I have a 1760 Maxed out with 12.4T(11) ipentservice image. Trying to run OER against two links in a MAS/BOR on a single router.
I have in configured but when I issue a "show oer master" it states "enabled inactive". I was wondering if there was anyone out there with enough knowledge to help. I am just not sure if it is correct or not and the sh command is throwing me off.
Config:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PRO-COR-RTR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$t9QW$4cyPIg64LGXMcgXse.Rmn0
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
memory-size iomem 10
clock timezone PST -8
clock summer-time DST date Mar 11 2007 2:00 Nov 4 2007 2:00
voice-card 2
!
voice-card 3
!
ip cef
!
!
!
!
ip domain lookup source-interface FastEthernet0/0
ip domain name proservice.local
ip host pro-core-srv 192.168.66.10
ip host pro-core-sw 192.168.66.2
ip host pro-off-wap 192.168.66.3
ip ssh version 2
ip inspect name default dns
ip inspect name default ssh
ip inspect name default esmtp
ip inspect name default http
ip inspect name default https
ip inspect name default sip
ip inspect name default skinny
!
multilink bundle-name authenticated
!
!
key chain <removed>
key 1
key-string <removed>
!
!
!
!
!
!
!
!
!
!
!
oer master
port 4444
max-range-utilization percent 10
keepalive 1
logging
!
border 192.168.67.1 key-chain <removed>
interface FastEthernet0/0 internal
interface Ethernet0/0 external
interface Ethernet1/0 external
!
learn
throughput
periodic-interval 1
monitor-period 2
prefixes 200
aggregation-type prefix-length 32
!
oer border
local Loopback999
port 4444
master 192.168.67.1 key-chain <removed>
!
crypto pki trustpoint TP-self-signed-1330036122
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1330036122
revocation-check none
rsakeypair TP-self-signed-1330036122
!
!
crypto pki certificate chain TP-self-signed-1330036122
certificate self-signed 01
30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333330 30333631 3232301E 170D3037 30383237 30343435
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33333030
33363132 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D39E FFE318AC 9F372868 E0357992 625F7F6C D2651A26 0C11A49F A70AB917
7A1CAEE6 877694E8 5982D4BE 5A7C18FD 4388A37F E0D9211D 598948F3 8E04FE84
A53792CC 83F346F0 A3CCC495 CCBBCB1C 127C0949 BAA6EAB2 4738E536 89159394
640F01DB 34C98F5F 5E0E7A0F 77D2472C 31090F93 F65DFD91 CB3B45A0 06887484
2E9F0203 010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603
551D1104 20301E82 1C50524F 2D434F52 2D525452 2E70726F 73657276 6963652E
6C6F6361 6C301F06 03551D23 04183016 8014FB38 D6A1353D A3D333D9 F42958B9
8A7E8A19 9BF5301D 0603551D 0E041604 14FB38D6 A1353DA3 D333D9F4 2958B98A
7E8A199B F5300D06 092A8648 86F70D01 01040500 03818100 1267B317 B6E9B69E
2F834E4F 45C75DFD 00C5EC57 ADA5747B 61B8F48A 60F88A79 4A8D68E3 32A0C6E0
E4C0CF52 D2B2B925 4CA1F18F E559E548 384A59B9 89A9554F DA24E51D C967F69C
74702A2A 5E05CE25 74DA4688 D054E110 4D510B13 56CCF886 3E024E53 316A438F
A15B8986 C1F502CE F4372666 518DB0DD 08E9DCC8 73E10454
quit
!
!
username <removed> privilege 15 secret 5 $1$jngG$FGOvm5.uBIMB55IyJCrgk0
username <removed> privilege 15 secret 5 $1$I2Ts$sKjmqAt34jNx4nwCtvfRu/
!
!
!
!
!
!
!
interface Loopback999
ip address 192.168.67.1 255.255.255.0
!
interface Ethernet0/0
description LINK to SPEAKEASY
ip address 64.81.53.208 255.255.255.0
ip access-group WAN_Ingress in
ip nat outside
ip inspect default in
ip virtual-reassembly
half-duplex
no cdp enable
!
interface FastEthernet0/0
description Local Lan Access
ip address 192.168.66.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
speed auto
!
interface Ethernet1/0
description comcast connection
ip address dhcp
ip access-group WAN_Ingress in
ip nat outside
ip inspect default in
ip virtual-reassembly
half-duplex
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 64.81.53.1
ip route 0.0.0.0 255.0.0.0 Null0
ip route 1.0.0.0 255.0.0.0 Null0
ip route 2.0.0.0 255.0.0.0 Null0
ip route 5.0.0.0 255.0.0.0 Null0
ip route 7.0.0.0 255.0.0.0 Null0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map Cable interface Ethernet0/0 overload oer
ip nat inside source route-map DSL interface Ethernet1/0 overload oer
ip nat inside source static 192.168.66.10 64.81.53.211 extendable
!
ip access-list standard ACCESS
permit 192.168.66.0 0.0.0.255
deny any
!
ip access-list extended WAN_Ingress
permit udp host 207.200.81.113 eq ntp any eq ntp
permit udp host 207.200.81.113 eq ntp host 64.81.53.208 eq ntp
deny ip 192.168.66.0 0.0.0.255 any
deny ip host 64.81.53.208 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip host 0.0.0.0 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 128.0.0.0 0.0.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
permit tcp any host 64.81.53.211 eq 443
permit tcp any host 64.81.53.211 eq www
permit tcp any host 64.81.53.211 eq smtp
permit tcp any host 64.81.53.211 eq 666
permit tcp any host 64.81.53.211 eq domain
permit tcp any host 192.168.66.10 eq 443
permit tcp any host 192.168.66.10 eq www
permit tcp any host 192.168.66.10 eq domain
permit tcp any host 192.168.66.10 eq smtp
permit tcp any host 192.168.66.10 eq 666
permit tcp any host 192.168.66.10 eq 3389
permit tcp any host 192.168.66.10 eq 4125
permit ip any any
!
logging 192.168.66.10
access-list 1 permit 192.168.66.0 0.0.0.255
access-list 1 permit 192.168.67.0 0.0.0.255
access-list 101 permit ip any any
!
!
!
route-map Cable permit 10
match ip address 1
match interface Ethernet0/0
!
route-map DSL permit 10
match ip address 1
match interface Ethernet1/0
!
tacacs-server host 192.168.66.10 key proservice
tacacs-server directed-request
!
control-plane
!
!
!
voice-port 2/0
!
voice-port 2/1
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class ACCESS in
exec-timeout 60 0
transport preferred ssh
!
scheduler allocate 20000 1000
ntp clock-period 17208224
ntp source Ethernet1/0
ntp master 1
ntp peer 192.168.66.2 key 1 source FastEthernet0/0
ntp server 207.200.81.113
ntp peer 192.168.66.3 key 1 source FastEthernet0/0
ntp peer 192.168.66.4 key 1 source FastEthernet0/0
end
Here is the sh oer master output:
OER state: ENABLED and INACTIVE
Conn Status: SUCCESS, PORT: 4444
Version: 2.0
Number of Border routers: 1
Number of Exits: 2
Number of monitored prefixes: 0 (max 5000)
Max prefixes: total 5000 learn 2500
Prefix count: total 0, learn 0, cfg 0
Border Status UP/DOWN AuthFail Version
192.168.67.1 INACTIVE DOWN 0 0.0
Thanks
Zeroinfin
I have in configured but when I issue a "show oer master" it states "enabled inactive". I was wondering if there was anyone out there with enough knowledge to help. I am just not sure if it is correct or not and the sh command is throwing me off.
Config:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PRO-COR-RTR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$t9QW$4cyPIg64LGXMcgXse.Rmn0
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
memory-size iomem 10
clock timezone PST -8
clock summer-time DST date Mar 11 2007 2:00 Nov 4 2007 2:00
voice-card 2
!
voice-card 3
!
ip cef
!
!
!
!
ip domain lookup source-interface FastEthernet0/0
ip domain name proservice.local
ip host pro-core-srv 192.168.66.10
ip host pro-core-sw 192.168.66.2
ip host pro-off-wap 192.168.66.3
ip ssh version 2
ip inspect name default dns
ip inspect name default ssh
ip inspect name default esmtp
ip inspect name default http
ip inspect name default https
ip inspect name default sip
ip inspect name default skinny
!
multilink bundle-name authenticated
!
!
key chain <removed>
key 1
key-string <removed>
!
!
!
!
!
!
!
!
!
!
!
oer master
port 4444
max-range-utilization percent 10
keepalive 1
logging
!
border 192.168.67.1 key-chain <removed>
interface FastEthernet0/0 internal
interface Ethernet0/0 external
interface Ethernet1/0 external
!
learn
throughput
periodic-interval 1
monitor-period 2
prefixes 200
aggregation-type prefix-length 32
!
oer border
local Loopback999
port 4444
master 192.168.67.1 key-chain <removed>
!
crypto pki trustpoint TP-self-signed-1330036122
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1330036122
revocation-check none
rsakeypair TP-self-signed-1330036122
!
!
crypto pki certificate chain TP-self-signed-1330036122
certificate self-signed 01
30820254 308201BD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333330 30333631 3232301E 170D3037 30383237 30343435
31305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33333030
33363132 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D39E FFE318AC 9F372868 E0357992 625F7F6C D2651A26 0C11A49F A70AB917
7A1CAEE6 877694E8 5982D4BE 5A7C18FD 4388A37F E0D9211D 598948F3 8E04FE84
A53792CC 83F346F0 A3CCC495 CCBBCB1C 127C0949 BAA6EAB2 4738E536 89159394
640F01DB 34C98F5F 5E0E7A0F 77D2472C 31090F93 F65DFD91 CB3B45A0 06887484
2E9F0203 010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603
551D1104 20301E82 1C50524F 2D434F52 2D525452 2E70726F 73657276 6963652E
6C6F6361 6C301F06 03551D23 04183016 8014FB38 D6A1353D A3D333D9 F42958B9
8A7E8A19 9BF5301D 0603551D 0E041604 14FB38D6 A1353DA3 D333D9F4 2958B98A
7E8A199B F5300D06 092A8648 86F70D01 01040500 03818100 1267B317 B6E9B69E
2F834E4F 45C75DFD 00C5EC57 ADA5747B 61B8F48A 60F88A79 4A8D68E3 32A0C6E0
E4C0CF52 D2B2B925 4CA1F18F E559E548 384A59B9 89A9554F DA24E51D C967F69C
74702A2A 5E05CE25 74DA4688 D054E110 4D510B13 56CCF886 3E024E53 316A438F
A15B8986 C1F502CE F4372666 518DB0DD 08E9DCC8 73E10454
quit
!
!
username <removed> privilege 15 secret 5 $1$jngG$FGOvm5.uBIMB55IyJCrgk0
username <removed> privilege 15 secret 5 $1$I2Ts$sKjmqAt34jNx4nwCtvfRu/
!
!
!
!
!
!
!
interface Loopback999
ip address 192.168.67.1 255.255.255.0
!
interface Ethernet0/0
description LINK to SPEAKEASY
ip address 64.81.53.208 255.255.255.0
ip access-group WAN_Ingress in
ip nat outside
ip inspect default in
ip virtual-reassembly
half-duplex
no cdp enable
!
interface FastEthernet0/0
description Local Lan Access
ip address 192.168.66.1 255.255.255.0
ip nat inside
no ip virtual-reassembly
speed auto
!
interface Ethernet1/0
description comcast connection
ip address dhcp
ip access-group WAN_Ingress in
ip nat outside
ip inspect default in
ip virtual-reassembly
half-duplex
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 64.81.53.1
ip route 0.0.0.0 255.0.0.0 Null0
ip route 1.0.0.0 255.0.0.0 Null0
ip route 2.0.0.0 255.0.0.0 Null0
ip route 5.0.0.0 255.0.0.0 Null0
ip route 7.0.0.0 255.0.0.0 Null0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map Cable interface Ethernet0/0 overload oer
ip nat inside source route-map DSL interface Ethernet1/0 overload oer
ip nat inside source static 192.168.66.10 64.81.53.211 extendable
!
ip access-list standard ACCESS
permit 192.168.66.0 0.0.0.255
deny any
!
ip access-list extended WAN_Ingress
permit udp host 207.200.81.113 eq ntp any eq ntp
permit udp host 207.200.81.113 eq ntp host 64.81.53.208 eq ntp
deny ip 192.168.66.0 0.0.0.255 any
deny ip host 64.81.53.208 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip host 0.0.0.0 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 128.0.0.0 0.0.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
permit tcp any host 64.81.53.211 eq 443
permit tcp any host 64.81.53.211 eq www
permit tcp any host 64.81.53.211 eq smtp
permit tcp any host 64.81.53.211 eq 666
permit tcp any host 64.81.53.211 eq domain
permit tcp any host 192.168.66.10 eq 443
permit tcp any host 192.168.66.10 eq www
permit tcp any host 192.168.66.10 eq domain
permit tcp any host 192.168.66.10 eq smtp
permit tcp any host 192.168.66.10 eq 666
permit tcp any host 192.168.66.10 eq 3389
permit tcp any host 192.168.66.10 eq 4125
permit ip any any
!
logging 192.168.66.10
access-list 1 permit 192.168.66.0 0.0.0.255
access-list 1 permit 192.168.67.0 0.0.0.255
access-list 101 permit ip any any
!
!
!
route-map Cable permit 10
match ip address 1
match interface Ethernet0/0
!
route-map DSL permit 10
match ip address 1
match interface Ethernet1/0
!
tacacs-server host 192.168.66.10 key proservice
tacacs-server directed-request
!
control-plane
!
!
!
voice-port 2/0
!
voice-port 2/1
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class ACCESS in
exec-timeout 60 0
transport preferred ssh
!
scheduler allocate 20000 1000
ntp clock-period 17208224
ntp source Ethernet1/0
ntp master 1
ntp peer 192.168.66.2 key 1 source FastEthernet0/0
ntp server 207.200.81.113
ntp peer 192.168.66.3 key 1 source FastEthernet0/0
ntp peer 192.168.66.4 key 1 source FastEthernet0/0
end
Here is the sh oer master output:
OER state: ENABLED and INACTIVE
Conn Status: SUCCESS, PORT: 4444
Version: 2.0
Number of Border routers: 1
Number of Exits: 2
Number of monitored prefixes: 0 (max 5000)
Max prefixes: total 5000 learn 2500
Prefix count: total 0, learn 0, cfg 0
Border Status UP/DOWN AuthFail Version
192.168.67.1 INACTIVE DOWN 0 0.0
Thanks
Zeroinfin