Re: [cisco-ttl] CEF problemi

Firewall lar ACT ACT durumda mi ? Ikisinin birden aktive olmasi mi gerekiyor fazla yuk sebebiyle, birde Firewall in bir tanesinden daha yuksek bir metric ile default route inject etsin durum duzelebilir ama butun banka trafigi ayni firewall dan gider. Alternatif olarak 6500 uzerinde policy based routing de deneyebilirsin.

4506 uzerinden firewall adresine ping yaptiginda iki farkli 6500 a paket gittigini goruyormusun ?
su ping ciktilarini yollarmisin ;
1) 4506 ya bagli bir PC den firewall default adresine ping (ICMP ye izin verilmesi lazim ic networkten )
2) 4506 (2) uzerinden firewall adresine ping 3) 6509 (2) uzerinden firewall adresine ping

         Serhat

Mesut CAP <mesutcap_at_gmail.com>
Sent by: cisco-ttl_at_yahoogroups.com
11/05/2009 09:53 PM
Please respond to
cisco-ttl_at_yahoogroups.com

To
cisco-ttl_at_yahoogroups.com
cc

Subject
[cisco-ttl] CEF problemi

Merhaba;

Kenar 4506 switchler, 2 adet merkez 6509 lara 2 ser port channel fiber uplink ile bagli. Network te 2 tane de bagimsiz Firewall var. 6500 ler her iki Firewall'a da 2 ser uplink ile bagli. Firewallarin cikis IP leri ve lokasyonlari farkli. OSPF ile Firewall dan 6500 lere default route inject ettigimde bankalara girerken problem cikiyor. hem 4500 ler hem 6500 ler ospf
route tablosunda esit metrikli 2 yol goruyor. Dolayisiyla load balance yapmaya calisiyor. Bu seferde bankalar girerken broblem cikiyor. Banka ile bizdeki Firewall 1 baglanti kurduktan sonra sonra gelen paketlerden biri Firewall 2 den gelince spoof zannedip baglantiyi sonlandiriyor (benim gorusum). 4500 ve 6500 ler cef calisiyor ve cef kapatilamiyor. Buna ragmen asagida goruldugu gibi proses swtiching yapiliyor. Nedenini anlayamadim. 6500 den bakinca firewall1 Vlan 2 ye, firewall 2 de Vlan 3 te.

Vlan2

          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor   21263064 3167829499   14326651 1255532141
             Route cache   32835661 2364548647   40272665 4972541429
       Distributed cache 1481270474 1475256878266 8181627663 5115902304861
                   Total 1535369199 1480789256412 8236226979 5122130378431
Vlan3
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor    9977340 3671376182    3496986  284320283
             Route cache    2152849  300031462     842152  102417855
       Distributed cache 2101151572 2209880793771  629136250 204754610803
                   Total 2113281761 2213852201415  633475388 205141348941

Esas sorun 4500 lerde cunki 6500 lerden birine static route yazarsam sorun duzeliyor bu seferde diger link yatiyor. ip cef load-sharing algorithm original komutunu yazmama ragmen yine de bankalara giremiyoruz. ne yapmaliyiz?
Tesekkurler, kolay gelsin.

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya 
da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu 
tutulamazlar.Yahoo! Groups Links






lll 
Zurich is proud to support football as an Official Partner of the Hyundai 
A-League 




----
This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.



[Non-text portions of this message have been removed]