I am having issues with cef between my VPN tunnel and my LAN interface, and was hoping someone point me in the correct direction on solving this issue.
Currently, I have been confirming conncectivity to a remote office using ICMP. IP cef by default is enabled on the 1841 router which is the end-point of the VPN tunnel originating on a VPN concentrator at the main office. For some reason, when I ping and IP address on the LAN side at the remote office (which traverses the VPN tunnel) I only get replys when my router perfroms process switching. I discovered this in the troubleshooting stages by creating ACLs that were logging. If I remove those ACLs that cause traffic to be processed switched, my pings fail to reply.
This issues seems to occur between my tunnel 1 and the fa 0/0 interface, since traffic reaches the internet fine. But since the DNS servers that the users at the remote office is our private DNS servers located in the head offfice, the DNS lookups need to traverse the VPN tunnel.
Currently I have an ACL logging all ingress traffic on my ethernet interface since I can't figure out what is going on with CEF. I know the throughput process switching is only about 800Kbps, which is kiiling my network since we have bonded T1s at this site. In addition to the addition latency this is causing, I am also getting logging overflows, which is dropping packets as well.
Any advice on where to start looking for my cef issues. Thank you in advance.
According to documentation CEF is supported on all tunnel interfaces. While ASICs are not doing the actual CEF fib lookups, CEF switching should still offer greater throughput (even in software with the 1800s routers) than that of process switching.
I am noticing a lot of encap_fail for cef drops. I understand this to be an caused by incomplete adjecency issues, but when I issue a #sh adj command, all routes (including those I have pointed at the tunnel) register as valid CEF adjacencies. I also can run a #sh ip cef, which is basically a lookup of the fib table, and all the routes that I expect to see are there.
I appreciate your feedback, and if there is anything else you can think of for me to check, please let me know.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.