Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About MrBeginner
Online
MrBeginner
Member since
11-14-2018
Beginner
06-14-2019
02:28 AM
Hi, please see the below output as you advice.This one will effect to network performance ? GigabitEthernet9 is up, line protocol is up Hardware is PQ_TSEC, address is 00b7.716a.42db (bia 00b7.716a.42db) Description: WAN NETWORK-ISP LINK Internet address is 2.1.1.2/30 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1024 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 43000 bits/sec, 18 packets/sec 5 minute output rate 22000 bits/sec, 21 packets/sec 331312845 packets input, 112471702274 bytes, 0 no buffer Received 14587 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 389785200 packets output, 102216124230 bytes, 10 underruns 6176889 output errors, 3229058 collisions, 1463886 interface resets 0 unknown protocol drops 0 babbles, 1820487 late collision, 4353333 deferred 6 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out
... View more
- Tags:
- late collision
06-13-2019
06:40 PM
Hi, please see the below output as you advice.This one will effect to network performance ? GigabitEthernet9 is up, line protocol is up Hardware is PQ3_TSEC, address is 00b7.716a.42db (bia 00b7.716a.42db) Description: WAN NETWORK-ISP LINK Internet address is 2.1.1.2/30 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1024 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 43000 bits/sec, 18 packets/sec 5 minute output rate 22000 bits/sec, 21 packets/sec 331312845 packets input, 112471702274 bytes, 0 no buffer Received 14587 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 389785200 packets output, 102216124230 bytes, 10 underruns 6176889 output errors, 3229058 collisions, 1463886 interface resets 0 unknown protocol drops 0 babbles, 1820487 late collision, 4353333 deferred 6 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out
... View more
06-13-2019
11:30 AM
Hi, Thanks for your help. Can I request to explain about BGP up time? I want to if the neighbor router is no issue, bgp is always up?May be one year,2year ,3year? When they reestablished? The late collision message is got other issue.It is ISP issue.because my site is auto config. I changed half duplex .still got error.ISP work half dulplex.I would like to know this Late collision error will case to slow internet speed or we can get more delay?
... View more
- Tags:
- cisco
06-13-2019
05:50 AM
Dear Sir, I would like to request to explain about BGP up/downtime and collision late error.please? when i check using show ip bgp summary,we can see as below .In the Up/Down is show BGP uptime? Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.100.1.1 4 200 26 22 199 0 0 00:14:23 23
10.200.1.1 4 300 21 51 199 0 0 00:13:40 0 I always saw this time is 5week3days 6weeks1days..etc.But i didn't see 1 years or 2 years.Let me know BGP reset their UP time ? Let me know what time will reset this up time ? When i check in my router i saw LATE collision error message in our WAN link.Let me know it can be effect to our internet speed ?
... View more
Labels:
Created by
MrBeginner
in VPN and AnyConnect
in VPN and AnyConnect
06-09-2019
11:39 PM
06-09-2019
11:39 PM
Hi , I already changed.But still got error.when i remove ike profile,Ipsec sa is still active.Let me know can i ping from interface that ipsec applyed to the interface that without ipsec plicy applied.
... View more
- Tags:
- vpn
06-08-2019
09:56 PM
Hi, If my video stream is not include voice,configuration is also same ?
... View more
- Tags:
- qos
Created by
MrBeginner
in VPN and AnyConnect
in VPN and AnyConnect
06-08-2019
09:54 PM
06-08-2019
09:54 PM
Hi , I already check proposal is same. i worry proposal include certificate.will it be certificate error? I only have HP router configuration.Please help me .
... View more
- Tags:
- vpn
06-07-2019
09:36 PM
Hi , Can i ask some question when i change tunnel mtu size to your suggest value,video is black out. Cannot see any video. Let me know ,i also need to configure in both LAN part (R1 G0/1 and R2 G0/1) ? Let me know ,i also need to configure on the both uplinks of two switches ? I am using GRE over IPSec.
... View more
- Tags:
- vedio stream
Created by
MrBeginner
in VPN and AnyConnect
in VPN and AnyConnect
06-07-2019
09:24 PM
06-07-2019
09:24 PM
Dear all, I would like to request to help for my Gre-Over-IPsec problem. I configuration gre over ipsec tunnel for my DC to branches. I already create 3 links with certification authenication.Now i got error in two sites .My DC router is HP 6600 and my branches use cisco and HP router also.I got this issue in two site one site using HP routers and other site using HP MSR router.The below log is i collected from MSR braches router. Please see below config in HP 6600 of DC router. when i remove ike-profile 1 in ipsec policy ,the tunnel is up.when i assign again,tunnel is down. How can troubleshoot.It is certificate error ? ipsec policy aksd 1 isakmp transform-set trans1 security acl 3200 remote-address 192.16.1.2 ike-profile 1 # # ike profile 1 certificate domain aksd local-identity address 192.16.1.2 match remote identity address 192.16.1.1 proposal 2 ike proposal 2 authentication-method rsa-signature encryption-algorithm aes-cbc-256 dh group14 *Jun 5 16:52:34:113 2019 R2 IKE/7/Event: IKE thread 366519743152 processes a job. *Jun 5 16:52:34:113 2019 R2 IKE/7/Event: Set IPsec SA state to IKE_P2_STATE_INIT. *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Decrypt the packet. *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Received ISAKMP Hash Payload. *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Received ISAKMP Security Association Payload. *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Received ISAKMP Nonce Payload. *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Received ISAKMP Identification Payload (IPsec DOI). *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Received ISAKMP Identification Payload (IPsec DOI). *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Process HASH payload. *Jun 5 16:52:34:113 2019 R2 IKE/7/Event: Validated HASH(1) successfully. *Jun 5 16:52:34:113 2019 R2 IKE/7/Packet: Process IPsec ID payload. *Jun 5 16:52:34:114 2019 R2 IKE/7/Packet: Process IPsec ID payload. *Jun 5 16:52:34:114 2019 R2 IKE/7/Event: IPsec SA state changed from IKE_P2_STATE_INIT to IKE_P2_STATE_GETSP. *Jun 5 16:52:34:114 2019 R2 IPSEC/7/Event: The policy's acl or ike profile does not match the flow, Name = AKSD, Seqnum = 1 *Jun 5 16:52:34:114 2019 R2 IPSEC/7/Event: The policy's acl or ike profile does not match the flow, Name = AKSD, Seqnum = 2 *Jun 5 16:52:34:114 2019 R2 IKE/7/Error: Failed to get IPsec policy for phase 2 responder. Delete IPsec SA. *Jun 5 16:52:34:114 2019 R2 IKE/7/Error: Failed to negotiate IPsec SA. *Jun 5 16:52:34:114 2019 R2 IKE/7/Event: Delete IPsec SA. *Jun 5 16:52:34:114 2019 R2 IKE/7/Packet: Encrypt the packet. *Jun 5 16:52:34:114 2019 R2 IKE/7/Packet: Construct notification packet: INVALID_ID_INFORMATION. *Jun 5 16:52:34:114 2019 R2 IKE/7/Packet: Sending packet to 192.16.1.2 remote port 500, local port 500. *Jun 5 16:52:34:114 2019 R2 IKE/7/Packet: I-Cookie: 50d6f8f4b4273993 R-Cookie: 55ba871bd6e9c0de next payload: HASH version: ISAKMP Version 1.0 exchange mode: Info flags: ENCRYPT message ID: ead936d0 length: 68 *Jun 5 16:52:34:114 2019 R2 IKE/7/Packet: Sending an IPv4 packet. *Jun 5 16:52:34:120 2019 R2 IPSEC/7/event: Enter IPsec output process, Flag : 0x1000080, Data length : 48. *Jun 5 16:52:34:120 2019 R2 IPSEC/7/event: Can't find block-flow node. *Jun 5 16:52:34:120 2019 R2 IPSEC/7/packet: Failed to find SA by SP. *Jun 5 16:52:34:120 2019 R2 IPSEC/7/packet: The reason of dropping packet is no available IPsec tunnel. *Jun 5 16:52:34:120 2019 R2 IPSEC/7/event: Sent SA-Acquire message : SP ID = 1 *Jun 5 16:52:34:120 2019 R2 IPSEC/7/Event: Received negotiatiate SA message from IPsec kernel. *Jun 5 16:52:34:120 2019 R2 IKE/7/Event: Received SA acquire message from IPsec. *Jun 5 16:52:34:121 2019 R2 IKE/7/Event: Set IPsec SA state to IKE_P2_STATE_INIT. *Jun 5 16:52:34:121 2019 R2 IKE/7/Event: IKE thread 366519743152 processes a job. *Jun 5 16:52:34:121 2019 R2 IKE/7/Event: Begin Quick mode exchange. *Jun 5 16:52:34:121 2019 R2 IKE/7/Event: IPsec SA state changed from IKE_P2_STATE_INIT to IKE_P2_STATE_GETSPI. *Jun 5 16:52:34:121 2019 R2 IKE/7/Event: IKE thread 366519743152 pro cesses a job. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Set attributes according to phase 2 transform. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Encapsulation mode is Tunnel. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: in seconds *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Life duration is 3600. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: in kilobytes *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Life duration is 1843200. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Authentication algorithm is HMAC-SHA1. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Key length is 256 bytes. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Transform ID is AES-CBC. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Construct transform 1. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Construct IPsec proposal 1. *Jun 5 16:52:34:121 2019 R2 IKE/7/Packet: Construct IPsec SA payload. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Construct NONCE payload. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Construct IPsec ID payload. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Construct IPsec ID payload. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Construct HASH(1) payload. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Encrypt the packet. *Jun 5 16:52:34:122 2019 R2 IKE/7/Event: IPsec SA state changed from IKE_P2_STATE_GETSPI to IKE_P2_STATE_SEND1. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Sending packet to 192.16.1.2 remote port 500, local port 500. *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: I-Cookie: 50d6f8f4b4273993 R-Cookie: 55ba871bd6e9c0de next payload: HASH version: ISAKMP Version 1.0 exchange mode: Quick flags: ENCRYPT message ID: 6fc97ac7 length: 164 *Jun 5 16:52:34:122 2019 R2 IKE/7/Packet: Sending an IPv4 packet. *Jun 5 16:52:34:126 2019 R2 IKE/7/Packet: Received packet from 192.16.1.2 source port 500 destination port 500. *Jun 5 16:52:34:127 2019 R2 IPSEC/7/error: The SA doesn't exist in kernel.
... View more
- Tags:
- GRE over IPSec
Labels:
05-30-2019
06:03 AM
Hi, Thank for your help. Let me know some person suggest as to increase GRE Tunnel MTU as below .Is it any issue ? And let me know what is different mtu and ip mtu command? In DMVPN we apply mtu in Tunnel ,Please let me know what is different between apply mtu size on LAN interface and apply on GRE tunnel? If i use TCP and UDP both,how should apply ? i need to adjust MTU size on both sides ? interface tunnel2 mtu 1560 ip address 192.168.12.1 255.255.255.0 tunnel source 10.1.101.1 tunnel destination 10.1.102.2 interface GigabitEthernet0/1 description ## LAN## ip address 192.168.1.1 255.255.255.0
... View more
- Tags:
- vpn
05-29-2019
07:07 PM
Hi, Do you mean i need to change MTU in tunnel or LAN interface ? Because when i route from GRE tunnel (without IPSEC ) ,it is pixelated.if i route without GRE,stream is clear.Let me know IPSec without GRE can carry video stream ? I also need to apply mtu size in IPSec ? I use GRE tunnel as below . LAN interface is default and i put only ip address.Let me know ike v1 is more bandwidth usage ? My sites have various model and brand such as ISR 1000 and MSR 3000. interface tunnel2 ip address 192.168.12.1 255.255.255.0 tunnel source 10.1.101.1 tunnel destination 10.1.102.2 interface GigabitEthernet0/1 description ## LAN## ip address 192.168.1.1 255.255.255.0
... View more
- Tags:
- vpn
05-29-2019
04:50 AM
Hi All, I would like to ask about why vedio stream quality is drop on GRE over IPSec link.When i remove ip sec policy on physical link, quality is quite good.I got the problem even though i am using GRE tunnel only without ipsec encryption.Let me know how to quality control on this issue.Do i need to run Qos ? Do i need to edit MTU size ?
... View more
- Tags:
- vpn
Labels:
05-14-2019
08:02 PM
Dear All, I would like to request to help and find out my network problem. I have one server and one NAS and network connectivity as below design.I am using cisco switch,juniper srx and junos e4300 switches. My first question is my design is correct or not ? Can i carry firewall traffic with access port ( VLAN 10 ) in cisco switch ? OR do i need to create trunk and etherchannel in cisco switch also ? I already run etherchannel in Junos E4300 (ae0,ae1) . I already traffic server to NAS. what kind of configuration do i need to access server to NAS ?
... View more
- Tags:
- junos and cisco
Labels:
Created by
MrBeginner
in VPN and AnyConnect
in VPN and AnyConnect
05-07-2019
11:33 PM
05-07-2019
11:33 PM
Now I can solve by using two certificates.
... View more
Friday
Hi,please see the below output as you advice.This one will effect to
network performance ? GigabitEt...
Thursday
Hi,please see the below output as you advice.This one will effect to
network performance ? GigabitEt...
Thursday
Hi,Thanks for your help. Can I request to explain about BGP up time?I
want to if the neighbor router...
Thursday
Dear Sir,I would like to request to explain about BGP up/downtime and
collision late error.please?wh...
Created by
MrBeginner
in VPN and AnyConnect
a week ago
a week ago
Hi ,I already changed.But still got error.when i remove ike
profile,Ipsec sa is still active.Let me ...
Created by
MrBeginner
in VPN and AnyConnect
a week ago
a week ago
Hi ,I already check proposal is same.i worry proposal include
certificate.will it be certificate err...
a week ago
Hi ,Can i ask some question when i change tunnel mtu size to your
suggest value,video is black out. ...
Created by
MrBeginner
in VPN and AnyConnect
a week ago
a week ago
Dear all,I would like to request to help for my Gre-Over-IPsec problem.I
configuration gre over ipse...
3 weeks ago
Hi,Thank for your help.Let me know some person suggest as to increase
GRE Tunnel MTU as below .Is it...
3 weeks ago
Hi,Do you mean i need to change MTU in tunnel or LAN interface ? Because
when i route from GRE tunne...
3 weeks ago
Hi All,I would like to ask about why vedio stream quality is drop on GRE
over IPSec link.When i remo...
Created by
MrBeginner
in Firewalls
05-14-2019 08:02 PM
05-14-2019 08:02 PM
Dear All,I would like to request to help and find out my network
problem.I have one server and one N...
Created by
MrBeginner
in VPN and AnyConnect
05-07-2019 11:33 PM
05-07-2019 11:33 PM
Now I can solve by using two certificates.
Public Statistics
| Date Registered | 11-14-2018 11:11 PM |
| Date Last Visited | 06-16-2019 11:50 PM |
| Total Messages Posted | 155 |
| Total Helpful Votes Received | 80 |
Helpful Votes Given To
| User | Helpful Count |
|---|---|
| 25 | |
| 10 | |
| 200 | |
| 25 | |
| 20 |
.jpg "Hall of Fame Expert"){kind=icon}
.jpg "VIP Mentor"){kind=icon}
Awards
Community Spotlight Award
Rookie, February 2019
