that a try today.

inignot posted:

Out of curiosity; do you have, or know how to make, a t1 crossover cable?

Yep - already done. I needed to make one to test the PRI interface on a Adtran that I set up for SIP trunking.

# ¿ Apr 24, 2007 16:14

CrazyLittle: Sep 11, 2001; Clapping Larry

What's the newest firmware I can run on a Cisco 2621 with 8mb flash, 24mb dram?

# ¿ May 21, 2007 23:05

CrazyLittle: Sep 11, 2001; Clapping Larry

Girdle Wax posted:

12.1.27b
or
12.2.12m

If you upgraded the RAM to at least 32M you could run the latest which is 12.3.22

Yeah, drat. I was hoping somebody knew of a "magic" build of 12.3 that would fit in there, but then again 2621's are pretty drat old.

I got a better question actually though. I'm trying to use OER on a 1841 across a DSL connection and a T1 connection. I setup the route maps to send mail traffic over the T1, but for some reason the ACL isn't matching, or the route-map isn't setting the next hop properly:

72.14.253.103 = DSL gateway
72.14.253.206 = T1 gateway

code:

!SIP clients on vlan 2
access-list 5 permit 10.0.10.0 0.0.0.255

!lan pcs
access-list 6 permit 10.0.0.0 0.0.0.255

!extended ACL for lan pcs (seems to catchall)
access-list 102 permit ip 10.0.0.0 0.0.0.255 any

!extended ACL for SIP clients
access-list 110 permit ip 10.0.10.0 0.0.0.255 any

!Set default route for all PC traffic over the DSL
route-map dslnat permit 10
 match ip address 6 5
 match interface ATM0/1/0.1 Serial0/0/0

!Set default route for all SIP traffic over the T1
route-map voice-t1 permit 10
 match ip address 110
 set ip next-hop 72.14.253.103 72.14.253.206

!Same as dslnat?
route-map web-dsl permit 10
 match ip address 102
 set ip next-hop 72.14.253.206 72.14.253.103

!Same as voice-t1?
route-map t1nat permit 10
 match ip address 5 6
 match interface Serial0/0/0 ATM0/1/0.1


1841router#show route-map
route-map dslnat, permit, sequence 10
  Match clauses:
    ip address (access-lists): 6 5
    interface ATM0/1/0.1 Serial0/0/0
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map voice-t1, permit, sequence 10
  Match clauses:
    ip address (access-lists): 110 101
  Set clauses:
    ip next-hop 72.14.253.103 72.14.253.206
  Policy routing matches: 0 packets, 0 bytes
route-map web-dsl, permit, sequence 10
  Match clauses:
    ip address (access-lists): 102
  Set clauses:
    ip next-hop 72.14.253.206 72.14.253.103
  Policy routing matches: 14444933 packets, 1865843751 bytes
route-map t1nat, permit, sequence 10
  Match clauses:
    ip address (access-lists): 5 6
    interface Serial0/0/0 ATM0/1/0.1
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

Edit: found the solution.

code:

route-map web-dsl, permit, sequence 9
  Match clauses:
    ip address (access-lists): 101
  Set clauses:
    ip next-hop 72.14.253.103 72.14.253.206

Herv posted:

You are applying the correct route-map to the correct interface?

You can only have one route-map per interface by the way. Have to use sequence numbers like crypto-maps.

That was the answer - the ACL I added would never get matched because it trying to match on the wrong vlan. Adding a route-map on the correct interface with a higher precedence number fixed it.

CrazyLittle fucked around with this message at 16:28 on May 22, 2007

# ¿ May 22, 2007 00:58

CrazyLittle: Sep 11, 2001; Clapping Larry

Herv posted:

You are applying the correct route-map to the correct interface?

You can only have one route-map per interface by the way. Have to use sequence numbers like crypto-maps.

That was the answer - the ACL I added would never get matched because it trying to match on the wrong vlan. Adding a route-map on the correct interface with a higher precedence number fixed it.

# ¿ May 22, 2007 16:27

CrazyLittle: Sep 11, 2001; Clapping Larry

Herv posted:

Good deal, glad to help.

By the way, have you had luck failing over to the second ip addresses in your set ip next-hop statements?

Yeah actually. It takes about 20-30 seconds for the initial hop to "fail" with concrete results, but it actually does roll over. That suggestion came from the Cisco TAC group. It's a shame they're too dumb to implement a -real- OER configuration though

It turns out the configuration I have running on that 1841 is an orphaned OER border/master that does nothing while the Policy-based routing does all the heavy lifting.

# ¿ May 23, 2007 00:30

CrazyLittle: Sep 11, 2001; Clapping Larry

Herv posted:

Go get some ram!

Pfft! why would I upgrade the ram on a 2621 when I have two more 1841's and a whole box of 1720's in front of me

# ¿ May 23, 2007 17:07

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

(CBWFQ inside GTS):
I'm not even sure if that's supported on an 871, someone correct me if I'm wrong.

Yeah CBWFQ is supported on the 87x routers. Just to try to apply it to a ADSL interface... you'll run into the multiple deadends I am right now.

I've got a customer that was provisioned a 1720 (IOS 12.3.9a, 32d+8f) w/ ADSL-WIC with a PIX 501. The key ingredients to this setup is that they want the pix, and they want to run VOIP over the DSL, and therefore they need QoS on the DSL so that calls don't drop.

The problem? I can't get the loving ADSL connection to work properly. Normally when I configure ADSL wics, I'm using IRB and bonding the connection to a BVI... Except CBWFQ is not supported over IRB.

So how do I configure a ADSL connection without subinterfaces or IRB or a BVI interface? Here's what I've got so far, and the error that trickled up:

quote:

*Mar 1 15:55:04.376: %IP-4-ZERO_ADDR: Zero MAC address for <WAN IP> in ARP cache

code:

class-map match-all voice
  match access-group 101
!
!
policy-map voice
  class voice
   bandwidth percent 30
  class class-default
   fair-queue
!
!
interface ATM0
 ip address <WAN IP> 255.255.255.252
 no ip mroute-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/35
  protocol ip <WAN GATEWAY>
  cbr 384
  encapsulation aal5snap
  service-policy output voice
 !
!
!
access-list 101 permit ip <VOIP SERVER> 0.0.0.255 any

Any of you guys know what's missing/wrong? Cisco TAC isn't getting back to me, and all google results are real vague responses about bridging.

Oh, and Biggz - in the example above, here's the parts which configure CBWFQ:

code:

class-map match-all <POLICY-NAME>
  match access-group 101
!
!
policy-map <POLICY-NAME>
  class <CLASS-NAME>
   bandwidth <kbps | percent ##%>
  class <CLASS-NAME-2>
   bandwidth <kbps | percent ##%>
  class class-default
   fair-queue
!
!
interface XYZ
  service-policy output <POLICY-NAME>

CrazyLittle fucked around with this message at 18:10 on Jun 20, 2007

# ¿ Jun 20, 2007 18:02

CrazyLittle: Sep 11, 2001; Clapping Larry

Herv posted:

The PIX will strip off any qos tags set by the phone, so I hope the voip can be classified by IP if possible (e.g. not going over a vpn with a bunch of other traffic).

Edit: I have done a combo with Priority Queuing on the IOS-FW so the DSL router gets the important traffic first.

PIX 501's suck rear end for voip compared to a 2600 with IOS-FW.

Believe me, if I could I would have reconfigured the entire package, because the hardware in this is all wrong. These guys don't even need cisco gear really as it all could be performed by a Adtran DSL router or even these wacky little "Draytek" ones we have which work surprisingly well. It was a customer demand to supply a PIX.

# ¿ Jun 20, 2007 18:34

CrazyLittle: Sep 11, 2001; Clapping Larry

landoverbaptist posted:

I can get a cisco 2620 with a T1 WIC from work for cheap. It was made prior to 2002. Would getting it help me earn my CCNA?

How cheap is "cheap"?

# ¿ Jul 25, 2007 06:23

CrazyLittle: Sep 11, 2001; Clapping Larry

landoverbaptist posted:

under a hundred

How much flash memory and how much DRAM? It can't hurt to have on hand - you might not be able to run newer IOS but at the least you can learn the routing concepts and basic commands faster by being able to use an actual router device. Really you would need TWO routers with T1 WICs in them so that you could actually make a two-network lab that you're routing between. If that's not an option due to space or due to money, see about getting some of the router simulator software packages and decide if those would work better for you.

# ¿ Jul 25, 2007 06:27

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

Check out OER: http://www.cisco.com/en/US/products/ps6628/products_ios_protocol_option_home.html

Ya know, I haven't found anyone who's actually implemented that correctly yet. I've had a ticket open with Cisco TAC for 3 months now which has been escalated twice, and yet they still can't figure out why the border/master isn't actually performing any heartbeats or changing any of the route metrics. That's also considering that I've repeatedly told them that none of the configuration lines they've given me actually assign any OER policies to any real interfaces. :rolleyes:

That said, XakEp, you can also look into Policy-Based Routing, which isn't as slick as OER but offers some minor load balancing and hot-spare failover.

jwh - if you feel like taking a look I'd appreciate if you could help me out (off-forums) with the OER configs I was working on.

# ¿ Jul 25, 2007 16:32

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

All I know about OER is what I found in the design doc "Cisco IOS Optimized Edge Routing Configuration Guide, Release 12.4T". I haven't used it myself.

OER is one of those things that's apparently new enough to not work correctly unless you stumble upon the one IOS image that was broken in such a way as to accidentally fix it.

Are you running OER MC/BR on a single router, or distributed?

Yeah. I think my ticket dragged on so long that Cisco decided to transfer my TAC rep out of the department so they wouldn't have to fire them. Currently the router's setup for PBR because well... it just works. It's an 1841 acting as both border and master.

landoverbaptist posted:

Great news my boss said I can have that 2620 for free if I promise to try for a CCNA this year! hooray

hah

You should have pushed for an 1841 instead.

# ¿ Jul 25, 2007 18:10

CrazyLittle: Sep 11, 2001; Clapping Larry

XakEp posted:

I'll be running it on a single router. No need to get really fancy. If I run into problems I'll post them up here. Thanks!

Hell if you do get it running, post the config.

# ¿ Jul 25, 2007 23:41

CrazyLittle: Sep 11, 2001; Clapping Larry

nene posted:

The 26xx and 26xx XM series has one NM slot and two WIC slots.

Also don't fool yourself into thinking that the NM-2FE2W will work in a 26xx series router. They won't.

# ¿ Jul 29, 2007 21:25

CrazyLittle: Sep 11, 2001; Clapping Larry

Sneaksie posted:

At the moment we are replacing the cards as they fail but we are worried that 3 out of 6 cards have failed in the last 3 months.

Are they honest-to-god real Cisco cards? We've had 3 out of a 4-card purchase of WIC-T1-V2's and that's pretty much because they're all cheap chinese counterfeit WICs

# ¿ Aug 3, 2007 17:39

CrazyLittle: Sep 11, 2001; Clapping Larry

conntrack posted:

Is there a market for those serial cards? We have like 50 of them in the poo poo heap at work.

Yes, because the new routers 28xx and 18xx series routers only accept V2 WICs.

jwh posted:

Are they WIC-1T's, or WIC-1DSU-T1?

Apparently there are a lot of counterfit WIC-1DSU-T1's around, especially the V1's with the four big Taiwanese capacitors.

WIC-1DSU-T1-V2

And when you purchase them on eBay for ~$100, you can guarantee they're going to be counterfeit. poo poo, if it was just a cap problem I'd break out my soldering iron any day, but I don't think that's what's going on here.

# ¿ Aug 3, 2007 19:11

CrazyLittle: Sep 11, 2001; Clapping Larry

Sneaksie posted:

Definatly Cisco cards, bought from Cisco direct (or at least thats what my buyer tells me)

I recieved one of the faulty cards back yesterday and the build quality is really low; dry solder, missing solder, chips not straight, gouges in the board.

post a picture of the faulty card. Among other things, if there's no hologram sticker, it's counterfeit.

# ¿ Aug 4, 2007 18:30

CrazyLittle: Sep 11, 2001; Clapping Larry

GOOCHY posted:

I guess that's what I get for being too greedy. That PIX for $20 is the steal of the week for me though.

Yes, but now you're stuck with a PIX 501.

# ¿ Aug 5, 2007 00:13

CrazyLittle: Sep 11, 2001; Clapping Larry

Tremblay posted:

For home they are fine, and hey worst case he just spent $20 to have equipment to learn on.

I kid. Mostly the thing that bugs me about the pix 501 is that the ASA 5500 is roughly the same price and isn't the neutered wanna-be firewall that the pix 501 is in comparison to the 506.

# ¿ Aug 5, 2007 05:48

CrazyLittle: Sep 11, 2001; Clapping Larry

Tremblay posted:

I think list was ~$1000 for the 5505s with base lic. Are we really selling 501s for that much?

on CDW:
$419 Cisco ASA 5505 10-user Bundle
$419 Cisco PIX 501 10-user/3DES bundle

# ¿ Aug 5, 2007 19:44

CrazyLittle: Sep 11, 2001; Clapping Larry

Tremblay posted:

Ouch. Yeah, that makes it a pretty easy decision.

Please tell that to my customers who keep name dropping "PIX 501" like it's in style

I had to do this awful ugly hack to rewrite the originating IP on a PIX 506 in order to make policy based routing work over a wimax + T1 configuration.

# ¿ Aug 5, 2007 19:46

CrazyLittle: Sep 11, 2001; Clapping Larry

GOOCHY posted:

We're about 5 years behind everybody else when it comes to updating hardware though. Maybe it's a Midwest thing

Nope. San Francisco here, and if a customer wants one DSU1 (T1) connection they get a Cisco 1720 running 12.3. We figure it's cheap, won't break, and gets the job done.

inignot posted:

I work with a federal agency that is running five year old pix 535's with 6.34 code. They still have CatOS on a couple of switches too. And they wonder why their gear can never support the latest hotshit feature they want, it's a special kind of dumb that I have no sympathy for.

Because people who have to work with the stuff value reliability more than they value feature creep. That's what I've boiled it down to. If there's no absolutely compelling reason to upgrade beyond patches and bug fixes, then there's no reason to upgrade. :colbert:

# ¿ Aug 5, 2007 21:08

CrazyLittle: Sep 11, 2001; Clapping Larry

GOOCHY posted:

It's either a 1720 with a V2 T1 WIC for Serial Frame

1720's support V2s? What IOS are you running it with?

# ¿ Aug 5, 2007 22:13

CrazyLittle: Sep 11, 2001; Clapping Larry

inignot posted:

Does not compute.

haha... yeah. The only rationalization I have for that is "stupid is as stupid does."

# ¿ Aug 6, 2007 01:50

CrazyLittle: Sep 11, 2001; Clapping Larry

M@ posted:

Contrary to popular belief, there are real Cisco WICs. I've got some real ones if you're still looking for them.

One of the first things to look for on those WIC cards is the word "Stewart" on the inside of the port. Older fake WICs won't have that. Newer fakies will have it, but that's a whole different story.

That's not what I'm saying at all. Of course there are REAL V2 wics out there. If you buy the $100 "NEW" V2 WICs on eBay, they're not real. Real WICs cost >$500 and are sold by reputable Cisco dealers.

# ¿ Aug 6, 2007 21:21

CrazyLittle: Sep 11, 2001; Clapping Larry

TheCaptain posted:

Cisco's site is down!

Can someone verify if it's just on my end? I really need to get my hands on some of those sweet docs.

Down. That's pretty embarrassing.

# ¿ Aug 8, 2007 19:25

CrazyLittle: Sep 11, 2001; Clapping Larry

TheCaptain posted:

Interesting. What used to return a timeout now gives this:

code:

Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0 Server at [url]www.cisco.com[/url] Port 80

I guess they're working on it.

They're back.

# ¿ Aug 8, 2007 23:51

CrazyLittle: Sep 11, 2001; Clapping Larry

inignot posted:

Hell, a lot of the people that give you the number aren't even certified. I've caught a couple resumes with expired numbers.

What's the length of qualification for a CCIE?

*edit* found it -two years-... Somehow it doesn't seem worthwhile unless your job is 100% cisco.

CrazyLittle fucked around with this message at 03:58 on Aug 9, 2007

# ¿ Aug 9, 2007 03:54

CrazyLittle: Sep 11, 2001; Clapping Larry

Is there any way to get an WIC-1ADSL to work inside a NM-2FE2W inside a Cisco 3640? I'm getting tired of trying different IOS loads.

# ¿ Aug 9, 2007 23:37

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

Should work I think, is the WIC known good?

What's 'sh inventory raw' say about the WIC?

Yeah it's known good. I'll have to get back to you on that - I borked the IOS by loading an unstable one without having a backup IOS left on flash.

Girdle Wax posted:

Anything with a Plus featureset is supposed to work:
http://www.cisco.com/en/US/products/hw/routers/ps214/products_tech_note09186a00800ae37f.shtml

Latest GD/LD/ED loads from FN:
code:
GD Release 	12.3(23)
LD Release 	12.4(16)
ED Release 	12.3(14)T7  12.3(11)YZ1  12.3(4)XD4  12.2(15)T9  12.2(11)YT2
12.3(23) IP Plus looks to be 32F/96D, image name is c3640-is-mz.123-23.bin

I'm 8mb short on flash. I tried loading an ED and that's what put me in my current situation.

CrazyLittle fucked around with this message at 01:48 on Aug 10, 2007

# ¿ Aug 10, 2007 01:44

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

What's 'sh inventory raw' say about the WIC?

Huh. There's definitely something weird going on here. The NM isn't starting up properly.

code:

NAME: "3640 chassis", DESCR: "3640 chassis, Hw Serial#: 19737148, Hw Revision: 0x00"
PID:                   , VID: 0x00, SN: 19737148

NAME: "", DESCR: "3640 Chassis Slot"
PID:                   , VID:    , SN:

NAME: "", DESCR: "FastEthernet/WAN"
PID:                   , VID:    , SN:

NAME: "", DESCR: "3640 DaughterCard Slot"
PID:                   , VID:    , SN:

NAME: "FastEthernet0/0", DESCR: "AmdFE"
PID:                   , VID:    , SN:

NAME: "", DESCR: "3640 DaughterCard Slot"
PID:                   , VID:    , SN:

NAME: "FastEthernet0/1", DESCR: "AmdFE"
PID:                   , VID:    , SN:

NAME: "", DESCR: "3640 Chassis Slot"
PID:                   , VID:    , SN:

NAME: "", DESCR: "3640 Chassis Slot"
PID:                   , VID:    , SN:

NAME: "", DESCR: "3640 Chassis Slot"
PID:                   , VID:    , SN:

code:

Router#show diag
Slot 0:
        NM-2FE2W Port adapter, 2 ports
        Port adapter is disabled
        Port adapter insertion time unknown
        EEPROM contents at hardware discovery:
        Hardware Revision        : 1.0
        Top Assy. Part Number    : 800-04797-01
        Board Revision           : E0
        Deviation Number         : 0-6158
        Fab Version              : 04
        PCB Serial Number        : JAB042305V6
        RMA Test History         : 00
        RMA Number               : 0-0-0-0
        RMA History              : 00
        Product (FRU) Number     : NM-2FE2W=
        EEPROM format version 4
        EEPROM contents (hex):

code:

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-I-M), Version 12.3(23), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Tue 24-Jul-07 17:15 by stshen
Image text-base: 0x60008B00, data-base: 0x60D4B270

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Router uptime is 9 minutes
System returned to ROM by reload
System image file is "flash:c3640-i-mz.123-23.bin"

cisco 3640 (R4700) processor (revision 0x00) with 93184K/5120K bytes of memory.
Processor board ID 19737148
R4700 CPU at 100MHz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Read/Write)
20480K bytes of processor board PCMCIA Slot0 flash (Read/Write)

# ¿ Aug 11, 2007 19:37

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

There is no ETTR available at this time.

That's what really hurts right there.

# ¿ Aug 13, 2007 22:35

CrazyLittle: Sep 11, 2001; Clapping Larry

CrazyLittle posted:

Huh. There's definitely something weird going on here. The NM isn't starting up properly.

Figured it out: bad RAM :argh:

# ¿ Aug 16, 2007 18:46

CrazyLittle: Sep 11, 2001; Clapping Larry

sund posted:

Each ISP will only answer name lookup requests from their own network. What's the best way to handle this? Static routes directing DNS traffic to the right interface? Should I be using DNS spoofing?

Are you trying to answer specific name results at the ISP? Why would you need that?

# ¿ Aug 23, 2007 16:24

CrazyLittle: Sep 11, 2001; Clapping Larry

wither posted:

1) Don't get a 2500 for any reason unless you really feel like learning old versions of IOS
2) Don't get a 1720 for routing ethernet WAN. Get a 2621 instead, which has two fast ethernet ports built in.
3) ASA's are a pain in the butt to configure for QoS, and PIX 501's simply don't support it. 2621's aren't that great for NAT unless you get a good amount of RAM in them.
4) Your router should never be routing LOCAL traffic, so the port speed of the LAN interface shouldn't matter as long as you have a switch that's not pure poo poo on the inside.

5) of the 8xx series, isn't the 871 the one that has 2-3 fast ethernet interfaces?

# ¿ Aug 25, 2007 07:24

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

I deal with the TAC pretty often, as I'm sure most everybody else here does. I thought we even had a few people here that work in TAC.

I'd say they're good at solving issues overall; there's occasionally problems relating to where your case is being worked from, versus where you are, which can lead to some delays in communicating, but on the whole they're a good group to work with. They've always been top-notch smart once you get your issue routed to the right group, at least in my experience.

I'm going on month 3 regarding OER. I just want a generic loving config I can hack GIVE IT TO ME YOU FUCKHEADS :argh:

# ¿ Aug 31, 2007 03:01

CrazyLittle: Sep 11, 2001; Clapping Larry

This thread's getting lonely. I have a fun bit of news:

I managed to get OER working on a 3640 with a T1 and DSL interface.

# ¿ Sep 12, 2007 22:52

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

Can you share sanitized configs, as well as which IOS image you're using? I'd love to see what you came up with.

No! YOU MUST PAY ME FOR IT!!! MUA HAH AH AHHAHAHHA...

(yeah - just gotta grab it from the router some how, and I seem to have locked myself out of telnet over the DSL interface :P )

# ¿ Sep 13, 2007 04:53

Adbot: ADBOT LOVES YOU

# ¿ Apr 26, 2024 13:08

CrazyLittle: Sep 11, 2001; Clapping Larry

jwh posted:

I'm prepared to offer you all of my returnable beer bottles, shipped at your expense, plus a cat. You can choose a grey cat, or an orange one. That is my final offer.

~~I'm a sucker for grey cats.~~ Can you ship it parcel post? *edit* Wait nevermind I just saw a picture of the orange one... GIMMIE

OER, as it pertained to the connections I'm using.

This setup has a single computer behind a:

Cisco 3640 router, (card1) NM-2fe2w, (wic1/0) wic-1ADSL, (wic1/1) wic-1dsu-t1.
wic-1ADSL is an ADSL connection that my company sells.
wic-1dsu-t1 is connected to a 1720 wic-1dsu, which is just acting as a T1 endpoint.

Supplemental links: 1) OER in a single-router setup
2) Cisco IOS 12.3T OER reference (lots of good hints)

code:

!Cisco IOS Software, 3600 Software (C3640-IK9O3S-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
!c3640-ik9o3s-mz.124-16.bin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxx
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.100.1.1 10.100.1.50
!
ip dhcp pool localLAN
   network 10.100.1.0 255.255.255.0
   dns-server yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz
   default-router 10.100.1.1
!
!
!
!
!
key chain OERKEYCHAIN
 key 1
   key-string xxxxxxxx
!
!
oer master
 max-range-utilization percent 10
 keepalive 1
 logging
 !
 border 10.100.1.1 key-chain OERKEYCHAIN
  interface FastEthernet1/0 internal
  interface Serial1/1 external
  interface ATM1/0.1 external
 !
 learn
  throughput
  periodic-interval 1
  monitor-period 2
  prefixes 200
  expire after time 300
  aggregation-type prefix-length 32
!
oer border
 local FastEthernet1/0
 master 10.100.1.1 key-chain OERKEYCHAIN
!
!
!
!
!
!
!
!
!
!
!
username xxxxxxxx password 0 xxxxxxxx
!
!
!
!
!
!
!
interface ATM1/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM1/0.1 point-to-point
 description lovely DSL connection to internet
 ip address 192.168.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 no snmp trap link-status
 atm route-bridged ip
 pvc 0/35
 !
!
interface FastEthernet1/0
 description local LAN
 ip address 10.100.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1/1
 ip address dhcp
 duplex auto
 speed auto
!
interface Serial1/1
 description fake internet t1 to lab
 ip address 172.16.0.2 255.255.255.252
 ip nat outside
 ip virtual-reassembly
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1 name DSLgateway
ip route 0.0.0.0 0.0.0.0 172.16.0.1 name T1gateway
!
ip nat inside source route-map oerfailover interface Serial1/1 overload oer
!
access-list 1 permit 10.100.1.0 0.0.0.255
access-list 2 permit any
!
route-map oerfailover permit 10
 match ip address 1
 set ip next-hop 172.16.0.1 192.168.0.1
!
!
!
control-plane
!
!
!
line con 0
 login local
line aux 0
 modem InOut
 transport input all
line vty 0 4
 login local
 transport input telnet
!
!
end

So here's the thing that gets me. When watching the console logging, I can see the OER master watching, picking, choosing and rerouting the traffic... but I can't get it to route to BOTH interface at the same time. It seems to be switching over everything completely. Any thoughts on that, or should I file a new ticket with Cisco TAC and wait another 6 months to be ignored... only to figure it out by myself?

Yeah, I'm kinda bitter at TAC right now.

CrazyLittle fucked around with this message at 05:36 on Sep 13, 2007

# ¿ Sep 13, 2007 05:05

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›13 »