From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue Jan 03 2006 - 22:32:09 GMT-3
Yes but remember to enable keepalives on the tunnel interfaces.
Rack1R2#sho run int tu 0
Building configuration...
Current configuration : 145 bytes
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
backup interface Serial0/1
keepalive 10 3
tunnel source Loopback0
tunnel destination 150.1.1.1
end
Rack1R2#sho run int s0/1
Building configuration...
Current configuration : 84 bytes
!
interface Serial0/1
ip address 192.168.0.2 255.255.255.0
encapsulation ppp
end
Rack1R2#sho ip int brie
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.1.1.2 YES manual up up
Serial0/0 unassigned YES unset administratively down down
Serial0/1 192.168.0.2 YES manual standby mode down
Virtual-Access1 unassigned YES unset up up
Loopback0 150.1.2.2 YES manual up up
Tunnel0 172.16.1.2 YES manual up up
Rack1R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R2(config)#access-list 100 deny gre any any log-input
Rack1R2(config)#access-list 100 per ip any any
Rack1R2(config)#int e0/0
Rack1R2(config-if)#ip access-group 100 in
Rack1R2(config-if)#
Rack1R2(config-if)#
*Mar 1 20:49:02.840: %SEC-6-IPACCESSLOGRP: list 100 denied gre 150.1.1.1 (Ethernet0/0 0030.1969.81a0) -> 150.1.2.2, 1 packet
*Mar 1 20:49:33.838: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Mar 1 20:49:35.842: %LINK-3-UPDOWN: Interface Serial0/1, changed state to up
*Mar 1 20:49:38.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up
Rack1R2(config-if)#
Rack1R2(config-if)#
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
________________________________________
From: Mike Ollington [mailto:mike.ollington@gmail.com]
Sent: Tuesday, January 03, 2006 2:38 PM
To: Brian Dennis
Cc: ccielab@groupstudy.com
Subject: Re: Bring up an interface at a specific time?
Is that the solution for Vol2 Ver 3 Lab2 Section 3.2?
My understanding was that a GRE tunnel interface wouldn't go down unless it didn't have a route for the tunnel destination?
I've accidentally blocked ipv6ip and gre tunnels without causing the interfaces to fall over. I guess I could use a time-based distribute-list?
I was looking at "ppp idle-timeout" and "ip idle-group" (with a time-based ACL) but that only seemed to make the interface flap.
On 1/3/06, Brian Dennis <bdennis@internetworkexpert.com> wrote:
Use a GRE tunnel and have the PPP/T1 link as the backup interface for
the GRE tunnel. When it's time for the PPP/T1 to come up, have a time
based ACL deny the GRE traffic so that the tunnel goes down and the
backup kicks in.
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mike Ollington
Sent: Tuesday, January 03, 2006 2:03 PM
To: ccielab@groupstudy.com
Subject: Bring up an interface at a specific time?
Hello,
Not sure if I'm over thinking this requirement - I have a PPP T1 circuit
that should not be `up' between 5pm and 8am, however, it should be up/up
between 8am and 5pm.
Is there a feature to do this or just a bit of lateral thinking?
Thanks,
Mike
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:47 GMT-3