Re: DMVPN and Control Plane. from Sadiq Yakasai on 2011-05-28 (Ccielab archives 05/2011)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Sun, 29 May 2011 00:22:47 +0100

Hi Adil,

This is your culprit:

class-map match-any cm_icmp
match access-group 112
*match not access-group 111* ->>>>>>> this will basically end up matching
on all IP traffic and the policy drops it. You need to revisit your
intention here.
!
!
policy-map pm_icmp
class cm_icmp
drop
!
access-list 111 permit icmp 10.0.0.0 0.255.255.255 any
access-list 111 permit icmp 172.16.0.0 0.15.255.255 any
access-list 111 permit icmp 192.168.0.0 0.0.255.255 any
access-list 112 permit icmp any any

On Sat, May 28, 2011 at 11:41 PM, Adil Pasha <aspasha_at_gmail.com> wrote:

> Thanks for your reply.
>
> Let me lab put a lab again since my time in the other rented lab is
> expired.
>
>
> Best Regards.
> ______________________
> Adil
>
> On May 28, 2011, at 3:45 PM, dcp_at_dcptech.com wrote:
>
> > Looks like you are dropping icmp but not classifying anything else. You
> > haven't defined any bandwidth for the default class so it isn't getting
> > any.
> >
> > David
> >
> >> Guys,
> >>
> >> Could you please tell me why am I getting this error message in Yusuf's
> >> lab 1 - Q 6.1?
> >> I have done this lab multiple times but never saw this error message.
> >>
> >> Whey I apply the policy map on control-plane the DMVPN or eigrp drops
> >> between dmvpn nei. Is there a bug issue or am I doing something wrong
> >> today?
> >>
> >> Thanks.
> >>
> >> -----------
> >>
> >>
> >> !
> >> class-map match-any cm_icmp
> >> match access-group 112
> >> match not access-group 111
> >> !
> >> !
> >> policy-map pm_icmp
> >> class cm_icmp
> >> drop
> >> !
> >> access-list 111 permit icmp 10.0.0.0 0.255.255.255 any
> >> access-list 111 permit icmp 172.16.0.0 0.15.255.255 any
> >> access-list 111 permit icmp 192.168.0.0 0.0.255.255 any
> >> access-list 112 permit icmp any any
> >> !
> >> control-plane
> >> service-policy input pm_icmp
> >> !
> >>
> >> R2(config-cp)#service-policy input pm_icmp
> >> R2(config-cp)#end
> >> R2#
> >> *May 28 13:41:14.638: %CP-5-FEATURE: Control-plane Policing feature
> >> enabled on Control plane aggregate path
> >>
> >> *May 28 13:41:15.434: %SYS-5-CONFIG_I: Configured from console by
> console
> >> R2#
> >> *May 28 13:41:27.106: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor
> >> 172.1.0.1 (Tunnel1) is down: holding time expired
> >> R2#
> >>
> >>
> >> Best Regards.
> >> ______________________
> >> Adil
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net

Received on Sun May 29 2011 - 00:22:47 ART

This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:12 ART