"ip nat outside" block access for cpe from outside network
We have a POP with ASR 1002 for BNG and CGNAT.
The problem is with the configuration of cgnat, we can't access the cpe from outside of asr by interface of uplink.
We tried to accept by using an access list, but without success.
Follow the configuration:
interface Port-channel1.1138 encapsulation dot1Q 1138 ip address 10.1.38.5 255.255.255.248 ip nat outside ! interface Virtual-Template1 mtu 1480 ip unnumbered Loopback0 ip nat inside ip tcp adjust-mss 1452 peer default ip address pool pool_cisco ipv6 enable ipv6 nd ra lifetime 21600 ipv6 nd ra interval 4 3 ipv6 dhcp server dhcpv6 ppp mtu adaptive ppp authentication pap ppp ipcp dns 126.96.36.199 ppp ipcp address required ppp ipcp address unique ppp timeout authentication 20 ! ip local pool pool_cisco 10.38.0.0 10.38.3.255 ip local pool pool_bloqueado 10.24.0.0 10.24.3.254 ip nat settings mode cgn no ip nat settings support mapping outside ip nat translation max-entries 247483647 ip nat pool nat_32 x.y.z.0 x.y.z.63 prefix-length 26 ip nat inside source list 1 pool nat_32 overload ip forward-protocol nd ! access-list 1 permit 10.38.0.0 0.0.3.255Â
If we take out the setting "ip nat outside" of interface, we can access normally the cpe.
In scaled EVPN deployments it can be wise to name ESI that way to represent the site/physical port/etc it is attached to. Thus on some remote location you can easily verify where particular route/MAC is coming from. Similar to phone numbers, where...
Want to enable Feature EPFT with “routing-protocols-enable”. However ,it is throwing an error and ask to configure the following command: “non-subscriber-interfaces mac” which once enabled drops the traffic without any penalty.
XR-vm - CLI's
look for any process crash, review time stamp[if it is too old, then no immediate action needed]
verify if standby state is Ready and NSR-Ready
show proc cpu | exclude " 0%"
It's been a long standing ask for XR to support conditional route advertisements in BGP.
The expected option of using the
option in RPL currently can only be used at the default-inf...
On IOS-XR, Quality of Service has an extension to WRED (Weighted Random Early Detection) called Explicit Congestion Notification (ECN). ECN will mark packets instead of dropping them when the average queue length exceeds a specific threshold value. When c...