Cisco ASR9001 VXLAN Support

I am wanting to get my Cisco ASR9001 talking VXLAN to my Arista Switch.

>

> The Arista VXLAN Unicast VTEP config is EXTREMELY simple.

>

>

> This is the Arista config example:

>

> *Swtich A*

>

> interface Loopback0

>    ip address 1.1.1.1/32

> !

> interface Vxlan1

>    vxlan vlan 100 vni 100000

>    vxlan vlan 100 flood vtep 1.1.1.2

> !

>

> *Switch B*

>

> interface Loopback0

>    ip address 1.1.1.2/32

> !

> interface Vxlan1

>    vxlan vlan 100 vni 100000

>    vxlan vlan 100 flood vtep 1.1.1.1

> !

>

> it is as simple as that.  I would love to have the ASR9001

> participating in the VXLAN of these Arista.

>

> Do you think the feature that was added is compatible with this?

>

I don’t think there is an option to manually define VTEPs.

But that would make sense only in very small deployments.

Because without multicast overlay the BUM traffic has to be unicasted to all VTEPs sharing a common VNI.

 

As Harrold mentioned the last evolutionary step is “VXLAN Network with MP-BGP EVPN Control Plane” (supported only on Nexus9K) where multicast-based data driven flood and learn for remote VTEP peer discovery and remote end-host learning is replaced by MP-BGP EVPN as the control plane for VXLAN so if an end-host is active it’s MAC address is advertised to other VTEPs via MP-BGP so there’s no concept of flooding traffic destined to unknown unicast MAC address. And to reduce broadcast traffic there’s the ARP suppression where the MAC to IP mapping is advertised via MP-BGP between VTEPs.

But even with all these features there’s still a need for multicast overlay to facilitate flooding of other broadcast/multicast traffic within each VNI segment.

 

With regards to EVPN CP for VXLAN on ASR9k To my knowledge ASR9k can only serve as DCI L3 GW (into L3VPN) for an MP-BGP EVPN VXLAN based DC.

So I guess it’s not yet possible to integrate MP-BGP EVPN VXLAN based DC with EVPN or PBB-EVPN based L2VPN backbone which I guess is what all of this is heading towards.

ASR920 vlan translation (swap)

Only 2 VLAN translate operations (1:1 and 2:1, pop:push) are supported on ASR 920, it was introduced in 3.16 release. Prior to 3.16 no translations were supported.

 

rewrite ingress tag pop 1 symmetric

rewrite ingress tag pop 2 symmetric

rewrite ingress tag push dot1q <TAG> symmetric rewrite ingress tag translate 1-to-1 dot1q <TAG> symmetric rewrite ingress tag translate 2-to-1 dot1q <TAG> symmetric

IOS – Embedded Packet Capture

show platform capture elam trigger master eu40 dbus dbi ingress ipv4 if ip_sa = 1.1.1.1 ip_da = 2.2.2.2

show platform capture elam trigger slave eu40 rbus rbi pb1

show platform capture elam status

show platform capture elam start

 

When the capture started:

Ping 2.2.2.2 source ip 1.1.1.1

 show platform capture elam status

 IF  it says completed:

show platform capture elam data

 If it says in progress:

show platform capture elam release


http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-3s/asr1000/epc-xe-3s-asr1000-book/nm-packet-capture-xe.html

http://www.cisco.com/c/en/us/td/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw/ASRcfget.html#51668

FWSM – ASA migratie

FWSM

Boot de laatste FWSM versie:

ASA

Software upgrade 8.2 -> 8.4.6 -> 9.5.1

Boot de eerste ASA versie:

ASA-lab# changeto context admin

boot system disk0:/asa825-smp-k8.bin

reload

INFO: Fetching url tftp://10.70.0.78/FW.cfg

………….INFO: rt_lab_vm interface address added to PAT pool
INFO: Outside interface address added to PAT pool
INFO: Global 1.1.1.1 will be Port Address Translated
INFO: Global 1.1.1.1 will be Port Address Translated
INFO: Global 1.1.1.1 will be Port Address Translated
INFO: BVS-PAS interface address added to PAT pool
INFO: HIP-lab-beheer interface address added to PAT pool
INFO: HIPbeheer interface address added to PAT pool
..nat 0 192.168.99.0 will be identity translated for outbound
nat 0 192.168.150.0 will be identity translated for outbound
…..
timeout pptp-gre 0:02:00
^
ERROR: % Invalid input detected at ‘^’ marker.

Cryptochecksum (changed): 3a1f451f aa2f04d4 cf1b9703 680d1fc5
INFO: Context FW-RoutIT-Intern was created with URL tftp://10.70.0.78/FW.cfg
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)# wr
Building configuration…
Cryptochecksum: 13698ab8 af50ec07 302f19e9 0b6b967b

4215 bytes copied in 1.690 secs (4215 bytes/sec)
[OK]
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab(config-ctx)#
ASA-lab# wr mem all
Building configuration…
Saving context : system : (000/002 Contexts saved)
Cryptochecksum: 13698ab8 af50ec07 302f19e9 0b6b967b

4215 bytes copied in 1.690 secs (4215 bytes/sec)
Saving context : admin : (001/002 Contexts saved)
Cryptochecksum: 781324cf 8e513753 e4866436 c10d584c

2688 bytes copied in 0.610 secs
Saving context : FW : (002/002 Contexts saved)
Cryptochecksum: 60613717 db0c1f33 871263fd c32228d7
!!!!!!!!!!!
43402 bytes copied in 0.630 secs
[OK]
ASA-lab#

 

+++

ASA-lab# sh start | inc boot
boot system disk0:/asa941-smp-k8.bin
ASA-lab# dir

Directory of disk0:/

67 -rwx 17232256 12:20:13 Aug 18 2015 asdm-645-206.bin
68 -rwx 24047892 12:20:56 Aug 18 2015 asdm-722.bin
56 -rwx 25088760 08:39:50 Jul 27 2014 asdm-731.bin
50 -rwx 19884888 10:45:06 Oct 09 2014 asdm-731-101.bin
69 -rwx 26353488 12:21:37 Aug 18 2015 asdm-742.bin

52 -rwx 4338 12:15:03 Aug 18 2015 admin.cfg

64 -rwx 17786880 12:16:48 Aug 18 2015 asa825-smp-k8.bin
65 -rwx 31223808 12:17:37 Aug 18 2015 asa846-smp-k8.bin
55 -rwx 52586496 12:48:32 Aug 22 2014 asa931-smp-k8.bin
6 -rwx 69820416 12:19:04 Aug 18 2015 asa941-5-smp-k8.bin

AVM password recovery

  1. Set your IP manually to something in the 169.254.1.x range (169.254.1.3)
  2. Unplug the router and wait 10 seconds Plug it back in
  3. Open a command windows (cmd) and do ping 169.254.1.1 -t
  4. As soon as you get reply’s go to the webinterface at 169.254.1.1
  5. You have a option ‘click here if you forgot your password’ (click on here)
  6. Then click ‘Restore factory settings’ (This option disappears after about 10 minutes)

Of

call the number #991*15901590* form an fon port

UBNT performance

RSSI waardes

stainfo / stamgr

http://community.ubnt.com/t5/UniFi-Wireless/stainfo-properties/td-p/1215489

https://community.ubnt.com/t5/UniFi-Wireless/Minimum-RSSI/td-p/1063633

 

Check the logs on the UAP(s). I may suggest that you download them via scp. You’ll find them in /var/log/messages. You can also SSH in and run “cat /var/log/messages” but it likely will be truncated. This will show you the most useful information.

There are some other things you could check, like signal quality to the clients. If they are not AC models you may want to check “athstats” or “stainfo -a”. On an AC models you could run “wl assoclist” to get associated MACs then you could run “wl sta_info aa:bb:cc:dd:ee” to get stats of a connected station.

I’d start with that at least.

Opleveren Cisco SmartCare collector

Download de OVF template van de Cisco site:

https://concsoweb-prd.cisco.com/smartcare/Partner/Partner_Main.jsp -> Software Download

Importeer de OVF in Vmware en zet de NIC naar het correcte netwerk, start hierna de server en bij de eerste login prompt login met de default Admin credentials (admin/admin):

CSC 1 login

login prompt

Direct bij de eerste login moet het wachtwoord veranderd worden is een zelf op te geven wachtwoord. Hierna word een menu getoond met opties, eerste stap is het IP adres goed in te stellen, type in (eth 0 moet worden static, 192.0.2.1/24, hostname collector, gateway 192.0.2.254, name server 8.8.4.4, geen proxy server):

conf ip
 M

IP details
ETH0
 S
 collector
 192.0.2.1
 255.255.255.0

Name server details
y
 8.8.4.4

Proxy server details

Geen proxy instellingen

Hierna moet de server opnieuw starten om de instellingen actief te maken, geef ‘Y’ in de prompt om dit uit te voeren.

Na de reboot moet de time zone goed ingesteld worden (Europe/Amsterdam) :CSC 2 time

conf time
 Europe
 Amsterdam

y voor bevestiging
y voor ntp pool time sync

Na het opnieuw inloggen moet de server bijgewerkt worden, kies voor update en enter:CSC 4 update

Update to download and install the latest Smart Care software. 

Enter Y to continue updating the appliance. 

Bij de URL, laat deze leeg, en geef Enter.
Bij de username/password velden geef een valide Cisco partner CCO om door te gaan.

CSC 5 update

Na de upgrade heeft de unit meer mogelijkheden en zijn er extra commando’s beschikbaar.

Nu moet de unit aangemeld worden en moet er ingelogd worden met de Cisco credentials (cisco/cisco). CSC 3 ciscoDirect bij de eerste login moet het wachtwoord veranderd worden is een zelf op te geven wachtwoord. Hierna word een menu getoond met opties, kies voor de optie ‘Ena’ en geef het admin wachtwoord op.

Om de updates voortaan automatisch te laten gaan moet het volgende commando uitgevoerd worden:

conf serv enable

Om de server aan te melden op de Smart Care cloud is het nodig deze te registreren, dit kan via deze methode. Geef in de enable modus het commando ‘register’ in: CSC 6 register

register



Op de volgende pagina geef enter voor de URL (tools.cisco.com)
en geef het correcte CCO ID op.

Vul de naam van de Collector in en geef een extra enter.

Eindig met een 'y' om deze collector te registreren met bovenstaande gegevens.


 

De collector is nu geregistreerd en kan nu via de portal verder bediend worden.

 

1 2 3 4 5 6 13