16 Jun

MPLS workshop #1 – Basic MPLS Core configuration

This is the first post in a series where I’ll be presenting various aspects of MPLS network. Starting from basics and moving forward to more advanced topics. We’ll be using following topology:

As you can see we have two P routers, three PE routers, four CE routers and one of PE routers will also act as BGP route reflector. Different MPLS L3VPN networks are using different CE-PE protocols. Every router have Loopback0 interface configured with address 10.0.0.x/32 where x is the router number. Subnets on links between routers are addressed in scheme known from CCIE workbooks, that third octet shows between what routers link is configured and fourth octet represents router number. So if we are talking about link between R4 and R5 the address on R4 E0/1 interface is and on R5 E0/1 interface
Read More

30 May

SPAN available on ASR903

IOS XE 3.6.1S has just been released. Not many new features were introduced since 3.6.0S release but on useful is already deployed on this platform – Switch Port Analyzer (SPAN), sometimes called also as port mirroring. It’s useful if you want to capture traffic from particular interface and send it to other. It’s well known on other Cisco platforms

ASR903 supports SPAN only on physical ports. It’s not possible to apply session to EFP or VLAN. Up to 16 sessions are supported with one destination which is set as access port. By default it mirrors traffic sent in both ways. Traffic can only be mirrored locally – RSPAN is not supported.

configuration is simple and not differ from one know from other platforms

Router(config)# monitor session 2 source interface gigabitethernet 2/2
Router(config)# monitor session 2 destination interface gigabitethernet 2/1
24 Jan

BGP Route Server on ASR1000

BGP Route Server is feature designated mostly for IX (Internet Exchange) deployment. You can find many deployment around the world mostly using open software like Quagga, but it’s also available on Cisco’s ASR1000 routers. Route server is an advanced route reflector which provide customized policy support for each service provider, which means that standard path selection can be overridden by route policies set per particular provider.
Read More

04 Oct

Identyfying PPPoE transient sessions

If PPP negotiations fails (ie. due to problems with authentication or lack of account on RADIUS server) session stays in transient state for some time. You can list those session

bras# show pppoe summary                                             
    PTA  : Locally terminated sessions
    FWDED: Forwarded sessions
    TRANS: All other sessions (in transient state)

                                TOTAL     PTA   FWDED   TRANS
TOTAL                            5678    5673       0       5
GigabitEthernet1/0/0             3863    3862       0       1
GigabitEthernet1/1/0             1815    1811       0       4

It’s possible to identify MAC address for modems that couldn’t establish sessions

bras# sh pppoe ses | i LCP   
   3095  28818  000e.5499.722d  Gi1/0/0.525              1  N/A        LCP  
   3548  28669  001f.a45c.7a4d  Gi1/1/0.527              1  N/A        LCP  
  13370  28817  0013.3319.316d  Gi1/1/0.527              1  N/A        LCP  
   6372  28813  0013.3199.751e  Gi1/1/0.527              1  N/A        LCP  
   6018  28812  0019.c8a3.3d66  Gi1/1/0.1598             3  N/A        LCP  
08 Sep

Interface range vlan

Interface range command is quite widely used on Cisco switches to configure many physical interfaces at the same time. On 7600 routers it can be also used to configure many SVIs at the same time but you can use it only to configure existing SVIs within range. According to documentation this command cannot be used to create SVIs in that particular range which is not totally true.
Read More

10 Aug

Deleting a subinterface that has IPv6 EIGRP running on it and crashing IOS XE

In some cases router running IOS XE might crash or produce traceback if we try to delete logical interface (like ie. port-channel) or subinterface that runs IPv6 EIGRP. This can occur mostly on XNE or older releaseses, has been fixed in new ones. Cisco have internal bug CSCtd63242 describing this problem (might be released into public).
Read More

23 Apr

Secret changes in Cisco documentation (follow up on “No EIGRP neighbor authentication on ASR9K” post)

I received comment from Pushpasis Sarkar from Cisco on my previous post about lack of EIGRP authentication on ASR9k. It made me wonder if I missed something during deployment? I remember we were testing it hardly in lab and documentation stated clearly it’s not supported. I’m pretty sure, but 100%, that we were testing key chains both with and without defined lifetime and cryptographic-algorithm, because we were having some issues with IS-IS and key chains too. And it never worked.
Read More

12 Mar

Enabling IPv6 passthrough on WLC

Wireless network in controller-based environment is good place to start playing with IPv6. You can create separate VLAN and SSID to provide IPv6 service within network. Cisco wireless devices cannot be configured with IPv6-intelligence yet, therefor you can’t assign IPv6 address to access point or BVI interface if needed nor provide any security features. But they can pass IPv6 traffic between IPv6-aware routers and client devices.

By default stand-alone access point pass IPv6 traffic so no additional configuration is needed as long as routers, where particular VLAN is terminated, is properly configured. On Wireless LAN Controllers IPv6 pass-through have to be enabled for particular WLAN.

IPv6 support can be enabled in Advanced tab of WLAN configuration on controller. But, for some unknown reason, this feature is not available on WLC series 2000, 2100 and NME-WLC, even tho it’s visible on configuration panel. Also 7.0 firmware is recommended.