Re: [cisco-ttl] CEF problemi from Mesut CAP on 2009-05-12 (Cisco Teknik Tartisma Listesi Arsivi)

From: Mesut CAP <mesutcap_at_....>
Date: Tue, 12 May 2009 18:07:24 +0300

Merhaba;

Asagidaki durumda problem cikiyor yani bankalar baglantiyi birden sonlandiriyor.

4500#
O*IA 0.0.0.0/0 [110/2] via 10.0.1.25, 00:00:04, Port-channel2 ---> 6500-2

[110/2] via 10.0.1.21, 00:00:04, Port-channel1 -----> 6500-1

6500#
S* 0.0.0.0/0 [1/0] via 10.0.3.250 -->FW-2

[1/0] via 10.0.2.250 ---> FW-1

4500'te, 6500 lerden birine statik route yazdigimda sorun yok. Su anki yapida 2 firewall kullanilmis cikislari ayri. Yapiyi degistirmek su an icin pek mumkun degil.
Serhat, 4500'e bagli bir PC den firewall'a veya internette bi yere trace yaptigimda hep ayni yol kullaniliyor.

4500#traceroute
74.125.79.99

Type escape sequence to abort.
Tracing the route to 74.125.79.99

1 10.0.1.25 0 msec -->Port-channel2
10.0.1.21 0 msec -->Port-channel1 --> Burda normal olmayan bisey varmis gibi???

    10.0.1.25 0 msec -->Port-channel2
  2 10.0.3.250 12 msec 8 msec 12 msec -->FW2   3 * * *
  4 * *

Source adres olarak 4500 deki bir Vlan verdigimde;

4500#traceroute
Protocol [ip]:
Target IP address: 74.125.79.99
Source address: 10.0.81.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]: Type escape sequence to abort.
Tracing the route to 74.125.79.99

  1 10.0.1.21 0 msec
    10.0.1.25 4 msec
    10.0.1.21 0 msec
  2 10.0.3.250 4 msec
    10.0.2.250 0 msec
    10.0.3.250 4 msec
  3  *  *  *

4 * * *
5 *

Firewall'a trace yaptigimda;

4500#traceroute
Protocol [ip]:
Target IP address: 10.0.2.250
Source address: 10.0.81.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]: Type escape sequence to abort.
Tracing the route to 10.0.2.250

  1 10.0.1.25 0 msec
    10.0.1.21 0 msec
    10.0.1.25 4 msec
  2  *  *  *
  3  *  *  *

4 * * *
5 * *

Sinan, tesekkur ederim, loglama sansi olabilir de, loglamaya gerek kalmadan 4500 te route tablosuna esit metrikli 2 yol soktugumda zaten bankalara giremiyoruz. Diger sitelere giriliyor oysaki. 6500 lerde de 2 yol var ama 4500 lerde 2 yol oldugunda problem cikiyor. Sonuc boyle olunca sorunu 4500 lerde ariyorum umarim dogru yerdir.

[Non-text portions of this message have been removed] Received on Tue May 12 2009 - 19:06:03 CEST

This archive was generated by hypermail 2.2.0 : Tue May 12 2009 - 19:06:04 CEST