We have been doing DLSW (RFC 1434) on Nortel in our shop for years. We now have a remote site that installed a Cisco router so we have been trying to get DLSW+ working. We have installed a 4500 as our DLSW host and another 4500 as DLSW remote in our MAN environment for testing using a MS SNA Server. If we enable a nortel box with DLSW on the 10.109.16.x segment-SNA comes up fine. Still no luck with the Cisco. As you can see from the config we don't want to do anything special here-no redundant, etc.-we just want to get the basics working.
With a show llc2 on host router we see that the LLC2 state returns an status of:
TokenRing0 DTE: 4000.3745.0004 0003.f219.e97f 04 04 state ADM
In ADM state for 8472 msec, reason: LLC_LC_BOGUS ev: ZERO EVENT
We've had no luck with that message! 0003.f219.e97f is the bitswapped address of the SNA server.
We have determined that the SNA server is sending out both a bit-swapped and a non bit-swapped test request to the network - we finally determined this after many uncessful attempts at bitwapping the address ourselves. The router receives the bit-swapped version, does a bit-swap on the source and destination addresses then establishes a circuit. The circuit never stays connected, after a minute or two it drops the circuit. The show dlsw reach command shows that the address 4000.3745.0004 (tic) is reachable and is set for 'lf 1500'. When the circuit is dropped the reachability cache entry for 4000.3745.0004 is also dropped. The SNA server will then cycle to perform it's status test and the process repeats.
BTW: the 10.109.16.2 router has access lists because it acts as a simple firewall for a RAS box in the 10.109.109.x subnet
Appreciate any help, we have no idea at this point if its code, bitswapping issue, etc. Thanks!
Going from ethernet to token ring, the server needs to send out the bit swapped version of the destination address on the token ring.
In this case it would be 0200.ECA2.0020. This will be bit swapped by the router before populating the reachability cache so you will only ever see non canonical, ie token ring format addresses, in DLSW.
It sounds like the circuit is not finishing the XID exchange. If a 'sh dlsw cir' shows it getting to a status of Circuit Established but never getting to Connected, this is the problem. Usually because the Switched major node is inactive or is already in use.
You migh want to take a look at the following URL on troubleshooting DLSW circuit connectivity -
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...