However in the Release Notes for Cisco IOS Release 15.4M&T (http://www.cisco.com/c/en/us/td/docs/ios/15_4m_and_t/release/notes/15_4m_and_t/154-3MCAVS.html), CSCtr19078 is also being resolved in Cisco IOS Release 15.4(3)M (released on 22/Jul/2014).
Showing posts with label bug. Show all posts
Showing posts with label bug. Show all posts
Monday, December 15, 2014
Cisco Bug Toolkit Inconsistent Info
For CSCtr19078, the Cisco Bug Toolkit mentions that the known fixed release is only 15.0(1)M7.2.
However in the Release Notes for Cisco IOS Release 15.4M&T (http://www.cisco.com/c/en/us/td/docs/ios/15_4m_and_t/release/notes/15_4m_and_t/154-3MCAVS.html), CSCtr19078 is also being resolved in Cisco IOS Release 15.4(3)M (released on 22/Jul/2014).
However in the Release Notes for Cisco IOS Release 15.4M&T (http://www.cisco.com/c/en/us/td/docs/ios/15_4m_and_t/release/notes/15_4m_and_t/154-3MCAVS.html), CSCtr19078 is also being resolved in Cisco IOS Release 15.4(3)M (released on 22/Jul/2014).
Friday, March 29, 2013
The BGP neighbor Command Caveat
Router#sh ver | in IOS IOS (tm) 3600 Software (C3620-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2) Router# Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp 100 Router(config-router)#neighbor 22.22.22.22 remote-as 200 Router(config-router)#neighbor 33.33.33.333 remote-as 300 % Create the peer-group first Router(config-router)# Router(config-router)#neighbor 33.33.33.33 remote-as 300 % Create the peer-group first Router(config-router)# Router(config-router)#exit Router(config)# Router(config)#router bgp 100 Router(config-router)#neighbor 44.44.44.44 remote-as 400 % Create the peer-group first Router(config-router)# Router(config-router)#exit Router(config)#no parser cache Router(config)# Router(config)#router bgp 100 Router(config-router)#neighbor 33.33.33.33 remote-as 300 Router(config-router)#neighbor 44.44.44.44 remote-as 400 Router(config-router)#
Friday, August 3, 2012
Cisco 2951 + ISM-VPN-29 + show environment + %PLATFORM-2-SM_ERROR
c2951#sh ver | in IOS Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.2(3)T1, RELEASE SOFTWARE (fc1) c2951# c2951#sh inv NAME: "CISCO2951/K9 chassis", DESCR: "CISCO2951/K9 chassis" PID: CISCO2951/K9 , VID: V01 , SN: XXXXXXXXXXX NAME: "VWIC2-1MFT-T1/E1 - 1-Port RJ-48 Multiflex Trunk - T1/E1 on Slot 0 SubSlot 0", DESCR: "VWIC2-1MFT-T1/E1 - 1-Port RJ-48 Multiflex Trunk - T1/E1" PID: VWIC2-1MFT-T1/E1 , VID: V01 , SN: XXXXXXXXXXX NAME: "WAN Interface Card - HWIC Serial 2T on Slot 0 SubSlot 1", DESCR: "WAN Interface Card - HWIC Serial 2T" PID: HWIC-2T , VID: V02 , SN: XXXXXXXXXXX NAME: "PVDM3 DSP DIMM with 32 Channels on Slot 0 SubSlot 4", DESCR: "PVDM3 DSP DIMM with 32 Channels" PID: PVDM3-32 , VID: V01 , SN: XXXXXXXXXXX NAME: "PVDM3 DSP DIMM with 32 Channels on Slot 0 SubSlot 5", DESCR: "PVDM3 DSP DIMM with 32 Channels" PID: PVDM3-32 , VID: V01 , SN: XXXXXXXXXXX NAME: "Internal Services Module - Crypto Engine on Slot 0", DESCR: "Internal Services Module - Crypto Engine" PID: ISM-VPN-29 , VID: V01 , SN: XXXXXXXXXXX NAME: "C2921/C2951 AC Power Supply", DESCR: "C2921/C2951 AC Power Supply" PID: PWR-2921-51-AC , VID: V01 , SN: XXXXXXXXXXX c2951# c2951#sh env SYSTEM POWER SUPPLY STATUS ========================== Internal Power Supply Type: AC Internal Power Supply 12V Output Status: Normal External Redundant Power Supply is absent or powered off SYSTEM FAN STATUS ================= Fan 1 OK, Low speed setting Fan 2 OK, Low speed setting Fan 3 OK, Low speed setting Fan 4 OK, Low speed setting SYSTEM TEMPERATURE STATUS ========================= Intake Left temperature: 21 Celsius, Normal Intake Right temperature: 19 Celsius, Normal Exhaust Left temperature: 27 Celsius, Normal Exhaust Right temperature: 21 Celsius, Normal CPU temperature: 44 Celsius, Normal Power Supply Unit temperature: 37 Celsius, Normal REAL TIME CLOCK BATTERY STATUS ============================== Battery OK (checked at power up) SYSTEM POWER =============== Motherboard Components Power consumption = 72.4 WPower consumption = ISM 0.0 W Total System Power consumption is: 72.4 W Environmental information last updated 00:00:08 ago c2951# c2951#sh log | in PLATFORM Aug 2 14:52:18 MY: %PLATFORM-2-SM_ERROR: The SM Slot number 0 does not exist on the IO Controller Aug 2 14:52:18 MY: %PLATFORM-2-SM_ERROR: The SM Slot number 0 does not exist on the IO Controller c2951# c2951#sh clock 14:52:23.517 MY Thu Aug 2 2012 c2951#
Thursday, August 2, 2012
Cisco Router "unknown protocol drops"
Introduction
Unknown protocol drops is a counter on the Cisco router interface.
It is caused by protocols that are not understood by the router.
The unknown protocol drops counter was first introduced in Cisco IOS 12.4(15)T8 release, but it was buggy; in which there are 2 duplicating lines and the counter increments by 1 whenever the show interfaces [type num] command is issued, even with the interface is administratively shutdown. :-)
Below shows that the counter was not there in Cisco IOS 12.4(15)T7.
Below shows that the counter was introduced in Cisco IOS 12.4(15)T8 release, and illustrates the bug as mentioned above.
The counter seems OK after Cisco IOS 12.4(15)T9 release.
Root Causes of Unknown Protocol Drops
Unknown protocol drops are normally dropped because the interface where these packets are received is not configured for this type of protocol, or it can be any protocol that the router does not recognize.
The common root causes are DTP, CDP, and LLDP (new in Cisco IOS 15.2T releases).
Below illustrates a problem scenario due to DTP:
Below illustrates a problem scenario due to CDP:
Below illustrates a problem scenario due to LLDP (Cisco IOS 15.2T):
Note: "unknown protocol drops" does not applicable for LLDP packets on Cisco IOS 15.1T releases.
Unknown protocol drops is a counter on the Cisco router interface.
It is caused by protocols that are not understood by the router.
The unknown protocol drops counter was first introduced in Cisco IOS 12.4(15)T8 release, but it was buggy; in which there are 2 duplicating lines and the counter increments by 1 whenever the show interfaces [type num] command is issued, even with the interface is administratively shutdown. :-)
Below shows that the counter was not there in Cisco IOS 12.4(15)T7.
Router#sh ver | in IOS|Compiled Cisco IOS Software, 3600 Software (C3660-I-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3) Compiled Wed 13-Aug-08 20:53 by prod_rel_team Router# Router#sh int fa0/0 FastEthernet0/0 is administratively down, line protocol is down Hardware is AmdFE, address is cc00.0e08.0000 (bia cc00.0e08.0000) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router#
Below shows that the counter was introduced in Cisco IOS 12.4(15)T8 release, and illustrates the bug as mentioned above.
Router#sh ver | in IOS|Compiled Cisco IOS Software, 3600 Software (C3660-I-M), Version 12.4(15)T8, RELEASE SOFTWARE (fc3) Compiled Mon 01-Dec-08 19:10 by prod_rel_team Router#sh int fa0/0 FastEthernet0/0 is administratively down, line protocol is down Hardware is AmdFE, address is cc00.0d20.0000 (bia cc00.0d20.0000) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 16 packets output, 5982 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 1 unknown protocol drops 1 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router#
The counter seems OK after Cisco IOS 12.4(15)T9 release.
Router#sh ver | in IOS|Compiled Cisco IOS Software, 3600 Software (C3660-I-M), Version 12.4(15)T9, RELEASE SOFTWARE (fc5) Compiled Tue 28-Apr-09 15:18 by prod_rel_team Router# Router#sh int fa0/0 FastEthernet0/0 is administratively down, line protocol is down Hardware is AmdFE, address is cc00.09cc.0000 (bia cc00.09cc.0000) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 37 packets output, 18960 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router#
Root Causes of Unknown Protocol Drops
Unknown protocol drops are normally dropped because the interface where these packets are received is not configured for this type of protocol, or it can be any protocol that the router does not recognize.
The common root causes are DTP, CDP, and LLDP (new in Cisco IOS 15.2T releases).
Below illustrates a problem scenario due to DTP:
Switch#sh ver | in IOS|image|Model number Cisco IOS Software, C2960 Software (C2960-LANLITEK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1) System image file is "flash:/c2960-lanlitek9-mz.122-58.SE2.bin" Model number : WS-C2960-48TC-S Switch# Switch#sh run int fa0/1 Building configuration... Current configuration : 57 bytes ! interface FastEthernet0/1 spanning-tree portfast end Switch# Switch#sh dtp int fa0/1 DTP information for FastEthernet0/1: TOS/TAS/TNS: ACCESS/AUTO/ACCESS TOT/TAT/TNT: NATIVE/802.1Q/NATIVE Neighbor address 1: 000000000000 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): 23/RUNNING Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S2:ACCESS # times multi & trunk 0 Enabled: yes In STP: no Statistics ---------- 0 packets received (0 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 10 packets output (10 good) 5 native, 5 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups, last link up on Mon Mar 01 1993, 00:02:22 0 link downs Switch# ================================================================================ Router#sh ver | in IOS|image Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.2(3)T1, RELEASE SOFTWARE (fc1) System image file is "flash0:c2951-universalk9-mz.SPA.152-3.T1.bin" Router# Router#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID Switch Gig 0/0 135 S I WS-C2960- Fas 0/1 Router# Router#sh run int gi0/0 Building configuration... Current configuration : 98 bytes ! interface GigabitEthernet0/0 ip address 10.10.10.1 255.255.255.0 duplex auto speed auto end Router# Router#sh int gi0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is PQ3_TSEC, address is f0f7.55ef.a2a0 (bia f0f7.55ef.a2a0) Internet address is 10.10.10.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:08, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 43645 packets input, 62956373 bytes, 0 no buffer Received 137 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 17 multicast, 0 pause input 50454 packets output, 3033488 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 10 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 2 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Router# ================================================================================ Solution: Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#end Switch# Switch#sh run int fa0/1 Building configuration... Current configuration : 81 bytes ! interface FastEthernet0/1 switchport mode access spanning-tree portfast end Switch# Switch#sh dtp int fa0/1 DTP information for FastEthernet0/1: TOS/TAS/TNS: ACCESS/OFF/ACCESS TOT/TAT/TNT: NATIVE/802.1Q/NATIVE Neighbor address 1: 000000000000 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): never/STOPPED Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S1:OFF # times multi & trunk 0 Enabled: no In STP: no Statistics ---------- 0 packets received (0 good) 0 packets dropped 0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 0 packets output (0 good) 0 native, 0 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups, last link up on Mon Mar 01 1993, 00:02:22 1 link downs, last link down on Mon Mar 01 1993, 00:06:46 Switch#
Below illustrates a problem scenario due to CDP:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no cdp run Router(config)#end Router# Router#sh cdp neighbors % CDP is not enabled Router# Router#clear counters gi0/0 Clear "show interface" counters on this interface [confirm] Router# ================================================================================ Switch#debug cdp packets CDP packet info debugging is on Switch# *Mar 1 00:13:06.809: CDP-PA: version 2 packet sent out on FastEthernet0/1 Switch# ================================================================================ Router#sh int gi0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is PQ3_TSEC, address is f0f7.55ef.a2a0 (bia f0f7.55ef.a2a0) Internet address is 10.10.10.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:07, output 00:00:09, output hang never Last clearing of "show interface" counters 00:03:11 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 4 packets input, 1716 bytes, 0 no buffer Received 4 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 4 multicast, 0 pause input 21 packets output, 1882 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 1 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Router# ================================================================================ Solution: Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/1 Switch(config-if)#no cdp enable Switch(config-if)#end Switch#
Below illustrates a problem scenario due to LLDP (Cisco IOS 15.2T):
Router#sh ver | in IOS|image Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.2(3)T1, RELEASE SOFTWARE (fc1) System image file is "flash0:c2951-universalk9-mz.SPA.152-3.T1.bin" Router# Router#clear counters gi0/0 Clear "show interface" counters on this interface [confirm] Router# Router#sh int gi0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is PQ3_TSEC, address is f0f7.55ef.a2a0 (bia f0f7.55ef.a2a0) Internet address is 10.10.10.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:52, output 00:00:03, output hang never Last clearing of "show interface" counters 00:00:10 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 429 bytes, 0 no buffer Received 1 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 1 multicast, 0 pause input 7 packets output, 731 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Router# ================================================================================ Switch#sh lldp neighbors % LLDP is not enabled Switch# Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#lldp run Switch(config)#end Switch# Switch#debug lldp ? errors LLDP errors events LLDP events packets LLDP packet-related information states LLDP states Switch#debug lldp packets LLDP packet info debugging is on Switch# *Mar 1 01:30:32.286: LLDP advertisement packet TX'd on intf FastEthernet0/1 Switch# ================================================================================ Router#sh int gi0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is PQ3_TSEC, address is f0f7.55ef.a2a0 (bia f0f7.55ef.a2a0) Internet address is 10.10.10.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:05, output 00:00:01, output hang never Last clearing of "show interface" counters 01:15:47 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1 packets input, 333 bytes, 0 no buffer Received 1 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 1 multicast, 0 pause input 463 packets output, 27916 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 1 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Router# ================================================================================ Solution: Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/1 Switch(config-if)#no lldp transmit Switch(config-if)#end Switch#
Note: "unknown protocol drops" does not applicable for LLDP packets on Cisco IOS 15.1T releases.
Router#sh ver | in IOS|image
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(3)T4, RELEASE SOFTWARE (fc1)
System image file is "flash0:c2951-universalk9-mz.SPA.151-3.T4.bin"
Router#
Friday, January 20, 2012
NX-OS 6.0(2) HSRP Authentication Bug
Configuration Reference:
http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_HSRP_Comparison
Cisco 7206VXR Cisco IOS 12.4(24)T5
Nexus 7010 NX-OS 6.0(2)
http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_HSRP_Comparison
Cisco 7206VXR Cisco IOS 12.4(24)T5
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex full
standby 1 ip 192.168.1.1
standby 1 priority 110
standby 1 authentication md5 key-string XXXXXXX321
!
Nexus 7010 NX-OS 6.0(2)
interface Vlan5
no ip redirects
ip address 172.31.5.253/24
hsrp 2
authentication md5 key-string XXXXXXX321
preempt delay minimum 60
priority 150
timers 1 3
ip 172.31.5.254
no shutdown
Friday, June 17, 2011
NX-OS 'Vlans Err-disabled on Trunk' due to 'L4 protocol CAM entry allocation failure'
n7010# sh cdp neighbors Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge S - Switch, H - Host, I - IGMP, r - Repeater, V - VoIP-Phone, D - Remotely-Managed-Device, s - Supports-STP-Dispute Device-ID Local Intrfce Hldtme Capability Platform Port ID n7010(JAF1447ALEM) Eth2/41 177 R S I s N7K-C7010 Eth2/42 n7010(JAF1447ALEM) Eth2/42 177 R S I s N7K-C7010 Eth2/41 n7010# n7010# sh spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 8193 Address f025.72a5.a3c1 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 8193 (priority 8192 sys-id-ext 1) Address f025.72a5.a3c1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Eth2/41 Desg FWD 4 128.297 P2p Eth2/42 Back BLK 4 128.298 P2p n7010# n7010# conf t Enter configuration commands, one per line. End with CNTL/Z. n7010(config)# int vlan 1 n7010(config-if)# ip access-group Test_ACL in Note: ACL Test_ACL does not exist. Traffic will be implicitly denied n7010(config-if)# n7010(config-if)# exit n7010(config)# n7010(config)# ip access-list Test_ACL n7010(config-acl)# deny 1 any any n7010(config-acl)# deny 2 any any n7010(config-acl)# deny 3 any any n7010(config-acl)# deny 4 any any n7010(config-acl)# deny 5 any any n7010(config-acl)# deny 6 any any n7010(config-acl)# deny 7 any any ERROR: L4 protocol CAM entry allocation failure n7010(config-acl)# n7010(config-acl)# sh access-list Test_ACL IP access list Test_ACL 10 deny icmp any any 20 deny igmp any any 30 deny 3 any any 40 deny 4 any any 50 deny 5 any any 60 deny tcp any any n7010(config-acl)# n7010(config-acl)# int vlan 1 n7010(config-if)# no ip access-group Test_ACL in n7010(config-if)# n7010(config-if)# ip access-list Test_ACL n7010(config-acl)# deny 7 any any n7010(config-acl)# sh ip access-list Test_ACL IP access list Test_ACL 10 deny icmp any any 20 deny igmp any any 30 deny 3 any any 40 deny 4 any any 50 deny 5 any any 60 deny tcp any any 70 deny 7 any any n7010(config-acl)# n7010(config-acl)# int vlan 1 n7010(config-if)# ip access-group Test_ACL in ERROR: L4 protocol CAM entry allocation failure n7010(config-if)# n7010(config-if)# int e2/41 n7010(config-if)# shut n7010(config-if)# n7010(config-if)# int vlan 1 n7010(config-if)# ip access-group Test_ACL in n7010(config-if)# n7010(config-if)# clear log log 2011 Jun 17 19:24:58 n7010 %$ VDC-1 %$ %SYSLOG-1-SYSTEM_MSG : Logging logfile (messages) cleared by user n7010(config-if)# n7010(config-if)# int e2/41 n7010(config-if)# no shut n7010(config-if)# sh spanning-tree No spanning tree instance exists. n7010(config-if)# n7010(config-if)# sh int e2/41 trunk -------------------------------------------------------------------------------- Port Native Status Port Vlan Channel -------------------------------------------------------------------------------- Eth2/41 1 trunking -- -------------------------------------------------------------------------------- Port Vlans Allowed on Trunk -------------------------------------------------------------------------------- Eth2/41 1-3967,4048-4093 -------------------------------------------------------------------------------- Port Vlans Err-disabled on Trunk -------------------------------------------------------------------------------- Eth2/41 1-8 -------------------------------------------------------------------------------- Port STP Forwarding -------------------------------------------------------------------------------- Eth2/41 none -------------------------------------------------------------------------------- Port Vlans in spanning tree forwarding state and not pruned -------------------------------------------------------------------------------- Eth2/41 none -------------------------------------------------------------------------------- Port Vlans Forwarding on FabricPath -------------------------------------------------------------------------------- Eth2/41 none n7010(config-if)# n7010(config-if)# sh log log 2011 Jun 17 19:24:58 n7010 %SYSLOG-1-SYSTEM_MSG : Logging logfile (messages) cleared by user 2011 Jun 17 19:25:04 n7010 %ETHPORT-5-IF_ADMIN_UP: Interface Ethernet2/41 is admin up . 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-SPEED: Interface Ethernet2/42, operational speed changed to 1 Gbps 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_DUPLEX: Interface Ethernet2/42, operational duplex mode changed to Full 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet2/42, operational Receive Flow Control state changed to off 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet2/42, operational Transmit Flow Control state changed to off 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-SPEED: Interface Ethernet2/41, operational speed changed to 1 Gbps 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_DUPLEX: Interface Ethernet2/41, operational duplex mode changed to Full 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet2/41, operational Receive Flow Control state changed to off 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet2/41, operational Transmit Flow Control state changed to off 2011 Jun 17 19:25:07 n7010 %ACLMGR-3-ACLMGR_VERIFY_FAIL: Verify failed: client 8100016E, L4 protocol CAM entry allocation failure 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_SEQ_ERROR: Error ("L4 protocol CAM entry allocation failure") communicating with MTS_SAP_ACLMGR for opcode MTS_OPC_ETHPM_PORT_LOGICAL_BRINGUP (RID_PORT: Ethernet2/42) 2011 Jun 17 19:25:07 n7010 %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 1-8 on Interface Ethernet2/42 are being suspended. (Reason: L4 protocol CAM entry allocation failure) 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_UP: Interface Ethernet2/42 is up in mode trunk 2011 Jun 17 19:25:07 n7010 %ACLMGR-3-ACLMGR_VERIFY_FAIL: Verify failed: client 8100016E, L4 protocol CAM entry allocation failure 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_SEQ_ERROR: Error ("L4 protocol CAM entry allocation failure") communicating with MTS_SAP_ACLMGR for opcode MTS_OPC_ETHPM_PORT_LOGICAL_BRINGUP (RID_PORT: Ethernet2/41) 2011 Jun 17 19:25:07 n7010 %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 1-8 on Interface Ethernet2/41 are being suspended. (Reason: L4 protocol CAM entry allocation failure) 2011 Jun 17 19:25:07 n7010 %ETHPORT-5-IF_UP: Interface Ethernet2/41 is up in mode trunk n7010(config-if)#
Root Cause:
L4 TCAM allocation failed due to 4 lines of IPv4 ACL entries with uncommon IP protocol numbers (those that are not translated to well-known tcp, udp, icmp, igmp, ospf, eigrp, etc).
Wednesday, May 18, 2011
Catalyst 2950 PAgP Partner Information Cosmetic Bug
Bug Description:
The last character of the Partner Name and Partner Port information in the output of the show etherchannel port EXEC command on Catalyst 2950 Series switches is truncated.
The information is carried in the Device Name and Physical Port Name TLVs in the PAgP packets.
This is applicable for PAgP only.
First found in c2950-i6k2l2q4-mz.121-22.EA10a.bin.
Below shows the command output for the same network setup with LACP for the sake of completeness and comparison. :-)
The last character of the Partner Name and Partner Port information in the output of the show etherchannel port EXEC command on Catalyst 2950 Series switches is truncated.
The information is carried in the Device Name and Physical Port Name TLVs in the PAgP packets.
This is applicable for PAgP only.
First found in c2950-i6k2l2q4-mz.121-22.EA10a.bin.
C2950#sh ver | in IOS|Compiled IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1) Compiled Tue 26-Oct-10 10:35 by nburra C2950# C2950#sh run int fa0/9 Building configuration... Current configuration : 88 bytes ! interface FastEthernet0/9 switchport mode trunk channel-group 1 mode desirable end C2950# C2950#sh run int fa0/10 Building configuration... Current configuration : 89 bytes ! interface FastEthernet0/10 switchport mode trunk channel-group 1 mode desirable end C2950# C2950#sh run int po1 Building configuration... Current configuration : 54 bytes ! interface Port-channel1 switchport mode trunk end C2950# ================================================================================ C3560#sh run int fa0/9 Building configuration... Current configuration : 126 bytes ! interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode desirable end C3560# C3560#sh run int fa0/10 Building configuration... Current configuration : 127 bytes ! interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode desirable end C3560# C3560#sh run int po1 Building configuration... Current configuration : 92 bytes ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk end C3560#
C2950# 00:14:33: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to up 00:14:34: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up 00:14:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up 00:14:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to up 00:14:38: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:14:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up C2950# C2950#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID C3560 Fas 0/10 179 S I WS-C3560-4Fas 0/10 C3560 Fas 0/9 179 S I WS-C3560-4Fas 0/9 C2950# C2950#sh etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 u - unsuitable for bundling U - in use f - failed to allocate aggregator d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) PAgP Fa0/9(Pd) Fa0/10(P) C2950# C2950#sh etherchannel port Channel-group listing: ---------------------- Group: 1 ---------- Ports in the group: ------------------- Port: Fa0/9 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = Desirable-Sl Gcchange = 0 Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = PAgP Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode. P - Device learns on physical port. d - PAgP is down. Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa0/9 SC U6/S7 H 30s 1 128 Any 29 Partner's information: Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap. Fa0/9 C356 0023.04a3.5c80 Fa0/ 8s SC 10001 Age of the port in the current state: 0d:00h:00m:09s Port: Fa0/10 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = Desirable-Sl Gcchange = 0 Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = PAgP Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode. P - Device learns on physical port. d - PAgP is down. Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa0/10 SC U6/S7 H 30s 1 128 Any 29 Partner's information: Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap. Fa0/10 C356 0023.04a3.5c80 Fa0/1 9s SC 10001 Age of the port in the current state: 0d:00h:00m:09s C2950# C2950#sh etherchannel port-channel Channel-group listing: ---------------------- Group: 1 ---------- Port-channels in the group: --------------------------- Port-channel: Po1 ------------ Age of the Port-channel = 0d:00h:06m:08s Logical slot/port = 1/0 Number of ports = 2 GC = 0x00010001 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = PAgP Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa0/9 Desirable-Sl 0 0 00 Fa0/10 Desirable-Sl 0 Time since last port bundled: 0d:00h:00m:10s Fa0/10 C2950# ================================================================================ C3560# 00:13:41.320: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to up 00:13:41.949: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up 00:13:45.304: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up 00:13:45.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to up 00:13:46.286: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:13:47.292: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up C3560# C3560#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID C2950 Fas 0/10 169 S I WS-C2950T Fas 0/10 C2950 Fas 0/9 168 S I WS-C2950T Fas 0/9 C3560# C3560#sh etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) PAgP Fa0/9(P) Fa0/10(P) C3560# C3560#sh etherchannel port Channel-group listing: ---------------------- Group: 1 ---------- Ports in the group: ------------------- Port: Fa0/9 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = Desirable-Sl Gcchange = 0 Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = PAgP Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode. P - Device learns on physical port. d - PAgP is down. Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa0/9 SC U6/S7 H 30s 1 128 Any 5001 Partner's information: Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap. Fa0/9 C2950 0011.2029.6800 Fa0/9 13s SC 10001 Age of the port in the current state: 0d:00h:00m:13s Port: Fa0/10 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = Desirable-Sl Gcchange = 0 Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = PAgP Flags: S - Device is sending Slow hello. C - Device is in Consistent state. A - Device is in Auto mode. P - Device learns on physical port. d - PAgP is down. Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa0/10 SC U6/S7 H 30s 1 128 Any 5001 Partner's information: Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap. Fa0/10 C2950 0011.2029.6800 Fa0/10 14s SC 10001 Age of the port in the current state: 0d:00h:00m:13s C3560# C3560#sh etherchannel port-channel Channel-group listing: ---------------------- Group: 1 ---------- Port-channels in the group: --------------------------- Port-channel: Po1 ------------ Age of the Port-channel = 0d:00h:05m:42s Logical slot/port = 2/1 Number of ports = 2 GC = 0x00010001 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = PAgP Port security = Disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa0/9 Desirable-Sl 0 0 00 Fa0/10 Desirable-Sl 0 Time since last port bundled: 0d:00h:00m:15s Fa0/10 C3560#
Below shows the command output for the same network setup with LACP for the sake of completeness and comparison. :-)
C2950#sh run int fa0/9 Building configuration... Current configuration : 85 bytes ! interface FastEthernet0/9 switchport mode trunk channel-group 1 mode active end C2950# C2950#sh run int fa0/10 Building configuration... Current configuration : 86 bytes ! interface FastEthernet0/10 switchport mode trunk channel-group 1 mode active end C2950# C2950#sh run int po1 Building configuration... Current configuration : 54 bytes ! interface Port-channel1 switchport mode trunk end C2950# 00:22:08: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to up 00:22:08: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up 00:22:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up 00:22:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to up 00:22:13: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:22:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up C2950# C2950#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID C3560 Fas 0/10 175 S I WS-C3560-4Fas 0/10 C3560 Fas 0/9 175 S I WS-C3560-4Fas 0/9 C2950# C2950#sh etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 u - unsuitable for bundling U - in use f - failed to allocate aggregator d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/9(Pd) Fa0/10(P) C2950# C2950#sh etherchannel port Channel-group listing: ---------------------- Group: 1 ---------- Ports in the group: ------------------- Port: Fa0/9 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Fa0/9 SA bndl 32768 0x1 0x1 0x9 0x3D Partner's information: LACP port Oper Port Port Port Flags Priority Dev ID Age Key Number State Fa0/9 SA 32768 0023.04a3.5c80 9s 0x1 0x10C 0x3D Age of the port in the current state: 0d:00h:00m:08s Port: Fa0/10 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Fa0/10 SA bndl 32768 0x1 0x1 0xA 0x3D Partner's information: LACP port Oper Port Port Port Flags Priority Dev ID Age Key Number State Fa0/10 SA 32768 0023.04a3.5c80 9s 0x1 0x10D 0x3D Age of the port in the current state: 0d:00h:00m:08s C2950# C2950#sh etherchannel port-channel Channel-group listing: ---------------------- Group: 1 ---------- Port-channels in the group: --------------------------- Port-channel: Po1 (Primary Aggregator) ------------ Age of the Port-channel = 0d:00h:01m:25s Logical slot/port = 1/0 Number of ports = 2 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = LACP Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa0/9 Active 0 0 00 Fa0/10 Active 0 Time since last port bundled: 0d:00h:00m:10s Fa0/10 C2950# ================================================================================ C3560#sh run int fa0/9 Building configuration... Current configuration : 123 bytes ! interface FastEthernet0/9 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active end C3560# C3560#sh run int fa0/10 Building configuration... Current configuration : 124 bytes ! interface FastEthernet0/10 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active end C3560# C3560#sh run int po1 Building configuration... Current configuration : 92 bytes ! interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk end C3560# 00:21:15.848: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state to up 00:21:16.519: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up 00:21:19.883: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/9, changed state to up 00:21:20.588: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to up 00:21:20.864: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:21:21.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up C3560# C3560#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID C2950 Fas 0/10 178 S I WS-C2950T Fas 0/10 C2950 Fas 0/9 178 S I WS-C2950T Fas 0/9 C3560# C3560#sh etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) LACP Fa0/9(P) Fa0/10(P) C3560# C3560#sh etherchannel port Channel-group listing: ---------------------- Group: 1 ---------- Ports in the group: ------------------- Port: Fa0/9 ------------ Port state = Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Fa0/9 SA bndl 32768 0x1 0x1 0x10C 0x3D Partner's information: LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Number State Fa0/9 SA 32768 0011.2029.6800 12s 0x0 0x1 0x9 0x3D Age of the port in the current state: 0d:00h:00m:11s Port: Fa0/10 ------------ Port state = Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Fa0/10 SA bndl 32768 0x1 0x1 0x10D 0x3D Partner's information: LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Number State Fa0/10 SA 32768 0011.2029.6800 13s 0x0 0x1 0xA 0x3D Age of the port in the current state: 0d:00h:00m:12s C3560# C3560#sh etherchannel port-channel Channel-group listing: ---------------------- Group: 1 ---------- Port-channels in the group: --------------------------- Port-channel: Po1 (Primary Aggregator) ------------ Age of the Port-channel = 0d:00h:01m:12s Logical slot/port = 2/1 Number of ports = 2 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = LACP Port security = Disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa0/9 Active 0 0 00 Fa0/10 Active 0 Time since last port bundled: 0d:00h:00m:13s Fa0/10 C3560#
Tuesday, April 12, 2011
The Hidden and Undocumented 'EIGRP Too-optimal Routing' Enhancement
We often heard about routing loop and suboptimal routing, I have discovered a new hidden and undocumented EIGRP feature or enhancement yesterday - the EIGRP Too-optimal Routing enhancement.
This feature was first introduced in Cisco IOS 12.4(20)T along with another hidden and undocumented feature - the Enhanced Tunnel Interface Delay enhancement, in which the default delay for tunnel interfaces was tuned from 500000 usec to 50000 usec.
Below shows the output of a Cisco 7200 running the 12.4(20)T releases regarding the the enhancement mentioned above.
As expected, all Cisco IOS releases after the 12.4(20)T releases have the new feature implemented. :-)
Let's have a look on other 12.4 and 12.4T releases.
As expected, the new feature is not being implemented throughout the 12.4 releases.
And... note that the new feature is not implemented on the maintenance release for the 12.4(15)T releases as well.
Let's come back to the main topic.
With the indirect enhancement upon EIGRP due to the introduction of the Enhanced Tunnel Interface Delay enhancement, we will be gaining more hands-on experience in troubleshooting routing loop problems in DMVPN and IPVPN environments with EIGRP as the routing protocol, after replaced a router, upgraded a router, or upgraded the IOS of a router. @_@
In such environments that rely upon Tunnel interfaces heavily, the enhancement upon the delay of Tunnel interfaces greatly influence the metric calculation of EIGRP routes.
EIGRP rely upon the bandwidth and delay by default when calculating the metric.
Routing loops can occur as Cisco routers running different IOS versions with and without the enhancements discussed above treat the network topology differently.
Image excerpt from the CCNP ROUTE Complete Guide 1st Edition
Sorry to say but EIGRP has failed again after my blog post of EIGRP Next Hop, RIPv2 Next Hop, and OSPF Forward Address.
Thanks for reading. :-)
Hope you enjoyed reading as I enjoyed writing this. :-)
20/12/2012 UPDATE:
Cisco actually aware upon this enhancement. :-)
This feature was first introduced in Cisco IOS 12.4(20)T along with another hidden and undocumented feature - the Enhanced Tunnel Interface Delay enhancement, in which the default delay for tunnel interfaces was tuned from 500000 usec to 50000 usec.
Below shows the output of a Cisco 7200 running the 12.4(20)T releases regarding the the enhancement mentioned above.
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Compiled Fri 11-Jul-08 04:22 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 9132 bytes, BW 100 Kbit/sec, DLY 50000 usec, Router#
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(20)T6, RELEASE SOFTWARE (fc2) Compiled Fri 03-Sep-10 13:40 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, Router#
As expected, all Cisco IOS releases after the 12.4(20)T releases have the new feature implemented. :-)
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(22)T5, RELEASE SOFTWARE (fc3) Compiled Wed 28-Apr-10 13:31 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, Router#
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3) Compiled Fri 04-Mar-11 06:49 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, Router#
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.1(4)M, RELEASE SOFTWARE (fc1) Compiled Thu 24-Mar-11 19:26 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, Router#
Let's have a look on other 12.4 and 12.4T releases.
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-IS-M), Version 12.4(25e), RELEASE SOFTWARE (fc2) Compiled Thu 17-Mar-11 00:08 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 1514 bytes, BW 9 Kbit/sec, DLY 500000 usec, Router#
Router#sh ver | in IOS|Compiled Cisco IOS Software, 7200 Software (C7200-IPBASEK9-M), Version 12.4(15)T15, RELEASE SOFTWARE (fc3) Compiled Tue 08-Mar-11 10:32 by prod_rel_team Router# Router#sh int FastEthernet0/0 | in DLY MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, Router# Router#sh int Ethernet2/0 | in DLY MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, Router# Router#sh int Serial3/0 | in DLY MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, Router# Router#sh int Loopback0 | in DLY MTU 1514 bytes, BW 8000000 Kbit/sec, DLY 5000 usec, Router# Router#sh int Tunnel1 | in DLY MTU 1514 bytes, BW 9 Kbit/sec, DLY 500000 usec, Router#
As expected, the new feature is not being implemented throughout the 12.4 releases.
And... note that the new feature is not implemented on the maintenance release for the 12.4(15)T releases as well.
Let's come back to the main topic.
With the indirect enhancement upon EIGRP due to the introduction of the Enhanced Tunnel Interface Delay enhancement, we will be gaining more hands-on experience in troubleshooting routing loop problems in DMVPN and IPVPN environments with EIGRP as the routing protocol, after replaced a router, upgraded a router, or upgraded the IOS of a router. @_@
In such environments that rely upon Tunnel interfaces heavily, the enhancement upon the delay of Tunnel interfaces greatly influence the metric calculation of EIGRP routes.
EIGRP rely upon the bandwidth and delay by default when calculating the metric.
Routing loops can occur as Cisco routers running different IOS versions with and without the enhancements discussed above treat the network topology differently.
Sorry to say but EIGRP has failed again after my blog post of EIGRP Next Hop, RIPv2 Next Hop, and OSPF Forward Address.
Thanks for reading. :-)
Hope you enjoyed reading as I enjoyed writing this. :-)
20/12/2012 UPDATE:
Cisco actually aware upon this enhancement. :-)
Sunday, March 27, 2011
CSCtk46796 - N5K NX-OS 5.0(2)N1(1) ICMP Echo Request Packets Greater than the Default Ethernet MTU 1500 Bytes to SVIs Not Being Fragmented
When performing verification upon the implementation of Jumbo Frame support on Nexus 5000 switches, I discovered the following problem.
Firstly, there was no problem with NX-OS 4.2(1)N2(1):
Below shows the problem scenario observed on NX-OS 5.0(2)N1(1):
Note: This problem has nothing to do with the Jumbo Frame configuration, as the ICMP Echo Request packets are sent without the DF (Don't Fragment) bit set, and therefore we are expecting fragmentation to occur.
Lastly, the Cisco TAC engineer filed a new bug for this. :-)
Network Setup
Firstly, there was no problem with NX-OS 4.2(1)N2(1):
n5010-sw1# sh ver Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Software BIOS: version 1.3.0 loader: version N/A kickstart: version 4.2(1)N2(1) system: version 4.2(1)N2(1) power-seq: version v1.2 BIOS compile time: 09/08/09 kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N2.1.bin kickstart compile time: 7/28/2010 18:00:00 [07/29/2010 01:10:19] system image file is: bootflash:/n5000-uk9.4.2.1.N2.1.bin system compile time: 7/28/2010 18:00:00 [07/29/2010 05:18:12] Hardware cisco Nexus5010 Chassis ("20x10GE/Supervisor") Intel(R) Celeron(R) M CPU with 2074284 kB of memory. Processor Board ID JAF1429ERMA Device name: n5010-sw1 bootflash: 1003520 kB Kernel uptime is 51 day(s), 4 hour(s), 45 minute(s), 38 second(s) Last reset at 125383 usecs after Thu Oct 7 07:25:30 2010 Reason: Reset Requested by CLI command reload System version: 4.2(1)N2(1) Service: plugin Core Plugin, Ethernet Plugin, Fc Plugin n5010-sw1# n5010-sw1# ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=254 time=2.281 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=254 time=1.11 ms 64 bytes from 192.168.1.2: icmp_seq=2 ttl=254 time=1.006 ms 64 bytes from 192.168.1.2: icmp_seq=3 ttl=254 time=1.018 ms 64 bytes from 192.168.1.2: icmp_seq=4 ttl=254 time=1.019 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 1.006/1.286/2.281 ms n5010-sw1# n5010-sw1# ping 192.168.1.2 packet-size 1472 PING 192.168.1.2 (192.168.1.2): 1472 data bytes 1480 bytes from 192.168.1.2: icmp_seq=0 ttl=254 time=1.741 ms 1480 bytes from 192.168.1.2: icmp_seq=1 ttl=254 time=1.124 ms 1480 bytes from 192.168.1.2: icmp_seq=2 ttl=254 time=1.1 ms 1480 bytes from 192.168.1.2: icmp_seq=3 ttl=254 time=1.058 ms 1480 bytes from 192.168.1.2: icmp_seq=4 ttl=254 time=1.192 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 1.058/1.243/1.741 ms n5010-sw1# n5010-sw1# ping 192.168.1.2 packet-size 1473 PING 192.168.1.2 (192.168.1.2): 1473 data bytes 1481 bytes from 192.168.1.2: icmp_seq=0 ttl=254 time=1.32 ms 1481 bytes from 192.168.1.2: icmp_seq=1 ttl=254 time=0.907 ms 1481 bytes from 192.168.1.2: icmp_seq=2 ttl=254 time=0.9 ms 1481 bytes from 192.168.1.2: icmp_seq=3 ttl=254 time=1.052 ms 1481 bytes from 192.168.1.2: icmp_seq=4 ttl=254 time=3.502 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.9/1.536/3.502 ms n5010-sw1# n5010-sw1# ping 192.168.1.2 packet-size 3000 PING 192.168.1.2 (192.168.1.2): 3000 data bytes 3008 bytes from 192.168.1.2: icmp_seq=0 ttl=254 time=2.031 ms 3008 bytes from 192.168.1.2: icmp_seq=1 ttl=254 time=1.474 ms 3008 bytes from 192.168.1.2: icmp_seq=2 ttl=254 time=1.388 ms 3008 bytes from 192.168.1.2: icmp_seq=3 ttl=254 time=1.397 ms 3008 bytes from 192.168.1.2: icmp_seq=4 ttl=254 time=1.473 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 1.388/1.552/2.031 ms n5010-sw1#
Below shows the problem scenario observed on NX-OS 5.0(2)N1(1):
n5010-sw1# sh ver Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. Software BIOS: version 1.3.0 loader: version N/A kickstart: version 5.0(2)N1(1) system: version 5.0(2)N1(1) power-seq: version v1.2 BIOS compile time: 09/08/09 kickstart image file is: bootflash:/n5000-uk9-kickstart.5.0.2.N1.1.bin kickstart compile time: 10/15/2010 0:00:00 [10/15/2010 08:00:43] system image file is: bootflash:/n5000-uk9.5.0.2.N1.1.bin system compile time: 10/15/2010 0:00:00 [10/15/2010 09:34:05] Hardware cisco Nexus5010 Chassis ("20x10GE/Supervisor") Intel(R) Celeron(R) M CPU with 2074284 kB of memory. Processor Board ID JAF1429ERMA Device name: n5010-sw1 bootflash: 1003520 kB Kernel uptime is 0 day(s), 23 hour(s), 19 minute(s), 23 second(s) Last reset at 296097 usecs after Fri Nov 26 12:43:08 2010 Reason: Disruptive upgrade System version: 4.2(1)N2(1) Service: plugin Core Plugin, Ethernet Plugin, Fc Plugin n5010-sw1# n5010-sw1# ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=254 time=7.09 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=254 time=1.216 ms 64 bytes from 192.168.1.2: icmp_seq=2 ttl=254 time=1.223 ms 64 bytes from 192.168.1.2: icmp_seq=3 ttl=254 time=1.196 ms 64 bytes from 192.168.1.2: icmp_seq=4 ttl=254 time=1.142 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 1.142/2.373/7.09 ms n5010-sw1# n5010-sw1# ping 192.168.1.2 packet-size 1472 PING 192.168.1.2 (192.168.1.2): 1472 data bytes 1480 bytes from 192.168.1.2: icmp_seq=0 ttl=254 time=1.884 ms 1480 bytes from 192.168.1.2: icmp_seq=1 ttl=254 time=1.059 ms 1480 bytes from 192.168.1.2: icmp_seq=2 ttl=254 time=1.383 ms 1480 bytes from 192.168.1.2: icmp_seq=3 ttl=254 time=0.985 ms 1480 bytes from 192.168.1.2: icmp_seq=4 ttl=254 time=1.36 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.985/1.334/1.884 ms n5010-sw1# n5010-sw1# ping 192.168.1.2 packet-size 1473 PING 192.168.1.2 (192.168.1.2): 1473 data bytes Request 0 timed out Request 1 timed out Request 2 timed out Request 3 timed out Request 4 timed out --- 192.168.1.2 ping statistics --- 5 packets transmitted, 0 packets received, 100.00% packet loss n5010-sw1# n5010-sw1# ping 192.168.1.2 packet-size 1500 PING 192.168.1.2 (192.168.1.2): 1500 data bytes Request 0 timed out Request 1 timed out Request 2 timed out Request 3 timed out Request 4 timed out --- 192.168.1.2 ping statistics --- 5 packets transmitted, 0 packets received, 100.00% packet loss n5010-sw1#
Note: This problem has nothing to do with the Jumbo Frame configuration, as the ICMP Echo Request packets are sent without the DF (Don't Fragment) bit set, and therefore we are expecting fragmentation to occur.
Lastly, the Cisco TAC engineer filed a new bug for this. :-)
Friday, March 4, 2011
Nexus 7000 CMP TACACS+ Login Failure
Problem Symptom:
When AAA authentication through TACACS+ is enabled upon the remote access to the Nexus 7000 Control Processor (CP), login to the CMP (Connectivity Management Processor) via Telnet using a valid TACACS+ username and password failed with the error message "User not known to the underlying authentication module".
Cisco Bug ID: CSCte25626
Resolution:
Reboot the CMPs using the reload cmp module slot privileged command on the CP.
Continuous ping to the management IP addresses of the CMPs will timeout for a short period. After the management IP addresses start replying to ICMP Echo Requests, login to the CMP using a valid TACACS+ account is then successful.
When AAA authentication through TACACS+ is enabled upon the remote access to the Nexus 7000 Control Processor (CP), login to the CMP (Connectivity Management Processor) via Telnet using a valid TACACS+ username and password failed with the error message "User not known to the underlying authentication module".
Cisco Bug ID: CSCte25626
C:\>telnet 192.168.1.1 Linux 2.6.10_mvl401-pc_targetpspos (n7k-core-sw01-cmp6) (0) n7k-core-sw01-cmp6 login: user1 Password: User not known to the underlying authentication module Connection to host lost. C:\>
Resolution:
Reboot the CMPs using the reload cmp module slot privileged command on the CP.
Continuous ping to the management IP addresses of the CMPs will timeout for a short period. After the management IP addresses start replying to ICMP Echo Requests, login to the CMP using a valid TACACS+ account is then successful.
Linux 2.6.10_mvl401-pc_targetpspos (n7k-core-sw01-cmp6) (0) n7k-core-sw01-cmp6 login: user1 Password: n7k-core-sw01-cmp6# n7k-core-sw01-cmp6# sh version CMP Software: CMP BIOS version: 02.01.05 CMP Image version: 4.2(1) [build 4.2(1)] CMP BIOS compile time: 7/13/2008 19:44:27 CMP Image compile time: 1/5/2010 1:00:00 n7k-core-sw01-cmp6#
Subscribe to:
Posts (Atom)