HI All,
As i keep saying TATA/TTML/TPBC and thier E1 have given us horrid times.
Their link commissioning has been a real nightmare with over 200 man hours spent on every link that we took from them.
The problem:
1) End to End BERT from TATA/TTML/TPBC comes errors free when run over hours/days/etc.
However the moment its put up on our Cisco Routers the Links shows heavy input errors, CRC, Runts , Frame errors and et all.
2) Extended Ping using point to point serial IP with data pattern 0xFFFF tests 100% successful. However Extended Ping using point to point serial IP with data pattern 0x0000 tests miserabley. Sometimes below 85%
Observation:
TTML did try a lot of things including changing modems at both ends, changing last mile access, changing the tranmission path to include Tejas Networks Mux at both ends. However nothing succeeded.
At the end TATA/TTML/TPBC escalated the problem to their Modem Vendor (Loop).
Basically Loop provided a different firmware enabled modems. Yet no luck.
At the end Loop provided a Cisco Document to TATA/TTML/TPBC which mentions about Cisco manufacturing the Serial Port Cards (WIC-2T, NM-4T, etc) out of two locations , one in Singapore & other in China.
We are still to get hold of this doc as yet.
However the China Cards can only support an E1 upto 1984Kbps whereas the Singapore Cards can support upto 2Mbps.
Thus if you have a China Card at one End and a Singapore Card at the other & if the Link and the Modems are configured at 2Mbps Unframed....You are in a soup. The Link gives heavy errors.
Thus TATA/TTML/TPBC configured the Loop modems for 1984Kbps framed with TTM option ON on their Loop modems to give us the E1.
phew, such a lot of pain for the customer. Not to mention the time and money lost of the delay in delivery. Moreover there is no way to identify your card make once the card is installed.
Now if you were unlucky enough like we were, and if you have a G.703 (E1/T1 controller at one end), then you need to configure the controller in frmaed mode as well
I paste the config below for all to use.
controller E1 3/2
framing NO-CRC4
channel-group 0 timeslots 1-31
!
interface Serial3/2:0
ip address 10.10.10.10 255.255.255.252
no ip proxy-arp
end
Tuesday, November 14, 2006
Friday, September 15, 2006
IPSEC Tunnel with two Cisco Routers
1) Well this config is mostly leeched from Cisco.com.
This is the lab scenario where two rotuers are connected via ethernet usign a cross cable.
The idea is to encrypt traffic over the link connecting Delhi & Mumbai Routers, only for the traffic between Ram and Sita. All other traffic flowing between Delhi & Mumbai goes unencrypted.
******At Delhi*************
version 12.4
hostname Delhi
!
!
enable secret cisco
!
!
ip cef
!
!
!
!
username cisco password cisco
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key cisco12345 address 10.10.10.6
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association idle-time 120
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto map vpnns local-address GigabitEthernet0/1
crypto map vpnns 1 ipsec-isakmp
set peer 10.10.10.6
set transform-set vpn
match address 110
!
!
!
interface GigabitEthernet0/0
description : Connect to LAN
ip address 10.10.10.1 255.255.255.252
no ip redirects
no ip proxy-arp
ip accounting access-violations
duplex full
speed 100
ntp disable
!
interface GigabitEthernet0/1
description To Mumbai
ip address 10.10.10.5 255.255.255.252
no ip redirects
no ip proxy-arp
ip route-cache flow
duplex full
speed 100
crypto map vpnns
!
router eigrp 1
passive-interface default
no passive-interface FastEthernet0/1
network 10.0.0.0
no auto-summary
!
access-list 110 permit ip host 10.10.10.2 host 10.10.10.10
!
line con 0
exec-timeout 5 0
login local
line aux 0
no exec
line vty 0 2
exec-timeout 5 0
login local
transport input telnet
line vty 3 4
exec-timeout 0 1
login local
no exec
transport input none
!
end
*********At Mumbai********
version 12.4
!
hostname Mumbai
!
!
enable secret cisco
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
username cisco password cisco
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key cisco12345 address 10.10.10.5
!
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association idle-time 120
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto map vpnns local-address FastEthernet0/1
crypto map vpnns 1 ipsec-isakmp
set peer 10.10.10.5
set transform-set vpn
match address 110
!
interface FastEthernet0/0
description : Connect to LAN
ip address 10.10.10.9 255.255.255.252
no ip redirects
no ip proxy-arp
ip accounting access-violations
speed 100
full-duplex
ntp disable
!
interface FastEthernet0/1
description To Delhi
ip address 10.10.10.6 255.255.255.252
no ip redirects
no ip proxy-arp
ip route-cache flow
speed 100
full-duplex
crypto map vpnns
!
!
router eigrp 1
passive-interface default
no passive-interface FastEthernet0/1
network 10.0.0.0
no auto-summary
!
access-list 110 permit ip host 10.10.10.9 host 10.10.10.2
!
line con 0
exec-timeout 5 0
login local
line aux 0
no exec
line vty 0 2
exec-timeout 5 0
login local
transport input telnet
line vty 3 4
exec-timeout 0 1
login local
no exec
transport input none
!
end
********************************
Thursday, July 27, 2006
TTML E1 Links and lots of PAIN
TTML links work like a charm when alls fine.
However to get them working is a pain.
Let me illustrate this with an example.
We use simple cisco routers at both the ends & TTML provides their LOOP modems & other Leased Line Infrastrcutre (i.e the 4 wire and TTML Mux).
But as Murphy's LAW suggests, If things can go wrong, they certainly will.
Same was the case with us for several TTML links wherein we spent tremendous man days in getting the link up and working.
We use E1 controllers at central site & V.35 Smart Serial Interface at the spoke.
This caused the TTML link to show up tremendous errors on the link, despite the fact that the end to end physical 4 wire loop for over 48hrs resulted in no errors.
So as usual, the modems, the pair were replaced. However no luck!
Eventually the winning combination for TTML links with E1 controllers is
Set modems to Framed 1984Kbps & there is a proprietary feature in LOOP modems, called TTM. Once this is set, you are good to go.
Hope some TTML guys read this and make this a standard practise in their installations whenever an E1 controller card is involved
However to get them working is a pain.
Let me illustrate this with an example.
We use simple cisco routers at both the ends & TTML provides their LOOP modems & other Leased Line Infrastrcutre (i.e the 4 wire and TTML Mux).
But as Murphy's LAW suggests, If things can go wrong, they certainly will.
Same was the case with us for several TTML links wherein we spent tremendous man days in getting the link up and working.
We use E1 controllers at central site & V.35 Smart Serial Interface at the spoke.
This caused the TTML link to show up tremendous errors on the link, despite the fact that the end to end physical 4 wire loop for over 48hrs resulted in no errors.
So as usual, the modems, the pair were replaced. However no luck!
Eventually the winning combination for TTML links with E1 controllers is
Set modems to Framed 1984Kbps & there is a proprietary feature in LOOP modems, called TTM. Once this is set, you are good to go.
Hope some TTML guys read this and make this a standard practise in their installations whenever an E1 controller card is involved
Thursday, May 25, 2006
How do I load balance two paths in EIGRP without using the variance command?
How do I load balance two paths in EIGRP without using the variance command?
Well i needed to do this, and needed it done really fast.
A bit of google search revealed this good link.
http://ccnprecertification.com/2005/09/16/eigrp-load-balancing-without-using-variance/
I would suggest anybody wanting to do EIGRP load balancing read this out first.
Well i needed to do this, and needed it done really fast.
A bit of google search revealed this good link.
http://ccnprecertification.com/2005/09/16/eigrp-load-balancing-without-using-variance/
I would suggest anybody wanting to do EIGRP load balancing read this out first.
Friday, May 19, 2006
not on common subnet for Serial.........
This is what happens when you get 2 new links from the same service provider between the two same end points.
We consistenly get thsi log on our router at both the ends.
May 19 05:28:58.458 GMT: IP-EIGRP(Default-IP-Routing-Table:6): Neighbor 10.10.10.10 not on common subnet for Serial1/0/7:0
May 19 05:29:12.390 GMT: IP-EIGRP(Default-IP-Routing-Table:6): Neighbor 10.10.10.10 not on common subnet for Serial1/0/7:0
Thus we need to get the physical port mapping correct by swapping the V.35 router cables or the G.703 cables leading to the modems.
We consistenly get thsi log on our router at both the ends.
May 19 05:28:58.458 GMT: IP-EIGRP(Default-IP-Routing-Table:6): Neighbor 10.10.10.10 not on common subnet for Serial1/0/7:0
May 19 05:29:12.390 GMT: IP-EIGRP(Default-IP-Routing-Table:6): Neighbor 10.10.10.10 not on common subnet for Serial1/0/7:0
Thus we need to get the physical port mapping correct by swapping the V.35 router cables or the G.703 cables leading to the modems.
Wednesday, May 10, 2006
c3845 with 256MB RAM hangs when trying to receive full internet routes
We have a cisco 3845 Router with 256MB RAM. It connects to our ISP on an E1.
The IOS on is c3845-entservicesk9-mz.124-5a.bin
The Utilisation ont eh E1 is less than 25% during the night times when we attempt the below:-
The problem is when we do a BGP peering with our Service Provider's core router, teh ROuter Hangs in less then 5 Secs.
When I say its hangs , it actually stops processing any IP INPUT.
The LEDS & Console are available at all times during the Hung state.
But I cant ping my own interfaces, All my BGP peers go down from ESTABLISHED to ACTIVE.
I lose all routes, including the ones i have from my IGP.
Reload is the only way to get the router UP again.
Is the hardware strong enough ?
If it is, Is this a software Bug ?
Any help from you folks will be greatly appreciated.
The IOS on is c3845-entservicesk9-mz.124-5a.bin
The Utilisation ont eh E1 is less than 25% during the night times when we attempt the below:-
The problem is when we do a BGP peering with our Service Provider's core router, teh ROuter Hangs in less then 5 Secs.
When I say its hangs , it actually stops processing any IP INPUT.
The LEDS & Console are available at all times during the Hung state.
But I cant ping my own interfaces, All my BGP peers go down from ESTABLISHED to ACTIVE.
I lose all routes, including the ones i have from my IGP.
Reload is the only way to get the router UP again.
Is the hardware strong enough ?
If it is, Is this a software Bug ?
Any help from you folks will be greatly appreciated.
Monday, April 03, 2006
Need alternative for Black Box Line Drivers Motorola 3622 Modems
Need alternative(s) for Black Box RS232 Line Drivers & Motorola 3622 Modems for INDIA.
Any suggestions ?
If I find any updates I shall report them to you all here.
Any suggestions ?
If I find any updates I shall report them to you all here.
Thursday, March 09, 2006
ISDN BRI & Cisco ::: Bad Combination
Well, its not a troll, nor would i like to cribb on my blog.
However ISDN & Cisco don't mate well.
We have legacy hardware which have Leased Circuit & ISDN as backup for a remote site to connect to main Site.
Recently the management decided to replace the legacy hardware with the Cisco Routers.
Well for some sites the ISDN works perfectly on a c2821, whereas for others the same config on the another c2821 with same IOS doesn't work.
I am certain , cisco would be prompt in pointing that we get the line checked.
Despite their best support & excellent documentation, We still have to suffer when it comes to ISDN.
But beleive you me, the fact that the moment we plug our ISDN lines back to the legacy equipment, the, line JUST WORKS !!!!!!!!!!!.
Whereas , on c2821 , we have to log in to the router & issue clear int bri 1/o etc to get the status on the cisco ACTIVE.
Since our migration, we have had severe heart burns, when the leased lines have failed & ISDN hasn't fired.
ON many a times, we have had to request the remote site coordinator to reboot the cisco router & then the ISDN would work. No....... we cant ask remote cooridinator to login to the router & clear the interface status.
So my question to Cisco Lovers & in general ISDN users on cisco to help me out
How do you cope with your share of problems with ISDN on cisco.
I wish to know what would you do when the remote site goes offline completely ( no ISDN, no Leased Line) to get the ISDN to ALWAYS connect to main site when Leased Line fails.
However ISDN & Cisco don't mate well.
We have legacy hardware which have Leased Circuit & ISDN as backup for a remote site to connect to main Site.
Recently the management decided to replace the legacy hardware with the Cisco Routers.
Well for some sites the ISDN works perfectly on a c2821, whereas for others the same config on the another c2821 with same IOS doesn't work.
I am certain , cisco would be prompt in pointing that we get the line checked.
Despite their best support & excellent documentation, We still have to suffer when it comes to ISDN.
But beleive you me, the fact that the moment we plug our ISDN lines back to the legacy equipment, the, line JUST WORKS !!!!!!!!!!!.
Whereas , on c2821 , we have to log in to the router & issue clear int bri 1/o etc to get the status on the cisco ACTIVE.
Since our migration, we have had severe heart burns, when the leased lines have failed & ISDN hasn't fired.
ON many a times, we have had to request the remote site coordinator to reboot the cisco router & then the ISDN would work. No....... we cant ask remote cooridinator to login to the router & clear the interface status.
So my question to Cisco Lovers & in general ISDN users on cisco to help me out
How do you cope with your share of problems with ISDN on cisco.
I wish to know what would you do when the remote site goes offline completely ( no ISDN, no Leased Line) to get the ISDN to ALWAYS connect to main site when Leased Line fails.
Wednesday, March 01, 2006
Leased Line on PRI card
Well did you know that you can directly terminate a Leased Line on a PRI card ?
Yes if you have a PRI card , you certainly can connect a leased Line (E1 : Unframed as well as Framed) provided you have a service provider's MUX in the premises.
If you do satisfy the above criteria.
Then just plug in the 4 wires from the Telco's MUX straight into the PRI card &
this is the config that will make it work
controller E1 4/0/1
channel-group 0 unframed
no shut
!
interface Serial4/0/1:0
description Connect to XYZ on leased line
ip address 10.10.10.11 255.255.255.252
no shut
Yes if you have a PRI card , you certainly can connect a leased Line (E1 : Unframed as well as Framed) provided you have a service provider's MUX in the premises.
If you do satisfy the above criteria.
Then just plug in the 4 wires from the Telco's MUX straight into the PRI card &
this is the config that will make it work
controller E1 4/0/1
channel-group 0 unframed
no shut
!
interface Serial4/0/1:0
description Connect to XYZ on leased line
ip address 10.10.10.11 255.255.255.252
no shut
Monday, February 20, 2006
PRI In INDIA
Well there are three major Telco's in India at the moment who offer PRI to subscribers
Thus if you were to terminate them on to your cisco router , you shall need to know one very important parameter.
The FRAMING
So here they are
TATA : crc4
RIC: crc4
BSNL/BBNL/MTNL: no-crc4
So your config for the E1 controller would look like for a BSNL/BBNL/MTNL PRI circuit
isdn switch-type primary-net5
controller E1 2/0
pri-group timeslots 1-31
framing no-crc4
no shut
description : ISDN PRI (XXXXXX)
Thus if you were to terminate them on to your cisco router , you shall need to know one very important parameter.
The FRAMING
So here they are
TATA : crc4
RIC: crc4
BSNL/BBNL/MTNL: no-crc4
So your config for the E1 controller would look like for a BSNL/BBNL/MTNL PRI circuit
isdn switch-type primary-net5
controller E1 2/0
pri-group timeslots 1-31
framing no-crc4
no shut
description : ISDN PRI (XXXXXX)
Friday, February 17, 2006
c2821 ISDN site dialing into c3845 , call lasts only 28 sec
Well we have a remote site with 1 ISDN BRI on c2821
We have a 1 PRI at the central site on c3845
The remote site is supposed to dial in to the central site when the primary link fails
We have a Dialer-watch configuration done on the remote site & PPP callback request. The IP address is negotiated during PPP NCP/IPCP.
At the central site we have a PPP callback accept configured & the IP address is assigned from a static ISDN pool
Now the problem:-
The Remote site connects successfully into the Central Site. However the call lasts only 28 sec.
So what we did to resolve it.
We had four BRI S/T ports on the c2821. However only one was connected to a BRI line. But at all times all four ports were part of the rotary group.
This was causing the dialer interface to cycle between the 4 BRI S/T ports.
So we removed the other 3 non connected ports from the rotary group & voila the cal lasted till the idle timeout.
We have a 1 PRI at the central site on c3845
The remote site is supposed to dial in to the central site when the primary link fails
We have a Dialer-watch configuration done on the remote site & PPP callback request. The IP address is negotiated during PPP NCP/IPCP.
At the central site we have a PPP callback accept configured & the IP address is assigned from a static ISDN pool
Now the problem:-
The Remote site connects successfully into the Central Site. However the call lasts only 28 sec.
So what we did to resolve it.
We had four BRI S/T ports on the c2821. However only one was connected to a BRI line. But at all times all four ports were part of the rotary group.
This was causing the dialer interface to cycle between the 4 BRI S/T ports.
So we removed the other 3 non connected ports from the rotary group & voila the cal lasted till the idle timeout.
Monday, February 13, 2006
Saturday, February 11, 2006
c3845 & SFP 1000BaseLX modules
Well we had a scheduled planned event wherein we had to connect a Single Mode Fiber to the SFP module on the gi0/0 of the c3845.
Sounds simple,
well its simple
1) insert the SFP, the router immediately recognizers it.
2) configure the interface with followings details
Sounds simple,
well its simple
1) insert the SFP, the router immediately recognizers it.
2) configure the interface with followings details
- media-type sfp
- duplex
- speed
- no shut
- IP address
Well we did all the above and yet the link was not coming up.
We could also not see the SFP LED indicator come UP. This clearly indicated that there was a link issue .What could we've done wrong ?
Seems to be a pretty simple task, aint it ?
Well it turned out to be a horror for us.
We spent hours on the testing the Fiber , the config, and the SFP itself.
To our horror, out some searching on cisco.com & goggle we found out that we should try the defaults first.
i.e default speed
&
default duplex
So we did that , not hoping much luck.
But surprisingly the link came Up instantly
the LED on the SFP module was glowing & we could ping the remote destination address as well.
So I am not sure, why did the Link not come up when we had enforced the Duplex = Full & Speed = 100 , also tried Speed = 1000 ?
Anybody can help why it didn't work ?
the present interface config is as follows:-
interface GigabitEthernet0/0
IP address 10.12.13.9 255.255.255.252
IP access-group 112 in
duplex auto
speed auto
media-type sfp negotiation auto
end
SIM Card Rejected
I have a HUTCH ( MUMBAI) SIM card with roaming activated.
Well it has worked in roaming just fine all these times.
But yesterday I was .
in PUNE for some office work, & the Phone gave this message..
" SIM Card Rejected"
Thus I tried frantically the following:-
1) reboot the phone
2) remove the sim , battery & reinsert it
3) clean the SIM & the socket connections on the phone
4) Try inserting the SIM into another phone.....
But all these attempts were in vain
every time I would boot the phone I would get the same message, " SIM card Rejected"
So I called HUTCH callcenter.
The guy very very politely told me that my card was still active & the roaming profile was enabled.
so from their end the service aspect is not a problem.
Thus I was left with only one choice.
As per the call center guy, I have to visit the local HUTCH shop & they will replace the faulty SIM with a new one.
Also he told me that the new sim would be active in one hour & that the replacement would be FREE.
So lets see, I am due to return for MUMBAI tomorrow . Will try to visit the HUTCH shop then.
Well it has worked in roaming just fine all these times.
But yesterday I was .
in PUNE for some office work, & the Phone gave this message..
" SIM Card Rejected"
Thus I tried frantically the following:-
1) reboot the phone
2) remove the sim , battery & reinsert it
3) clean the SIM & the socket connections on the phone
4) Try inserting the SIM into another phone.....
But all these attempts were in vain
every time I would boot the phone I would get the same message, " SIM card Rejected"
So I called HUTCH callcenter.
The guy very very politely told me that my card was still active & the roaming profile was enabled.
so from their end the service aspect is not a problem.
Thus I was left with only one choice.
As per the call center guy, I have to visit the local HUTCH shop & they will replace the faulty SIM with a new one.
Also he told me that the new sim would be active in one hour & that the replacement would be FREE.
So lets see, I am due to return for MUMBAI tomorrow . Will try to visit the HUTCH shop then.
Subscribe to:
Posts (Atom)