Re: Natting multicast problem...

Again, as I've said, that's a poor assumption. I've run into the
problem twice.

Sent from my iPhone

On Aug 20, 2009, at 11:22 AM, Rick Mur <rmur_at_ipexpert.com> wrote:

> As I've said it's not very likely since they develop the exams on
> the same IOS version.
> The practice labs you make may not be designed on that specific
> version or platform so it's much more likely to run into a bug.
>
> Like I said if you use a different solution than the proctors have
> thought of you might run into a bug, still I think the questions are
> specific enough to point you in the right direction.
>
>
> --
> Regards,
>
> Rick Mur
> CCIE2 #21946 (R&S / Service Provider)
> Juniper JNCIA-ER & JNCIA-EX
> MCSA:Messaging, MCSE
> Sr. Support Engineer b IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On 20 aug 2009, at 18:08, Tony Varriale wrote:
>
>> You are making a very poor assumption. I assure you that
>> candidates can and will run into bugs.
>>
>> Sent from my iPhone
>>
>> On Aug 20, 2009, at 2:11 AM, Rick Mur <rmur_at_ipexpert.com> wrote:
>>
>>> Besides that it's forbidden to share that kind of specific
>>> information, you
>>> don't need to know.You will hardly ever be able to run into an IOS
>>> bug if
>>> you solve the question the way Cisco wants. They develop and test
>>> the exams
>>> on the IOS versions that runs on the racks, so if they run into a
>>> bug,
>>> they'll change the question.
>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Rick Mur
>>> CCIE2 #21946 (R&S / Service Provider)
>>> Juniper JNCIA-ER & JNCIA-EX
>>> MCSA:Messaging, MCSE
>>> Sr. Support Engineer  IPexpert, Inc.
>>> URL: http://www.IPexpert.com
>>>
>>> On Thu, Aug 20, 2009 at 6:17 AM, Ronald Johns <rj686b_at_att.com>
>>> wrote:
>>>
>>>> Good to go. There have been a few labs where I've run into
>>>> similar NAT
>>>> issues so I've got a job ahead of me upgrading 7x2811's and a
>>>> 2651XM
>>>> tomorrow...
>>>>
>>>> Thanks for your help on this!
>>>>
>>>> - Ron
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 11:10 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Confirmed.
>>>>
>>>> Definite NAT problem with that version of IOS.
>>>>
>>>> I just tried the same config on a different version and it is
>>>> working as
>>>> designed.
>>>>
>>>>
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ronald Johns [mailto:rj686b_at_att.com]
>>>> Sent: Wednesday, August 19, 2009 9:01 PM
>>>> To: groupstudy_at_cconlinelabs.com; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Yup! That's exactly what I'm seeing.
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 11:00 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> I seem to be missing the second part of the nat translation in the
>>>> document.
>>>>
>>>> Rack1R1#sh ip nat trans
>>>> Pro Inside global Inside local Outside local Outside
>>>> global
>>>> udp --- --- 224.0.0.9:520
>>>> 160.1.12.2:520
>>>> udp 160.1.12.1:520 160.1.12.1:520 224.0.0.9:520
>>>> 160.1.12.2:520
>>>>
>>>> Here is my NAT trans
>>>>
>>>> R1#sh ip nat trans
>>>> Pro Inside global Inside local Outside local
>>>> Outside global
>>>> udp --- --- 224.0.0.9:520
>>>> 160.1.12.2:520
>>>>
>>>>
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ronald Johns [mailto:rj686b_at_att.com]
>>>> Sent: Wednesday, August 19, 2009 8:40 PM
>>>> To: groupstudy_at_cconlinelabs.com; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Here's what I see:
>>>>
>>>> R7's debug IP packet detail:
>>>>
>>>> IP: s=150.100.78.8 (Serial0/0/0), d=224.0.0.9, len 92, rcvd 2
>>>> UDP src=520, dst=520
>>>> IP: s=150.100.78.7 (local), d=224.0.0.9 (Serial0/0/0), len 52,
>>>> sending
>>>> broad/multicast
>>>> UDP src=520, dst=520
>>>> IP: s=150.100.78.8 (Serial0/0/0), d=224.0.0.9, len 52, rcvd 2
>>>> UDP src=520, dst=520
>>>>
>>>> R8's:
>>>>
>>>> IP: s=150.100.78.8 (local), d=224.0.0.9 (Serial0/0/0), len 92,
>>>> sending
>>>> broad/multicast
>>>> UDP src=520, dst=520
>>>> IP: s=150.100.78.7 (Serial0/0/0), d=224.0.0.9, len 92, rcvd 2
>>>> UDP src=520, dst=520
>>>> IP: s=150.100.78.8 (local), d=224.0.0.9 (Serial0/0/0), len 92,
>>>> sending
>>>> broad/multicast
>>>> UDP src=520, dst=520
>>>> IP: s=150.100.78.7 (Serial0/0/0), d=224.0.0.9, len 92, rcvd 2
>>>> UDP src=520, dst=520
>>>>
>>>> Nat's configured:
>>>>
>>>> R7(config-if)#do sh ip nat trans
>>>> Pro Inside global Inside local Outside local
>>>> Outside global
>>>> udp --- --- 224.0.0.9:520
>>>> 150.100.78.8:520
>>>>
>>>> There's no debug info showing for nat on R7 either with deb ip
>>>> nat detail
>>>> configured.
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 10:31 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> What symptoms are you seeing?
>>>>
>>>> I loaded the same IOS and configured as per the document I sent
>>>> you.
>>>>
>>>> I am seeing the unicast on R2, but I am also still seeing the
>>>> multicast.
>>>>
>>>>
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ronald Johns [mailto:rj686b_at_att.com]
>>>> Sent: Wednesday, August 19, 2009 8:07 PM
>>>> To: groupstudy_at_cconlinelabs.com; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Advanced Enterprise 12.4(23) on a 2811.
>>>>
>>>> Thanks,
>>>> Ron
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 10:06 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> What exact IOS version and feature set are you using?
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ronald Johns [mailto:rj686b_at_att.com]
>>>> Sent: Wednesday, August 19, 2009 7:57 PM
>>>> To: groupstudy_at_cconlinelabs.com; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Yeah - I tried that too - the config I used is towards the end of
>>>> the post,
>>>> and my debug ip packet detail (pasted below as well) shows that
>>>> it's not
>>>> working for some reason... I need to try a different version of
>>>> IOS...
>>>> I'll do this tomorrow and see what happens. Ultimately, I was
>>>> curious to
>>>> know what version of IOS was on the San Jose CCIE R&S lab
>>>> routers, but like
>>>> I mentioned previously, I have no idea if this would be a
>>>> violation of NDA.
>>>> It'd sure be nice to have the same exact version of code on my lab
>>>> routers...
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 9:49 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Wait.
>>>>
>>>> Yes it did.
>>>>
>>>> I did not look down far enough.
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ronald Johns [mailto:rj686b_at_att.com]
>>>> Sent: Wednesday, August 19, 2009 7:45 PM
>>>> To: groupstudy_at_cconlinelabs.com; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> I sorta added that because I thought without passive interface
>>>> configured,
>>>> there'd still be multicasts sent, wouldn't there? The actual
>>>> task states
>>>> this:
>>>>
>>>> RIP updates from R7 on 150.100.78.0/24 network should not send
>>>> multicast
>>>> or
>>>> broadcast packets. Do NOT use the "neighbor" command to
>>>> accomplish this.
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 9:42 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> You said neighbor with passive interface.
>>>>
>>>> How about just neighbor statement?
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Ronald Johns [mailto:rj686b_at_att.com]
>>>> Sent: Wednesday, August 19, 2009 7:37 PM
>>>> To: groupstudy_at_cconlinelabs.com; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Yeah - that was part of the requirement - can't use "neighbor"...
>>>>
>>>> -----Original Message-----
>>>> From: Tony Schaffran (GS) [mailto:groupstudy_at_cconlinelabs.com]
>>>> Sent: Wednesday, August 19, 2009 9:35 PM
>>>> To: Ronald Johns; ccielab_at_groupstudy.com
>>>> Subject: RE: Natting multicast problem...
>>>>
>>>> Why use NAT?
>>>>
>>>> Wouldn't that just need a neighbor statement in your RIP config
>>>> to use
>>>> unicast instead of multicast?
>>>>
>>>> Why does it need to be so difficult? Am I reading your
>>>> requirement wrong?
>>>>
>>>>
>>>>
>>>> Tony Schaffran
>>>> Sr. Network Consultant
>>>> CCIE #11071
>>>> CCNP, CCNA, CCDA,
>>>> NNCDS, NNCSS, CNE, MCSE
>>>>
>>>> cconlinelabs.com
>>>> Your #1 choice for online Cisco rack rentals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
>>>> Behalf Of
>>>> Ronald Johns
>>>> Sent: Wednesday, August 19, 2009 7:15 PM
>>>> To: ccielab_at_groupstudy.com
>>>> Subject: Natting multicast problem...
>>>>
>>>> Is it possible to find out the specific version of code on the
>>>> San Jose lab
>>>> routers? Are they all running the same code? Would this be a
>>>> violation of
>>>> NDA to share? The reason I'm asking is I think I'm running into
>>>> a NAT bug
>>>> in
>>>> 12.4(23). At least I think it's a nat bug...
>>>>
>>>> R7 s0/0/0 (150.100.78.7/24)--------------R8 s0/0/0
>>>> (150.100.78.8/24)
>>>>
>>>> Running RIP between the routers, the requirement is to not send
>>>> multicasts
>>>> or
>>>> broadcasts across the link and you can't use "neighbor" w/passive
>>>> interface.
>>>> Here's the related parts of the NAT config:
>>>>
>>>> int s0/0/0
>>>> ip nat outside
>>>>
>>>> access-list 101 permit udp host 150.100.78.8 eq 520 host
>>>> 224.0.0.9 eq 520
>>>>
>>>> ip nat pool rip 224.0.0.9 224.0.0.9 netmask 255.255.255.0
>>>> ip nat outside source list 101 pool rip
>>>>
>>>> Here's what debug ip nat detail shows:
>>>>
>>>> Aug 20 01:51:57.291: NAT: failed to allocate address for
>>>> 150.100.78.8,
>>>> list/map 101
>>>> *Aug 20 01:51:57.291: NAT: failed to allocate address for
>>>> 150.100.78.8,
>>>> list/map 101
>>>> *Aug 20 02:02:39.599: NAT: translation failed (B), dropping packet
>>>> s=150.100.78.8 d=224.0.0.9
>>>>
>>>> I thought it might have had to do with the pool referencing
>>>> multicast space
>>>> or
>>>> something like that so I tried a different pool with a random
>>>> unicast IP
>>>> and
>>>> got the same "failed to allocate..." error.
>>>>
>>>> I found this bug, but it only refers to this being a problem when
>>>> natting
>>>> at
>>>> a
>>>> GRE tunnel (Bug ID CSCsy97506
>>>> <
>>>> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fe
>>>> t
>>>> chBugDetails&bugId=CSCsy97506&from=summary> ) so I tried
>>>> disabling ip cef
>>>> and
>>>> ip mroute cache on the interface, but that didn't make any
>>>> difference. I
>>>> also
>>>> tried a static translation:
>>>>
>>>> ip nat outside source static udp 150.100.78.8 520 224.0.0.9 520
>>>>
>>>> That didn't work either, but I didn't see any errors show up in
>>>> my "debug
>>>> ip
>>>> nat detail"... I see the translation:
>>>>
>>>> Pro Inside global Inside local Outside local
>>>> Outside global
>>>> udp --- --- 224.0.0.9:520
>>>> 150.100.78.8:520
>>>>
>>>> but it's not getting used:
>>>>
>>>> *Aug 20 02:05:49.123: IP: s=150.100.78.8 (Serial0/0/0),
>>>> d=224.0.0.9, len
>>>> 92,
>>>> rcvd 2
>>>> *Aug 20 02:05:49.123: UDP src=520, dst=520
>>>> *Aug 20 02:05:59.155: IP: s=150.100.78.7 (local), d=224.0.0.9
>>>> (Serial0/0/0),
>>>> len 412, sending broad/multicast
>>>> *Aug 20 02:05:59.155: UDP src=520, dst=520
>>>>
>>>> Any ideas? Is my config jacked?
>>>>
>>>> Thanks,
>>>>
>>>> Ron Johns
>>>> Sr. Network Engineer
>>>> IT Department
>>>> CCNP, CCDP, CCSP, CISSP
>>>> AT&T WiFi Services
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
 

>>
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
 

>>
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
 

>>
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
 

>> Subscription information may be found at:http://www.groupstudy.com/
>> list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 20 2009 - 11:31:48 ART