Skip to main content

Posts

Error Message %DUAL-6-NBRINFO: EIGRP-IPv4 34256

If you see the error  %DUAL-6-NBRINFO: EIGRP-IPv4 xxxx  is blocked: not on common subnet then it simply means that there are EIGRP devices sending multicast hellos on an interface which have a different IP Range configured to the receiving router.  160617: .Feb 22 15:11:05.194 GMT: %DUAL-6-NBRINFO: EIGRP-IPv4 34256: Neighbor 17 2.31.253.1 (Vlan43) is blocked: not on common subnet                                                     (172.31.252.1/31) 160618: .Feb 22 15:11:12.770 GMT: %DUAL-6-NBRINFO: EIGRP-IPv4 34256: Neighbor 19 2.168.205.0 (Vlan44) is blocked: not on common subnet (192.168.204.1/31)                                                                                          This is most likely to occur by accident when two subnets are configured on the same VLAN, with EIGRP running on the interface.
Recent posts

ASA5585-X Does not support EIGRP between contexts

Since upgrading to the ASA5585-X firewall running in multi-context mode we have had a number of questions around functionality.  We raised a case with Cisco TAC to find out why EIGRP peering is not supported between contexts.  This was their response:- Thank you for your patience on this case; the behavior you are seeing on the ASA is expected since inter-context exchange of multicast is not supported “Context Guidelines EIGRP instances cannot form adjacencies with each other across shared interfaces because inter-context exchange of multicast traffic is not supported.” https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/route-eigrp.html#ID-2179-0000001b As a workaround, you can configure static neighbors but it is supported only on point-to-point links. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo76566/?reffering_site=dumpcr So due to inter-context exchange of multicast traffic not being supported, EI

ASA5585-X Multi Context mode does not allow clientless webvpn access.

Since migrating to an ASA5585-X running in multi context mode, we have been unable to use the clientless webvpn mode to push down the anyconnect software.  We opened a TAC case and got this response from Cisco. Thanks for the information provided. Unfortunately clientless webvpn access is not supported in multiple context mode, that is the reason why you get the “Internal server error” when trying to access the ASA using a browser. While using the ASA in multiple context mode you need to find an alternative way to distribute the Anyconnect software and profile to the remote users since you won’t be able to provide it directly from the ASA. The following enhancement request was opened to address this issue in future releases: ENH: Add Features in Remote Access VPN in Multi-Context Mode CSCuw19758 Description Symptom: This is an Enhancement Request Add support for below features in Remote Access VPN in Multi-Context Mode: 1. Username-from-certificate and prefill

Introducing Network Solutions Consultancy

Add caption Network Solutions Consultancy  provides specialist Cisco network design and implementation services within the UK.   We have experience in producing advanced converged network designs for LAN, WAN and Datacentre connectivity as well as PCI compliant secure hosting environments for e-commerce platforms. The approach we offer is very different to our competitors; we understand that with network design, one size does not fit all.   Too many of our competitors just offer “cookie cutter” designs which are just intended to maximise their hardware sales.  Our highly experienced network architects spend the time to work closely with your business, learning about it, uncovering your requirements and pain points.  The design they produce will be tailored to meet not only your present needs, but also your future requirements. Whether you are a small to medium business needing the addtion of a single firewall, or a large multi-site company requiring a whole converged networ

Installing PVDM into Cisco 2811

In order to install a PVDM into the Cisco 2800 series simply follow the steps below. Firstly power down the router and remove the case by undoing the case screws. At the back of the router near the power supply you will notice the memory (DIMM Slots) and behind them the PVDM slots (which are white). If you look closely on the mother board you will notice that one is labeled PVDM0 and the other PVDM1. If you are only installing one PVDM then you will need to install it in the PVDM0 slot. The PVDM has a little notch cut out of it which means it will only fit into the slot one way.  Locate the PVDM into the slot at a slight angle and then tip pull it upright until the clips click into place and hold it in position. Put the case back onto the router and switch it on.  Once booted do a show inventory and you should now see the PVDM listed.

Determining the number of active SSL connections on CSS/ACE

Whilst designing a new web farm network I needed to know how many SSL sessions our CSS was currently terminating in order to purchase the right SSL license for the Cisco ACE we were upgrading to. To determine the number of active SSL connections a CSS is using at that point in time use the command. show ssl flows The equivalent command on a Cisco ACE is... Show resource usage

Changing the hostname on CSS11500

First time I configured one of these it took me a while to figure out how to change the hostname. Its easy once you know the answer but it is not found in configuration mode. From enable mode you simply type the command prompt and then a name e.g.  CSS11500# prompt my-css-01 Simple huh!