deleting comment. wrong attachment. ... View more

Thanks. I just don't get it why the secondary chassis would reboot twice because of DAD. It prolongs the downtime of secondary VSS switch. ... View more

It’s now running SY7. I upgraded traditional way. ... View more

For those who want to see the logs here it is. I am upgrading traditional way. ... View more

If I delete the entry of the current IOS in boot system command it won't let me proceed with ISSU. I tried to follow Cisco's guide as well. I am upgrading the switches via console and that's all the error I am getting before reloading and booting the old image again. It says that there is an IOS mismatch so it is loading the old firmware. ... View more

That's what I did. After the secondary chassis upgrades to new version, it will revert back to old. ... View more

I am trying to upgrade using ISSU to learn how to do it again in the future. I want to do the traditional way but just checking if I can do this using ISSU for future purposes. Thanks! ... View more

Thanks for the feedback Rick.   Basically here's the situation. The AS# to be removed is in the middle of the network. The distribution is running dual EIGRP process facing the core and edge devices. Some devices are still using the old AS (higher number) and some are using the new one. Although 90% of our DC is already running the new AS#. The core facing distribution is old EIGRP. Core facing other DCs are running new AS. Distribution facing edge devices use both old and new. So basically what we only need to do is to overlay the new EIGRP AS in the core to connect these 2 islands of EIGRP. But as you can see there are multiple redistribution points in the network, the distribution and core. So that's what I am currently testing. If I connect the 2 islands of new EIGRP AS then the redistribution should be out of the picture.   (eBGP/EIGRPAS1)Core(AS2)----(AS2)Distribution(AS1)----(AS1)Edge(AS1) (eBGP/EIGRPAS1)Core(AS2)----(AS2)Distribution(AS2)----(AS2)Edge(AS2)   As you can see above (there are 2 scenarios).    1. Distribution is redistributing routes between AS1 and AS2. In the core, there is also a mutual redistribution between the two AS#s. 2. The mutual redistribution is on Core and Edge only   It's a little bit more complex than that because the network statements in the distribution switch were also messed up including the redistribution filters.   Now, if I enable dual EIGRP between core and distribution and redistribute eBGP routes into both process, which one will EIGRP pick as best since they are both equal coming from different AS#. Right now eBGP routes are just getting injected to AS2 between the core and distribution. If I enable AS1 in between too and redistribute BGP to EIGRP AS1, distribution switch "may" get both routes from different AS so the question which is best. If it picks AS1 as best, then the segment between distribution and edge should have redistribution for those BGP redistributed routes, because prior to the dual process between core and distribution, those redistributed routes are advertised all the way to the edge for AS2 process. If it picks AS1 then a redistribution must take place.   We want to do it as fast as we could and very minimal changes that's why we are shooting for this kind of approach and not really deal with "this part of the network should be this AS and this should be that and bla bla bla, then we merge it after one by one." So it's more of "ships in the night" approach. ... View more

Yes Sir. Everything is the same but just running 2 process per router.   You can still validate using the RIB because it says "Known via "EIGRP XX:"" The lower AS# is always being used on my testing.   Here's a sample. Just 2 routers on a p2p setup with loopback addresses. All interfaces are in 10.x and network statements are 10.0.0.0 for both EIGRP 10 and 20.   IOU1#sh ip route 10.0.255.2 Routing entry for 10.0.255.2/32 Known via "eigrp 10", distance 90, metric 409600, type internal Redistributing via eigrp 10 Last update from 10.0.12.2 on Ethernet0/0, 00:00:07 ago Routing Descriptor Blocks: * 10.0.12.2, from 10.0.12.2, 00:00:07 ago, via Ethernet0/0 Route metric is 409600, traffic share count is 1 Total delay is 6000 microseconds, minimum bandwidth is 10000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1   Added EIGRP AS#5. Now, it's saying that best path is known via EIGRP 5.   IOU1#sh ip route 10.0.255.2 Routing entry for 10.0.255.2/32 Known via "eigrp 5", distance 90, metric 409600, type internal Redistributing via eigrp 5 Last update from 10.0.12.2 on Ethernet0/0, 00:00:07 ago Routing Descriptor Blocks: * 10.0.12.2, from 10.0.12.2, 00:00:07 ago, via Ethernet0/0 Route metric is 409600, traffic share count is 1 Total delay is 6000 microseconds, minimum bandwidth is 10000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1   Created EIGRP 30. Route table's best path is still EIGRP 5.   IOU1#sh ip route 10.0.255.2 Routing entry for 10.0.255.2/32 Known via "eigrp 5", distance 90, metric 409600, type internal Redistributing via eigrp 5 Last update from 10.0.12.2 on Ethernet0/0, 00:01:07 ago Routing Descriptor Blocks: * 10.0.12.2, from 10.0.12.2, 00:01:07 ago, via Ethernet0/0 Route metric is 409600, traffic share count is 1 Total delay is 6000 microseconds, minimum bandwidth is 10000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1   IOU1#sh ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(20) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 11 00:03:54 5 100 0 5 EIGRP-IPv4 Neighbors for AS(10) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 12 00:03:29 9 100 0 5 EIGRP-IPv4 Neighbors for AS(5) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 13 00:01:40 2 100 0 3 EIGRP-IPv4 Neighbors for AS(30) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 11 00:00:41 17 153 0 2   Created EIGRP 1. Route known from EIGRP 1.   IOU1#sh ip route 10.0.255.2 Routing entry for 10.0.255.2/32 Known via "eigrp 1", distance 90, metric 409600, type internal Redistributing via eigrp 1 Last update from 10.0.12.2 on Ethernet0/0, 00:00:07 ago Routing Descriptor Blocks: * 10.0.12.2, from 10.0.12.2, 00:00:07 ago, via Ethernet0/0 Route metric is 409600, traffic share count is 1 Total delay is 6000 microseconds, minimum bandwidth is 10000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1   IOU1#show ip eig neigh EIGRP-IPv4 Neighbors for AS(20) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 12 00:05:11 5 100 0 5 EIGRP-IPv4 Neighbors for AS(10) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 14 00:04:46 9 100 0 5 EIGRP-IPv4 Neighbors for AS(5) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 14 00:02:57 4 100 0 5 EIGRP-IPv4 Neighbors for AS(30) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 12 00:01:58 17 153 0 2 EIGRP-IPv4 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.0.12.2 Et0/0 13 00:00:38 3 100 0 3     So I am not sure if this is a behavior specific to the IOS or this is really how it should behave but I cannot find any documentation.   IOU1#sh ip eigrp topo 10.0.255.2/32 EIGRP-IPv4 Topology Entry for AS(20)/ID(10.0.255.1) for 10.0.255.2/32 State is Passive, Query origin flag is 1, 0 Successor(s), FD is Infinity Descriptor Blocks: 10.0.12.2 (Ethernet0/0), from 10.0.12.2, Send flag is 0x0 Composite metric is (409600/128256), route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 6000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 10.0.255.2 EIGRP-IPv4 Topology Entry for AS(10)/ID(10.0.255.1) for 10.0.255.2/32 State is Passive, Query origin flag is 1, 0 Successor(s), FD is Infinity Descriptor Blocks: 10.0.12.2 (Ethernet0/0), from 10.0.12.2, Send flag is 0x0 Composite metric is (409600/128256), route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 6000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 10.0.255.2 EIGRP-IPv4 Topology Entry for AS(5)/ID(10.0.255.1) for 10.0.255.2/32 State is Passive, Query origin flag is 1, 0 Successor(s), FD is Infinity Descriptor Blocks: 10.0.12.2 (Ethernet0/0), from 10.0.12.2, Send flag is 0x0 Composite metric is (409600/128256), route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 6000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 10.0.255.2 EIGRP-IPv4 Topology Entry for AS(30)/ID(10.0.255.1) for 10.0.255.2/32 State is Passive, Query origin flag is 1, 0 Successor(s), FD is Infinity Descriptor Blocks: 10.0.12.2 (Ethernet0/0), from 10.0.12.2, Send flag is 0x0 Composite metric is (409600/128256), route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 6000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 10.0.255.2 EIGRP-IPv4 Topology Entry for AS(1)/ID(10.0.255.1) for 10.0.255.2/32 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 409600 Descriptor Blocks: 10.0.12.2 (Ethernet0/0), from 10.0.12.2, Send flag is 0x0 Composite metric is (409600/128256), route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 6000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router is 10.0.255.2 ... View more

I found a lab firewall and tested both dynamic and static NAT and it worked fine. No real traffic tested but at least the ASA did not give an error or warning. ... View more

@RJI wrote: Hi John,   Something like this?   nat (INSIDE,OUTSIDE) source dynamic LAN_1 NAT_POOL destination static PARTNER1 PARTNER1 nat (INSIDE,OUTSIDE) source dynamic LAN_2 NAT_POOL destination static PARTNER2 PARTNER2 - Not configured under and object, rather under global config   Obviously you'd need to change the interface nameif to match your enrvironent and create the relevant objects.   HTH Yeah something like that. Or something like this.   object network public_pool  range x.x.x.1 x.x.x.254   object network subnet_a  subnet 192.168.0.0 255.255.255.  nat (inside,client_a) dynamic p ublic_pool   object network subnet_b  subnet 192.168.1.0 255.255.255.  nat (inside,client_b) dynamic p ublic_pool So the same public range that lives on different sub-interfaces of the firewall. That way I can conserve IP addresses. ... View more

Hmmm... So you cannot see any packets going to P2 correct?   Can also attach the show mpls forwarding-table output of P2, P3, and P4? I am wondering why yours is not working but we almost have the same lab and it worked for me. ... View more