WCCP with Multiple Firewall Zones

I can’t count how many times I’ve seen the topic of WCCP in the Cisco support forums where people want to use their Ironport WSA to block traffic from internal users *and* DMZ servers. This clearly DOES NOT WORK, but I’ve never seen a very good explanation of why it doesn’t work. This is my attempt to explain why this DOES NOT WORK.

Read more

CenturyLink 6rd on Cisco IOS

I have a static IPv4 address from CenturyLink (x.y.z.198). To find my corresponding IPv6 6rd address I need to convert my IPv4 address to hex and append CenturyLink’s 6rd prefix.

My ipv4 address: x.y.z.198
My IPv6 6rd address: XX:YY:ZZ:C6
where XX (in hex)=x (in decimal)

Prepending CenturyLink’s IPv6 6rd prefix (2602::/24) to my 6rd address leaves me with 2602:00XX:YYZZ:C600::

Read more

CenturyLink DSL Setup on a Cisco 1720

I turned up a 7Mbps DSL connection with CenturyLink this evening. Here’s the configuration I used to get the circuit working. The ‘debug ppp authentication command’ helped a lot, too.

Note: To get the username and password I had to call CenturyLink technical support. The CenturyLink provisioned modems must have some mechanism to get the necessary information automatically.

interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/32
  dialer pool-member 1
  protocol ppp dialer
interface Dialer0
 ip address negotiated
 ip nat outside
 ip nbar protocol-discovery
 encapsulation ppp
 dialer pool 1
 ppp pap sent-username USERNAME password PASSWORD
int FastEthernet0
 ip nat inside
ip nat inside source list 111 interface Dialer0 overload
ip route Dialer0

Cisco ASRs and GigE Autonegotiation

I’ve never seen a GigE interface that wouldn’t let me manually specify the speed and duplex.  I’m not talking about the speed limitations of the Nexus 2148T (it can’t to 10/100), I’m talking about disabling Ethernet autonegotiation.  While working with a Cisco ASR1001 the other day, I’d finally met my match.

The ASR1001 has four built-in GigE interfaces which accept copper for fiber SFPs (though not the traditional GLC-T).  I was trying to disable autonegotiation on a single-mode fiber interface but the speed and duplex commands didn’t exist.


But, if autonegotiation was my only option, why did the IOS XE coders torment me by including it as a default part of the interface config?

Router(config-if)#do sh run int g0/0/0
interface GigabitEthernet0/0/0
 ip address
 negotiation auto

Turns out, these built-in interfaces only support GigE, not 10Mbps or 100Mbps. More to the point though, only copper interfaces support manually defined speeds. Fiber interfaces operate in one fashion only, the only choice you have is whether or not to use autonegotiation. In my case I disabled it like this.

Router(config)#int g0/0/0
Router(config-if)#no negotiation auto
Router(config-if)#do sh run int g0/0/0
interface GigabitEthernet0/0/0
 ip address
 no negotiation auto
« Older Entries