Correct me if I am wrong please for the following output, (this is on an ASA5505 running 8.2):

00:59:09.694956 802.1Q vlan#1 P6 141.0.83.24 > 224.0.0.5:  ip-proto-89, length 60

I would read this as an 802.1q packet is entering vlan1 interface with a destination interface of port6, source IP destination IP (ospf multicast) protocol 89.

Is my assumption correct on the source and destination port being vlan1 and port6.  If not what is P6.

here is another example of what I am seeing.

00:59:14.188329 802.1Q vlan#1 P0 802.3 encap packet
 00:59:14.252336 802.1Q vlan#2 P0 802.3 encap packet

Thanks

I was having a discussion with some Cisco and partner folks recently about deploying UCS in my environment. In my environment today, I use Brocade for my FC switches, and I were to bring in UCS today, I'd still be using the Brocades, since we already have an investment in them. I'm very new to the DC track, so maybe I'm wrong, but when considering the design, my thoughts are the FI's would connect directly to the Brocade switches. In speaking the the cisco/partner folks, they mentioned you could do that, or maybe have the FI's go to our nexus 5k and connect the Brocades to the 5k.

I'm having a hard time understanding why I would do that?

Hello citizens! I hope you help me I prepare my CCIE R&S lab using IOU I amanged to install GNS3 v 1.2.3 , IOU inside virtual box and I updated GNS3-server 1.2.3 my problem now I managed to run L2 correctly,but when I run L3 I got this msg in console

Server error [-3200] from 192.168.56.101:8000: IOU2: IOU image '/home/gns3/GNS3/images/i86bi_linux-adventerprisek9-ms.152-2-2.3T

' is not accessibleso I hope you help me what shall I do 

Hi Guys,

I'm trying to build a new access-list for some dmvpn hub routers that are also using IPSec.  I want to know how you can identify precisely the rules and ports to allow through from using logs on the cmd line.  For example:

#int gi0/1

 # desc outside_interface

 # ip access-group 101 in

!

#access-list 101 deny tcp any any log

#access-list 101 deny udp any any log

#access-list 101 deny ip any any log

The problem I'm having, is that I can't seem to identify the ports, see the bits in bold below.  How can I make the ports visible?  I'm using a #sh log, and #debug ip packet detail 101 for this output.

Jan 26 10:13:46.762: %SEC-6-IPACCESSLOGP: list 101 denied udp 15.15.15.15(0) -> 16.16.16.16(0), 25 packets  

Jan 26 10:13:46.762: %SEC-6-IPACCESSLOGP: list 101 denied tcp 10.10.10.10(0) -> 10.10.20.11(0), 4 packets  

Jan 26 10:13:46.762: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 16.16.16.16 -> 15.15.15.15 (0/0), 20 packets  

Is this just the fact that I need to be specific with the protocols, eg ICMP, GRE, ESP etc etc rather than just do the things i did above?

Hi all,

     I have created storage VDC and I am trying to configure

an FCOE link to a host. However, every time I try to configure under the interface "spanning-tree port type edge trunk" I get an error that the command is not valid. But if I issue the same command under a Nexus 5548 it works fine. Why is it failing on the storage VDC? Thank you

Victor

Dear All,

I was doing the UCS lab "Service Profile Instantiation - ESXi-VMFEX with Boot from iSCSI", in the iscsi virtual-target configuration I do not understand why "pWWN 21:01:00:1b:32:24:37:dc fc-lun 0x0000 iscsi-lun 0x0000" is configured. As per the task, it should use LUN 1 but the solution shows both LUN 1 and LUN 0 as shown below

pWWN 21:01:00:1b:32:24:37:dc fc-lun 0x0000 iscsi-lun 0x0000

pWWN 21:01:00:1b:32:24:37:dc fc-lun 0x0001 iscsi-lun 0x0001

Can someone please help me to understand why LUN 0 config is needed.

New FabricPath labs have been added to the CCIE DC workbook.  These can all be configured with any base DC rack rental.

Hi I have question source IP and destination IP

In senacio "iBGP Route Reflection", I could not establish ibgp peer between R1 and R7.

Changing neighbor IP or adding update-source solved issue.

I know that BGP is working as server and client and server is using port 179.

The question is if there are many active interface in router how BGP decide source IP.

hi,

can i have one route-map used by to diffrent process or protocals

example:

route-map LOOPBAK0 permit 10

match interface loopback0

!

router ospf 1

redstirbute connected subnets route-map LOOBBACK0 

!

router rip 

redisterbute connected metric 1 route-map LOOPBACK0

!

thanks

hi,

i understand the 2nd route-map but what is the first one for??

R6:
router ospf 1
 redistribute ospf 2 subnets
!
router ospf 2
 redistribute ospf 1 subnets
 redistribute connected subnets route-map CONNECTED_INTO_OSPF_PROCESS_2
!
interface GigabitEthernet1.68
 ip ospf 2 area 52
!

******************************************************
***** route-map CONNECTED_INTO_OSPF permit 10
***** match interface Loopback0 GigabitEthernet1.68
******************************************************

!
route-map CONNECTED_INTO_OSPF_PROCESS_2 permit 10
 match interface Loopback0 GigabitEthernet1.56 GigabitEthernet1.46

Why traceroute is showing private ip address in between the path ???

traceroute -T 132.227.62.122
    traceroute to 132.227.62.122 (132.227.62.122), 30 hops max, 60 byte packets 
     1  194.199.68.161 (194.199.68.161)  1.103 ms  1.107 ms  1.097 ms
     2  sw-ptu.univ.run (10.230.10.1)  1.535 ms  1.625 ms  2.172 ms
     3  sw-univ-gazelle.univ.run (10.10.20.1)  6.891 ms  6.937 ms  6.927 ms
     4  10.10.5.6 (10.10.5.6)  1.544 ms  1.517 ms  1.518 ms
     5  194.167.142.22 (194.167.142.22)  2.993 ms  2.985 ms  2.976 ms

Dears,

In GETVPN, is there any way to push rekeying from KS to GMs in a fast way to check if everything is working fine in the lab?

Please advise.

New FabricPath labs have been added to the CCIE DC workbook.  These can all be configured with any base DC rack rental.

hi dear my friends

i have aquestion

how is  job opportunities for anyone that get CCIEv5 routing & swiching 

because i pass ccie written exam and i am ready for Lab exam in next aug

thanks

Unless there is an error in the initial config, How the section below of the solution will resolve the issue.

R7:
router bgp 65004
 address-family ipv4
  neighbor 180.10.147.1 weight 4000
!
ip access-list standard 4
 no 10
 10 deny 180.10.153.0

This route is being received via Bgp. I resolved this ticket by denied this route in bgp. I don't understand the solution provided - how changing the weight in Bgp and the offset in Eigrp will resolve the administrative distance issue?

Is there an error in the initial config I downloaded?  What am I missing?

===

R7#sh ip cef 180.10.153.0
180.10.153.0/26
  nexthop 180.10.147.1 GigabitEthernet1.714

R7#sh ip route  180.10.153.0
Routing entry for 180.10.153.0/26
  Known via "bgp 65004", distance 20, metric 0
  Tag 65001, type external
  Redistributing via eigrp 56
  Advertised by eigrp 56 metric 1000000 10 255 1 1500 route-map red-bgp-eigrp
  Last update from 180.10.147.1 00:16:10 ago
  Routing Descriptor Blocks:
  * 180.10.147.1, from 180.10.147.1, 00:16:10 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 65001
      MPLS label: none
R7#

R7#sh ip cef 180.10.153.0
180.10.153.0/26
  nexthop 180.10.147.1 GigabitEthernet1.714

R7#sh ip route  180.10.153.0
Routing entry for 180.10.153.0/26
  Known via "bgp 65004", distance 20, metric 0
  Tag 65001, type external
  Redistributing via eigrp 56
  Advertised by eigrp 56 metric 1000000 10 255 1 1500 route-map red-bgp-eigrp
  Last update from 180.10.147.1 00:16:10 ago
  Routing Descriptor Blocks:
  * 180.10.147.1, from 180.10.147.1, 00:16:10 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 65001
      MPLS label: none
R7#

Hello guys,

I am having two issues regarding Inter AS MPLS VPN using two vendors hardware.

Set up : Cisco 2821 <----iBGP VPN ----> Brocade MLX(65001) <----eBGP VPN----> Cisco ASR1K (AS65000)

1: Brocade does not advertise iBGP learned VPN routes to th remote eBGP peer.

2: Brocade does not install eBGP learned routes into the local VRF instance. They are there in BGP VPN table though. Also does not advertise eBGP learned routes to the local iBGP peer either. Any clue??

Its a bit poor documentation from Brocade therefore raising the question here :-)

Thanks

Normal 0 false false false EN-GB X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0cm; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-fareast-language:EN-US;}

Hi Guys,

I am just wondering why traffic between two end hosts across an OTV overlay tunnel takes so long to get establish once the OTV tunnel is up.

I was practicing the OTV lab using the INE workbook and noticed from when the OTV tunnel came up on both AEDs, it took about 4 minutes for VLAN 10 to become active and then successful pings between server 1 (10.0.0.1) and server 2 (10.0.0.2) occurred.

In my opinion for the CCIE DC exam, this is a really long wait and time consuming especially when one have to shut or no shut the OTV tunnel and troubleshooting. Within 4 minutes, one could assume its configuration error when actually it’s just OTV doing its thing.

Apart from seeing the OTV tunnel up on both ends, is there a quicker way to verify successful OTV tunnel setup and successful pings across the tunnel rather than this long wait?

Thanks

L

I was reading about this in the documentation but I'm having a hard time wrapping my head around.  

If I understand it correctly....

A SP uses DMVPN tunnel interfaces assigned to MPLS VRFs in order to extend those services out to their MPLS customer branch sites??  Would the driver behind this be that the MPLS services aren't available at the branch site locations??  The configuration examples didn't seem that difficult.  Mostly on the SP DMVPN HUB router.  Am I on the right track???  

And this is NOT considered Front door VRF correct?   That is using a VRF as the underlay transport for DMVPN???

Thanks you for the clarification.

Dears,
I was testing the CWA task in Tech Workbook and i followed all the steps. I have a problem that the PC is still not authorized. I can see that the correct profile (authenticationstatus eq unknownUser) is sent from the ISE to the switch and in the debug aaa authorization and debug aaa attribute, i can see that the Redirect_ACL, DACL, and redirect  url are sent to the switch but it stillnot applied to the user. The phone is getting its authorization successfully. Please advise.

Here is below the switch config, show authen session int f1/0/5 and debug output:

----------------------------------------------------------------------------------
Sw1#sh run

aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa server radius dynamic-author
 client 172.16.3.100 server-key cisco
!
ip device tracking
!
interface FastEthernet1/0/5
 switchport access vlan 100
 switchport mode access
 switchport voice vlan 10
 authentication host-mode multi-auth
 authentication port-control auto
 authentication periodic
 mab
 dot1x pae authenticator
 spanning-tree portfast
!
interface Vlan1
 ip address 172.16.3.10 255.255.255.0
!
ip http server
ip http secure-server
!
!
ip access-list extended REDITECT_ACL
 permit tcp any any eq www
 permit tcp any any eq 443
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server host 172.16.3.100 auth-port 1645 acct-port 1646 key cisco
radius-server vsa send accounting
radius-server vsa send authentication
!
--------------------------------------------------------------------------------------

Sw1(config)#do sh auth  session int f1/0/5
            Interface:  FastEthernet1/0/5
          MAC Address:  0007.eb64.545f
           IP Address:  Unknown
            User-Name:  00-07-EB-64-54-5F
               Status:  Authz Success
               Domain:  VOICE
      Security Policy:  Should Secure
      Security Status:  Unsecure
       Oper host mode:  multi-auth
     Oper control dir:  both
        Authorized By:  Authentication Server
              ACS ACL:  xACSACLx-IP-PERMIT_ALL_TRAFFIC-51134bb2
      Session timeout:  3600s (local), Remaining: 3409s
       Timeout action:  Reauthenticate
         Idle timeout:  N/A
    Common Session ID:  AC10030A00000012004D0D1F
      Acct Session ID:  0x00000015
               Handle:  0xAA000012

Runnable methods list:
       Method   State
       mab      Authc Success

----------------------------------------
            Interface:  FastEthernet1/0/5
          MAC Address:  0050.b60b.e523
           IP Address:  Unknown
            User-Name:  00-50-B6-0B-E5-23
               Status:  Authz Failed
               Domain:  DATA
      Security Policy:  Should Secure
      Security Status:  Unsecure
       Oper host mode:  multi-auth
     Oper control dir:  both
        Authorized By:  Authentication Server
           Vlan Group:  N/A
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  AC10030A00000013004D1140
      Acct Session ID:  0x00000016
               Handle:  0x42000013

Runnable methods list:
       Method   State
       mab      Authc Success
--------------------------------------------------------------------------------------

Debugs output:

Sw1(config-if)#
*Mar  1 01:27:37.887: %AUTHMGR-5-START: Starting 'mab' for client (0007.eb64.545f) on Interface Fa1/0/5 AuditSessionID AC10030A0000001400503A53
*Mar  1 01:27:37.887: RADIUS/ENCODE(0000001A):Orig. component type = DOT1X
*Mar  1 01:27:37.887: RADIUS(0000001A): Config NAS IP: 0.0.0.0
*Mar  1 01:27:37.887: RADIUS/ENCODE(0000001A): acct_session_id: 23
*Mar  1 01:27:37.887: RADIUS(0000001A): sending
*Mar  1 01:27:37.887: RADIUS/ENCODE: Best Local IP-Address 172.16.3.10 for Radius-Server 172.16.3.100
*Mar  1 01:27:37.887: RADIUS(0000001A): Send Access-Request to 172.16.3.100:1645 id 1645/99, len 208
*Mar  1 01:27:37.887: RADIUS:  authenticator EE 13 7A 20 CD B0 49 1A - D7 D0 88 12 8A E3 EF CE
*Mar  1 01:27:37.887: RADIUS:  User-Name           [1]   14  "0007eb64545f"
*Mar  1 01:27:37.887: RADIUS:  User-Password       [2]   18  *
*Mar  1 01:27:37.887: RADIUS:  Service-Type           6   Call Check                [10]
*Mar  1 01:27:37.887: RADIUS:  Framed-MTU          [12]  6   1500                     
*Mar  1 01:27:37.887: RADIUS:  Called-Station-Id   [30]  19  "00-19-2F-0E-08-07"
*Mar  1 01:27:37.887: RADIUS:  Calling-Station-Id  [31]  19  "00-07-EB-64-54-5F"
*Mar  1 01:27:37.895: RADIUS:  Message-Authenticato[80]  18 
*Mar  1 01:27:37.895: RADIUS:   51 A3 CE 1D 5B 46 E5 26 3B 7A 23 16 B6 B0 01 52          [ Q[F&;z#R]
*Mar  1 01:27:37.895: RADIUS:  EAP-Key-Name        [102] 2   *
*Mar  1 01:27:37.895: RADIUS:  Vendor, Cisco       [26]  49 
*Mar  1 01:27:37.895: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=AC10030A0000001400503A53"
*Mar  1 01:27:37.895: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
*Mar  1 01:27:37.895: RADIUS:  NAS-Port            [5]   6   50105                    
*Mar  1 01:27:37.895: RADIUS:  NAS-Port-Id         [87]  19  "FastEthernet1/0/5"
*Mar  1 01:27:37.895: RADIUS:  NAS-IP-Address      [4]   6   172.16.3.10              
*Mar  1 01:27:37.895: RADIUS(0000001A): Started 5 sec timeout
*Mar  1 01:27:37.903: RADIUS: Received from id 1645/99 172.16.3.100:1645, Access-Accept, len 294
*Mar  1 01:27:37.912: RADIUS:  authenticator 39 DB D2 84 92 60 2F 3F - 1A 0F 0C 72 1A 17 1A AD
*Mar  1 01:27:37.912: RADIUS:  User-Name           [1]   19  "00-07-EB-64-54-5F"
*Mar  1 01:27:37.912: RADIUS:  State               [24]  40 
*Mar  1 01:27:37.912: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 41 43  [ReauthSession:AC]
*Mar  1 01:27:37.912: RADIUS:   31 30 30 33 30 41 30 30 30 30 30 30 31 34 30 30  [10030A0000001400]
*Mar  1 01:27:37.912: RADIUS:   35 30 33 41 35 33            [ 503A53]
*Mar  1 01:27:37.912: RADIUS:  Class               [25]  49 
*Mar  1 01:27:37.912: RADIUS:   43 41 43 53 3A 41 43 31 30 30 33 30 41 30 30 30  [CACS:AC10030A000]
*Mar  1 01:27:37.912: RADIUS:   30 30 30 31 34 30 30 35 30 33 41 35 33 3A 49 53  [0001400503A53:IS]
*Mar  1 01:27:37.912: RADIUS:   45 31 2F 32 31 33 33 37 36 33 32 39 2F 38 33   [ E1/213376329/83]
*Mar  1 01:27:37.912: RADIUS:  Termination-Action  [29]  6   1                        
*Mar  1 01:27:37.912: RADIUS:  Message-Authenticato[80]  18 
*Mar  1 01:27:37.912: RADIUS:   89 35 35 6E 96 10 B6 61 02 BF DD 2A 81 5E 81 A2            [ 55na*^]
*Mar  1 01:27:37.912: RADIUS:  Vendor, Cisco       [26]  34 
*Mar  1 01:27:37.912: RADIUS:   Cisco AVpair       [1]   28  "device-traffic-class=voice"
*Mar  1 01:27:37.912: RADIUS:  Vendor, Cisco       [26]  75 
*Mar  1 01:27:37.912: RADIUS:   Cisco AVpair       [1]   69  "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-PERMIT_ALL_TRAFFIC-51134bb2"
*Mar  1 01:27:37.912: RADIUS:  Vendor, Cisco       [26]  33 
*Mar  1 01:27:37.912: RADIUS:   Cisco AVpair       [1]   27  "profile-name=Cisco-Device"
*Mar  1 01:27:37.912: RADIUS(0000001A): Received from id 1645/99
*Mar  1 01:27:37.912: RADIUS/DECODE: parse unknown cisco vsa "profile-name" - IGNORE
*Mar  1 01:27:37.912: %MAB-5-SUCCESS: Authentication successful for client (0007.eb64.545f) on Interface Fa1/0/5 AuditSessionID AC10030A0000001400503A53
*Mar  1 01:27:37.912: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0007.eb64.545f) on Interface Fa1/0/5 AuditSessionID AC10030A0000001400503A53
*Mar  1 01:27:37.929: RADIUS/ENCODE(00000000):Orig. component type = INVALID
*Mar  1 01:27:37.929: RADIUS(00000000): Config NAS IP: 0.0.0.0
*Mar  1 01:27:37.929: RADIUS(00000000): sending
*Mar  1 01:27:37.929: RADIUS/ENCODE: Best Local IP-Address 172.16.3.10 for Radius-Server 172.16.3.100
*Mar  1 01:27:37.929: RADIUS(00000000): Send Access-Request to 172.16.3.100:1645 id 1645/100, len 147
*Mar  1 01:27:37.929: RADIUS:  authenticator 97 BA D9 C1 B3 DF DB 1A - FB 39 16 5E EA D4 E8 2B
*Mar  1 01:27:37.929: RADIUS:  NAS-IP-Address      [4]   6   172.16.3.10              
*Mar  1 01:27:37.929: RADIUS:  User-Name           [1]   41  "#ACSACL#-IP-PERMIT_ALL_TRAFFIC-51134bb2"
*Mar  1 01:27:37.929: RADIUS:  Vendor, Cisco       [26]  32 
*Mar  1 01:27:37.929: RADIUS:   Cisco AVpair       [1]   26  "aaa:service=ip_admission"
*Mar  1 01:27:37.929: RADIUS:  Vendor, Cisco       [26]  30 
*Mar  1 01:27:37.929: RADIUS:   Cisco AVpair       [1]   24  "aaa:event=acl-download"
*Mar  1 01:27:37.929: RADIUS:  Message-Authenticato[80]  18 
*Mar  1 01:27:37.929: RADIUS:   A8 6F E6 88 B7 42 0C 46 AB 32 B1 24 F1 45 6C 7B          [ oBF2$El{]
*Mar  1 01:27:37.937: RADIUS(00000000): Started 5 sec timeout
*Mar  1 01:27:37.937: RADIUS: Received from id 1645/100 172.16.3.100:1645, Access-Accept, len 210
*Mar  1 01:27:37.937: RADIUS:  authenticator 2A 84 16 23 81 87 81 5C - 0F EC EF AD EF 5D 70 12
*Mar  1 01:27:37.937: RADIUS:  User-Name           [1]   41  "#ACSACL#-IP-PERMIT_ALL_TRAFFIC-51134bb2"
*Mar  1 01:27:37.937: RADIUS:  State               [24]  40 
*Mar  1 01:27:37.937: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 61 63  [ReauthSession:ac]
*Mar  1 01:27:37.937: RADIUS:   31 30 30 33 36 34 30 30 30 30 30 30 32 42 35 34  [1003640000002B54]
*Mar  1 01:27:37.937: RADIUS:   45 30 41 30 42 35            [ E0A0B5]
*Mar  1 01:27:37.937: RADIUS:  Class               [25]  49 
*Mar  1 01:27:37.937: RADIUS:   43 41 43 53 3A 61 63 31 30 30 33 36 34 30 30 30  [CACS:ac100364000]
*Mar  1 01:27:37.937: RADIUS:   30 30 30 32 42 35 34 45 30 41 30 42 35 3A 49 53  [0002B54E0A0B5:IS]
*Mar  1 01:27:37.937: RADIUS:   45 31 2F 32 31 33 33 37 36 33 32 39 2F 38 34   [ E1/213376329/84]
*Mar  1 01:27:37.937: RADIUS:  Termination-Action  [29]  6   1                        
*Mar  1 01:27:37.937: RADIUS:  Message-Authenticato[80]  18 
*Mar  1 01:27:37.937: RADIUS:   B8 40 96 B5 D9 6D 64 04 3A 7B 5C 06 B2 F3 CF CA            [ @md:{\]
*Mar  1 01:27:37.937: RADIUS:  Vendor, Cisco       [26]  36 
*Mar  1 01:27:37.937: RADIUS:   Cisco AVpair       [1]   30  "ip:inacl#1=permit ip any any"
*Mar  1 01:27:37.937: RADIUS(00000000): Received from id 1645/100
*Mar  1 01:27:38.944: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0007.eb64.545f) on Interface Fa1/0/5 AuditSessionID AC10030A0000001400503A53
*Mar  1 01:27:39.707: %AUTHMGR-5-START: Starting 'mab' for client (0050.b60b.e523) on Interface Fa1/0/5 AuditSessionID AC10030A00000015005041BB
*Mar  1 01:27:39.707: RADIUS/ENCODE(0000001B):Orig. component type = DOT1X
*Mar  1 01:27:39.707: RADIUS(0000001B): Config NAS IP: 0.0.0.0
*Mar  1 01:27:39.707: RADIUS/ENCODE(0000001B): acct_session_id: 24
*Mar  1 01:27:39.707: RADIUS(0000001B): sending
*Mar  1 01:27:39.707: RADIUS/ENCODE: Best Local IP-Address 172.16.3.10 for Radius-Server 172.16.3.100
*Mar  1 01:27:39.707: RADIUS(0000001B): Send Access-Request to 172.16.3.100:1645 id 1645/101, len 208
*Mar  1 01:27:39.707: RADIUS:  authenticator F4 DB F7 23 F6 5B D2 AB - 86 DE E0 13 40 12 97 E5
*Mar  1 01:27:39.707: RADIUS:  User-Name           [1]   14  "0050b60be523"
*Mar  1 01:27:39.707: RADIUS:  User-Password       [2]   18  *
*Mar  1 01:27:39.707: RADIUS:  Service-Type           6   Call Check                [10]
*Mar  1 01:27:39.707: RADIUS:  Framed-MTU          [12]  6   1500                     
*Mar  1 01:27:39.707: RADIUS:  Called-Station-Id   [30]  19  "00-19-2F-0E-08-07"
*Mar  1 01:27:39.707: RADIUS:  Calling-Station-Id  [31]  19  "00-50-B6-0B-E5-23"
*Mar  1 01:27:39.707: RADIUS:  Message-Authenticato[80]  18 
*Mar  1 01:27:39.707: RADIUS:   26 67 F1 2A B2 A4 C4 D7 12 FA DB 23 2B 06 3F A1            [ &g*#+?]
*Mar  1 01:27:39.707: RADIUS:  EAP-Key-Name        [102] 2   *
*Mar  1 01:27:39.707: RADIUS:  Vendor, Cisco       [26]  49 
*Mar  1 01:27:39.707: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=AC10030A00000015005041BB"
*Mar  1 01:27:39.707: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
*Mar  1 01:27:39.707: RADIUS:  NAS-Port            [5]   6   50105                    
*Mar  1 01:27:39.707: RADIUS:  NAS-Port-Id         [87]  19  "FastEthernet1/0/5"
*Mar  1 01:27:39.707: RADIUS:  NAS-IP-Address      [4]   6   172.16.3.10              
*Mar  1 01:27:39.715: RADIUS(0000001B): Started 5 sec timeout
*Mar  1 01:27:39.724: RADIUS: Received from id 1645/101 172.16.3.100:1645, Access-Accept, len 369
*Mar  1 01:27:39.724: RADIUS:  authenticator 30 B6 D9 FD E1 10 D6 D3 - 4A 60 11 89 2A 98 87 C3
*Mar  1 01:27:39.724: RADIUS:  User-Name           [1]   19  "00-50-B6-0B-E5-23"
*Mar  1 01:27:39.724: RADIUS:  State               [24]  40 
*Mar  1 01:27:39.724: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 41 43  [ReauthSession:AC]
*Mar  1 01:27:39.724: RADIUS:   31 30 30 33 30 41 30 30 30 30 30 30 31 35 30 30  [10030A0000001500]
*Mar  1 01:27:39.724: RADIUS:   35 30 34 31 42 42            [ 5041BB]
*Mar  1 01:27:39.724: RADIUS:  Class               [25]  49 
*Mar  1 01:27:39.724: RADIUS:   43 41 43 53 3A 41 43 31 30 30 33 30 41 30 30 30  [CACS:AC10030A000]
*Mar  1 01:27:39.724: RADIUS:   30 30 30 31 35 30 30 35 30 34 31 42 42 3A 49 53  [00015005041BB:IS]
*Mar  1 01:27:39.724: RADIUS:   45 31 2F 32 31 33 33 37 36 33 32 39 2F 38 35   [ E1/213376329/85]
*Mar  1 01:27:39.724: RADIUS:  Termination-Action  [29]  6   1                        
*Mar  1 01:27:39.724: RADIUS:  Message-Authenticato[80]  18 
*Mar  1 01:27:39.724: RADIUS:   0D F4 76 E4 30 AA E2 54 6B 00 E6 A9 F4 ED 64 8E             [ v0Tkd]
*Mar  1 01:27:39.732: RADIUS:  Vendor, Cisco       [26]  37 
*Mar  1 01:27:39.732: RADIUS:   Cisco AVpair       [1]   31  "url-redirect-acl=REDIRECT_ACL"
*Mar  1 01:27:39.732: RADIUS:  Vendor, Cisco       [26]  117
*Mar  1 01:27:39.732: RADIUS:   Cisco AVpair       [1]   111 "url-redirect=https://ISE1.inelab.local:8443/guestportal/gateway?sessionId=AC10030A00000015005041BB&action=cwa"
*Mar  1 01:27:39.732: RADIUS:  Vendor, Cisco       [26]  63 
*Mar  1 01:27:39.732: RADIUS:   Cisco AVpair       [1]   57  "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-B4_CWA-54e09a5e"
*Mar  1 01:27:39.732: RADIUS(0000001B): Received from id 1645/101
*Mar  1 01:27:39.732: %MAB-5-SUCCESS: Authentication successful for client (0050.b60b.e523) on Interface Fa1/0/5 AuditSessionID AC10030A00000015005041BB
*Mar  1 01:27:58.598: %SYS-3-MSGLOST: 86 messages lost because of queue overflow
*Mar  1 01:27:39.766: RADIUS:   Cisco AVpair       [1]   39  "ip:inacl#4=permit tcp any any eq 8443"
*Mar  1 01:27:39.766: RADIUS:  Vendor, Cisco       [26]  43 
*Mar  1 01:27:39.766: RADIUS:   Cisco AVpair       [1]   37  "ip:inacl#5=permit udp any any eq 53"
*Mar  1 01:27:39.766: RADIUS:  Vendor, Cisco       [26]  38 
*Mar  1 01:27:39.766: RADIUS:   Cisco AVpair       [1]   32  "ip:inacl#6=permit icmp any any"
*Mar  1 01:27:39.791: RADIUS(00000000): Received from id 1645/103
*Mar  1 01:28:00.611: %SYS-3-MSGLOST: 1 messages lost because of queue overflow

Use this thread for discussion on building INE's CCIE RSv5 topology using physical switches.

Details of INE's RSv5 topology can be found here.

Details on LAN Access Switches can be found here.

This thread is a continuation of the original RSv5 build thread that can be found here.

PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.