Thanks for your reply.
and here you are the Show version output of the switch is causing the unistorm messages.
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(50)SE, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Fri 27-Feb-09 23:25 by weiliu Image text-base: 0x00003000, data-base: 0x01200000
ROM: Bootstrap program is C2960 boot loader BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
SZZ-01-SWA-02 uptime is 13 weeks, 2 days, 6 hours, 34 minutes System returned to ROM by power-on System restarted at 05:36:54 UTC Sun Aug 16 2015 System image file is "flash:c2960-lanbase-mz.122-50.SE.bin"
cisco WS-C2960-48TT-L (PowerPC405) processor (revision E0) with 61440K/4088K bytes of memory. Processor board ID Last reset from power-on 2 Virtual Ethernet interfaces 48 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:22:0C:BA:87:80 Motherboard assembly number : 73-10391-05 Power supply part number : 341-0097-02 Motherboard serial number : FOC1224084P Power supply serial number : AZS1223041L Model revision number : E0 Motherboard revision number : A0 Model number : WS-C2960-48TT-L System serial number : FOC1224A0EY Top Assembly Part Number : 800-27222-04 Top Assembly Revision Number : A0 Version ID : V04 CLEI Code Number : COM3H00BRC Hardware Board Revision Number : 0x02
Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 50 WS-C2960-48TT-L 12.2(50)SE C2960-LANBASE-M
Thanks in advance,
... View more
For some days i'm getting the following "error" message on the switch
%STORM_CONTROL-3-FILTERED: A Unicast storm detected on GI0/47 A packet filter action has been applied
Port 0/47 is connected to a another switch with the following stormcontrol configuration.
storm-control broadcast level 30.00 storm-control multicast level 40.00 storm-control unicast level 70.00
my question is how to troubleshoot on the switch which is connected to GI0/47 which device is causing the unicast traffic.
Thanks in advance
... View more
I have enabled the tunnels, I'm getting the eigrp routes. as far as I know if you don't set permit any it will block all other traffic by his self. but i don't understand why I don't have last gateway resort and why 0.0.0.0 is connected wiht virtual access1. I think that this is causing the problem. but i'm not sure S* 0.0.0.0/0 is directly connected, Virtual-Access1 is directly connected, Tunnel0 is directly connected, GigabitEthernet0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 3 masks S 10.0.0.0/8 is directly connected, Virtual-Access1 C 10.68.1.0/24 is directly connected, GigabitEthernet0/1 L 10.68.1.1/32 is directly connected, GigabitEthernet0/1 H 10.68.2.0/24 [250/1] via 10.68.254.12, 00:00:15, Virtual-Access1 C 10.68.254.0/24 is directly connected, Tunnel0 L 10.68.254.11/32 is directly connected, Tunnel0 S % 10.68.254.12/32 is directly connected, Virtual-Access1 C 10.68.255.11/32 is directly connected, Loopback1 217.112.xxx.xxx/24 is variably subnetted, 2 subnets, 2 masks C 217.112.xxx.xxx/27 is directly connected, GigabitEthernet0/0 L 217.112.xxx.xxx/32 is directly connected, GigabitEthernet0/0
... View more
Gateway of last resort is 0.0.0.0 to network 0.0.0.0 S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 10.68.1.0/24 is directly connected, GigabitEthernet0/1 L 10.68.1.1/32 is directly connected, GigabitEthernet0/1 C 10.68.254.0/24 is directly connected, Tunnel0 L 10.68.254.11/32 is directly connected, Tunnel0 C 10.68.255.11/32 is directly connected, Loopback1 217.112.xxx.0/24 is variably subnetted, 2 subnets, 2 masks C 217.112.xxx.xxx/27 is directly connected, GigabitEthernet0/0 L 217.112.xxx.xxx/32 is directly connected, GigabitEthernet0/0
... View more
Hi, Let me show you my config. at this moment all works fine becuase tunnel 0 is shutdown. when I enable tunnel 0 all www traffic is piointing to the hub. version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SPOKE ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! aaa authorization network Spoke local ! ! ! ! ! aaa session-id common clock timezone PCTime 1 0 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ! ! ! ! ! ip dhcp pool DHCP-POOL network 10.68.1.0 255.255.255.0 default-router 10.68.1.1 dns-server 188.8.131.52 lease 8 ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! username xxxxxx privilege 15 password 0 xxxxx ! redundancy ! crypto ikev2 authorization policy SPOKE.policy route set interface route set access-list 6 ! crypto ikev2 proposal SPOKE.pro encryption aes-cbc-256 integrity sha256 group 15 ! crypto ikev2 policy SPOKE.PROpolicy proposal SPOKE.pro ! crypto ikev2 keyring SPOKE.keyring peer HUB address 0.0.0.0 0.0.0.0 pre-shared-key local xxxxx pre-shared-key remote xxxxx ! ! ! crypto ikev2 profile SPOKE.prof match identity remote address 0.0.0.0 identity local address 217.112.xxx.xxx authentication remote pre-share authentication local pre-share keyring local SPOKE.keyring aaa authorization group psk list Spoke SPOKE.policy virtual-template 1 ! crypto ikev2 dpd 30 5 on-demand crypto ikev2 client flexvpn Flex_client peer 1 217.112.xxx.xxx client connect Tunnel0 ! ! ! ! ! ! crypto ipsec transform-set WilNet-ESP esp-gcm mode transport ! crypto ipsec profile SPOKE.ipsprof set transform-set WilNet-ESP set ikev2-profile SPOKE.prof ! ! ! ! ! ! ! interface Loopback1 ip address 10.68.255.11 255.255.255.255 ! interface Tunnel0 ip address 10.68.254.11 255.255.255.0 ip mtu 1400 ip nhrp network-id 2 ip nhrp shortcut virtual-template 1 ip nhrp redirect ip tcp adjust-mss 1360 shutdown tunnel source GigabitEthernet0/0 tunnel destination dynamic tunnel path-mtu-discovery tunnel protection ipsec profile SPOKE.ipsprof ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 217.112.xxx.xxx 255.255.255.224 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 10.68.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface Virtual-Template1 type tunnel ip unnumbered Tunnel0 ip mtu 1400 ip nhrp network-id 2 ip nhrp shortcut virtual-template 1 ip nhrp redirect ip tcp adjust-mss 1360 tunnel path-mtu-discovery tunnel protection ipsec profile SPOKE.ipsprof ! ! router eigrp 11 network 10.0.0.0 passive-interface default no passive-interface Tunnel0 eigrp stub connected ! ip default-gateway 217.112.xxx.xxx ip forward-protocol nd ! ip http server ip http authentication local ip http secure-server ! ip dns server ip nat inside source list 1 interface GigabitEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 ! access-list 1 remark Nat traffic to Internet access-list 1 permit 10.68.1.0 0.0.0.255 access-list 6 permit 10.0.0.0 0.255.255.255 access-list 6 permit any ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ! end hope you can tell my what I'm doing wrong. Thanks in advance,
... View more
HI, can please someone tell me how to NAT with flexvpn ? I have a HUB to Spoke and Spoke to Spoke configuration with virtual-templates. when I configure NAT and do a traceroute to google ip address the first hop is the HUB router. but this should go directly to the internet. Thanks in advance, Topcu, M
... View more