Search this Blog

Tuesday, June 18, 2013

EIGRP Unequal Cost Traffic Sharing Problem - %FIB-4-UNEQUAL

We have configured a router to prioritize among its three paths to the 150.1.1.0/24 network.  We can see that the topology table reflects the proper metrics after the changes were made.  However, only two routes are selected.  Initially after configuring the traffic-share min across-interfaces command, we received the following warning message:

%FIB-4-UNEQUAL: Range of unequal path weightings too large for prefix 150.1.1.0/24. Some available paths may not be used.
 
R3#show run | section eigrp
router eigrp 200
variance 2
traffic-share min across-interfaces
offset-list 0 in 1000000 Serial1/1
network 10.0.0.4 0.0.0.3
network 10.0.0.8 0.0.0.3
network 10.0.0.12 0.0.0.3
network 150.3.3.0 0.0.0.255
no auto-summary
 
R3#show ip route 150.1.1.0
Routing entry for 150.1.1.0/24
  Known via "eigrp 200", distance 170, metric 2172416, type external
  Redistributing via eigrp 200
  Last update from 10.0.0.5 on Serial1/1, 00:00:08 ago
  Routing Descriptor Blocks:
  * 10.0.0.14, from 10.0.0.14, 00:00:08 ago, via Serial1/2
      Route metric is 2172416, traffic share count is 1
      Total delay is 20100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1
    10.0.0.5, from 10.0.0.5, 00:00:08 ago, via Serial1/1
      Route metric is 3172416, traffic share count is 0
      Total delay is 59162 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1
 
R3#show ip eigrp topology 150.1.1.0 255.255.255.0
IP-EIGRP (AS 200): Topology entry for 150.1.1.0/24
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2172416
  Routing Descriptor Blocks:
  10.0.0.14 (Serial1/2), from 10.0.0.14, Send flag is 0x0
      Composite metric is (2172416/28160), Route is External
      Vector metric:
        Minimum bandwidth is 1544 Kbit
        Total delay is 20100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
      External data:
        Originating router is 4.4.4.4
        AS number of route is 100
        External protocol is EIGRP, external metric is 0
        Administrator tag is 0 (0x00000000)
  10.0.0.5 (Serial1/1), from 10.0.0.5, Send flag is 0x0
      Composite metric is (3172416/1028160), Route is External
      Vector metric:
        Minimum bandwidth is 1544 Kbit
        Total delay is 59162 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
      External data:
        Originating router is 1.1.1.1
        AS number of route is 100
        External protocol is EIGRP, external metric is 0
        Administrator tag is 0 (0x00000000)
  10.0.0.9 (Serial1/0), from 10.0.0.9, Send flag is 0x0
      Composite metric is (2684416/2172416), Route is External
      Vector metric:
        Minimum bandwidth is 1544 Kbit
        Total delay is 40100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
      External data:
        Originating router is 1.1.1.1
        AS number of route is 100
        External protocol is EIGRP, external metric is 0
        Administrator tag is 0 (0x00000000)

One of the requirements for variance to work in EIGRP is that the reported distance from a neighbor must be less than the Feasible Distance of the successor route. Looking at the output from show ip eigrp topology we see FD is 2172416. So this is the value to compare with the reported distance from the neighbors.
The first neighbor reports the lowest distance and its route is the successor route using Serial 1/2. The second neighbor reports 1028160 as the distance. This is less than the FD and so the route through Serial 1/1 is also used.The third neighbor reports 2172416. This is not less than FD and so this route is not used by variance.
 

You are on the right track. It is just that one of the routes does not qualify to be used under variance.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, June 10, 2013

How do you enable SSH CLI on Cisco 2960 Switch?

Can you please help with configuring the following on cisco ws-c2960-24 ttl:

1. SSH CLI
2.PORT SECURITY REMOVAL: Limits MAC@per port with no shutdown
3.Set port to protect
4.Set RSTP
5. Finally how do i set up TFTP Server from windows server 2008

1) for ssh enabling

line vty 0 4
transport input ssh
login local
 


Please click here for Cisco documentation on SSH Config.
 

2) For Port security removal
conf t
no switchport port-security
 

Please click here for Cisco documentation on Port Security

3) for securing over mac
conf t
Switch(config)# interface gig 0/1
Switch(config-if)# switchport port-security mac-address ?
  H.H.H   48 bit mac address
  sticky  Configure dynamic secure addresses as sticky
 


4) Set port to protect
conf t
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport protected

 Please click here for Cisco documentation on Port Protection


5) Set RSTP
MSTP—This spanning-tree mode is based on the IEEE 802.1s standard. You can map multiple VLANs to the same spanning-tree instance, which reduces the number of spanning-tree instances required to support a large number of VLANs. The MSTP runs on top of the RSTP (based on IEEE 802.1w), which provides for rapid convergence of the spanning tree by eliminating the forward delay and by quickly transitioning root ports and designated ports to the forwarding state. In a switch stack, the cross-stack rapid transition (CSRT) feature performs the same function as RSTP. You cannot run MSTP without RSTP or CSRT
 

Please click here for Cisco documentation on RSTP

6) TFTP
Needs to install tftp in the server and you must be able to ping the router/switch from the tftp server and able to telnet the ports of tftp server and vice versa.


Please click here for Cisco documentation on TFTP


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, June 3, 2013

Can the CISCO router VPN authentication integrate with RSA token?

We  have created vpn in our Internet router so that remote users can connect vpn with cisco vpn client , when we created local user name and password for the vpn authentication. We have RSA server in our network , can we integrate this vpn authentication with RSA token?

On a Cisco router you an authenticate your users with RADIUS. As the RSA-Server can also be reached through RADIUS you cyn send your token-based authentication to the server that way. As far as I know, the IOS still doesn't support the native RSA-protocol as the ASA does for VPN.

Please click here for more details on "RSA SecurID Ready Implementation Guide".


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */