Re: [cisco-ttl] CEF problemi from Mesut CAP on 2009-05-13 (Cisco Teknik Tartisma Listesi Arsivi)

From: Mesut CAP <mesutcap_at_....>
Date: Wed, 13 May 2009 08:46:23 +0300

Tesekkur ederim bunu da denerim ama once sorunu cozmem lazim.

2009/5/12 emre aksoy <enisaksoy2000_at_yahoo.com>

>
>
>
> SLM Mesut
> sorun banka sitelerinde ise banka sitelerini sadece bir switchden göndersen
> nasýl olur .
> Eðer karýsýk deðil diyorsan nbar ile url içerisinde banka gecenleri
> interface e giriþte dscp lerini set etsen daha sonra pbr ile dscp set
> edilmiþ paketlerin next hopunu deðiþtirsen vede pbr yapsan .aþaðýda örnek
> bir config düþündüm ama test edemedim .
>
> Router(config)#class-map match-any banks
> Router(config-cmap)#match protocol http url "*bank*"
> Router(config-cmap)#match protocol http url "*sube*
>
> Router(config)#policy-map mark-inbound-banks
> Router(config-pmap)#class banks
> Router(config-pmap-c)#set ip dscp 1
>
> Router(config)#interface e 0/0
> Router(config-if)#service-policy input mark-inbound-banks
>
> Router(config)#route-map bank
> Router(config-route-map)#match ip dscp 1
> Router(config-route-map)#set interface gig 2/2 yada set ip next -hop
> hangisi uyarsa
>
> biraz karýsýk ama denenebilir
>
> --- On Tue, 5/12/09, Mesut CAP <mesutcap_at_gmail.com <mesutcap%40gmail.com>>
> wrote:
>
> > From: Mesut CAP <mesutcap_at_gmail.com <mesutcap%40gmail.com>>
> > Subject: Re: [cisco-ttl] CEF problemi
>
> > To: cisco-ttl_at_yahoogroups.com <cisco-ttl%40yahoogroups.com>
> > Date: Tuesday, May 12, 2009, 6:07 PM
>
> > Merhaba;
> >
> > Asagidaki durumda problem cikiyor yani bankalar baglantiyi
> > birden
> > sonlandiriyor.
> >
> > 4500#
> > O*IA 0.0.0.0/0 [110/2] via 10.0.1.25, 00:00:04,
> > Port-channel2 ---> 6500-2
> > [110/2] via 10.0.1.21, 00:00:04,
> > Port-channel1 -----> 6500-1
> >
> > 6500#
> > S* 0.0.0.0/0 [1/0] via 10.0.3.250 -->FW-2
> > [1/0] via 10.0.2.250 ---> FW-1
> >
> >
> > 4500'te, 6500 lerden birine statik route yazdigimda
> > sorun yok. Su anki
> > yapida 2 firewall kullanilmis cikislari ayri. Yapiyi
> > degistirmek su an icin
> > pek mumkun degil.
> > Serhat, 4500'e bagli bir PC den firewall'a veya
> > internette bi yere trace
> > yaptigimda hep ayni yol kullaniliyor.
> >
> > 4500#traceroute
> > 74.125.79.99
> >
> > Type escape sequence to abort.
> > Tracing the route to 74.125.79.99
> >
> > 1 10.0.1.25 0 msec -->Port-channel2
> > 10.0.1.21 0 msec -->Port-channel1 --> Burda
> > normal olmayan bisey
> > varmis gibi???
> > 10.0.1.25 0 msec -->Port-channel2
> > 2 10.0.3.250 12 msec 8 msec 12 msec -->FW2
> > 3 * * *
> > 4 * *
> >
> > Source adres olarak 4500 deki bir Vlan verdigimde;
> >
> > 4500#traceroute
> > Protocol [ip]:
> > Target IP address: 74.125.79.99
> > Source address: 10.0.81.1
> > Numeric display [n]:
> > Timeout in seconds [3]:
> > Probe count [3]:
> > Minimum Time to Live [1]:
> > Maximum Time to Live [30]:
> > Port Number [33434]:
> > Loose, Strict, Record, Timestamp, Verbose[none]:
> > Type escape sequence to abort.
> > Tracing the route to 74.125.79.99
> >
> > 1 10.0.1.21 0 msec
> > 10.0.1.25 4 msec
> > 10.0.1.21 0 msec
> > 2 10.0.3.250 4 msec
> > 10.0.2.250 0 msec
> > 10.0.3.250 4 msec
> > 3 * * *
> > 4 * * *
> > 5 *
> >
> > Firewall'a trace yaptigimda;
> >
> > 4500#traceroute
> > Protocol [ip]:
> > Target IP address: 10.0.2.250
> > Source address: 10.0.81.1
> > Numeric display [n]:
> > Timeout in seconds [3]:
> > Probe count [3]:
> > Minimum Time to Live [1]:
> > Maximum Time to Live [30]:
> > Port Number [33434]:
> > Loose, Strict, Record, Timestamp, Verbose[none]:
> > Type escape sequence to abort.
> > Tracing the route to 10.0.2.250
> >
> > 1 10.0.1.25 0 msec
> > 10.0.1.21 0 msec
> > 10.0.1.25 4 msec
> > 2 * * *
> > 3 * * *
> > 4 * * *
> > 5 * *
> >
> > Sinan, tesekkur ederim, loglama sansi olabilir de,
> > loglamaya gerek kalmadan
> > 4500 te route tablosuna esit metrikli 2 yol soktugumda
> > zaten bankalara
> > giremiyoruz. Diger sitelere giriliyor oysaki. 6500 lerde de
> > 2 yol var ama
> > 4500 lerde 2 yol oldugunda problem cikiyor. Sonuc boyle
> > olunca sorunu 4500
> > lerde ariyorum umarim dogru yerdir.
> >
> >
> > [Non-text portions of this message have been removed]
>
>

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest_at_yahoogroups.com 
    mailto:cisco-ttl-fullfeatured_at_yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe_at_yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Received on Wed May 13 2009 - 10:08:12 CEST

This archive was generated by hypermail 2.2.0 : Wed May 13 2009 - 10:08:12 CEST